eclipse-hono · kaniyan · Nov 24, 2021 · Nov 24, 2021
@@ -19,10 +19,10 @@
 import org.eclipse.hono.client.ServiceInvocationException;
 import org.eclipse.hono.deviceregistry.service.tenant.NoopTenantInformationService;
 import org.eclipse.hono.deviceregistry.service.tenant.TenantInformationService;
-import org.eclipse.hono.deviceregistry.service.tenant.TenantKey;
 import org.eclipse.hono.deviceregistry.util.DeviceRegistryUtils;
 import org.eclipse.hono.service.credentials.CredentialsService;
 import org.eclipse.hono.service.management.device.DeviceAndGatewayAutoProvisioner;
+import org.eclipse.hono.service.management.tenant.Tenant;
 import org.eclipse.hono.tracing.TracingHelper;
 import org.eclipse.hono.util.CacheDirective;
 import org.eclipse.hono.util.Constants;
@@ -98,15 +98,15 @@ public final Future<Void> stop() {
     /**
      * Get credentials for a device.
      *
-     * @param tenant The tenant key object.
+     * @param tenant The tenant information.
      * @param key The credentials key object.
      * @param clientContext Optional bag of properties that can be used to identify the device.
      * @param span The active OpenTracing span for this operation.
      * @return A future indicating the outcome of the operation.
      * @throws NullPointerException if any of the parameters other than client context are {@code null}.
      */
     protected abstract Future<CredentialsResult<JsonObject>> processGet(
-            TenantKey tenant,
+            Tenant tenant,
             CredentialKey key,
             JsonObject clientContext,
             Span span);
@@ -153,7 +153,7 @@ public final Future<CredentialsResult<JsonObject>> get(
                 .compose(tenant -> {
                     LOG.trace("retrieving credentials by auth-id");
                     return processGet(
-                            TenantKey.from(tenantId),
+                            tenant,
                             CredentialKey.from(tenantId, authId, type),
                             clientContext,
                             span)

@@ -37,6 +37,7 @@
 import org.eclipse.hono.tracing.TracingHelper;
 import org.eclipse.hono.util.CacheDirective;
 import org.eclipse.hono.util.CredentialsConstants;
+import org.eclipse.hono.util.IdentityTemplate;
 import org.eclipse.hono.util.RegistryManagementConstants;
 import org.eclipse.hono.util.TenantConstants;
 import org.eclipse.hono.util.TenantObject;
@@ -343,6 +344,31 @@ public static boolean matchesWithClientContext(final JsonObject credential, fina
 
     }
 
+    /**
+     * todo.
+     *
+     * @param credential The credential object to match.
+     * @param tenant The tenant information.
+     * @return todo.
+     */
+    public static JsonObject applyAuthIdTemplate(final JsonObject credential, final Tenant tenant) {
+        Objects.requireNonNull(credential);
+
+        final String type = credential.getString(RegistryManagementConstants.FIELD_TYPE);
+        if (!CredentialsConstants.SECRETS_TYPE_X509_CERT.equals(type)) {
+            return credential;
+        }
+
+        final String subjectDN = credential.getString(RegistryManagementConstants.FIELD_AUTH_ID);
+        final Optional<String> authIdTemplate = tenant.getAuthIdTemplate(subjectDN);
+        authIdTemplate
+                .map(IdentityTemplate::new)
+                .map(t -> t.apply(subjectDN))
+                .map(generatedAuthId -> credential.put(RegistryManagementConstants.FIELD_AUTH_ID, generatedAuthId));
+
+        return credential;
+    }
+
     /**
      * Returns a regex expression based on the given filter value which can be used by the device registry 
      * implementations to support wildcard matching during search operations.

@@ -21,10 +21,10 @@
 import java.util.concurrent.TimeUnit;
 
 import org.eclipse.hono.client.util.MessagingClientProvider;
-import org.eclipse.hono.deviceregistry.service.tenant.TenantKey;
 import org.eclipse.hono.service.management.credentials.CredentialsManagementService;
 import org.eclipse.hono.service.management.device.DeviceAndGatewayAutoProvisioner;
 import org.eclipse.hono.service.management.device.DeviceManagementService;
+import org.eclipse.hono.service.management.tenant.Tenant;
 import org.eclipse.hono.util.CacheDirective;
 import org.eclipse.hono.util.CredentialsConstants;
 import org.eclipse.hono.util.CredentialsResult;
@@ -59,7 +59,7 @@ public void testGetCredentialsPreservesOriginalErrorStatus(final VertxTestContex
 
         final AbstractCredentialsService credentialsService = new AbstractCredentialsService() {
             @Override
-            protected Future<CredentialsResult<JsonObject>> processGet(final TenantKey tenant, final CredentialKey key,
+            protected Future<CredentialsResult<JsonObject>> processGet(final Tenant tenant, final CredentialKey key,
                     final JsonObject clientContext, final Span span) {
                 return Future.succeededFuture(CredentialsResult.from(HttpURLConnection.HTTP_BAD_GATEWAY));
             }

diff --git a/...-jdbc/src/main/java/org/eclipse/hono/deviceregistry/jdbc/impl/CredentialsServiceImpl.java b/...-jdbc/src/main/java/org/eclipse/hono/deviceregistry/jdbc/impl/CredentialsServiceImpl.java
@@ -26,9 +26,9 @@
 import org.eclipse.hono.deviceregistry.jdbc.config.DeviceServiceProperties;
 import org.eclipse.hono.deviceregistry.service.credentials.AbstractCredentialsService;
 import org.eclipse.hono.deviceregistry.service.credentials.CredentialKey;
-import org.eclipse.hono.deviceregistry.service.tenant.TenantKey;
 import org.eclipse.hono.deviceregistry.util.DeviceRegistryUtils;
 import org.eclipse.hono.service.base.jdbc.store.device.TableAdapterStore;
+import org.eclipse.hono.service.management.tenant.Tenant;
 import org.eclipse.hono.util.Constants;
 import org.eclipse.hono.util.CredentialsConstants;
 import org.eclipse.hono.util.CredentialsResult;
@@ -60,7 +60,7 @@ public CredentialsServiceImpl(final TableAdapterStore store, final DeviceService
 
     @Override
     protected Future<CredentialsResult<JsonObject>> processGet(
-            final TenantKey tenant,
+            final Tenant tenant,
             final CredentialKey key,
             final JsonObject clientContext,
             final Span span) {
@@ -77,6 +77,7 @@ protected Future<CredentialsResult<JsonObject>> processGet(
                     final var secrets = result.getCredentials()
                             .stream()
                             .map(JsonObject::mapFrom)
+                            .map(c -> DeviceRegistryUtils.applyAuthIdTemplate(c, tenant))
                             .filter(filter(key.getType(), key.getAuthId()))
                             .filter(credential -> DeviceRegistryUtils.matchesWithClientContext(credential, clientContext))
                             .flatMap(c -> c.getJsonArray(CredentialsConstants.FIELD_SECRETS)

@@ -22,8 +22,8 @@
 import org.eclipse.hono.deviceregistry.mongodb.model.CredentialsDao;
 import org.eclipse.hono.deviceregistry.service.credentials.AbstractCredentialsService;
 import org.eclipse.hono.deviceregistry.service.credentials.CredentialKey;
-import org.eclipse.hono.deviceregistry.service.tenant.TenantKey;
 import org.eclipse.hono.deviceregistry.util.DeviceRegistryUtils;
+import org.eclipse.hono.service.management.tenant.Tenant;
 import org.eclipse.hono.util.CacheDirective;
 import org.eclipse.hono.util.CredentialsConstants;
 import org.eclipse.hono.util.CredentialsResult;
@@ -87,7 +87,7 @@ private CacheDirective getCacheDirective(final String type) {
      */
     @Override
     protected Future<CredentialsResult<JsonObject>> processGet(
-            final TenantKey tenant,
+            final Tenant tenant,
             final CredentialKey key,
             final JsonObject clientContext,
             final Span span) {
@@ -96,7 +96,8 @@ protected Future<CredentialsResult<JsonObject>> processGet(
         Objects.requireNonNull(key);
         Objects.requireNonNull(span);
 
-        return dao.getByAuthIdAndType(tenant.getTenantId(), key.getAuthId(), key.getType(), span.context())
+        //todo to make use of the tenant to apply the auth-id template in case of X509 certificate credential.
+        return dao.getByAuthIdAndType(key.getTenantId(), key.getAuthId(), key.getType(), span.context())
                 .map(dto -> {
                     LOG.trace("found credentials matching criteria");
                     final var json = JsonObject.mapFrom(dto.getCredentials().get(0));
@@ -109,7 +110,7 @@ protected Future<CredentialsResult<JsonObject>> processGet(
                                     credential,
                                     getCacheDirective(key.getType())))
                             .orElseThrow(() -> new ClientErrorException(
-                                    tenant.getTenantId(),
+                                    key.getTenantId(),
                                     HttpURLConnection.HTTP_NOT_FOUND,
                                     "no matching credentials on record"));
                 })