feat(pairing): add ownership voucher list endpoint

Signed-off-by: Francesco Noacco <francesco.noacco@secomind.com>

Author: noaccOS

apps/astarte_pairing/lib/astarte_pairing_web/controllers/ownership_voucher_controller.ex

@@ -22,6 +22,7 @@ defmodule Astarte.PairingWeb.OwnershipVoucherController do
   alias Astarte.FDO.OwnershipVoucher
   alias Astarte.FDO.OwnershipVoucher.LoadRequest
   alias Astarte.FDO.TO0
+  alias Astarte.PairingWeb.OwnershipVoucherView
   alias Astarte.Secrets.Core, as: SecretsCore
 
   action_fallback Astarte.PairingWeb.FallbackController
@@ -60,6 +61,17 @@ defmodule Astarte.PairingWeb.OwnershipVoucherController do
     end
   end
 
+  @doc """
+  List ownership vouchers.
+  """
+  def list_ownership_vouchers(conn, %{"realm_name" => realm_name}) do
+    with {:ok, vouchers} <- OwnershipVoucher.list(realm_name) do
+      conn
+      |> put_view(OwnershipVoucherView)
+      |> render("list_vouchers.json", ownership_vouchers: vouchers)
+    end
+  end
+
   @doc """
   Returns the list of registered owner keys that are compatible with the
   given ownership voucher.

apps/astarte_pairing/lib/astarte_pairing_web/router.ex

@@ -107,6 +107,7 @@ defmodule Astarte.PairingWeb.Router do
       get "/owner_keys/:key_algorithm", OwnerKeyController, :get_keys_for_algorithm
       get "/owner_keys/:key_algorithm/:key_name", OwnerKeyController, :get_key
       post "/owner_keys_for_voucher", OwnershipVoucherController, :owner_keys_for_voucher
+      get "/ownership_vouchers", OwnershipVoucherController, :list_ownership_vouchers
       post "/ownership_vouchers", OwnershipVoucherController, :register
     end
 

apps/astarte_pairing/lib/astarte_pairing_web/views/ownership_voucher_view.ex

@@ -0,0 +1,73 @@
+#
+# This file is part of Astarte.
+#
+# Copyright 2026 SECO Mind Srl
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+defmodule Astarte.PairingWeb.OwnershipVoucherView do
+  use Astarte.PairingWeb, :view
+
+  alias Astarte.PairingWeb.OwnershipVoucherView
+  alias Astarte.DataAccess.FDO.OwnershipVoucher
+
+  def render("list_vouchers.json", %{ownership_vouchers: vouchers}) do
+    %{
+      data: render_many(vouchers, OwnershipVoucherView, "ownership_voucher.json")
+    }
+  end
+
+  def render("ownership_voucher.json", %{ownership_voucher: voucher}) do
+    %OwnershipVoucher{
+      guid: guid,
+      replacement_guid: output_guid,
+      voucher_data: input_voucher,
+      output_voucher: output_voucher,
+      status: status
+    } = voucher
+
+    guid = render_one(guid, OwnershipVoucherView, "guid.json", as: :guid)
+    output_guid = render_one(output_guid, OwnershipVoucherView, "guid.json", as: :guid)
+    input_voucher = render_one(input_voucher, OwnershipVoucherView, "binary_voucher.json")
+    output_voucher = render_one(output_voucher, OwnershipVoucherView, "binary_voucher.json")
+
+    %{
+      guid: guid,
+      status: status,
+      output_guid: output_guid,
+      input_voucher: input_voucher,
+      output_voucher: output_voucher
+    }
+  end
+
+  def render("guid.json", %{guid: guid}) do
+    UUID.binary_to_string!(guid)
+  end
+
+  def render("binary_voucher.json", %{ownership_voucher: binary_voucher}) do
+    # PEMs have 64-character long lines
+    encoded =
+      Base.encode64(binary_voucher)
+      |> String.to_charlist()
+      |> Enum.chunk_every(64)
+      |> Enum.intersperse("\n")
+      |> List.flatten()
+
+    """
+    -----BEGIN OWNERSHIP VOUCHER-----
+    #{encoded}
+    -----END OWNERSHIP VOUCHER-----
+    """
+  end
+end

apps/astarte_pairing/test/astarte_pairing_web/controllers/ownership_voucher_controller_test.exs

@@ -232,9 +232,56 @@ defmodule Astarte.PairingWeb.Controllers.OwnershipVoucherControllerTest do
     end
   end
 
+  describe "list_ownership_vouchers/2" do
+    setup :store_sample_voucher
+    setup :add_list_path
+
+    test "returns the list of vouchers for the realm", context do
+      %{auth_conn: conn, path: path} = context
+
+      body =
+        conn
+        |> get(path)
+        |> json_response(200)
+
+      assert [ownership_voucher_result] = body["data"]
+      assert UUID.string_to_binary!(ownership_voucher_result["guid"])
+      assert ownership_voucher_result["status"] == "created"
+      assert ownership_voucher_result["input_voucher"] == @sample_ownership_voucher_pem
+    end
+  end
+
   defp owner_keys_for_voucher_setup(context) do
     %{auth_conn: conn, realm_name: realm_name} = context
     path = ownership_voucher_path(conn, :owner_keys_for_voucher, realm_name)
     %{path: path}
   end
+
+  defp store_sample_voucher(context) do
+    %{auth_conn: conn, realm_name: realm_name} = context
+    %{register_path: path} = register_setup(context)
+    {:ok, owner_cose_key} = COSE.Keys.from_pem(@sample_private_key_pem)
+    {:ok, namespace} = Secrets.create_namespace(realm_name, :es256)
+    :ok = Secrets.import_key(@sample_key_name, :es256, owner_cose_key, namespace: namespace)
+
+    params = %{
+      data: %{
+        "ownership_voucher" => @sample_ownership_voucher_pem,
+        "key_name" => @sample_key_name,
+        "key_algorithm" => "es256"
+      }
+    }
+
+    conn
+    |> post(path, params)
+    |> json_response(200)
+
+    :ok
+  end
+
+  defp add_list_path(context) do
+    %{auth_conn: conn, realm_name: realm_name} = context
+    path = ownership_voucher_path(conn, :list_ownership_vouchers, realm_name)
+    %{path: path}
+  end
 end

libs/astarte_data_access/lib/astarte_data_access/fdo/queries.ex

@@ -58,6 +58,14 @@ defmodule Astarte.DataAccess.FDO.Queries do
     Repo.fetch(query, guid, consistency: consistency)
   end
 
+  def list_ownership_vouchers(realm_name) do
+    keyspace = Realm.keyspace_name(realm_name)
+    consistency = Consistency.domain_model(:read)
+    opts = [consistency: consistency, prefix: keyspace]
+
+    Repo.fetch_all(OwnershipVoucher, opts)
+  end
+
   def get_owner_key_params(realm_name, guid) do
     keyspace_name = Realm.keyspace_name(realm_name)
 

libs/astarte_data_access/test/fdo/queries_test.exs

@@ -201,21 +201,18 @@ defmodule Astarte.DataAccess.FDO.QueriesTest do
     end
   end
 
-  describe "mark_device_as_claimed/2" do
-    setup do
-      guid = :crypto.strong_rand_bytes(16)
-
-      on_exit(fn -> Queries.delete_ownership_voucher(@realm, guid) end)
-
-      Queries.create_ownership_voucher(@realm, %{
-        guid: guid,
-        key_name: "key",
-        key_algorithm: :es256,
-        voucher_data: <<0>>
-      })
+  describe "list_ownership_vouchers/1" do
+    setup :setup_voucher
 
-      %{guid: guid}
+    test "returns the list of vouchers", %{guid: guid} do
+      assert {:ok, vouchers} = Queries.list_ownership_vouchers(@realm)
+      assert Enum.all?(vouchers, &is_struct(&1, OwnershipVoucher))
+      assert Enum.find(vouchers, &(&1.guid == guid))
     end
+  end
+
+  describe "mark_device_as_claimed/2" do
+    setup :setup_voucher
 
     test "updates the status of the ownership voucher", %{guid: guid} do
       opts = [prefix: Realm.keyspace_name(@realm)]
@@ -322,4 +319,19 @@ defmodule Astarte.DataAccess.FDO.QueriesTest do
       key_algorithm: key_algorithm
     }
   end
+
+  defp setup_voucher(_context) do
+    guid = :crypto.strong_rand_bytes(16)
+
+    on_exit(fn -> Queries.delete_ownership_voucher(@realm, guid) end)
+
+    Queries.create_ownership_voucher(@realm, %{
+      guid: guid,
+      key_name: "key",
+      key_algorithm: :es256,
+      voucher_data: <<0>>
+    })
+
+    %{guid: guid}
+  end
 end

libs/astarte_fdo/lib/ownership_voucher/ownership_voucher.ex

@@ -32,6 +32,10 @@ defmodule Astarte.FDO.OwnershipVoucher do
     end
   end
 
+  def list(realm_name) do
+    Queries.list_ownership_vouchers(realm_name)
+  end
+
   def fetch(realm_name, guid) do
     case Queries.get_ownership_voucher(realm_name, guid) do
       {:ok, ownership_voucher_cbor} ->