refactor(fdo): re-enable credential reuse logic

Author: AliouneGaye21

libs/astarte_fdo/lib/owner_onboarding.ex

@@ -140,14 +140,16 @@ defmodule Astarte.FDO.OwnerOnboarding do
     with {:ok, ownership_voucher} <- OwnershipVoucher.fetch(realm_name, guid),
          {:ok, owner_key} <- Secrets.get_key_for_guid(realm_name, guid),
          {:ok, owner_public_key} <- OwnershipVoucher.owner_public_key(ownership_voucher) do
-      rendezvous_info = ownership_voucher.header.rendezvous_info
+      next_guid = session.replacement_guid || guid
+      next_rv_info = session.replacement_rv_info || ownership_voucher.header.rendezvous_info
+      next_owner_pub_key = session.replacement_pub_key || owner_public_key
 
       # {:ok, private_key} = COSE.Keys.from_pem(private_key)
 
       connection_credentials = %{
-        guid: guid,
-        rendezvous_info: rendezvous_info,
-        owner_pub_key: owner_public_key,
+        guid: next_guid,
+        rendezvous_info: next_rv_info,
+        owner_pub_key: next_owner_pub_key,
         owner_private_key: owner_key,
         device_info: "owned by astarte - realm #{realm_name}.#{Config.base_url_domain!()}"
       }

libs/astarte_fdo/lib/ownership_voucher/ownership_voucher.ex

@@ -75,11 +75,10 @@ defmodule Astarte.FDO.OwnershipVoucher do
     {:ok, new_voucher}
   end
 
-  def credential_reuse?(_session) do
-    # Credential reuse requires also Owner2Key and/or rv info
-    # to be changed for credential reuse; so far, there is no API to do so,
-    # so it is limited to the guid
-    true
+  def credential_reuse?(session) do
+    is_nil(session.replacement_pub_key) and
+      is_nil(session.replacement_rv_info) and
+      session.replacement_guid == session.guid
   end
 
   @doc """

libs/astarte_fdo/test/astarte_fdo/onboarding/done_test.exs

@@ -31,6 +31,9 @@ defmodule Astarte.FDO.Onboarding.DoneTest do
   alias Astarte.FDO.Core.OwnerOnboarding.Session
   alias Astarte.FDO.OwnerOnboarding
   alias Astarte.FDO.OwnershipVoucher
+  alias Astarte.FDO.Core.OwnershipVoucher, as: OVCore
+
+  alias Astarte.DataAccess.FDO.OwnershipVoucher, as: DataAccessOwnershipVoucher
 
   @wrong_prove_dv_nonce :crypto.strong_rand_bytes(16)
 
@@ -131,8 +134,6 @@ defmodule Astarte.FDO.Onboarding.DoneTest do
       assert voucher.hmac == old_voucher.hmac
     end
 
-    @tag :skip
-    # TODO: re-enable this test when credential reuse logic is implemented.
     test "ensure old voucher is keep when ProveDv nonces match and TO2.done ends successfully without credential reuse ",
          %{
            realm: realm_name,
@@ -155,11 +156,18 @@ defmodule Astarte.FDO.Onboarding.DoneTest do
       {:ok, old_voucher} = OwnershipVoucher.fetch(realm_name, session.guid)
       {:ok, _} = OwnerOnboarding.done(realm_name, session, done_msg)
 
-      {:ok, voucher} = OwnershipVoucher.fetch(realm_name, session.guid)
+      keyspace = Realm.keyspace_name(realm_name)
+
+      ov_record =
+        Repo.get!(DataAccessOwnershipVoucher, session.guid, prefix: keyspace)
+
+      assert ov_record.output_voucher != nil
 
-      assert voucher.entries == []
+      {:ok, output_voucher} =
+        OVCore.decode_cbor(ov_record.output_voucher)
 
-      assert voucher.hmac != old_voucher.hmac
+      assert output_voucher.entries == []
+      assert output_voucher.hmac != old_voucher.hmac
     end
 
     test "returns {:error, :invalid_message} when the ProveDv nonces don't match", %{

libs/astarte_fdo/test/astarte_fdo/owner_onboarding/owner_onboarding_test.exs

@@ -199,8 +199,6 @@ defmodule Astarte.FDO.OwnerOnboarding.OwnerOnboardingTest do
   end
 
   describe "build_owner_service_info_ready/3" do
-    @tag :skip
-    # TODO: re-enable this test when credential reuse logic is implemented.
     test "successfully processes DeviceServiceInfoReady, creates new voucher, and returns OwnerServiceInfoReady",
          %{
            realm: realm_name,