From 939e1fadc2ceeb512e9a917be79aeafc4aeebb6d Mon Sep 17 00:00:00 2001 From: Jim Schaad Date: Sat, 16 Nov 2019 07:18:22 +0800 Subject: [PATCH] Update to CoAP version 1.6 --- TestServer/AuthZ.cs | 35 ++++++++++++----------- TestServer/AuthorizationEvaluate.cs | 21 +++++++------- TestServer/Program.cs | 43 +++++++++++++++++++---------- TestServer/server.csproj | 2 +- 4 files changed, 59 insertions(+), 42 deletions(-) diff --git a/TestServer/AuthZ.cs b/TestServer/AuthZ.cs index ea59e6c..7046d05 100644 --- a/TestServer/AuthZ.cs +++ b/TestServer/AuthZ.cs @@ -15,6 +15,8 @@ using Com.AugustCellars.WebToken; using Com.AugustCellars.CoAP.Log; using Com.AugustCellars.CoAP.OSCOAP; +using Com.AugustCellars.WebToken.Common; +using Com.AugustCellars.WebToken.CWT; using server; using Request = Com.AugustCellars.CoAP.Request; @@ -66,7 +68,7 @@ public AuthZ(KeySet myKeys, KeySet asSigningKeys, DTLSEndPoint ep) : base("authz ep.TlsEventHandler += AuthzForPsk; } - private List _activeTokens = new List(); + private List _activeTokens = new List(); protected override void DoPost(CoapExchange exchange) { @@ -74,21 +76,21 @@ protected override void DoPost(CoapExchange exchange) exchange.Accept(); Request req = exchange.Request; - CWT cwt = null; + Cwt cwt = null; switch (req.ContentFormat) { case MediaType.Undefined: // No Media type in the message // Don't know if this is correct. - cwt = CWT.Decode(req.Payload, _myKeys, _asSigningKeys); + cwt = Cwt.Decode(req.Payload, _myKeys, _asSigningKeys); break; case MediaType.ApplicationCwt: - cwt = CWT.Decode(req.Payload, _myKeys, _asSigningKeys); + cwt = Cwt.Decode(req.Payload, _myKeys, _asSigningKeys); break; case MediaType.ApplicationAceCbor: CBORObject obj = CBORObject.DecodeFromBytes(req.Payload); - cwt = CWT.Decode(obj[CBORObject.FromObject(Oauth_Parameter.Access_Token.Key)].GetByteString(), _myKeys, _asSigningKeys); + cwt = Cwt.Decode(obj[CBORObject.FromObject(Oauth_Parameter.Access_Token.Key)].GetByteString(), _myKeys, _asSigningKeys); break; default: @@ -111,8 +113,8 @@ protected override void DoPost(CoapExchange exchange) } if (cwt.HasClaim(ClaimId.ExpirationTime)) { - _logger.Info(m => m("Token expires at {0}", cwt.ExperationTime)); - if (cwt.ExperationTime <= DateTime.Now) { + _logger.Info(m => m("Token expires at {0}", cwt.ExpirationTime)); + if (cwt.ExpirationTime <= DateTime.Now) { exchange.Respond(StatusCode.Unauthorized); return; } @@ -163,8 +165,8 @@ protected override void DoPost(CoapExchange exchange) // Is this a CWT that I have already seen? If so then I can safely ignore it - List matches = new List(); - foreach (CWT have in _activeTokens) { + List matches = new List(); + foreach (Cwt have in _activeTokens) { // Exact same token - replay if (have.HasClaim(ClaimId.CwtId) && cwt.HasClaim(ClaimId.CwtId) && have.Issuer == cwt.Issuer && have.CwtId == cwt.CwtId) { @@ -260,9 +262,10 @@ protected override void DoPost(CoapExchange exchange) oscoreContext[CBORObject.FromObject(3)].GetByteString(), newSalt, alg, kdf); - oscoapContext.UserData = new List() {cwt}; + oscoapContext.UserData = new List() {cwt}; Program.OscoapContexts.Add(oscoapContext); - SecurityContextSet.AllContexts.Add(oscoapContext); + + // SecurityContextSet.AllContexts.Add(oscoapContext); CBORObject cborReturn = CBORObject.NewMap(); cborReturn.Add((CBORObject) Oauth_Parameter.CNonce, serverSalt); @@ -270,7 +273,7 @@ protected override void DoPost(CoapExchange exchange) } else if (cwt.Profile == (int) ProfileIds.Coap_Dtls) { OneKey newKey = cwt.Cnf.Key; - newKey.UserData = new List() {cwt}; + newKey.UserData = new List() {cwt}; Program.DtlsValidateKeys.AddKey(newKey); exchange.Respond(StatusCode.Created); @@ -380,12 +383,12 @@ private byte[] TryIntrospection(CoapExchange exchange) OneKey newKey = new OneKey(iResponse.Cnf.Key.AsCBOR()); - CWT cwt = new CWT(); + Cwt cwt = new Cwt(); cwt.Profile = iResponse.Profile; cwt.Cnf = iResponse.Cnf; cwt.Audience = iResponse.Audience; cwt.SetClaim(ClaimId.Scope, iResponse.Scope); - newKey.UserData = new List() {cwt}; + newKey.UserData = new List() {cwt}; byte[] kid = newKey[CoseKeyKeys.KeyIdentifier].GetByteString(); @@ -418,7 +421,7 @@ public void AuthzForPsk(Object obj, TlsEvent tlsEvent) } try { - CWT cwt = CWT.Decode(tlsEvent.PskName, _myKeys, _asSigningKeys); + Cwt cwt = Cwt.Decode(tlsEvent.PskName, _myKeys, _asSigningKeys); // M00TODO - fill in a default value if there is no profile in the token if (cwt.Profile == null) { @@ -433,7 +436,7 @@ public void AuthzForPsk(Object obj, TlsEvent tlsEvent) // M00TODO - Actually process the CWT. OneKey newKey = new OneKey(cwt.Cnf.Key.AsCBOR()); - newKey.UserData = new List {cwt}; + newKey.UserData = new List {cwt}; tlsEvent.KeyValue = newKey; } diff --git a/TestServer/AuthorizationEvaluate.cs b/TestServer/AuthorizationEvaluate.cs index 48b56a0..5ae5944 100644 --- a/TestServer/AuthorizationEvaluate.cs +++ b/TestServer/AuthorizationEvaluate.cs @@ -6,8 +6,9 @@ using Com.AugustCellars.CoAP; using Com.AugustCellars.CoAP.OSCOAP; using Com.AugustCellars.COSE; -using Com.AugustCellars.WebToken; +using Com.AugustCellars.WebToken.CWT; using Com.AugustCellars.CoAP.OAuth; +using Com.AugustCellars.WebToken.Common; namespace TestServer { @@ -16,17 +17,17 @@ class AuthorizationEvaluate public bool CheckAccess(Method operation, string url, OneKey keyIdentity) { - return CheckAccess(operation, url, (List)keyIdentity.UserData); + return CheckAccess(operation, url, (List)keyIdentity.UserData); } public bool CheckAccess(Method operation, string url, SecurityContext context) { - return CheckAccess(operation, url, (List)context.UserData); + return CheckAccess(operation, url, (List)context.UserData); } - public bool CheckAccess(Method operation, string url, List cwtList) + public bool CheckAccess(Method operation, string url, List cwtList) { - foreach (CWT cwt in cwtList) { + foreach (Cwt cwt in cwtList) { if (CheckAccess(operation, url, cwt)) return true; } return false; @@ -34,10 +35,10 @@ public bool CheckAccess(Method operation, string url, List cwtList) public bool CheckAccess(Method operation, string audience, string scope, OneKey context) { - return CheckAccess(operation, audience, scope, (List) context.UserData); + return CheckAccess(operation, audience, scope, (List) context.UserData); } - public bool CheckAccess(Method operation, string url, CWT cwt) + public bool CheckAccess(Method operation, string url, Cwt cwt) { Permission p = new Permission(url, operation); PermissionSet permissionSet = new PermissionSet(cwt.GetClaim(ClaimId.Scope)); @@ -50,17 +51,17 @@ public bool CheckAccess(Method operation, string audience, string scope, Securit return false; } - public bool CheckAccess(Method operation, string audience, string scope, List cwtList) + public bool CheckAccess(Method operation, string audience, string scope, List cwtList) { if (cwtList == null) return false; - foreach (CWT cwt in cwtList) { + foreach (Cwt cwt in cwtList) { if (CheckAccess(operation, scope, cwt)) return true; } return false; } - public bool CheckAccess(Method operation, string audience, string scope, CWT cwt) + public bool CheckAccess(Method operation, string audience, string scope, Cwt cwt) { Permission p = new Permission(scope, operation); PermissionSet permissionSet = new PermissionSet(cwt.GetClaim(ClaimId.Scope)); diff --git a/TestServer/Program.cs b/TestServer/Program.cs index a07f223..b8be952 100644 --- a/TestServer/Program.cs +++ b/TestServer/Program.cs @@ -1,5 +1,4 @@ using System; -using System.CodeDom; using System.IO; using System.Linq; using System.Net; @@ -10,6 +9,7 @@ using Com.AugustCellars.CoAP; using Com.AugustCellars.CoAP.DTLS; using Com.AugustCellars.CoAP.Log; +using Com.AugustCellars.CoAP.Net; using Com.AugustCellars.CoAP.Server; using Com.AugustCellars.CoAP.Server.Resources; #if DEV_VERSION @@ -21,7 +21,6 @@ using Com.AugustCellars.COSE; using Com.AugustCellars.CoAP.OSCOAP; using PeterO.Cbor; -using Com.AugustCellars.CoAP.Net; #if INCLUDE_RD using Com.AugustCellars.CoAP.ResourceDirectory; #endif @@ -63,7 +62,7 @@ class Program private static readonly TlsKeyPairSet DtlsSignKeys = new TlsKeyPairSet(); public static readonly KeySet DtlsValidateKeys = new KeySet(); private static readonly KeySet edhocKeys = new KeySet(); - private static OneKey edhocSign = null; + private static OneKey edhocSign; public static SecurityContextSet OscoapContexts; @@ -94,17 +93,29 @@ static void GenerateKeys(string fileName) for (int i = 0; i < 4; i++) { key = new OneKey(); key.Add(CoseKeyKeys.KeyType, GeneralValues.KeyType_Octet); - if (i == 3) key.Add(CoseKeyKeys.KeyIdentifier, CBORObject.FromObject(Encoding.UTF8.GetBytes("Key#2"))); - else + if (i == 3) { + key.Add(CoseKeyKeys.KeyIdentifier, CBORObject.FromObject(Encoding.UTF8.GetBytes("Key#2"))); + } + else { key.Add(CoseKeyKeys.KeyIdentifier, - CBORObject.FromObject(Encoding.UTF8.GetBytes("Key#" + i.ToString()))); - if (i == 3) key.Add(CoseKeyKeys.Algorithm, AlgorithmValues.AES_CCM_64_128_128); - else key.Add(CoseKeyKeys.Algorithm, AlgorithmValues.AES_CCM_64_64_128); + CBORObject.FromObject(Encoding.UTF8.GetBytes("Key#" + i.ToString()))); + } + + if (i == 3) { + key.Add(CoseKeyKeys.Algorithm, AlgorithmValues.AES_CCM_64_128_128); + } + else { + key.Add(CoseKeyKeys.Algorithm, AlgorithmValues.AES_CCM_64_64_128); + } + key.Add(CBORObject.FromObject("KDF"), AlgorithmValues.dir_kdf); key.Add(CBORObject.FromObject("SenderID"), CBORObject.FromObject(Encoding.UTF8.GetBytes("client"))); key.Add(CBORObject.FromObject("RecipID"), CBORObject.FromObject(Encoding.UTF8.GetBytes("server"))); byte[] keyValue = new byte[35]; - for (int j = 0; j < keyValue.Length; j++) keyValue[j] = (byte) (((i + 1) * (j + 1))); + for (int j = 0; j < keyValue.Length; j++) { + keyValue[j] = (byte) (((i + 1) * (j + 1))); + } + key.Add(CoseKeyParameterKeys.Octet_k, CBORObject.FromObject(keyValue)); keys.AddKey(key); @@ -121,6 +132,8 @@ static void GenerateKeys(string fileName) static KeySet CwtVerifiers = new KeySet(); + static SecurityContextSet ProgramContexts = new SecurityContextSet(); + static KeySet LoadKeys(string fileName) { if (fileName == null) fileName = "ServerKeys.cbor"; @@ -145,7 +158,7 @@ static KeySet LoadKeys(string fileName) key[CBORObject.FromObject("RecipID")].GetByteString(), key[CBORObject.FromObject("SenderID")].GetByteString(), null, key[CoseKeyKeys.Algorithm]); - SecurityContextSet.AllContexts.Add(ctx); + ProgramContexts.Add(ctx); break; } #if DEV_VERSION @@ -187,7 +200,7 @@ static KeySet LoadKeys(string fileName) new OneKey(recipient["sign"])); } - SecurityContextSet.AllContexts.Add(ctx); + ProgramContexts.Add(ctx); Console.WriteLine(ctx.ToString()); } #endif @@ -242,8 +255,8 @@ static KeySet LoadKeys(string fileName) return keys; } - static EndPoint ServerEndPoint = null; - static bool AsDemon = false; + static EndPoint ServerEndPoint; + static bool AsDemon; static void Main(string[] args) { @@ -426,7 +439,7 @@ static CoapServer SetupServer(ICoapConfig config, EndPoint endPoint, int port, T AceOAuthTest r = new AceOAuthTest("ace-echo", true, true, UseAsServer); r.AuthTokenProcessor = authZ; server.Add(r); - OscoapContexts = SecurityContextSet.AllContexts; + server.SecurityContexts.Add(ProgramContexts); #endif // ep2.Add(new AceOAuthTest("ace/echo", true, true, null)); @@ -470,7 +483,7 @@ static void OnTlsEvent(Object o, TlsEvent e) case TlsEvent.EventCode.ClientCertificate: switch (e.CertificateType) { case CertificateType.X509: - Console.WriteLine($"TLS Event => Client Certificate {((Certificate) e.Certificate).GetCertificateAt(0).SubjectPublicKeyInfo.ToString()}"); + Console.WriteLine($"TLS Event => Client Certificate {((Certificate) e.Certificate).GetCertificateAt(0).SubjectPublicKeyInfo}"); e.Processed = true; break; diff --git a/TestServer/server.csproj b/TestServer/server.csproj index 6fa177d..13cfced 100644 --- a/TestServer/server.csproj +++ b/TestServer/server.csproj @@ -26,7 +26,7 @@ - +