diff options
-rw-r--r-- | doc/rvi_certificates.md | 8 | ||||
-rw-r--r-- | doc/rvi_protocol.md | 6 | ||||
-rw-r--r-- | priv/config/rvi_debian.config | 2 | ||||
-rwxr-xr-x | scripts/rvi_create_credential.py | 22 | ||||
-rw-r--r-- | scripts/rvi_ctl.template | 3 | ||||
-rwxr-xr-x | scripts/rvi_install | 2 |
6 files changed, 21 insertions, 22 deletions
diff --git a/doc/rvi_certificates.md b/doc/rvi_certificates.md index 1d46259..0ba8fc3 100644 --- a/doc/rvi_certificates.md +++ b/doc/rvi_certificates.md @@ -192,7 +192,7 @@ An RVI credential has the following format in its native JSON state: "right_to_invoke": [ "jlr.com/vin/" ], - "right_to_register": [ + "right_to_receive": [ "jlr.com/backend/sota" ], "id": "insecure_cert", @@ -213,7 +213,7 @@ Member | Description --------------------|--------------------- create\_timestamp | Unix timestamp of when the credential was created right\_to\_invoke | A list of service prefixes that the sender has the right to invoke on any node that has registered matching services that start with the given string(s). -right\_to\_register | A list of services that the sender has the right to to register for other nodes to invoke. +right\_to\_receive | A list of services that the sender has the right to to receive remote invocations for from remote nodes. id | A system-wide unique identifier for the credential. iss | The issuing organization. device_certificate | The PEM-encoded device X.509 certificate to match against the sender's TLS certificate. @@ -233,7 +233,7 @@ rvi_create_credential.py --cred_out="insecure_credential.json" \ --root_key=insecure_root_key.pem \ --device_cert=insecure_device_cert.crt \ --invoke='genivi.org/' \ - --register='genivi.org/' + --receive='genivi.org/' ``` The following command line parameters are accepted: @@ -246,7 +246,7 @@ Parameter | Required | Description --root\_key | Yes | Private, PEM-encoded root key to sign the credential. Must be the same key used to sign the root X.509 certificate. --device\_cert | Yes | The PEM-encoded device X.509 certificate to embed into the credential as the device_cert member. --invoke | Yes | Space separated list (within quotes) of RVI service prefixes that the owner of the credential has the right to invoke. ---register | Yes | Space separated list (within quotes) of RVI service prefixes that the owner of the credential has the right to register for others to call (with the right credential). +--receive | Yes | Space separated list (within quotes) of RVI service prefixes that the owner of the credential has the right to have invoked by other nodes (with the right credential). --start | No | The Unix timestamps when the credential becomes active. --stop | No | The Unix timestamps when the credential becomes inactive. diff --git a/doc/rvi_protocol.md b/doc/rvi_protocol.md index 85c3290..e001499 100644 --- a/doc/rvi_protocol.md +++ b/doc/rvi_protocol.md @@ -20,7 +20,7 @@ created as described in [rvi_certificates.md](rvi_certificates.md). # FEATURES COVERED BY PROTOCOL 1. **Authorization**<br> Prove to the remote RVI node that the local RVI node has the right to -invoke a set of services, and the right to register another set of services. +invoke a set of services, and the right to receive invocations of another set of services. 2. **Service Discovery**<br> Announce to the remote RVI node local RVI services which the remote node @@ -83,7 +83,7 @@ authentication. 3. **RVI credentials (JWT)**<br> Describes the services that the device has the right to invoke and the -services that the device has right to register. +services that the device has right to have invoked by remote nodes. Embeds the device X.509 certificate as a PEM-encoded string. Signed by root cert. @@ -128,7 +128,7 @@ client-server terminology only denotes who initiates the connection ## Authorize command The ```authorize``` command contains a list of RVI credentials, each specifying a set of services that the sender has the right to invoke on the receiving node, -and a set of services that the sender has the right to register. +and a set of services that the sender has the right to have invoked. ```json {"cmd" : "au", diff --git a/priv/config/rvi_debian.config b/priv/config/rvi_debian.config index 4e1eeb5..210b011 100644 --- a/priv/config/rvi_debian.config +++ b/priv/config/rvi_debian.config @@ -143,7 +143,7 @@ LogLevel = Env("RVI_LOGLEVEL", notice). %% value unless all services add a system-wide unique name %% to it. %% - { node_service_prefix, "genivi.org/vin/$rvi_uuid(default_vin)/"}, + { node_service_prefix, "$rvi_file(/etc/rvi/device_id,genivi.org/node/default_id)/"}, %% Routing rules determine how to get a message targeting a specific diff --git a/scripts/rvi_create_credential.py b/scripts/rvi_create_credential.py index 2fa5cce..329d279 100755 --- a/scripts/rvi_create_credential.py +++ b/scripts/rvi_create_credential.py @@ -77,7 +77,7 @@ def read_x509_cert_pem_file(file_name): def usage(): - print "Usage:", sys.argv[0], "--id=<id> --invoke='<services>' -register='<services>' \\" + print "Usage:", sys.argv[0], "--id=<id> --invoke='<services>' -receive='<services>' \\" print " --root_key=<file> --start='<date/time>' --stop='<date/time>' \\" print " --out=<file>" print @@ -85,8 +85,8 @@ def usage(): print print " --invoke='<services>' Right to invoke service. Space separate multiple services." print - print " --register='<services>' Right to register service. Space separate multiple services." - print " At least one --invoke or --register must be given." + print " --receive='<services>' Right to receive service invocations. Space separate multiple services." + print " At least one --invoke or --receive must be given." print print " --root_key=<file> Private, PEM-encoded root key to sign credential with" print " Mandatory" @@ -123,14 +123,14 @@ def usage(): print " --stop='2020-12-31 23:59:59' \\" print " --root_key=root_key.pem \\" print " --issuer=GENIVI \\" - print " --register='genivi.org/vin/abc/unlock genivi.org/vin/abc/lock' \\" + print " --receive='genivi.org/vin/abc/unlock genivi.org/vin/abc/lock' \\" print " --invoke='genivi.org/backend/report genivi.org/backend/set_state' \\" print " --jwt_out=lock_cert.jwt \\" print " --cred_out=lock_credential.json" sys.exit(255) try: - opts, args = getopt.getopt(sys.argv[1:], "", [ 'issuer=', 'invoke=', 'register=', + opts, args = getopt.getopt(sys.argv[1:], "", [ 'issuer=', 'invoke=', 'receive=', 'root_key=', 'start=', 'stop=', 'cred_out=', 'id=', 'jwt_out=', 'device_cert=']) @@ -145,7 +145,7 @@ stop=int(time.time()) + 86400 * 365 issuer=None invoke=None -register=None +receive=None root_key=None device_cert=None jwt_out_file=None @@ -186,8 +186,8 @@ for o, a in opts: elif o == '--invoke': invoke=a.split(' ') - elif o == '--register': - register=a.split(' ') + elif o == '--receive': + receive=a.split(' ') elif o == '--id': id_string=a @@ -218,9 +218,9 @@ for o, a in opts: if jwt_out_file == None: jwt_out_file = sys.stdout -if not invoke and not register: +if not invoke and not receive: print - print "At least one --invoke or --register service must be specified." + print "At least one --invoke or --receive service must be specified." print usage() @@ -255,7 +255,7 @@ if not id_string: cred = { 'iss': issuer, 'id': id_string, - 'right_to_register': register, + 'right_to_receive': receive, 'right_to_invoke': invoke, 'create_timestamp': int(time.time()), 'device_cert': device_cert, diff --git a/scripts/rvi_ctl.template b/scripts/rvi_ctl.template index c6c8875..82ae11b 100644 --- a/scripts/rvi_ctl.template +++ b/scripts/rvi_ctl.template @@ -20,8 +20,7 @@ echo ${ERL:=erl} > /dev/null usage() { - echo "Usage: $0 -d config_dir [-c config_file] -l log_dir \\" - echo " start|stop|console|attach|ping" + echo "Usage: $0 [-c config_file] start|stop|console|attach|ping" echo echo " -c config_file Configuration file to launch rvi node with." echo " Mandatory for start and console. Ignored for" diff --git a/scripts/rvi_install b/scripts/rvi_install index 7f6207e..886caa3 100755 --- a/scripts/rvi_install +++ b/scripts/rvi_install @@ -163,7 +163,7 @@ CREDENTIALS --root_key=root_key.pem \\ --device_cert=device_cert.crt \\ --invoke='genivi.org/' \\ - --register='genivi.org/' + --receive='genivi.org/' Provide the generated credential.jwt file as a '-c' argument to rvi_install. |