summaryrefslogtreecommitdiff
path: root/components/authorize/src/authorize_rpc.erl
diff options
context:
space:
mode:
Diffstat (limited to 'components/authorize/src/authorize_rpc.erl')
-rw-r--r--components/authorize/src/authorize_rpc.erl65
1 files changed, 27 insertions, 38 deletions
diff --git a/components/authorize/src/authorize_rpc.erl b/components/authorize/src/authorize_rpc.erl
index 54a9657..c91b216 100644
--- a/components/authorize/src/authorize_rpc.erl
+++ b/components/authorize/src/authorize_rpc.erl
@@ -112,7 +112,7 @@ authorize_local_message(CompSpec, Service, Params) ->
rvi_common:request(authorize, ?MODULE, authorize_local_message,
[{service, Service},
{parameters, Params}],
- [status, signature], CompSpec).
+ [status], CompSpec).
authorize_remote_message(CompSpec, Service, Params) ->
?debug("authorize_rpc:authorize_remote_msg(): service: ~p ~n", [Service]),
@@ -301,17 +301,16 @@ handle_call({rvi, validate_authorization, [JWT, Certs, Conn | [_] = LogId] }, _F
handle_call({store_certs, [Certs, Conn | LogId]}, _From, State) ->
do_store_certs(Certs, Conn, LogId),
{reply, [ok], State};
-handle_call({rvi, authorize_local_message, [Service, Params | LogId] } = R, _From,
- #st{private_key = Key} = State) ->
+handle_call({rvi, authorize_local_message, [Service, _Params | LogId] } = R, _From, State) ->
?debug("authorize_rpc:handle_call(~p)~n", [R]),
case authorize_keys:find_cert_by_service(Service) of
- {ok, {ID, Cert}} ->
- Msg = Params ++ [{<<"certificate">>, Cert}],
- ?debug("authorize_rpc:authorize_local_message~nMsg = ~p~n",
- [authorize_keys:abbrev_payload(Msg)]),
- Sig = authorize_sig:encode_jwt(Msg, Key),
+ {ok, {ID, _Cert}} ->
+ %% Msg = Params ++ [{<<"certificate">>, Cert}],
+ %% ?debug("authorize_rpc:authorize_local_message~nMsg = ~p~n",
+ %% [authorize_keys:abbrev_payload(Msg)]),
+ %% Sig = authorize_sig:encode_jwt(Msg, Key),
log(LogId, "auth msg: Cert=~s", [authorize_keys:abbrev_bin(ID)]),
- {reply, [ok, Sig], State};
+ {reply, [ok], State};
_ ->
log(LogId, "NO CERTS for ~s", [Service]),
{reply, [ not_found ], State}
@@ -324,29 +323,19 @@ handle_call({rvi, authorize_remote_message, [_Service, Params | LogId]},
Timeout = proplists:get_value(timeout, Params),
SvcName = proplists:get_value(service_name, Params),
Parameters = proplists:get_value(parameters, Params),
- Signature = proplists:get_value(signature, Params),
?debug("authorize_rpc:authorize_remote_message(): remote_ip: ~p~n", [IP]),
?debug("authorize_rpc:authorize_remote_message(): remote_port: ~p~n", [Port]),
?debug("authorize_rpc:authorize_remote_message(): timeout: ~p~n", [Timeout]),
?debug("authorize_rpc:authorize_remote_message(): service_name: ~p~n", [SvcName]),
?debug("authorize_rpc:authorize_remote_message(): parameters: ~p~n", [Parameters]),
- ?debug("authorize_rpc:authorize_remote_message(): signature: ~40s~n", [Signature]),
- case authorize_keys:validate_message(
- iolist_to_binary(Signature), {IP, Port}) of
+ case authorize_keys:validate_service_call(SvcName, {IP, Port}) of
invalid ->
- log(LogId, "signature INVALID", []),
+ log(LogId, "remote msg REJECTED", []),
{reply, [ not_found ], State};
- Msg ->
- case check_msg([{"timeout", Timeout},
- {"service_name", SvcName},
- {"parameters", Parameters}], Msg) of
- ok ->
- log(LogId, "params verified", []),
- {reply, [ok], State};
- {error, {mismatch, Bad}} ->
- log(LogId, "params MISMATCH: ~p", [Bad]),
- {reply, [not_found], State}
- end
+ {ok, CertID} ->
+ ?debug("validated Cert ID=~p", [CertID]),
+ log(LogId, "remote msg allowed: Cert=~s", [CertID]),
+ {reply, [ok], State}
end;
handle_call({rvi, filter_by_service, [Services, Conn | _LogId]}, _From, State) ->
@@ -417,8 +406,8 @@ log([ID], Fmt, Args) ->
log(_, _, _) ->
ok.
-check_msg(Checks, Params) ->
- check_msg(Checks, Params, []).
+%% check_msg(Checks, Params) ->
+%% check_msg(Checks, Params, []).
%% {ok, Timeout1} = rvi_common:get_json_element(["timeout"], Msg),
%% {ok, SvcName1} = rvi_common:get_json_element(["service_name"], Msg),
@@ -438,14 +427,14 @@ check_msg(Checks, Params) ->
%% end
%% end;
-check_msg([], _, []) ->
- ok;
-check_msg([{Key, Expect}|T], Msg, Acc) ->
- case rvi_common:get_json_element([Key], Msg) of
- {ok, Expect} ->
- check_msg(T, Msg, Acc);
- _ ->
- check_msg(T, Msg, [Key|Acc])
- end;
-check_msg([], _, [_|_] = Acc) ->
- {error, {mismatch, lists:reverse(Acc)}}.
+%% check_msg([], _, []) ->
+%% ok;
+%% check_msg([{Key, Expect}|T], Msg, Acc) ->
+%% case rvi_common:get_json_element([Key], Msg) of
+%% {ok, Expect} ->
+%% check_msg(T, Msg, Acc);
+%% _ ->
+%% check_msg(T, Msg, [Key|Acc])
+%% end;
+%% check_msg([], _, [_|_] = Acc) ->
+%% {error, {mismatch, lists:reverse(Acc)}}.
View Lorry Controller Status