diff options
| author | Ulf Wiger <ulf@feuerlabs.com> | 2016-02-25 12:10:07 -0800 |
|---|---|---|
| committer | Ulf Wiger <ulf@feuerlabs.com> | 2016-02-25 12:10:07 -0800 |
| commit | 840a772a93658eaaddc9c5941b62b95286af5981 (patch) | |
| tree | 17e73ec76f295a31a1654b7ccf84464567c22e36 | |
| parent | 4abf4bc05cac7341e9c80b02dc67e180bb076813 (diff) | |
| parent | e95042b50b95e900ce1b68607a63921cc50eed0d (diff) | |
| download | rvi_core-840a772a93658eaaddc9c5941b62b95286af5981.tar.gz | |
Merge branch 'develop' of github.com:magnusfeuer/rvi_core into uw-right_to_receive
| -rw-r--r-- | doc/rvi_certificates.md | 8 | ||||
| -rw-r--r-- | doc/rvi_protocol.md | 6 | ||||
| -rwxr-xr-x | scripts/rvi_create_credential.py | 22 | ||||
| -rwxr-xr-x | scripts/rvi_install | 2 |
4 files changed, 19 insertions, 19 deletions
diff --git a/doc/rvi_certificates.md b/doc/rvi_certificates.md index 1d46259..0ba8fc3 100644 --- a/doc/rvi_certificates.md +++ b/doc/rvi_certificates.md @@ -192,7 +192,7 @@ An RVI credential has the following format in its native JSON state: "right_to_invoke": [ "jlr.com/vin/" ], - "right_to_register": [ + "right_to_receive": [ "jlr.com/backend/sota" ], "id": "insecure_cert", @@ -213,7 +213,7 @@ Member | Description --------------------|--------------------- create\_timestamp | Unix timestamp of when the credential was created right\_to\_invoke | A list of service prefixes that the sender has the right to invoke on any node that has registered matching services that start with the given string(s). -right\_to\_register | A list of services that the sender has the right to to register for other nodes to invoke. +right\_to\_receive | A list of services that the sender has the right to to receive remote invocations for from remote nodes. id | A system-wide unique identifier for the credential. iss | The issuing organization. device_certificate | The PEM-encoded device X.509 certificate to match against the sender's TLS certificate. @@ -233,7 +233,7 @@ rvi_create_credential.py --cred_out="insecure_credential.json" \ --root_key=insecure_root_key.pem \ --device_cert=insecure_device_cert.crt \ --invoke='genivi.org/' \ - --register='genivi.org/' + --receive='genivi.org/' ``` The following command line parameters are accepted: @@ -246,7 +246,7 @@ Parameter | Required | Description --root\_key | Yes | Private, PEM-encoded root key to sign the credential. Must be the same key used to sign the root X.509 certificate. --device\_cert | Yes | The PEM-encoded device X.509 certificate to embed into the credential as the device_cert member. --invoke | Yes | Space separated list (within quotes) of RVI service prefixes that the owner of the credential has the right to invoke. ---register | Yes | Space separated list (within quotes) of RVI service prefixes that the owner of the credential has the right to register for others to call (with the right credential). +--receive | Yes | Space separated list (within quotes) of RVI service prefixes that the owner of the credential has the right to have invoked by other nodes (with the right credential). --start | No | The Unix timestamps when the credential becomes active. --stop | No | The Unix timestamps when the credential becomes inactive. diff --git a/doc/rvi_protocol.md b/doc/rvi_protocol.md index 85c3290..e001499 100644 --- a/doc/rvi_protocol.md +++ b/doc/rvi_protocol.md @@ -20,7 +20,7 @@ created as described in [rvi_certificates.md](rvi_certificates.md). # FEATURES COVERED BY PROTOCOL 1. **Authorization**<br> Prove to the remote RVI node that the local RVI node has the right to -invoke a set of services, and the right to register another set of services. +invoke a set of services, and the right to receive invocations of another set of services. 2. **Service Discovery**<br> Announce to the remote RVI node local RVI services which the remote node @@ -83,7 +83,7 @@ authentication. 3. **RVI credentials (JWT)**<br> Describes the services that the device has the right to invoke and the -services that the device has right to register. +services that the device has right to have invoked by remote nodes. Embeds the device X.509 certificate as a PEM-encoded string. Signed by root cert. @@ -128,7 +128,7 @@ client-server terminology only denotes who initiates the connection ## Authorize command The ```authorize``` command contains a list of RVI credentials, each specifying a set of services that the sender has the right to invoke on the receiving node, -and a set of services that the sender has the right to register. +and a set of services that the sender has the right to have invoked. ```json {"cmd" : "au", diff --git a/scripts/rvi_create_credential.py b/scripts/rvi_create_credential.py index 2fa5cce..329d279 100755 --- a/scripts/rvi_create_credential.py +++ b/scripts/rvi_create_credential.py @@ -77,7 +77,7 @@ def read_x509_cert_pem_file(file_name): def usage(): - print "Usage:", sys.argv[0], "--id=<id> --invoke='<services>' -register='<services>' \\" + print "Usage:", sys.argv[0], "--id=<id> --invoke='<services>' -receive='<services>' \\" print " --root_key=<file> --start='<date/time>' --stop='<date/time>' \\" print " --out=<file>" print @@ -85,8 +85,8 @@ def usage(): print print " --invoke='<services>' Right to invoke service. Space separate multiple services." print - print " --register='<services>' Right to register service. Space separate multiple services." - print " At least one --invoke or --register must be given." + print " --receive='<services>' Right to receive service invocations. Space separate multiple services." + print " At least one --invoke or --receive must be given." print print " --root_key=<file> Private, PEM-encoded root key to sign credential with" print " Mandatory" @@ -123,14 +123,14 @@ def usage(): print " --stop='2020-12-31 23:59:59' \\" print " --root_key=root_key.pem \\" print " --issuer=GENIVI \\" - print " --register='genivi.org/vin/abc/unlock genivi.org/vin/abc/lock' \\" + print " --receive='genivi.org/vin/abc/unlock genivi.org/vin/abc/lock' \\" print " --invoke='genivi.org/backend/report genivi.org/backend/set_state' \\" print " --jwt_out=lock_cert.jwt \\" print " --cred_out=lock_credential.json" sys.exit(255) try: - opts, args = getopt.getopt(sys.argv[1:], "", [ 'issuer=', 'invoke=', 'register=', + opts, args = getopt.getopt(sys.argv[1:], "", [ 'issuer=', 'invoke=', 'receive=', 'root_key=', 'start=', 'stop=', 'cred_out=', 'id=', 'jwt_out=', 'device_cert=']) @@ -145,7 +145,7 @@ stop=int(time.time()) + 86400 * 365 issuer=None invoke=None -register=None +receive=None root_key=None device_cert=None jwt_out_file=None @@ -186,8 +186,8 @@ for o, a in opts: elif o == '--invoke': invoke=a.split(' ') - elif o == '--register': - register=a.split(' ') + elif o == '--receive': + receive=a.split(' ') elif o == '--id': id_string=a @@ -218,9 +218,9 @@ for o, a in opts: if jwt_out_file == None: jwt_out_file = sys.stdout -if not invoke and not register: +if not invoke and not receive: print - print "At least one --invoke or --register service must be specified." + print "At least one --invoke or --receive service must be specified." print usage() @@ -255,7 +255,7 @@ if not id_string: cred = { 'iss': issuer, 'id': id_string, - 'right_to_register': register, + 'right_to_receive': receive, 'right_to_invoke': invoke, 'create_timestamp': int(time.time()), 'device_cert': device_cert, diff --git a/scripts/rvi_install b/scripts/rvi_install index 7f6207e..886caa3 100755 --- a/scripts/rvi_install +++ b/scripts/rvi_install @@ -163,7 +163,7 @@ CREDENTIALS --root_key=root_key.pem \\ --device_cert=device_cert.crt \\ --invoke='genivi.org/' \\ - --register='genivi.org/' + --receive='genivi.org/' Provide the generated credential.jwt file as a '-c' argument to rvi_install. |