diff options
-rw-r--r-- | components/authorize/src/authorize_keys.erl | 17 | ||||
-rw-r--r-- | doc/rvi_certificates.md | 8 | ||||
-rw-r--r-- | doc/rvi_protocol.md | 6 | ||||
-rw-r--r-- | priv/config/rvi_debian.config | 2 | ||||
-rwxr-xr-x | scripts/rvi_create_credential.py | 22 | ||||
-rw-r--r-- | scripts/rvi_ctl.template | 3 | ||||
-rwxr-xr-x | scripts/rvi_install | 2 | ||||
-rw-r--r-- | test/rvi_core_SUITE.erl | 8 |
8 files changed, 34 insertions, 34 deletions
diff --git a/components/authorize/src/authorize_keys.erl b/components/authorize/src/authorize_keys.erl index 38dae1c..c2368d5 100644 --- a/components/authorize/src/authorize_keys.erl +++ b/components/authorize/src/authorize_keys.erl @@ -49,7 +49,7 @@ %% cert}). -record(cred, {id, - right_to_register = [], + right_to_receive = [], right_to_invoke = [], validity = [], device_cert, @@ -301,12 +301,12 @@ find_cred_by_service_(Service) -> SvcParts = split_path(strip_prot(Service)), LocalCreds = ets:select(?CREDS, [{ {{local,'_'}, '$1'}, [], ['$1'] }]), ?debug("find_creds_by_service(~p~nLocalCreds = ~p~n", - [Service, [{Id,Reg,Inv} || #cred{id = Id, + [Service, [{Id,Rcv,Inv} || #cred{id = Id, right_to_invoke = Inv, - right_to_register = Reg} <- LocalCreds]]), + right_to_receive = Rcv} <- LocalCreds]]), case lists:foldl( - fun(#cred{right_to_register = Register} = C, {Max, _} = Acc) -> - case match_length(Register, SvcParts) of + fun(#cred{right_to_receive = Receive} = C, {Max, _} = Acc) -> + case match_length(Receive, SvcParts) of L when L > Max -> {L, C}; _ -> @@ -540,8 +540,9 @@ process_cred_struct(Cred, Bin, UTC, Cert) -> process_cred_struct_(Cred, Bin, UTC, DevCert) -> ID = cred_id(Cred), - {ok, Register} = rvi_common:get_json_element( - [{'OR', ["right_to_register", "sources", "register"]}], Cred), + {ok, Receive} = rvi_common:get_json_element( + [{'OR', ["right_to_receive", "right_to_register", + "sources", "register"]}], Cred), {ok, Invoke} = rvi_common:get_json_element( [{'OR', ["right_to_invoke", "destinations", "invoke"]}], Cred), {ok, Start} = rvi_common:get_json_element( @@ -561,7 +562,7 @@ process_cred_struct_(Cred, Bin, UTC, DevCert) -> case check_validity(Start, Stop, UTC) of true -> #cred{id = ID, - right_to_register = Register, + right_to_receive = Receive, right_to_invoke = Invoke, validity = Validity, jwt = Bin, diff --git a/doc/rvi_certificates.md b/doc/rvi_certificates.md index 1d46259..0ba8fc3 100644 --- a/doc/rvi_certificates.md +++ b/doc/rvi_certificates.md @@ -192,7 +192,7 @@ An RVI credential has the following format in its native JSON state: "right_to_invoke": [ "jlr.com/vin/" ], - "right_to_register": [ + "right_to_receive": [ "jlr.com/backend/sota" ], "id": "insecure_cert", @@ -213,7 +213,7 @@ Member | Description --------------------|--------------------- create\_timestamp | Unix timestamp of when the credential was created right\_to\_invoke | A list of service prefixes that the sender has the right to invoke on any node that has registered matching services that start with the given string(s). -right\_to\_register | A list of services that the sender has the right to to register for other nodes to invoke. +right\_to\_receive | A list of services that the sender has the right to to receive remote invocations for from remote nodes. id | A system-wide unique identifier for the credential. iss | The issuing organization. device_certificate | The PEM-encoded device X.509 certificate to match against the sender's TLS certificate. @@ -233,7 +233,7 @@ rvi_create_credential.py --cred_out="insecure_credential.json" \ --root_key=insecure_root_key.pem \ --device_cert=insecure_device_cert.crt \ --invoke='genivi.org/' \ - --register='genivi.org/' + --receive='genivi.org/' ``` The following command line parameters are accepted: @@ -246,7 +246,7 @@ Parameter | Required | Description --root\_key | Yes | Private, PEM-encoded root key to sign the credential. Must be the same key used to sign the root X.509 certificate. --device\_cert | Yes | The PEM-encoded device X.509 certificate to embed into the credential as the device_cert member. --invoke | Yes | Space separated list (within quotes) of RVI service prefixes that the owner of the credential has the right to invoke. ---register | Yes | Space separated list (within quotes) of RVI service prefixes that the owner of the credential has the right to register for others to call (with the right credential). +--receive | Yes | Space separated list (within quotes) of RVI service prefixes that the owner of the credential has the right to have invoked by other nodes (with the right credential). --start | No | The Unix timestamps when the credential becomes active. --stop | No | The Unix timestamps when the credential becomes inactive. diff --git a/doc/rvi_protocol.md b/doc/rvi_protocol.md index 85c3290..e001499 100644 --- a/doc/rvi_protocol.md +++ b/doc/rvi_protocol.md @@ -20,7 +20,7 @@ created as described in [rvi_certificates.md](rvi_certificates.md). # FEATURES COVERED BY PROTOCOL 1. **Authorization**<br> Prove to the remote RVI node that the local RVI node has the right to -invoke a set of services, and the right to register another set of services. +invoke a set of services, and the right to receive invocations of another set of services. 2. **Service Discovery**<br> Announce to the remote RVI node local RVI services which the remote node @@ -83,7 +83,7 @@ authentication. 3. **RVI credentials (JWT)**<br> Describes the services that the device has the right to invoke and the -services that the device has right to register. +services that the device has right to have invoked by remote nodes. Embeds the device X.509 certificate as a PEM-encoded string. Signed by root cert. @@ -128,7 +128,7 @@ client-server terminology only denotes who initiates the connection ## Authorize command The ```authorize``` command contains a list of RVI credentials, each specifying a set of services that the sender has the right to invoke on the receiving node, -and a set of services that the sender has the right to register. +and a set of services that the sender has the right to have invoked. ```json {"cmd" : "au", diff --git a/priv/config/rvi_debian.config b/priv/config/rvi_debian.config index 4e1eeb5..210b011 100644 --- a/priv/config/rvi_debian.config +++ b/priv/config/rvi_debian.config @@ -143,7 +143,7 @@ LogLevel = Env("RVI_LOGLEVEL", notice). %% value unless all services add a system-wide unique name %% to it. %% - { node_service_prefix, "genivi.org/vin/$rvi_uuid(default_vin)/"}, + { node_service_prefix, "$rvi_file(/etc/rvi/device_id,genivi.org/node/default_id)/"}, %% Routing rules determine how to get a message targeting a specific diff --git a/scripts/rvi_create_credential.py b/scripts/rvi_create_credential.py index 2fa5cce..329d279 100755 --- a/scripts/rvi_create_credential.py +++ b/scripts/rvi_create_credential.py @@ -77,7 +77,7 @@ def read_x509_cert_pem_file(file_name): def usage(): - print "Usage:", sys.argv[0], "--id=<id> --invoke='<services>' -register='<services>' \\" + print "Usage:", sys.argv[0], "--id=<id> --invoke='<services>' -receive='<services>' \\" print " --root_key=<file> --start='<date/time>' --stop='<date/time>' \\" print " --out=<file>" print @@ -85,8 +85,8 @@ def usage(): print print " --invoke='<services>' Right to invoke service. Space separate multiple services." print - print " --register='<services>' Right to register service. Space separate multiple services." - print " At least one --invoke or --register must be given." + print " --receive='<services>' Right to receive service invocations. Space separate multiple services." + print " At least one --invoke or --receive must be given." print print " --root_key=<file> Private, PEM-encoded root key to sign credential with" print " Mandatory" @@ -123,14 +123,14 @@ def usage(): print " --stop='2020-12-31 23:59:59' \\" print " --root_key=root_key.pem \\" print " --issuer=GENIVI \\" - print " --register='genivi.org/vin/abc/unlock genivi.org/vin/abc/lock' \\" + print " --receive='genivi.org/vin/abc/unlock genivi.org/vin/abc/lock' \\" print " --invoke='genivi.org/backend/report genivi.org/backend/set_state' \\" print " --jwt_out=lock_cert.jwt \\" print " --cred_out=lock_credential.json" sys.exit(255) try: - opts, args = getopt.getopt(sys.argv[1:], "", [ 'issuer=', 'invoke=', 'register=', + opts, args = getopt.getopt(sys.argv[1:], "", [ 'issuer=', 'invoke=', 'receive=', 'root_key=', 'start=', 'stop=', 'cred_out=', 'id=', 'jwt_out=', 'device_cert=']) @@ -145,7 +145,7 @@ stop=int(time.time()) + 86400 * 365 issuer=None invoke=None -register=None +receive=None root_key=None device_cert=None jwt_out_file=None @@ -186,8 +186,8 @@ for o, a in opts: elif o == '--invoke': invoke=a.split(' ') - elif o == '--register': - register=a.split(' ') + elif o == '--receive': + receive=a.split(' ') elif o == '--id': id_string=a @@ -218,9 +218,9 @@ for o, a in opts: if jwt_out_file == None: jwt_out_file = sys.stdout -if not invoke and not register: +if not invoke and not receive: print - print "At least one --invoke or --register service must be specified." + print "At least one --invoke or --receive service must be specified." print usage() @@ -255,7 +255,7 @@ if not id_string: cred = { 'iss': issuer, 'id': id_string, - 'right_to_register': register, + 'right_to_receive': receive, 'right_to_invoke': invoke, 'create_timestamp': int(time.time()), 'device_cert': device_cert, diff --git a/scripts/rvi_ctl.template b/scripts/rvi_ctl.template index c6c8875..82ae11b 100644 --- a/scripts/rvi_ctl.template +++ b/scripts/rvi_ctl.template @@ -20,8 +20,7 @@ echo ${ERL:=erl} > /dev/null usage() { - echo "Usage: $0 -d config_dir [-c config_file] -l log_dir \\" - echo " start|stop|console|attach|ping" + echo "Usage: $0 [-c config_file] start|stop|console|attach|ping" echo echo " -c config_file Configuration file to launch rvi node with." echo " Mandatory for start and console. Ignored for" diff --git a/scripts/rvi_install b/scripts/rvi_install index 7f6207e..886caa3 100755 --- a/scripts/rvi_install +++ b/scripts/rvi_install @@ -163,7 +163,7 @@ CREDENTIALS --root_key=root_key.pem \\ --device_cert=device_cert.crt \\ --invoke='genivi.org/' \\ - --register='genivi.org/' + --receive='genivi.org/' Provide the generated credential.jwt file as a '-c' argument to rvi_install. diff --git a/test/rvi_core_SUITE.erl b/test/rvi_core_SUITE.erl index 63a36ca..52c262b 100644 --- a/test/rvi_core_SUITE.erl +++ b/test/rvi_core_SUITE.erl @@ -643,7 +643,7 @@ generate_cred(sample, KeyDir, CredDir, _Config) -> " --start='", Start, "'" " --stop='", Stop, "'" " --root_key=", root_keys(), "/root_key.pem" - " --register='jlr.com/vin/abc/unlock jlr.com/vin/abc/lock'" + " --receive='jlr.com/vin/abc/unlock jlr.com/vin/abc/lock'" " --invoke='jlr.com/backend/set_state'" " --jwt_out=", CredDir, "/lock_cred.jwt" " --cred_out=", KeyDir, "/lock_cred.json"]), @@ -658,7 +658,7 @@ generate_cred(backend, KeyDir, CertDir, _Config) -> " --start='", Start, "'" " --stop='", Stop, "'" " --root_key=", root_keys(), "/root_key.pem" - " --register='jlr.com'" + " --receive='jlr.com'" " --invoke='jlr.com'" " --jwt_out=", CertDir, "/backend_cred.jwt" " --cred_out=", KeyDir, "/backend_cred.json"]), @@ -676,7 +676,7 @@ generate_sota_cred(sample, KeyDir, CredDir, _Config) -> " --start='", Start, "'" " --stop='", Stop, "'" " --root_key=", root_keys(), "/root_key.pem" - " --register='jlr.com/vin/abc/store'" + " --receive='jlr.com/vin/abc/store'" " --invoke='jlr.com/backend/set_state'" " --jwt_out=", CredDir, "/sota_cred.jwt" " --cred_out=", KeyDir, "/sota_cred.json"]), @@ -691,7 +691,7 @@ generate_sota_cred(backend, KeyDir, CertDir, _Config) -> " --start='", Start, "'" " --stop='", Stop, "'" " --root_key=", root_keys(), "/root_key.pem" - " --register='jlr.com'" + " --receive='jlr.com'" " --invoke='jlr.com'" " --jwt_out=", CertDir, "/sota_backend_cred.jwt" " --cred_out=", KeyDir, "/sota_backend_cred.json"]), |