def post(self): access_token = super().request.body # Verify if valid CWT from AS try: decoded = cwt.decode(access_token, key=super().ace_rs.as_public_key) except SignatureVerificationFailed as error: self.set_status(401) self.set_header('Content-Type', 'application/json') self.write(json.dumps([{'error': {'error': str(error)}}])) return # Check if audience claim in token matches audience id of this RS if decoded[Keys.AUD] != super().ace_rs.audience: self.set_status(403) self.set_header('Content-Type', 'application/json') self.write(json.dumps([{'error': 'Audience mismatch'}])) return # Extract PoP CoseKey pop_key = CoseKey.from_cose(decoded[Keys.CNF][Key.COSE_KEY]) # Store token and PoP key id super().ace_rs.token_cache.add_token(token=decoded, pop_key_id=pop_key.key_id) # Inform EDHOC Server about new key super().ace_rs.edhoc_server.add_peer_identity(key_id=pop_key.key_id, key=pop_key.key) self.set_status(201)
async def render_post(self, request): access_token = request.payload # introspect_payload = self.introspect(access_token) # Verify if valid CWT from AS try: decoded = cwt.decode(access_token, key=self.resource_server.as_public_key) except SignatureVerificationFailed as err: return aiocoap.Message(code=aiocoap.UNAUTHORIZED) # Check if audience claim in token matches audience identifier of this resource server if decoded[CK.AUD] != self.resource_server.audience: return aiocoap.Message(code=aiocoap.FORBIDDEN) # Extract PoP Key pop_key = CoseKey.from_cose(decoded[CK.CNF][Cose.COSE_KEY]) # Store token and store by PoP key id self.resource_server.token_cache.add_token(token=decoded, pop_key_id=pop_key.key_id) # Inform EDHOC Server about new key self.resource_server.edhoc_server.add_peer_identity( pop_key.key_id, pop_key.key) return aiocoap.Message(code=aiocoap.CREATED)
async def render_post(self, request): access_token: bytes = request.payload # Verify if CWT from AS is valid try: decoded = cwt.decode(encoded = access_token, key = AceHandler.rs.as_public_key) except SignatureVerificationFailed: return aiocoap.Message(code = Code.UNAUTHORIZED) # Check if audience claim in token matches audience id of this RS. if decoded[Keys.AUD] != AceHandler.rs.audience: return aiocoap.Message(code = Code.FORBIDDEN) # Extract PoP CoseKey. pop_key: CoseKey = CoseKey.from_cose(decoded[Keys.CNF][Key.COSE_KEY]) # Store token and PoP key id. AceHandler.rs.token_cache.add_token(token = decoded, pop_key_id = pop_key.key_id) # Inform EDHOC Server about new key. AceHandler.rs.edhoc_server.add_peer_identity(key_id = pop_key.key_id, key = pop_key.key) logging.info('AuthzInfo returning.') return aiocoap.Message(code = Code.CREATED)
async def authz_info(self, request): # Extract access token access_token = await request.content.read() # introspect_payload = self.introspect(access_token) # Verify if valid CWT from AS try: decoded = cwt.decode(access_token, key=self.as_public_key) except SignatureVerificationFailed as err: return web.Response(status=401, body=dumps({'error': str(err)})) # Check if audience claim in token matches audience identifier of this resource server if decoded[CK.AUD] != self.audience: return web.Response(status=403, body=dumps({'error': 'Audience mismatch'})) # Extract PoP Key pop_key = CoseKey.from_cose(decoded[CK.CNF][Cose.COSE_KEY]) # Store token and store by PoP key id self.token_cache.add_token(token=decoded, pop_key_id=pop_key.key_id) # Inform EDHOC Server about new key self.edhoc_server.add_peer_identity(pop_key.key_id, pop_key.key) return web.Response(status=201)
def test_parse_token(self): key = SigningKey.generate(curve=NIST256p) pk = key.get_verifying_key() cose_key = ecdsa_key_to_cose(pk, kid=b'you-know-that-one') claims = { CK.AUD: 'thatSensor01', CK.SCOPE: 'r', CK.IAT: 234234, CK.CNF: { Key.COSE_KEY: cose_key } } token = cwt.encode(claims, key, kid=b'') print(token.hex()) payload = cwt.decode(token, pk) print(payload)
async def authz_info(self, request): access_token = request.payload # Verify if valid CWT from AS try: decoded = cwt.decode(access_token, key=self.as_public_key) except SignatureVerificationFailed as err: return aiocoap.Message(code=aiocoap.UNAUTHORIZED) # Check if audience claim in token matches audience identifier of this resource server if decoded[CK.AUD] != self.audience: return web.Response(status=403, body=dumps({'error': 'Audience mismatch'})) # Extract PoP Key pop_key = CoseKey.from_cose(decoded[CK.CNF][Cose.COSE_KEY]) # Store token and store by PoP key id self.token_cache.add_token(token=decoded, pop_key_id=pop_key.key_id) # Inform EDHOC Server about new key self.edhoc_server.add_peer_identity(pop_key.key_id, pop_key.key) return aiocoap.Message(code=aiocoap.CREATED)