def test_oscore_filebased(self):
from aiocoap.oscore import FilesystemSecurityContext
raw = {
'coap://some-oscore-host/*': {
'oscore': {
'contextfile':
__file__.replace('test_credentials.py',
'test_credentials_oscore_context/'),
'role':
'client'
}
},
'coaps://some-dtls-host/*': {
'dtls': {
'psk': {
'hex': '73-65-63-72-65-74-50-53-4b'
},
'client-identity': b'Client_identity'
}
}
}
m = CredentialsMap()
m.load_from_dict(raw)
message = Message(code=GET,
uri='coap://some-oscore-host/.well-known/core')
secmatch = m.credentials_from_request(message)
self.assertEqual(type(secmatch), FilesystemSecurityContext)
def test_oscore_filebased(self):
from aiocoap.oscore import FilesystemSecurityContext
raw = {
'coap://some-oscore-host/*': {'oscore': {'contextfile': __file__.replace('test_credentials.py', 'test_credentials_oscore_context/'), 'role': 'client'}},
'coaps://some-dtls-host/*': {'dtls': {'psk': {'hex': '73-65-63-72-65-74-50-53-4b'}, 'client-identity': b'Client_identity'}}
}
m = CredentialsMap()
m.load_from_dict(raw)
message = Message(code=GET, uri='coap://some-oscore-host/.well-known/core')
secmatch = m.credentials_from_request(message)
self.assertEqual(type(secmatch), FilesystemSecurityContext)
def test_dtls(self):
raw = {
'coaps://some-dtls-host/*': {'dtls': {'psk': {'hex': '73-65-63-72-65-74-50-53-4b'}, 'client-identity': b'Client_identity'}}
}
m = CredentialsMap()
m.load_from_dict(raw)
# note we can use the slash-free version here and still get the result
# for //some-host/* due to the URI normalization rules
message = Message(code=GET, uri='coaps://some-dtls-host')
secmatch = m.credentials_from_request(message)
self.assertEqual(type(secmatch), DTLS)
self.assertEqual(secmatch.psk, b'secretPSK')
self.assertEqual(secmatch.client_identity, b'Client_identity')
def keystore_aiocoap_oscore_credentials(keystore: Keystore) -> CredentialsMap:
root_address = ipaddress.ip_address(hostname_to_ips[root_node])
addresses = [addr for addr in keystore.list_addresses() if addr != root_address]
server_credentials_dict = {
f":{keystore.oscore_ident(addr).hex()}": {
"oscore": {
"contextfile": f"{keystore.key_dir}/oscore-contexts/{keystore.oscore_ident(addr).hex()}/"
}
}
for addr in addresses
}
# TODO: Fix this so it works
# In order for messages sent from this application to others to be protected
# we need to add this additional credential link in
client_credentials_dict = {
f"coap://{addr}/*": f":{keystore.oscore_ident(addr).hex()}"
for addr in addresses
}
server_credentials = CredentialsMap()
server_credentials.load_from_dict({**server_credentials_dict, **client_credentials_dict})
logger.debug("Credentials:")
for k, item in server_credentials.items():
logger.debug(f"{k}:")
if isinstance(item, CredentialReference):
logger.debug(f"\tRef : {item.target}")
else:
logger.debug(f"\tSender ID : {item.sender_id.hex()}")
logger.debug(f"\tSender Key : {item.sender_key.hex()}")
logger.debug(f"\tRecipient ID : {item.recipient_id.hex()}")
logger.debug(f"\tRecipient Key: {item.recipient_key.hex()}")
logger.debug(f"\tCommon IV : {item.common_iv.hex()}")
return server_credentials
def test_dtls(self):
raw = {
'coaps://some-dtls-host/*': {
'dtls': {
'psk': {
'hex': '73-65-63-72-65-74-50-53-4b'
},
'client-identity': b'Client_identity'
}
}
}
m = CredentialsMap()
m.load_from_dict(raw)
# note we can use the slash-free version here and still get the result
# for //some-host/* due to the URI normalization rules
message = Message(code=GET, uri='coaps://some-dtls-host')
secmatch = m.credentials_from_request(message)
self.assertEqual(type(secmatch), DTLS)
self.assertEqual(secmatch.psk, b'secretPSK')
self.assertEqual(secmatch.client_identity, b'Client_identity')
def test_load_empty(self):
raw = {}
m = CredentialsMap()
m.load_from_dict(raw)
self.assertEqual(type(m), CredentialsMap)
self.assertEqual(len(m), 0)
def test_load_empty(self):
raw = {}
m = CredentialsMap()
m.load_from_dict(raw)
self.assertEqual(type(m), CredentialsMap)
self.assertEqual(len(m), 0)