diff --git a/apier/v1/sessions.go b/apier/v1/sessions.go index 63c18de2b..cc6a48707 100644 --- a/apier/v1/sessions.go +++ b/apier/v1/sessions.go @@ -151,3 +151,13 @@ func (ssv1 *SessionSv1) ReAuthorize(args *utils.SessionFilter, reply *string) er func (ssv1 *SessionSv1) DisconnectPeer(args *utils.DPRArgs, reply *string) error { return ssv1.Ss.BiRPCv1DisconnectPeer(nil, args, reply) } + +// STIRAuthenticate checks the identity using STIR/SHAKEN +func (ssv1 *SessionSv1) STIRAuthenticate(args *sessions.V1STIRAuthenticateArgs, reply *string) error { + return ssv1.Ss.BiRPCv1STIRAuthenticate(nil, args, reply) +} + +// STIRInitiate creates the identity for STIR/SHAKEN +func (ssv1 *SessionSv1) STIRInitiate(args *sessions.V1STIRInitiateArgs, reply *string) error { + return ssv1.Ss.BiRPCv1STIRInitiate(nil, args, reply) +} diff --git a/apier/v1/sessionsbirpc.go b/apier/v1/sessionsbirpc.go index 893505185..eff84a5de 100644 --- a/apier/v1/sessionsbirpc.go +++ b/apier/v1/sessionsbirpc.go @@ -55,6 +55,9 @@ func (ssv1 *SessionSv1) Handlers() map[string]interface{} { utils.SessionSv1ReAuthorize: ssv1.BiRPCV1ReAuthorize, utils.SessionSv1DisconnectPeer: ssv1.BiRPCV1DisconnectPeer, + + utils.SessionSv1STIRAuthenticate: ssv1.BiRPCV1STIRAuthenticate, + utils.SessionSv1STIRInitiate: ssv1.BiRPCV1STIRInitiate, } } @@ -177,3 +180,15 @@ func (ssv1 *SessionSv1) BiRPCV1DisconnectPeer(clnt *rpc2.Client, args *utils.DPRArgs, reply *string) error { return ssv1.Ss.BiRPCv1DisconnectPeer(clnt, args, reply) } + +// BiRPCV1STIRAuthenticate checks the identity using STIR/SHAKEN +func (ssv1 *SessionSv1) BiRPCV1STIRAuthenticate(clnt *rpc2.Client, + args *sessions.V1STIRAuthenticateArgs, reply *string) error { + return ssv1.Ss.BiRPCv1STIRAuthenticate(clnt, args, reply) +} + +// BiRPCV1STIRInitiate creates the identity for STIR/SHAKEN +func (ssv1 *SessionSv1) BiRPCV1STIRInitiate(clnt *rpc2.Client, + args *sessions.V1STIRInitiateArgs, reply *string) error { + return ssv1.Ss.BiRPCv1STIRInitiate(nil, args, reply) +} diff --git a/config/config.go b/config/config.go index 62c7f8db3..77134cfb7 100755 --- a/config/config.go +++ b/config/config.go @@ -158,6 +158,7 @@ func NewDefaultCGRConfig() (cfg *CGRConfig, err error) { cfg.CdreProfiles = make(map[string]*CdreCfg) cfg.analyzerSCfg = new(AnalyzerSCfg) cfg.sessionSCfg = new(SessionSCfg) + cfg.sessionSCfg.STIRCfg = new(STIRcfg) cfg.fsAgentCfg = new(FsAgentCfg) cfg.kamAgentCfg = new(KamAgentCfg) cfg.asteriskAgentCfg = new(AsteriskAgentCfg) diff --git a/config/config_defaults.go b/config/config_defaults.go index 50028ffcd..7181b120b 100755 --- a/config/config_defaults.go +++ b/config/config_defaults.go @@ -367,11 +367,13 @@ const CGRATES_CFG_JSON = ` "terminate_attempts": 5, // attempts to get the session before terminating it "alterable_fields": [], // the session fields that can be updated //"min_dur_low_balance": "5s", // threshold which will trigger low balance warnings for prepaid calls (needs to be lower than debit_interval) - "stir_allowed_attest": ["*any"], // the default attest for stir/shaken authentication <*any|A|B|C> - "stir_payload_maxduration": "-1", // the duration that stir header is valid after it was created - "stir_default_attest": "A", // the default attest level if not mentioned in API - "stir_publickey_path": "", // the path to the public key - "stir_privatekey_path": "", // the path to the private key + "stir": { + "allowed_attest": ["*any"], // the default attest for stir/shaken authentication <*any|A|B|C> + "payload_maxduration": "-1", // the duration that stir header is valid after it was created + "default_attest": "A", // the default attest level if not mentioned in API + "publickey_path": "", // the path to the public key + "privatekey_path": "", // the path to the private key + }, }, diff --git a/config/config_json_test.go b/config/config_json_test.go index 1ec4ba5f8..634c1b77a 100755 --- a/config/config_json_test.go +++ b/config/config_json_test.go @@ -673,32 +673,34 @@ func TestDfCdreJsonCfgs(t *testing.T) { func TestSmgJsonCfg(t *testing.T) { eCfg := &SessionSJsonCfg{ - Enabled: utils.BoolPointer(false), - Listen_bijson: utils.StringPointer("127.0.0.1:2014"), - Chargers_conns: &[]string{}, - Rals_conns: &[]string{}, - Cdrs_conns: &[]string{}, - Resources_conns: &[]string{}, - Thresholds_conns: &[]string{}, - Stats_conns: &[]string{}, - Suppliers_conns: &[]string{}, - Attributes_conns: &[]string{}, - Replication_conns: &[]string{}, - Debit_interval: utils.StringPointer("0s"), - Store_session_costs: utils.BoolPointer(false), - Min_call_duration: utils.StringPointer("0s"), - Max_call_duration: utils.StringPointer("3h"), - Session_ttl: utils.StringPointer("0s"), - Session_indexes: &[]string{}, - Client_protocol: utils.Float64Pointer(1.0), - Channel_sync_interval: utils.StringPointer("0"), - Terminate_attempts: utils.IntPointer(5), - Alterable_fields: &[]string{}, - Stir_allowed_attest: &[]string{utils.META_ANY}, - Stir_payload_maxduration: utils.StringPointer("-1"), - Stir_default_attest: utils.StringPointer("A"), - Stir_privatekey_path: utils.StringPointer(""), - Stir_publickey_path: utils.StringPointer(""), + Enabled: utils.BoolPointer(false), + Listen_bijson: utils.StringPointer("127.0.0.1:2014"), + Chargers_conns: &[]string{}, + Rals_conns: &[]string{}, + Cdrs_conns: &[]string{}, + Resources_conns: &[]string{}, + Thresholds_conns: &[]string{}, + Stats_conns: &[]string{}, + Suppliers_conns: &[]string{}, + Attributes_conns: &[]string{}, + Replication_conns: &[]string{}, + Debit_interval: utils.StringPointer("0s"), + Store_session_costs: utils.BoolPointer(false), + Min_call_duration: utils.StringPointer("0s"), + Max_call_duration: utils.StringPointer("3h"), + Session_ttl: utils.StringPointer("0s"), + Session_indexes: &[]string{}, + Client_protocol: utils.Float64Pointer(1.0), + Channel_sync_interval: utils.StringPointer("0"), + Terminate_attempts: utils.IntPointer(5), + Alterable_fields: &[]string{}, + Stir: &STIRJsonCfg{ + Allowed_attest: &[]string{utils.META_ANY}, + Payload_maxduration: utils.StringPointer("-1"), + Default_attest: utils.StringPointer("A"), + Privatekey_path: utils.StringPointer(""), + Publickey_path: utils.StringPointer(""), + }, } if cfg, err := dfCgrJsonCfg.SessionSJsonCfg(); err != nil { t.Error(err) diff --git a/config/config_test.go b/config/config_test.go index 63f441956..af5ab6ca5 100755 --- a/config/config_test.go +++ b/config/config_test.go @@ -600,30 +600,32 @@ func TestCgrCfgJSONDefaultsCdreProfiles(t *testing.T) { func TestCgrCfgJSONDefaultsSMGenericCfg(t *testing.T) { eSessionSCfg := &SessionSCfg{ - Enabled: false, - ListenBijson: "127.0.0.1:2014", - ChargerSConns: []string{}, - RALsConns: []string{}, - CDRsConns: []string{}, - ResSConns: []string{}, - ThreshSConns: []string{}, - StatSConns: []string{}, - SupplSConns: []string{}, - AttrSConns: []string{}, - ReplicationConns: []string{}, - DebitInterval: 0 * time.Second, - StoreSCosts: false, - MinCallDuration: 0 * time.Second, - MaxCallDuration: 3 * time.Hour, - SessionTTL: 0 * time.Second, - SessionIndexes: utils.StringMap{}, - ClientProtocol: 1.0, - ChannelSyncInterval: 0, - TerminateAttempts: 5, - AlterableFields: utils.NewStringSet([]string{}), - STIRAllowedAttest: utils.NewStringSet([]string{utils.META_ANY}), - STIRPayloadMaxduration: -1, - STIRDefaultAttest: "A", + Enabled: false, + ListenBijson: "127.0.0.1:2014", + ChargerSConns: []string{}, + RALsConns: []string{}, + CDRsConns: []string{}, + ResSConns: []string{}, + ThreshSConns: []string{}, + StatSConns: []string{}, + SupplSConns: []string{}, + AttrSConns: []string{}, + ReplicationConns: []string{}, + DebitInterval: 0 * time.Second, + StoreSCosts: false, + MinCallDuration: 0 * time.Second, + MaxCallDuration: 3 * time.Hour, + SessionTTL: 0 * time.Second, + SessionIndexes: utils.StringMap{}, + ClientProtocol: 1.0, + ChannelSyncInterval: 0, + TerminateAttempts: 5, + AlterableFields: utils.NewStringSet([]string{}), + STIRCfg: &STIRcfg{ + AllowedAttest: utils.NewStringSet([]string{utils.META_ANY}), + PayloadMaxduration: -1, + DefaultAttest: "A", + }, } if !reflect.DeepEqual(eSessionSCfg, cgrCfg.sessionSCfg) { t.Errorf("expecting: %s, received: %s", diff --git a/config/libconfig_json.go b/config/libconfig_json.go index 6acee7a5b..024e1bce4 100755 --- a/config/libconfig_json.go +++ b/config/libconfig_json.go @@ -195,36 +195,32 @@ type EventReaderJsonCfg struct { // SM-Generic config section type SessionSJsonCfg struct { - Enabled *bool - Listen_bijson *string - Chargers_conns *[]string - Rals_conns *[]string - Resources_conns *[]string - Thresholds_conns *[]string - Stats_conns *[]string - Suppliers_conns *[]string - Cdrs_conns *[]string - Replication_conns *[]string - Attributes_conns *[]string - Debit_interval *string - Store_session_costs *bool - Min_call_duration *string - Max_call_duration *string - Session_ttl *string - Session_ttl_max_delay *string - Session_ttl_last_used *string - Session_ttl_usage *string - Session_indexes *[]string - Client_protocol *float64 - Channel_sync_interval *string - Terminate_attempts *int - Alterable_fields *[]string - Min_dur_low_balance *string - Stir_allowed_attest *[]string - Stir_payload_maxduration *string - Stir_default_attest *string - Stir_publickey_path *string - Stir_privatekey_path *string + Enabled *bool + Listen_bijson *string + Chargers_conns *[]string + Rals_conns *[]string + Resources_conns *[]string + Thresholds_conns *[]string + Stats_conns *[]string + Suppliers_conns *[]string + Cdrs_conns *[]string + Replication_conns *[]string + Attributes_conns *[]string + Debit_interval *string + Store_session_costs *bool + Min_call_duration *string + Max_call_duration *string + Session_ttl *string + Session_ttl_max_delay *string + Session_ttl_last_used *string + Session_ttl_usage *string + Session_indexes *[]string + Client_protocol *float64 + Channel_sync_interval *string + Terminate_attempts *int + Alterable_fields *[]string + Min_dur_low_balance *string + Stir *STIRJsonCfg } // FreeSWITCHAgent config section @@ -572,3 +568,11 @@ type ApierJsonCfg struct { Scheduler_conns *[]string Attributes_conns *[]string } + +type STIRJsonCfg struct { + Allowed_attest *[]string + Payload_maxduration *string + Default_attest *string + Publickey_path *string + Privatekey_path *string +} diff --git a/config/sessionscfg.go b/config/sessionscfg.go index ee35bf389..78cbb34ad 100644 --- a/config/sessionscfg.go +++ b/config/sessionscfg.go @@ -74,36 +74,32 @@ func (fs *FsConnCfg) AsMapInterface() map[string]interface{} { } type SessionSCfg struct { - Enabled bool - ListenBijson string - ChargerSConns []string - RALsConns []string - ResSConns []string - ThreshSConns []string - StatSConns []string - SupplSConns []string - AttrSConns []string - CDRsConns []string - ReplicationConns []string - DebitInterval time.Duration - StoreSCosts bool - MinCallDuration time.Duration - MaxCallDuration time.Duration - SessionTTL time.Duration - SessionTTLMaxDelay *time.Duration - SessionTTLLastUsed *time.Duration - SessionTTLUsage *time.Duration - SessionIndexes utils.StringMap - ClientProtocol float64 - ChannelSyncInterval time.Duration - TerminateAttempts int - AlterableFields *utils.StringSet - MinDurLowBalance time.Duration - STIRAllowedAttest *utils.StringSet - STIRPayloadMaxduration time.Duration - STIRDefaultAttest string - STIRPublicKeyPath string - STIRPrivateKeyPath string + Enabled bool + ListenBijson string + ChargerSConns []string + RALsConns []string + ResSConns []string + ThreshSConns []string + StatSConns []string + SupplSConns []string + AttrSConns []string + CDRsConns []string + ReplicationConns []string + DebitInterval time.Duration + StoreSCosts bool + MinCallDuration time.Duration + MaxCallDuration time.Duration + SessionTTL time.Duration + SessionTTLMaxDelay *time.Duration + SessionTTLLastUsed *time.Duration + SessionTTLUsage *time.Duration + SessionIndexes utils.StringMap + ClientProtocol float64 + ChannelSyncInterval time.Duration + TerminateAttempts int + AlterableFields *utils.StringSet + MinDurLowBalance time.Duration + STIRCfg *STIRcfg } func (scfg *SessionSCfg) loadFromJsonCfg(jsnCfg *SessionSJsonCfg) (err error) { @@ -280,56 +276,38 @@ func (scfg *SessionSCfg) loadFromJsonCfg(jsnCfg *SessionSJsonCfg) (err error) { return err } } - if jsnCfg.Stir_allowed_attest != nil { - scfg.STIRAllowedAttest = utils.NewStringSet(*jsnCfg.Stir_allowed_attest) - } - if jsnCfg.Stir_payload_maxduration != nil { - if scfg.STIRPayloadMaxduration, err = utils.ParseDurationWithNanosecs(*jsnCfg.Stir_payload_maxduration); err != nil { - return err - } - } - if jsnCfg.Stir_default_attest != nil { - scfg.STIRDefaultAttest = *jsnCfg.Stir_default_attest - } - if jsnCfg.Stir_publickey_path != nil { - scfg.STIRPublicKeyPath = *jsnCfg.Stir_publickey_path - } - if jsnCfg.Stir_privatekey_path != nil { - scfg.STIRPrivateKeyPath = *jsnCfg.Stir_privatekey_path - } - return nil + return scfg.STIRCfg.loadFromJSONCfg(jsnCfg.Stir) } func (scfg *SessionSCfg) AsMapInterface() map[string]interface{} { return map[string]interface{}{ - utils.EnabledCfg: scfg.Enabled, - utils.ListenBijsonCfg: scfg.ListenBijson, - utils.ChargerSConnsCfg: scfg.ChargerSConns, - utils.RALsConnsCfg: scfg.RALsConns, - utils.ResSConnsCfg: scfg.ResSConns, - utils.ThreshSConnsCfg: scfg.ThreshSConns, - utils.StatSConnsCfg: scfg.StatSConns, - utils.SupplSConnsCfg: scfg.SupplSConns, - utils.AttrSConnsCfg: scfg.AttrSConns, - utils.CDRsConnsCfg: scfg.CDRsConns, - utils.ReplicationConnsCfg: scfg.ReplicationConns, - utils.DebitIntervalCfg: scfg.DebitInterval, - utils.StoreSCostsCfg: scfg.StoreSCosts, - utils.MinCallDurationCfg: scfg.MinCallDuration, - utils.MaxCallDurationCfg: scfg.MaxCallDuration, - utils.SessionTTLCfg: scfg.SessionTTL, - utils.SessionTTLMaxDelayCfg: scfg.SessionTTLMaxDelay, - utils.SessionTTLLastUsedCfg: scfg.SessionTTLLastUsed, - utils.SessionTTLUsageCfg: scfg.SessionTTLUsage, - utils.SessionIndexesCfg: scfg.SessionIndexes.GetSlice(), - utils.ClientProtocolCfg: scfg.ClientProtocol, - utils.ChannelSyncIntervalCfg: scfg.ChannelSyncInterval, - utils.TerminateAttemptsCfg: scfg.TerminateAttempts, - utils.AlterableFieldsCfg: scfg.AlterableFields.AsSlice(), - utils.MinDurLowBalanceCfg: scfg.MinDurLowBalance, - utils.STIRAtestCfg: strings.Join(scfg.STIRAllowedAttest.AsSlice(), utils.NestingSep), - utils.STIRPayloadMaxdurationCfg: scfg.STIRPayloadMaxduration, + utils.EnabledCfg: scfg.Enabled, + utils.ListenBijsonCfg: scfg.ListenBijson, + utils.ChargerSConnsCfg: scfg.ChargerSConns, + utils.RALsConnsCfg: scfg.RALsConns, + utils.ResSConnsCfg: scfg.ResSConns, + utils.ThreshSConnsCfg: scfg.ThreshSConns, + utils.StatSConnsCfg: scfg.StatSConns, + utils.SupplSConnsCfg: scfg.SupplSConns, + utils.AttrSConnsCfg: scfg.AttrSConns, + utils.CDRsConnsCfg: scfg.CDRsConns, + utils.ReplicationConnsCfg: scfg.ReplicationConns, + utils.DebitIntervalCfg: scfg.DebitInterval, + utils.StoreSCostsCfg: scfg.StoreSCosts, + utils.MinCallDurationCfg: scfg.MinCallDuration, + utils.MaxCallDurationCfg: scfg.MaxCallDuration, + utils.SessionTTLCfg: scfg.SessionTTL, + utils.SessionTTLMaxDelayCfg: scfg.SessionTTLMaxDelay, + utils.SessionTTLLastUsedCfg: scfg.SessionTTLLastUsed, + utils.SessionTTLUsageCfg: scfg.SessionTTLUsage, + utils.SessionIndexesCfg: scfg.SessionIndexes.GetSlice(), + utils.ClientProtocolCfg: scfg.ClientProtocol, + utils.ChannelSyncIntervalCfg: scfg.ChannelSyncInterval, + utils.TerminateAttemptsCfg: scfg.TerminateAttempts, + utils.AlterableFieldsCfg: scfg.AlterableFields.AsSlice(), + utils.MinDurLowBalanceCfg: scfg.MinDurLowBalance, + utils.STIRCfg: scfg.STIRCfg.AsMapInterface(), } } @@ -536,3 +514,46 @@ func (aCfg *AsteriskAgentCfg) AsMapInterface() map[string]interface{} { utils.AsteriskConnsCfg: conns, } } + +// STIRcfg the confuguration structure for STIR +type STIRcfg struct { + AllowedAttest *utils.StringSet + PayloadMaxduration time.Duration + DefaultAttest string + PublicKeyPath string + PrivateKeyPath string +} + +func (stirCfg *STIRcfg) loadFromJSONCfg(jsnCfg *STIRJsonCfg) (err error) { + if jsnCfg == nil { + return nil + } + if jsnCfg.Allowed_attest != nil { + stirCfg.AllowedAttest = utils.NewStringSet(*jsnCfg.Allowed_attest) + } + if jsnCfg.Payload_maxduration != nil { + if stirCfg.PayloadMaxduration, err = utils.ParseDurationWithNanosecs(*jsnCfg.Payload_maxduration); err != nil { + return err + } + } + if jsnCfg.Default_attest != nil { + stirCfg.DefaultAttest = *jsnCfg.Default_attest + } + if jsnCfg.Publickey_path != nil { + stirCfg.PublicKeyPath = *jsnCfg.Publickey_path + } + if jsnCfg.Privatekey_path != nil { + stirCfg.PrivateKeyPath = *jsnCfg.Privatekey_path + } + return nil +} + +func (stirCfg *STIRcfg) AsMapInterface() map[string]interface{} { + return map[string]interface{}{ + utils.DefaultAttestCfg: stirCfg.DefaultAttest, + utils.PublicKeyPathCfg: stirCfg.PublicKeyPath, + utils.PrivateKeyPathCfg: stirCfg.PrivateKeyPath, + utils.AllowedAtestCfg: strings.Join(stirCfg.AllowedAttest.AsSlice(), utils.NestingSep), + utils.PayloadMaxdurationCfg: stirCfg.PayloadMaxduration, + } +} diff --git a/data/conf/cgrates/cgrates.json b/data/conf/cgrates/cgrates.json index 26536a45d..c124d046a 100755 --- a/data/conf/cgrates/cgrates.json +++ b/data/conf/cgrates/cgrates.json @@ -164,44 +164,47 @@ // "caches":{ // "partitions": { -// "*destinations": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false}, // destination caching -// "*reverse_destinations": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false}, // reverse destinations index caching -// "*rating_plans": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false}, // rating plans caching -// "*rating_profiles": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false}, // rating profiles caching -// "*actions": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false}, // actions caching -// "*action_plans": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false}, // action plans caching -// "*account_action_plans": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false}, // account action plans index caching -// "*action_triggers": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false}, // action triggers caching -// "*shared_groups": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false}, // shared groups caching -// "*timings": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false}, // timings caching -// "*resource_profiles": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false}, // control resource profiles caching -// "*resources": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false}, // control resources caching -// "*event_resources": {"limit": -1, "ttl": "", "static_ttl": false}, // matching resources to events -// "*statqueue_profiles": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false}, // statqueue profiles -// "*statqueues": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false}, // statqueues with metrics -// "*threshold_profiles": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false}, // control threshold profiles caching -// "*thresholds": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false}, // control thresholds caching -// "*filters": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false}, // control filters caching -// "*supplier_profiles": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false}, // control supplier profile caching -// "*attribute_profiles": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false}, // control attribute profile caching -// "*charger_profiles": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false}, // control charger profile caching -// "*dispatcher_profiles": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false}, // control dispatcher profile caching -// "*dispatcher_hosts": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false}, // control dispatcher hosts caching -// "*resource_filter_indexes" : {"limit": -1, "ttl": "", "static_ttl": false}, // control resource filter indexes caching -// "*stat_filter_indexes" : {"limit": -1, "ttl": "", "static_ttl": false}, // control stat filter indexes caching -// "*threshold_filter_indexes" : {"limit": -1, "ttl": "", "static_ttl": false}, // control threshold filter indexes caching -// "*supplier_filter_indexes" : {"limit": -1, "ttl": "", "static_ttl": false}, // control supplier filter indexes caching -// "*attribute_filter_indexes" : {"limit": -1, "ttl": "", "static_ttl": false}, // control attribute filter indexes caching -// "*charger_filter_indexes" : {"limit": -1, "ttl": "", "static_ttl": false}, // control charger filter indexes caching -// "*dispatcher_filter_indexes" : {"limit": -1, "ttl": "", "static_ttl": false}, // control dispatcher filter indexes caching -// "*dispatcher_routes": {"limit": -1, "ttl": "", "static_ttl": false}, // control dispatcher routes caching -// "*diameter_messages": {"limit": -1, "ttl": "3h", "static_ttl": false}, // diameter messages caching -// "*rpc_responses": {"limit": 0, "ttl": "2s", "static_ttl": false}, // RPC responses caching -// "*closed_sessions": {"limit": -1, "ttl": "10s", "static_ttl": false}, // closed sessions cached for CDRs -// "*cdr_ids": {"limit": -1, "ttl": "10m", "static_ttl": false}, // protects CDRs against double-charging -// "*load_ids": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false}, // control the load_ids for items -// "*rpc_connections": {"limit": -1, "ttl": "", "static_ttl": false}, // RPC connections caching -// "*uch": {"limit": -1, "ttl": "3h", "static_ttl": false}, // User cache +// "*destinations": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false, "replicate": false}, // destination caching +// "*reverse_destinations": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false, "replicate": false}, // reverse destinations index caching +// "*rating_plans": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false, "replicate": false}, // rating plans caching +// "*rating_profiles": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false, "replicate": false}, // rating profiles caching +// "*actions": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false, "replicate": false}, // actions caching +// "*action_plans": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false, "replicate": false}, // action plans caching +// "*account_action_plans": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false, "replicate": false}, // account action plans index caching +// "*action_triggers": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false, "replicate": false}, // action triggers caching +// "*shared_groups": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false, "replicate": false}, // shared groups caching +// "*timings": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false, "replicate": false}, // timings caching +// "*resource_profiles": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false, "replicate": false}, // control resource profiles caching +// "*resources": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false, "replicate": false}, // control resources caching +// "*event_resources": {"limit": -1, "ttl": "", "static_ttl": false, "replicate": false}, // matching resources to events +// "*statqueue_profiles": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false, "replicate": false}, // statqueue profiles +// "*statqueues": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false, "replicate": false}, // statqueues with metrics +// "*threshold_profiles": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false, "replicate": false}, // control threshold profiles caching +// "*thresholds": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false, "replicate": false}, // control thresholds caching +// "*filters": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false, "replicate": false}, // control filters caching +// "*supplier_profiles": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false, "replicate": false}, // control supplier profile caching +// "*attribute_profiles": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false, "replicate": false}, // control attribute profile caching +// "*charger_profiles": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false, "replicate": false}, // control charger profile caching +// "*dispatcher_profiles": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false, "replicate": false}, // control dispatcher profile caching +// "*dispatcher_hosts": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false, "replicate": false}, // control dispatcher hosts caching +// "*resource_filter_indexes" : {"limit": -1, "ttl": "", "static_ttl": false, "replicate": false}, // control resource filter indexes caching +// "*stat_filter_indexes" : {"limit": -1, "ttl": "", "static_ttl": false, "replicate": false}, // control stat filter indexes caching +// "*threshold_filter_indexes" : {"limit": -1, "ttl": "", "static_ttl": false, "replicate": false}, // control threshold filter indexes caching +// "*supplier_filter_indexes" : {"limit": -1, "ttl": "", "static_ttl": false, "replicate": false}, // control supplier filter indexes caching +// "*attribute_filter_indexes" : {"limit": -1, "ttl": "", "static_ttl": false, "replicate": false}, // control attribute filter indexes caching +// "*charger_filter_indexes" : {"limit": -1, "ttl": "", "static_ttl": false, "replicate": false}, // control charger filter indexes caching +// "*dispatcher_filter_indexes" : {"limit": -1, "ttl": "", "static_ttl": false, "replicate": false}, // control dispatcher filter indexes caching +// "*dispatcher_routes": {"limit": -1, "ttl": "", "static_ttl": false, "replicate": false}, // control dispatcher routes caching +// "*dispatcher_loads": {"limit": -1, "ttl": "", "static_ttl": false, "replicate": false}, // control dispatcher load ( in case of *load strategy ) +// "*dispatchers": {"limit": -1, "ttl": "", "static_ttl": false, "replicate": false}, // control dispatcher interface +// "*diameter_messages": {"limit": -1, "ttl": "3h", "static_ttl": false, "replicate": false}, // diameter messages caching +// "*rpc_responses": {"limit": 0, "ttl": "2s", "static_ttl": false, "replicate": false}, // RPC responses caching +// "*closed_sessions": {"limit": -1, "ttl": "10s", "static_ttl": false, "replicate": false}, // closed sessions cached for CDRs +// "*cdr_ids": {"limit": -1, "ttl": "10m", "static_ttl": false, "replicate": false}, // protects CDRs against double-charging +// "*load_ids": {"limit": -1, "ttl": "", "static_ttl": false, "precache": false, "replicate": false}, // control the load_ids for items +// "*rpc_connections": {"limit": -1, "ttl": "", "static_ttl": false, "replicate": false}, // RPC connections caching +// "*uch": {"limit": -1, "ttl": "3h", "static_ttl": false, "replicate": false}, // User cache +// "*stir": {"limit": -1, "ttl": "3h", "static_ttl": false, "replicate": false}, // stirShaken cache keys // }, // "replication_conns": [], // }, @@ -343,6 +346,13 @@ // "terminate_attempts": 5, // attempts to get the session before terminating it // "alterable_fields": [], // the session fields that can be updated // //"min_dur_low_balance": "5s", // threshold which will trigger low balance warnings for prepaid calls (needs to be lower than debit_interval) +// "stir": { +// "allowed_attest": ["*any"], // the default attest for stir/shaken authentication <*any|A|B|C> +// "payload_maxduration": "-1", // the duration that stir header is valid after it was created +// "default_attest": "A", // the default attest level if not mentioned in API +// "publickey_path": "", // the path to the public key +// "privatekey_path": "", // the path to the private key +// }, // }, diff --git a/sessions/libsessions.go b/sessions/libsessions.go index 16b48986f..286c961d9 100644 --- a/sessions/libsessions.go +++ b/sessions/libsessions.go @@ -223,8 +223,8 @@ func (pi *ProcessedStirIdentity) VerifyPayload(originatorTn, originatorURI, dest return } -// NewIdentity returns the identiy for stir header -func NewIdentity(header *utils.PASSporTHeader, payload *utils.PASSporTPayload, prvkeyPath string, timeout time.Duration) (identity string, err error) { +// NewSTIRIdentity returns the identiy for stir header +func NewSTIRIdentity(header *utils.PASSporTHeader, payload *utils.PASSporTPayload, prvkeyPath string, timeout time.Duration) (identity string, err error) { var prvKey interface{} var ok bool if prvKey, ok = engine.Cache.Get(utils.CacheSTIR, prvkeyPath); !ok { @@ -255,6 +255,7 @@ func NewIdentity(header *utils.PASSporTHeader, payload *utils.PASSporTPayload, p return } +// AuthStirShaken autentificates the given identity using STIR/SHAKEN func AuthStirShaken(identity, originatorTn, originatorURI, destinationTn, destinationURI string, attest *utils.StringSet, hdrMaxDur time.Duration) (err error) { var pi *ProcessedStirIdentity @@ -269,3 +270,22 @@ func AuthStirShaken(identity, originatorTn, originatorURI, destinationTn, destin } return pi.VerifyPayload(originatorTn, originatorURI, destinationTn, destinationURI, hdrMaxDur, attest) } + +// V1STIRAuthenticateArgs are the arguments for STIRAuthenticate API +type V1STIRAuthenticateArgs struct { + Attest []string // what attest levels are allowed + DestinationTn string // the expected destination telephone number + DestinationURI string // the expected destination URI; if this is populated the DestinationTn is ignored + Identity string // the identity header + OriginatorTn string // the expected originator telephone number + OriginatorURI string // the expected originator URI; if this is populated the OriginatorTn is ignored + PayloadMaxDuration string // the duration the payload is valid after it's creation +} + +// V1STIRInitiateArgs are the arguments for STIRInitiate API +type V1STIRInitiateArgs struct { + Payload *utils.PASSporTPayload // the STIR payload + PublicKeyPath string // the path to the public key used in the header + PrivateKeyPath string // the private key path + OverwriteIAT bool // if true the IAT from payload is overwrited with the present unix timestamp +} diff --git a/sessions/libsessions_test.go b/sessions/libsessions_test.go index d067ebc44..00f2e1107 100644 --- a/sessions/libsessions_test.go +++ b/sessions/libsessions_test.go @@ -309,3 +309,51 @@ aa+jqv4dwkr/FLEcN1zC76Y/IniI65fId55hVJvN3ORuzUqYEtzD3irmsw== t.Fatal(err) } } + +func TestNewIdentity(t *testing.T) { + payload := &utils.PASSporTPayload{ + ATTest: "A", + Dest: utils.PASSporTDestinationsIdentity{Tn: []string{"1002"}}, + IAT: 1587019822, + Orig: utils.PASSporTOriginsIdentity{Tn: "1001"}, + OrigID: "123456", + } + header := utils.NewPASSporTHeader("https://www.example.org/cert.cer") + prvkeyBuf := []byte(`-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIBIx2HW6dYy5S4wlJUY1J8VxO1un8xr4SHQlT7/UFkktoAoGCCqGSM49 +AwEHoUQDQgAESt8sEh55Yc579vLHjFRWVQO27p4Yaa+jqv4dwkr/FLEcN1zC76Y/ +IniI65fId55hVJvN3ORuzUqYEtzD3irmsw== +-----END EC PRIVATE KEY----- +`) + engine.Cache.Set(utils.CacheSTIR, "https://www.example.org/private.pem", nil, + nil, true, utils.NonTransactional) + + if _, err := NewSTIRIdentity(header, payload, "https://www.example.org/private.pem", time.Second); err == nil { + t.Error("Expected error when creating new identity") + } + + prvKey, err := jwt.ParseECPrivateKeyFromPEM(prvkeyBuf) + if err != nil { + t.Fatal(err) + } + + pubkeyBuf := []byte(`-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAESt8sEh55Yc579vLHjFRWVQO27p4Y +aa+jqv4dwkr/FLEcN1zC76Y/IniI65fId55hVJvN3ORuzUqYEtzD3irmsw== +-----END PUBLIC KEY----- +`) + pubKey, err := jwt.ParseECPublicKeyFromPEM(pubkeyBuf) + if err != nil { + t.Fatal(err) + } + engine.Cache.Set(utils.CacheSTIR, "https://www.example.org/cert.cer", pubKey, + nil, true, utils.NonTransactional) + engine.Cache.Set(utils.CacheSTIR, "https://www.example.org/private.pem", prvKey, + nil, true, utils.NonTransactional) + + if rcv, err := NewSTIRIdentity(header, payload, "https://www.example.org/private.pem", time.Second); err != nil { + t.Error(err) + } else if err := AuthStirShaken(rcv, "1001", "", "1002", "", utils.NewStringSet([]string{utils.META_ANY}), -1); err != nil { + t.Fatal(err) + } +} diff --git a/sessions/sessions.go b/sessions/sessions.go index 47fde4d14..a30591377 100644 --- a/sessions/sessions.go +++ b/sessions/sessions.go @@ -684,9 +684,10 @@ func (sS *SessionS) replicateSessions(cgrID string, psv bool, connIDs []string) ss := sS.getSessions(cgrID, psv) if len(ss) == 0 { // session scheduled to be removed from remote (initiate also the EventStart to avoid the panic) - ss = []*Session{ - &Session{CGRID: cgrID, - EventStart: make(engine.MapEvent)}} + ss = []*Session{{ + CGRID: cgrID, + EventStart: make(engine.MapEvent), + }} } for _, s := range ss { sCln := s.Clone() @@ -2958,13 +2959,13 @@ func (sS *SessionS) BiRPCv1ProcessEvent(clnt rpcclient.ClientConnector, return } if argsFlagsWithParams.HasKey(utils.MetaSTIRAuthenticate) { - attest := sS.cgrCfg.SessionSCfg().STIRAllowedAttest + attest := sS.cgrCfg.SessionSCfg().STIRCfg.AllowedAttest if uattest := ev.GetStringIgnoreErrors(utils.STIRATest); uattest != utils.EmptyString { attest = utils.NewStringSet(strings.Split(uattest, utils.INFIELD_SEP)) } var stirMaxDur time.Duration if stirMaxDur, err = ev.GetDuration(utils.STIRPayloadMaxDuration); err != nil { - stirMaxDur = sS.cgrCfg.SessionSCfg().STIRPayloadMaxduration + stirMaxDur = sS.cgrCfg.SessionSCfg().STIRCfg.PayloadMaxduration } if err = AuthStirShaken(ev.GetStringIgnoreErrors(utils.STIRIdentity), utils.FirstNonEmpty(ev.GetStringIgnoreErrors(utils.STIROriginatorTn), ev.GetStringIgnoreErrors(utils.Account)), @@ -2975,7 +2976,7 @@ func (sS *SessionS) BiRPCv1ProcessEvent(clnt rpcclient.ClientConnector, return utils.NewSTIRError(err.Error()) } } else if argsFlagsWithParams.HasKey(utils.MetaSTIRInitiate) { - attest := sS.cgrCfg.SessionSCfg().STIRDefaultAttest + attest := sS.cgrCfg.SessionSCfg().STIRCfg.DefaultAttest if uattest := ev.GetStringIgnoreErrors(utils.STIRATest); uattest != utils.EmptyString { attest = uattest } @@ -2994,12 +2995,12 @@ func (sS *SessionS) BiRPCv1ProcessEvent(clnt rpcclient.ClientConnector, ev.GetStringIgnoreErrors(utils.Account)), utils.EmptyString) } - pubkeyPath := utils.FirstNonEmpty(ev.GetStringIgnoreErrors(utils.STIRPublicKeyPath), sS.cgrCfg.SessionSCfg().STIRPublicKeyPath) - prvkeyPath := utils.FirstNonEmpty(ev.GetStringIgnoreErrors(utils.STIRPrivateKeyPath), sS.cgrCfg.SessionSCfg().STIRPrivateKeyPath) + pubkeyPath := utils.FirstNonEmpty(ev.GetStringIgnoreErrors(utils.STIRPublicKeyPath), sS.cgrCfg.SessionSCfg().STIRCfg.PublicKeyPath) + prvkeyPath := utils.FirstNonEmpty(ev.GetStringIgnoreErrors(utils.STIRPrivateKeyPath), sS.cgrCfg.SessionSCfg().STIRCfg.PrivateKeyPath) payload := utils.NewPASSporTPayload(attest, args.CGREvent.ID, *dest, *orig) header := utils.NewPASSporTHeader(pubkeyPath) - if rply.STIRIdentity, err = NewIdentity(header, payload, prvkeyPath, sS.cgrCfg.GeneralCfg().ReplyTimeout); err != nil { + if rply.STIRIdentity, err = NewSTIRIdentity(header, payload, prvkeyPath, sS.cgrCfg.GeneralCfg().ReplyTimeout); err != nil { return utils.NewSTIRError(err.Error()) } } @@ -3764,3 +3765,44 @@ func (sS *SessionS) BiRPCv1DisconnectPeer(clnt rpcclient.ClientConnector, *reply = utils.OK return nil } + +// BiRPCv1STIRAuthenticate the API for STIR checking +func (sS *SessionS) BiRPCv1STIRAuthenticate(clnt rpcclient.ClientConnector, + args *V1STIRAuthenticateArgs, reply *string) (err error) { + attest := sS.cgrCfg.SessionSCfg().STIRCfg.AllowedAttest + if len(args.Attest) != 0 { + attest = utils.NewStringSet(args.Attest) + } + stirMaxDur := sS.cgrCfg.SessionSCfg().STIRCfg.PayloadMaxduration + if args.PayloadMaxDuration != utils.EmptyString { + if stirMaxDur, err = utils.ParseDurationWithNanosecs(args.PayloadMaxDuration); err != nil { + return + } + } + if err = AuthStirShaken(args.Identity, args.OriginatorTn, args.OriginatorURI, + args.DestinationTn, args.DestinationURI, attest, stirMaxDur); err != nil { + return utils.NewSTIRError(err.Error()) + } + *reply = utils.OK + return +} + +// BiRPCv1STIRInitiate the API for STIR header creation +func (sS *SessionS) BiRPCv1STIRInitiate(clnt rpcclient.ClientConnector, + args *V1STIRInitiateArgs, identity *string) (err error) { + if args.Payload.ATTest == utils.EmptyString { + args.Payload.ATTest = sS.cgrCfg.SessionSCfg().STIRCfg.DefaultAttest + } + if args.OverwriteIAT { + args.Payload.IAT = time.Now().Unix() + } + if *identity, err = NewSTIRIdentity( + utils.NewPASSporTHeader(utils.FirstNonEmpty(args.PublicKeyPath, + sS.cgrCfg.SessionSCfg().STIRCfg.PublicKeyPath)), + args.Payload, utils.FirstNonEmpty(args.PrivateKeyPath, + sS.cgrCfg.SessionSCfg().STIRCfg.PrivateKeyPath), + sS.cgrCfg.GeneralCfg().ReplyTimeout); err != nil { + return utils.NewSTIRError(err.Error()) + } + return +} diff --git a/sessions/sessions_test.go b/sessions/sessions_test.go index 85fc89e63..7673f67a9 100644 --- a/sessions/sessions_test.go +++ b/sessions/sessions_test.go @@ -30,6 +30,7 @@ import ( "github.com/cgrates/cgrates/engine" "github.com/cgrates/cgrates/utils" "github.com/cgrates/rpcclient" + "github.com/dgrijalva/jwt-go" ) var attrs = &engine.AttrSProcessEventReply{ @@ -2208,3 +2209,99 @@ func TestSessionSfilterSessionsCount(t *testing.T) { t.Errorf("Expected %v , received: %s", 2, utils.ToJSON(noSess)) } } + +func TestBiRPCv1STIRAuthenticate(t *testing.T) { + sS := new(SessionS) + sS.cgrCfg = config.CgrConfig() + pubkeyBuf := []byte(`-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAESt8sEh55Yc579vLHjFRWVQO27p4Y +aa+jqv4dwkr/FLEcN1zC76Y/IniI65fId55hVJvN3ORuzUqYEtzD3irmsw== +-----END PUBLIC KEY----- +`) + pubKey, err := jwt.ParseECPublicKeyFromPEM(pubkeyBuf) + if err != nil { + t.Fatal(err) + } + engine.Cache.Set(utils.CacheSTIR, "https://www.example.org/cert.cer", pubKey, + nil, true, utils.NonTransactional) + var rply string + if err := sS.BiRPCv1STIRAuthenticate(nil, &V1STIRAuthenticateArgs{ + PayloadMaxDuration: "A", + }, &rply); err == nil { + t.Error("Expected error") + } + if err := sS.BiRPCv1STIRAuthenticate(nil, &V1STIRAuthenticateArgs{ + DestinationTn: "1003", + Identity: "eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cHM6Ly93d3cuZXhhbXBsZS5vcmcvY2VydC5jZXIifQ.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyIxMDAyIl19LCJpYXQiOjE1ODcwMTk4MjIsIm9yaWciOnsidG4iOiIxMDAxIn0sIm9yaWdpZCI6IjEyMzQ1NiJ9.4ybtWmgqdkNyJLS9Iv3PuJV8ZxR7yZ_NEBhCpKCEu2WBiTchqwoqoWpI17Q_ALm38tbnpay32t95ZY_LhSgwJg;info=;ppt=shaken", + OriginatorTn: "1001", + }, &rply); err == nil { + t.Error("Expected invalid identity") + } + + if err := sS.BiRPCv1STIRAuthenticate(nil, &V1STIRAuthenticateArgs{ + Attest: []string{"A"}, + PayloadMaxDuration: "-1", + DestinationTn: "1002", + Identity: "eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cHM6Ly93d3cuZXhhbXBsZS5vcmcvY2VydC5jZXIifQ.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyIxMDAyIl19LCJpYXQiOjE1ODcwMTk4MjIsIm9yaWciOnsidG4iOiIxMDAxIn0sIm9yaWdpZCI6IjEyMzQ1NiJ9.4ybtWmgqdkNyJLS9Iv3PuJV8ZxR7yZ_NEBhCpKCEu2WBiTchqwoqoWpI17Q_ALm38tbnpay32t95ZY_LhSgwJg;info=;ppt=shaken", + OriginatorTn: "1001", + }, &rply); err != nil { + t.Fatal(err) + } +} + +func TestBiRPCv1STIRInitiate(t *testing.T) { + sS := new(SessionS) + sS.cgrCfg = config.CgrConfig() + payload := &utils.PASSporTPayload{ + Dest: utils.PASSporTDestinationsIdentity{Tn: []string{"1002"}}, + IAT: 1587019822, + Orig: utils.PASSporTOriginsIdentity{Tn: "1001"}, + OrigID: "123456", + } + prvkeyBuf := []byte(`-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIBIx2HW6dYy5S4wlJUY1J8VxO1un8xr4SHQlT7/UFkktoAoGCCqGSM49 +AwEHoUQDQgAESt8sEh55Yc579vLHjFRWVQO27p4Yaa+jqv4dwkr/FLEcN1zC76Y/ +IniI65fId55hVJvN3ORuzUqYEtzD3irmsw== +-----END EC PRIVATE KEY----- +`) + prvKey, err := jwt.ParseECPrivateKeyFromPEM(prvkeyBuf) + if err != nil { + t.Fatal(err) + } + + pubkeyBuf := []byte(`-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAESt8sEh55Yc579vLHjFRWVQO27p4Y +aa+jqv4dwkr/FLEcN1zC76Y/IniI65fId55hVJvN3ORuzUqYEtzD3irmsw== +-----END PUBLIC KEY----- +`) + pubKey, err := jwt.ParseECPublicKeyFromPEM(pubkeyBuf) + if err != nil { + t.Fatal(err) + } + engine.Cache.Set(utils.CacheSTIR, "https://www.example.org/cert.cer", pubKey, + nil, true, utils.NonTransactional) + engine.Cache.Set(utils.CacheSTIR, "https://www.example.org/private.pem", nil, + nil, true, utils.NonTransactional) + + var rcv string + if err := sS.BiRPCv1STIRInitiate(nil, &V1STIRInitiateArgs{ + Payload: payload, + PublicKeyPath: "https://www.example.org/cert.cer", + PrivateKeyPath: "https://www.example.org/private.pem", + OverwriteIAT: true, + }, &rcv); err == nil { + t.Error("Expected error") + } + engine.Cache.Set(utils.CacheSTIR, "https://www.example.org/private.pem", prvKey, + nil, true, utils.NonTransactional) + if err := sS.BiRPCv1STIRInitiate(nil, &V1STIRInitiateArgs{ + Payload: payload, + PublicKeyPath: "https://www.example.org/cert.cer", + PrivateKeyPath: "https://www.example.org/private.pem", + OverwriteIAT: true, + }, &rcv); err != nil { + t.Error(err) + } else if err := AuthStirShaken(rcv, "1001", "", "1002", "", utils.NewStringSet([]string{utils.META_ANY}), -1); err != nil { + t.Fatal(err) + } +} diff --git a/utils/consts.go b/utils/consts.go index 3ee3be45b..42ef7761d 100755 --- a/utils/consts.go +++ b/utils/consts.go @@ -1371,6 +1371,8 @@ const ( SessionSv1ReAuthorize = "SessionSv1.ReAuthorize" SessionSv1DisconnectPeer = "SessionSv1.DisconnectPeer" SessionSv1DisconnectWarning = "SessionSv1.DisconnectWarning" + SessionSv1STIRAuthenticate = "SessionSv1.STIRAuthenticate" + SessionSv1STIRInitiate = "SessionSv1.STIRInitiate" ) // Responder APIs @@ -1767,29 +1769,34 @@ const ( // SessionSCfg const ( - ListenBijsonCfg = "listen_bijson" - RALsConnsCfg = "rals_conns" - ResSConnsCfg = "resources_conns" - ThreshSConnsCfg = "thresholds_conns" - SupplSConnsCfg = "suppliers_conns" - AttrSConnsCfg = "attributes_conns" - ReplicationConnsCfg = "replication_conns" - DebitIntervalCfg = "debit_interval" - StoreSCostsCfg = "store_session_costs" - MinCallDurationCfg = "min_call_duration" - MaxCallDurationCfg = "max_call_duration" - SessionTTLCfg = "session_ttl" - SessionTTLMaxDelayCfg = "session_ttl_max_delay" - SessionTTLLastUsedCfg = "session_ttl_last_used" - SessionTTLUsageCfg = "session_ttl_usage" - SessionIndexesCfg = "session_indexes" - ClientProtocolCfg = "client_protocol" - ChannelSyncIntervalCfg = "channel_sync_interval" - TerminateAttemptsCfg = "terminate_attempts" - AlterableFieldsCfg = "alterable_fields" - MinDurLowBalanceCfg = "min_dur_low_balance" - STIRAtestCfg = "stir_attest" - STIRPayloadMaxdurationCfg = "stir_payload_maxduration" + ListenBijsonCfg = "listen_bijson" + RALsConnsCfg = "rals_conns" + ResSConnsCfg = "resources_conns" + ThreshSConnsCfg = "thresholds_conns" + SupplSConnsCfg = "suppliers_conns" + AttrSConnsCfg = "attributes_conns" + ReplicationConnsCfg = "replication_conns" + DebitIntervalCfg = "debit_interval" + StoreSCostsCfg = "store_session_costs" + MinCallDurationCfg = "min_call_duration" + MaxCallDurationCfg = "max_call_duration" + SessionTTLCfg = "session_ttl" + SessionTTLMaxDelayCfg = "session_ttl_max_delay" + SessionTTLLastUsedCfg = "session_ttl_last_used" + SessionTTLUsageCfg = "session_ttl_usage" + SessionIndexesCfg = "session_indexes" + ClientProtocolCfg = "client_protocol" + ChannelSyncIntervalCfg = "channel_sync_interval" + TerminateAttemptsCfg = "terminate_attempts" + AlterableFieldsCfg = "alterable_fields" + MinDurLowBalanceCfg = "min_dur_low_balance" + STIRCfg = "stir" + + AllowedAtestCfg = "allowed_attest" + PayloadMaxdurationCfg = "payload_maxduration" + DefaultAttestCfg = "default_attest" + PublicKeyPathCfg = "publickey_path" + PrivateKeyPathCfg = "privatekey_path" ) // FsAgentCfg