Fixed cre4ate security context for PSK (1441d782) · Commits · OCF / capif

services/TS29222_CAPIF_Security_API/capif_security/core/servicesecurity.py

+20 −21

Original line number	Original line	Diff line number	Diff line
	@@ -268,6 +268,9 @@ class SecurityOperations(Resource):
	service_security.supported_features = negotiated["Final"]		service_security.supported_features = negotiated["Final"]

	for service_instance in service_security.security_info:		for service_instance in service_security.security_info:

			psk_interface = None

	if service_instance.interface_details is not None:		if service_instance.interface_details is not None:

	# We look for if the passed interface exists for the given apiId		# We look for if the passed interface exists for the given apiId
	@@ -331,6 +334,8 @@ class SecurityOperations(Resource):
	current_app.logger.debug("No interfaces found in AEF profile.")		current_app.logger.debug("No interfaces found in AEF profile.")
	return not_found_error(detail=f"Service with interfaceDescription {json.dumps(clean_empty(service_instance.interface_details.to_dict()))} not found", cause="Not found Service")		return not_found_error(detail=f"Service with interfaceDescription {json.dumps(clean_empty(service_instance.interface_details.to_dict()))} not found", cause="Not found Service")

			psk_interface = service_instance.interface_details.to_dict()

	current_app.logger.debug("Valid security methods: " + str(valid_security_methods))		current_app.logger.debug("Valid security methods: " + str(valid_security_methods))

	pref_security_methods = service_instance.pref_security_methods		pref_security_methods = service_instance.pref_security_methods
	@@ -371,12 +376,21 @@ class SecurityOperations(Resource):
	else:		else:
	current_app.logger.debug("Interface has no security methods and profile has none to inherit.")		current_app.logger.debug("Interface has no security methods and profile has none to inherit.")

			# Keep track if any interface supports PSK
			if psk_interface is None and "PSK" in interface_methods:
			psk_interface = interface

	# After processing all interfaces, use the combined set		# After processing all interfaces, use the combined set
	valid_security_methods.update(interface_methods)		valid_security_methods.update(interface_methods)
	else:		else:
	# No interfaces: use the profile's security methods directly		# No interfaces: use the profile's security methods directly
	if profile_methods:		if profile_methods:
	valid_security_methods.update(profile_methods)		valid_security_methods.update(profile_methods)

			# Keep track if profile supports PSK
			if psk_interface is None and "PSK" in profile_methods:
			psk_interface = aefProfile.domain_name

	else:		else:
	current_app.logger.debug("AEF profile has no security methods defined (no interfaces either).")		current_app.logger.debug("AEF profile has no security methods defined (no interfaces either).")

	@@ -413,29 +427,14 @@ class SecurityOperations(Resource):
	Mkey = request.headers.get('X-TLS-MKey', 'N/A')		Mkey = request.headers.get('X-TLS-MKey', 'N/A')
	current_app.logger.info(f"TLS Protocol: {request.headers.get('X-TLS-Protocol', 'N/A')}, Session id: {sesionId}, Master Key: {Mkey}")		current_app.logger.info(f"TLS Protocol: {request.headers.get('X-TLS-Protocol', 'N/A')}, Session id: {sesionId}, Master Key: {Mkey}")

	interface = None		if psk_interface:
	if service_instance.interface_details:
	current_app.logger.debug("Interface details found")
	interface = service_instance.interface_details.to_dict()

	else:
	current_app.logger.error("Interface details not found")
	services_security_object = capif_service_col.find_one(
	{"api_id": service_instance.api_id}, {"aef_profiles": {"$elemMatch": {"aef_id": service_instance.aef_id}}, "_id": 0})
	current_app.logger.debug("Aef profile: " + str(services_security_object["aef_profiles"][0]))
	if "interface_descriptions" in services_security_object["aef_profiles"][0]:
	current_app.logger.debug("Aef profile: " + str(services_security_object["aef_profiles"][0]["interface_descriptions"]))
	interface = services_security_object["aef_profiles"][0]["interface_descriptions"][0]
	elif "domain_name" in services_security_object["aef_profiles"][0]:
	current_app.logger.debug("Aef profile: " + str(services_security_object["aef_profiles"][0]["domain_name"]))
	interface = services_security_object["aef_profiles"][0]["domain_name"]

	if interface:
	current_app.logger.debug("Deriving PSK")		current_app.logger.debug("Deriving PSK")
	psk = self.__derive_psk(Mkey, sesionId, interface)		psk = self.__derive_psk(Mkey, sesionId, psk_interface)
	current_app.logger.debug("PSK derived : " + str(psk))		current_app.logger.debug("PSK derived : " + str(psk))

	service_instance.authorization_info = str(psk)		service_instance.authorization_info = str(psk)
			else:
			current_app.logger.error("No interface information available to derive PSK")

	# Send service instance to ACL		# Send service instance to ACL
	current_app.logger.debug("Sending message to create ACL")		current_app.logger.debug("Sending message to create ACL")