merge staging (84c4ca4d) · Commits · OCF / capif

services/TS29222_CAPIF_API_Provider_Management_API/api_provider_management/core/provider_enrolment_details_api.py

+17 −0

Original line number	Original line	Diff line number	Diff line
	@@ -15,6 +15,17 @@ from ..core.sign_certificate import sign_certificate
	from ..util import dict_to_camel_case, clean_empty, serialize_clean_camel_case		from ..util import dict_to_camel_case, clean_empty, serialize_clean_camel_case


			TOTAL_FEATURES = 2
			SUPPORTED_FEATURES_HEX = "0"

			def return_negotiated_supp_feat_dict(supp_feat):
			final_supp_feat = bin(int(supp_feat, 16) & int(SUPPORTED_FEATURES_HEX, 16))[2:].zfill(TOTAL_FEATURES)[::-1]
			return {
			"PatchUpdate": True if final_supp_feat[0] == "1" else False,
			"RNAA": True if final_supp_feat[1] == "1" else False,
			"Final": hex(int(final_supp_feat[::-1], 2))[2:]
			}

	class ProviderManagementOperations(Resource):		class ProviderManagementOperations(Resource):

	def __check_api_provider_domain(self, api_prov_dom_id):		def __check_api_provider_domain(self, api_prov_dom_id):
	@@ -50,6 +61,9 @@ class ProviderManagementOperations(Resource):
	api_provider_enrolment_details.api_prov_dom_id = secrets.token_hex(		api_provider_enrolment_details.api_prov_dom_id = secrets.token_hex(
	15)		15)

			negotiated_supported_features = return_negotiated_supp_feat_dict(api_provider_enrolment_details.supp_feat)
			api_provider_enrolment_details.supp_feat = negotiated_supported_features["Final"]

	current_app.logger.debug("Generating certs to api prov funcs")		current_app.logger.debug("Generating certs to api prov funcs")

	for api_provider_func in api_provider_enrolment_details.api_prov_funcs:		for api_provider_func in api_provider_enrolment_details.api_prov_funcs:
	@@ -136,6 +150,9 @@ class ProviderManagementOperations(Resource):
	if isinstance(result, Response):		if isinstance(result, Response):
	return result		return result

			negotiated_supported_features = return_negotiated_supp_feat_dict(api_provider_enrolment_details.supp_feat)
			api_provider_enrolment_details.supp_feat = negotiated_supported_features["Final"]

	for func in api_provider_enrolment_details.api_prov_funcs:		for func in api_provider_enrolment_details.api_prov_funcs:
	if func.api_prov_func_id is None:		if func.api_prov_func_id is None:
	func.api_prov_func_id = func.api_prov_func_role + \		func.api_prov_func_id = func.api_prov_func_role + \

services/TS29222_CAPIF_Events_API/capif_events/core/events_apis.py

+55 −18

Original line number	Original line	Diff line number	Diff line
	@@ -11,6 +11,21 @@ from .responses import internal_server_error, not_found_error, make_response, ba
	from ..util import serialize_clean_camel_case, clean_empty, dict_to_camel_case		from ..util import serialize_clean_camel_case, clean_empty, dict_to_camel_case


			TOTAL_FEATURES = 4
			SUPPORTED_FEATURES_HEX = "c"

			def return_negotiated_supp_feat_dict(supp_feat):

			final_supp_feat = bin(int(supp_feat, 16) & int(SUPPORTED_FEATURES_HEX, 16))[2:].zfill(TOTAL_FEATURES)[::-1]

			return {
			"NotificationTestEvent": True if final_supp_feat[0] == "1" else False,
			"NotificationWebsocket": True if final_supp_feat[1] == "1" else False,
			"EnhancedEventReport": True if final_supp_feat[2] == "1" else False,
			"ApiStatusMonitoring": True if final_supp_feat[3] == "1" else False,
			"Final": hex(int(final_supp_feat[::-1], 2))[2:]
			}

	class EventSubscriptionsOperations(Resource):		class EventSubscriptionsOperations(Resource):

	def __check_subscriber_id(self, subscriber_id):		def __check_subscriber_id(self, subscriber_id):
	@@ -87,9 +102,10 @@ class EventSubscriptionsOperations(Resource):

	return result		return result

	# Check if EnhancedEventReport is enabled and validate event filters		negotiated_supported_features = return_negotiated_supp_feat_dict(event_subscription.supported_features)

	if EventSubscription.return_supp_feat_dict(event_subscription.supported_features)["EnhancedEventReport"]:		# Check if EnhancedEventReport is enabled and validate event filters
			if negotiated_supported_features["EnhancedEventReport"]:
	if event_subscription.event_filters:		if event_subscription.event_filters:
	current_app.logger.debug(event_subscription.event_filters)		current_app.logger.debug(event_subscription.event_filters)
	result = self.__check_event_filters(event_subscription.events, clean_empty(event_subscription.to_dict()["event_filters"]))		result = self.__check_event_filters(event_subscription.events, clean_empty(event_subscription.to_dict()["event_filters"]))
	@@ -109,6 +125,10 @@ class EventSubscriptionsOperations(Resource):
	evnt = dict()		evnt = dict()
	evnt["subscriber_id"] = subscriber_id		evnt["subscriber_id"] = subscriber_id
	evnt["subscription_id"] = subscription_id		evnt["subscription_id"] = subscription_id

			# Edit supported_features field to the negotiated one
			event_subscription.supported_features = negotiated_supported_features["Final"]

	evnt.update(event_subscription.to_dict())		evnt.update(event_subscription.to_dict())
	mycol.insert_one(evnt)		mycol.insert_one(evnt)

	@@ -178,18 +198,31 @@ class EventSubscriptionsOperations(Resource):
	if isinstance(result, Response):		if isinstance(result, Response):
	return result		return result

	if EventSubscription.return_supp_feat_dict(event_subscription.supported_features)["EnhancedEventReport"] and event_subscription.event_filters:
	result = self.__check_event_filters(event_subscription.events, clean_empty(event_subscription.to_dict()["event_filters"]))
	if isinstance(result, Response):
	return result

	my_query = {'subscriber_id': subscriber_id,		my_query = {'subscriber_id': subscriber_id,
	'subscription_id': subscription_id}		'subscription_id': subscription_id}
	eventdescription = mycol.find_one(my_query)		eventdescription = mycol.find_one(my_query)

	if eventdescription is None:		if eventdescription is None:
	current_app.logger.error("Event subscription not found")		current_app.logger.error("Event subscription not found")
	return not_found_error(detail="Event subscription not exist", cause="Event API subscription id not found")		return not_found_error(detail="Event subscription not exist",
			cause="Event API subscription id not found")

			negotiated_supported_features = return_negotiated_supp_feat_dict(event_subscription.supported_features)

			if negotiated_supported_features["EnhancedEventReport"] and event_subscription.event_filters:
			result = self.__check_event_filters(event_subscription.events, clean_empty(event_subscription.to_dict()["event_filters"]))
			if isinstance(result, Response):
			return result
			elif (not negotiated_supported_features["EnhancedEventReport"]) and event_subscription.event_filters:
			current_app.logger.error("Event filters provided but EnhancedEventReport is not enabled")
			return bad_request_error(
			detail="Bad Param",
			cause="Event filters provided but EnhancedEventReport is not enabled",
			invalid_params=[{"param": "eventFilters", "reason": "EnhancedEventReport is not enabled"}]
			)

			event_subscription.supported_features = negotiated_supported_features["Final"]

	body = event_subscription.to_dict()		body = event_subscription.to_dict()

	body["subscriber_id"] = subscriber_id		body["subscriber_id"] = subscriber_id
	@@ -228,7 +261,9 @@ class EventSubscriptionsOperations(Resource):
	current_app.logger.error("Event subscription not found")		current_app.logger.error("Event subscription not found")
	return not_found_error(detail="Event subscription not exist", cause="Event API subscription id not found")		return not_found_error(detail="Event subscription not exist", cause="Event API subscription id not found")

	if EventSubscription.return_supp_feat_dict(eventdescription.get("supported_features"))["EnhancedEventReport"]:		negotiated_supported_features = return_negotiated_supp_feat_dict(eventdescription.get("supported_features"))

			if negotiated_supported_features["EnhancedEventReport"]:
	if event_subscription.events and event_subscription.event_filters:		if event_subscription.events and event_subscription.event_filters:
	result = self.__check_event_filters(event_subscription.events, clean_empty(event_subscription.to_dict()["event_filters"]))		result = self.__check_event_filters(event_subscription.events, clean_empty(event_subscription.to_dict()["event_filters"]))
	elif event_subscription.events and event_subscription.event_filters is None and eventdescription.get("event_filters", None):		elif event_subscription.events and event_subscription.event_filters is None and eventdescription.get("event_filters", None):
	@@ -239,6 +274,8 @@ class EventSubscriptionsOperations(Resource):
	if isinstance(result, Response):		if isinstance(result, Response):
	return result		return result

			event_subscription.supported_features = negotiated_supported_features["Final"]

	body = clean_empty(event_subscription.to_dict())		body = clean_empty(event_subscription.to_dict())
	document = mycol.update_one(my_query, {"$set":body})		document = mycol.update_one(my_query, {"$set":body})
	document = mycol.find_one(my_query)		document = mycol.find_one(my_query)

services/TS29222_CAPIF_Events_API/capif_events/core/notifications.py

+17 −3

Original line number	Original line	Diff line number	Diff line
	@@ -13,6 +13,20 @@ from util import serialize_clean_camel_case

	from .internal_event_ops import InternalEventOperations		from .internal_event_ops import InternalEventOperations

			TOTAL_FEATURES = 4
			SUPPORTED_FEATURES_HEX = "c"

			def return_negotiated_supp_feat_dict(supp_feat):

			final_supp_feat = bin(int(supp_feat, 16) & int(SUPPORTED_FEATURES_HEX, 16))[2:].zfill(TOTAL_FEATURES)[::-1]

			return {
			"NotificationTestEvent": True if final_supp_feat[0] == "1" else False,
			"NotificationWebsocket": True if final_supp_feat[1] == "1" else False,
			"EnhancedEventReport": True if final_supp_feat[2] == "1" else False,
			"ApiStatusMonitoring": True if final_supp_feat[3] == "1" else False,
			"Final": hex(int(final_supp_feat[::-1], 2))[2:]
			}

	class Notifications():		class Notifications():

	@@ -36,7 +50,7 @@ class Notifications():
	data = EventNotification(sub["subscription_id"], events=event)		data = EventNotification(sub["subscription_id"], events=event)
	event_detail_redis=redis_event.get('event_detail', None)		event_detail_redis=redis_event.get('event_detail', None)
	if event_detail_redis is not None:		if event_detail_redis is not None:
	if EventSubscription.return_supp_feat_dict(sub["supported_features"])["EnhancedEventReport"]:		if return_negotiated_supp_feat_dict(sub["supported_features"])["EnhancedEventReport"]:
	event_detail={}		event_detail={}
	current_app.logger.debug(f"event: {event_detail_redis}")		current_app.logger.debug(f"event: {event_detail_redis}")

	@@ -54,13 +68,13 @@ class Notifications():
	api_ids_list = event_filter.get("api_ids", None)		api_ids_list = event_filter.get("api_ids", None)
	if api_ids_list and event_detail_redis.get('apiIds', None)[0] in api_ids_list:		if api_ids_list and event_detail_redis.get('apiIds', None)[0] in api_ids_list:
	event_detail["apiIds"]=event_detail_redis.get('apiIds', None)		event_detail["apiIds"]=event_detail_redis.get('apiIds', None)
	if EventSubscription.return_supp_feat_dict(sub["supported_features"])["ApiStatusMonitoring"]:		if return_negotiated_supp_feat_dict(sub["supported_features"])["ApiStatusMonitoring"]:
	event_detail["serviceAPIDescriptions"]=event_detail_redis.get('serviceAPIDescriptions', None)		event_detail["serviceAPIDescriptions"]=event_detail_redis.get('serviceAPIDescriptions', None)
	else:		else:
	continue		continue
	else:		else:
	event_detail["apiIds"]=event_detail_redis.get('apiIds', None)		event_detail["apiIds"]=event_detail_redis.get('apiIds', None)
	if EventSubscription.return_supp_feat_dict(sub["supported_features"])["ApiStatusMonitoring"]:		if return_negotiated_supp_feat_dict(sub["supported_features"])["ApiStatusMonitoring"]:
	event_detail["serviceAPIDescriptions"]=event_detail_redis.get('serviceAPIDescriptions', None)		event_detail["serviceAPIDescriptions"]=event_detail_redis.get('serviceAPIDescriptions', None)
	elif event in ["SERVICE_API_UPDATE"]:		elif event in ["SERVICE_API_UPDATE"]:
	if event_filter:		if event_filter:

services/TS29222_CAPIF_Events_API/capif_events/models/event_subscription.py

+1 −13

Original line number	Original line	Diff line number	Diff line
	@@ -68,18 +68,6 @@ class EventSubscription(Model):
	self._websock_notif_config = websock_notif_config		self._websock_notif_config = websock_notif_config
	self._supported_features = supported_features		self._supported_features = supported_features

	@classmethod
	def return_supp_feat_dict(cls, supp_feat):
	TOTAL_FEATURES=4
	supp_feat_in_hex = int(supp_feat, 16)
	supp_feat_in_bin = bin(supp_feat_in_hex)[2:].zfill(TOTAL_FEATURES)[::-1]

	return {
	"NotificationTestEvent": True if supp_feat_in_bin[0] == "1" else False,
	"NotificationWebsocket": True if supp_feat_in_bin[1] == "1" else False,
	"EnhancedEventReport": True if supp_feat_in_bin[2] == "1" else False,
	"ApiStatusMonitoring": True if supp_feat_in_bin[3] == "1" else False
	}

	@classmethod		@classmethod
	def from_dict(cls, dikt) -> 'EventSubscription':		def from_dict(cls, dikt) -> 'EventSubscription':

services/TS29222_CAPIF_Security_API/capif_security/core/servicesecurity.py

+76 −6

Original line number	Original line	Diff line number	Diff line
	@@ -105,13 +105,67 @@ class SecurityOperations(Resource):
	current_app.logger.error("Not found security context")		current_app.logger.error("Not found security context")
	return not_found_error(detail=security_context_not_found_detail, cause=api_invoker_no_context_cause)		return not_found_error(detail=security_context_not_found_detail, cause=api_invoker_no_context_cause)

	if not authentication_info:
	for security_info_obj in services_security_object['security_info']:		for security_info_obj in services_security_object['security_info']:
			if security_info_obj.get('sel_security_method') == "PKI":
			current_app.logger.debug("PKI security method selected")
			if authentication_info:
			# Read the CA certificate from the file
			with open("/usr/src/app/capif_security/ca.crt", "rb") as key_file:
			key_data = key_file.read()
			# Decode the certificate to a string
			key_data = key_data.decode('utf-8')
			# Add the CA certificate to the authentication_info
			security_info_obj['authentication_info'] = key_data
			else:
			# If authentication_info is not needed, remove the key_data
	del security_info_obj['authentication_info']		del security_info_obj['authentication_info']
	if not authorization_info:
	for security_info_obj in services_security_object['security_info']:		if authorization_info:
			security_info_obj['authorization_info'] = security_info_obj.get('authorization_info', "")
			else:
			# If authorization_info is not needed, remove the key_data
	del security_info_obj['authorization_info']		del security_info_obj['authorization_info']

			elif security_info_obj.get('sel_security_method') == "PSK":
			current_app.logger.debug("PSK security method selected")
			if authentication_info:
			# Read the PSK from the file -> TODO
			with open("/usr/src/app/capif_security/ca.crt", "rb") as key_file:
			key_data = key_file.read()
			# Decode the PSK to a string
			key_data = key_data.decode('utf-8')
			# Add the PSK to the authentication_info
			security_info_obj['authentication_info'] = key_data
			else:
			# If authentication_info is not needed, remove the key_data
			del security_info_obj['authentication_info']

			if authorization_info:
			security_info_obj['authorization_info'] = security_info_obj.get('authorization_info', "UNDER DEVELOPMENT")
			else:
			# If authorization_info is not needed, remove the key_data
			del security_info_obj['authorization_info']

			elif security_info_obj.get('sel_security_method') == "OAUTH":
			current_app.logger.debug("OAUTH security method selected, this request is not needed")

			if authentication_info:
			security_info_obj['authentication_info'] = security_info_obj.get('authentication_info', "")
			else:
			# If authentication_info is not needed, remove the key_data
			del security_info_obj['authentication_info']

			if authorization_info:
			security_info_obj['authorization_info'] = security_info_obj.get('authorization_info', "")
			else:
			# If authorization_info is not needed, remove the key_data
			del security_info_obj['authorization_info']

			else:
			current_app.logger.error("Bad format security method")
			return bad_request_error(detail="Bad format security method", cause="Bad format security method", invalid_params=[{"param": "securityMethod", "reason": "Bad format security method"}])


	properyly_json = json.dumps(		properyly_json = json.dumps(
	services_security_object, default=json_util.default)		services_security_object, default=json_util.default)
	my_service_security = dict_to_camel_case(		my_service_security = dict_to_camel_case(
	@@ -176,6 +230,22 @@ class SecurityOperations(Resource):
	return not_found_error(detail=f"Service with interfaceDescription {json.dumps(clean_empty(service_instance.interface_details.to_dict()))} not found", cause="Not found Service")		return not_found_error(detail=f"Service with interfaceDescription {json.dumps(clean_empty(service_instance.interface_details.to_dict()))} not found", cause="Not found Service")

	# We obtain the interface security methods		# We obtain the interface security methods
			# We need to go deeper here, because the interface description is an array
			# and we need to find the correct one according to preferred security method by invoker,
			# maybe Published API contains more than one interface description, and each one is related
			# with a different security method, then we need to get a complete list (interface and related security methods)
			# amd then we need to check if the preferred security method is compatible with the interface description
			# also the security methods inside interface description is not mandatory, in that case we use aefProfile.securityMethods
			# an also that aefProfile.securityMethods is not mandatory, only in cases described on TS 29222 - 8.2.4.2.4 Type: AefProfile -
			#
			# NOTE4:
			# For AEFs defined by 3GPP interacting with API invokers via CAPIF-2e, at least one of the "securityMethods" attribute
			# within this data type or the "securityMethods" attribute within the "interfaceDescriptions" attribute shall be present.
			# For AEFs defined by 3GPP interacting with API invokers via CAPIF-2, the "securityMethods" attribute is optional.
			# For AEFs not defined by 3GPP, the "securityMethods" attribute is optional.
			#
			# To achieve this, we need to setup at config which domains or IPs are CAPIF-2e or CAPIF-2, and then we need to check if the domain or IP of the service is in the list.

	security_methods = aef_profile["aef_profiles"][0]["interface_descriptions"][0]["security_methods"]		security_methods = aef_profile["aef_profiles"][0]["interface_descriptions"][0]["security_methods"]

	current_app.logger.debug("Interface security methods: " + str(security_methods))		current_app.logger.debug("Interface security methods: " + str(security_methods))