Fixed PSK security method (e49086f1) · Commits · OCF / capif

services/TS29222_CAPIF_Security_API/capif_security/core/servicesecurity.py

+23 −19

Original line number	Original line	Diff line number	Diff line
	@@ -103,6 +103,7 @@ class SecurityOperations(Resource):
	## Derive the PSK using the provided master key, session ID, and interface information		## Derive the PSK using the provided master key, session ID, and interface information

	# Interface information		# Interface information
			if isinstance(interface, dict):
	host = None		host = None
	if 'fqdn' in interface:		if 'fqdn' in interface:
	host = interface['fqdn']		host = interface['fqdn']
	@@ -119,6 +120,9 @@ class SecurityOperations(Resource):
	if port and port != 443:		if port and port != 443:
	interface_info += f":{port}"		interface_info += f":{port}"
	interface_info += api_prefix		interface_info += api_prefix
			else:
			interface_info = interface


	# Normalize the strings to NFKC form		# Normalize the strings to NFKC form
	p0_string = unicodedata.normalize("NFKC", interface_info).encode("utf-8")		p0_string = unicodedata.normalize("NFKC", interface_info).encode("utf-8")
	@@ -389,7 +393,7 @@ class SecurityOperations(Resource):

	# Keep track if profile supports PSK		# Keep track if profile supports PSK
	if psk_interface is None and "PSK" in profile_methods:		if psk_interface is None and "PSK" in profile_methods:
	psk_interface = aefProfile.domain_name		psk_interface = aefProfile.get("domain_name")

	else:		else:
	current_app.logger.debug("AEF profile has no security methods defined (no interfaces either).")		current_app.logger.debug("AEF profile has no security methods defined (no interfaces either).")
	@@ -688,7 +692,7 @@ class SecurityOperations(Resource):

	# Keep track if profile supports PSK		# Keep track if profile supports PSK
	if psk_interface is None and "PSK" in profile_methods:		if psk_interface is None and "PSK" in profile_methods:
	psk_interface = aefProfile.domain_name		psk_interface = aefProfile.get("domain_name")

	else:		else:
	current_app.logger.debug("AEF profile has no security methods defined (no interfaces either).")		current_app.logger.debug("AEF profile has no security methods defined (no interfaces either).")

services/nginx/nginx.conf

+1 −0

Original line number	Original line	Diff line number	Diff line
	@@ -70,6 +70,7 @@ http {
	ssl_client_certificate /etc/nginx/certs/ca.crt;		ssl_client_certificate /etc/nginx/certs/ca.crt;
	ssl_verify_client optional;		ssl_verify_client optional;
	ssl_verify_depth 2;		ssl_verify_depth 2;
			ssl_session_tickets off;

	location / {		location / {
	proxy_pass $scheme://$http_host/api-invoker-management/v1/ui/;		proxy_pass $scheme://$http_host/api-invoker-management/v1/ui/;