From 2476a00fe95a2fa8dcc4f708102cdff6b66968c9 Mon Sep 17 00:00:00 2001 From: Pelayo Torres Date: Tue, 4 Mar 2025 12:03:44 +0100 Subject: [PATCH 1/3] check API with interface details --- .../capif_security/core/servicesecurity.py | 66 +++++++++++++++++-- 1 file changed, 60 insertions(+), 6 deletions(-) diff --git a/services/TS29222_CAPIF_Security_API/capif_security/core/servicesecurity.py b/services/TS29222_CAPIF_Security_API/capif_security/core/servicesecurity.py index 916b2861..06fafd11 100644 --- a/services/TS29222_CAPIF_Security_API/capif_security/core/servicesecurity.py +++ b/services/TS29222_CAPIF_Security_API/capif_security/core/servicesecurity.py @@ -155,7 +155,31 @@ class SecurityOperations(Resource): for service_instance in service_security.security_info: if service_instance.interface_details is not None: - security_methods = service_instance.interface_details.security_methods + + # We look for if the passed interface exists for the given apiId + capif_service_col = self.db.get_col_by_name( + self.db.capif_service_col) + + aef_profile = capif_service_col.find_one( + {"api_id": service_instance.api_id, + "aef_profiles.interface_descriptions":{ + "$elemMatch": service_instance.interface_details.to_dict() + } + }, + {"aef_profiles.interface_descriptions.$": 1, "_id": 0}) + + current_app.logger.debug("Aef profile: " + str(aef_profile)) + + if aef_profile is None: + current_app.logger.error( + "Not found service with this interface description: " + json.dumps(clean_empty(service_instance.interface_details.to_dict()))) + return not_found_error(detail=f"Service with interfaceDescription {json.dumps(clean_empty(service_instance.interface_details.to_dict()))} not found", cause="Not found Service") + + # We obtain the interface security methods + security_methods = aef_profile["aef_profiles"][0]["interface_descriptions"][0]["security_methods"] + + current_app.logger.debug("Interface security methods: " + str(security_methods)) + pref_security_methods = service_instance.pref_security_methods valid_security_method = set( security_methods) & set(pref_security_methods) @@ -319,12 +343,35 @@ class SecurityOperations(Resource): for service_instance in service_security.security_info: if service_instance.interface_details is not None: - security_methods = service_instance.interface_details.security_methods + + # We look for if the passed interface exists for the given apiId + capif_service_col = self.db.get_col_by_name( + self.db.capif_service_col) + + aef_profile = capif_service_col.find_one( + {"api_id": service_instance.api_id, + "aef_profiles.interface_descriptions":{ + "$elemMatch": service_instance.interface_details.to_dict() + } + }, + {"aef_profiles.interface_descriptions.$": 1, "_id": 0}) + + current_app.logger.debug("Aef profile: " + str(aef_profile)) + + if aef_profile is None: + current_app.logger.error( + "Not found service with this interface description: " + json.dumps(clean_empty(service_instance.interface_details.to_dict()))) + return not_found_error(detail=f"Service with interfaceDescription {json.dumps(clean_empty(service_instance.interface_details.to_dict()))} not found", cause="Not found Service") + + # We obtain the interface security methods + security_methods = aef_profile["aef_profiles"][0]["interface_descriptions"][0]["security_methods"] + + current_app.logger.debug("Interface security methods: " + str(security_methods)) + pref_security_methods = service_instance.pref_security_methods valid_security_method = set( security_methods) & set(pref_security_methods) - service_instance.sel_security_method = list( - valid_security_method)[0] + else: capif_service_col = self.db.get_col_by_name( self.db.capif_service_col) @@ -341,9 +388,16 @@ class SecurityOperations(Resource): for security_method in array_methods["security_methods"]] valid_security_method = set( valid_security_methods) & set(pref_security_methods) - service_instance.sel_security_method = list( + + + if len(list(valid_security_method)) == 0: + current_app.logger.error( + "Not found comptaible security method with pref security method") + return bad_request_error(detail="Not found compatible security method with pref security method", cause="Error pref security method", invalid_params=[{"param": "prefSecurityMethods", "reason": "pref security method not compatible with security method available"}]) + + service_instance.sel_security_method = list( valid_security_method)[0] - + service_security = service_security.to_dict() service_security = clean_empty(service_security) -- GitLab From ac1446b806fb402a1d876c7c76a027314cfb94e2 Mon Sep 17 00:00:00 2001 From: Jorge Moratinos Salcines Date: Wed, 26 Mar 2025 16:11:21 +0100 Subject: [PATCH 2/3] Test updated according to new logic. Now tests that create a security context must send valid aef_id and api_id, because now serivce API existence is checked by interfaceDescription or aef_id and api_id --- .../capif_security_api.robot | 272 +++++++++++++++--- tests/libraries/security_api/bodyRequests.py | 107 ++++++- 2 files changed, 331 insertions(+), 48 deletions(-) diff --git a/tests/features/CAPIF Security Api/capif_security_api.robot b/tests/features/CAPIF Security Api/capif_security_api.robot index 85b26ee3..8d511765 100644 --- a/tests/features/CAPIF Security Api/capif_security_api.robot +++ b/tests/features/CAPIF Security Api/capif_security_api.robot @@ -14,6 +14,7 @@ Test Teardown Reset Testing Environment ${APF_ID_NOT_VALID} apf-example ${SERVICE_API_ID_NOT_VALID} not-valid ${API_INVOKER_NOT_VALID} not-valid +${AEF_ID_NOT_VALID} not-valid *** Test Cases *** @@ -22,8 +23,22 @@ Create a security context for an API invoker # Default Invoker Registration and Onboarding ${register_user_info_invoker} ${url} ${request_body}= Invoker Default Onboarding + # Register Provider + ${register_user_info_provider}= Provider Default Registration + + # Publish Service API + ${service_api_description_published_1} ${resource_url} ${request_body}= Publish Service Api + ... ${register_user_info_provider} + ... service_1 + + # Store apiId1 + ${service_api_id_1}= Set Variable ${service_api_description_published_1['apiId']} + # Create Security Context - ${request_body}= Create Service Security Body ${NOTIFICATION_DESTINATION_URL} + ${request_body}= Create Service Security Default Body + ... ${NOTIFICATION_DESTINATION_URL} + ... aef_id=${register_user_info_provider['aef_id']} + ... api_id=${service_api_id_1} ${resp}= Put Request Capif ... /capif-security/v1/trustedInvokers/${register_user_info_invoker['api_invoker_id']} ... json=${request_body} @@ -41,10 +56,21 @@ Create a security context for an API invoker with Provider role ${register_user_info_invoker} ${url} ${request_body}= Invoker Default Onboarding # Register Provider - ${register_user_info_publisher}= Provider Default Registration + ${register_user_info_provider}= Provider Default Registration + + # Publish Service API + ${service_api_description_published_1} ${resource_url} ${request_body}= Publish Service Api + ... ${register_user_info_provider} + ... service_1 + + # Store apiId1 + ${service_api_id_1}= Set Variable ${service_api_description_published_1['apiId']} # Create Security Context - ${request_body}= Create Service Security Body ${NOTIFICATION_DESTINATION_URL} + ${request_body}= Create Service Security Default Body + ... ${NOTIFICATION_DESTINATION_URL} + ... aef_id=${register_user_info_provider['aef_id']} + ... api_id=${service_api_id_1} ${resp}= Put Request Capif ... /capif-security/v1/trustedInvokers/${register_user_info_invoker['api_invoker_id']} ... json=${request_body} @@ -62,10 +88,21 @@ Create a security context for an API invoker with Provider role Create a security context for an API invoker with Provider entity role and invalid apiInvokerId [Tags] capif_security_api-3 # Register APF - ${register_user_info_publisher}= Provider Default Registration + ${register_user_info_provider}= Provider Default Registration + + # Publish Service API + ${service_api_description_published_1} ${resource_url} ${request_body}= Publish Service Api + ... ${register_user_info_provider} + ... service_1 + + # Store apiId1 + ${service_api_id_1}= Set Variable ${service_api_description_published_1['apiId']} # Create Security Context - ${request_body}= Create Service Security Body ${NOTIFICATION_DESTINATION_URL} + ${request_body}= Create Service Security Default Body + ... ${NOTIFICATION_DESTINATION_URL} + ... aef_id=${register_user_info_provider['aef_id']} + ... api_id=${service_api_id_1} ${resp}= Put Request Capif ... /capif-security/v1/trustedInvokers/${API_INVOKER_NOT_VALID} ... json=${request_body} @@ -85,7 +122,22 @@ Create a security context for an API invoker with Invalid apiInvokerID # Default Invoker Registration and Onboarding ${register_user_info_invoker} ${url} ${request_body}= Invoker Default Onboarding - ${request_body}= Create Service Security Body ${NOTIFICATION_DESTINATION_URL} + # Register APF + ${register_user_info_provider}= Provider Default Registration + + # Publish Service API + ${service_api_description_published_1} ${resource_url} ${request_body}= Publish Service Api + ... ${register_user_info_provider} + ... service_1 + + # Store apiId1 + ${service_api_id_1}= Set Variable ${service_api_description_published_1['apiId']} + + # Create Security Context + ${request_body}= Create Service Security Default Body + ... ${NOTIFICATION_DESTINATION_URL} + ... aef_id=${register_user_info_provider['aef_id']} + ... api_id=${service_api_id_1} ${resp}= Put Request Capif ... /capif-security/v1/trustedInvokers/${API_INVOKER_NOT_VALID} ... json=${request_body} @@ -101,11 +153,28 @@ Create a security context for an API invoker with Invalid apiInvokerID ... cause=API Invoker not exists or invalid ID Retrieve the Security Context of an API Invoker - [Tags] capif_security_api-5 smoke + [Tags] capif_security_api-5 smoke # Default Invoker Registration and Onboarding ${register_user_info_invoker} ${url} ${request_body}= Invoker Default Onboarding - ${request_body}= Create Service Security Body ${NOTIFICATION_DESTINATION_URL} + # Register Provider + ${register_user_info_provider}= Provider Default Registration + + # Publish Service API + ${service_api_description_published_1} ${resource_url} ${request_body}= Publish Service Api + ... ${register_user_info_provider} + ... service_1 + + # Store apiId1 + ${service_api_id_1}= Set Variable ${service_api_description_published_1['apiId']} + + # Create Security Context + ${request_body}= Create Service Security Default Body + ... ${NOTIFICATION_DESTINATION_URL} + ... aef_id=${register_user_info_provider['aef_id']} + ... api_id=${service_api_id_1} + ... authentication_info=authenticationInfo + ... authorization_info=authorizationInfo ${resp}= Put Request Capif ... /capif-security/v1/trustedInvokers/${register_user_info_invoker['api_invoker_id']} ... json=${request_body} @@ -118,9 +187,6 @@ Retrieve the Security Context of an API Invoker ${service_security_context}= Set Variable ${resp.json()} - # Register APF - ${register_user_info_publisher}= Provider Default Registration - # Retrieve Security context can setup by parameters if authenticationInfo and authorizationInfo are needed at response. # ... /capif-security/v1/trustedInvokers/${register_user_info_invoker['api_invoker_id']}?authenticationInfo=true&authorizationInfo=true ${resp}= Get Request Capif @@ -161,7 +227,22 @@ Retrieve the Security Context of an API Invoker with invalid apfId # Default Invoker Registration and Onboarding ${register_user_info_invoker} ${url} ${request_body}= Invoker Default Onboarding - ${request_body}= Create Service Security Body ${NOTIFICATION_DESTINATION_URL} + # Register Provider + ${register_user_info_provider}= Provider Default Registration + + # Publish Service API + ${service_api_description_published_1} ${resource_url} ${request_body}= Publish Service Api + ... ${register_user_info_provider} + ... service_1 + + # Store apiId1 + ${service_api_id_1}= Set Variable ${service_api_description_published_1['apiId']} + + # Create Security Context + ${request_body}= Create Service Security Default Body + ... ${NOTIFICATION_DESTINATION_URL} + ... aef_id=${register_user_info_provider['aef_id']} + ... api_id=${service_api_id_1} ${resp}= Put Request Capif ... /capif-security/v1/trustedInvokers/${register_user_info_invoker['api_invoker_id']} ... json=${request_body} @@ -186,11 +267,26 @@ Retrieve the Security Context of an API Invoker with invalid apfId ... cause=User role must be aef Delete the Security Context of an API Invoker - [Tags] capif_security_api-8 smoke + [Tags] capif_security_api-8 smoke # Default Invoker Registration and Onboarding ${register_user_info_invoker} ${url} ${request_body}= Invoker Default Onboarding - ${request_body}= Create Service Security Body ${NOTIFICATION_DESTINATION_URL} + # Register Provider + ${register_user_info_provider}= Provider Default Registration + + # Publish Service API + ${service_api_description_published_1} ${resource_url} ${request_body}= Publish Service Api + ... ${register_user_info_provider} + ... service_1 + + # Store apiId1 + ${service_api_id_1}= Set Variable ${service_api_description_published_1['apiId']} + + # Create Security Context + ${request_body}= Create Service Security Default Body + ... ${NOTIFICATION_DESTINATION_URL} + ... aef_id=${register_user_info_provider['aef_id']} + ... api_id=${service_api_id_1} ${resp}= Put Request Capif ... /capif-security/v1/trustedInvokers/${register_user_info_invoker['api_invoker_id']} ... json=${request_body} @@ -200,9 +296,6 @@ Delete the Security Context of an API Invoker Check Response Variable Type And Values ${resp} 201 ServiceSecurity - # Register APF - ${register_user_info_publisher}= Provider Default Registration - # Remove Security Context ${resp}= Delete Request Capif ... /capif-security/v1/trustedInvokers/${register_user_info_invoker['api_invoker_id']} @@ -230,7 +323,22 @@ Delete the Security Context of an API Invoker with Invoker entity role # Default Invoker Registration and Onboarding ${register_user_info_invoker} ${url} ${request_body}= Invoker Default Onboarding - ${request_body}= Create Service Security Body ${NOTIFICATION_DESTINATION_URL} + # Register Provider + ${register_user_info_provider}= Provider Default Registration + + # Publish Service API + ${service_api_description_published_1} ${resource_url} ${request_body}= Publish Service Api + ... ${register_user_info_provider} + ... service_1 + + # Store apiId1 + ${service_api_id_1}= Set Variable ${service_api_description_published_1['apiId']} + + # Create Security Context + ${request_body}= Create Service Security Default Body + ... ${NOTIFICATION_DESTINATION_URL} + ... aef_id=${register_user_info_provider['aef_id']} + ... api_id=${service_api_id_1} ${resp}= Put Request Capif ... /capif-security/v1/trustedInvokers/${register_user_info_invoker['api_invoker_id']} ... json=${request_body} @@ -290,14 +398,27 @@ Delete the Security Context of an API Invoker with invalid apiInvokerID ... cause=API Invoker not exists or invalid ID Update the Security Context of an API Invoker - [Tags] capif_security_api-12 smoke + [Tags] capif_security_api-12 smoke # Default Invoker Registration and Onboarding ${register_user_info_invoker} ${url} ${request_body}= Invoker Default Onboarding # Register Provider - ${register_user_info_publisher}= Provider Default Registration + # Register Provider + ${register_user_info_provider}= Provider Default Registration - ${request_body}= Create Service Security Body ${NOTIFICATION_DESTINATION_URL} + # Publish Service API + ${service_api_description_published_1} ${resource_url} ${request_body}= Publish Service Api + ... ${register_user_info_provider} + ... service_1 + + # Store apiId1 + ${service_api_id_1}= Set Variable ${service_api_description_published_1['apiId']} + + # Create Security Context + ${request_body}= Create Service Security Default Body + ... ${NOTIFICATION_DESTINATION_URL} + ... aef_id=${register_user_info_provider['aef_id']} + ... api_id=${service_api_id_1} ${resp}= Put Request Capif ... /capif-security/v1/trustedInvokers/${register_user_info_invoker['api_invoker_id']} ... json=${request_body} @@ -312,7 +433,12 @@ Update the Security Context of an API Invoker ${security_context}= Set Variable ${resp.json()} # Update Security Context - ${request_body}= Create Service Security Body http://robot.testing2 + ${request_body}= Create Service Security Default Body + ... http://robot.testing2 + ... aef_id=${register_user_info_provider['aef_id']} + ... api_id=${service_api_id_1} + ... authentication_info=authenticationInfo + ... authorization_info=authorizationInfo ${resp}= Post Request Capif ... /capif-security/v1/trustedInvokers/${register_user_info_invoker['api_invoker_id']}/update ... json=${request_body} @@ -341,7 +467,22 @@ Update the Security Context of an API Invoker with Provider entity role # Default Invoker Registration and Onboarding ${register_user_info_invoker} ${url} ${request_body}= Invoker Default Onboarding - ${request_body}= Create Service Security Body ${NOTIFICATION_DESTINATION_URL} + # Register Provider + ${register_user_info_provider}= Provider Default Registration + + # Publish Service API + ${service_api_description_published_1} ${resource_url} ${request_body}= Publish Service Api + ... ${register_user_info_provider} + ... service_1 + + # Store apiId1 + ${service_api_id_1}= Set Variable ${service_api_description_published_1['apiId']} + + # Create Security Context + ${request_body}= Create Service Security Default Body + ... ${NOTIFICATION_DESTINATION_URL} + ... aef_id=${register_user_info_provider['aef_id']} + ... api_id=${service_api_id_1} ${resp}= Put Request Capif ... /capif-security/v1/trustedInvokers/${register_user_info_invoker['api_invoker_id']} ... json=${request_body} @@ -351,9 +492,6 @@ Update the Security Context of an API Invoker with Provider entity role Check Response Variable Type And Values ${resp} 201 ServiceSecurity - # Register Provider - ${register_user_info_publisher}= Provider Default Registration - ${resp}= Post Request Capif ... /capif-security/v1/trustedInvokers/${register_user_info_invoker['api_invoker_id']}/update ... json=${request_body} @@ -371,9 +509,21 @@ Update the Security Context of an API Invoker with Provider entity role Update the Security Context of an API Invoker with AEF entity role and invalid apiInvokerId [Tags] capif_security_api-14 # Register Provider - ${register_user_info_publisher}= Provider Default Registration + ${register_user_info_provider}= Provider Default Registration + + # Publish Service API + ${service_api_description_published_1} ${resource_url} ${request_body}= Publish Service Api + ... ${register_user_info_provider} + ... service_1 + + # Store apiId1 + ${service_api_id_1}= Set Variable ${service_api_description_published_1['apiId']} - ${request_body}= Create Service Security Body ${NOTIFICATION_DESTINATION_URL} + # Create Security Context + ${request_body}= Create Service Security Default Body + ... ${NOTIFICATION_DESTINATION_URL} + ... aef_id=${register_user_info_provider['aef_id']} + ... api_id=${service_api_id_1} ${resp}= Post Request Capif ... /capif-security/v1/trustedInvokers/${API_INVOKER_NOT_VALID}/update ... json=${request_body} @@ -392,7 +542,22 @@ Update the Security Context of an API Invoker with invalid apiInvokerID # Default Invoker Registration and Onboarding ${register_user_info_invoker} ${url} ${request_body}= Invoker Default Onboarding - ${request_body}= Create Service Security Body ${NOTIFICATION_DESTINATION_URL} + # Register Provider + ${register_user_info_provider}= Provider Default Registration + + # Publish Service API + ${service_api_description_published_1} ${resource_url} ${request_body}= Publish Service Api + ... ${register_user_info_provider} + ... service_1 + + # Store apiId1 + ${service_api_id_1}= Set Variable ${service_api_description_published_1['apiId']} + + # Create Security Context + ${request_body}= Create Service Security Default Body + ... ${NOTIFICATION_DESTINATION_URL} + ... aef_id=${register_user_info_provider['aef_id']} + ... api_id=${service_api_id_1} ${resp}= Post Request Capif ... /capif-security/v1/trustedInvokers/${API_INVOKER_NOT_VALID}/update ... json=${request_body} @@ -408,7 +573,7 @@ Update the Security Context of an API Invoker with invalid apiInvokerID ... cause=API Invoker not exists or invalid ID Revoke the authorization of the API invoker for APIs - [Tags] capif_security_api-16 smoke + [Tags] capif_security_api-16 smoke # Register APF ${register_user_info_provider}= Provider Default Registration @@ -478,7 +643,24 @@ Revoke the authorization of the API invoker for APIs without valid apfID. # Default Invoker Registration and Onboarding ${register_user_info_invoker} ${url} ${request_body}= Invoker Default Onboarding - ${request_body}= Create Service Security Body ${NOTIFICATION_DESTINATION_URL} + # Register Provider + ${register_user_info_provider}= Provider Default Registration + + # Publish Service API + ${service_api_description_published_1} ${resource_url} ${request_body}= Publish Service Api + ... ${register_user_info_provider} + ... service_1 + + # Store apiId1 + ${service_api_id_1}= Set Variable ${service_api_description_published_1['apiId']} + + # Create Security Context + ${request_body}= Create Service Security Default Body + ... ${NOTIFICATION_DESTINATION_URL} + ... aef_id=${register_user_info_provider['aef_id']} + ... api_id=${service_api_id_1} + ... authorization_info=authorizationInfo + ... authentication_info=authenticationInfo ${resp}= Put Request Capif ... /capif-security/v1/trustedInvokers/${register_user_info_invoker['api_invoker_id']} ... json=${request_body} @@ -490,9 +672,6 @@ Revoke the authorization of the API invoker for APIs without valid apfID. ${security_context}= Set Variable ${resp.json()} - # Register Provider - ${register_user_info_publisher}= Provider Default Registration - # Revoke Security Context by Invoker ${request_body}= Create Security Notification Body ${register_user_info_invoker['api_invoker_id']} 1234 ${resp}= Post Request Capif @@ -528,7 +707,25 @@ Revoke the authorization of the API invoker for APIs with invalid apiInvokerId # Default Invoker Registration and Onboarding ${register_user_info_invoker} ${url} ${request_body}= Invoker Default Onboarding - ${request_body}= Create Service Security Body ${NOTIFICATION_DESTINATION_URL} + # Register Provider + ${register_user_info_provider}= Provider Default Registration + + # Publish Service API + ${service_api_description_published_1} ${resource_url} ${request_body}= Publish Service Api + ... ${register_user_info_provider} + ... service_1 + + # Store apiId1 + ${service_api_id_1}= Set Variable ${service_api_description_published_1['apiId']} + + # Create Security Context + ${request_body}= Create Service Security Default Body + ... ${NOTIFICATION_DESTINATION_URL} + ... aef_id=${register_user_info_provider['aef_id']} + ... api_id=${service_api_id_1} + ... authentication_info=authenticationInfo + ... authorization_info=authorizationInfo + ... authorization_info=authorizationInfo ${resp}= Put Request Capif ... /capif-security/v1/trustedInvokers/${register_user_info_invoker['api_invoker_id']} ... json=${request_body} @@ -540,9 +737,6 @@ Revoke the authorization of the API invoker for APIs with invalid apiInvokerId ${security_context}= Set Variable ${resp.json()} - # Register Provider - ${register_user_info_publisher}= Provider Default Registration - ${request_body}= Create Security Notification Body ${API_INVOKER_NOT_VALID} 1234 ${resp}= Post Request Capif ... /capif-security/v1/trustedInvokers/${API_INVOKER_NOT_VALID}/delete @@ -569,7 +763,7 @@ Revoke the authorization of the API invoker for APIs with invalid apiInvokerId Dictionaries Should Be Equal ${resp.json()} ${security_context} Retrieve access token - [Tags] capif_security_api-19 smoke + [Tags] capif_security_api-19 smoke # Register APF ${register_user_info_provider}= Provider Default Registration diff --git a/tests/libraries/security_api/bodyRequests.py b/tests/libraries/security_api/bodyRequests.py index dabee876..5f0ec3bc 100644 --- a/tests/libraries/security_api/bodyRequests.py +++ b/tests/libraries/security_api/bodyRequests.py @@ -1,7 +1,47 @@ -def create_service_security_body(notification_destination, aef_id=None, api_id=None): +def create_service_security_default_body( + notification_destination, + supported_features="0", + interface_details=None, + aef_id=None, + api_id=None, + authentication_info=None, + authorization_info=None, + grant_type=None, + pref_security_methods=["PSK", "PKI", "OAUTH"], + sel_security_method=None, + request_websocket_uri=None, + websocket_uri=None): data = { "notificationDestination": notification_destination, - "supportedFeatures": "fffffff", + "supportedFeatures": supported_features + } + security_info = list() + security_info.append( + create_security_info(aef_id=aef_id, + interface_details=interface_details, + api_id=api_id, + authentication_info=authentication_info, + authorization_info=authorization_info, + grant_type=grant_type, + pref_security_methods=pref_security_methods, + sel_security_method=sel_security_method)) + data['securityInfo'] = security_info + if request_websocket_uri is not None or websocket_uri is not None: + data['websockNotifConfig'] = create_web_sock_notif_config( + request_websocket_uri, websocket_uri) + return data + + +def create_service_security_body(notification_destination, + supported_features, + security_info=None, + aef_id=None, + api_id=None, + authentication_info=None, + authorization_info=None): + data = { + "notificationDestination": notification_destination, + "supportedFeatures": supported_features, "securityInfo": [{ "authenticationInfo": "authenticationInfo", "authorizationInfo": "authorizationInfo", @@ -20,7 +60,12 @@ def create_service_security_body(notification_destination, aef_id=None, api_id=N "requestTestNotification": True } - if aef_id != None and api_id != None: + if aef_id is not None and api_id is not None: + security_info = dict() + if authentication_info is not None: + security_info['authenticationInfo'] = authentication_info + if authorization_info is not None: + security_info['authorizationInfo'] = authorization_info data['securityInfo'].append({ "authenticationInfo": "authenticationInfo", "authorizationInfo": "authorizationInfo", @@ -32,6 +77,48 @@ def create_service_security_body(notification_destination, aef_id=None, api_id=N return data +def create_security_info( + aef_id=None, + interface_details=None, + api_id=None, + authentication_info=None, + authorization_info=None, + grant_type=None, + pref_security_methods=None, + sel_security_method=None): + # aef_id or interface_details must be set. + # authentication_info, authorization_info, grant_type, sel_security_method + # only should be present in repsonse from CCF + data = dict() + if aef_id is not None: + data["aefId"] = aef_id + if interface_details is not None: + data['interfaceDetails'] = interface_details + if api_id is not None: + data['apiId'] = api_id + if authentication_info is not None: + data['authenticationInfo'] = authentication_info + if authorization_info is not None: + data['authorizationInfo'] = authorization_info + if grant_type is not None: + data['grantType'] = grant_type + if pref_security_methods is not None: + data['prefSecurityMethods'] = pref_security_methods + if sel_security_method is not None: + data['selSecurityMethod'] = sel_security_method + + return data + + +def create_web_sock_notif_config(request_websocket_uri=None, websocket_uri=None): + data = dict() + if request_websocket_uri is not None: + data['requestWebsocketUri'] = request_websocket_uri + if websocket_uri is not None: + data['websocketUri'] = websocket_uri + return data + + def create_service_security_from_discover_response(notification_destination, discover_response): data = { "notificationDestination": notification_destination, @@ -43,7 +130,8 @@ def create_service_security_from_discover_response(notification_destination, dis }, "requestTestNotification": True } - service_api_descriptions = discover_response.json()['serviceAPIDescriptions'] + service_api_descriptions = discover_response.json()[ + 'serviceAPIDescriptions'] for service_api_description in service_api_descriptions: for aef_profile in service_api_description['aefProfiles']: data['securityInfo'].append({ @@ -64,14 +152,13 @@ def create_security_notification_body(api_invoker_id, api_ids, cause="OVERLIMIT_ "cause": cause } - if isinstance(api_ids,list): + if isinstance(api_ids, list): data['apiIds'] = api_ids else: - data['apiIds'] = [ api_ids ] + data['apiIds'] = [api_ids] if aef_id != None: data['aefId'] = aef_id - return data @@ -88,9 +175,11 @@ def create_access_token_req_body(client_id, scope, client_secret=None, grant_typ return data + def get_api_ids_from_discover_response(discover_response): - api_ids=[] - service_api_descriptions = discover_response.json()['serviceAPIDescriptions'] + api_ids = [] + service_api_descriptions = discover_response.json()[ + 'serviceAPIDescriptions'] for service_api_description in service_api_descriptions: api_ids.append(service_api_description['apiId']) return api_ids -- GitLab From ab9c78b38716d7cd9a75299c39d45cc7d989788b Mon Sep 17 00:00:00 2001 From: Pelayo Torres Date: Thu, 27 Mar 2025 14:22:35 +0100 Subject: [PATCH 3/3] added security body request --- tests/libraries/security_api/bodyRequests.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/libraries/security_api/bodyRequests.py b/tests/libraries/security_api/bodyRequests.py index 2ac5edf2..409fcfcf 100644 --- a/tests/libraries/security_api/bodyRequests.py +++ b/tests/libraries/security_api/bodyRequests.py @@ -119,7 +119,7 @@ def create_web_sock_notif_config(request_websocket_uri=None, websocket_uri=None) return data -def create_service_security_from_discover_response(notification_destination, discover_response): +def create_service_security_from_discover_response(notification_destination, discover_response, legacy=True): data = { "notificationDestination": notification_destination, "supportedFeatures": "fffffff", @@ -130,8 +130,8 @@ def create_service_security_from_discover_response(notification_destination, dis }, "requestTestNotification": True } - service_api_descriptions = discover_response.json()[ - 'serviceAPIDescriptions'] + api_ids=list() + service_api_descriptions = discover_response.json()['serviceAPIDescriptions'] for service_api_description in service_api_descriptions: for aef_profile in service_api_description['aefProfiles']: data['securityInfo'].append({ -- GitLab