viss-manager

command module

v0.0.0-...-0699224 Latest Latest Go to latest Published: Jun 1, 2022 License: GPL-3.0 Imports: 3 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/josesnchz/viss-manager

Links

Open Source Insights

README ¶

VISS - MANAGER

Support repository for josesnchz/WAII. (Repository that implements authorization, authentification and other security concepts to w3c/automotive-viss2). This repository consists on a HTML Web application using javascript and golang that can be used to make AGT, AT and Data Requests. The future configuration API for AGT and AT (still on implementation phase) will also be here.

Prerequisites and building

GO version 1.17 is required, since some modules related to crypto are written in go, then compiled to WASM. Since module compilation is required, a script that automatically compiles all modules is given. TLS communication between the web app and VISS servers must be used, although it is not already being used. It will be supported and implemented in future versions.

VISS server, AGT server and AT server must be launched along with the web client. Their IPs and ports must be set in each HTML file, inside the script containing the URL. These servers must be launched after cloning the repository josesnchz/WAII and following the steps provided in it.

A script is (will be) provided to automatically build the files provided and run the webserver. After using the script, client can be used visiting localhost:8080 in any browser supporting localStorage because Keys Generated and Tokens received are stored in the browser. In case the script is used, it is required to have screen installed, it can be downloaded and installed from the official repository.

# get screen
$sudo apt install screen
# compile files and start the webserver
$./viss-manager -run
# stop the webserver
$./viss-manager -stop

The client implements dynamic selection for the purpose of the AT request and the path of the VISS data request. Both of them depends on these files:

specs/purposelist.json
specs/vsspathlist.json

Purpose list is generated by the ecosystem manager, and it is used by the AT Server to provide Access Tokens depending on the AGT claims. VSS Path list is generated by the being read by VISSv2 server at startup, and it contains the data tree of the system. Both of them are imported from the w3c/automotive-viss2 repository. New files can be generated following the rules specified in that repository.

Although it is possible to start the system automatically using the script provided, modules can be compiled separately and launched manually. Go module must be compiled using GOARCH="wasm" and GOOS = "js". The main go implementation is in the file "scripts/go/gofuncs.go", which must be compiled to "scripts/go/golib.wasm".

$ GOARCH="wasm" GOOS="js" go build -o scripts/go/golib.wasm scripts/go/gofuncs.go

A very basic file server is required to run the web app. File server.go is provided for that purpose. It can be run using go.

$ go run server.go

After doing that, the web app will be avaliable in http://localhost:8080

Client System Architecture

This project demonstrates the authentication, authorization and data access flow described in VISSv2 protocol. AGT, AT and VISSv2 requests are therefore supported.

MAIN PAGE

The client holds a keypair, which is used to sign the Proofs of Possession made to each of the servers. Two types of keys are supported: RSA 2048 bits and Elliptic Curve P-256. These can be generated by the system or imported from a file. Since this client is for demonstration purposes, keys are plain-text saved inside localStorage, altough in a short time, those will be generated using Web Cryptography API and stored using Indexed DB with extractable property disable for security purposes.

AGT-REQUEST

The client is able to make an AGT Request modifying all claims at its will. Those requests that do not follow the specification will be refused. The POP generated in case of use of a private key to sign a POP will be shown, along with the received token and the request body. Those can be pretty-printed or shown as raw data. Received tokens can be saved associated with the ID provided.

AT-REQUEST

The client uses one of the tokens obtained from the AGT server to attest its authorization to access the data. The purposes supported are defined in the purposelist.json file, as described above. The signature (if used) to generate the pop can be overriden or not, along with the claims on it. Received tokens can be saved.

VISSv2 REQUEST

The client uses one of the tokens provided from the AT server to access data. Multiple protocols and methods will be supported. The data requested is selected after parsing the vsspathlist.json file, as descrived above

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

server.go

Directories ¶

Path	Synopsis
scripts
go
go/utils * * VISS-MANAGER: utils * * Copyright (C) 2022 NICS Lab, University of Malaga * Author: Jose Jesus Sanchez Gomez, sanchezg@lcc.uma.es * * This program and all files in the repository at https://github.com/josesnchz/viss-manager * are distributed following the terms of the LICENSE file in the repository.	* * VISS-MANAGER: utils * * Copyright (C) 2022 NICS Lab, University of Malaga * Author: Jose Jesus Sanchez Gomez, sanchezg@lcc.uma.es * * This program and all files in the repository at https://github.com/josesnchz/viss-manager * are distributed following the terms of the LICENSE file in the repository.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL