feat: impl to create new enollments using APKAM-OTP (#453)

* feat: introduce new params into the arg_parser * feat: add param "err_msg" to atclient_pkam_authenticate * feat: new method to parse enroll_namespace_list_t from string * feat: introduce auth_cli * chore: revert changes reg recursive write in atclient/connection.c * feat: migrate constants to atauth_constants.h + minor refactoring * feat: support for unauthenticated public key lookup * feat: support to parse enroll namespaces from string * feat: add new request param 'should_auth' in get_public_key_request_options * feat: completed auth_cli implementation * feat: impl multiple exits for auth_cli + minor refactoring * fix: linux specific header issue + unit test * chore: fix examples * fix: introduce init method and use for enroll namespace list --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: xavierchanth <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
atsign-foundation · Dec 19, 2024 · 0fcec5f · 0fcec5f
1 parent 247ac4b
commit 0fcec5f
Show file tree

Hide file tree

Showing 35 changed files with 964 additions and 148 deletions.
diff --git a/examples/desktop/at_talk/src/main.c b/examples/desktop/at_talk/src/main.c
@@ -98,7 +98,7 @@ int main(int argc, char *argv[]) {
   pthread_mutex_lock(&client_mutex);
   atclient_authenticate_options options;
   atclient_authenticate_options_init(&options);
-  if ((ret = atclient_pkam_authenticate(&atclient1, from_atsign, &atkeys, &options)) != 0) {
+  if ((ret = atclient_pkam_authenticate(&atclient1, from_atsign, &atkeys, &options, NULL)) != 0) {
     atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "\natclient_pkam_authenticate: %d\n", ret);
     goto exit;
   }
@@ -342,7 +342,7 @@ static int reconnect_clients(atclient *monitor, atclient *ctx, const char *atser
   atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_DEBUG, "Reconnecting client connection...\n");
   atclient_authenticate_options options;
   atclient_authenticate_options_init(&options);
-  if ((ret = atclient_pkam_authenticate(ctx, from_atsign, atkeys, &options)) != 0) {
+  if ((ret = atclient_pkam_authenticate(ctx, from_atsign, atkeys, &options, NULL)) != 0) {
     atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "atclient_pkam_authenticate: %d\n", ret);
     return ret;
   }

diff --git a/examples/desktop/crud/delete.c b/examples/desktop/crud/delete.c
@@ -49,7 +49,7 @@ int main() {
     goto exit;
   }
 
-  if ((ret = atclient_pkam_authenticate(&atclient, atsign, &atkeys, &options)) != 0) {
+  if ((ret = atclient_pkam_authenticate(&atclient, atsign, &atkeys, &options, NULL)) != 0) {
     atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "Failed to authenticate");
     goto exit;
   }

diff --git a/examples/desktop/crud/get_publickey.c b/examples/desktop/crud/get_publickey.c
@@ -55,7 +55,7 @@ int main() {
 
   char *metadatajsonstr = NULL;
 
-  if ((ret = atclient_pkam_authenticate(&atclient, atsign, &atkeys, &options)) != 0) {
+  if ((ret = atclient_pkam_authenticate(&atclient, atsign, &atkeys, &options, NULL)) != 0) {
     atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "Failed to authenticate");
     goto exit;
   }

diff --git a/examples/desktop/crud/get_selfkey.c b/examples/desktop/crud/get_selfkey.c
@@ -53,7 +53,7 @@ int main() {
 
   char *atkeystr = NULL;
 
-  if ((ret = atclient_pkam_authenticate(&atclient, atsign, &atkeys, &options)) != 0) {
+  if ((ret = atclient_pkam_authenticate(&atclient, atsign, &atkeys, &options, NULL)) != 0) {
     atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "Failed to authenticate\n");
     goto exit;
   } else {

diff --git a/examples/desktop/crud/get_sharedkey.c b/examples/desktop/crud/get_sharedkey.c
@@ -66,7 +66,7 @@ int main() {
 
   char *atkeystr = NULL;
 
-  if ((ret = atclient_pkam_authenticate(&atclient, atsign, &atkeys, &options)) != 0) {
+  if ((ret = atclient_pkam_authenticate(&atclient, atsign, &atkeys, &options, NULL)) != 0) {
     atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "Failed to authenticate\n");
     goto exit;
   } else {

diff --git a/examples/desktop/crud/put_publickey.c b/examples/desktop/crud/put_publickey.c
@@ -52,7 +52,7 @@ int main() {
 
   char *atkeystr = NULL;
 
-  if ((ret = atclient_pkam_authenticate(&atclient, ATSIGN, &atkeys, &options)) != 0) {
+  if ((ret = atclient_pkam_authenticate(&atclient, ATSIGN, &atkeys, &options, NULL)) != 0) {
     atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "Failed to authenticate");
     goto exit;
   }

diff --git a/examples/desktop/crud/put_selfkey.c b/examples/desktop/crud/put_selfkey.c
@@ -52,7 +52,7 @@ int main() {
 
   char *atkeystr = NULL;
 
-  if ((ret = atclient_pkam_authenticate(&atclient, ATSIGN, &atkeys, &options)) != 0) {
+  if ((ret = atclient_pkam_authenticate(&atclient, ATSIGN, &atkeys, &options, NULL)) != 0) {
     atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "Failed to authenticate");
     goto exit;
   }

diff --git a/examples/desktop/crud/put_sharedkey.c b/examples/desktop/crud/put_sharedkey.c
@@ -53,7 +53,7 @@ int main() {
 
   char *atkeystr = NULL;
 
-  if ((ret = atclient_pkam_authenticate(&atclient, atsign, &atkeys, &options)) != 0) {
+  if ((ret = atclient_pkam_authenticate(&atclient, atsign, &atkeys, &options, NULL)) != 0) {
     atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "Failed to authenticate");
     goto exit;
   }

diff --git a/examples/desktop/events/monitor.c b/examples/desktop/events/monitor.c
@@ -47,7 +47,7 @@ int main(int argc, char *argv[]) {
     goto exit;
   }
 
-  if ((ret = atclient_pkam_authenticate(&atclient2, atsign, &atkeys, NULL)) != 0) {
+  if ((ret = atclient_pkam_authenticate(&atclient2, atsign, &atkeys, NULL, NULL)) != 0) {
     atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "Failed to authenticate with PKAM\n");
     goto exit;
   }

diff --git a/examples/desktop/events/notify.c b/examples/desktop/events/notify.c
@@ -87,7 +87,7 @@ int main(int argc, char *argv[]) {
 
 
 
-  if ((ret = atclient_pkam_authenticate(&atclient, atsign, &atkeys, NULL)) != 0) {
+  if ((ret = atclient_pkam_authenticate(&atclient, atsign, &atkeys, NULL, NULL)) != 0) {
     atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "Failed to authenticate\n");
     goto exit;
   }

diff --git a/examples/desktop/events/resilient_monitor.c b/examples/desktop/events/resilient_monitor.c
@@ -52,7 +52,7 @@ int main(int argc, char *argv[]) {
     goto exit;
   }
 
-  if ((ret = atclient_pkam_authenticate(&atclient2, atsign, &atkeys, NULL)) != 0) {
+  if ((ret = atclient_pkam_authenticate(&atclient2, atsign, &atkeys, NULL, NULL)) != 0) {
     atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "Failed to authenticate with PKAM\n");
     goto exit;
   }

diff --git a/examples/desktop/pkam_authenticate/src/main.c b/examples/desktop/pkam_authenticate/src/main.c
@@ -36,8 +36,9 @@ int main(int argc, char **argv) {
   atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_INFO, "atclient_atkeys_populate_from_atkeys_file: %d\n", ret);
 
   const char *atsign = ATSIGN;
+  char *err_msg;
 
-  if ((ret = atclient_pkam_authenticate(&atclient, ATSIGN, &atkeys, NULL)) != 0) {
+  if ((ret = atclient_pkam_authenticate(&atclient, ATSIGN, &atkeys, NULL, &err_msg)) != 0) {
     atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "Failed to authenticate\n");
     goto exit;
   } else {

diff --git a/examples/desktop/reconnection/main.c b/examples/desktop/reconnection/main.c
@@ -33,7 +33,7 @@ int main() {
     goto exit;
   }
 
-  if ((ret = atclient_pkam_authenticate(&atclient1, ATSIGN, &atkeys, &options)) != 0) {
+  if ((ret = atclient_pkam_authenticate(&atclient1, ATSIGN, &atkeys, &options, NULL)) != 0) {
     atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "Failed to PKAM authenticate.\n");
     goto exit;
   }
@@ -47,7 +47,7 @@ int main() {
       atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_INFO, "We are connected to the atServer! :)\n");
     } else {
       atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_INFO, "We are not connected to atServer? :(\n");
-      if((ret = atclient_pkam_authenticate(&atclient1, ATSIGN, &atkeys, &options)) == 0) {
+      if((ret = atclient_pkam_authenticate(&atclient1, ATSIGN, &atkeys, &options, NULL)) == 0) {
         atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_INFO, "Reconnected to atServer! :)\n");
         atclient_set_read_timeout(&atclient1, 1000);
       } else {

diff --git a/examples/desktop/repl/src/main.c b/examples/desktop/repl/src/main.c
@@ -72,7 +72,7 @@ int main(int argc, char *argv[]) {
     goto exit;
   }
 
-  if ((ret = atclient_pkam_authenticate(&atclient, repl_args.atsign, &atkeys, NULL)) != 0) {
+  if ((ret = atclient_pkam_authenticate(&atclient, repl_args.atsign, &atkeys, NULL, NULL)) != 0) {
     atlogger_log(TAG, ATLOGGER_LOGGING_LEVEL_ERROR, "Failed to authenticate\n");
     goto exit;
   }

diff --git a/packages/atauth/CMakeLists.txt b/packages/atauth/CMakeLists.txt
@@ -9,6 +9,7 @@ set(
   ${CMAKE_CURRENT_LIST_DIR}/src/send_enroll_request.c
   ${CMAKE_CURRENT_LIST_DIR}/src/atactivate_arg_parser.c
   ${CMAKE_CURRENT_LIST_DIR}/src/atactivate.c
+  ${CMAKE_CURRENT_LIST_DIR}/src/auth_cli.c
   ${CMAKE_CURRENT_LIST_DIR}/src/atauth_build_atkeys_file_path.c
   ${CMAKE_CURRENT_LIST_DIR}/src/atauth_fetch_home_dir.c
 )
@@ -125,7 +126,9 @@ if(NOT ESP_PLATFORM)
       atactivate
       PRIVATE cjson atlogger atcommons atchops atclient atauth
     )
-  endif()
+    add_executable(at_auth_cli ${CMAKE_CURRENT_LIST_DIR}/src/auth_cli.c)
+    target_link_libraries(at_auth_cli PRIVATE cjson atlogger atcommons atchops atclient atauth)
+  endif ()
 
   # EXPORT
   if(NOT ATAUTH_AS_SUBPROJECT)

diff --git a/packages/atauth/include/atauth/atactivate_arg_parser.h b/packages/atauth/include/atauth/atactivate_arg_parser.h
@@ -11,15 +11,18 @@
  *
  * @param argc The number of arguments
  * @param argv The array of arguments
- * @param atsign pointer to store the atsign value
- * @param cram_secret pointer to store the cram_secret value
- * @param otp
- * @param atkeys_fp pointer to store the file path of the atkeys
- * @param root_host pointer to store the root host server address
- * @param root_port pointer to store the root port value
+ * @param atsign pointer to store the parsed atsign value
+ * @param cram_secret pointer to store the parsed cram_secret value
+ * @param otp OTP pointer to store the parsed OTP/SPP value (accepts OTP fetched from OTP verb)
+ * @param atkeys_fp pointer to store the parsed file path of the atkeys
+ * @param app_name pointer to store the parsed app_name for current enrollment
+ * @param device_name pointer to store the parsed device_name for current enrollment
+ * @param namespaces pointert to store the parsed namespaces list for current enrollment
+ * @param root_host pointer to store the parsed root server host
+ * @param root_port pointer to store the parsed root server port
  * @return int 0 on success, non-zero on error
  */
 int atactivate_parse_args(int argc, char *argv[], char **atsign, char **cram_secret, char **otp, char **atkeys_fp,
-                          char **root_host, int *root_port);
+                          char **app_name, char **device_name, char **namespaces, char **root_host, int *root_port);
 
 #endif // ATACTIVATE_ARG_PARSER_H
diff --git a/packages/atauth/include/atauth/atauth_constants.h b/packages/atauth/include/atauth/atauth_constants.h
@@ -0,0 +1,12 @@
+#define ATAUTH_DEFAULT_FIRST_APP_NAME "firstApp"
+#define ATAUTH_DEFAULT_FIRST_DEVICE_NAME "firstDevice"
+#define ATAUTH_AES_256_KEY_BYTES 32
+#define ATAUTH_RSA_2048_PRIVKEY_BYTES 1300 // in PKCS#8 format includes padding
+
+#define ATAUTH_DEFAULT_APKAM_RETRY_INTERVAL 10 // seconds
+#define ATAUTH_MAX_APKAM_AUTH_RETRY_ATTMEPTS 10
+#define ATAUTH_ENROLLMENT_DENIED_ERR_CODE "error:AT0025"
+#define ATAUTH_ENROLLMENT_PENDING_ERR_CODE "error:AT0026"
+
+#define ATAUTH_ENCRYPTED_DEFAULT_ENC_PRIVKEY_NAME "default_enc_private_key"
+#define ATAUTH_ENCRYPTED_SELF_ENC_KEY_NAME "default_self_enc_key"