Merge branch 'master' into fsim_test

.github/workflows/main.yaml

@@ -0,0 +1,56 @@
+name: prifidoiot
+on:
+  workflow_dispatch:
+  push:
+    branches: [master, '*rel']
+  pull_request:
+    branches: [master, '*rel']
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: scm checkout
+        uses: actions/checkout@v3
+      - name: setup-java
+        uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+      - name: build
+        run: |
+          mvn clean install
+          cd component-samples && tar -czvf demo.tar.gz demo && mv demo.tar.gz ..
+      - name: checkout test-fidoiot
+        uses: actions/checkout@v3
+        with:
+          repository: fido-device-onboard/test-fidoiot
+          ref: master
+          path: test-fidoiot
+      - name: Add host to /etc/hosts
+        run: |
+          sudo echo "127.0.0.1 host.docker.internal" | sudo tee -a /etc/hosts
+      - name: run smoke test
+        run: |
+          mkdir -p test-fidoiot/binaries/pri-fidoiot
+          cp -r component-samples/demo/* test-fidoiot/binaries/pri-fidoiot
+          cp -r test-fidoiot/binaries/pri-fidoiot/device/* test-fidoiot/
+          cd test-fidoiot/binaries/pri-fidoiot/scripts
+          bash demo_ca.sh
+          bash web_csr_req.sh
+          bash user_csr_req.sh
+          bash keys_gen.sh
+          chmod -R 777 secrets/
+          cp -r service.env secrets/ ../aio/
+          cp -r secrets/ ../db/
+          sed -i '/<security-constraint>/,/<.security-constraint>/d' ../aio/WEB-INF/web.xml
+          sed -i '/^innodb/d' ../db/custom/config-file.cnf
+          cd ${{ github.workspace }}/test-fidoiot
+          export TEST_DIR=$PWD
+          mvn clean test -Dgroups=fdo_pri_smoketest
+      - name: archive artifacts
+        uses: actions/upload-artifact@v3
+        with:
+          name: demo.tar.gz
+          path: demo.tar.gz
+          retention-days: 5
+        if: github.event_name != 'pull_request'

build/Dockerfile

@@ -5,9 +5,7 @@ FROM ubuntu:22.04
 
 ENV DEBIAN_FRONTEND=noninteractive
 
-RUN apt-get clean && apt-get -y update && apt-get -y upgrade
-
-RUN apt-get install -y openjdk-17-jdk maven git
+RUN apt-get clean && apt-get -y update && apt-get -y upgrade && apt-get install -y --no-install-recommends openjdk-17-jdk maven git
 
 # Create a user 'fdouser'. If the user name is updated, please update the same in docker-compose.yaml.
 RUN useradd -ms /bin/bash fdouser

component-samples/demo/README.MD

@@ -262,6 +262,8 @@ The FDO PRI HTTP Java Device Sample currently supports `fdo_sys` module for inte
 
     *fetch* - This command returns the fetched file from client filesystem.
 
+    *owner_exec* - This command is a generic execution module that can perform various tasks, such as downloading files, running scripts, and executing commands
+
     Sample SVI instruction :
 
     `{"filedesc" : "sample.txt","resource" : "http/https url"},
@@ -272,6 +274,10 @@ The FDO PRI HTTP Java Device Sample currently supports `fdo_sys` module for inte
      `{"filedesc" : "sample.txt","resource" : "database resource"},
       {"exec" :"cat sample.txt"}`
 
+    Sample SVI instruction (with owner_exec):
+
+    `{ "owner_exec" : ["curl", "—location —digest", "-U username: -P:xyz", "https://sample:9999/files"] }`
+
 ***NOTE***: The comma-separated values must be ordered such that the 'filedesc' and 'write' objects are one after the other pair-wise, followed by the 'exec' commands.
 
 ***NOTE***: You can filter SVI transfer based on Device parameters. [Learn more](aio/README.md#service-info-filters)

component-samples/demo/aio/Dockerfile

@@ -4,8 +4,7 @@
 FROM ubuntu:22.04
 ARG _JAVA_OPTIONS
 ENV _JAVA_OPTIONS=${_JAVA_OPTIONS}
-RUN apt-get update 
-RUN apt-get install -y openjdk-17-jdk
+RUN apt-get update && apt-get install -y openjdk-17-jre wget --no-install-recommends
 
 RUN useradd -ms /bin/bash fdo
 WORKDIR /home/fdo/
@@ -28,3 +27,6 @@ USER fdo
 
 # Configure and start all-in-one
 CMD ["/usr/lib/jvm/java-17-openjdk-amd64/bin/java", "-jar", "aio.jar"]
+
+#Docker image healthcheck
+HEALTHCHECK --interval=30s --timeout=30s CMD wget --spider -Y off http://localhost:8080/health || exit 1

component-samples/demo/aio/WEB-INF/web.xml

@@ -311,6 +311,8 @@
     <web-resource-collection>
         <web-resource-name>apis</web-resource-name>
         <url-pattern>/api/v1/*</url-pattern>
+        <!-- <url-pattern>/fdo/101/msg/10</url-pattern>
+        <url-pattern>/fdo/101/msg/12</url-pattern> -->
     </web-resource-collection>
     <auth-constraint>
         <role-name>api</role-name>

component-samples/demo/device/Dockerfile

@@ -4,8 +4,7 @@
 FROM ubuntu:22.04
 ARG _JAVA_OPTIONS
 ENV _JAVA_OPTIONS=${_JAVA_OPTIONS}
-RUN apt-get update 
-RUN apt-get install -y openjdk-17-jdk
+RUN apt-get update && apt-get install -y openjdk-17-jre --no-install-recommends
 
 RUN useradd -ms /bin/bash fdo
 WORKDIR /home/fdo/
@@ -23,4 +22,4 @@ RUN chown -R fdo:fdo /home/fdo
 USER fdo
 
 # Configure and start all-in-one
-CMD ["/usr/lib/jvm/java-17-openjdk-amd64/bin/java", "-jar", "device.jar"]
+CMD ["/usr/lib/jvm/java-17-openjdk-amd64/bin/java", "-jar", "device.jar"]

component-samples/demo/device/README.md

@@ -1,3 +1,4 @@
+
 # Getting the Executable
 
 Use the following commands to build FIDO Device Onboard (FDO) Protocol Reference Implementation (PRI) HTTP Device Component sample source.
@@ -23,6 +24,44 @@ All the runtime configurations for the device is specified in `service.yml` file
 
 - `workers:` The section contains the configuration to select desired functionality for the device. The deployer can pick and choose the functionality during runtime.
 
+###  DI with mTLS
+1. To execute DI with mTLS, first uncomment the following lines from `<fdo-pri-src>/component-samples/demo/aio/WEB-INF/Web.xml` or `<fdo-pri-src>/component-samples/demo/manufacturer/WEB-INF/Web.xml` and start the sevices.
+
+```
+  <security-constraint>
+    <web-resource-collection>
+        <web-resource-name>apis</web-resource-name>
+        <url-pattern>/api/v1/*</url-pattern>
+        <!-- <url-pattern>/fdo/101/msg/10</url-pattern>
+        <url-pattern>/fdo/101/msg/12</url-pattern> -->
+    </web-resource-collection>
+    <auth-constraint>
+        <role-name>api</role-name>
+    </auth-constraint>
+    <user-data-constraint>
+       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
+    </user-data-constraint>
+  </security-constraint>
+  ```
+
+2.  Copy `api-user.pem` and `ca-cert.pem` into `demo/device/app-data` folder.
+3. Disable the following workers.
+`- org.fidoalliance.fdo.protocol.SelfSignedHttpClientSupplier`
+4. Enable the following workers.
+`- org.fidoalliance.fdo.protocol.StandardHttpClientSupplier`
+5. Then uncomment the following lines from `<fdo-pri-src>/component-samples/demo/device/service.yml`
+
+```
+system-properties:
+  # javax.net.ssl.keyStorePassword: default
+  # javax.net.ssl.trustStorePassword: default
+  # javax.net.ssl.keyStore: ./app-data/api-user.pem
+  # javax.net.ssl.trustStore: ./app-data/ca-cert.pem
+  # javax.net.ssl.keyStoreType: PEM
+  # javax.net.ssl.trustStoreType: PEM
+```
+
+
 
 # Starting the Device Service
 

component-samples/demo/device/service.yml

@@ -87,6 +87,7 @@ workers:
   - org.fidoalliance.fdo.protocol.StandardExceptionConsumer
   - org.fidoalliance.fdo.protocol.StandardMessageDispatcher
   - org.fidoalliance.fdo.protocol.StandardCryptoService
+  # - org.fidoalliance.fdo.protocol.StandardHttpClientSupplier
   - org.fidoalliance.fdo.protocol.SelfSignedHttpClientSupplier
   - org.fidoalliance.fdo.sample.FileCredentialConsumer
   - org.fidoalliance.fdo.sample.FileCredentialSupplier 
@@ -113,3 +114,9 @@ workers:
 system-properties:
   log4j.configurationFile: log4j2.xml
   app-data.dir: ./app-data
+  # javax.net.ssl.keyStorePassword: default
+  # javax.net.ssl.trustStorePassword: default
+  # javax.net.ssl.keyStore: ./app-data/api-user.pem
+  # javax.net.ssl.trustStore: ./app-data/ca-cert.pem
+  # javax.net.ssl.keyStoreType: PEM
+  # javax.net.ssl.trustStoreType: PEM

component-samples/demo/manufacturer/Dockerfile

@@ -4,8 +4,7 @@
 FROM ubuntu:22.04
 ARG _JAVA_OPTIONS
 ENV _JAVA_OPTIONS=${_JAVA_OPTIONS}
-RUN apt-get update 
-RUN apt-get install -y openjdk-17-jdk
+RUN apt-get update && apt-get install -y openjdk-17-jre wget --no-install-recommends
 
 RUN useradd -ms /bin/bash fdo
 WORKDIR /home/fdo/
@@ -28,3 +27,6 @@ USER fdo
 
 # Configure and start all-in-one
 CMD ["/usr/lib/jvm/java-17-openjdk-amd64/bin/java", "-jar", "aio.jar"]
+
+#Docker image healthcheck
+HEALTHCHECK --interval=30s --timeout=30s CMD wget --spider -Y off http://localhost:8039/health || exit 1

component-samples/demo/manufacturer/WEB-INF/web.xml

@@ -130,6 +130,8 @@
     <web-resource-collection>
         <web-resource-name>apis</web-resource-name>
         <url-pattern>/api/v1/*</url-pattern>
+        <!-- <url-pattern>/fdo/101/msg/10</url-pattern>
+        <url-pattern>/fdo/101/msg/12</url-pattern> -->
     </web-resource-collection>
     <auth-constraint>
         <role-name>api</role-name>

component-samples/demo/owner/Dockerfile

@@ -4,8 +4,7 @@
 FROM ubuntu:22.04
 ARG _JAVA_OPTIONS
 ENV _JAVA_OPTIONS=${_JAVA_OPTIONS}
-RUN apt-get update 
-RUN apt-get install -y openjdk-17-jdk
+RUN apt-get update && apt-get install -y openjdk-17-jre wget --no-install-recommends
 
 RUN useradd -ms /bin/bash fdo
 WORKDIR /home/fdo/
@@ -28,3 +27,6 @@ USER fdo
 
 # Configure and start all-in-one
 CMD ["/usr/lib/jvm/java-17-openjdk-amd64/bin/java", "-jar", "aio.jar"]
+
+#Docker image healthcheck
+HEALTHCHECK --interval=30s --timeout=30s CMD wget --spider -Y off http://localhost:8042/health || exit 1

component-samples/demo/reseller/Dockerfile

@@ -4,8 +4,7 @@
 FROM ubuntu:22.04
 ARG _JAVA_OPTIONS
 ENV _JAVA_OPTIONS=${_JAVA_OPTIONS}
-RUN apt-get update 
-RUN apt-get install -y openjdk-17-jdk
+RUN apt-get update && apt-get install -y openjdk-17-jre wget --no-install-recommends
 
 RUN useradd -ms /bin/bash fdo
 WORKDIR /home/fdo/
@@ -28,3 +27,6 @@ USER fdo
 
 # Configure and start all-in-one
 CMD ["/usr/lib/jvm/java-17-openjdk-amd64/bin/java", "-jar", "aio.jar"]
+
+#Docker image healthcheck
+HEALTHCHECK --interval=30s --timeout=30s CMD wget --spider -Y off http://localhost:8070/health || exit 1

component-samples/demo/reseller/service.yml

@@ -53,7 +53,7 @@ http-server:
 
 owner:
    keystore: 
-     path: owner.p12
+     path: reseller.p12
      store-type: PKCS12
      password: $(encrypt_password)
 

component-samples/demo/rv/Dockerfile

@@ -4,8 +4,7 @@
 FROM ubuntu:22.04
 ARG _JAVA_OPTIONS
 ENV _JAVA_OPTIONS=${_JAVA_OPTIONS}
-RUN apt-get update 
-RUN apt-get install -y openjdk-17-jdk
+RUN apt-get update && apt-get install -y openjdk-17-jre wget --no-install-recommends
 
 RUN useradd -ms /bin/bash fdo
 WORKDIR /home/fdo/
@@ -28,3 +27,6 @@ USER fdo
 
 # Configure and start all-in-one
 CMD ["/usr/lib/jvm/java-17-openjdk-amd64/bin/java", "-jar", "aio.jar"]
+
+#Docker image healthcheck
+HEALTHCHECK --interval=30s --timeout=30s CMD wget --spider -Y off http://localhost:8040/health || exit 1

component-samples/device/src/main/java/org/fidoalliance/fdo/sample/FdoSysDeviceModule.java

@@ -340,6 +340,12 @@ private void fetch(String fetchFileName, int mtu) throws IOException {
 
     String fileName = fetchFileName;
     logger.info("Filename " + fileName);
+
+    ServiceInfoKeyValuePair kvPair = new ServiceInfoKeyValuePair();
+    kvPair.setKeyName(FdoSys.FETCHFILE);
+    kvPair.setValue(Mapper.INSTANCE.writeValue(fileName));
+    queue.add(kvPair);
+
     if (!Path.of(fetchFileName).isAbsolute()) {
       fileName = Path.of(getAppData(), fetchFileName).toString();
     }

pom.xml

@@ -28,8 +28,8 @@
 
 
     <!-- Dependency Version -->
-    <bcpkix.version>1.74</bcpkix.version>
-    <bcprov.version>1.74</bcprov.version>
+    <bcpkix.version>1.76</bcpkix.version>
+    <bcprov.version>1.76</bcprov.version>
     <commons-beanutils.version>1.9.4</commons-beanutils.version>
     <commons-codec.version>1.15</commons-codec.version>
     <commons-text.version>1.10.0</commons-text.version>
@@ -42,15 +42,15 @@
     <log4j.version>2.17.2</log4j.version>
     <slf4j.version>1.7.36</slf4j.version>
     <hibernate.version>6.1.0.Final</hibernate.version>
-    <tomcat.version>10.1.10</tomcat.version>
+    <tomcat.version>10.1.15</tomcat.version>
     <apache-httpcomponents.version>4.5.13</apache-httpcomponents.version>
     <snakeyaml.version>2.0</snakeyaml.version>
     <jackson-dataformat.version>2.15.2</jackson-dataformat.version>
     <jackson-databind.version>2.15.2</jackson-databind.version>
     <cose-java.version>1.1.0</cose-java.version>
 
     <!-- Database Client Version -->
-    <h2db.version>2.2.220</h2db.version>
+    <h2db.version>2.2.224</h2db.version>
     <mariadb.version>3.0.5</mariadb.version>
     <mysql.version>8.0.33</mysql.version>
     <postgresql.version>42.5.2</postgresql.version>

protocol/src/main/java/org/fidoalliance/fdo/protocol/HttpClient.java

@@ -225,6 +225,11 @@ && index < getInstructions().size()
         }
 
         logger.info("all instructions exhausted");
+
+        if (getRequest().getMsgType() == MsgType.TO0_HELLO) {
+          logger.info("Failed TO0 with error: " + e.getMessage());
+        }
+
         throw new IOException(e);
       }
 

protocol/src/main/java/org/fidoalliance/fdo/protocol/StandardMessageDispatcher.java

@@ -447,6 +447,10 @@ protected void doTo0Hello(DispatchMessage request, DispatchMessage response) thr
     Nonce nonceTO0Sign = Nonce.fromRandomUuid();
     response.setAuthToken(createCwtSession(nonceTO0Sign));
 
+    if (request.getMessage().length != 1) {
+      throw new InvalidMessageException("Invalid message for the body");
+    }
+
     To0HelloAck helloAck = new To0HelloAck();
     helloAck.setNonce(nonceTO0Sign);
     response.setMessage(Mapper.INSTANCE.writeValue(helloAck));