Documentation update and fix issue #118

[jfernandezsqs]

• Added to the Installation Guide how to view and change the DSC required certificates permissions.
• Fix issue #118. It was found that using version OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022) does not generate correctly the client_id value at the DAPS/config/clients.yml list (missing keyid value between SKI and AKI). It has been modified register_connector.sh script for the correct registration of certificates at the DAPS's client list. Now, it has been checked that it is possible to use different versions of OpenSSL to register at the DAPS the certificates required during the Installation Guide document.

[jfernandezsqs]

@ssteinbuss , @mokamhuber if you know of anyone else who can review this pull request please assign them to it.

[IgorBalog-Eng]

openssl version OpenSSL 3.1.0 14 Mar 2023 (Library: OpenSSL 3.1.0 14 Mar 2023) (updated recently to this version, I could not try with older, like in issue description)

Downloaded Documentation-update branch and executed following steps:

Creation of a Device Certificate python pki.py cert create --subCA ReferenceTestbedSubCA --common-name Igor --algo rsa --bits 2048 --hash sha256 --country-name RS --organization-name IgorACME --unit-name IgorTestLab --server --client --san-name igor.acme --san-ip 127.0.0.1 output: Igor.crt Igor.key

openssl pkcs12 -export -out Igor.p12 -inkey Igor.key -in Igor.crt -passout pass:password outout: Igor.p12

openssl pkcs12 -in Igor.p12 -out Igor.cert -nokeys -nodes -passin pass:password output: Igor.cert

Copied Igor.cert file to IDS-testbed-Documentation-update\DAPS\keys\

Executed: IDS-testbed-Documentation-update\DAPS> .\register_connector.sh Igor

Verified clients.yml

• client_id: 80:DC:8F:29:4A:C9:3B:EC:EE:B0:D2:74:24:B0:4A:4A:24:09:85:FE:keyid:41:30:3C:7E:87:C2:EF:66:72:27:91:82:EF:56:E9:0C:5C:2B:BC:2B client_name: Igor grant_types: client_credentials token_endpoint_auth_method: private_key_jwt scope: idsc:IDS_CONNECTOR_ATTRIBUTES_ALL attributes:
  • key: idsc value: IDS_CONNECTOR_ATTRIBUTES_ALL
  • key: securityProfile value: idsc:BASE_SECURITY_PROFILE
  • key: referringConnector value: http://Igor.demo
  • key: "@type" value: ids:DatPayload
  • key: "@context" value: https://w3id.org/idsa/contexts/context.jsonld
  • key: transportCertsSha256 value: 58be73c49dfac9ba704febe23c3da4317ba102688244609b8d74f9fdf2785b6b import_certfile: keys/Igor.cert

Tried in TRUEConnector, to fetch jwt from Omejdn:

{ "scope": "idsc:IDS_CONNECTOR_ATTRIBUTES_ALL", "aud": [ "idsc:IDS_CONNECTORS_ALL" ], "iss": "https://omejdn/auth", "sub": "80:DC:8F:29:4A:C9:3B:EC:EE:B0:D2:74:24:B0:4A:4A:24:09:85:FE:keyid:41:30:3C:7E:87:C2:EF:66:72:27:91:82:EF:56:E9:0C:5C:2B:BC:2B", "nbf": 1680691684, "iat": 1680691684, "jti": "b285df5a-62ce-48e6-83f7-ed0af0112207", "exp": 1680695284, "client_id": "80:DC:8F:29:4A:C9:3B:EC:EE:B0:D2:74:24:B0:4A:4A:24:09:85:FE:keyid:41:30:3C:7E:87:C2:EF:66:72:27:91:82:EF:56:E9:0C:5C:2B:BC:2B", "securityProfile": "idsc:BASE_SECURITY_PROFILE", "referringConnector": "http://Igor.demo", "@type": "ids:DatPayload", "@context": "https://w3id.org/idsa/contexts/context.jsonld", "transportCertsSha256": "58be73c49dfac9ba704febe23c3da4317ba102688244609b8d74f9fdf2785b6b" }

Performed Contract negotiation with TestBed DSC connector and it was successful using Igor.p12 keystore.