Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add IS-10 support #333

Merged
merged 132 commits into from
Dec 15, 2023
Merged

Add IS-10 support #333

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
132 commits
Select commit Hold shift + click to select a range
3ce9fc4
Add IS-10 support
lo-simon Jan 4, 2023
b56f6e6
Use of IS-10 register_client_response schema to validate authorizatio…
lo-simon Jan 9, 2023
3fbda5e
Optimize and clean up authorization validation
lo-simon Jan 24, 2023
52935e9
Fix typo
lo-simon Feb 14, 2023
51f145e
Use the matching keyid between the jwks and the client assertion
lo-simon Feb 14, 2023
ab035ca
Add Access Token Error response handler for the Authorization Code Gr…
lo-simon Feb 20, 2023
647851d
lock before accessing authorization_state.authorization_flow
lo-simon Mar 1, 2023
985c11d
different port maybe used for the redirect_uri and the jwks_uri
lo-simon Mar 1, 2023
f6759ee
the redirect_uri and the jwks_uri are default using the same port
lo-simon Mar 1, 2023
81aa45f
use conan 1.59.0 rather than using the latest version 2.0.0
lo-simon Mar 2, 2023
15d8cb4
fix to support new AUTH test added to the latest nmos testsuite
lo-simon Mar 2, 2023
ab3aec1
Update comment
lo-simon Mar 2, 2023
32787cc
Use the lastest Conan 1.x version
lo-simon Mar 3, 2023
f7c8292
Merge remote-tracking branch 'origin/master' into is-10
lo-simon Mar 14, 2023
f9fd6fd
Merge branch 'sony:master' into is-10
lo-simon Apr 26, 2023
d209d13
Merge remote-tracking branch 'origin/master' into is-10
lo-simon Apr 28, 2023
6dc7e2c
Remove spaces
lo-simon Apr 28, 2023
b3bd3a0
Use jwt-cpp v0.7.0-rc.0 when not using conan, until v0.7 is released …
lo-simon Apr 28, 2023
eac8e69
Remove unnecessary copies
lo-simon Apr 28, 2023
9f80d38
Using std::ignore to avoid warnings from unused return value
lo-simon Apr 28, 2023
3c1a895
Add comments to show the default of the `authorization_redirect_port`…
lo-simon May 2, 2023
43aac27
Do tests with authorization enable
lo-simon May 2, 2023
7fe8597
Fix if...else...fi statement
lo-simon May 2, 2023
0e40511
IS-09-01, test_06 to test_12 are disable for authorization test
lo-simon May 2, 2023
807bae6
Enable authorization for windows and mac
lo-simon May 3, 2023
86c5201
Merge remote-tracking branch 'origin/master' into is-10
lo-simon May 16, 2023
9daf6e9
Update error log message
lo-simon May 22, 2023
4a0416b
Add `service_unavailable_retry_after` to settings
lo-simon May 22, 2023
0e22608
Set client-name and retry-after for Node and Registry
lo-simon May 22, 2023
9c97886
Set Node and Registry label and up the retry-after value to 15s. Mac …
lo-simon May 23, 2023
c393c2c
Display the hosts contents while running windows setup
lo-simon May 24, 2023
8760cc0
Ping host and host_ip before executing BCP-003-01 tests
lo-simon May 24, 2023
9e8e1d4
Use -n instead of -c for number of packets to be sent for ping
lo-simon May 24, 2023
8b156e1
Test testssl directly
lo-simon May 26, 2023
40d7d8a
Install hexdump for testssl.sh
lo-simon May 26, 2023
7c483ff
Remove sudo from install hexdump
lo-simon May 26, 2023
c9ccf2a
Change to use Vampire/setup-wsl@v2
lo-simon May 26, 2023
fd6f4d1
Replace wsl-bash with wsl-bash {0}
lo-simon May 26, 2023
f7e0e2c
Use of RUNNER_OS
lo-simon May 26, 2023
433a157
Do wsl-bash test for windows
lo-simon May 26, 2023
6d0759d
Install python & pip for WSL
lo-simon May 30, 2023
3cdf6ef
Fix elif typo
lo-simon May 30, 2023
c9d0f1c
Do apt-get update before install pip
lo-simon May 30, 2023
100c918
Force install pip
lo-simon May 30, 2023
3b71245
pip install requirements.txt without upgrade
lo-simon May 30, 2023
bb7480a
Remove test code
lo-simon May 30, 2023
b40c182
Install pip for WSL
lo-simon May 30, 2023
0308aaf
automate and unattended of apt-get
lo-simon May 31, 2023
100999c
variables are set using sudo not export
lo-simon May 31, 2023
f7ce383
Set zero interaction while installing pip
lo-simon May 31, 2023
abbb9b4
Return using curl to download and install WSL
lo-simon May 31, 2023
8ea0649
Merge branch 'master' into is-10
garethsb Jun 2, 2023
598c60b
Update build-test.yml
lo-simon Jun 2, 2023
9f67739
Merge remote-tracking branch 'origin/master' into is-10
lo-simon Jun 2, 2023
32e857e
Test bash location before and after wsl installation
lo-simon Jun 2, 2023
4653a4d
Check testssl version
lo-simon Jun 5, 2023
94b837a
Set TEST_SSL_BASH for testing
lo-simon Jun 5, 2023
98fddf8
Set TEST_SSL_BASH for windows
lo-simon Jun 5, 2023
1872569
Update TEST_SSL_BASH for windows
lo-simon Jun 6, 2023
5ddce8f
Check dig installed
lo-simon Jun 7, 2023
3364d8c
Install dig for windows
lo-simon Jun 8, 2023
36abd08
Remove sudo for windows
lo-simon Jun 8, 2023
e480637
Use bash to execute apt update
lo-simon Jun 8, 2023
c7ce271
Install dig for windows runner
lo-simon Jun 8, 2023
f8105e9
Use wsl bash to install dig for windows runner
lo-simon Jun 8, 2023
364fd37
No need to install dig for the windows runner, it has already install…
lo-simon Jun 9, 2023
a4584bc
No need to install dig to the windows runner, it has already installe…
lo-simon Jun 9, 2023
ead26ef
Add test to verify whether dig is working immediately after nmos-cpp-…
lo-simon Jun 9, 2023
b56a08f
Show dig results before running nmos-testing
lo-simon Jun 9, 2023
9eef440
Override the original BCP-003-01 test to include the ip address (--ip…
lo-simon Jun 12, 2023
76fed9f
Show the modified nmostesting/suites/BCP00301Test.py contents
lo-simon Jun 12, 2023
db585ec
Run tests with AUTH switched off
lo-simon Jun 13, 2023
e2104b2
Merge remote-tracking branch 'origin/master' into is-10
lo-simon Sep 25, 2023
f2f5170
lock shared resource while running public keys requests, and code tid…
lo-simon Sep 29, 2023
58e8926
Remove unnecessary debug traces
lo-simon Oct 2, 2023
de8facb
Start auth test on windows plaforms
lo-simon Oct 2, 2023
e043376
Due to unable to perform hostname to ip lookups in testssl.sh, "--ip"…
lo-simon Oct 3, 2023
11717da
Up the service_unavailable_retry_after to 25s as MacOS sometime taken…
lo-simon Oct 3, 2023
3a48438
In AUTH mode macOS Registry could take up to 20+ seconds for obtainin…
lo-simon Oct 4, 2023
67d8de3
Fix fetch token issuer's public keys, in event of receiving unknown i…
lo-simon Oct 4, 2023
c4e30d3
Fix fetch token issuer's public keys, in event of receiving unknown i…
lo-simon Oct 5, 2023
ddcc9e6
Rollback to not overriding perform_test_ssl in nmostesting.py to use …
lo-simon Oct 5, 2023
6877872
Rollback to not overriding run-noninteractive_tests in NMOSTesting.py…
lo-simon Oct 5, 2023
f4fae57
Extend the HTTP_TIMEOUT to identify the case of the mock jwks endpoin…
lo-simon Oct 9, 2023
039dbae
Stick to their relevant Authoriztaion servers for the authorization_b…
lo-simon Oct 9, 2023
0a62a2c
Down the HTTP_TIMEOUT to 2s
lo-simon Oct 9, 2023
657cb4c
Bump up jwt-cpp to 0.6.0
lo-simon Oct 10, 2023
3ed177c
Add missing files for jwt-cpp 0.6.0
lo-simon Oct 10, 2023
62c0570
Code tidy up
lo-simon Oct 10, 2023
e49280d
Bump up jwt-cpp to v0.7.0-rc.0 for non-conan build to support GCC-4.8…
lo-simon Oct 11, 2023
f441cd6
Add client_id and azp validation
lo-simon Oct 12, 2023
3e6e08a
Add JWT validation unit tests
lo-simon Oct 12, 2023
32b1496
Merge branch 'sony:master' into is-10
lo-simon Nov 3, 2023
c43e0e3
Merge branch 'sony:master' into is-10
lo-simon Nov 21, 2023
7ab8cd7
Add access token validation callback, and tidy up comments
lo-simon Nov 22, 2023
7842a56
Use const reference bearer token for the token fetch task
lo-simon Nov 23, 2023
a8a382a
Tidy up
lo-simon Nov 23, 2023
b6e4abb
Split the access token validation to basic validation (validate using…
lo-simon Nov 30, 2023
d463b98
Correct ws_validate_authorization usage after previous modification
lo-simon Nov 30, 2023
40ef839
Up JWT_VERSION_CUR to 0.6.0
lo-simon Nov 30, 2023
a244e0c
Link jwt-cpp library to nmos-cpp public
lo-simon Nov 30, 2023
925043c
Link jwt-cpp library to nmos-cpp-test
lo-simon Nov 30, 2023
01595f2
Update comment
lo-simon Dec 2, 2023
6272d59
Add missing jwk folder to install
lo-simon Dec 2, 2023
311bed6
Ehance the usage of the get_authorization_bearer_token_handler callback
lo-simon Dec 7, 2023
5ee5b30
Apply suggestions from code review
lo-simon Dec 8, 2023
86df138
Apply suggestions from code review
lo-simon Dec 13, 2023
63fcbe7
Remove unused jwt headers group
lo-simon Dec 14, 2023
046c761
Set non-conan jwt-cpp build and install directories
lo-simon Dec 14, 2023
fbf3ee7
Merge branch 'is-10' of https://github.com/lo-simon/nmos-cpp into is-10
lo-simon Dec 14, 2023
497eac1
Add Windows 2022 and Ubuntu 22.04 targets without authorization.
jonathan-r-thorpe Dec 14, 2023
e8ca5d7
Add authorization status to build target name
jonathan-r-thorpe Dec 14, 2023
9464642
build the yml
lo-simon Dec 14, 2023
fa21416
Fix the formatting
lo-simon Dec 14, 2023
7f1eb54
Fix the YML formatting
lo-simon Dec 14, 2023
401e643
Re-gen build-test.yml
lo-simon Dec 14, 2023
0cfb811
Fix build-test.yml formatting
lo-simon Dec 14, 2023
10a84cd
Fix running non-auth mode in run_nmos_testing script
lo-simon Dec 14, 2023
fb8609e
Config auth and non-auth nmos-cpp-node/registry with label
lo-simon Dec 14, 2023
d6614f1
Fix nmos-cpp-node to run in non-auth mode
lo-simon Dec 14, 2023
e000094
Apply suggestions from code review
lo-simon Dec 15, 2023
771948f
Apply suggestions from code review
lo-simon Dec 15, 2023
d22b02f
Update comments on IS-10 support
lo-simon Dec 15, 2023
490edbc
Update readme
lo-simon Dec 15, 2023
feb6c36
Add auth mode to artifact directory name
jonathan-r-thorpe Dec 15, 2023
6a9c386
Update Readme
lo-simon Dec 15, 2023
73a6c74
Fix output result
lo-simon Dec 15, 2023
f854993
Update readme
lo-simon Dec 15, 2023
0fbf787
Update Development/nmos-cpp-node/config.json
lo-simon Dec 15, 2023
d0d3ba0
Merge branch 'is-10' of https://github.com/lo-simon/nmos-cpp into is-10
lo-simon Dec 15, 2023
6fcd569
Remove summary tag to match with nmos-cpp comment style
lo-simon Dec 15, 2023
b900da2
Bump up jwt-cpp to v0.7.0
lo-simon Dec 15, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
133 changes: 95 additions & 38 deletions .github/workflows/build-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ env:
SECRET_RESULTS_SHEET_ID: ${{ secrets.RESULTS_SHEET_ID }}
jobs:
build_and_test:
name: '${{ matrix.os }}: build and test (install mdns: ${{ matrix.install_mdns }}, use conan: ${{ matrix.use_conan }}, force cpprest asio: ${{ matrix.force_cpprest_asio }}, dns-sd mode: ${{ matrix.dns_sd_mode}})'
name: '${{ matrix.os }}: build and test (install mdns: ${{ matrix.install_mdns }}, use conan: ${{ matrix.use_conan }}, force cpprest asio: ${{ matrix.force_cpprest_asio }}, dns-sd mode: ${{ matrix.dns_sd_mode}}, enable_authorization: ${{ matrix.enable_authorization }})'
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
Expand All @@ -22,8 +22,15 @@ jobs:
use_conan: [true]
force_cpprest_asio: [false]
dns_sd_mode: [multicast, unicast]
enable_authorization: [false, true]
exclude:
# install_mdns is only meaningful on Linux
- os: macos-11
enable_authorization: false
- os: windows-2019
enable_authorization: false
- os: ubuntu-20.04
enable_authorization: false
- os: macos-11
install_mdns: true
- os: windows-2019
Expand All @@ -38,34 +45,55 @@ jobs:
- os: ubuntu-20.04
install_mdns: true
dns_sd_mode: unicast
enable_authorization: true
include:
- os: windows-2022
install_mdns: false
use_conan: true
force_cpprest_asio: true
dns_sd_mode: multicast
enable_authorization: true
- os: windows-2022
install_mdns: false
use_conan: true
force_cpprest_asio: true
dns_sd_mode: multicast
enable_authorization: false
- os: ubuntu-22.04
install_mdns: false
use_conan: true
force_cpprest_asio: false
dns_sd_mode: multicast
enable_authorization: true
- os: ubuntu-22.04
install_mdns: false
use_conan: true
force_cpprest_asio: false
dns_sd_mode: multicast
enable_authorization: false

steps:
- uses: actions/checkout@v3

- name: set environment variables
shell: bash
run: |
if [[ "${{ matrix.enable_authorization }}" == "true" ]]; then
authorization_mode=auth
else
authorization_mode=noauth
fi

if [[ "${{ runner.os }}" == "Linux" ]]; then
if [[ "${{ matrix.install_mdns }}" == "true" ]]; then
echo "BUILD_NAME=${{ matrix.os }}_mdns_${{ matrix.dns_sd_mode }}" >> $GITHUB_ENV
echo "BUILD_NAME=${{ matrix.os }}_mdns_${{ matrix.dns_sd_mode }}_$authorization_mode" >> $GITHUB_ENV
else
echo "BUILD_NAME=${{ matrix.os }}_avahi_${{ matrix.dns_sd_mode }}" >> $GITHUB_ENV
echo "BUILD_NAME=${{ matrix.os }}_avahi_${{ matrix.dns_sd_mode }}_$authorization_mode" >> $GITHUB_ENV
fi
elif [[ "${{ matrix.force_cpprest_asio }}" == "true" ]]; then
echo "BUILD_NAME=${{ matrix.os }}_asio" >> $GITHUB_ENV
echo "BUILD_NAME=${{ matrix.os }}_asio_$authorization_mode" >> $GITHUB_ENV
else
echo "BUILD_NAME=${{ matrix.os }}" >> $GITHUB_ENV
echo "BUILD_NAME=${{ matrix.os }}_auth_$authorization_mode" >> $GITHUB_ENV
fi
GITHUB_COMMIT=`echo "${{ github.sha }}" | cut -c1-7`
echo "GITHUB_COMMIT=$GITHUB_COMMIT" >> $GITHUB_ENV
Expand Down Expand Up @@ -344,10 +372,23 @@ jobs:
git clone https://github.com/AMWA-TV/nmos-testing.git
cd nmos-testing

# Configure the Testing Tool so all APIs are tested with TLS
printf "from . import Config as CONFIG\nCONFIG.ENABLE_HTTPS = True\n" > nmostesting/UserConfig.py
# Configure the Testing Tool so all APIs are tested with TLS and authorization
printf "from . import Config as CONFIG\nCONFIG.ENABLE_HTTPS = True\nCONFIG.MOCK_SERVICES_WARM_UP_DELAY = 30\nCONFIG.HTTP_TIMEOUT = 2\n" > nmostesting/UserConfig.py
# Set the DNS-SD mode
printf 'CONFIG.DNS_SD_MODE = "'${{ matrix.dns_sd_mode }}'"\n' >> nmostesting/UserConfig.py
# Set the client JWKS_URI for mock Authorization Server to obtain the client JSON Web Key Set (public keys) to verify the client_assertion, when the client is requesting the access token
if [[ "${{ matrix.dns_sd_mode }}" == "multicast" ]]; then
hostname=nmos-api.local
else
hostname=api.testsuite.nmos.tv
fi
printf 'CONFIG.JWKS_URI = "https://'${hostname}':1080/x-authorization/jwks"\n' >> nmostesting/UserConfig.py

if [[ "${{matrix.enable_authorization}}" == "true" ]]; then
printf 'CONFIG.ENABLE_AUTH = True\n' >> nmostesting/UserConfig.py
else
printf 'CONFIG.ENABLE_AUTH = False\n' >> nmostesting/UserConfig.py
fi

# Download testssl
cd testssl
Expand Down Expand Up @@ -386,20 +427,21 @@ jobs:
pip install -r utilities/run-test-suites/gsheetsImport/requirements.txt

if [[ "${{ runner.os }}" == "Windows" ]]; then
certutil -enterprise -addstore -user root test_data\\BCP00301\\ca\\certs\\ca.cert.pem
certutil -enterprise -addstore -user ca test_data\\BCP00301\\ca\\intermediate\\certs\\intermediate.cert.pem
certutil -importpfx -enterprise test_data\\BCP00301\\ca\\intermediate\\certs\\ecdsa.api.testsuite.nmos.tv.cert.chain.pfx
certutil -importpfx -enterprise test_data\\BCP00301\\ca\\intermediate\\certs\\rsa.api.testsuite.nmos.tv.cert.chain.pfx

# RSA
netsh http add sslcert ipport=0.0.0.0:1080 certhash=021d50df2177c07095485184206ee2297e50b65c appid="{00000000-0000-0000-0000-000000000000}"
# ECDSA
#netsh http add sslcert ipport=0.0.0.0:1080 certhash=875eca592c49120254b32bb8bed90ac3679015a5 appid="{00000000-0000-0000-0000-000000000000}"

# RSA
netsh http add sslcert ipport=0.0.0.0:8088 certhash=021d50df2177c07095485184206ee2297e50b65c appid="{00000000-0000-0000-0000-000000000000}"
# ECDSA
#netsh http add sslcert ipport=0.0.0.0:8088 certhash=875eca592c49120254b32bb8bed90ac3679015a5 appid="{00000000-0000-0000-0000-000000000000}"
# install certificates
certutil -enterprise -addstore -user root test_data\\BCP00301\\ca\\certs\\ca.cert.pem
certutil -enterprise -addstore -user ca test_data\\BCP00301\\ca\\intermediate\\certs\\intermediate.cert.pem
certutil -importpfx -enterprise test_data\\BCP00301\\ca\\intermediate\\certs\\ecdsa.api.testsuite.nmos.tv.cert.chain.pfx
certutil -importpfx -enterprise test_data\\BCP00301\\ca\\intermediate\\certs\\rsa.api.testsuite.nmos.tv.cert.chain.pfx

# RSA
netsh http add sslcert ipport=0.0.0.0:1080 certhash=021d50df2177c07095485184206ee2297e50b65c appid="{00000000-0000-0000-0000-000000000000}"
# ECDSA
#netsh http add sslcert ipport=0.0.0.0:1080 certhash=875eca592c49120254b32bb8bed90ac3679015a5 appid="{00000000-0000-0000-0000-000000000000}"

# RSA
netsh http add sslcert ipport=0.0.0.0:8088 certhash=021d50df2177c07095485184206ee2297e50b65c appid="{00000000-0000-0000-0000-000000000000}"
# ECDSA
#netsh http add sslcert ipport=0.0.0.0:8088 certhash=875eca592c49120254b32bb8bed90ac3679015a5 appid="{00000000-0000-0000-0000-000000000000}"
fi

if [[ "${{ runner.os }}" == "macOS" ]]; then
Expand Down Expand Up @@ -534,7 +576,7 @@ jobs:


build_and_test_ubuntu_14:
name: '${{ matrix.os }}: build and test (install mdns: ${{ matrix.install_mdns }}, use conan: ${{ matrix.use_conan }}, force cpprest asio: ${{ matrix.force_cpprest_asio }}, dns-sd mode: ${{ matrix.dns_sd_mode}})'
name: '${{ matrix.os }}: build and test (install mdns: ${{ matrix.install_mdns }}, use conan: ${{ matrix.use_conan }}, force cpprest asio: ${{ matrix.force_cpprest_asio }}, dns-sd mode: ${{ matrix.dns_sd_mode}}, enable_authorization: ${{ matrix.enable_authorization }})'
runs-on: ubuntu-20.04
container:
image: ubuntu:14.04
Expand All @@ -546,6 +588,7 @@ jobs:
use_conan: [false]
force_cpprest_asio: [false]
dns_sd_mode: [multicast]
enable_authorization: [true]

steps:
- uses: actions/checkout@v3
Expand Down Expand Up @@ -865,10 +908,23 @@ jobs:
git clone https://github.com/AMWA-TV/nmos-testing.git
cd nmos-testing

# Configure the Testing Tool so all APIs are tested with TLS
printf "from . import Config as CONFIG\nCONFIG.ENABLE_HTTPS = True\n" > nmostesting/UserConfig.py
# Configure the Testing Tool so all APIs are tested with TLS and authorization
printf "from . import Config as CONFIG\nCONFIG.ENABLE_HTTPS = True\nCONFIG.MOCK_SERVICES_WARM_UP_DELAY = 30\nCONFIG.HTTP_TIMEOUT = 2\n" > nmostesting/UserConfig.py
# Set the DNS-SD mode
printf 'CONFIG.DNS_SD_MODE = "'${{ matrix.dns_sd_mode }}'"\n' >> nmostesting/UserConfig.py
# Set the client JWKS_URI for mock Authorization Server to obtain the client JSON Web Key Set (public keys) to verify the client_assertion, when the client is requesting the access token
if [[ "${{ matrix.dns_sd_mode }}" == "multicast" ]]; then
hostname=nmos-api.local
else
hostname=api.testsuite.nmos.tv
fi
printf 'CONFIG.JWKS_URI = "https://'${hostname}':1080/x-authorization/jwks"\n' >> nmostesting/UserConfig.py

if [[ "${{matrix.enable_authorization}}" == "true" ]]; then
printf 'CONFIG.ENABLE_AUTH = True\n' >> nmostesting/UserConfig.py
else
printf 'CONFIG.ENABLE_AUTH = False\n' >> nmostesting/UserConfig.py
fi

# Download testssl
cd testssl
Expand Down Expand Up @@ -907,20 +963,21 @@ jobs:
pip install -r utilities/run-test-suites/gsheetsImport/requirements.txt

if [[ "${{ runner.os }}" == "Windows" ]]; then
certutil -enterprise -addstore -user root test_data\\BCP00301\\ca\\certs\\ca.cert.pem
certutil -enterprise -addstore -user ca test_data\\BCP00301\\ca\\intermediate\\certs\\intermediate.cert.pem
certutil -importpfx -enterprise test_data\\BCP00301\\ca\\intermediate\\certs\\ecdsa.api.testsuite.nmos.tv.cert.chain.pfx
certutil -importpfx -enterprise test_data\\BCP00301\\ca\\intermediate\\certs\\rsa.api.testsuite.nmos.tv.cert.chain.pfx

# RSA
netsh http add sslcert ipport=0.0.0.0:1080 certhash=021d50df2177c07095485184206ee2297e50b65c appid="{00000000-0000-0000-0000-000000000000}"
# ECDSA
#netsh http add sslcert ipport=0.0.0.0:1080 certhash=875eca592c49120254b32bb8bed90ac3679015a5 appid="{00000000-0000-0000-0000-000000000000}"

# RSA
netsh http add sslcert ipport=0.0.0.0:8088 certhash=021d50df2177c07095485184206ee2297e50b65c appid="{00000000-0000-0000-0000-000000000000}"
# ECDSA
#netsh http add sslcert ipport=0.0.0.0:8088 certhash=875eca592c49120254b32bb8bed90ac3679015a5 appid="{00000000-0000-0000-0000-000000000000}"
# install certificates
certutil -enterprise -addstore -user root test_data\\BCP00301\\ca\\certs\\ca.cert.pem
certutil -enterprise -addstore -user ca test_data\\BCP00301\\ca\\intermediate\\certs\\intermediate.cert.pem
certutil -importpfx -enterprise test_data\\BCP00301\\ca\\intermediate\\certs\\ecdsa.api.testsuite.nmos.tv.cert.chain.pfx
certutil -importpfx -enterprise test_data\\BCP00301\\ca\\intermediate\\certs\\rsa.api.testsuite.nmos.tv.cert.chain.pfx

# RSA
netsh http add sslcert ipport=0.0.0.0:1080 certhash=021d50df2177c07095485184206ee2297e50b65c appid="{00000000-0000-0000-0000-000000000000}"
# ECDSA
#netsh http add sslcert ipport=0.0.0.0:1080 certhash=875eca592c49120254b32bb8bed90ac3679015a5 appid="{00000000-0000-0000-0000-000000000000}"

# RSA
netsh http add sslcert ipport=0.0.0.0:8088 certhash=021d50df2177c07095485184206ee2297e50b65c appid="{00000000-0000-0000-0000-000000000000}"
# ECDSA
#netsh http add sslcert ipport=0.0.0.0:8088 certhash=875eca592c49120254b32bb8bed90ac3679015a5 appid="{00000000-0000-0000-0000-000000000000}"
fi

if [[ "${{ runner.os }}" == "macOS" ]]; then
Expand Down
46 changes: 30 additions & 16 deletions .github/workflows/src/amwa-test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,24 @@
git clone https://github.com/AMWA-TV/nmos-testing.git
cd nmos-testing

# Configure the Testing Tool so all APIs are tested with TLS
printf "from . import Config as CONFIG\nCONFIG.ENABLE_HTTPS = True\n" > nmostesting/UserConfig.py
# Configure the Testing Tool so all APIs are tested with TLS and authorization
printf "from . import Config as CONFIG\nCONFIG.ENABLE_HTTPS = True\nCONFIG.MOCK_SERVICES_WARM_UP_DELAY = 30\nCONFIG.HTTP_TIMEOUT = 2\n" > nmostesting/UserConfig.py
# Set the DNS-SD mode
printf 'CONFIG.DNS_SD_MODE = "'${{ matrix.dns_sd_mode }}'"\n' >> nmostesting/UserConfig.py
# Set the client JWKS_URI for mock Authorization Server to obtain the client JSON Web Key Set (public keys) to verify the client_assertion, when the client is requesting the access token
if [[ "${{ matrix.dns_sd_mode }}" == "multicast" ]]; then
hostname=nmos-api.local
else
hostname=api.testsuite.nmos.tv
fi
printf 'CONFIG.JWKS_URI = "https://'${hostname}':1080/x-authorization/jwks"\n' >> nmostesting/UserConfig.py

if [[ "${{matrix.enable_authorization}}" == "true" ]]; then
printf 'CONFIG.ENABLE_AUTH = True\n' >> nmostesting/UserConfig.py
else
printf 'CONFIG.ENABLE_AUTH = False\n' >> nmostesting/UserConfig.py
fi

# Download testssl
cd testssl
curl -L https://github.com/drwetter/testssl.sh/archive/v3.0.7.tar.gz -s | tar -xvzf - --strip-components=1 > /dev/null
Expand Down Expand Up @@ -61,20 +74,21 @@
pip install -r utilities/run-test-suites/gsheetsImport/requirements.txt

if [[ "${{ runner.os }}" == "Windows" ]]; then
certutil -enterprise -addstore -user root test_data\\BCP00301\\ca\\certs\\ca.cert.pem
certutil -enterprise -addstore -user ca test_data\\BCP00301\\ca\\intermediate\\certs\\intermediate.cert.pem
certutil -importpfx -enterprise test_data\\BCP00301\\ca\\intermediate\\certs\\ecdsa.api.testsuite.nmos.tv.cert.chain.pfx
certutil -importpfx -enterprise test_data\\BCP00301\\ca\\intermediate\\certs\\rsa.api.testsuite.nmos.tv.cert.chain.pfx

# RSA
netsh http add sslcert ipport=0.0.0.0:1080 certhash=021d50df2177c07095485184206ee2297e50b65c appid="{00000000-0000-0000-0000-000000000000}"
# ECDSA
#netsh http add sslcert ipport=0.0.0.0:1080 certhash=875eca592c49120254b32bb8bed90ac3679015a5 appid="{00000000-0000-0000-0000-000000000000}"

# RSA
netsh http add sslcert ipport=0.0.0.0:8088 certhash=021d50df2177c07095485184206ee2297e50b65c appid="{00000000-0000-0000-0000-000000000000}"
# ECDSA
#netsh http add sslcert ipport=0.0.0.0:8088 certhash=875eca592c49120254b32bb8bed90ac3679015a5 appid="{00000000-0000-0000-0000-000000000000}"
# install certificates
certutil -enterprise -addstore -user root test_data\\BCP00301\\ca\\certs\\ca.cert.pem
certutil -enterprise -addstore -user ca test_data\\BCP00301\\ca\\intermediate\\certs\\intermediate.cert.pem
certutil -importpfx -enterprise test_data\\BCP00301\\ca\\intermediate\\certs\\ecdsa.api.testsuite.nmos.tv.cert.chain.pfx
certutil -importpfx -enterprise test_data\\BCP00301\\ca\\intermediate\\certs\\rsa.api.testsuite.nmos.tv.cert.chain.pfx

# RSA
netsh http add sslcert ipport=0.0.0.0:1080 certhash=021d50df2177c07095485184206ee2297e50b65c appid="{00000000-0000-0000-0000-000000000000}"
# ECDSA
#netsh http add sslcert ipport=0.0.0.0:1080 certhash=875eca592c49120254b32bb8bed90ac3679015a5 appid="{00000000-0000-0000-0000-000000000000}"

# RSA
netsh http add sslcert ipport=0.0.0.0:8088 certhash=021d50df2177c07095485184206ee2297e50b65c appid="{00000000-0000-0000-0000-000000000000}"
# ECDSA
#netsh http add sslcert ipport=0.0.0.0:8088 certhash=875eca592c49120254b32bb8bed90ac3679015a5 appid="{00000000-0000-0000-0000-000000000000}"
fi

if [[ "${{ runner.os }}" == "macOS" ]]; then
Expand Down
Loading
Loading