Add IS-10 support

.github/workflows/build-test.yml

@@ -344,10 +344,17 @@ jobs:
         git clone https://github.com/AMWA-TV/nmos-testing.git
         cd nmos-testing
 
-        # Configure the Testing Tool so all APIs are tested with TLS
-        printf "from . import Config as CONFIG\nCONFIG.ENABLE_HTTPS = True\n" > nmostesting/UserConfig.py
+        # Configure the Testing Tool so all APIs are tested with TLS and authorization
+        printf "from . import Config as CONFIG\nCONFIG.ENABLE_HTTPS = True\nCONFIG.ENABLE_AUTH = True\nCONFIG.MOCK_SERVICES_WARM_UP_DELAY = 30\nCONFIG.HTTP_TIMEOUT = 2\n" > nmostesting/UserConfig.py
         # Set the DNS-SD mode
         printf 'CONFIG.DNS_SD_MODE = "'${{ matrix.dns_sd_mode }}'"\n' >> nmostesting/UserConfig.py
+        # Set the client JWKS_URI for mock Authorization Server to obtain the client JSON Web Key Set (public keys) to verify the client_assertion, when the client is requesting the access token
+        if [[ "${{ matrix.dns_sd_mode }}" == "multicast" ]]; then
+          hostname=nmos-api.local
+        else
+          hostname=api.testsuite.nmos.tv
+        fi
+        printf 'CONFIG.JWKS_URI = "https://'${hostname}':1080/x-authorization/jwks"\n' >> nmostesting/UserConfig.py
 
         # Download testssl
         cd testssl
@@ -386,20 +393,21 @@ jobs:
         pip install -r utilities/run-test-suites/gsheetsImport/requirements.txt
 
         if [[ "${{ runner.os }}" == "Windows" ]]; then
-            certutil -enterprise -addstore -user root test_data\\BCP00301\\ca\\certs\\ca.cert.pem
-            certutil -enterprise -addstore -user ca test_data\\BCP00301\\ca\\intermediate\\certs\\intermediate.cert.pem
-            certutil -importpfx -enterprise test_data\\BCP00301\\ca\\intermediate\\certs\\ecdsa.api.testsuite.nmos.tv.cert.chain.pfx
-            certutil -importpfx -enterprise test_data\\BCP00301\\ca\\intermediate\\certs\\rsa.api.testsuite.nmos.tv.cert.chain.pfx
-
-            # RSA
-            netsh http add sslcert ipport=0.0.0.0:1080 certhash=021d50df2177c07095485184206ee2297e50b65c appid="{00000000-0000-0000-0000-000000000000}"
-            # ECDSA
-            #netsh http add sslcert ipport=0.0.0.0:1080 certhash=875eca592c49120254b32bb8bed90ac3679015a5 appid="{00000000-0000-0000-0000-000000000000}"
-
-            # RSA
-            netsh http add sslcert ipport=0.0.0.0:8088 certhash=021d50df2177c07095485184206ee2297e50b65c appid="{00000000-0000-0000-0000-000000000000}"
-            # ECDSA
-            #netsh http add sslcert ipport=0.0.0.0:8088 certhash=875eca592c49120254b32bb8bed90ac3679015a5 appid="{00000000-0000-0000-0000-000000000000}"
+          # install certificates
+          certutil -enterprise -addstore -user root test_data\\BCP00301\\ca\\certs\\ca.cert.pem
+          certutil -enterprise -addstore -user ca test_data\\BCP00301\\ca\\intermediate\\certs\\intermediate.cert.pem
+          certutil -importpfx -enterprise test_data\\BCP00301\\ca\\intermediate\\certs\\ecdsa.api.testsuite.nmos.tv.cert.chain.pfx
+          certutil -importpfx -enterprise test_data\\BCP00301\\ca\\intermediate\\certs\\rsa.api.testsuite.nmos.tv.cert.chain.pfx
+
+          # RSA
+          netsh http add sslcert ipport=0.0.0.0:1080 certhash=021d50df2177c07095485184206ee2297e50b65c appid="{00000000-0000-0000-0000-000000000000}"
+          # ECDSA
+          #netsh http add sslcert ipport=0.0.0.0:1080 certhash=875eca592c49120254b32bb8bed90ac3679015a5 appid="{00000000-0000-0000-0000-000000000000}"
+
+          # RSA
+          netsh http add sslcert ipport=0.0.0.0:8088 certhash=021d50df2177c07095485184206ee2297e50b65c appid="{00000000-0000-0000-0000-000000000000}"
+          # ECDSA
+          #netsh http add sslcert ipport=0.0.0.0:8088 certhash=875eca592c49120254b32bb8bed90ac3679015a5 appid="{00000000-0000-0000-0000-000000000000}"
         fi
 
         if [[ "${{ runner.os }}" == "macOS" ]]; then
@@ -865,10 +873,17 @@ jobs:
         git clone https://github.com/AMWA-TV/nmos-testing.git
         cd nmos-testing
 
-        # Configure the Testing Tool so all APIs are tested with TLS
-        printf "from . import Config as CONFIG\nCONFIG.ENABLE_HTTPS = True\n" > nmostesting/UserConfig.py
+        # Configure the Testing Tool so all APIs are tested with TLS and authorization
+        printf "from . import Config as CONFIG\nCONFIG.ENABLE_HTTPS = True\nCONFIG.ENABLE_AUTH = True\nCONFIG.MOCK_SERVICES_WARM_UP_DELAY = 30\nCONFIG.HTTP_TIMEOUT = 2\n" > nmostesting/UserConfig.py
         # Set the DNS-SD mode
         printf 'CONFIG.DNS_SD_MODE = "'${{ matrix.dns_sd_mode }}'"\n' >> nmostesting/UserConfig.py
+        # Set the client JWKS_URI for mock Authorization Server to obtain the client JSON Web Key Set (public keys) to verify the client_assertion, when the client is requesting the access token
+        if [[ "${{ matrix.dns_sd_mode }}" == "multicast" ]]; then
+          hostname=nmos-api.local
+        else
+          hostname=api.testsuite.nmos.tv
+        fi
+        printf 'CONFIG.JWKS_URI = "https://'${hostname}':1080/x-authorization/jwks"\n' >> nmostesting/UserConfig.py
 
         # Download testssl
         cd testssl
@@ -907,20 +922,21 @@ jobs:
         pip install -r utilities/run-test-suites/gsheetsImport/requirements.txt
 
         if [[ "${{ runner.os }}" == "Windows" ]]; then
-            certutil -enterprise -addstore -user root test_data\\BCP00301\\ca\\certs\\ca.cert.pem
-            certutil -enterprise -addstore -user ca test_data\\BCP00301\\ca\\intermediate\\certs\\intermediate.cert.pem
-            certutil -importpfx -enterprise test_data\\BCP00301\\ca\\intermediate\\certs\\ecdsa.api.testsuite.nmos.tv.cert.chain.pfx
-            certutil -importpfx -enterprise test_data\\BCP00301\\ca\\intermediate\\certs\\rsa.api.testsuite.nmos.tv.cert.chain.pfx
-
-            # RSA
-            netsh http add sslcert ipport=0.0.0.0:1080 certhash=021d50df2177c07095485184206ee2297e50b65c appid="{00000000-0000-0000-0000-000000000000}"
-            # ECDSA
-            #netsh http add sslcert ipport=0.0.0.0:1080 certhash=875eca592c49120254b32bb8bed90ac3679015a5 appid="{00000000-0000-0000-0000-000000000000}"
-
-            # RSA
-            netsh http add sslcert ipport=0.0.0.0:8088 certhash=021d50df2177c07095485184206ee2297e50b65c appid="{00000000-0000-0000-0000-000000000000}"
-            # ECDSA
-            #netsh http add sslcert ipport=0.0.0.0:8088 certhash=875eca592c49120254b32bb8bed90ac3679015a5 appid="{00000000-0000-0000-0000-000000000000}"
+          # install certificates
+          certutil -enterprise -addstore -user root test_data\\BCP00301\\ca\\certs\\ca.cert.pem
+          certutil -enterprise -addstore -user ca test_data\\BCP00301\\ca\\intermediate\\certs\\intermediate.cert.pem
+          certutil -importpfx -enterprise test_data\\BCP00301\\ca\\intermediate\\certs\\ecdsa.api.testsuite.nmos.tv.cert.chain.pfx
+          certutil -importpfx -enterprise test_data\\BCP00301\\ca\\intermediate\\certs\\rsa.api.testsuite.nmos.tv.cert.chain.pfx
+
+          # RSA
+          netsh http add sslcert ipport=0.0.0.0:1080 certhash=021d50df2177c07095485184206ee2297e50b65c appid="{00000000-0000-0000-0000-000000000000}"
+          # ECDSA
+          #netsh http add sslcert ipport=0.0.0.0:1080 certhash=875eca592c49120254b32bb8bed90ac3679015a5 appid="{00000000-0000-0000-0000-000000000000}"
+
+          # RSA
+          netsh http add sslcert ipport=0.0.0.0:8088 certhash=021d50df2177c07095485184206ee2297e50b65c appid="{00000000-0000-0000-0000-000000000000}"
+          # ECDSA
+          #netsh http add sslcert ipport=0.0.0.0:8088 certhash=875eca592c49120254b32bb8bed90ac3679015a5 appid="{00000000-0000-0000-0000-000000000000}"
         fi
 
         if [[ "${{ runner.os }}" == "macOS" ]]; then

.github/workflows/src/amwa-test.yml

@@ -19,10 +19,17 @@
     git clone https://github.com/AMWA-TV/nmos-testing.git
     cd nmos-testing
 
-    # Configure the Testing Tool so all APIs are tested with TLS
-    printf "from . import Config as CONFIG\nCONFIG.ENABLE_HTTPS = True\n" > nmostesting/UserConfig.py
+    # Configure the Testing Tool so all APIs are tested with TLS and authorization
+    printf "from . import Config as CONFIG\nCONFIG.ENABLE_HTTPS = True\nCONFIG.ENABLE_AUTH = True\nCONFIG.MOCK_SERVICES_WARM_UP_DELAY = 30\nCONFIG.HTTP_TIMEOUT = 2\n" > nmostesting/UserConfig.py
     # Set the DNS-SD mode
     printf 'CONFIG.DNS_SD_MODE = "'${{ matrix.dns_sd_mode }}'"\n' >> nmostesting/UserConfig.py
+    # Set the client JWKS_URI for mock Authorization Server to obtain the client JSON Web Key Set (public keys) to verify the client_assertion, when the client is requesting the access token
+    if [[ "${{ matrix.dns_sd_mode }}" == "multicast" ]]; then
+      hostname=nmos-api.local
+    else
+      hostname=api.testsuite.nmos.tv
+    fi
+    printf 'CONFIG.JWKS_URI = "https://'${hostname}':1080/x-authorization/jwks"\n' >> nmostesting/UserConfig.py
 
     # Download testssl
     cd testssl
@@ -61,20 +68,21 @@
     pip install -r utilities/run-test-suites/gsheetsImport/requirements.txt
 
     if [[ "${{ runner.os }}" == "Windows" ]]; then
-        certutil -enterprise -addstore -user root test_data\\BCP00301\\ca\\certs\\ca.cert.pem
-        certutil -enterprise -addstore -user ca test_data\\BCP00301\\ca\\intermediate\\certs\\intermediate.cert.pem
-        certutil -importpfx -enterprise test_data\\BCP00301\\ca\\intermediate\\certs\\ecdsa.api.testsuite.nmos.tv.cert.chain.pfx
-        certutil -importpfx -enterprise test_data\\BCP00301\\ca\\intermediate\\certs\\rsa.api.testsuite.nmos.tv.cert.chain.pfx
-
-        # RSA
-        netsh http add sslcert ipport=0.0.0.0:1080 certhash=021d50df2177c07095485184206ee2297e50b65c appid="{00000000-0000-0000-0000-000000000000}"
-        # ECDSA
-        #netsh http add sslcert ipport=0.0.0.0:1080 certhash=875eca592c49120254b32bb8bed90ac3679015a5 appid="{00000000-0000-0000-0000-000000000000}"
-
-        # RSA
-        netsh http add sslcert ipport=0.0.0.0:8088 certhash=021d50df2177c07095485184206ee2297e50b65c appid="{00000000-0000-0000-0000-000000000000}"
-        # ECDSA
-        #netsh http add sslcert ipport=0.0.0.0:8088 certhash=875eca592c49120254b32bb8bed90ac3679015a5 appid="{00000000-0000-0000-0000-000000000000}"
+      # install certificates
+      certutil -enterprise -addstore -user root test_data\\BCP00301\\ca\\certs\\ca.cert.pem
+      certutil -enterprise -addstore -user ca test_data\\BCP00301\\ca\\intermediate\\certs\\intermediate.cert.pem
+      certutil -importpfx -enterprise test_data\\BCP00301\\ca\\intermediate\\certs\\ecdsa.api.testsuite.nmos.tv.cert.chain.pfx
+      certutil -importpfx -enterprise test_data\\BCP00301\\ca\\intermediate\\certs\\rsa.api.testsuite.nmos.tv.cert.chain.pfx
+
+      # RSA
+      netsh http add sslcert ipport=0.0.0.0:1080 certhash=021d50df2177c07095485184206ee2297e50b65c appid="{00000000-0000-0000-0000-000000000000}"
+      # ECDSA
+      #netsh http add sslcert ipport=0.0.0.0:1080 certhash=875eca592c49120254b32bb8bed90ac3679015a5 appid="{00000000-0000-0000-0000-000000000000}"
+
+      # RSA
+      netsh http add sslcert ipport=0.0.0.0:8088 certhash=021d50df2177c07095485184206ee2297e50b65c appid="{00000000-0000-0000-0000-000000000000}"
+      # ECDSA
+      #netsh http add sslcert ipport=0.0.0.0:8088 certhash=875eca592c49120254b32bb8bed90ac3679015a5 appid="{00000000-0000-0000-0000-000000000000}"
     fi
 
     if [[ "${{ runner.os }}" == "macOS" ]]; then

Development/README.md

@@ -12,6 +12,8 @@ C++ source code and build files for the software
   Extensions to the [C++ REST SDK](https://github.com/Microsoft/cpprestsdk)
 - [detail](detail)  
   Small general purpose utilties and header files to facilitate cross-platform development
+- [jwk](jwk)  
+  An implementation of the conversion between JSON Web Key and public key
 - [lldp](lldp)  
   A simple API for LLDP and an implementation using the PCAP *pcap.h* API
 - [mdns](mdns)  

Development/cmake/NmosCppDependencies.cmake

@@ -456,3 +456,65 @@ if(NMOS_CPP_BUILD_LLDP)
     list(APPEND NMOS_CPP_TARGETS PCAP)
     add_library(nmos-cpp::PCAP ALIAS PCAP)
 endif()
+
+# jwt library
+
+if(NMOS_CPP_USE_CONAN)
+    set(JWT_VERSION_MIN "0.5.1")
+    set(JWT_VERSION_CUR "0.6.0")
+    find_package(jwt-cpp REQUIRED)
+    if(NOT jwt-cpp_VERSION)
+        message(STATUS "Found jwt-cpp unknown version; minimum version: " ${JWT_VERSION_MIN})
+    elseif(jwt-cpp_VERSION VERSION_LESS JWT_VERSION_MIN)
+        message(FATAL_ERROR "Found jwt-cpp version " ${jwt-cpp_VERSION} " that is lower than the minimum version: " ${JWT_VERSION_MIN})
+    elseif(jwt-cpp_VERSION VERSION_GREATER JWT_VERSION_CUR)
+        message(STATUS "Found jwt-cpp version " ${jwt-cpp_VERSION} " that is higher than the current tested version: " ${JWT_VERSION_CUR})
+    else()
+        message(STATUS "Found jwt-cpp version " ${jwt-cpp_VERSION})
+    endif()
+
+    add_library(jwt-cpp INTERFACE)
+    target_link_libraries(jwt-cpp INTERFACE jwt-cpp::jwt-cpp)
+else()
+    set(JWT_SOURCES
+        )
+
+    set(JWT_HEADERS
+        third_party/jwt-cpp/jwt.h
+        )
+
+    add_library(
+        jwt-cpp STATIC
+        ${JWT_SOURCES}
+        ${JWT_HEADERS}
+        )
+
+    source_group("Source Files" FILES ${JWT_SOURCES})
+    source_group("Header Files" FILES ${JWT_HEADERS})
+
+    if(CMAKE_CXX_COMPILER_ID MATCHES GNU)
+        if(CMAKE_CXX_COMPILER_VERSION VERSION_LESS 4.9)
+            target_compile_definitions(
+                jwt-cpp PRIVATE
+                )
+        endif()
+    endif()
+
+    target_link_libraries(
+        jwt-cpp PRIVATE
+        nmos-cpp::compile-settings
+        )
+    target_include_directories(jwt-cpp PUBLIC
+        $<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/third_party>
+        $<INSTALL_INTERFACE:${NMOS_CPP_INSTALL_INCLUDEDIR}/third_party>
+        )
+endif()
+
+target_compile_definitions(
+    jwt-cpp INTERFACE
+    JWT_DISABLE_PICOJSON
+    )
+
+set_target_properties(jwt-cpp PROPERTIES LINKER_LANGUAGE CXX)
+list(APPEND NMOS_CPP_TARGETS jwt-cpp)
+add_library(nmos-cpp::jwt-cpp ALIAS jwt-cpp)