Merge pull request #6 from NASA-AMMOS/issue-5

Issue #5 - Implement BIND-level authentication

bliss/sle/bin/bliss_sle_bridge.py

@@ -29,19 +29,21 @@
 from bliss.core import log
 
 import bliss.sle
+import bliss.sle.frames
 from bliss.sle.pdu.raf import *
 
-def process_pdu():
+def process_pdu(raf_mngr):
     sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
     while True:
         gevent.sleep(0)
-        if bliss.sle.DATA_QUEUE.empty():
+        if raf_mngr._data_queue.empty():
             continue
 
-        hdr, body = bliss.sle.DATA_QUEUE.get()
+        log.info('Empty {}'.format(raf_mngr._data_queue.empty()))
+        pdu = raf_mngr._data_queue.get()
 
         try:
-            decoded_pdu, remainder = bliss.sle.RAF.decode(body)
+            decoded_pdu, remainder = raf_mngr.decode(pdu)
         except pyasn1.error.PyAsn1Error as e:
             log.error('Unable to decode PDU. Skipping ...')
             continue
@@ -57,35 +59,38 @@ def process_pdu():
             # Object does not contain data or data is not initalized. Skipping ...
             continue
 
-        tmf = bliss.sle.TMTransFrame(trans_data)
+        tmf = bliss.sle.frames.TMTransFrame(trans_data)
         log.info('Emitting {} bytes of telemetry to GUI'.format(len(tmf._data[0])))
         sock.sendto(tmf._data[0], ('localhost', 3076))
 
 
 if __name__ == '__main__':
-    raf_mngr = bliss.sle.RAF(hostname='atb-ocio-sspsim.jpl.nasa.gov', port=5100)
+    raf_mngr = bliss.sle.RAF(hostname='atb-ocio-sspsim.jpl.nasa.gov', port=5100,
+                             auth_level="bind",
+                             inst_id="sagr=LSE-SSC.spack=Test.rsl-fg=1.raf=onlc1")
     raf_mngr.connect()
     time.sleep(1)
 
     raf_mngr.bind()
     time.sleep(1)
 
-    raf_mngr.send_start_invocation(datetime.datetime(2017, 1, 1), datetime.datetime(2018, 1, 1))
+    raf_mngr.start(datetime.datetime(2017, 1, 1), datetime.datetime(2018, 1, 1))
 
-    tlm_monitor = gevent.spawn(process_pdu)
+    tlm_monitor = gevent.spawn(process_pdu, raf_mngr)
     gevent.sleep(0)
-    # log.info('Processing telemetry. Press <Ctrl-c> to terminate connection ...')
+    log.info('Processing telemetry. Press <Ctrl-c> to terminate connection ...')
     try:
         while True:
             gevent.sleep(0)
     except:
         pass
+    finally:
 
-    tlm_monitor.kill()
+        tlm_monitor.kill()
 
-    raf_mngr.stop()
-    time.sleep(1)
+        raf_mngr.stop()
+        time.sleep(1)
 
-    raf_mngr.unbind()
-    time.sleep(1)
+        raf_mngr.unbind()
+        time.sleep(1)
 

bliss/sle/bin/examples/cltu_api_test.py

@@ -40,7 +40,8 @@
 cltu_mngr = bliss.sle.CLTU(
     hostname='atb-ocio-sspsim.jpl.nasa.gov',
     port=5100,
-    inst_id='sagr=LSE-SSC.spack=Test.fsl-fg=1.cltu=cltu1'
+    inst_id='sagr=LSE-SSC.spack=Test.fsl-fg=1.cltu=cltu1',
+    auth_level="bind"
 )
 
 cltu_mngr.connect()

bliss/sle/bin/examples/rcf_api_test.py

@@ -52,7 +52,10 @@
 rcf_mngr = bliss.sle.RCF(
     hostname='atb-ocio-sspsim.jpl.nasa.gov',
     port=5100,
-    inst_id='sagr=LSE-SSC.spack=Test.rsl-fg=1.rcf=onlc2'
+    inst_id='sagr=LSE-SSC.spack=Test.rsl-fg=1.rcf=onlc2',
+    spacecraft_id=250,
+    trans_frame_ver_num=1,
+    auth_level="bind"
 )
 
 rcf_mngr.connect()
@@ -65,13 +68,19 @@
 end = dt.datetime(2018, 01, 01)
 # rcf_mngr.start(start, end, 250, 0, virtual_channel=6)
 rcf_mngr.start(start, end, 250, 0, master_channel=True)
-time.sleep(20)
 
-rcf_mngr.stop()
-time.sleep(2)
+try:
+    while True:
+        time.sleep(0)
+except:
+    pass
+finally:
 
-rcf_mngr.unbind()
-time.sleep(2)
+    rcf_mngr.stop()
+    time.sleep(2)
 
-rcf_mngr.disconnect()
-time.sleep(2)
+    rcf_mngr.unbind()
+    time.sleep(2)
+
+    rcf_mngr.disconnect()
+    time.sleep(2)

bliss/sle/cltu.py

@@ -148,8 +148,8 @@ def start(self):
         '''
         start_invoc = CltuUserToProviderPdu()
 
-        if self._credentials:
-            pass
+        if self._auth_level == 'all':
+            start_invoc['cltuStartInvocation']['invokerCredentials']['used'] = self.make_credentials()
         else:
             start_invoc['cltuStartInvocation']['invokerCredentials']['unused'] = None
 
@@ -189,8 +189,8 @@ def upload_cltu(self, tc_data, earliest_time=None, latest_time=None, delay=0, no
         '''
         pdu = CltuUserToProviderPdu()
 
-        if self._credentials:
-            pass
+        if self._auth_level == 'all':
+            pdu['cltuTransferDataInvocation']['invokerCredentials']['used'] = self.make_credentials()
         else:
             pdu['cltuTransferDataInvocation']['invokerCredentials']['unused'] = None
 
@@ -237,8 +237,8 @@ def schedule_status_report(self, report_type='immediately', cycle=None):
         '''
         pdu = CltuUserToProviderPdu()
 
-        if self._credentials:
-            pass
+        if self._auth_level == 'all':
+            pdu['cltuScheduleStatusReportInvocation']['invokerCredentials']['used'] = self.make_credentials()
         else:
             pdu['cltuScheduleStatusReportInvocation']['invokerCredentials']['unused'] = None
 
@@ -282,8 +282,8 @@ def throw_event(self, event_id, event_qualifier):
         '''
         pdu = CltuUserToProviderPdu()
 
-        if self._credentials:
-            pass
+        if self._auth_level == 'all':
+            pdu['cltuThrowEventInvocation']['invokerCredentials']['used'] = self.make_credentials()
         else:
             pdu['cltuThrowEventInvocation']['invokerCredentials']['unused'] = None
 
@@ -327,7 +327,29 @@ def decode(self, message):
     def _bind_return_handler(self, pdu):
         ''''''
         result = pdu['cltuBindReturn']['result']
+        responder_identifier = pdu['cltuBindReturn']['responderIdentifier']
+
+        # Check that responder_id in the response matches what we know
+        if responder_identifier != self._responder_id:
+            # Invoke PEER-ABORT with unexpected responder id
+            self.peer_abort(1)
+            self._state = 'unbound'
+            return
+
         if 'positive' in result:
+            if self._auth_level in ['bind', 'all']:
+                responder_performer_credentials = pdu['cltuBindReturn']['performerCredentials']['used']
+                if not self._check_return_credentials(responder_performer_credentials, self._responder_id,
+                                                  self._peer_password):
+                    # Authentication failed. Ignore processing the return
+                    bliss.core.log.info('Bind unsuccessful. Authentication failed.')
+                    return
+
+            if self._state == 'ready' or self._state == 'active':
+                # Peer abort with protocol error (3)
+                bliss.core.log.info('Bind unsuccessful. State already in READY or ACTIVE.')
+                self.peer_abort(3)
+
             bliss.core.log.info('Bind successful')
             self._state = 'ready'
         else: