This example demonstrates how to use of the adapted JWT library in a KasperskyOS-based solution.
WebServer—Civetwebweb serverTokenService—User authentication subsystemVfsRamFs—Program that supports RamFS file systemVfsNet—Networking programDhcpcd—DHCP client implementation program that gets network interface parameters from an external DHCP server in the background and passes them to the virtual file systemTlsEntity—TLS terminatorBlobContainer—Program that loads dynamic libraries used by other programs into shared memoryRAMDisk—Block device driver of a virtual drive in RAMEntropyEntity—Random number generatorDNetSrv—Driver for working with network cardsBcm2711MboxArmToVc—Mailbox driver for Raspberry Pi 4 B
Statically created IPC channels for a basic solution
jwt_example.WebServer→kl.VfsNetjwt_example.WebServer→kl.VfsRamFsjwt_example.WebServer→jwt_example.TokenServicejwt_example.WebServer→kl.bc.BlobContainerjwt_example.WebServer→kl.TlsEntitywt_example.TokenService→kl.VfsRamFswt_example.TokenService→kl.bc.BlobContainerkl.VfsRamFs→kl.drivers.RAMDiskkl.VfsRamFs→kl.EntropyEntitykl.VfsRamFs→kl.bc.BlobContainerkl.VfsNet→kl.EntropyEntitykl.VfsNet→kl.drivers.DNetSrvkl.VfsNet→kl.bc.BlobContainerkl.rump.Dhcpcd→kl.VfsRamFskl.rump.Dhcpcd→kl.VfsNetkl.rump.Dhcpcd→kl.bc.BlobContainerkl.TlsEntity→kl.EntropyEntitykl.TlsEntity→kl.bc.BlobContainerkl.TlsEntity→kl.VfsNetkl.TlsEntity→kl.VfsRamFskl.drivers.RAMDisk→kl.bc.BlobContainerkl.EntropyEntity→kl.bc.BlobContainerkl.drivers.DNetSrv→kl.drivers.Bcm2711MboxArmToVckl.drivers.DNetSrv→kl.bc.BlobContainerkl.drivers.Bcm2711MboxArmToVc→kl.bc.BlobContainer
The ./einit/src/init.yaml.in template is used to automatically generate
part of the solution initialization description file init.yaml. For more information about the
init.yaml.in template file, see the
KasperskyOS Community Edition Online Help.
The ./einit/psl/security.psl.in template is used to automatically
generate part of the security.psl file using CMake tools. The security.psl file contains part
of a solution security policy description. For more information about the security.psl file, see
Describing a security policy for a KasperskyOS-based solution.
Make sure that you have installed the latest version of the KasperskyOS Community Edition SDK.
When you develop a KasperskyOS-based solution, use the recommended structure of project directories to simplify usage of CMake scripts.
. ├── kos │ ├── example │ │ ├── build —Generated directory with KasperskyOS build artifacts │ │ ├── einit —Source files and CMakeList.txt for the Einit program │ │ ├── resources —Files of EDL and IDL descriptions and other configuration files of the solution │ │ ├── token_service —Sources files and CMakeList.txt for the TokenService program │ │ ├── utils —Source files for work with the IPC message arena │ │ ├── web_server —Sources files and CMakeList.txt for the WebServer program │ │ ├── CMakeLists.txt —CMake file containing the build instructions │ │ ├── cross-build.sh —Script for building a solution with the example │ ├── unittests │ │ ├── einit —Source files and CMakeList.txt for the Einit program │ │ ├── tests —Source files and CMakeList.txt for the TestEntity program │ │ ├── CMakeLists.txt —CMake file containing the build instructions │ │ ├── cross-build.sh —Script for building a solution with the tests
The example is built using the CMake build system, which is provided in the KasperskyOS Community Edition SDK.
The SDK_PREFIX environment variables affects the build of the example. It specifies the path to
the installed version of the KasperskyOS Community Edition SDK.
Run the following command ./cross-build.sh <platform> [-s SDK_PATH], where:
platformcan take one of the following values:qemufor QEMU orrpifor Raspberry Pi 4 B.SDK_PATHspecifies the path to the installed version of the KasperskyOS Community Edition SDK. If not specified, the path defined in theSDK_PREFIXenvironment variable is used. The value specified in-soption takes precedence over the value of theSDK_PREFIXenvironment variable.
For example, review the following command:
$ ./cross-build.sh qemu -s /opt/KasperskyOS-Community-Edition-<version>
The command builds the example with the built-in JWT library and runs the
KasperskyOS-based solution image on QEMU. The solution image is based on the SDK found in
the /opt/KasperskyOS-Community-Edition-<version> path, where version is the latest version
number of the KasperskyOS Community Edition SDK.
Running cross-build.sh creates a KasperskyOS-based solution image that includes the example.
The kos-qemu-image solution image is located in the ./build/einit directory.
The cross-build.sh script both builds the example on QEMU and runs it.
Running cross-build.sh creates a KasperskyOS-based solution image that includes the example
and a bootable SD card image for Raspberry Pi 4 B. The kos-image solution image is located in
the ./build/einit directory. The rpi4kos.img bootable SD card image is located in the ./build
directory.
-
To copy the bootable SD card image to the SD card, connect the SD card to the computer and run the following command:
$ sudo dd bs=64k if=build/rpi4kos.img of=/dev/sd[X] conv=fsync,where
[X]is the final character in the name of the SD card block device. -
Connect the bootable SD card to the Raspberry Pi 4 B.
-
Supply power to the Raspberry Pi 4 B and wait for the example to run.
You can also use an alternative option to prepare and run the example:
- Prepare Raspberry Pi 4 B and a bootable SD card to run the example by following the instructions in the KasperskyOS Community Edition Online Help.
- Run the example by following the instructions in the KasperskyOS Community Edition Online Help
./einit/CMakeLists.txt—CMake commands for building the Einit program
and the solution image.
./token_service/CMakeLists.txt—CMake commands for building the
TokenService program.
./web_server/CMakeLists.txt—CMake commands for building the
WebServer program.
./CMakeLists.txt—CMake commands for building the solution.
After building and running the example, follow these steps:
-
Wait until the following message appears in the standard output:
[WebServer] WebServer started (port: 1106) -
Open the page https://localhost:1106 (when running the example on QEMU) or https://<Raspberry Pi IP address>:1106 (when running the example on Raspberry Pi 4 B) in your browser. The browser will display the
indexpage containing an authentication prompt. -
Click the
Get JWTbutton. TheTokenServiceprogram uses the values in the variablespayloadKeyandpayloadValueto create the JWT token. The browser will display the generated token in theJWTfield. The standard output will show information about the generated JWT token:[WebServer] Local URL: /gettoken [WebServer] Request: GET [WebServer] RequestURI: /gettoken [TokenService] *** [GetJWTToken] *** -
Click the
Get databutton. The browser will display theData access successedmessage or theWrong token or token service unavailablemessage depending on the verification result. If the verification is successful, the following information will be displayed in the standard output:[WebServer] Local URL: /getdata [WebServer] Request: GET [WebServer] RequestURI: /getdata [TokenService][HEADER ]{"alg":"HS256","typ":"JWT"} [TokenService][PAYLOAD ]{"secret":"TOKEN"}If verification fails, the following information will be displayed in the standard output:
[WebServer] Local URL: /getdata [WebServer] Request: GET [WebServer] RequestURI: /getdata [TokenService] Token parse error: signature format is incorrect
© 2024 AO Kaspersky Lab