This module implements a RequestProvider for OSCORE. As such, it takes routing ownership of requests that it has a security context available for, and sends off the protected messages via another transport.
This transport is a bit different from the others because it doesn’t have its dedicated URI scheme, but purely relies on preconfigured contexts.
So far, this transport only deals with outgoing requests, and does not help in building an OSCORE server. (Some code that could be used here in future resides in contrib/oscore-plugtest/plugtest-server as the ProtectedSite class.
In outgoing request, this transport automatically handles Echo options that appear to come from RFC8613 Appendix B.1.2 style servers. They indicate that the server could not process the request initially, but could do so if the client retransmits it with an appropriate Echo value.
Unlike other transports that could (at least in theory) be present multiple
aiocoap.protocol.Context.request_interfaces (eg. because there
are several bound sockets), this is only useful once in there, as it has no own
state, picks the OSCORE security context from the CoAP
aiocoap.protocol.Context.client_credentials when populating the remote
field, and handles any populated request based ono its remote.security_context
Remote address type for :cls:`TransportOSCORE`.
The authority component of URIs that this endpoint represents when request are sent to it
Note that the presence of a hostinfo does not necessarily mean that globally meaningful or even syntactically valid URI can be constructed out of it; use the
uriproperty for this.
The authority component of URIs that this endpoint represents when requests are sent from it.
hostinfo, this does not necessarily produce sufficient input for a URI; use
The base URI for the peer (typically scheme plus .hostinfo).
error.AnonymousHostwhen executed on an address whose peer coordinates can not be expressed meaningfully in a URI.
The base URI for the local side of this remote.
error.AnonymousHostwhen executed on an address whose local coordinates can not be expressed meaningfully in a URI.
The that is used with addresses of this kind
This is usually a class property. It is applicable to both sides of the communication. (Should there ever be a scheme that addresses the participants differently, a scheme_local will be added.)
Iterable of objects representing any claims (e.g. an identity, or generally objects that can be used to authorize particular accesses) that were authenticated for this remote.
This is experimental and may be changed without notice.
Its primary use is on the server side; there, a request handler (or resource decorator) can use the claims to decide whether the client is authorized for a particular request. Use on the client side is planned as a requirement on a request, although (especially on side-effect free non-confidential requests) it can also be used in response processing.
A hashable (ideally, immutable) value that is only the same for remotes from which blocks may be combined. (With all current transports that means that the network addresses need to be in there, and the identity of the security context).
It does not just hinge on the identity of the address object, as a first block may come in an OSCORE group request and follow-ups may come in pairwise requests. (And there might be allowed relaxations on the transport under OSCORE, but that’d need further discussion).
Create and act on a a
Requestobject that will be handled according to the provider’s implementation.
Note that the request is not necessarily sent on the wire immediately; it may (but, depend on the transport does not necessarily) rely on the response to be waited for.