feature: Add a sample client for the remote control

g3force · g3force · commit bc4520c21d7f · 2020-05-09T19:35:25.000+02:00
diff --git a/README.md b/README.md
@@ -27,6 +27,7 @@ There are some reference clients:
  * [ssl-ref-client](./cmd/ssl-ref-client): A client that receives referee messages
  * [ssl-auto-ref-client](./cmd/ssl-auto-ref-client/README.md): A client that connects to the controller as an autoRef
  * [ssl-team-client](./cmd/ssl-team-client/README.md): A client that connects to the controller as a team
+ * [ssl-remote-control-client](./cmd/ssl-remote-control-client/README.md): A client that connects to the controller as a remote-control
  * [ssl-ci-test-client](./cmd/ssl-ci-test-client/README.md): A client that connects to the CI interface of the controller
  
 ### Comparison to ssl-refbox
diff --git a/cmd/ssl-remote-control-client/README.md b/cmd/ssl-remote-control-client/README.md
@@ -0,0 +1,42 @@
+# ssl-remote-control-client
+
+This folder contains a sample client that connects to the remote-control interface of the game-controller.
+
+## Protocol
+The communication is established with a bidirectional TCP connection. Messages are encoded with [Protocol Buffers](https://developers.google.com/protocol-buffers/). Each message is preceded by an uvarint containing the message size in bytes, see https://cwiki.apache.org/confluence/display/GEODE/Delimiting+Protobuf+Messages for details.
+
+The .proto files can be found in [../../proto](../../proto).
+
+The default port is `10011` for plain connections and 10111 for TLS encrypted connections. The IP to connect to can be determined using the multicast referee messages.
+
+## Connection sequence
+The connection is described in the following sequence diagram:
+
+![sequence diagram](https://www.websequencediagrams.com/cgi-bin/cdraw?lz=IyBodHRwczovL3d3dy53ZWJzZXF1ZW5jZWRpYWdyYW1zLmNvbS8KClJlbW90ZUNvbnRyb2wtPgACB2xlcjogZXN0YWJsaXNoIFRDUCBjb25uZWN0aW9uCgAbCgAjDmdlbmVyYXRlIG5ldyB0b2tlAB0OAF4NOiAAYQpSZXBseSAoAC0GICkAeBwAgSINUmVnaXN0cmF0aW9uICggdGVhbSwgWwB0Biwgc2lnbmF0dXJlIF0gKQCBKAwAgVgOdmVyaWZ5AIEdEgARFQBLCQCBKy5vayB8IHJlamVjdCApCgpsb29wAIE8KVRvAIMKCgA6PGVuZAo&s=napkin)
+
+Source to generate the diagram: [communication_remote-control.txt](./communication_remote-control.txt)
+
+## Connection stability
+Clients should deal with connection losts (reconnect). The game-controller may be restarted due to various reasons like crashes or other technical issues.
+
+## Secure connection
+The connection can optionally be secured by signing each request using a RSA key.
+
+The private key is used on the client side to sign the complete message, excluding the signature itself. 
+The public key must be provided to the game-controller. 
+By default, the game-controller searches for public keys in [config/trusted_keys/team](../../config/trusted_keys/team) with the pattern `<teamName>.pub.pem`. The team name is case-sensitive and must be equal to one of the team names that are send via the referee protocol (including spaces, etc.). Each team can only connect once.
+
+The [genKey.sh](../../tools/genKey.sh) script can be used to generate a new pair of public and private key.
+
+The controller sends a token with each reply. It must be included in the next request, when using the signature. The token is required to avoid replay attacks.
+
+If a public key is present for the team provided during registration, a signature is required. Else, the signature is ignored. The controller reply indicates, if the last request could be verified.
+
+## Sample client
+The sample client, that is included in this folder, can be used to test the connection. It can be run with 
+```bash
+go run cmd/ssl-remote-control-client/main.go
+``` 
+Pass it the `-h` parameter to get the available options.
+
+By default, it tries to connect as "YELLOW".
diff --git a/cmd/ssl-remote-control-client/YELLOW.pem b/cmd/ssl-remote-control-client/YELLOW.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEApogmLRlwxd8hrU8h3zSLRzvMZVKKPi1EaVDTU5n6utSus1H6
+FqyBEykQbJm3dQ2X6nrnH2z3bimIBEeKAfeFNMBTq1CpNzCDmQFE1snBj3fKdRXz
+mKCvwZPGO+qKCNzHi+vhCtXTTZX/wbMRkRjrOq24gAiHxmFczLa94MpzeD3xLpq+
+7P01DrsyVvHktiIcTHs+1OT4VLMJvtr9slbCeWcXgMFvfRME201FcaOjmCg9jrKH
+HjQF0MHnd3hhsSOARoffQ/X/Lr1xOA/ixPEo5hxEGiRuUAPrn7iZWSpH6iRWbJWe
+2ZH+oj+WgEc7BR2F7odQ91irRrSxNsVs+I55WwIDAQABAoIBAGggZU55w8vVkucc
+vZ8k6ZlmyIzqKUprX4VCZoC1nNLJPVsefPNEdYiXeo+NJerozv5sTquVpLia+1NB
+sAc+z2mGgEp0Kvo5OW+oHXT3vjGIw2ymhyP+BSdS0PaR1jFoatUQbiwqOu8eRUbG
+Qsuo+xw7l0tnCg5+vlm6QcuWitC5V9H/t5AViXOfFaPBj9acHuWpszSiH5RBmZXi
+MBfwQiXtVDGentHca2B4tcNjSc89Wuv1DK3Y1v1/s7HukDFTgE8UdMFgaLRzt1N4
+OQUBhi15ZBFb2xKIZzRFoA9BWlksQ6BBPkVLt5Ka3Rfb34MDmAuroVdc1LLmCKeC
+6yQsUuECgYEA2WDk/T0K+GVBOfIciytkYx5/qNsvzC2bQ1E0X1x9VV2B0e1luKPt
+WOwet5UjVXnkjFXmLORQR0MUxLn97e/3+pWBjFUlhYQl52z6GRmTumscR3VbkJnv
+mrqAP8mzbtv7b4a5R8BD1OtgzeFRVyIb8jrLFBO8mXyWzyUxEAb7CbkCgYEAxB6T
+zJvV8JaU1o2yB8Oqlbi30pvz/lhwVlF9WWozX6a2fdhPdFMPktb6vOpARpsQlrZ7
+DydNAV83p6WDIpQUSOO8Me+YH+AdpKldgNGYQsS4YjtbP8DT8ihl3YJpQZ5a5mUW
+PItuJLoduGxtOqsGGxjhYLExd0i7REdCNSROlbMCgYEAvy2uduHG0isLMJE0dVlW
+Uq4yDCmpYeMCWDQE4ZGQURGJ6TzmZ3sUdU5EvaSWjMhFLv8lDnpF+EaQ72u8XhTc
+fTAb3XXNKB3O0DhRxN1vxVYKavZV71jTF7vKq08TVf52peFQ9j+r6IiSfL8bMIy5
+E1KN5DxvdHXUlJ3bBoN9KVECgYADGCBo2ASWGSocAHxQlwu39QQhdIhy+N483mhF
+4uEQn0a90Y3fXfge7vlhxahh9MxcNGDYqlwSq3frUzcwcnmndMBhYVBbIGQXVvy8
+rZHja8sk8Z7M8LPnXC/PQOF8QY1ZmTqyldiVB8K0SDGo/U3JW6kip2kKYsFhoGYx
+BHOg9QKBgAgClFnzxWoCA6EzwJM/zi5ulHqbkA5quPTfoFlsat30oCq/zCZFGBCt
+exYQ5nA1qO6FxHsWEnGcZySmpoHI8E+s/nFLGtb4M4KE+Kc96pWPxKyqGDepvyWK
+GNegmvzaTa5JqA2zmDQw0j4xhdgdhjdvyBt6tEVdWZKjB13Cax5B
+-----END RSA PRIVATE KEY-----
diff --git a/cmd/ssl-remote-control-client/communication_remote-control.txt b/cmd/ssl-remote-control-client/communication_remote-control.txt
@@ -0,0 +1,14 @@
+# https://www.websequencediagrams.com/
+
+RemoteControl->Controller: establish TCP connection
+Controller->Controller: generate new token
+Controller->RemoteControl: ControllerReply ( token )
+RemoteControl->Controller: RemoteControlRegistration ( team, [ token, signature ] )
+Controller-->Controller: verify token
+Controller-->Controller: verify signature
+Controller->RemoteControl: ControllerReply ( ok | reject )
+
+loop
+RemoteControl->Controller: RemoteControlToController
+Controller->RemoteControl: ControllerReply ( ok | reject )
+end
diff --git a/cmd/ssl-remote-control-client/main.go b/cmd/ssl-remote-control-client/main.go
@@ -0,0 +1,221 @@
+package main
+
+import (
+	"bufio"
+	"crypto/rsa"
+	"flag"
+	"fmt"
+	"github.com/RoboCup-SSL/ssl-game-controller/internal/app/rcon"
+	"github.com/RoboCup-SSL/ssl-game-controller/internal/app/state"
+	"github.com/RoboCup-SSL/ssl-game-controller/pkg/client"
+	"github.com/RoboCup-SSL/ssl-go-tools/pkg/sslconn"
+	"github.com/golang/protobuf/proto"
+	"log"
+	"net"
+	"os"
+	"strconv"
+	"strings"
+	"time"
+)
+
+var udpAddress = flag.String("udpAddress", "224.5.23.1:10003", "The multicast address of ssl-game-controller")
+var autoDetectAddress = flag.Bool("autoDetectHost", true, "Automatically detect the game-controller host and replace it with the host given in address")
+var refBoxAddr = flag.String("address", "localhost:10011", "Address to connect to")
+var privateKeyLocation = flag.String("privateKey", "", "A private key to be used to sign messages")
+var team = flag.String("team", "YELLOW", "The team to control, either YELLOW or BLUE")
+
+var privateKey *rsa.PrivateKey
+
+type Client struct {
+	conn  net.Conn
+	token string
+}
+
+func main() {
+	flag.Parse()
+
+	privateKey = client.LoadPrivateKey(*privateKeyLocation)
+
+	if *autoDetectAddress {
+		log.Print("Trying to detect host based on incoming referee messages...")
+		host := client.DetectHost(*udpAddress)
+		if host != "" {
+			log.Print("Detected game-controller host: ", host)
+			*refBoxAddr = client.GetConnectionString(*refBoxAddr, host)
+		}
+	}
+
+	conn, err := net.Dial("tcp", *refBoxAddr)
+	if err != nil {
+		log.Fatal("could not connect to game-controller at ", *refBoxAddr)
+	}
+	defer func() {
+		if err := conn.Close(); err != nil {
+			log.Printf("Could not close connection: %v", err)
+		}
+	}()
+	log.Printf("Connected to game-controller at %v", *refBoxAddr)
+	c := Client{}
+	c.conn = conn
+
+	c.register()
+
+	commands := map[string]func([]string){}
+	commands["ping"] = func(args []string) {
+		c.sendRequest(&rcon.RemoteControlToController{
+			Msg: &rcon.RemoteControlToController_Request_{Request: rcon.RemoteControlToController_PING},
+		})
+	}
+	commands["keeper"] = func(args []string) {
+		if len(args) != 1 {
+			log.Printf("Missing keeper id")
+		} else if id, err := strconv.Atoi(args[0]); err != nil {
+			log.Printf("Could not parse keeper id '%v'", args[0])
+		} else {
+			c.sendDesiredKeeper(int32(id))
+		}
+	}
+	commands["substitution"] = func(args []string) {
+		c.sendRequest(&rcon.RemoteControlToController{
+			Msg: &rcon.RemoteControlToController_SubstituteBot{SubstituteBot: true},
+		})
+	}
+	commands["no_substitution"] = func(args []string) {
+		c.sendRequest(&rcon.RemoteControlToController{
+			Msg: &rcon.RemoteControlToController_SubstituteBot{SubstituteBot: false},
+		})
+	}
+	commands["timeout"] = func(args []string) {
+		c.sendRequest(&rcon.RemoteControlToController{
+			Msg: &rcon.RemoteControlToController_Timeout{Timeout: true},
+		})
+	}
+	commands["no_timeout"] = func(args []string) {
+		c.sendRequest(&rcon.RemoteControlToController{
+			Msg: &rcon.RemoteControlToController_Timeout{Timeout: false},
+		})
+	}
+	commands["challenge"] = func(args []string) {
+		c.sendRequest(&rcon.RemoteControlToController{
+			Msg: &rcon.RemoteControlToController_Request_{Request: rcon.RemoteControlToController_CHALLENGE_FLAG},
+		})
+	}
+	commands["emergency"] = func(args []string) {
+		c.sendRequest(&rcon.RemoteControlToController{
+			Msg: &rcon.RemoteControlToController_EmergencyStop{EmergencyStop: true},
+		})
+	}
+	commands["no_emergency"] = func(args []string) {
+		c.sendRequest(&rcon.RemoteControlToController{
+			Msg: &rcon.RemoteControlToController_EmergencyStop{EmergencyStop: false},
+		})
+	}
+	commands["state"] = func(args []string) {
+		c.sendRequest(&rcon.RemoteControlToController{
+			Msg: &rcon.RemoteControlToController_Request_{Request: rcon.RemoteControlToController_GET_STATE},
+		})
+	}
+
+	reader := bufio.NewReader(os.Stdin)
+	for {
+		fmt.Print("-> ")
+		text, err := reader.ReadString('\n')
+		if err != nil {
+			log.Print("Can not read from stdin: ", err)
+			for {
+				time.Sleep(1 * time.Second)
+			}
+		}
+		// convert CRLF to LF
+		text = strings.Replace(text, "\n", "", -1)
+		cmd := strings.Split(text, " ")
+		if fn, ok := commands[cmd[0]]; ok {
+			fn(cmd[1:])
+		} else {
+			fmt.Println("Available commands:")
+			for cmd := range commands {
+				fmt.Printf("  %-20s\n", cmd)
+			}
+		}
+	}
+}
+
+func (c *Client) register() {
+	reply := rcon.ControllerToRemoteControl{}
+	if err := sslconn.ReceiveMessage(c.conn, &reply); err != nil {
+		log.Fatal("Failed receiving controller reply: ", err)
+	}
+	if reply.GetControllerReply().NextToken == nil {
+		log.Fatal("Missing next token")
+	}
+
+	registration := rcon.RemoteControlRegistration{}
+	registration.Team = new(state.Team)
+	*registration.Team = state.Team(state.Team_value[*team])
+	if privateKey != nil {
+		registration.Signature = &rcon.Signature{Token: reply.GetControllerReply().NextToken, Pkcs1V15: []byte{}}
+		registration.Signature.Pkcs1V15 = client.Sign(privateKey, &registration)
+	}
+	log.Print("Sending registration")
+	if err := sslconn.SendMessage(c.conn, &registration); err != nil {
+		log.Fatal("Failed sending registration: ", err)
+	}
+	log.Print("Sent registration, waiting for reply")
+	reply = rcon.ControllerToRemoteControl{}
+	if err := sslconn.ReceiveMessage(c.conn, &reply); err != nil {
+		log.Fatal("Failed receiving controller reply: ", err)
+	}
+	if reply.GetControllerReply().StatusCode == nil || *reply.GetControllerReply().StatusCode != rcon.ControllerReply_OK {
+		reason := ""
+		if reply.GetControllerReply().Reason != nil {
+			reason = *reply.GetControllerReply().Reason
+		}
+		log.Fatal("Registration rejected: ", reason)
+	}
+	log.Printf("Successfully registered as %v", *team)
+	if reply.GetControllerReply().NextToken != nil {
+		c.token = *reply.GetControllerReply().NextToken
+	} else {
+		c.token = ""
+	}
+}
+
+func (c *Client) sendDesiredKeeper(id int32) (accepted bool) {
+	message := rcon.RemoteControlToController_DesiredKeeper{DesiredKeeper: id}
+	request := rcon.RemoteControlToController{Msg: &message}
+	return c.sendRequest(&request)
+}
+
+func (c *Client) sendRequest(request *rcon.RemoteControlToController) (accepted bool) {
+	if privateKey != nil {
+		request.Signature = &rcon.Signature{Token: &c.token, Pkcs1V15: []byte{}}
+		request.Signature.Pkcs1V15 = client.Sign(privateKey, request)
+	}
+
+	log.Print("Sending ", proto.MarshalTextString(request))
+
+	if err := sslconn.SendMessage(c.conn, request); err != nil {
+		log.Fatalf("Failed sending request: %v (%v)", request, err)
+	}
+
+	log.Print("Waiting for reply...")
+	reply := rcon.ControllerToRemoteControl{}
+	if err := sslconn.ReceiveMessage(c.conn, &reply); err != nil {
+		log.Fatal("Failed receiving controller reply: ", err)
+	}
+	log.Print("Received reply: ", proto.MarshalTextString(&reply))
+	if reply.GetControllerReply().StatusCode == nil || *reply.GetControllerReply().StatusCode != rcon.ControllerReply_OK {
+		log.Print("Message rejected: ", *reply.GetControllerReply().Reason)
+		accepted = false
+	} else {
+		accepted = true
+	}
+
+	if reply.GetControllerReply().NextToken != nil {
+		c.token = *reply.GetControllerReply().NextToken
+	} else {
+		c.token = ""
+	}
+
+	return
+}
