feat(core): refine combo security scheme implementation

  This commit refines the implementation of combo security schemes
  by introducing explicit AllOfSecurityScheme and OneOfSecurityScheme
  types.

  The getSecuritySchemes method in ConsumedThing has been updated to
  recursively resolve these schemes, and the tests have been expanded
  to cover nested allOf and oneOf scenarios.

Author: erossignon

packages/core/src/consumed-thing.ts

@@ -24,6 +24,8 @@ import {
     ThingAction,
     ThingEvent,
     SecurityScheme,
+    AllOfSecurityScheme,
+    OneOfSecurityScheme,
 } from "./thing-description";
 
 import { ThingModel } from "wot-thing-model-types";
@@ -447,27 +449,40 @@ export default class ConsumedThing extends Thing implements IConsumedThing {
     getSecuritySchemes(security: Array<string>): Array<SecurityScheme> {
         const visited = new Set<string>();
 
-        const scs: Array<SecurityScheme> = [];
-        const visitSchemes = (security: Array<string>) => {
+        const visitSchemes = (security: Array<string>, visitedScheme: Array<SecurityScheme>) => {
             for (const s of security) {
                 if (visited.has(s)) {
                     continue;
                 }
                 visited.add(s);
-
                 const ws = this.securityDefinitions[s + ""]; // String vs. string (fix wot-typescript-definitions?)
                 // also push nosec in case of proxy
                 if (ws != null) {
                     if (ws.scheme === "combo") {
                         const combo = ws as ComboSecurityScheme;
-                        visitSchemes(combo.allOf as string[]);
+                        const comboScheme: SecurityScheme[] = [];
+                        if (combo.allOf) {
+                            visitSchemes(combo.allOf as string[], comboScheme);
+                            visitedScheme.push(<AllOfSecurityScheme>{
+                                scheme: "combo",
+                                allOf: comboScheme,
+                            });
+                        }
+                        if (combo.oneOf) {
+                            visitSchemes(combo.oneOf as string[], comboScheme);
+                            visitedScheme.push(<OneOfSecurityScheme>{
+                                scheme: "combo",
+                                oneOf: comboScheme,
+                            });
+                        }
                     } else {
-                        scs.push(ws);
+                        visitedScheme.push(ws);
                     }
                 }
             }
         };
-        visitSchemes(security);
+        const scs: SecurityScheme[] = [];
+        visitSchemes(security, scs);
         return scs;
     }
 

packages/core/src/thing-description.ts

@@ -135,15 +135,16 @@ export interface NullSchema extends BaseSchema {
 }
 
 // TODO AutoSecurityScheme
-// TODO ComboSecurityScheme
 export type SecurityType =
     | NoSecurityScheme
     | BasicSecurityScheme
     | DigestSecurityScheme
     | BearerSecurityScheme
     | APIKeySecurityScheme
     | OAuth2SecurityScheme
-    | PSKSecurityScheme;
+    | PSKSecurityScheme
+    | AllOfSecurityScheme
+    | OneOfSecurityScheme;
 
 export interface SecurityScheme {
     scheme: string;
@@ -180,6 +181,17 @@ export interface PSKSecurityScheme extends SecurityScheme, TDT.PskSecurityScheme
 export interface OAuth2SecurityScheme extends SecurityScheme, TDT.OAuth2SecurityScheme {
     scheme: "oauth2";
 }
+export interface OneOfSecurityScheme extends SecurityScheme {
+    scheme: "combo";
+    oneOf: SecurityScheme[];
+    allOf: never;
+}
+export interface AllOfSecurityScheme extends SecurityScheme {
+    scheme: "combo";
+    allOf: SecurityScheme[];
+    oneOf: never;
+}
+export type ComboSecurityScheme = AllOfSecurityScheme | OneOfSecurityScheme;
 
 /** Implements the Thing Property description */
 export abstract class ThingProperty extends BaseSchema {

packages/core/test/ClientTest.ts

@@ -27,7 +27,7 @@ import { Subscription } from "rxjs/Subscription";
 
 import Servient from "../src/servient";
 import ConsumedThing from "../src/consumed-thing";
-import { Form, SecurityScheme } from "../src/thing-description";
+import { AllOfSecurityScheme, Form, OneOfSecurityScheme, SecurityScheme } from "../src/thing-description";
 import { ProtocolClient, ProtocolClientFactory } from "../src/protocol-interfaces";
 import { Content } from "../src/content";
 import { ContentSerdes } from "../src/content-serdes";
@@ -37,6 +37,7 @@ import { createLoggers, ProtocolHelpers } from "../src/core";
 import { ThingDescription } from "wot-typescript-definitions";
 import chaiAsPromised from "chai-as-promised";
 import { fail } from "assert";
+import { ComboSecurityScheme } from "wot-thing-description-types";
 
 const { debug } = createLoggers("core", "ClientTest");
 
@@ -806,7 +807,7 @@ class WoTClientTest {
         expect(WoTClientTest.servient.hasClientFor(tcf2.scheme)).to.be.not.true;
     }
 
-    @test "ensure combo security"() {
+    @test "ensure combo security - allOf"() {
         const ct = new ConsumedThing(WoTClientTest.servient);
         ct.securityDefinitions = {
             basic_sc: {
@@ -829,12 +830,69 @@ class WoTClientTest {
             href: "https://example.com/",
         };
         ct.ensureClientSecurity(pc, form);
-        expect(pc.securitySchemes.length).equals(2);
-        expect(pc.securitySchemes[0].scheme).equals("opcua-channel-security");
-        expect(pc.securitySchemes[1].scheme).equals("opcua-authentication");
+        expect(pc.securitySchemes.length).equals(1);
+        expect(pc.securitySchemes[0].scheme).equals("combo");
+
+        const comboScheme = pc.securitySchemes[0] as AllOfSecurityScheme;
+        expect(comboScheme.allOf).instanceOf(Array);
+        expect(comboScheme.allOf.length).equal(2);
+        expect(comboScheme.allOf[0].scheme).equals("opcua-channel-security");
+        expect(comboScheme.allOf[1].scheme).equals("opcua-authentication");
+    }
+
+    @test "ensure combo security - oneOf"() {
+        const ct = new ConsumedThing(WoTClientTest.servient);
+        ct.securityDefinitions = {
+            basic_sc: {
+                scheme: "basic",
+            },
+            opcua_secure_channel_encrypt_sc: {
+                scheme: "opcua-channel-security",
+                mode: "encrypt",
+            },
+            opcua_secure_channel_sign_sc: {
+                scheme: "opcua-channel-security",
+                mode: "sign",
+            },
+            opcua_authetication_sc: {
+                scheme: "opcua-authentication",
+            },
+            comob_opcua_secure_channel: {
+                scheme: "combo",
+                oneOf: ["opcua_secure_channel_encrypt_sc", "opcua_secure_channel_sign_sc"],
+            },
+            combo_sc: {
+                scheme: "combo",
+                allOf: ["comob_opcua_secure_channel", "opcua_authetication_sc"],
+            },
+        };
+        ct.security = ["combo_sc"];
+        const pc = new TestProtocolClient();
+        const form: Form = {
+            href: "https://example.com/",
+        };
+        ct.ensureClientSecurity(pc, form);
+        expect(pc.securitySchemes.length).equals(1);
+        expect(pc.securitySchemes[0].scheme).equals("combo");
+
+        const comboScheme = pc.securitySchemes[0] as AllOfSecurityScheme;
+
+        expect(comboScheme.allOf).instanceOf(Array);
+        expect(comboScheme.allOf.length).equal(2);
+        expect(comboScheme.allOf[0].scheme).equals("combo");
+        expect(comboScheme.allOf[1].scheme).equals("opcua-authentication");
+
+        //
+        const comob_opcua_secure_channel = comboScheme.allOf[0] as OneOfSecurityScheme;
+        expect(comob_opcua_secure_channel.scheme).equal("combo");
+        expect(comob_opcua_secure_channel.oneOf).instanceOf(Array);
+
+        expect(comob_opcua_secure_channel.oneOf.length).equal(2);
+        expect(comob_opcua_secure_channel.oneOf[0].scheme).equal("opcua-channel-security");
+        expect(comob_opcua_secure_channel.oneOf[0].scheme).equal("opcua-channel-security");
     }
 
-    @test "ensure combo security in form"() {
+    @test "ensure combo security in form - allOf"() {
         const ct = new ConsumedThing(WoTClientTest.servient);
         ct.securityDefinitions = {
             basic_sc: {
@@ -858,9 +916,11 @@ class WoTClientTest {
             security: ["combo_sc"],
         };
         ct.ensureClientSecurity(pc, form);
-        expect(pc.securitySchemes.length).equals(2);
-        expect(pc.securitySchemes[0].scheme).equals("opcua-channel-security");
-        expect(pc.securitySchemes[1].scheme).equals("opcua-authentication");
+        expect(pc.securitySchemes.length).equals(1);
+        const comboScheme = pc.securitySchemes[0] as AllOfSecurityScheme;
+
+        expect(comboScheme.allOf[0].scheme).equals("opcua-channel-security");
+        expect(comboScheme.allOf[1].scheme).equals("opcua-authentication");
     }
 
     @test "ensure no infinite loop with recursive combo security"() {
@@ -879,6 +939,6 @@ class WoTClientTest {
             security: ["combo_sc"],
         };
         ct.ensureClientSecurity(pc, form);
-        expect(pc.securitySchemes.length).equals(0);
+        expect(pc.securitySchemes.length).equals(1);
     }
 }