#!/usr/bin/env bash # ────────────────────────────────────────────────────────────────────────────── # Planet Security Defense API — curl quickstart # # Patent : PCT WO 2025/127469 A1 (inventor/applicant: 이정훈, 2025-06-19) # Site : https://planet.winnerbrothers.org # # Prerequisite: jq, curl # # Walks through 8 endpoints end-to-end: # 1. status — capability + theorem matrix # 2. keygen × 2 — provision GCS + UAV # 3. handshake init — Round 1 # 4. handshake respond — Round 2 (with ECDH ephem pub) # 5. handshake finalize — Round 3 # 6. command sign — GCS → UAV "TAKEOFF" # 7. command verify — receiver verifies bundle # 8. heartbeat — passive + verified mode # # Replay attack also demonstrated. # ────────────────────────────────────────────────────────────────────────────── set -euo pipefail BASE="${1:-http://localhost:3000}" KEY="${2:?Usage: $0 }" H="-H Authorization:\ Bearer\ ${KEY} -H Content-Type:\ application/json" j() { jq -r "$@"; } pp() { jq . 2>/dev/null || cat; } echo "──── 1. STATUS ────" curl -sS "$BASE/api/v1/defense/status" $H | jq '.capability' echo echo "──── 2. PROVISION (keygen × 2) ────" GCS=$(curl -sS -X POST "$BASE/api/v1/defense/keygen" $H \ -d '{"callsign":"GCS-CURL","classification":"gcs","environment":"lan"}') UAV=$(curl -sS -X POST "$BASE/api/v1/defense/keygen" $H \ -d '{"callsign":"EAGLE-CURL","classification":"uav","environment":"lan"}') GCS_ID=$(echo "$GCS" | jq -r '.device.deviceId') UAV_ID=$(echo "$UAV" | jq -r '.device.deviceId') echo "GCS=$GCS_ID UAV=$UAV_ID" echo echo "──── 3-5. 3-ROUND HANDSHAKE ────" # Generate ECDH ephemeral keys (use openssl for portability) INIT_PRIV=$(openssl ecparam -name prime256v1 -genkey -noout 2>/dev/null) INIT_PUB=$(echo "$INIT_PRIV" | openssl ec -pubout -outform DER 2>/dev/null \ | tail -c 65 | xxd -p | tr -d '\n') INIT_PUB_HASH=$(echo -n "$INIT_PUB" | openssl dgst -sha256 | awk '{print $2}') RESP_PRIV=$(openssl ecparam -name prime256v1 -genkey -noout 2>/dev/null) RESP_PUB=$(echo "$RESP_PRIV" | openssl ec -pubout -outform DER 2>/dev/null \ | tail -c 65 | xxd -p | tr -d '\n') R1=$(curl -sS -X POST "$BASE/api/v1/defense/handshake/init" $H \ -d "$(jq -n --arg a "$GCS_ID" --arg b "$UAV_ID" --arg c "$INIT_PUB_HASH" \ '{initiatorDeviceId:$a,responderDeviceId:$b,initEphemeralPubHash:$c}')") HS_ID=$(echo "$R1" | jq -r '.handshakeId') echo "Round 1 OK hs_id=$HS_ID" R2=$(curl -sS -X POST "$BASE/api/v1/defense/handshake/respond" $H \ -d "$(jq -n --arg a "$HS_ID" --arg b "$RESP_PUB" \ '{handshakeId:$a,respondEphemeralPub:$b}')") echo "Round 2 OK status=$(echo "$R2" | jq -r '.handshake.status')" R3=$(curl -sS -X POST "$BASE/api/v1/defense/handshake/finalize" $H \ -d "$(jq -n --arg a "$HS_ID" --arg b "$INIT_PUB" \ '{handshakeId:$a,initEphemeralPub:$b}')") SESSION_KEY=$(echo "$R3" | jq -r '.sessionKey') echo "Round 3 OK sessionKey[:16]=${SESSION_KEY:0:16}" echo echo "──── 6. SIGN COMMAND ────" SIGN=$(curl -sS -X POST "$BASE/api/v1/defense/command/sign" $H \ -d "$(jq -n --arg a "$HS_ID" --arg b "$GCS_ID" \ '{handshakeId:$a,senderDeviceId:$b,command:"TAKEOFF altitude=50m"}')") SIGNED=$(echo "$SIGN" | jq -c '.signedCommand') echo "$SIGNED" | jq '{commandId, timestamp, signature}' echo echo "──── 7. VERIFY (normal) ────" curl -sS -X POST "$BASE/api/v1/defense/command/verify" $H -d "$SIGNED" \ | jq '{valid, advBound, deltaMs, skewMs}' echo echo "──── 7b. REPLAY ATTACK (resend same bundle) ────" curl -sS -X POST "$BASE/api/v1/defense/command/verify" $H -d "$SIGNED" \ | jq '{valid, reason, explanation}' echo echo "──── 8. HEARTBEAT (passive) ────" curl -sS -X POST "$BASE/api/v1/defense/heartbeat" $H \ -d "$(jq -n --arg a "$UAV_ID" '{deviceId:$a}')" \ | jq '{healthy, mode, deltaMs, serverTime}' echo echo "[OK] All 8 endpoints walked end-to-end."