fix: Enhance namespace authorisation check to verify when namespace has a period in it

[sitaram-kalluri]

- What I did

• Fixes Ability to create atKeys that are specific to a host (in the -d sense) at_libraries#636

- How I did it

• The root cause of the issue is Atkey.fromString(key).namespace returns only the last segment of the namespace. For example, if namespace is "foo.bar", then only "bar" is returned. Therefore, no matching authorized namespace is found and an unauthorized exception is raised.
• To fix the issue, add an additional logic which will use the entire key along with namespace to verify if the namespace is authorized.

- How to verify it

• Tested manually by running an update verb with key whose namespace is "orac.sshnp"

1. Generated APKAM keys with namespace - "orac.sshnp"

sitaram@sitaram-ThinkPad-E14:~/IdeaProjects/atsign/core/at_libraries/packages/at_onboarding_cli$ dart bin/activate_cli.dart enroll -s ABC123  -p sshnp   -d orac_subkey2  -n "orac.sshnp:rw,orac.sshrvd:rw" -a @sitaram --keys ~/.atsign/keys/oracsub2 -r vip.ve.atsign.zone
Submitting enrollment request
Enrollment ID: ef7542cb-8eeb-4b11-8078-db930c9f62f5
Waiting for approval; will check every 10 seconds
Checking ...  not approved. Will retry in 10 seconds
Checking ...  approved.
Creating atKeys file
[Success] Your .atKeys file saved at /home/sitaram/.atsign/keys/oracsub2.atKeys

2. Authenticate with apkam keys and run update verb with namespace "orac.sshnp"
@from:@sitaram
data:_67aab01b-d067-4115-a9f2-90ac325506b2@sitaram:eef776ca-e262-457a-9cb9-379b968a1087
@pkam:enrollmentid:ef7542cb-8eeb-4b11-8078-db930c9f62f5:dqiwnf/YaPXbBRXGcjeVxxRHlHrEWWdqUE6PiyeShPgVBQmSVwwgSYXUO1iYEyODWe7d+sMOcgT6qXE2v5AJygbjqrOGKc4UfZML4z8GR1r8hKGHrh42c9WhFvFeIIIYA/sbKXnQQlIK7f5ItjM2OeC7gNguHxbG7v6b1tmsEMMMx81622MB97WoeE5HFvjQH61Gm+OSESWrrBDbjM4ziUkJVU6gKXJ6YfB4FPVUIQQbOpBkjUyOIWwcz/XiK9Wp575H/0akZ7DmYGIFCRWz8qeo6TM+Jm07oW1ye0oGqR+CWjioVqBV8inzqn+eF/1fzFIlNLMqesaPY4524eeT7w==
data:success
@sitaram@update:@sitaram:phone.orac.sshnp@sitaram 1234
data:17
@sitaram@

• @purnimavenkatasubbu added unit and functional tests to assert the changes.

- Description for the changelog

• Enhance namespace authorisation check to verify when namespace has a period in it

[gkc]

Looks good. However, we need to reproduce (manually is fine) the test that @cconstab did which uncovered this issue and verify that the issue is resolved.

[sitaram-kalluri]

@gkc : Here are the logs related to reproducing the error, as well as the logs after the fix was applied.

Command to generate the atKeys file

dart bin/activate_cli.dart enroll -s ABC123  -p sshnp   -d orac_subkey2  -n "orac.sshnp:rw,orac.sshrvd:rw" -a @ssh_1 --keys ~/.atsign/keys/oracsub2

SSHNPD logs before fix

sitaram@sitaram-ThinkPad-E14:~/IdeaProjects/atsign/noports/packages/dart/sshnoports/bin$ dart run sshnpd.dart -a @‎sitaram -m @‎murali -d orac -k /home/sitaram/.atsign/keys/oracsub2.atKeys --root-domain vip.ve.atsign.zone 
[WARN] -u, --un-hide is deprecated, since it is now on by default. Use --hide if you want to disable device information sharing.
Exception: UnAuthorized client in request : Connection with enrollment ID ef7542cb-8eeb-4b11-8078-db930c9f62f5 is not authorized to update key: @‎murali:device_info.orac.sshnp@sitaram
SHOUT|2024-08-27 15:00:26.641274| sshnpd |connection lost

at_secondary_server logs before fix with unauthorized error when notifying

INFO|2024-08-27 14:59:55.953512|InboundListener|844955990|RCVD: pkam:signingAlgo:rsa2048:hashingAlgo:sha256:enrollmentId:ef7542cb-8eeb-4b11-8078-db930c9f62f5:fWzCTAPdZNsP/MnImgjWDVKYswUMo9TuWU/BoJ38mawCKoAXJHohaXcgJc71eCCgoTSeTWtWa8aiB2zwztiaKB8V7119YzsvvXE+SFHpo60QIKU15ELwDVMDgycFWiUpPbyjqU2rLYZ7w6fZ07YlZwPV211+Swhl2+nVHSNEUSGke5kllek4P0wZD4vtON01JSMoQdEPu9o79NNGXmrbEw3EmZaX9mN8B6glhZyXWpwGQRrBWao1mvpv8dSG+meg0HdVGO033UkQFisS1O+VscaqJ13jJfcXrBUQW6BYQbwm/7UEaWP3obj/ldRy87cpzL3ynJY74VwdRCXDLRV5Jg==| 

INFO|2024-08-27 14:59:56.027113|InboundConnectionImpl<Socket>|844955990|SENT: data:success
@‎sitaram@| 
INFO|2024-08-27 15:00:11.589934|InboundListener|385499875|191132927|RCVD: notify:id:0b545168-a8ea-48ee-8fad-56af7b277d59:update:messageType:key:priority:low:strategy:all:latestN:1:notifier:SYSTEM:ttln:60000:ttr:-1:ccd:true:isEncrypted:true:sharedKeyEnc:KvqXxKbkW34p/VNpefLgpBikKjVldVYGgHJkQ9aQUSRclEpvygWm6/ecysCHHwBurAPv5qR/f2JEVf5IkCQIrmTq/1/daVCxHoa86VKudTDeVwsEguxH82Ndys/+btDi3sBp68FN5MkJCwhIKP1r7A2mDxV5E+Ay+fOvvgclCOzJjU3FBq2kqMgFcbIX5JsYtCW65wxVeQWhyjSZVtNjZzrxuWE2CLjESrcmXiPk8tbGMi1K7NIXanmJAH2KuxJlSXKfI3dnUvnlN2UCeNEp6VZcElchArlWZWyl28iSdP7NTk61eq0/RMlF3KyyZVYBvObbzBv5QcgJeQkz+fXeMA==:pubKeyCS:7dca2bead6b36661c1c534c8fb58963b:ivNonce:u0VggFjsm1gsYdYuRGwN9g==:@‎murali:username.orac.sshnp@sitaram:1bV236yPuDQGIqeoBKkHXw==| 

INFO|2024-08-27 15:00:11.615058|GlobalExceptionHandler|Exception: Connection with enrollment ID ef7542cb-8eeb-4b11-8078-db930c9f62f5 is not authorized to notify key: @‎murali:username.orac.sshnp@‎sitaram 

INFO|2024-08-27 15:00:11.617712|GlobalExceptionHandler|Client version supports json encoding.. returning Json encoded error message 

INFO|2024-08-27 15:00:11.618082|InboundConnectionImpl<Socket>|385499875|191132927|SENT: error:{"errorCode":"AT0009","errorDescription":"UnAuthorized client in request : Connection with enrollment ID ef7542cb-8eeb-4b11-8078-db930c9f62f5 is not authorized to notify key: @‎murali:username.orac.sshnp@sitaram"}
@‎sitaram@| 

SSHNPD logs after fix

sitaram@sitaram-ThinkPad-E14:~/IdeaProjects/atsign/noports/packages/dart/sshnoports/bin$ dart run sshnpd.dart -a @sitaram -m @murali -d orac -k /home/sitaram/.atsign/keys/oracsub2.atKeys --root-domain vip.ve.atsign.zone 
[WARN] -u, --un-hide is deprecated, since it is now on by default. Use --hide if you want to disable device information sharing.
SHOUT|2024-08-27 14:58:29.466699| sshnpd |connection lost 
SHOUT|2024-08-27 14:59:59.480625| sshnpd |connection available 

at_secondary_server logs after fix with notification sent successfully

INFO|2024-08-27 14:57:59.304690|InboundListener|941256037|277123255|RCVD: pkam:signingAlgo:rsa2048:hashingAlgo:sha256:enrollmentId:ef7542cb-8eeb-4b11-8078-db930c9f62f5:IxwT9T5c3CoMXX6p5zws46vzpHUvqUzV5bHe4Szr54KzLx5f12KzPDk7QHBoMzNehxZb8pve5AnIxlh9X8gMZPNqIc6Pjs9pxEuscsLcdGlPRmC+nLFnNhkBZ7v/EyKwvLYt9o3uGhHeduMcq7M5eBC5mOBgDvyT+ooRQdKrPuCpgIq5JbOLnNPXdlGuc4c4svxjxIZx+Qn/uwCt4BzkmvgU/1ad/Wj/zGH8Vlqe2F96v3fbZ31Zy52QWqmBEnX1L5cP5HOJXm4+UBd6uLA3BAvST9PbJSI90iEJUkY+xjX7d65DkkHxJrLwFeYe1WYcVVOmGhk5fNZ7goToG7GkVw==| 

INFO|2024-08-27 14:57:59.312652|InboundConnectionImpl<Socket>|941256037|277123255|SENT: data:success
@sitaram@|
INFO|2024-08-27 14:57:59.387521|InboundListener|941256037|277123255|RCVD: notify:id:6be154c6-cd6d-429c-920a-a0a2d5d1a8ed:update:messageType:key:priority:low:strategy:all:latestN:1:notifier:SYSTEM:ttln:60000:ttr:-1:ccd:true:isEncrypted:true:sharedKeyEnc:KvqXxKbkW34p/VNpefLgpBikKjVldVYGgHJkQ9aQUSRclEpvygWm6/ecysCHHwBurAPv5qR/f2JEVf5IkCQIrmTq/1/daVCxHoa86VKudTDeVwsEguxH82Ndys/+btDi3sBp68FN5MkJCwhIKP1r7A2mDxV5E+Ay+fOvvgclCOzJjU3FBq2kqMgFcbIX5JsYtCW65wxVeQWhyjSZVtNjZzrxuWE2CLjESrcmXiPk8tbGMi1K7NIXanmJAH2KuxJlSXKfI3dnUvnlN2UCeNEp6VZcElchArlWZWyl28iSdP7NTk61eq0/RMlF3KyyZVYBvObbzBv5QcgJeQkz+fXeMA==:pubKeyCS:7dca2bead6b36661c1c534c8fb58963b:ivNonce:a/HJrWyVyNf/5/foo49r3g==:@murali:username.orac.sshnp@sitaram:xyPaTroI5eLpaVAUuxfoww==| 

INFO|2024-08-27 14:57:59.435231|InboundConnectionImpl<Socket>|941256037|277123255|SENT: data:6be154c6-cd6d-429c-920a-a0a2d5d1a8ed
@sitaram@| 

INFO|2024-08-27 14:57:59.482792|OutboundConnectionImpl<SecureSocket>|500991779|New connection (this side: InternetAddress('127.0.0.1', IPv4):48984 remote side: InternetAddress('127.0.0.1', IPv4):7001)| 

[gkc]

LGTM - thank you @sitaram-kalluri and @purnimavenkatasubbu