Generate signature for OAuth2 authorization

02e9fb5b · Tien-Thinh Nguyen · 011c9ac8 · 02e9fb5b · 02e9fb5b · 02e9fb5b
Commit 02e9fb5b authored Dec 28, 2020 by Tien-Thinh Nguyen
7 changed files
--- a/src/api-server/api/AccessTokenRequestApi.cpp
+++ b/src/api-server/api/AccessTokenRequestApi.cpp
@@ -34,7 +34,7 @@ void AccessTokenRequestApi::init() {
 void AccessTokenRequestApi::setupRoutes() {
    using namespace Pistache::Rest;

-    Routes::Post(*router, base + nrf_cfg.sbi_api_version + "/oauth2/token", Routes::bind(&AccessTokenRequestApi::access_token_request_handler, this));
+    Routes::Post(*router, base + "/oauth2/token", Routes::bind(&AccessTokenRequestApi::access_token_request_handler, this));

    // Default handler, called when a route is not found
    router->addCustomHandler(Routes::bind(&AccessTokenRequestApi::access_token_request_api_default_handler, this));

--- a/src/api-server/impl/AccessTokenRequestApiImpl.cpp
+++ b/src/api-server/impl/AccessTokenRequestApiImpl.cpp
 /**
 * NRF OAuth2
- * NRF OAuth2 Authorization. © 2019, 3GPP Organizational Partners (ARIB, ATIS, CCSA, ETSI, TSDSI, TTA, TTC). All rights reserved.
+ * NRF OAuth2 Authorization. © 2019, 3GPP Organizational Partners (ARIB, ATIS,
+ * CCSA, ETSI, TSDSI, TTA, TTC). All rights reserved.
 *
 * The version of the OpenAPI document: 1.0.2
 *
 *
- * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).
- * https://openapi-generator.tech
- * Do not edit the class manually.
+ * NOTE: This class is auto generated by OpenAPI Generator
+ * (https://openapi-generator.tech). https://openapi-generator.tech Do not edit
+ * the class manually.
 */

 #include "AccessTokenRequestApiImpl.h"
+#include "3gpp_29.500.h"
+#include "AccessTokenRsp.h"
+#include "Helpers.h"
+#include "logger.hpp"

 namespace oai {
 namespace nrf {
@@ -18,23 +23,44 @@ namespace api {

 using namespace oai::nrf::model;
 using namespace oai::nrf::app;
+using namespace oai::nrf::helpers;

 AccessTokenRequestApiImpl::AccessTokenRequestApiImpl(
    std::shared_ptr<Pistache::Rest::Router> rtr, nrf_app *nrf_app_inst,
    std::string address)
-    :
-    AccessTokenRequestApi(rtr),
-    m_nrf_app(nrf_app_inst),
-    m_address(address) {
-}
+    : AccessTokenRequestApi(rtr), m_nrf_app(nrf_app_inst), m_address(address) {}

 void AccessTokenRequestApiImpl::access_token_request(
    const Pistache::Rest::Request &request,
    Pistache::Http::ResponseWriter &response) {
-  response.send(Pistache::Http::Code::Ok, "Do some magic\n");
-}
+  Logger::nrf_sbi().info(
+      "Got a request to request an OAuth2 access token from the authorization "
+      "server (NRF)");

-}
-}
+  Logger::nrf_sbi().info("request body %s", request.body().c_str());
+
+  int http_code = 0;
+  ProblemDetails problem_details = {};
+  AccessTokenRsp access_token_rsp = {};
+  m_nrf_app->handle_access_token_request(request.body(), access_token_rsp,
+                                         http_code, 1, problem_details);
+
+  nlohmann::json json_data = {};
+  std::string content_type = "application/json";
+
+  if (http_code != HTTP_STATUS_CODE_200_OK) {
+    to_json(json_data, problem_details);
+    content_type = "application/problem+json";
+  } else {
+    to_json(json_data, access_token_rsp);
+  }
+
+  // content type
+  response.headers().add<Pistache::Http::Header::ContentType>(
+      Pistache::Http::Mime::MediaType(content_type));
+  response.send(Pistache::Http::Code(http_code), json_data.dump().c_str());
 }

+}  // namespace api
+}  // namespace nrf
+}  // namespace oai
--- a/src/nrf_app/nrf_app.cpp
+++ b/src/nrf_app/nrf_app.cpp
--- a/src/nrf_app/nrf_app.hpp
+++ b/src/nrf_app/nrf_app.hpp
@@ -35,12 +35,14 @@
 #include "PatchItem.h"
 #include "ProblemDetails.h"
 #include "SubscriptionData.h"
+#include "AccessTokenRsp.h"
 #include "nrf_event.hpp"
 #include "nrf_profile.hpp"
 #include "nrf_search_result.hpp"
 #include "nrf_subscription.hpp"
 #include "uint_generator.hpp"

+
 namespace oai {
 namespace nrf {
 namespace app {
@@ -193,6 +195,20 @@ class nrf_app {
                                  int &http_code, const uint8_t http_version,
                                  ProblemDetails &problem_details);

+  /*
+   * Handle a Register NF Instance request
+   * @param [const std::string &] request_body: includes access token request
+   * @param [AccessTokenRsp &] access_token_rsp: Access token response
+   * @param [int &] http_code: HTTP code used to return to the consumer
+   * @param [const uint8_t] http_version: HTTP version
+   * @param [ProblemDetails &] problem_details: Store details of the error
+   * @return void
+   */
+  void handle_access_token_request(const std::string &request_body,
+                                   AccessTokenRsp &access_token_rsp,
+                                   int &http_code, const uint8_t http_version,
+                                   ProblemDetails &problem_details);
+
  /*
   * Insert a nrf profile
   * @param [const std::string &] profile_id: Profile ID

--- a/src/nrf_app/nrf_jwt.cpp
+++ b/src/nrf_app/nrf_jwt.cpp
@@ -3,9 +3,9 @@
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The OpenAirInterface Software Alliance licenses this file to You under
- * the OAI Public License, Version 1.1  (the "License"); you may not use this file
- * except in compliance with the License.
- * You may obtain a copy of the License at
+ * the OAI Public License, Version 1.1  (the "License"); you may not use this
+ *file except in compliance with the License. You may obtain a copy of the
+ *License at
 *
 *      http://www.openairinterface.org/?page_id=698
 *
@@ -30,24 +30,52 @@
 #include "nrf_jwt.hpp"

 #include <iostream>
+
 #include "jwt/jwt.hpp"

 using namespace oai::nrf::app;

-void nrf_jwt::test_jwt(){
-	 using namespace jwt::params;
+//------------------------------------------------------------------------------
+bool nrf_jwt::generate_signature(const std::string &nf_consumer_id,
+                                 std::string &signature) const {
+  std::string key;
+  get_secret_key(nf_consumer_id, key);
+  // Create JWT object
+  //TODO
+  jwt::jwt_object obj{jwt::params::algorithm("HS256"),
+                      jwt::params::payload({{"iss", "nrf_instance_id"},
+                                            {"sub", "nf_consumer_id"},
+                                            {"aud", "nf_producer_id"},
+                                            {"scope", "nf_producer_name"},
+                                            {"exp", "100"}}),
+                      jwt::params::secret(key)};
+
+  // Get the encoded string/assertion
+  signature = obj.signature();
+}
+
+//------------------------------------------------------------------------------
+bool nrf_jwt::get_secret_key(const std::string &nf_consumer_id,
+                             std::string &key) const {
+  // TODO:
+  key = "secret";
+}

-	  auto key = "secret"; //Secret to use for the algorithm
-	  //Create JWT object
-	  jwt::jwt_object obj{algorithm("HS256"), payload({{"some", "payload"}}), secret(key)};
+//------------------------------------------------------------------------------
+void nrf_jwt::test_jwt() {
+  using namespace jwt::params;

-	  //Get the encoded string/assertion
-	  auto enc_str = obj.signature();
-	  std::cout << enc_str << std::endl;
+  auto key = "secret";  // Secret to use for the algorithm
+  // Create JWT object
+  jwt::jwt_object obj{algorithm("HS256"), payload({{"some", "payload"}}),
+                      secret(key)};

-	  //Decode
-	  auto dec_obj = jwt::decode(enc_str, algorithms({"HS256"}), secret(key));
-	  std::cout << dec_obj.header() << std::endl;
-	  std::cout << dec_obj.payload() << std::endl;
+  // Get the encoded string/assertion
+  auto enc_str = obj.signature();
+  std::cout << enc_str << std::endl;

+  // Decode
+  auto dec_obj = jwt::decode(enc_str, algorithms({"HS256"}), secret(key));
+  std::cout << dec_obj.header() << std::endl;
+  std::cout << dec_obj.payload() << std::endl;
 }
--- a/src/nrf_app/nrf_jwt.hpp
+++ b/src/nrf_app/nrf_jwt.hpp
@@ -30,16 +30,20 @@
 #ifndef FILE_NRF_JWT_HPP_SEEN
 #define FILE_NRF_JWT_HPP_SEEN

+#include <string>
+
 namespace oai {
 namespace nrf {
 namespace app {

 class nrf_jwt {
 private:
-
-
 public:
-	  void test_jwt();
+  void test_jwt();
+  bool generate_signature(const std::string &nf_consumer_id,
+                          std::string &signature) const;
+  bool get_secret_key(const std::string &nf_consumer_id,
+                      std::string &key) const;
 };

 }  // namespace app

--- a/yaml/cmd.txt
+++ b/yaml/cmd.txt
@@ -15,4 +15,7 @@ curl -X POST -H "Content-Type: application/json" "http://192.168.1.23/nnrf-nfm/v
 curl -X PATCH -H "Content-Type: application/json" http://192.168.1.23/nnrf-nfm/v1/subscriptions/1  -d '[{"op":"replace","path":"/validityTime", "value": "20201231T235959"}]'


-curl -X GET  "http://192.168.1.23/nnrf-disc/v1//nf-instances?target-nf-type="AMF"&requester-nf-type="AMF""
\ No newline at end of file
+curl -X GET  "http://192.168.1.23/nnrf-disc/v1//nf-instances?target-nf-type="AMF"&requester-nf-type="AMF""
+
+#Access Token
+curl -d "grant_type=client_credentials&nfInstanceId=343a924e-6494-4927-860b-d45692c95c2d&scope=nf_name" -H "Content-Type: application/x-www-form-urlencoded" -X POST http://192.168.1.23/oauth2/token