update token request procedure

37b47321 · Tien-Thinh Nguyen · cfb25c3a · 37b47321 · 37b47321 · 37b47321
Commit 37b47321 authored Dec 29, 2020 by Tien-Thinh Nguyen
5 changed files
--- a/src/nrf_app/nrf_app.cpp
+++ b/src/nrf_app/nrf_app.cpp
@@ -81,7 +81,7 @@ nrf_app::nrf_app(const std::string &config_file, nrf_event &ev)

 //------------------------------------------------------------------------------
 void nrf_app::generate_uuid() {
-    instance_id = to_string(boost::uuids::random_generator()());
+  nrf_instance_id = to_string(boost::uuids::random_generator()());
 }

 //------------------------------------------------------------------------------
@@ -572,6 +572,7 @@ void nrf_app::handle_access_token_request(const std::string &request_body,
      "Handle a request to request an OAuth2 access token from NRF (HTTP "
      "version %d)",
      http_version);
+
  std::map<std::string, std::string> access_token_req;
  // Process request_body
  std::vector<std::string> key_values;
@@ -602,10 +603,30 @@ void nrf_app::handle_access_token_request(const std::string &request_body,
    return;
  }

+  // TODO: authorize NF service consumer
+
  // Generate signature
  std::string signature = {};
-  if (!nrf_jwt_inst->generate_signature(access_token_req.at("nfInstanceId"),
-                                        signature)) {
+  bool result = false;
+  if ((access_token_req.count("nfType") > 0) and
+      (access_token_req.count("targetNfType") > 0)) {
+    nf_type_t nf_type =
+        api_conv::string_to_nf_type(access_token_req.at("nfType"));
+    nf_type_t target_nf_type =
+        api_conv::string_to_nf_type(access_token_req.at("targetNfType"));
+
+    result = nrf_jwt_inst->generate_signature(
+        access_token_req.at("nfInstanceId"), access_token_req.at("scope"),
+        access_token_req.at("nfType"), access_token_req.at("targetNfType"),
+        nrf_instance_id, signature);
+
+  } else if (access_token_req.count("targetNfInstanceId") > 0) {
+    result = nrf_jwt_inst->generate_signature(
+        access_token_req.at("nfInstanceId"), access_token_req.at("scope"),
+        access_token_req.at("targetNfInstanceId"), nrf_instance_id, signature);
+  }
+
+  if (!result) {
    http_code = HTTP_STATUS_CODE_400_BAD_REQUEST;
    problem_details.setCause(
        protocol_application_error_e2str[MANDATORY_QUERY_PARAM_INCORRECT]);

--- a/src/nrf_app/nrf_app.hpp
+++ b/src/nrf_app/nrf_app.hpp
@@ -441,7 +441,7 @@ class nrf_app {
                          std::shared_ptr<nrf_search_result> &p) const;

 private:
-  std::string instance_id;  // NRF instance id
+  std::string nrf_instance_id;  // NRF instance id
  std::map<std::string, std::shared_ptr<nrf_profile>> instance_id2nrf_profile;
  mutable std::shared_mutex m_instance_id2nrf_profile;


--- a/src/nrf_app/nrf_jwt.cpp
+++ b/src/nrf_app/nrf_jwt.cpp
@@ -37,17 +37,21 @@ using namespace oai::nrf::app;

 //------------------------------------------------------------------------------
 bool nrf_jwt::generate_signature(const std::string &nf_consumer_id,
+                                 const std::string &scope,
+                                 const std::string &nf_type,
+                                 const std::string &target_nf_type,
+                                 const std::string &nrf_instance_id,
                                 std::string &signature) const {
  std::string key;
-  get_secret_key(nf_consumer_id, key);
+  get_secret_key(scope, nf_type, target_nf_type, key);
  // Create JWT object
-  //TODO
+  // TODO
  jwt::jwt_object obj{jwt::params::algorithm("HS256"),
-                      jwt::params::payload({{"iss", "nrf_instance_id"},
-                                            {"sub", "nf_consumer_id"},
-                                            {"aud", "nf_producer_id"},
-                                            {"scope", "nf_producer_name"},
-                                            {"exp", "100"}}),
+                      jwt::params::payload({{"iss", nrf_instance_id},
+                                            {"sub", nf_consumer_id},
+                                            {"aud", target_nf_type},
+                                            {"scope", scope},
+                                            {"exp", "1000"}}),  // in second
                      jwt::params::secret(key)};

  // Get the encoded string/assertion
@@ -55,7 +59,39 @@ bool nrf_jwt::generate_signature(const std::string &nf_consumer_id,
 }

 //------------------------------------------------------------------------------
-bool nrf_jwt::get_secret_key(const std::string &nf_consumer_id,
+bool nrf_jwt::generate_signature(const std::string &nf_consumer_id,
+                                 const std::string &scope,
+                                 const std::string &target_nf_instance_Id,
+                                 const std::string &nrf_instance_id,
+                                 std::string &signature) const {
+  std::string key;
+  get_secret_key(scope, target_nf_instance_Id, key);
+  // Create JWT object
+  // TODO
+  jwt::jwt_object obj{jwt::params::algorithm("HS256"),
+                      jwt::params::payload({{"iss", nrf_instance_id},
+                                            {"sub", nf_consumer_id},
+                                            {"aud", target_nf_instance_Id},
+                                            {"scope", scope},
+                                            {"exp", "1000"}}),  // in second
+                      jwt::params::secret(key)};
+
+  // Get the encoded string/assertion
+  signature = obj.signature();
+}
+
+//------------------------------------------------------------------------------
+bool nrf_jwt::get_secret_key(const std::string &scope,
+                             const std::string &nf_type,
+                             const std::string &target_nf_type,
+                             std::string &key) const {
+  // TODO:
+  key = "secret";
+}
+
+//------------------------------------------------------------------------------
+bool nrf_jwt::get_secret_key(const std::string &scope,
+                             const std::string &target_nf_instance_Id,
                             std::string &key) const {
  // TODO:
  key = "secret";

--- a/src/nrf_app/nrf_jwt.hpp
+++ b/src/nrf_app/nrf_jwt.hpp
@@ -40,9 +40,66 @@ class nrf_jwt {
 private:
 public:
  void test_jwt();
+
+  /*
+   * Generate signature for the requested consumer
+   * @param [const std::string &] nf_consumer_id: Consumer ID
+   * @param [const std::string &] scope: names of the NF Services that the NF
+   * Service Consumer is trying to access
+   * @param [const std::string &] nf_type: NF type of the NF service consumer
+   * @param [const std::string &] target_nf_type: NF type of the NF service
+   * producer
+   * @param [const std::string &] nrf_instance_id: NRF instance ID
+   * @param [std::string &] signature: generated signature
+   * @return void
+   */
+  bool generate_signature(const std::string &nf_consumer_id,
+                          const std::string &scope, const std::string &nf_type,
+                          const std::string &target_nf_type,
+                          const std::string &nrf_instance_id,
+                          std::string &signature) const;
+
+  /*
+   * Generate signature for the requested consumer
+   * @param [const std::string &] nf_consumer_id: Consumer ID
+   * @param [const std::string &] scope: names of the NF Services that the NF
+   * Service Consumer is trying to access
+   * @param [const std::string &] target_nf_instance_Id: Instance ID the NF
+   * service producer
+   * @param [const std::string &] nrf_instance_id: NRF instance ID
+   * @param [std::string &] signature: generated signature
+   * @return void
+   */
  bool generate_signature(const std::string &nf_consumer_id,
+                          const std::string &scope,
+                          const std::string &target_nf_instance_Id,
+                          const std::string &nrf_instance_id,
                          std::string &signature) const;
-  bool get_secret_key(const std::string &nf_consumer_id,
+
+  /*
+   * Get the secret key
+   * @param [const std::string &] scope: names of the NF Services that the NF
+   * Service Consumer is trying to access
+   * @param [const std::string &] nf_type: NF type of the NF service consumer
+   * @param [const std::string &] target_nf_type: NF type of the NF service
+   * @param [std::string &] key: secret key
+   * @return void
+   */
+  bool get_secret_key(const std::string &scope, const std::string &nf_type,
+                      const std::string &target_nf_type,
+                      std::string &key) const;
+
+  /*
+   * Get the secret key
+   * @param [const std::string &] scope: names of the NF Services that the NF
+   * Service Consumer is trying to access
+   * @param [const std::string &] target_nf_instance_Id: Instance ID the NF
+   * service producer
+   * @param [std::string &] key: secret key
+   * @return void
+   */
+  bool get_secret_key(const std::string &scope,
+                      const std::string &target_nf_instance_Id,
                      std::string &key) const;
 };


--- a/yaml/cmd.txt
+++ b/yaml/cmd.txt
@@ -18,4 +18,4 @@ curl -X PATCH -H "Content-Type: application/json" http://192.168.1.23/nnrf-nfm/v
 curl -X GET  "http://192.168.1.23/nnrf-disc/v1//nf-instances?target-nf-type="AMF"&requester-nf-type="AMF""

 #Access Token
-curl -d "grant_type=client_credentials&nfInstanceId=343a924e-6494-4927-860b-d45692c95c2d&scope=nf_name" -H "Content-Type: application/x-www-form-urlencoded" -X POST http://192.168.1.23/oauth2/token
+curl -d "grant_type=client_credentials&nfInstanceId=343a924e-6494-4927-860b-d45692c95c2d&scope=nsmf-pdusession" -H "Content-Type: application/x-www-form-urlencoded" -X POST http://192.168.1.23/oauth2/token