|
|
@ -14,8 +14,8 @@ import ( |
|
|
|
"google.golang.org/grpc/status" |
|
|
|
"google.golang.org/grpc/status" |
|
|
|
"google.golang.org/protobuf/types/known/structpb" |
|
|
|
"google.golang.org/protobuf/types/known/structpb" |
|
|
|
"gorm.io/gorm" |
|
|
|
"gorm.io/gorm" |
|
|
|
"src.whiteboxsystems.nl/DECOZO/okapidemo/certgen" |
|
|
|
|
|
|
|
"src.whiteboxsystems.nl/decozo/okapi" |
|
|
|
"src.whiteboxsystems.nl/decozo/okapi" |
|
|
|
|
|
|
|
"src.whiteboxsystems.nl/decozo/okapidemo/cryptoutil" |
|
|
|
"src.whiteboxsystems.nl/decozo/okapidemo/sharedmodel" |
|
|
|
"src.whiteboxsystems.nl/decozo/okapidemo/sharedmodel" |
|
|
|
"src.whiteboxsystems.nl/decozo/okapidemo/whiteboxservice/model" |
|
|
|
"src.whiteboxsystems.nl/decozo/okapidemo/whiteboxservice/model" |
|
|
|
) |
|
|
|
) |
|
|
@ -61,7 +61,7 @@ func requireConnection(db *gorm.DB, ctx context.Context) (*sharedmodel.Connectio |
|
|
|
if mtls, ok := p.AuthInfo.(credentials.TLSInfo); ok { |
|
|
|
if mtls, ok := p.AuthInfo.(credentials.TLSInfo); ok { |
|
|
|
item := mtls.State.PeerCertificates[0] |
|
|
|
item := mtls.State.PeerCertificates[0] |
|
|
|
log.Println("request certificate subject:", item.Subject) |
|
|
|
log.Println("request certificate subject:", item.Subject) |
|
|
|
pk, err := certgen.PublicKeyToJWK(item.PublicKey) |
|
|
|
pk, err := cryptoutil.PublicKeyToJWK(item.PublicKey) |
|
|
|
if err != nil { |
|
|
|
if err != nil { |
|
|
|
return nil, errNotAuthorized |
|
|
|
return nil, errNotAuthorized |
|
|
|
} |
|
|
|
} |
|
|
@ -224,7 +224,7 @@ func (srv *OkAPIServer) CompleteRegistration( |
|
|
|
if mtls, ok := p.AuthInfo.(credentials.TLSInfo); ok { |
|
|
|
if mtls, ok := p.AuthInfo.(credentials.TLSInfo); ok { |
|
|
|
item := mtls.State.PeerCertificates[0] |
|
|
|
item := mtls.State.PeerCertificates[0] |
|
|
|
|
|
|
|
|
|
|
|
pk, err := certgen.PublicKeyToJWK(item.PublicKey) |
|
|
|
pk, err := cryptoutil.PublicKeyToJWK(item.PublicKey) |
|
|
|
if err != nil { |
|
|
|
if err != nil { |
|
|
|
return nil, errNotAuthorized |
|
|
|
return nil, errNotAuthorized |
|
|
|
} |
|
|
|
} |
|
|
@ -307,7 +307,7 @@ func (srv *OkAPIServer) EnableService( |
|
|
|
AuthConfig: sharedmodel.NewAuthConfig(in.Fetch.Auth), |
|
|
|
AuthConfig: sharedmodel.NewAuthConfig(in.Fetch.Auth), |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
publicKey, err := certgen.PublicKeyToJWKJson(certgen.ExtractPublicKey(srv.clientCert.PrivateKey)) |
|
|
|
publicKey, err := cryptoutil.PublicKeyToJWKJson(cryptoutil.ExtractPublicKey(srv.clientCert.PrivateKey)) |
|
|
|
|
|
|
|
|
|
|
|
if err != nil { |
|
|
|
if err != nil { |
|
|
|
return nil, fmt.Errorf("Error retrieving pub key: %v", err) |
|
|
|
return nil, fmt.Errorf("Error retrieving pub key: %v", err) |
|
|
|