|
|
|
|
@ -1,9 +1,13 @@ |
|
|
|
|
package sharedmodel |
|
|
|
|
|
|
|
|
|
import ( |
|
|
|
|
"crypto" |
|
|
|
|
"fmt" |
|
|
|
|
|
|
|
|
|
"google.golang.org/protobuf/types/known/structpb" |
|
|
|
|
"gorm.io/gorm" |
|
|
|
|
"src.whiteboxsystems.nl/DECOZO/okapi" |
|
|
|
|
"whiteboxsystems.nl/okapidemo/certgen" |
|
|
|
|
) |
|
|
|
|
|
|
|
|
|
const AuthMethodDecozoMTLS = "http://decozo.org/proto/auth/mtls" |
|
|
|
|
@ -26,10 +30,14 @@ func (cfg AuthConfig) ToOkapi() *okapi.ProtocolAuthConfiguration { |
|
|
|
|
conf := &structpb.Struct{} |
|
|
|
|
|
|
|
|
|
switch cfg.Method { |
|
|
|
|
case "BearerToken": |
|
|
|
|
case AuthMethodDecozoBearerToken: |
|
|
|
|
conf, _ = structpb.NewStruct(map[string]interface{}{ |
|
|
|
|
"token": cfg.Raw, |
|
|
|
|
}) |
|
|
|
|
case AuthMethodDecozoMTLS: |
|
|
|
|
conf, _ = structpb.NewStruct(map[string]interface{}{ |
|
|
|
|
"publicKey": cfg.Raw, |
|
|
|
|
}) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
return &okapi.ProtocolAuthConfiguration{ |
|
|
|
|
@ -44,8 +52,15 @@ func NewAuthConfig(cfg *okapi.ProtocolAuthConfiguration) *AuthConfig { |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
switch cfg.Method { |
|
|
|
|
case "BearerToken": |
|
|
|
|
case AuthMethodDecozoBearerToken: |
|
|
|
|
authConfig.Raw, _ = cfg.GetConfiguration().AsMap()["token"].(string) |
|
|
|
|
case AuthMethodDecozoMTLS: |
|
|
|
|
k, _ := cfg.GetConfiguration().AsMap()["publicKey"].(string) |
|
|
|
|
jwk, _ := certgen.StringToJWK(k) |
|
|
|
|
if jwk != nil { |
|
|
|
|
rawBytes, _ := jwk.Thumbprint(crypto.SHA256) |
|
|
|
|
authConfig.Raw = fmt.Sprintf("%X", rawBytes) |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
return authConfig |
|
|
|
|
|
Bas Kloosterman
2 years ago