X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=capifcore%2Finternal%2Fkeycloak%2Fkeycloak.go;fp=capifcore%2Finternal%2Fkeycloak%2Fkeycloak.go;h=16f65c81268366506bae4524dace8a8625dcf065;hb=4308df0663b45eb9d95b3babdf519a06ee76c15a;hp=0000000000000000000000000000000000000000;hpb=1a36c0f848111d82bf58552662f7bff3b05f79ed;p=nonrtric%2Fplt%2Fsme.git diff --git a/capifcore/internal/keycloak/keycloak.go b/capifcore/internal/keycloak/keycloak.go new file mode 100644 index 0000000..16f65c8 --- /dev/null +++ b/capifcore/internal/keycloak/keycloak.go @@ -0,0 +1,90 @@ +// - +// ========================LICENSE_START================================= +// O-RAN-SC +// %% +// Copyright (C) 2023: Nordix Foundation +// %% +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ========================LICENSE_END=================================== +// + +package keycloak + +import ( + "encoding/json" + "errors" + "io" + "net/http" + "net/url" + + "oransc.org/nonrtric/capifcore/internal/config" +) + +//go:generate mockery --name AccessManagement +type AccessManagement interface { + // Get JWT token for a client. + // Returns JWT token if client exits and credentials are correct otherwise returns error. + GetToken(clientId, clientPassword, scope string, realm string) (Jwttoken, error) +} + +type KeycloakManager struct { + keycloakServerUrl string + realms map[string]string +} + +func NewKeycloakManager(cfg *config.Config) *KeycloakManager { + + keycloakUrl := "http://" + cfg.AuthorizationServer.Host + ":" + cfg.AuthorizationServer.Port + + return &KeycloakManager{ + keycloakServerUrl: keycloakUrl, + realms: cfg.AuthorizationServer.Realms, + } +} + +type Jwttoken struct { + AccessToken string `json:"access_token"` + IDToken string `json:"id_token"` + ExpiresIn int `json:"expires_in"` + RefreshExpiresIn int `json:"refresh_expires_in"` + RefreshToken string `json:"refresh_token"` + TokenType string `json:"token_type"` + NotBeforePolicy int `json:"not-before-policy"` + SessionState string `json:"session_state"` + Scope string `json:"scope"` +} + +func (km *KeycloakManager) GetToken(clientId, clientPassword, scope string, realm string) (Jwttoken, error) { + var jwt Jwttoken + getTokenUrl := km.keycloakServerUrl + "/realms/" + realm + "/protocol/openid-connect/token" + + resp, err := http.PostForm(getTokenUrl, + url.Values{"grant_type": {"client_credentials"}, "client_id": {clientId}, "client_secret": {clientPassword}}) + + if err != nil { + return jwt, err + } + + defer resp.Body.Close() + body, err := io.ReadAll(resp.Body) + + if err != nil { + return jwt, err + } + if resp.StatusCode != http.StatusOK { + return jwt, errors.New(string(body)) + } + + json.Unmarshal([]byte(body), &jwt) + return jwt, nil +}