X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=capifcore%2Finternal%2Fsecurityapi%2Ftypevalidation.go;fp=capifcore%2Finternal%2Fsecurityapi%2Ftypevalidation.go;h=90dbda36fde30f8106bee211545c94178311a450;hb=cfa08775db2ed44e603b0ceccf36a50f59bd679a;hp=0000000000000000000000000000000000000000;hpb=bf237808ac109b30461a453c59ff4e9cc9b297f4;p=nonrtric%2Fplt%2Fsme.git diff --git a/capifcore/internal/securityapi/typevalidation.go b/capifcore/internal/securityapi/typevalidation.go new file mode 100644 index 0000000..90dbda3 --- /dev/null +++ b/capifcore/internal/securityapi/typevalidation.go @@ -0,0 +1,62 @@ +// - +// ========================LICENSE_START================================= +// O-RAN-SC +// %% +// Copyright (C) 2023: Nordix Foundation +// %% +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// ========================LICENSE_END=================================== +// + +package securityapi + +import ( + "strings" +) + +func (tokenReq AccessTokenReq) Validate() (bool, AccessTokenErr) { + + if tokenReq.ClientId == "" { + return false, createAccessTokenError(AccessTokenErrErrorInvalidRequest, "Invalid request") + } + + if tokenReq.GrantType != AccessTokenReqGrantTypeClientCredentials { + return false, createAccessTokenError(AccessTokenErrErrorInvalidGrant, "Invalid value for grant_type") + } + + //3gpp#aefId1:apiName1,apiName2,…apiNameX;aefId2:apiName1,apiName2,…apiNameY;…aefIdN:apiName1,apiName2,…apiNameZ + if tokenReq.Scope != nil { + scope := strings.Split(*tokenReq.Scope, "#") + if len(scope) < 2 { + return false, createAccessTokenError(AccessTokenErrErrorInvalidScope, "Malformed scope") + } + if scope[0] != "3gpp" { + return false, createAccessTokenError(AccessTokenErrErrorInvalidScope, "Scope should start with 3gpp") + } + aefList := strings.Split(scope[1], ";") + for _, aef := range aefList { + apiList := strings.Split(aef, ":") + if len(apiList) < 2 { + return false, createAccessTokenError(AccessTokenErrErrorInvalidScope, "Malformed scope") + } + } + } + return true, AccessTokenErr{} +} + +func createAccessTokenError(err AccessTokenErrError, message string) AccessTokenErr { + return AccessTokenErr{ + Error: err, + ErrorDescription: &message, + } +}