X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=capifcore%2Finternal%2Fsecurityservice%2Fsecurity.go;h=b3f1d3000e554721e506b040baaee731cda0af62;hb=5493b0faf67fc5b58b575880db528eb2b663d45a;hp=e211f673718e8eabbe63dcaa32453d7d493eb2b9;hpb=051a4a32068b4718ef9ddb1868e532a976de843e;p=nonrtric%2Fplt%2Fsme.git diff --git a/capifcore/internal/securityservice/security.go b/capifcore/internal/securityservice/security.go index e211f67..b3f1d30 100644 --- a/capifcore/internal/securityservice/security.go +++ b/capifcore/internal/securityservice/security.go @@ -2,7 +2,8 @@ // ========================LICENSE_START================================= // O-RAN-SC // %% -// Copyright (C) 2022: Nordix Foundation +// Copyright (C) 2022-2023: Nordix Foundation +// Copyright (C) 2024: OpenInfra Foundation Europe // %% // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -91,9 +92,17 @@ func (s *Security) PostSecuritiesSecurityIdToken(ctx echo.Context, securityId st } } data := url.Values{"grant_type": {"client_credentials"}, "client_id": {accessTokenReq.ClientId}, "client_secret": {*accessTokenReq.ClientSecret}} - jwtToken, err := s.keycloak.GetToken("invokerrealm", data) - if err != nil { - return sendAccessTokenError(ctx, http.StatusBadRequest, securityapi.AccessTokenErrErrorUnauthorizedClient, err.Error()) + + var jwtToken keycloak.Jwttoken + var err error + + if s.keycloak != nil { + jwtToken, err = s.keycloak.GetToken("invokerrealm", data) + if err != nil { + return sendAccessTokenError(ctx, http.StatusBadRequest, securityapi.AccessTokenErrErrorUnauthorizedClient, err.Error()) + } + } else { + return sendAccessTokenError(ctx, http.StatusBadRequest, securityapi.AccessTokenErrErrorUnauthorizedClient, "keycloak is nil") } accessTokenResp := securityapi.AccessTokenRsp{ @@ -192,11 +201,6 @@ func (s *Security) PutTrustedInvokersApiInvokerId(ctx echo.Context, apiInvokerId return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, err)) } - err = s.keycloak.AddClient(apiInvokerId, "invokerrealm") - if err != nil { - return sendCoreError(ctx, http.StatusBadRequest, fmt.Sprintf(errMsg, err)) - } - uri := ctx.Request().Host + ctx.Request().URL.String() ctx.Response().Header().Set(echo.HeaderLocation, ctx.Scheme()+`://`+path.Join(uri, apiInvokerId)) @@ -245,7 +249,7 @@ func (s *Security) PostTrustedInvokersApiInvokerIdDelete(ctx echo.Context, apiIn } if ss, ok := s.trustedInvokers[apiInvokerId]; ok { - securityInfoCopy := s.revokeTrustedInvoker(&ss, notification, apiInvokerId) + securityInfoCopy := s.revokeTrustedInvoker(&ss, notification) if len(securityInfoCopy) == 0 { s.deleteTrustedInvoker(apiInvokerId) @@ -262,7 +266,7 @@ func (s *Security) PostTrustedInvokersApiInvokerIdDelete(ctx echo.Context, apiIn } -func (s *Security) revokeTrustedInvoker(ss *securityapi.ServiceSecurity, notification securityapi.SecurityNotification, apiInvokerId string) []securityapi.SecurityInformation { +func (s *Security) revokeTrustedInvoker(ss *securityapi.ServiceSecurity, notification securityapi.SecurityNotification) []securityapi.SecurityInformation { data, _ := copystructure.Copy(ss.SecurityInfo) securityInfoCopy, _ := data.([]securityapi.SecurityInformation)