+// -
+// ========================LICENSE_START=================================
+// O-RAN-SC
+// %%
+// Copyright (C) 2023: Nordix Foundation
+// %%
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ========================LICENSE_END===================================
+//
+
+package keycloak
+
+import (
+ "encoding/json"
+ "errors"
+ "io"
+ "net/http"
+ "net/url"
+
+ "oransc.org/nonrtric/capifcore/internal/config"
+)
+
+//go:generate mockery --name AccessManagement
+type AccessManagement interface {
+ // Get JWT token for a client.
+ // Returns JWT token if client exits and credentials are correct otherwise returns error.
+ GetToken(clientId, clientPassword, scope string, realm string) (Jwttoken, error)
+}
+
+type KeycloakManager struct {
+ keycloakServerUrl string
+ realms map[string]string
+}
+
+func NewKeycloakManager(cfg *config.Config) *KeycloakManager {
+
+ keycloakUrl := "http://" + cfg.AuthorizationServer.Host + ":" + cfg.AuthorizationServer.Port
+
+ return &KeycloakManager{
+ keycloakServerUrl: keycloakUrl,
+ realms: cfg.AuthorizationServer.Realms,
+ }
+}
+
+type Jwttoken struct {
+ AccessToken string `json:"access_token"`
+ IDToken string `json:"id_token"`
+ ExpiresIn int `json:"expires_in"`
+ RefreshExpiresIn int `json:"refresh_expires_in"`
+ RefreshToken string `json:"refresh_token"`
+ TokenType string `json:"token_type"`
+ NotBeforePolicy int `json:"not-before-policy"`
+ SessionState string `json:"session_state"`
+ Scope string `json:"scope"`
+}
+
+func (km *KeycloakManager) GetToken(clientId, clientPassword, scope string, realm string) (Jwttoken, error) {
+ var jwt Jwttoken
+ getTokenUrl := km.keycloakServerUrl + "/realms/" + realm + "/protocol/openid-connect/token"
+
+ resp, err := http.PostForm(getTokenUrl,
+ url.Values{"grant_type": {"client_credentials"}, "client_id": {clientId}, "client_secret": {clientPassword}})
+
+ if err != nil {
+ return jwt, err
+ }
+
+ defer resp.Body.Close()
+ body, err := io.ReadAll(resp.Body)
+
+ if err != nil {
+ return jwt, err
+ }
+ if resp.StatusCode != http.StatusOK {
+ return jwt, errors.New(string(body))
+ }
+
+ json.Unmarshal([]byte(body), &jwt)
+ return jwt, nil
+}