"sync"
"github.com/labstack/echo/v4"
-
+ copystructure "github.com/mitchellh/copystructure"
"oransc.org/nonrtric/capifcore/internal/common29122"
securityapi "oransc.org/nonrtric/capifcore/internal/securityapi"
}
func (s *Security) DeleteTrustedInvokersApiInvokerId(ctx echo.Context, apiInvokerId string) error {
- return ctx.NoContent(http.StatusNotImplemented)
+ if _, ok := s.trustedInvokers[apiInvokerId]; ok {
+ s.deleteTrustedInvoker(apiInvokerId)
+ }
+
+ return ctx.NoContent(http.StatusNoContent)
+}
+
+func (s *Security) deleteTrustedInvoker(apiInvokerId string) {
+ s.lock.Lock()
+ defer s.lock.Unlock()
+ delete(s.trustedInvokers, apiInvokerId)
}
func (s *Security) GetTrustedInvokersApiInvokerId(ctx echo.Context, apiInvokerId string, params securityapi.GetTrustedInvokersApiInvokerIdParams) error {
- return ctx.NoContent(http.StatusNotImplemented)
+
+ if trustedInvoker, ok := s.trustedInvokers[apiInvokerId]; ok {
+ updatedInvoker := s.checkParams(trustedInvoker, params)
+ if updatedInvoker != nil {
+ err := ctx.JSON(http.StatusOK, updatedInvoker)
+ if err != nil {
+ return err
+ }
+ }
+ } else {
+ return sendCoreError(ctx, http.StatusNotFound, fmt.Sprintf("invoker %s not registered as trusted invoker", apiInvokerId))
+ }
+
+ return nil
+}
+
+func (s *Security) checkParams(trustedInvoker securityapi.ServiceSecurity, params securityapi.GetTrustedInvokersApiInvokerIdParams) *securityapi.ServiceSecurity {
+ emptyString := ""
+
+ var sendAuthenticationInfo = (params.AuthenticationInfo != nil) && *params.AuthenticationInfo
+ var sendAuthorizationInfo = (params.AuthorizationInfo != nil) && *params.AuthorizationInfo
+
+ if sendAuthenticationInfo && sendAuthorizationInfo {
+ return &trustedInvoker
+ }
+
+ data, _ := copystructure.Copy(trustedInvoker)
+ updatedInvoker, ok := data.(securityapi.ServiceSecurity)
+ if !ok {
+ return nil
+ }
+
+ if !sendAuthenticationInfo {
+ for i := range updatedInvoker.SecurityInfo {
+ updatedInvoker.SecurityInfo[i].AuthenticationInfo = &emptyString
+ }
+ }
+ if !sendAuthorizationInfo {
+ for i := range updatedInvoker.SecurityInfo {
+ updatedInvoker.SecurityInfo[i].AuthorizationInfo = &emptyString
+ }
+ }
+ return &updatedInvoker
}
func (s *Security) PutTrustedInvokersApiInvokerId(ctx echo.Context, apiInvokerId string) error {
accessMgmMock := keycloackmocks.AccessManagement{}
accessMgmMock.On("GetToken", mock.AnythingOfType("string"), mock.AnythingOfType("string"), mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(jwt, nil)
- requestHandler := getEcho(&serviceRegisterMock, &publishRegisterMock, &invokerRegisterMock, &accessMgmMock)
+ requestHandler, _ := getEcho(&serviceRegisterMock, &publishRegisterMock, &invokerRegisterMock, &accessMgmMock)
data := url.Values{}
clientId := "id"
invokerRegisterMock := invokermocks.InvokerRegister{}
invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(false)
- requestHandler := getEcho(nil, nil, &invokerRegisterMock, nil)
+ requestHandler, _ := getEcho(nil, nil, &invokerRegisterMock, nil)
data := url.Values{}
data.Set("client_id", "id")
invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
invokerRegisterMock.On("VerifyInvokerSecret", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(false)
- requestHandler := getEcho(nil, nil, &invokerRegisterMock, nil)
+ requestHandler, _ := getEcho(nil, nil, &invokerRegisterMock, nil)
data := url.Values{}
data.Set("client_id", "id")
serviceRegisterMock := servicemocks.ServiceRegister{}
serviceRegisterMock.On("IsFunctionRegistered", mock.AnythingOfType("string")).Return(false)
- requestHandler := getEcho(&serviceRegisterMock, nil, &invokerRegisterMock, nil)
+ requestHandler, _ := getEcho(&serviceRegisterMock, nil, &invokerRegisterMock, nil)
data := url.Values{}
data.Set("client_id", "id")
publishRegisterMock := publishmocks.PublishRegister{}
publishRegisterMock.On("IsAPIPublished", mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(false)
- requestHandler := getEcho(&serviceRegisterMock, &publishRegisterMock, &invokerRegisterMock, nil)
+ requestHandler, _ := getEcho(&serviceRegisterMock, &publishRegisterMock, &invokerRegisterMock, nil)
data := url.Values{}
data.Set("client_id", "id")
accessMgmMock := keycloackmocks.AccessManagement{}
accessMgmMock.On("GetToken", mock.AnythingOfType("string"), mock.AnythingOfType("string"), mock.AnythingOfType("string"), mock.AnythingOfType("string")).Return(jwt, errors.New("invalid_credentials"))
- requestHandler := getEcho(&serviceRegisterMock, &publishRegisterMock, &invokerRegisterMock, &accessMgmMock)
+ requestHandler, _ := getEcho(&serviceRegisterMock, &publishRegisterMock, &invokerRegisterMock, &accessMgmMock)
data := url.Values{}
clientId := "id"
publishRegisterMock := publishmocks.PublishRegister{}
publishRegisterMock.On("GetAllPublishedServices").Return(publishedServices)
- requestHandler := getEcho(nil, &publishRegisterMock, &invokerRegisterMock, nil)
+ requestHandler, _ := getEcho(nil, &publishRegisterMock, &invokerRegisterMock, nil)
invokerId := "invokerId"
serviceSecurityUnderTest := getServiceSecurity(aefId, apiId)
invokerRegisterMock := invokermocks.InvokerRegister{}
invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(false)
- requestHandler := getEcho(nil, nil, &invokerRegisterMock, nil)
+ requestHandler, _ := getEcho(nil, nil, &invokerRegisterMock, nil)
invokerId := "invokerId"
serviceSecurityUnderTest := getServiceSecurity("aefId", "apiId")
invokerRegisterMock := invokermocks.InvokerRegister{}
invokerRegisterMock.On("IsInvokerRegistered", mock.AnythingOfType("string")).Return(true)
- requestHandler := getEcho(nil, nil, &invokerRegisterMock, nil)
+ requestHandler, _ := getEcho(nil, nil, &invokerRegisterMock, nil)
invokerId := "invokerId"
notificationUrl := "url"
publishRegisterMock := publishmocks.PublishRegister{}
publishRegisterMock.On("GetAllPublishedServices").Return(publishedServices)
- requestHandler := getEcho(nil, &publishRegisterMock, &invokerRegisterMock, nil)
+ requestHandler, _ := getEcho(nil, &publishRegisterMock, &invokerRegisterMock, nil)
invokerId := "invokerId"
serviceSecurityUnderTest := getServiceSecurity(aefId, apiId)
publishRegisterMock := publishmocks.PublishRegister{}
publishRegisterMock.On("GetAllPublishedServices").Return(publishedServices)
- requestHandler := getEcho(nil, &publishRegisterMock, &invokerRegisterMock, nil)
+ requestHandler, _ := getEcho(nil, &publishRegisterMock, &invokerRegisterMock, nil)
invokerId := "invokerId"
serviceSecurityUnderTest := getServiceSecurity("aefId", "apiId")
invokerRegisterMock.AssertCalled(t, "IsInvokerRegistered", invokerId)
}
-func getEcho(serviceRegister providermanagement.ServiceRegister, publishRegister publishservice.PublishRegister, invokerRegister invokermanagement.InvokerRegister, keycloakMgm keycloak.AccessManagement) *echo.Echo {
+func TestDeleteSecurityContext(t *testing.T) {
+
+ requestHandler, securityUnderTest := getEcho(nil, nil, nil, nil)
+
+ aefId := "aefId"
+ apiId := "apiId"
+ serviceSecurityUnderTest := getServiceSecurity(aefId, apiId)
+ serviceSecurityUnderTest.SecurityInfo[0].ApiId = &apiId
+
+ invokerId := "invokerId"
+ securityUnderTest.trustedInvokers[invokerId] = serviceSecurityUnderTest
+
+ // Delete the security context
+ result := testutil.NewRequest().Delete("/trustedInvokers/"+invokerId).Go(t, requestHandler)
+
+ assert.Equal(t, http.StatusNoContent, result.Code())
+ _, ok := securityUnderTest.trustedInvokers[invokerId]
+ assert.False(t, ok)
+}
+
+func TestGetSecurityContextByInvokerId(t *testing.T) {
+
+ requestHandler, securityUnderTest := getEcho(nil, nil, nil, nil)
+
+ aefId := "aefId"
+ apiId := "apiId"
+ authenticationInfo := "authenticationInfo"
+ authorizationInfo := "authorizationInfo"
+ serviceSecurityUnderTest := getServiceSecurity(aefId, apiId)
+ serviceSecurityUnderTest.SecurityInfo[0].AuthenticationInfo = &authenticationInfo
+ serviceSecurityUnderTest.SecurityInfo[0].AuthorizationInfo = &authorizationInfo
+
+ invokerId := "invokerId"
+ securityUnderTest.trustedInvokers[invokerId] = serviceSecurityUnderTest
+
+ // Get security context
+ result := testutil.NewRequest().Get("/trustedInvokers/"+invokerId).Go(t, requestHandler)
+
+ assert.Equal(t, http.StatusOK, result.Code())
+ var resultService securityapi.ServiceSecurity
+ err := result.UnmarshalBodyToObject(&resultService)
+ assert.NoError(t, err, "error unmarshaling response")
+
+ for _, secInfo := range resultService.SecurityInfo {
+ assert.Equal(t, apiId, *secInfo.ApiId)
+ assert.Equal(t, aefId, *secInfo.AefId)
+ assert.Equal(t, "", *secInfo.AuthenticationInfo)
+ assert.Equal(t, "", *secInfo.AuthorizationInfo)
+ }
+
+ result = testutil.NewRequest().Get("/trustedInvokers/"+invokerId+"?authenticationInfo=true&authorizationInfo=false").Go(t, requestHandler)
+ assert.Equal(t, http.StatusOK, result.Code())
+ err = result.UnmarshalBodyToObject(&resultService)
+ assert.NoError(t, err, "error unmarshaling response")
+
+ for _, secInfo := range resultService.SecurityInfo {
+ assert.Equal(t, authenticationInfo, *secInfo.AuthenticationInfo)
+ assert.Equal(t, "", *secInfo.AuthorizationInfo)
+ }
+
+ result = testutil.NewRequest().Get("/trustedInvokers/"+invokerId+"?authenticationInfo=true&authorizationInfo=true").Go(t, requestHandler)
+ assert.Equal(t, http.StatusOK, result.Code())
+ err = result.UnmarshalBodyToObject(&resultService)
+ assert.NoError(t, err, "error unmarshaling response")
+
+ for _, secInfo := range resultService.SecurityInfo {
+ assert.Equal(t, authenticationInfo, *secInfo.AuthenticationInfo)
+ assert.Equal(t, authorizationInfo, *secInfo.AuthorizationInfo)
+ }
+}
+
+func getEcho(serviceRegister providermanagement.ServiceRegister, publishRegister publishservice.PublishRegister, invokerRegister invokermanagement.InvokerRegister, keycloakMgm keycloak.AccessManagement) (*echo.Echo, *Security) {
swagger, err := securityapi.GetSwagger()
if err != nil {
fmt.Fprintf(os.Stderr, "Error loading swagger spec\n: %s", err)
e.Use(middleware.OapiRequestValidator(swagger))
securityapi.RegisterHandlers(e, s)
- return e
+ return e, s
}
func getServiceSecurity(aefId string, apiId string) securityapi.ServiceSecurity {