Skip to content

Commit

Permalink
Feature: Add NRF Consumer support OAuth2 (#18)
Browse files Browse the repository at this point in the history
* Feature: NRF consumer support oauth2

* update go.mod

* Fix: add minor change

* Fix: prevent assertion and modify config setting

* Fix: move GetTokenCtx() and fix logic

* Fix: linter error

* Fix: Update openapi ans util version

---------

Co-authored-by: CTFang@WireLab <ctfang.cs12@nycu.edu.tw>
  • Loading branch information
andy89923 and andy89923 authored Dec 19, 2023
1 parent 492b37a commit ab54adb
Show file tree
Hide file tree
Showing 9 changed files with 57 additions and 17 deletions.
4 changes: 2 additions & 2 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ require (
github.com/antihax/optional v1.0.0
github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d
github.com/bronze1man/radius v0.0.0-20190516032554-afd8baec892d
github.com/free5gc/openapi v1.0.7-0.20230802173229-2b3ded4db293
github.com/free5gc/util v1.0.5-0.20231001095115-433858e5be94
github.com/free5gc/openapi v1.0.7-0.20231216094313-e15a4ff046f6
github.com/free5gc/util v1.0.5-0.20231205080047-308f623d6808
github.com/gin-gonic/gin v1.9.1
github.com/google/gopacket v1.1.19
github.com/google/uuid v1.3.0
Expand Down
10 changes: 5 additions & 5 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -61,10 +61,10 @@ github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.m
github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ=
github.com/free5gc/openapi v1.0.7-0.20230802173229-2b3ded4db293 h1:BSIvKCYu7646sE8J9R1L8v2R435otUik3wOFN33csfs=
github.com/free5gc/openapi v1.0.7-0.20230802173229-2b3ded4db293/go.mod h1:iw/N0E+FlX44EEx24IBi2EdZW8v+bkj3ETWPGnlK9DI=
github.com/free5gc/util v1.0.5-0.20231001095115-433858e5be94 h1:tNylIqH/m5Kq+3KuC+jjXGl06Y6EmM8yq61ZUgNrPBY=
github.com/free5gc/util v1.0.5-0.20231001095115-433858e5be94/go.mod h1:aMszJZbCkcg5xaGgzya+55jz+OPMsJqPLq5Z3fWDFPE=
github.com/free5gc/openapi v1.0.7-0.20231216094313-e15a4ff046f6 h1:8P/wOkTAQMgZJe9pUUNSTE5PWeAdlMrsU9kLsI+VAVE=
github.com/free5gc/openapi v1.0.7-0.20231216094313-e15a4ff046f6/go.mod h1:qv9KqEucoZSeENPRFGxfTe+33ZWYyiYFx1Rj+H0DoWA=
github.com/free5gc/util v1.0.5-0.20231205080047-308f623d6808 h1:8/IoWEgcO2DLlLCqbsxwduD7CzXdKe/BFJU2tcAqnxo=
github.com/free5gc/util v1.0.5-0.20231205080047-308f623d6808/go.mod h1:d+79g84a3YHhzvjJ2IhurrBOavOA8xWIQ/GCywPXqQk=
github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU=
github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA=
github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
Expand Down Expand Up @@ -308,7 +308,6 @@ golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81R
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
Expand Down Expand Up @@ -525,6 +524,7 @@ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
Expand Down
1 change: 1 addition & 0 deletions internal/context/ausf_context_init.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ func InitAusfContext(context *AUSFContext) {
context.NfId = uuid.New().String()
context.GroupID = configuration.GroupId
context.NrfUri = configuration.NrfUri
context.NrfCertPem = configuration.NrfCertPem
context.UriScheme = models.UriScheme(configuration.Sbi.Scheme) // default uri scheme
context.RegisterIPv4 = factory.AusfSbiDefaultIPv4 // default localhost
context.SBIPort = factory.AusfSbiDefaultPort // default port
Expand Down
14 changes: 14 additions & 0 deletions internal/context/context.go
Original file line number Diff line number Diff line change
@@ -1,11 +1,13 @@
package context

import (
"context"
"regexp"
"sync"

"github.com/free5gc/ausf/internal/logger"
"github.com/free5gc/openapi/models"
"github.com/free5gc/openapi/oauth"
)

type AUSFContext struct {
Expand All @@ -19,11 +21,13 @@ type AUSFContext struct {
Url string
UriScheme models.UriScheme
NrfUri string
NrfCertPem string
NfService map[models.ServiceName]models.NfService
PlmnList []models.PlmnId
UdmUeauUrl string
snRegex *regexp.Regexp
EapAkaSupiImsiPrefix bool
OAuth2Required bool
}

type AusfUeContext struct {
Expand Down Expand Up @@ -155,3 +159,13 @@ func GetSelf() *AUSFContext {
func (a *AUSFContext) GetSelfID() string {
return a.NfId
}

func (c *AUSFContext) GetTokenCtx(scope, targetNF string) (
context.Context, *models.ProblemDetails, error,
) {
if !c.OAuth2Required {
return context.TODO(), nil, nil
}
return oauth.GetTokenCtx(models.NfType_AUSF,
c.NfId, c.NrfUri, scope, targetNF)
}
9 changes: 7 additions & 2 deletions internal/sbi/consumer/nf_discovery.go
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
package consumer

import (
"context"
"fmt"
"net/http"

ausf_context "github.com/free5gc/ausf/internal/context"
"github.com/free5gc/ausf/internal/logger"
"github.com/free5gc/openapi/Nnrf_NFDiscovery"
"github.com/free5gc/openapi/models"
Expand All @@ -13,11 +13,16 @@ import (
func SendSearchNFInstances(nrfUri string, targetNfType, requestNfType models.NfType,
param Nnrf_NFDiscovery.SearchNFInstancesParamOpts,
) (*models.SearchResult, error) {
ctx, _, err := ausf_context.GetSelf().GetTokenCtx("nnrf-disc", "NRF")
if err != nil {
return nil, err
}

configuration := Nnrf_NFDiscovery.NewConfiguration()
configuration.SetBasePath(nrfUri)
client := Nnrf_NFDiscovery.NewAPIClient(configuration)

result, rsp, rspErr := client.NFInstancesStoreApi.SearchNFInstances(context.TODO(),
result, rsp, rspErr := client.NFInstancesStoreApi.SearchNFInstances(ctx,
targetNfType, requestNfType, &param)
if rspErr != nil {
return nil, fmt.Errorf("NFInstancesStoreApi Response error: %+w", rspErr)
Expand Down
29 changes: 24 additions & 5 deletions internal/sbi/consumer/nf_management.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,17 +33,17 @@ func BuildNFInstance(ausfContext *ausf_context.AUSFContext) (profile models.NfPr
return
}

// func SendRegisterNFInstance(nrfUri, nfInstanceId string, profile models.NfProfile) (resouceNrfUri string,
// retrieveNfInstanceID string, err error) {
// func SendRegisterNFInstance(nrfUri, nfInstanceId string, profile models.NfProfile,
// ) (resouceNrfUri string,retrieveNfInstanceID string, err error) {
func SendRegisterNFInstance(nrfUri, nfInstanceId string, profile models.NfProfile) (string, string, error) {
configuration := Nnrf_NFManagement.NewConfiguration()
configuration.SetBasePath(nrfUri)
client := Nnrf_NFManagement.NewAPIClient(configuration)

var res *http.Response
for {
if _, resTmp, err := client.NFInstanceIDDocumentApi.RegisterNFInstance(context.TODO(), nfInstanceId,
profile); err != nil || resTmp == nil {
nf, resTmp, err := client.NFInstanceIDDocumentApi.RegisterNFInstance(context.TODO(), nfInstanceId, profile)
if err != nil || resTmp == nil {
logger.ConsumerLog.Errorf("AUSF register to NRF Error[%v]", err)
time.Sleep(2 * time.Second)
continue
Expand All @@ -64,6 +64,20 @@ func SendRegisterNFInstance(nrfUri, nfInstanceId string, profile models.NfProfil
resourceUri := res.Header.Get("Location")
resourceNrfUri := resourceUri[:strings.Index(resourceUri, "/nnrf-nfm/")]
retrieveNfInstanceID := resourceUri[strings.LastIndex(resourceUri, "/")+1:]

oauth2 := false
if nf.CustomInfo != nil {
v, ok := nf.CustomInfo["oauth2"].(bool)
if ok {
oauth2 = v
logger.MainLog.Infoln("OAuth2 setting receive from NRF:", oauth2)
}
}
ausf_context.GetSelf().OAuth2Required = oauth2
if oauth2 && ausf_context.GetSelf().NrfCertPem == "" {
logger.CfgLog.Error("OAuth2 enable but no nrfCertPem provided in config.")
}

return resourceNrfUri, retrieveNfInstanceID, nil
} else {
fmt.Println(fmt.Errorf("handler returned wrong status code %d", status))
Expand All @@ -76,13 +90,18 @@ func SendRegisterNFInstance(nrfUri, nfInstanceId string, profile models.NfProfil
func SendDeregisterNFInstance() (*models.ProblemDetails, error) {
logger.ConsumerLog.Infof("Send Deregister NFInstance")

ctx, pd, err := ausf_context.GetSelf().GetTokenCtx("nnrf-nfm", "NRF")
if err != nil {
return pd, err
}

ausfSelf := ausf_context.GetSelf()
// Set client and set url
configuration := Nnrf_NFManagement.NewConfiguration()
configuration.SetBasePath(ausfSelf.NrfUri)
client := Nnrf_NFManagement.NewAPIClient(configuration)

res, err := client.NFInstanceIDDocumentApi.DeregisterNFInstance(context.Background(), ausfSelf.NfId)
res, err := client.NFInstanceIDDocumentApi.DeregisterNFInstance(ctx, ausfSelf.NfId)
if err == nil {
return nil, err
} else if res != nil {
Expand Down
2 changes: 1 addition & 1 deletion internal/sbi/producer/functions.go
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,7 @@ func EapEncodeAttribute(attributeType string, data string) (string, error) {
}

// func eapAkaPrimePrf(ikPrime string, ckPrime string, identity string) (K_encr string, K_aut string, K_re string,
// MSK string, EMSK string) {
// MSK string, EMSK string) {
func eapAkaPrimePrf(ikPrime string, ckPrime string, identity string) ([]byte, []byte, []byte, []byte, []byte) {
keyAp := ikPrime + ckPrime

Expand Down
4 changes: 2 additions & 2 deletions internal/sbi/producer/ue_authentication.go
Original file line number Diff line number Diff line change
Expand Up @@ -81,8 +81,8 @@ func HandleUeAuthPostRequest(request *httpwrapper.Request) *httpwrapper.Response
return httpwrapper.NewResponse(http.StatusForbidden, nil, problemDetails)
}

// func UeAuthPostRequestProcedure(updateAuthenticationInfo models.AuthenticationInfo) (
// response *models.UeAuthenticationCtx, locationURI string, problemDetails *models.ProblemDetails) {
// func UeAuthPostRequestProcedure(updateAuthenticationInfo models.AuthenticationInfo,
// ) (response *models.UeAuthenticationCtx, locationURI string, problemDetails *models.ProblemDetails) {
func UeAuthPostRequestProcedure(updateAuthenticationInfo models.AuthenticationInfo) (*models.UeAuthenticationCtx,
string, *models.ProblemDetails,
) {
Expand Down
1 change: 1 addition & 0 deletions pkg/factory/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ type Configuration struct {
Sbi *Sbi `yaml:"sbi,omitempty" valid:"required"`
ServiceNameList []string `yaml:"serviceNameList,omitempty" valid:"required"`
NrfUri string `yaml:"nrfUri,omitempty" valid:"url,required"`
NrfCertPem string `yaml:"nrfCertPem,omitempty" valid:"optional"`
PlmnSupportList []models.PlmnId `yaml:"plmnSupportList,omitempty" valid:"required"`
GroupId string `yaml:"groupId,omitempty" valid:"type(string),minstringlength(1)"`
EapAkaSupiImsiPrefix bool `yaml:"eapAkaSupiImsiPrefix,omitempty" valid:"type(bool),optional"`
Expand Down

0 comments on commit ab54adb

Please sign in to comment.