github.com/Axway/agent-sdk@v1.1.101/pkg/config/authconfig.go (about)

     1  package config
     2  
     3  import (
     4  	"net/url"
     5  	"os"
     6  	"strings"
     7  	"time"
     8  
     9  	"github.com/Axway/agent-sdk/pkg/util/exception"
    10  	"github.com/Axway/agent-sdk/pkg/util/log"
    11  )
    12  
    13  const tokenEndpoint = "/protocol/openid-connect/token"
    14  
    15  // AuthConfig - Interface for service account config
    16  type AuthConfig interface {
    17  	GetTokenURL() string
    18  	GetRealm() string
    19  	GetAudience() string
    20  	GetClientID() string
    21  	GetPrivateKey() string
    22  	GetPublicKey() string
    23  	GetKeyPassword() string
    24  	GetTimeout() time.Duration
    25  	validate()
    26  }
    27  
    28  // AuthConfiguration -
    29  type AuthConfiguration struct {
    30  	AuthConfig
    31  	RegionSettings regionalSettings
    32  	URL            string        `config:"url"`
    33  	Realm          string        `config:"realm"`
    34  	ClientID       string        `config:"clientId"`
    35  	PrivateKey     string        `config:"privateKey"`
    36  	PublicKey      string        `config:"publicKey"`
    37  	PrivateKeyData string        `config:"privateKeyData"`
    38  	PublicKeyData  string        `config:"publicKeyData"`
    39  	KeyPwd         string        `config:"keyPassword"`
    40  	ClientIDReuse  bool          `config:"clientIdReuse"`
    41  	Timeout        time.Duration `config:"timeout"`
    42  }
    43  
    44  func newAuthConfig() AuthConfig {
    45  	return &AuthConfiguration{
    46  		Timeout: 30 * time.Second,
    47  	}
    48  }
    49  
    50  func newTestAuthConfig() AuthConfig {
    51  	os.Setenv("CENTRAL_AUTH_PRIVATEKEY_DATA", "1")
    52  	os.Setenv("CENTRAL_AUTH_PUBLICKEY_DATA", "1")
    53  	return &AuthConfiguration{
    54  		Timeout:    30 * time.Second,
    55  		URL:        "https://auth.com",
    56  		Realm:      "realm",
    57  		ClientID:   "clientid",
    58  		PrivateKey: "file",
    59  		PublicKey:  "file",
    60  	}
    61  }
    62  
    63  func (a *AuthConfiguration) validate() {
    64  	if a.GetURL() == "" {
    65  		exception.Throw(ErrBadConfig.FormatError(pathAuthURL))
    66  	} else if _, err := url.ParseRequestURI(a.GetURL()); err != nil {
    67  		exception.Throw(ErrBadConfig.FormatError(pathAuthURL))
    68  	}
    69  
    70  	if a.GetRealm() == "" {
    71  		exception.Throw(ErrBadConfig.FormatError(pathAuthRealm))
    72  	}
    73  
    74  	if a.GetClientID() == "" {
    75  		// raise deprecation warning for IDs prefixed DOSA_
    76  		if strings.HasPrefix(a.GetClientID(), "DOSA_") {
    77  			log.Warn("DOSA_* service accounts are deprecated, please migrate to an Amplify Platform Service account")
    78  		}
    79  		exception.Throw(ErrBadConfig.FormatError(pathAuthClientID))
    80  	}
    81  
    82  	a.validatePrivateKey()
    83  	a.validatePublicKey()
    84  }
    85  
    86  func validateAuthFileConfig(configKeyName, authFile, dataEnvVar, errMsg string) {
    87  	if authFile == "" {
    88  		exception.Throw(ErrBadConfig.FormatError(configKeyName))
    89  	} else {
    90  		if !fileExists(authFile) && dataEnvVar != "" {
    91  			data := os.Getenv(dataEnvVar)
    92  			if data == "" {
    93  				exception.Throw(ErrBadConfig.FormatError(configKeyName))
    94  			}
    95  			saveKeyData(authFile, data)
    96  		}
    97  		// Validate that the file is readable
    98  		if _, err := os.Open(authFile); err != nil {
    99  			exception.Throw(ErrReadingKeyFile.FormatError(errMsg, authFile))
   100  		}
   101  	}
   102  }
   103  func (a *AuthConfiguration) GetURL() string {
   104  	if a.URL == "" {
   105  		return a.RegionSettings.AuthURL
   106  	}
   107  	return a.URL
   108  }
   109  
   110  func (a *AuthConfiguration) validatePrivateKey() {
   111  	validateAuthFileConfig(pathAuthPrivateKey, a.GetPrivateKey(), "CENTRAL_AUTH_PRIVATEKEY_DATA", "private key")
   112  }
   113  
   114  func (a *AuthConfiguration) validatePublicKey() {
   115  	validateAuthFileConfig(pathAuthPublicKey, a.GetPublicKey(), "CENTRAL_AUTH_PUBLICKEY_DATA", "public key")
   116  }
   117  
   118  // GetTokenURL - Returns the token URL
   119  func (a *AuthConfiguration) GetTokenURL() string {
   120  	if a.GetURL() == "" || a.Realm == "" {
   121  		return ""
   122  	}
   123  	return a.GetURL() + "/realms/" + a.Realm + tokenEndpoint
   124  }
   125  
   126  // GetRealm - Returns the token audience URL
   127  func (a *AuthConfiguration) GetRealm() string {
   128  	return a.Realm
   129  }
   130  
   131  // GetAudience - Returns the token audience URL
   132  func (a *AuthConfiguration) GetAudience() string {
   133  	if a.GetURL() == "" || a.Realm == "" {
   134  		return ""
   135  	}
   136  	return a.GetURL() + "/realms/" + a.Realm
   137  }
   138  
   139  // GetClientID - Returns the token audience URL
   140  func (a *AuthConfiguration) GetClientID() string {
   141  	return a.ClientID
   142  }
   143  
   144  // GetPrivateKey - Returns the private key file path
   145  func (a *AuthConfiguration) GetPrivateKey() string {
   146  	return a.PrivateKey
   147  }
   148  
   149  // GetPublicKey - Returns the public key file path
   150  func (a *AuthConfiguration) GetPublicKey() string {
   151  	return a.PublicKey
   152  }
   153  
   154  // GetKeyPassword - Returns the token audience URL
   155  func (a *AuthConfiguration) GetKeyPassword() string {
   156  	return a.KeyPwd
   157  }
   158  
   159  // GetTimeout - Returns the token audience URL
   160  func (a *AuthConfiguration) GetTimeout() time.Duration {
   161  	return a.Timeout
   162  }
   163  
   164  func fileExists(filename string) bool {
   165  	info, err := os.Stat(filename)
   166  	if os.IsNotExist(err) {
   167  		return false
   168  	}
   169  	return !info.IsDir()
   170  }
   171  
   172  func saveKeyData(filename string, data string) {
   173  	dataBytes := []byte(data)
   174  	os.WriteFile(filename, dataBytes, 0600)
   175  }