diff --git a/go.mod b/go.mod index 386d587..7dffdc1 100644 --- a/go.mod +++ b/go.mod @@ -6,8 +6,8 @@ require ( github.com/antihax/optional v1.0.0 github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d github.com/bronze1man/radius v0.0.0-20190516032554-afd8baec892d - github.com/free5gc/openapi v1.0.7-0.20230802173229-2b3ded4db293 - github.com/free5gc/util v1.0.5-0.20231001095115-433858e5be94 + github.com/free5gc/openapi v1.0.7-0.20231216094313-e15a4ff046f6 + github.com/free5gc/util v1.0.5-0.20231205080047-308f623d6808 github.com/gin-gonic/gin v1.9.1 github.com/google/gopacket v1.1.19 github.com/google/uuid v1.3.0 diff --git a/go.sum b/go.sum index ecef5d3..0947f12 100644 --- a/go.sum +++ b/go.sum @@ -61,10 +61,10 @@ github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.m github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ= -github.com/free5gc/openapi v1.0.7-0.20230802173229-2b3ded4db293 h1:BSIvKCYu7646sE8J9R1L8v2R435otUik3wOFN33csfs= -github.com/free5gc/openapi v1.0.7-0.20230802173229-2b3ded4db293/go.mod h1:iw/N0E+FlX44EEx24IBi2EdZW8v+bkj3ETWPGnlK9DI= -github.com/free5gc/util v1.0.5-0.20231001095115-433858e5be94 h1:tNylIqH/m5Kq+3KuC+jjXGl06Y6EmM8yq61ZUgNrPBY= -github.com/free5gc/util v1.0.5-0.20231001095115-433858e5be94/go.mod h1:aMszJZbCkcg5xaGgzya+55jz+OPMsJqPLq5Z3fWDFPE= +github.com/free5gc/openapi v1.0.7-0.20231216094313-e15a4ff046f6 h1:8P/wOkTAQMgZJe9pUUNSTE5PWeAdlMrsU9kLsI+VAVE= +github.com/free5gc/openapi v1.0.7-0.20231216094313-e15a4ff046f6/go.mod h1:qv9KqEucoZSeENPRFGxfTe+33ZWYyiYFx1Rj+H0DoWA= +github.com/free5gc/util v1.0.5-0.20231205080047-308f623d6808 h1:8/IoWEgcO2DLlLCqbsxwduD7CzXdKe/BFJU2tcAqnxo= +github.com/free5gc/util v1.0.5-0.20231205080047-308f623d6808/go.mod h1:d+79g84a3YHhzvjJ2IhurrBOavOA8xWIQ/GCywPXqQk= github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU= github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA= github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE= @@ -308,7 +308,6 @@ golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81R golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= @@ -525,6 +524,7 @@ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/internal/context/ausf_context_init.go b/internal/context/ausf_context_init.go index 9bbc099..575a04f 100644 --- a/internal/context/ausf_context_init.go +++ b/internal/context/ausf_context_init.go @@ -22,6 +22,7 @@ func InitAusfContext(context *AUSFContext) { context.NfId = uuid.New().String() context.GroupID = configuration.GroupId context.NrfUri = configuration.NrfUri + context.NrfCertPem = configuration.NrfCertPem context.UriScheme = models.UriScheme(configuration.Sbi.Scheme) // default uri scheme context.RegisterIPv4 = factory.AusfSbiDefaultIPv4 // default localhost context.SBIPort = factory.AusfSbiDefaultPort // default port diff --git a/internal/context/context.go b/internal/context/context.go index 07a21be..53c3b03 100644 --- a/internal/context/context.go +++ b/internal/context/context.go @@ -1,11 +1,13 @@ package context import ( + "context" "regexp" "sync" "github.com/free5gc/ausf/internal/logger" "github.com/free5gc/openapi/models" + "github.com/free5gc/openapi/oauth" ) type AUSFContext struct { @@ -19,11 +21,13 @@ type AUSFContext struct { Url string UriScheme models.UriScheme NrfUri string + NrfCertPem string NfService map[models.ServiceName]models.NfService PlmnList []models.PlmnId UdmUeauUrl string snRegex *regexp.Regexp EapAkaSupiImsiPrefix bool + OAuth2Required bool } type AusfUeContext struct { @@ -155,3 +159,13 @@ func GetSelf() *AUSFContext { func (a *AUSFContext) GetSelfID() string { return a.NfId } + +func (c *AUSFContext) GetTokenCtx(scope, targetNF string) ( + context.Context, *models.ProblemDetails, error, +) { + if !c.OAuth2Required { + return context.TODO(), nil, nil + } + return oauth.GetTokenCtx(models.NfType_AUSF, + c.NfId, c.NrfUri, scope, targetNF) +} diff --git a/internal/sbi/consumer/nf_discovery.go b/internal/sbi/consumer/nf_discovery.go index 59035ec..6278fde 100644 --- a/internal/sbi/consumer/nf_discovery.go +++ b/internal/sbi/consumer/nf_discovery.go @@ -1,10 +1,10 @@ package consumer import ( - "context" "fmt" "net/http" + ausf_context "github.com/free5gc/ausf/internal/context" "github.com/free5gc/ausf/internal/logger" "github.com/free5gc/openapi/Nnrf_NFDiscovery" "github.com/free5gc/openapi/models" @@ -13,11 +13,16 @@ import ( func SendSearchNFInstances(nrfUri string, targetNfType, requestNfType models.NfType, param Nnrf_NFDiscovery.SearchNFInstancesParamOpts, ) (*models.SearchResult, error) { + ctx, _, err := ausf_context.GetSelf().GetTokenCtx("nnrf-disc", "NRF") + if err != nil { + return nil, err + } + configuration := Nnrf_NFDiscovery.NewConfiguration() configuration.SetBasePath(nrfUri) client := Nnrf_NFDiscovery.NewAPIClient(configuration) - result, rsp, rspErr := client.NFInstancesStoreApi.SearchNFInstances(context.TODO(), + result, rsp, rspErr := client.NFInstancesStoreApi.SearchNFInstances(ctx, targetNfType, requestNfType, ¶m) if rspErr != nil { return nil, fmt.Errorf("NFInstancesStoreApi Response error: %+w", rspErr) diff --git a/internal/sbi/consumer/nf_management.go b/internal/sbi/consumer/nf_management.go index 4c4cc8e..3a156c4 100644 --- a/internal/sbi/consumer/nf_management.go +++ b/internal/sbi/consumer/nf_management.go @@ -33,8 +33,8 @@ func BuildNFInstance(ausfContext *ausf_context.AUSFContext) (profile models.NfPr return } -// func SendRegisterNFInstance(nrfUri, nfInstanceId string, profile models.NfProfile) (resouceNrfUri string, -// retrieveNfInstanceID string, err error) { +// func SendRegisterNFInstance(nrfUri, nfInstanceId string, profile models.NfProfile, +// ) (resouceNrfUri string,retrieveNfInstanceID string, err error) { func SendRegisterNFInstance(nrfUri, nfInstanceId string, profile models.NfProfile) (string, string, error) { configuration := Nnrf_NFManagement.NewConfiguration() configuration.SetBasePath(nrfUri) @@ -42,8 +42,8 @@ func SendRegisterNFInstance(nrfUri, nfInstanceId string, profile models.NfProfil var res *http.Response for { - if _, resTmp, err := client.NFInstanceIDDocumentApi.RegisterNFInstance(context.TODO(), nfInstanceId, - profile); err != nil || resTmp == nil { + nf, resTmp, err := client.NFInstanceIDDocumentApi.RegisterNFInstance(context.TODO(), nfInstanceId, profile) + if err != nil || resTmp == nil { logger.ConsumerLog.Errorf("AUSF register to NRF Error[%v]", err) time.Sleep(2 * time.Second) continue @@ -64,6 +64,20 @@ func SendRegisterNFInstance(nrfUri, nfInstanceId string, profile models.NfProfil resourceUri := res.Header.Get("Location") resourceNrfUri := resourceUri[:strings.Index(resourceUri, "/nnrf-nfm/")] retrieveNfInstanceID := resourceUri[strings.LastIndex(resourceUri, "/")+1:] + + oauth2 := false + if nf.CustomInfo != nil { + v, ok := nf.CustomInfo["oauth2"].(bool) + if ok { + oauth2 = v + logger.MainLog.Infoln("OAuth2 setting receive from NRF:", oauth2) + } + } + ausf_context.GetSelf().OAuth2Required = oauth2 + if oauth2 && ausf_context.GetSelf().NrfCertPem == "" { + logger.CfgLog.Error("OAuth2 enable but no nrfCertPem provided in config.") + } + return resourceNrfUri, retrieveNfInstanceID, nil } else { fmt.Println(fmt.Errorf("handler returned wrong status code %d", status)) @@ -76,13 +90,18 @@ func SendRegisterNFInstance(nrfUri, nfInstanceId string, profile models.NfProfil func SendDeregisterNFInstance() (*models.ProblemDetails, error) { logger.ConsumerLog.Infof("Send Deregister NFInstance") + ctx, pd, err := ausf_context.GetSelf().GetTokenCtx("nnrf-nfm", "NRF") + if err != nil { + return pd, err + } + ausfSelf := ausf_context.GetSelf() // Set client and set url configuration := Nnrf_NFManagement.NewConfiguration() configuration.SetBasePath(ausfSelf.NrfUri) client := Nnrf_NFManagement.NewAPIClient(configuration) - res, err := client.NFInstanceIDDocumentApi.DeregisterNFInstance(context.Background(), ausfSelf.NfId) + res, err := client.NFInstanceIDDocumentApi.DeregisterNFInstance(ctx, ausfSelf.NfId) if err == nil { return nil, err } else if res != nil { diff --git a/internal/sbi/producer/functions.go b/internal/sbi/producer/functions.go index 393fd82..2999659 100644 --- a/internal/sbi/producer/functions.go +++ b/internal/sbi/producer/functions.go @@ -135,7 +135,7 @@ func EapEncodeAttribute(attributeType string, data string) (string, error) { } // func eapAkaPrimePrf(ikPrime string, ckPrime string, identity string) (K_encr string, K_aut string, K_re string, -// MSK string, EMSK string) { +// MSK string, EMSK string) { func eapAkaPrimePrf(ikPrime string, ckPrime string, identity string) ([]byte, []byte, []byte, []byte, []byte) { keyAp := ikPrime + ckPrime diff --git a/internal/sbi/producer/ue_authentication.go b/internal/sbi/producer/ue_authentication.go index fae4e69..0fbf190 100644 --- a/internal/sbi/producer/ue_authentication.go +++ b/internal/sbi/producer/ue_authentication.go @@ -81,8 +81,8 @@ func HandleUeAuthPostRequest(request *httpwrapper.Request) *httpwrapper.Response return httpwrapper.NewResponse(http.StatusForbidden, nil, problemDetails) } -// func UeAuthPostRequestProcedure(updateAuthenticationInfo models.AuthenticationInfo) ( -// response *models.UeAuthenticationCtx, locationURI string, problemDetails *models.ProblemDetails) { +// func UeAuthPostRequestProcedure(updateAuthenticationInfo models.AuthenticationInfo, +// ) (response *models.UeAuthenticationCtx, locationURI string, problemDetails *models.ProblemDetails) { func UeAuthPostRequestProcedure(updateAuthenticationInfo models.AuthenticationInfo) (*models.UeAuthenticationCtx, string, *models.ProblemDetails, ) { diff --git a/pkg/factory/config.go b/pkg/factory/config.go index a24ef32..2545100 100644 --- a/pkg/factory/config.go +++ b/pkg/factory/config.go @@ -57,6 +57,7 @@ type Configuration struct { Sbi *Sbi `yaml:"sbi,omitempty" valid:"required"` ServiceNameList []string `yaml:"serviceNameList,omitempty" valid:"required"` NrfUri string `yaml:"nrfUri,omitempty" valid:"url,required"` + NrfCertPem string `yaml:"nrfCertPem,omitempty" valid:"optional"` PlmnSupportList []models.PlmnId `yaml:"plmnSupportList,omitempty" valid:"required"` GroupId string `yaml:"groupId,omitempty" valid:"type(string),minstringlength(1)"` EapAkaSupiImsiPrefix bool `yaml:"eapAkaSupiImsiPrefix,omitempty" valid:"type(bool),optional"`