feat: vcwallet support for GNAP authorization (hyperledger-archives#3266

) Signed-off-by: Filip Burlacu <filip.burlacu@securekey.com>
afrancoc2000 · Jun 29, 2022 · 566dff8 · 566dff8
1 parent 82112d1
commit 566dff8
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 5 deletions.
diff --git a/pkg/controller/command/vcwallet/command.go b/pkg/controller/command/vcwallet/command.go
@@ -1023,7 +1023,8 @@ func prepareUnlockOptions(rqst *UnlockWalletRequest, conf *Config) ([]wallet.Unl
 	if rqst.WebKMSAuth != nil {
 		var webKMSHeader func(*http.Request) (*http.Header, error)
 
-		if rqst.WebKMSAuth.Capability != "" { // zcap ld signing
+		switch {
+		case rqst.WebKMSAuth.Capability != "": // zcap ld signing
 			if conf.WebKMSAuthzProvider == nil {
 				return nil, fmt.Errorf("authorization capability for WebKMS is not configured")
 			}
@@ -1034,9 +1035,15 @@ func prepareUnlockOptions(rqst *UnlockWalletRequest, conf *Config) ([]wallet.Unl
 			webKMSHeader = func(req *http.Request) (*http.Header, error) {
 				return signer.SignHeader(req, []byte(rqst.WebKMSAuth.Capability))
 			}
-		} else if rqst.WebKMSAuth.AuthToken != "" { // auth token
+		case rqst.WebKMSAuth.AuthToken != "": // auth token
 			webKMSHeader = func(req *http.Request) (*http.Header, error) {
-				req.Header.Set("authorization", fmt.Sprintf("Bearer %s", rqst.EDVUnlock.AuthToken))
+				req.Header.Set("authorization", fmt.Sprintf("Bearer %s", rqst.WebKMSAuth.AuthToken))
+
+				return &req.Header, nil
+			}
+		case rqst.WebKMSAuth.GNAPToken != "": // GNAP token
+			webKMSHeader = func(req *http.Request) (*http.Header, error) {
+				req.Header.Set("authorization", fmt.Sprintf("GNAP %s", rqst.WebKMSAuth.GNAPToken))
 
 				return &req.Header, nil
 			}
@@ -1054,7 +1061,8 @@ func prepareUnlockOptions(rqst *UnlockWalletRequest, conf *Config) ([]wallet.Unl
 	if rqst.EDVUnlock != nil {
 		var edvHeader func(*http.Request) (*http.Header, error)
 
-		if rqst.EDVUnlock.Capability != "" { // zcap ld signing
+		switch {
+		case rqst.EDVUnlock.Capability != "": // zcap ld signing
 			if conf.EdvAuthzProvider == nil {
 				return nil, fmt.Errorf("authorization capability for EDV is not configured")
 			}
@@ -1065,10 +1073,16 @@ func prepareUnlockOptions(rqst *UnlockWalletRequest, conf *Config) ([]wallet.Unl
 			edvHeader = func(req *http.Request) (*http.Header, error) {
 				return signer.SignHeader(req, []byte(rqst.EDVUnlock.Capability))
 			}
-		} else if rqst.EDVUnlock.AuthToken != "" { // auth token
+		case rqst.EDVUnlock.AuthToken != "": // auth token
 			edvHeader = func(req *http.Request) (*http.Header, error) {
 				req.Header.Set("authorization", fmt.Sprintf("Bearer %s", rqst.EDVUnlock.AuthToken))
 
+				return &req.Header, nil
+			}
+		case rqst.EDVUnlock.GNAPToken != "": // GNAP token
+			edvHeader = func(req *http.Request) (*http.Header, error) {
+				req.Header.Set("authorization", fmt.Sprintf("GNAP %s", rqst.EDVUnlock.GNAPToken))
+
 				return &req.Header, nil
 			}
 		}

diff --git a/pkg/controller/command/vcwallet/models.go b/pkg/controller/command/vcwallet/models.go
@@ -81,6 +81,10 @@ type UnlockAuth struct {
 	// Optional, only if required by wallet user (for webkms or edv).
 	AuthToken string `json:"authToken,omitempty"`
 
+	// Http header 'authorization' GNAP token to be used.
+	// Optional, only if required by wallet user (for webkms or edv).
+	GNAPToken string `json:"gnapToken,omitempty"`
+
 	// Capability if ZCAP sign header feature to be used for authorizing access.
 	// Optional, can be used only if ZCAP sign header feature is configured with command controller.
 	Capability string `json:"capability,omitempty"`