From 566dff81e2ab98c0e33ffa4cbcee1bb926857c4f Mon Sep 17 00:00:00 2001 From: Filip Burlacu Date: Wed, 29 Jun 2022 11:54:41 -0400 Subject: [PATCH] feat: vcwallet support for GNAP authorization (#3266) Signed-off-by: Filip Burlacu --- pkg/controller/command/vcwallet/command.go | 24 +++++++++++++++++----- pkg/controller/command/vcwallet/models.go | 4 ++++ 2 files changed, 23 insertions(+), 5 deletions(-) diff --git a/pkg/controller/command/vcwallet/command.go b/pkg/controller/command/vcwallet/command.go index 619e1a9ca..429dbf07a 100644 --- a/pkg/controller/command/vcwallet/command.go +++ b/pkg/controller/command/vcwallet/command.go @@ -1023,7 +1023,8 @@ func prepareUnlockOptions(rqst *UnlockWalletRequest, conf *Config) ([]wallet.Unl if rqst.WebKMSAuth != nil { var webKMSHeader func(*http.Request) (*http.Header, error) - if rqst.WebKMSAuth.Capability != "" { // zcap ld signing + switch { + case rqst.WebKMSAuth.Capability != "": // zcap ld signing if conf.WebKMSAuthzProvider == nil { return nil, fmt.Errorf("authorization capability for WebKMS is not configured") } @@ -1034,9 +1035,15 @@ func prepareUnlockOptions(rqst *UnlockWalletRequest, conf *Config) ([]wallet.Unl webKMSHeader = func(req *http.Request) (*http.Header, error) { return signer.SignHeader(req, []byte(rqst.WebKMSAuth.Capability)) } - } else if rqst.WebKMSAuth.AuthToken != "" { // auth token + case rqst.WebKMSAuth.AuthToken != "": // auth token webKMSHeader = func(req *http.Request) (*http.Header, error) { - req.Header.Set("authorization", fmt.Sprintf("Bearer %s", rqst.EDVUnlock.AuthToken)) + req.Header.Set("authorization", fmt.Sprintf("Bearer %s", rqst.WebKMSAuth.AuthToken)) + + return &req.Header, nil + } + case rqst.WebKMSAuth.GNAPToken != "": // GNAP token + webKMSHeader = func(req *http.Request) (*http.Header, error) { + req.Header.Set("authorization", fmt.Sprintf("GNAP %s", rqst.WebKMSAuth.GNAPToken)) return &req.Header, nil } @@ -1054,7 +1061,8 @@ func prepareUnlockOptions(rqst *UnlockWalletRequest, conf *Config) ([]wallet.Unl if rqst.EDVUnlock != nil { var edvHeader func(*http.Request) (*http.Header, error) - if rqst.EDVUnlock.Capability != "" { // zcap ld signing + switch { + case rqst.EDVUnlock.Capability != "": // zcap ld signing if conf.EdvAuthzProvider == nil { return nil, fmt.Errorf("authorization capability for EDV is not configured") } @@ -1065,10 +1073,16 @@ func prepareUnlockOptions(rqst *UnlockWalletRequest, conf *Config) ([]wallet.Unl edvHeader = func(req *http.Request) (*http.Header, error) { return signer.SignHeader(req, []byte(rqst.EDVUnlock.Capability)) } - } else if rqst.EDVUnlock.AuthToken != "" { // auth token + case rqst.EDVUnlock.AuthToken != "": // auth token edvHeader = func(req *http.Request) (*http.Header, error) { req.Header.Set("authorization", fmt.Sprintf("Bearer %s", rqst.EDVUnlock.AuthToken)) + return &req.Header, nil + } + case rqst.EDVUnlock.GNAPToken != "": // GNAP token + edvHeader = func(req *http.Request) (*http.Header, error) { + req.Header.Set("authorization", fmt.Sprintf("GNAP %s", rqst.EDVUnlock.GNAPToken)) + return &req.Header, nil } } diff --git a/pkg/controller/command/vcwallet/models.go b/pkg/controller/command/vcwallet/models.go index e690270b0..030948d0b 100644 --- a/pkg/controller/command/vcwallet/models.go +++ b/pkg/controller/command/vcwallet/models.go @@ -81,6 +81,10 @@ type UnlockAuth struct { // Optional, only if required by wallet user (for webkms or edv). AuthToken string `json:"authToken,omitempty"` + // Http header 'authorization' GNAP token to be used. + // Optional, only if required by wallet user (for webkms or edv). + GNAPToken string `json:"gnapToken,omitempty"` + // Capability if ZCAP sign header feature to be used for authorizing access. // Optional, can be used only if ZCAP sign header feature is configured with command controller. Capability string `json:"capability,omitempty"`