| #ifndef THIRD_PARTY_MILOTIC_EXTERNAL_CC_AUTHZ_OAUTH_UTILS_H_ |
| #define THIRD_PARTY_MILOTIC_EXTERNAL_CC_AUTHZ_OAUTH_UTILS_H_ |
| |
| #include <optional> |
| #include <string> |
| |
| #include "redfish_v1.pb.h" |
| #include "grpcpp/support/status.h" |
| #include "config_parser.h" |
| |
| namespace milotic::authz { |
| |
| // Generates the subject of the OAuth token for the given peer. |
| std::string GenerateOAuthSubject(const PeerSpiffeIdentity& peer); |
| |
| // Get the subject of the OAuth token from the given certificate path. Empty |
| // string will be returned on errors. |
| std::string GetSubject(const std::string& certificate_path); |
| |
| // Extracts the OAuth token from the Redfish request. |
| // Returns std::nullopt if the request doesn't contain an OAuth token. |
| std::optional<std::string> GetOAuthTokenFromRequest( |
| const ::redfish::v1::Request& request); |
| |
| // Verifies the OAuth token regarding signature, subject, audience, issuer, |
| // and expiration, if it's valid, extract the Redfish role from the scope claim. |
| grpc::Status VerifyAndExtractRoleFromToken(const std::string& token, |
| const std::string& public_key, |
| const std::string& expected_subject, |
| const std::string& expected_audience, |
| const std::string& expected_issuer, |
| std::string& redfish_role); |
| |
| } // namespace milotic::authz |
| |
| #endif // THIRD_PARTY_MILOTIC_EXTERNAL_CC_AUTHZ_OAUTH_UTILS_H_ |
