Skip to content

Commit 7a02144

Browse files
author
hoguni
committed
fix tlsContext and logging
1 parent 3c4a4c2 commit 7a02144

1 file changed

Lines changed: 25 additions & 28 deletions

File tree

lib/auth/AuthOauth2.cc

Lines changed: 25 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -243,21 +243,24 @@ static std::string getWellKnownUrl(const std::string& issuerUrl) {
243243

244244
static std::unique_ptr<CurlWrapper::TlsContext> createTlsContext(const std::string& tlsTrustCertsFilePath,
245245
const std::string& tlsCertFilePath,
246-
const std::string& tlsKeyFilePath,
247-
OAuth2TokenEndpointAuthMethod authMethod) {
248-
if (tlsTrustCertsFilePath.empty() && tlsCertFilePath.empty() && tlsKeyFilePath.empty()) {
246+
const std::string& tlsKeyFilePath) {
247+
const bool hasTrustCerts = !tlsTrustCertsFilePath.empty();
248+
const bool hasClientCertPair = !tlsCertFilePath.empty() && !tlsKeyFilePath.empty();
249+
250+
if (!tlsCertFilePath.empty() != !tlsKeyFilePath.empty()) {
251+
LOG_WARN("Ignore incomplete mTLS settings: both tls_cert_file and tls_key_file are required");
252+
}
253+
if (!hasTrustCerts && !hasClientCertPair) {
249254
return nullptr;
250255
}
251256

252257
auto tlsContext = std::unique_ptr<CurlWrapper::TlsContext>(new CurlWrapper::TlsContext);
253-
if (!tlsTrustCertsFilePath.empty()) {
258+
if (hasTrustCerts) {
254259
tlsContext->trustCertsFilePath = tlsTrustCertsFilePath;
255260
}
256-
if (!tlsCertFilePath.empty() && !tlsKeyFilePath.empty()) {
261+
if (hasClientCertPair) {
257262
tlsContext->certPath = tlsCertFilePath;
258263
tlsContext->keyPath = tlsKeyFilePath;
259-
} else if (authMethod == OAuth2TokenEndpointAuthMethod::TlsClientAuth) {
260-
LOG_WARN("Ignore incomplete mTLS settings: both tls_cert_file and tls_key_file are required");
261264
}
262265
return tlsContext;
263266
}
@@ -310,8 +313,7 @@ static std::string fetchTokenEndpoint(const std::string& issuerUrl,
310313
return "";
311314
}
312315

313-
static Oauth2TokenResultPtr fetchOauth2Token(const std::string& issuerUrl, const std::string& tokenEndpoint,
314-
const ParamMap& params,
316+
static Oauth2TokenResultPtr fetchOauth2Token(const std::string& tokenEndpoint, const ParamMap& params,
315317
const CurlWrapper::TlsContext* tlsContext,
316318
OAuth2TokenEndpointAuthMethod authMethod) {
317319
Oauth2TokenResultPtr resultPtr = Oauth2TokenResultPtr(new Oauth2TokenResult());
@@ -336,7 +338,7 @@ static Oauth2TokenResultPtr fetchOauth2Token(const std::string& issuerUrl, const
336338
auto result =
337339
curl.get(tokenEndpoint, "Content-Type: application/x-www-form-urlencoded", options, tlsContext);
338340
if (!result.error.empty()) {
339-
LOG_ERROR("Failed to get the well-known configuration " << issuerUrl << ": " << result.error);
341+
LOG_ERROR("Failed to fetch OAuth2 token from " << tokenEndpoint << ": " << result.error);
340342
return resultPtr;
341343
}
342344

@@ -347,17 +349,16 @@ static Oauth2TokenResultPtr fetchOauth2Token(const std::string& issuerUrl, const
347349

348350
switch (res) {
349351
case CURLE_OK:
350-
LOG_DEBUG("Response received for issuerurl " << issuerUrl << " code " << responseCode);
352+
LOG_DEBUG("Response received for token endpoint " << tokenEndpoint << " code " << responseCode);
351353
if (responseCode == 200) {
352354
boost::property_tree::ptree root;
353355
std::stringstream stream;
354356
stream << responseData;
355357
try {
356358
boost::property_tree::read_json(stream, root);
357359
} catch (boost::property_tree::json_parser_error& e) {
358-
LOG_ERROR("Failed to parse json of Oauth2 response: "
359-
<< e.what() << "\nInput Json = " << responseData
360-
<< " passedin: " << options.postFields);
360+
LOG_ERROR("Failed to parse json of Oauth2 response: " << e.what() << "\nInput Json = "
361+
<< responseData);
361362
break;
362363
}
363364

@@ -374,13 +375,13 @@ static Oauth2TokenResultPtr fetchOauth2Token(const std::string& issuerUrl, const
374375
LOG_ERROR("Response doesn't contain access_token, the response is: " << responseData);
375376
}
376377
} else {
377-
LOG_ERROR("Response failed for issuerurl " << issuerUrl << ". response Code " << responseCode
378-
<< " passedin: " << options.postFields);
378+
LOG_ERROR("Response failed for token endpoint " << tokenEndpoint << ". response Code "
379+
<< responseCode);
379380
}
380381
break;
381382
default:
382-
LOG_ERROR("Response failed for issuerurl " << issuerUrl << ". ErrorCode " << res << ": "
383-
<< errorBuffer << " passedin: " << options.postFields);
383+
LOG_ERROR("Response failed for token endpoint " << tokenEndpoint << ". ErrorCode " << res << ": "
384+
<< errorBuffer);
384385
break;
385386
}
386387

@@ -406,8 +407,7 @@ void ClientCredentialFlow::initialize() {
406407
return;
407408
}
408409

409-
const auto tlsContext = createTlsContext(tlsTrustCertsFilePath_, tlsCertFilePath_, tlsKeyFilePath_,
410-
OAuth2TokenEndpointAuthMethod::ClientSecretPost);
410+
const auto tlsContext = createTlsContext(tlsTrustCertsFilePath_, tlsCertFilePath_, tlsKeyFilePath_);
411411
this->tokenEndPoint_ = fetchTokenEndpoint(issuerUrl_, tlsContext.get());
412412
if (!this->tokenEndPoint_.empty()) {
413413
LOG_DEBUG("Get token endpoint: " << this->tokenEndPoint_);
@@ -464,9 +464,8 @@ static std::string buildClientCredentialsBody(CurlWrapper& curl, const ParamMap&
464464
Oauth2TokenResultPtr ClientCredentialFlow::authenticate() {
465465
std::call_once(initializeOnce_, &ClientCredentialFlow::initialize, this);
466466
const auto params = generateParamMap();
467-
const auto tlsContext = createTlsContext(tlsTrustCertsFilePath_, tlsCertFilePath_, tlsKeyFilePath_,
468-
OAuth2TokenEndpointAuthMethod::ClientSecretPost);
469-
return fetchOauth2Token(issuerUrl_, tokenEndPoint_, params, tlsContext.get(),
467+
const auto tlsContext = createTlsContext(tlsTrustCertsFilePath_, tlsCertFilePath_, tlsKeyFilePath_);
468+
return fetchOauth2Token(tokenEndPoint_, params, tlsContext.get(),
470469
OAuth2TokenEndpointAuthMethod::ClientSecretPost);
471470
}
472471

@@ -490,8 +489,7 @@ void TlsClientAuthFlow::initialize() {
490489
return;
491490
}
492491

493-
const auto tlsContext = createTlsContext(tlsTrustCertsFilePath_, tlsCertFilePath_, tlsKeyFilePath_,
494-
OAuth2TokenEndpointAuthMethod::TlsClientAuth);
492+
const auto tlsContext = createTlsContext(tlsTrustCertsFilePath_, tlsCertFilePath_, tlsKeyFilePath_);
495493
if (!tlsContext || tlsContext->certPath.empty() || tlsContext->keyPath.empty()) {
496494
LOG_ERROR("Failed to initialize TlsClientAuthFlow: tls_cert_file or tls_key_file is not set");
497495
return;
@@ -519,13 +517,12 @@ ParamMap TlsClientAuthFlow::generateParamMap() const {
519517
Oauth2TokenResultPtr TlsClientAuthFlow::authenticate() {
520518
std::call_once(initializeOnce_, &TlsClientAuthFlow::initialize, this);
521519
const auto params = generateParamMap();
522-
const auto tlsContext = createTlsContext(tlsTrustCertsFilePath_, tlsCertFilePath_, tlsKeyFilePath_,
523-
OAuth2TokenEndpointAuthMethod::TlsClientAuth);
520+
const auto tlsContext = createTlsContext(tlsTrustCertsFilePath_, tlsCertFilePath_, tlsKeyFilePath_);
524521
if (!tlsContext || tlsContext->certPath.empty() || tlsContext->keyPath.empty()) {
525522
Oauth2TokenResultPtr resultPtr = Oauth2TokenResultPtr(new Oauth2TokenResult());
526523
return resultPtr;
527524
}
528-
return fetchOauth2Token(issuerUrl_, tokenEndPoint_, params, tlsContext.get(),
525+
return fetchOauth2Token(tokenEndPoint_, params, tlsContext.get(),
529526
OAuth2TokenEndpointAuthMethod::TlsClientAuth);
530527
}
531528

0 commit comments

Comments
 (0)