From 395a7c398e3600360a7f4ce4f183cf4a7fb3d27c Mon Sep 17 00:00:00 2001 From: Kalpit Tiwari Date: Sun, 13 Aug 2023 21:41:37 +0530 Subject: [PATCH 1/2] vcert/v4/pkg: Expose API for refreshing the access token --- client.go | 1 + 1 file changed, 1 insertion(+) diff --git a/client.go b/client.go index d39a6985..d94b0be6 100644 --- a/client.go +++ b/client.go @@ -121,5 +121,6 @@ func getNewClientArguments(args []interface{}) (*newClientArgs, error) { // The returned connector will be authenticated by default, but it's possible to pass a bool argument to indicate if it's // desired to get the connector authenticated already or not. func NewClient(cfg *Config, args ...interface{}) (endpoint.Connector, error) { + // temp comment return cfg.newClient(args) } From 8a3adb139ecc0c2d7741411104f9b4c1d11c6f1e Mon Sep 17 00:00:00 2001 From: Kalpit Tiwari Date: Sun, 13 Aug 2023 21:41:37 +0530 Subject: [PATCH 2/2] vcert/v4/pkg: Expose API for refreshing the access token RefreshAccessToken() api is not exposed in Connector interface at the moment. Adding the same by introducing a wrapper over RefreshAccessToken() which returns an interface instead of tpp specific struct. Other possible approach can be - moving out the struct OauthRefreshAccessTokenResponse to endpoint.go file and add RefreshAccessToken() to Connector interface. But the stuct is TPP specific so placing it in endpoint pkg does not look right therefor going with current approac --- client.go | 1 - pkg/endpoint/endpoint.go | 7 +++++++ pkg/venafi/cloud/connector.go | 5 +++++ pkg/venafi/fake/connector.go | 5 +++++ pkg/venafi/firefly/connector.go | 5 +++++ pkg/venafi/tpp/connector.go | 21 +++++++++++++++++++++ 6 files changed, 43 insertions(+), 1 deletion(-) diff --git a/client.go b/client.go index d94b0be6..d39a6985 100644 --- a/client.go +++ b/client.go @@ -121,6 +121,5 @@ func getNewClientArguments(args []interface{}) (*newClientArgs, error) { // The returned connector will be authenticated by default, but it's possible to pass a bool argument to indicate if it's // desired to get the connector authenticated already or not. func NewClient(cfg *Config, args ...interface{}) (endpoint.Connector, error) { - // temp comment return cfg.newClient(args) } diff --git a/pkg/endpoint/endpoint.go b/pkg/endpoint/endpoint.go index d0976c07..fb0acd75 100644 --- a/pkg/endpoint/endpoint.go +++ b/pkg/endpoint/endpoint.go @@ -133,6 +133,13 @@ type Connector interface { RetrieveCertificateMetaData(dn string) (*certificate.CertificateMetaData, error) RetrieveSystemVersion() (string, error) WriteLog(req *LogRequest) error + RefreshAccessTokenValidity(auth *Authentication) (RefreshTokenResponse, error) +} + +// RefreshTokenResponse provides the information of refreshed token +type RefreshTokenResponse interface { + GetRefreshedAccessTokenInfo() (string, int) + GetRefreshTokenInfo() (string, int) } type Filter struct { diff --git a/pkg/venafi/cloud/connector.go b/pkg/venafi/cloud/connector.go index 79bd6080..b21c9ba4 100644 --- a/pkg/venafi/cloud/connector.go +++ b/pkg/venafi/cloud/connector.go @@ -1889,3 +1889,8 @@ func getCertificateAuthorityInfoFromCloud(caName, caAccountId, caProductOptionId return &info, nil } + +// RefreshAccessTokenValidity is a wrapper over RefreshAccessToken which refreshes OAuth access token +func (c *Connector) RefreshAccessTokenValidity(auth *endpoint.Authentication) (endpoint.RefreshTokenResponse, error) { + return nil, fmt.Errorf("RefreshAccessTokenValidity is not implemented for venafi cloud") +} diff --git a/pkg/venafi/fake/connector.go b/pkg/venafi/fake/connector.go index a592feeb..e5e36570 100644 --- a/pkg/venafi/fake/connector.go +++ b/pkg/venafi/fake/connector.go @@ -412,3 +412,8 @@ func (c *Connector) ListCertificates(filter endpoint.Filter) ([]certificate.Cert func (c *Connector) WriteLog(logReq *endpoint.LogRequest) (err error) { return fmt.Errorf("Logging is not supported in -test-mode") } + +// RefreshAccessTokenValidity is a wrapper over RefreshAccessToken which refreshes OAuth access token +func (c *Connector) RefreshAccessTokenValidity(auth *endpoint.Authentication) (endpoint.RefreshTokenResponse, error) { + return nil, fmt.Errorf("RefreshAccessTokenValidity is not implemented for fake") +} diff --git a/pkg/venafi/firefly/connector.go b/pkg/venafi/firefly/connector.go index 5df0fd74..2f703931 100644 --- a/pkg/venafi/firefly/connector.go +++ b/pkg/venafi/firefly/connector.go @@ -392,3 +392,8 @@ func (c *Connector) RetrieveCertificateMetaData(_ string) (*certificate.Certific func (c *Connector) RetireCertificate(_ *certificate.RetireRequest) error { panic("operation is not supported yet") } + +// RefreshAccessTokenValidity is a wrapper over RefreshAccessToken which refreshes OAuth access token +func (c *Connector) RefreshAccessTokenValidity(auth *endpoint.Authentication) (endpoint.RefreshTokenResponse, error) { + return nil, fmt.Errorf("RefreshAccessTokenValidity is not implemented for fake") +} diff --git a/pkg/venafi/tpp/connector.go b/pkg/venafi/tpp/connector.go index 7073953c..243c5846 100644 --- a/pkg/venafi/tpp/connector.go +++ b/pkg/venafi/tpp/connector.go @@ -238,6 +238,27 @@ func (c *Connector) RefreshAccessToken(auth *endpoint.Authentication) (resp Oaut } } +// RefreshAccessTokenValidity is a wrapper over RefreshAccessToken which refreshes OAuth access token +func (c *Connector) RefreshAccessTokenValidity(auth *endpoint.Authentication) (endpoint.RefreshTokenResponse, error) { + var resp endpoint.RefreshTokenResponse + var err error + resp, err = c.RefreshAccessToken(auth) + if err != nil { + return nil, err + } + return resp, nil +} + +// GetRefreshedAccessTokenInfo returns refreshed access token and its validity +func (o OauthRefreshAccessTokenResponse) GetRefreshedAccessTokenInfo() (string, int) { + return o.Access_token, o.Expires +} + +// GetRefreshTokenInfo returns refresh token and its validity +func (o OauthRefreshAccessTokenResponse) GetRefreshTokenInfo() (string, int) { + return o.Refresh_token, o.Refresh_until +} + // VerifyAccessToken - call to check whether token is valid and, if so, return its properties func (c *Connector) VerifyAccessToken(auth *endpoint.Authentication) (resp OauthVerifyTokenResponse, err error) {