forked from vmware-archive/atc
-
Notifications
You must be signed in to change notification settings - Fork 0
/
provider.go
95 lines (79 loc) · 1.99 KB
/
provider.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
package uaa
import (
"crypto/tls"
"crypto/x509"
"errors"
"net/http"
"code.cloudfoundry.org/lager"
"github.com/concourse/atc/auth/verifier"
"github.com/concourse/atc/db"
"golang.org/x/net/context"
"golang.org/x/oauth2"
)
const ProviderName = "uaa"
const DisplayName = "UAA"
var Scopes = []string{"cloud_controller.read"}
type Provider interface {
PreTokenClient() (*http.Client, error)
OAuthClient
Verifier
}
type OAuthClient interface {
AuthCodeURL(string, ...oauth2.AuthCodeOption) string
Exchange(context.Context, string) (*oauth2.Token, error)
Client(context.Context, *oauth2.Token) *http.Client
}
type Verifier interface {
Verify(lager.Logger, *http.Client) (bool, error)
}
func NewProvider(
uaaAuth *db.UAAAuth,
redirectURL string,
) Provider {
endpoint := oauth2.Endpoint{}
if uaaAuth.AuthURL != "" && uaaAuth.TokenURL != "" {
endpoint.AuthURL = uaaAuth.AuthURL
endpoint.TokenURL = uaaAuth.TokenURL
}
return uaaProvider{
Verifier: SpaceVerifier{
spaceGUIDs: uaaAuth.CFSpaces,
cfAPIURL: uaaAuth.CFURL,
},
Config: &oauth2.Config{
ClientID: uaaAuth.ClientID,
ClientSecret: uaaAuth.ClientSecret,
Endpoint: endpoint,
Scopes: Scopes,
RedirectURL: redirectURL,
},
CFCACert: uaaAuth.CFCACert,
}
}
type uaaProvider struct {
*oauth2.Config
// oauth2.Config implements the required Provider methods:
// AuthCodeURL(string, ...oauth2.AuthCodeOption) string
// Exchange(context.Context, string) (*oauth2.Token, error)
// Client(context.Context, *oauth2.Token) *http.Client
verifier.Verifier
CFCACert string
}
func (p uaaProvider) PreTokenClient() (*http.Client, error) {
transport := &http.Transport{
DisableKeepAlives: true,
}
if p.CFCACert != "" {
caCertPool := x509.NewCertPool()
ok := caCertPool.AppendCertsFromPEM([]byte(p.CFCACert))
if !ok {
return nil, errors.New("failed to use cf certificate")
}
transport.TLSClientConfig = &tls.Config{
RootCAs: caCertPool,
}
}
return &http.Client{
Transport: transport,
}, nil
}