diff --git a/go.mod b/go.mod index 28a04386..ea762841 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.25.5 require ( github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d github.com/free5gc/openapi v1.2.3 - github.com/free5gc/util v1.3.1 + github.com/free5gc/util v1.3.2-0.20260107090449-c09baaf75b11 github.com/gin-gonic/gin v1.10.0 github.com/google/uuid v1.3.0 github.com/h2non/gock v1.2.0 diff --git a/go.sum b/go.sum index 3a06cb8f..a602c1b0 100644 --- a/go.sum +++ b/go.sum @@ -27,8 +27,8 @@ github.com/free5gc/ngap v1.1.2 h1:AA+s9+eaE8fSTnmBbh1xiD3VPaszonCd7AQJGKX5PHM= github.com/free5gc/ngap v1.1.2/go.mod h1:4HYtB+msoTBc3cEPlSr4ZUUHn3BFZhdPuVASERMzVeI= github.com/free5gc/openapi v1.2.3 h1:w4TmYBR8TUE4ZgKo7eiMZbyZPURSBFlMWiFeX+OsiA8= github.com/free5gc/openapi v1.2.3/go.mod h1:fLvaBtUZrvrzkKrmn5Aza+JNbpWnp3kxKixu6kLSD3k= -github.com/free5gc/util v1.3.1 h1:5j5Exvp42Ow3zNP2aaAp68MSne6BcaCF4/cekXYUS6w= -github.com/free5gc/util v1.3.1/go.mod h1:qsv/ez8YhI+pO8bjNiZWXc2xmRE3XuEIa0EDTCPkSy0= +github.com/free5gc/util v1.3.2-0.20260107090449-c09baaf75b11 h1:/UZetXmPa5T/TKKxqU3Osw9x3+nIuACTXJxOU+gYGTU= +github.com/free5gc/util v1.3.2-0.20260107090449-c09baaf75b11/go.mod h1:qsv/ez8YhI+pO8bjNiZWXc2xmRE3XuEIa0EDTCPkSy0= github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0= github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk= github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE= diff --git a/internal/sbi/api_ueauthentication.go b/internal/sbi/api_ueauthentication.go index f58795a4..17f0e152 100644 --- a/internal/sbi/api_ueauthentication.go +++ b/internal/sbi/api_ueauthentication.go @@ -9,6 +9,7 @@ import ( "github.com/free5gc/openapi/models" "github.com/free5gc/udm/internal/logger" "github.com/free5gc/util/metrics/sbi" + "github.com/free5gc/util/validator" ) func (s *Server) getUEAuthenticationRoutes() []Route { @@ -25,6 +26,22 @@ func (s *Server) getUEAuthenticationRoutes() []Route { // ConfirmAuth - Create a new confirmation event func (s *Server) HandleConfirmAuth(c *gin.Context) { var authEvent models.AuthEvent + // TS 29.503 6.3.6.2.3 + // Validate SUPI format + supi := c.Params.ByName("supi") + if !validator.IsValidSupi(supi) { + problemDetail := models.ProblemDetails{ + Title: "Malformed request syntax", + Status: http.StatusBadRequest, + Detail: "Supi is invalid", + Cause: "MANDATORY_IE_INCORRECT", + } + logger.UeauLog.Warnln("Supi is invalid") + c.Set(sbi.IN_PB_DETAILS_CTX_STR, http.StatusText(int(problemDetail.Status))) + c.JSON(int(problemDetail.Status), problemDetail) + return + } + requestBody, err := c.GetRawData() if err != nil { problemDetail := models.ProblemDetails{ @@ -53,7 +70,30 @@ func (s *Server) HandleConfirmAuth(c *gin.Context) { return } - supi := c.Params.ByName("supi") + // TS 29.503 6.3.6.2.7 requirements check + missingIE := "" + if authEvent.NfInstanceId == "" { + missingIE = "nfInstanceId" + } else if authEvent.TimeStamp == nil { + missingIE = "timestamp" + } else if authEvent.AuthType == "" { + missingIE = "authtype" + } else if authEvent.ServingNetworkName == "" { + missingIE = "servingNetworkName" + } + + if missingIE != "" { + problemDetail := models.ProblemDetails{ + Title: "Missing or invalid parameter", + Status: http.StatusBadRequest, + Detail: "Mandatory IE " + missingIE + " is missing or invalid", + Cause: "MANDATORY_IE_MISSING", + } + logger.UeauLog.Warnln("Mandatory IE " + missingIE + "is missing or invalid") + c.Set(sbi.IN_PB_DETAILS_CTX_STR, http.StatusText(int(problemDetail.Status))) + c.JSON(int(problemDetail.Status), problemDetail) + return + } logger.UeauLog.Infoln("Handle ConfirmAuthDataRequest") @@ -63,6 +103,21 @@ func (s *Server) HandleConfirmAuth(c *gin.Context) { // GenerateAuthData - Generate authentication data for the UE func (s *Server) HandleGenerateAuthData(c *gin.Context) { var authInfoReq models.AuthenticationInfoRequest + // TS 29.503 6.3.3.2.2 + // Validate SUPI or SUCI format + supiOrSuci := c.Param("supiOrSuci") + if !validator.IsValidSupi(supiOrSuci) && !validator.IsValidSuci(supiOrSuci) { + problemDetail := models.ProblemDetails{ + Title: "Malformed request syntax", + Status: http.StatusBadRequest, + Detail: "Supi or Suci is invalid", + Cause: "MANDATORY_IE_INCORRECT", + } + logger.UeauLog.Warnln("Supi or Suci is invalid") + c.Set(sbi.IN_PB_DETAILS_CTX_STR, http.StatusText(int(problemDetail.Status))) + c.JSON(int(problemDetail.Status), problemDetail) + return + } requestBody, err := c.GetRawData() if err != nil { @@ -92,9 +147,28 @@ func (s *Server) HandleGenerateAuthData(c *gin.Context) { return } - logger.UeauLog.Infoln("Handle GenerateAuthDataRequest") + // TS 29.503 6.3.6.2.2 requirements check + missingIE := "" + if authInfoReq.ServingNetworkName == "" { + missingIE = "servingNetworkName" + } else if authInfoReq.AusfInstanceId == "" { + missingIE = "ausfInstanceId" + } - supiOrSuci := c.Param("supiOrSuci") + if missingIE != "" { + problemDetail := models.ProblemDetails{ + Title: "Missing or invalid parameter", + Status: http.StatusBadRequest, + Detail: "Mandatory IE " + missingIE + " is missing or invalid", + Cause: "MANDATORY_IE_MISSING", + } + logger.UeauLog.Warnln("Mandatory IE " + missingIE + "is missing or invalid") + c.Set(sbi.IN_PB_DETAILS_CTX_STR, http.StatusText(int(problemDetail.Status))) + c.JSON(int(problemDetail.Status), problemDetail) + return + } + + logger.UeauLog.Infoln("Handle GenerateAuthDataRequest") s.Processor().GenerateAuthDataProcedure(c, authInfoReq, supiOrSuci) }