|
|
@ -1,5 +1,5 @@
|
|
|
|
/*
|
|
|
|
/*
|
|
|
|
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
|
|
|
* Copyright (c) 2016-2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
|
|
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
|
|
|
* Version 2.0 (the "License"); you may not use this file except
|
|
|
|
* Version 2.0 (the "License"); you may not use this file except
|
|
|
@ -33,7 +33,6 @@ import org.apache.http.conn.ssl.SSLContextBuilder;
|
|
|
|
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
|
|
|
|
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
|
|
|
|
import org.apache.http.impl.client.HttpClients;
|
|
|
|
import org.apache.http.impl.client.HttpClients;
|
|
|
|
import org.apache.http.util.EntityUtils;
|
|
|
|
import org.apache.http.util.EntityUtils;
|
|
|
|
import org.apache.solr.common.util.Hash;
|
|
|
|
|
|
|
|
import org.wso2.carbon.base.MultitenantConstants;
|
|
|
|
import org.wso2.carbon.base.MultitenantConstants;
|
|
|
|
import org.wso2.carbon.context.PrivilegedCarbonContext;
|
|
|
|
import org.wso2.carbon.context.PrivilegedCarbonContext;
|
|
|
|
import org.wso2.carbon.core.util.KeyStoreManager;
|
|
|
|
import org.wso2.carbon.core.util.KeyStoreManager;
|
|
|
@ -49,14 +48,22 @@ import org.wso2.carbon.registry.core.service.RegistryService;
|
|
|
|
import org.wso2.carbon.registry.core.service.TenantRegistryLoader;
|
|
|
|
import org.wso2.carbon.registry.core.service.TenantRegistryLoader;
|
|
|
|
import org.wso2.carbon.utils.CarbonUtils;
|
|
|
|
import org.wso2.carbon.utils.CarbonUtils;
|
|
|
|
|
|
|
|
|
|
|
|
import java.io.*;
|
|
|
|
import java.io.BufferedReader;
|
|
|
|
|
|
|
|
import java.io.File;
|
|
|
|
|
|
|
|
import java.io.IOException;
|
|
|
|
|
|
|
|
import java.io.InputStream;
|
|
|
|
|
|
|
|
import java.io.InputStreamReader;
|
|
|
|
import java.net.URI;
|
|
|
|
import java.net.URI;
|
|
|
|
import java.net.URL;
|
|
|
|
import java.net.URL;
|
|
|
|
import java.security.*;
|
|
|
|
import java.security.KeyManagementException;
|
|
|
|
|
|
|
|
import java.security.KeyStore;
|
|
|
|
|
|
|
|
import java.security.KeyStoreException;
|
|
|
|
|
|
|
|
import java.security.NoSuchAlgorithmException;
|
|
|
|
|
|
|
|
import java.security.SecureRandom;
|
|
|
|
|
|
|
|
import java.security.UnrecoverableKeyException;
|
|
|
|
import java.security.cert.CertificateException;
|
|
|
|
import java.security.cert.CertificateException;
|
|
|
|
import java.security.interfaces.RSAPrivateKey;
|
|
|
|
import java.security.interfaces.RSAPrivateKey;
|
|
|
|
import java.util.Date;
|
|
|
|
import java.util.Date;
|
|
|
|
import java.util.HashMap;
|
|
|
|
|
|
|
|
import java.util.List;
|
|
|
|
import java.util.List;
|
|
|
|
import java.util.Map;
|
|
|
|
import java.util.Map;
|
|
|
|
import java.util.Properties;
|
|
|
|
import java.util.Properties;
|
|
|
@ -200,15 +207,14 @@ public class JWTClientUtil {
|
|
|
|
tenantRegistryLoader.loadTenantRegistry(tenantId);
|
|
|
|
tenantRegistryLoader.loadTenantRegistry(tenantId);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public static String generateSignedJWTAssertion(String username, JWTConfig jwtConfig, boolean isDefaultJWTClient)
|
|
|
|
public static String generateSignedJWTAssertion(String username, JWTConfig jwtConfig, boolean isDefaultJWTClient,
|
|
|
|
throws JWTClientException {
|
|
|
|
boolean isMultiTenantMode) throws JWTClientException {
|
|
|
|
return generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient, null);
|
|
|
|
return generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient, null, isMultiTenantMode);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public static String generateSignedJWTAssertion(String username, JWTConfig jwtConfig, boolean isDefaultJWTClient,
|
|
|
|
public static String generateSignedJWTAssertion(String username, JWTConfig jwtConfig, boolean isDefaultJWTClient,
|
|
|
|
Map<String, String> customClaims) throws JWTClientException {
|
|
|
|
Map<String, String> customClaims, boolean isMultiTenantMode) throws JWTClientException {
|
|
|
|
try {
|
|
|
|
try {
|
|
|
|
String subject = username;
|
|
|
|
|
|
|
|
long currentTimeMillis = System.currentTimeMillis();
|
|
|
|
long currentTimeMillis = System.currentTimeMillis();
|
|
|
|
// add the skew between servers
|
|
|
|
// add the skew between servers
|
|
|
|
String iss = jwtConfig.getIssuer();
|
|
|
|
String iss = jwtConfig.getIssuer();
|
|
|
@ -246,26 +252,23 @@ public class JWTClientUtil {
|
|
|
|
String privateKeyAlias = jwtConfig.getPrivateKeyAlias();
|
|
|
|
String privateKeyAlias = jwtConfig.getPrivateKeyAlias();
|
|
|
|
String privateKeyPassword = jwtConfig.getPrivateKeyPassword();
|
|
|
|
String privateKeyPassword = jwtConfig.getPrivateKeyPassword();
|
|
|
|
KeyStore keyStore;
|
|
|
|
KeyStore keyStore;
|
|
|
|
RSAPrivateKey rsaPrivateKey = null;
|
|
|
|
RSAPrivateKey rsaPrivateKey;
|
|
|
|
if (keyStorePath != null && !keyStorePath.isEmpty()) {
|
|
|
|
if (!isMultiTenantMode && (keyStorePath != null && !keyStorePath.isEmpty())) {
|
|
|
|
String keyStorePassword = jwtConfig.getKeyStorePassword();
|
|
|
|
String keyStorePassword = jwtConfig.getKeyStorePassword();
|
|
|
|
keyStore = loadKeyStore(new File(keyStorePath), keyStorePassword, "JKS");
|
|
|
|
keyStore = loadKeyStore(new File(keyStorePath), keyStorePassword, "JKS");
|
|
|
|
rsaPrivateKey = (RSAPrivateKey) keyStore.getKey(privateKeyAlias, privateKeyPassword.toCharArray());
|
|
|
|
rsaPrivateKey = (RSAPrivateKey) keyStore.getKey(privateKeyAlias, privateKeyPassword.toCharArray());
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(true);
|
|
|
|
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(true);
|
|
|
|
JWTClientUtil.loadTenantRegistry(tenantId);
|
|
|
|
JWTClientUtil.loadTenantRegistry(tenantId);
|
|
|
|
if (!(MultitenantConstants.SUPER_TENANT_ID == tenantId) && !isDefaultJWTClient) {
|
|
|
|
if (isMultiTenantMode || !(MultitenantConstants.SUPER_TENANT_ID == tenantId) && !isDefaultJWTClient) {
|
|
|
|
KeyStoreManager tenantKeyStoreManager = KeyStoreManager.getInstance(tenantId);
|
|
|
|
KeyStoreManager tenantKeyStoreManager = KeyStoreManager.getInstance(tenantId);
|
|
|
|
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(true);
|
|
|
|
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(true);
|
|
|
|
String ksName = tenantDomain.trim().replace('.', '-');
|
|
|
|
String ksName = tenantDomain.trim().replace('.', '-');
|
|
|
|
String jksName = ksName + ".jks";
|
|
|
|
String jksName = ksName + ".jks";
|
|
|
|
rsaPrivateKey = (RSAPrivateKey) tenantKeyStoreManager.getPrivateKey(jksName, tenantDomain);
|
|
|
|
rsaPrivateKey = (RSAPrivateKey) tenantKeyStoreManager.getPrivateKey(jksName, tenantDomain);
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
PrivilegedCarbonContext.startTenantFlow();
|
|
|
|
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID);
|
|
|
|
|
|
|
|
KeyStoreManager tenantKeyStoreManager = KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID);
|
|
|
|
KeyStoreManager tenantKeyStoreManager = KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID);
|
|
|
|
rsaPrivateKey = (RSAPrivateKey) tenantKeyStoreManager.getDefaultPrivateKey();
|
|
|
|
rsaPrivateKey = (RSAPrivateKey) tenantKeyStoreManager.getDefaultPrivateKey();
|
|
|
|
PrivilegedCarbonContext.endTenantFlow();
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
JWSSigner signer = new RSASSASigner(rsaPrivateKey);
|
|
|
|
JWSSigner signer = new RSASSASigner(rsaPrivateKey);
|
|
|
|