forked from community/device-mgt-core
Fix cross-tenant api subscription issue See merge request entgra/carbon-device-mgt!905feature/traccar-sync
commit
2a5630cfb7
@ -0,0 +1,60 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<project xmlns="http://maven.apache.org/POM/4.0.0"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||||
|
<parent>
|
||||||
|
<artifactId>apimgt-extensions</artifactId>
|
||||||
|
<groupId>org.wso2.carbon.devicemgt</groupId>
|
||||||
|
<version>5.0.11-SNAPSHOT</version>
|
||||||
|
</parent>
|
||||||
|
|
||||||
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
<artifactId>org.wso2.carbon.apimgt.keymgt.extension.api</artifactId>
|
||||||
|
<packaging>war</packaging>
|
||||||
|
<name>WSO2 Carbon - API Key Management API</name>
|
||||||
|
<description>This module extends the API manager's key management apis.</description>
|
||||||
|
<url>http://wso2.org</url>
|
||||||
|
|
||||||
|
<build>
|
||||||
|
<plugins>
|
||||||
|
<plugin>
|
||||||
|
<artifactId>maven-compiler-plugin</artifactId>
|
||||||
|
<configuration>
|
||||||
|
<source>1.8</source>
|
||||||
|
<target>1.8</target>
|
||||||
|
</configuration>
|
||||||
|
</plugin>
|
||||||
|
<plugin>
|
||||||
|
<artifactId>maven-war-plugin</artifactId>
|
||||||
|
<configuration>
|
||||||
|
<packagingExcludes>WEB-INF/lib/*cxf*.jar</packagingExcludes>
|
||||||
|
<warName>${project.artifactId}</warName>
|
||||||
|
</configuration>
|
||||||
|
</plugin>
|
||||||
|
</plugins>
|
||||||
|
</build>
|
||||||
|
|
||||||
|
<dependencies>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.springframework</groupId>
|
||||||
|
<artifactId>spring-web</artifactId>
|
||||||
|
<scope>provided</scope>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.apache.cxf</groupId>
|
||||||
|
<artifactId>cxf-bundle-jaxrs</artifactId>
|
||||||
|
<scope>provided</scope>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.codehaus.jackson</groupId>
|
||||||
|
<artifactId>jackson-jaxrs</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.wso2.carbon.devicemgt</groupId>
|
||||||
|
<artifactId>org.wso2.carbon.apimgt.keymgt.extension</artifactId>
|
||||||
|
<version>${carbon.device.mgt.version}</version>
|
||||||
|
<scope>provided</scope>
|
||||||
|
</dependency>
|
||||||
|
</dependencies>
|
||||||
|
|
||||||
|
</project>
|
@ -0,0 +1,90 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.apimgt.keymgt.extension.api;
|
||||||
|
|
||||||
|
import org.codehaus.jackson.annotate.JsonIgnoreProperties;
|
||||||
|
|
||||||
|
import javax.xml.bind.annotation.XmlElement;
|
||||||
|
import javax.xml.bind.annotation.XmlRootElement;
|
||||||
|
|
||||||
|
@XmlRootElement
|
||||||
|
|
||||||
|
@JsonIgnoreProperties(ignoreUnknown = true)
|
||||||
|
public class DCRRequest {
|
||||||
|
@XmlElement(required = true)
|
||||||
|
private String clientName;
|
||||||
|
@XmlElement(required = true)
|
||||||
|
private String owner;
|
||||||
|
@XmlElement(required = true)
|
||||||
|
private String grantTypes;
|
||||||
|
@XmlElement
|
||||||
|
private String callBackUrl;
|
||||||
|
@XmlElement(required = true)
|
||||||
|
private String[] tags;
|
||||||
|
@XmlElement
|
||||||
|
private boolean isSaasApp;
|
||||||
|
|
||||||
|
public String getClientName() {
|
||||||
|
return clientName;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setClientName(String clientName) {
|
||||||
|
this.clientName = clientName;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getOwner() {
|
||||||
|
return owner;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setOwner(String owner) {
|
||||||
|
this.owner = owner;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getGrantTypes() {
|
||||||
|
return grantTypes;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setGrantTypes(String grantTypes) {
|
||||||
|
this.grantTypes = grantTypes;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getCallBackUrl() {
|
||||||
|
return callBackUrl;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setCallBackUrl(String callBackUrl) {
|
||||||
|
this.callBackUrl = callBackUrl;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String[] getTags() {
|
||||||
|
return tags;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setTags(String[] tags) {
|
||||||
|
this.tags = tags;
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean getIsSaasApp() {
|
||||||
|
return isSaasApp;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setIsSaasApp(boolean saasApp) {
|
||||||
|
isSaasApp = saasApp;
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,46 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.apimgt.keymgt.extension.api;
|
||||||
|
|
||||||
|
import javax.ws.rs.Consumes;
|
||||||
|
import javax.ws.rs.FormParam;
|
||||||
|
import javax.ws.rs.POST;
|
||||||
|
import javax.ws.rs.Path;
|
||||||
|
import javax.ws.rs.Produces;
|
||||||
|
import javax.ws.rs.core.MediaType;
|
||||||
|
import javax.ws.rs.core.Response;
|
||||||
|
|
||||||
|
public interface KeyManagerService {
|
||||||
|
|
||||||
|
@POST
|
||||||
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
|
@Path("/dynamic-client-registration")
|
||||||
|
Response dynamicClientRegistration(DCRRequest request);
|
||||||
|
|
||||||
|
@POST
|
||||||
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
|
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
|
||||||
|
@Path("/token")
|
||||||
|
Response generateAccessToken(@FormParam("client_id") String clientId,
|
||||||
|
@FormParam("client_secret") String clientSecret,
|
||||||
|
@FormParam("refresh_token") String refreshToken,
|
||||||
|
@FormParam("scope") String scope,
|
||||||
|
@FormParam("grant_type") String grantType);
|
||||||
|
}
|
@ -0,0 +1,77 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.apimgt.keymgt.extension.api;
|
||||||
|
|
||||||
|
import org.apache.commons.logging.Log;
|
||||||
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
import org.wso2.carbon.apimgt.keymgt.extension.DCRResponse;
|
||||||
|
import org.wso2.carbon.apimgt.keymgt.extension.TokenRequest;
|
||||||
|
import org.wso2.carbon.apimgt.keymgt.extension.TokenResponse;
|
||||||
|
import org.wso2.carbon.apimgt.keymgt.extension.exception.BadRequestException;
|
||||||
|
import org.wso2.carbon.apimgt.keymgt.extension.exception.KeyMgtException;
|
||||||
|
import org.wso2.carbon.apimgt.keymgt.extension.service.KeyMgtService;
|
||||||
|
import org.wso2.carbon.apimgt.keymgt.extension.service.KeyMgtServiceImpl;
|
||||||
|
|
||||||
|
import javax.ws.rs.Consumes;
|
||||||
|
import javax.ws.rs.FormParam;
|
||||||
|
import javax.ws.rs.POST;
|
||||||
|
import javax.ws.rs.Path;
|
||||||
|
import javax.ws.rs.Produces;
|
||||||
|
import javax.ws.rs.core.MediaType;
|
||||||
|
import javax.ws.rs.core.Response;
|
||||||
|
|
||||||
|
public class KeyManagerServiceImpl implements KeyManagerService {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
@POST
|
||||||
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
|
@Consumes(MediaType.APPLICATION_JSON)
|
||||||
|
@Path("/dynamic-client-registration")
|
||||||
|
public Response dynamicClientRegistration(DCRRequest dcrRequest) {
|
||||||
|
try {
|
||||||
|
KeyMgtService keyMgtService = new KeyMgtServiceImpl();
|
||||||
|
DCRResponse resp = keyMgtService.dynamicClientRegistration(dcrRequest.getClientName(), dcrRequest.getOwner(),
|
||||||
|
dcrRequest.getGrantTypes(), dcrRequest.getCallBackUrl(), dcrRequest.getTags(), dcrRequest.getIsSaasApp());
|
||||||
|
return Response.status(Response.Status.CREATED).entity(resp).build();
|
||||||
|
} catch (KeyMgtException e) {
|
||||||
|
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@POST
|
||||||
|
@Produces(MediaType.APPLICATION_JSON)
|
||||||
|
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
|
||||||
|
@Path("/token")
|
||||||
|
public Response generateAccessToken(@FormParam("client_id") String clientId,
|
||||||
|
@FormParam("client_secret") String clientSecret,
|
||||||
|
@FormParam("refresh_token") String refreshToken,
|
||||||
|
@FormParam("scope") String scope,
|
||||||
|
@FormParam("grant_type") String grantType) {
|
||||||
|
try {
|
||||||
|
KeyMgtService keyMgtService = new KeyMgtServiceImpl();
|
||||||
|
TokenResponse resp = keyMgtService.generateAccessToken(
|
||||||
|
new TokenRequest(clientId, clientSecret, refreshToken, scope, grantType));
|
||||||
|
return Response.status(Response.Status.CREATED).entity(resp).build();
|
||||||
|
} catch (KeyMgtException e) {
|
||||||
|
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build();
|
||||||
|
} catch (BadRequestException e) {
|
||||||
|
return Response.status(Response.Status.BAD_REQUEST).entity(e.getMessage()).build();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,32 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!--
|
||||||
|
~ Copyright (c) 2019, Entgra (pvt) Ltd. (http://entgra.io) All Rights Reserved.
|
||||||
|
~
|
||||||
|
~ Entgra (pvt) Ltd. licenses this file to you under the Apache License,
|
||||||
|
~ Version 2.0 (the "License"); you may not use this file except
|
||||||
|
~ in compliance with the License.
|
||||||
|
~ You may obtain a copy of the License at
|
||||||
|
~
|
||||||
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
~
|
||||||
|
~ Unless required by applicable law or agreed to in writing,
|
||||||
|
~ software distributed under the License is distributed on an
|
||||||
|
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
~ KIND, either express or implied. See the License for the
|
||||||
|
~ specific language governing permissions and limitations
|
||||||
|
~ under the License.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<!-- This file contains the list of permissions that are associated with URL end points
|
||||||
|
of the web app. Each permission should contain the name, permission path ,API path
|
||||||
|
(URL) , HTTP method and OAUTH2 authorization scope (not-required).
|
||||||
|
When defining dynamic paths for APIs, path variables are denoted by '*' notation.
|
||||||
|
For ex:
|
||||||
|
Actual API endpoint: devicemgt_admin/1.0.0/devices/{device-id}
|
||||||
|
URL to be represented here: /devices/*
|
||||||
|
NOTE: All the endpoints of the web app should be available in this file. Otherwise
|
||||||
|
it will result 403 error at the runtime.
|
||||||
|
-->
|
||||||
|
<PermissionConfiguration>
|
||||||
|
<APIVersion></APIVersion>
|
||||||
|
</PermissionConfiguration>
|
@ -0,0 +1,35 @@
|
|||||||
|
<?xml version="1.0" encoding="ISO-8859-1"?>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
* Copyright (c) 2019, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<!--
|
||||||
|
This file defines class loading policy of the whole container. But this behaviour can be overridden by individual webapps by putting this file into the META-INF/ directory.
|
||||||
|
-->
|
||||||
|
<Classloading xmlns="http://wso2.org/projects/as/classloading">
|
||||||
|
|
||||||
|
<!-- Parent-first or child-first. Default behaviour is child-first.-->
|
||||||
|
<ParentFirst>false</ParentFirst>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Default environments that contains provides to all the webapps. This can be overridden by individual webapps by specifing required environments
|
||||||
|
Tomcat environment is the default and every webapps gets it even if they didn't specify it.
|
||||||
|
e.g. If a webapps requires CXF, they will get both Tomcat and CXF.
|
||||||
|
-->
|
||||||
|
<Environments>CXF3,Carbon</Environments>
|
||||||
|
</Classloading>
|
@ -0,0 +1,37 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!--
|
||||||
|
~ Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||||
|
~
|
||||||
|
~ Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||||
|
~ Version 2.0 (the "License"); you may not use this file except
|
||||||
|
~ in compliance with the License.
|
||||||
|
~ You may obtain a copy of the License at
|
||||||
|
~
|
||||||
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
~
|
||||||
|
~ Unless required by applicable law or agreed to in writing,
|
||||||
|
~ software distributed under the License is distributed on an
|
||||||
|
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
~ KIND, either express or implied. See the License for the
|
||||||
|
~ specific language governing permissions and limitations
|
||||||
|
~ under the License.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xmlns:jaxrs="http://cxf.apache.org/jaxrs" xmlns:cxf="http://cxf.apache.org/core"
|
||||||
|
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||||
|
http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd">
|
||||||
|
|
||||||
|
<jaxrs:server id="services" address="/">
|
||||||
|
<jaxrs:serviceBeans>
|
||||||
|
<ref bean="keyManagerService"/>
|
||||||
|
</jaxrs:serviceBeans>
|
||||||
|
<jaxrs:providers>
|
||||||
|
<bean class="org.codehaus.jackson.jaxrs.JacksonJsonProvider"/>
|
||||||
|
</jaxrs:providers>
|
||||||
|
</jaxrs:server>
|
||||||
|
|
||||||
|
<bean id="keyManagerService" class="org.wso2.carbon.apimgt.keymgt.extension.api.KeyManagerServiceImpl"/>
|
||||||
|
|
||||||
|
</beans>
|
@ -0,0 +1,109 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!--
|
||||||
|
~ Copyright (c) 2021, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||||
|
~
|
||||||
|
~ Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||||
|
~ Version 2.0 (the "License"); you may not use this file except
|
||||||
|
~ in compliance with the License.
|
||||||
|
~ You may obtain a copy of the License at
|
||||||
|
~
|
||||||
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
~
|
||||||
|
~ Unless required by applicable law or agreed to in writing,
|
||||||
|
~ software distributed under the License is distributed on an
|
||||||
|
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
~ KIND, either express or implied. See the License for the
|
||||||
|
~ specific language governing permissions and limitations
|
||||||
|
~ under the License.
|
||||||
|
-->
|
||||||
|
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5">
|
||||||
|
<display-name>Grafana-API-Proxy-Webapp</display-name>
|
||||||
|
<servlet>
|
||||||
|
<description>JAX-WS/JAX-RS Grafana API Management Endpoint</description>
|
||||||
|
<display-name>JAX-WS/JAX-RS Servlet</display-name>
|
||||||
|
<servlet-name>CXFServlet</servlet-name>
|
||||||
|
<servlet-class>
|
||||||
|
org.apache.cxf.transport.servlet.CXFServlet
|
||||||
|
</servlet-class>
|
||||||
|
<!-- configure a security filter -->
|
||||||
|
<init-param>
|
||||||
|
<param-name>swagger.security.filter</param-name>
|
||||||
|
<param-value>ApiAuthorizationFilterImpl</param-value>
|
||||||
|
</init-param>
|
||||||
|
<load-on-startup>1</load-on-startup>
|
||||||
|
</servlet>
|
||||||
|
<servlet-mapping>
|
||||||
|
<servlet-name>CXFServlet</servlet-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</servlet-mapping>
|
||||||
|
<session-config>
|
||||||
|
<session-timeout>60</session-timeout>
|
||||||
|
</session-config>
|
||||||
|
|
||||||
|
<context-param>
|
||||||
|
<param-name>doAuthentication</param-name>
|
||||||
|
<param-value>false</param-value>
|
||||||
|
</context-param>
|
||||||
|
<context-param>
|
||||||
|
<param-name>basicAuth</param-name>
|
||||||
|
<param-value>false</param-value>
|
||||||
|
</context-param>
|
||||||
|
|
||||||
|
<context-param>
|
||||||
|
<param-name>nonSecuredEndPoints</param-name>
|
||||||
|
<param-value>
|
||||||
|
/keymgt-test-api/.*,
|
||||||
|
</param-value>
|
||||||
|
</context-param>
|
||||||
|
|
||||||
|
<!--publish to apim-->
|
||||||
|
<context-param>
|
||||||
|
<param-name>managed-api-enabled</param-name>
|
||||||
|
<param-value>true</param-value>
|
||||||
|
</context-param>
|
||||||
|
<context-param>
|
||||||
|
<param-name>managed-api-owner</param-name>
|
||||||
|
<param-value>admin</param-value>
|
||||||
|
</context-param>
|
||||||
|
<context-param>
|
||||||
|
<param-name>isSharedWithAllTenants</param-name>
|
||||||
|
<param-value>true</param-value>
|
||||||
|
</context-param>
|
||||||
|
|
||||||
|
<filter>
|
||||||
|
<filter-name>HttpHeaderSecurityFilter</filter-name>
|
||||||
|
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
|
||||||
|
<init-param>
|
||||||
|
<param-name>hstsEnabled</param-name>
|
||||||
|
<param-value>false</param-value>
|
||||||
|
</init-param>
|
||||||
|
</filter>
|
||||||
|
|
||||||
|
<filter>
|
||||||
|
<filter-name>ContentTypeBasedCachePreventionFilter</filter-name>
|
||||||
|
<filter-class>org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter</filter-class>
|
||||||
|
<init-param>
|
||||||
|
<param-name>patterns</param-name>
|
||||||
|
<param-value>text/html" ,application/json" ,text/plain</param-value>
|
||||||
|
</init-param>
|
||||||
|
<init-param>
|
||||||
|
<param-name>filterAction</param-name>
|
||||||
|
<param-value>enforce</param-value>
|
||||||
|
</init-param>
|
||||||
|
<init-param>
|
||||||
|
<param-name>httpHeaders</param-name>
|
||||||
|
<param-value>Cache-Control: no-store, no-cache, must-revalidate, private</param-value>
|
||||||
|
</init-param>
|
||||||
|
</filter>
|
||||||
|
|
||||||
|
<filter-mapping>
|
||||||
|
<filter-name>HttpHeaderSecurityFilter</filter-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</filter-mapping>
|
||||||
|
|
||||||
|
<filter-mapping>
|
||||||
|
<filter-name>ContentTypeBasedCachePreventionFilter</filter-name>
|
||||||
|
<url-pattern>/*</url-pattern>
|
||||||
|
</filter-mapping>
|
||||||
|
|
||||||
|
</web-app>
|
@ -0,0 +1,49 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.apimgt.keymgt.extension;
|
||||||
|
|
||||||
|
import org.apache.commons.logging.Log;
|
||||||
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
import org.wso2.carbon.apimgt.api.APIManagementException;
|
||||||
|
import org.wso2.carbon.apimgt.api.model.AccessTokenInfo;
|
||||||
|
import org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl;
|
||||||
|
|
||||||
|
public class CustomKeyManager extends AMDefaultKeyManagerImpl {
|
||||||
|
private static final Log log = LogFactory.getLog(CustomKeyManager.class);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This is used to get the metadata of the access token.
|
||||||
|
*
|
||||||
|
* @param accessToken AccessToken.
|
||||||
|
* @return The meta data details of access token.
|
||||||
|
* @throws APIManagementException This is the custom exception class for API management.
|
||||||
|
*/
|
||||||
|
@Override
|
||||||
|
public AccessTokenInfo getTokenMetaData(String accessToken) throws APIManagementException {
|
||||||
|
log.debug("Access Token With Prefix : "+accessToken);
|
||||||
|
String accessTokenWithoutPrefix = accessToken.substring(accessToken.indexOf("_")+1);
|
||||||
|
log.debug("Access Token WithOut Prefix : "+accessTokenWithoutPrefix);
|
||||||
|
return super.getTokenMetaData(accessTokenWithoutPrefix);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getType() {
|
||||||
|
return KeyMgtConstants.CUSTOM_TYPE;
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,45 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.apimgt.keymgt.extension;
|
||||||
|
|
||||||
|
public class DCRResponse {
|
||||||
|
String clientId;
|
||||||
|
String clientSecret;
|
||||||
|
|
||||||
|
public DCRResponse(String clientId, String clientSecret) {
|
||||||
|
this.clientId = clientId;
|
||||||
|
this.clientSecret = clientSecret;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getClientId() {
|
||||||
|
return clientId;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setClientId(String clientId) {
|
||||||
|
this.clientId = clientId;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getClientSecret() {
|
||||||
|
return clientSecret;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setClientSecret(String clientSecret) {
|
||||||
|
this.clientSecret = clientSecret;
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,73 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.apimgt.keymgt.extension;
|
||||||
|
|
||||||
|
import org.wso2.carbon.apimgt.api.model.ConfigurationDto;
|
||||||
|
import org.wso2.carbon.apimgt.impl.APIConstants;
|
||||||
|
import org.wso2.carbon.apimgt.impl.DefaultKeyManagerConnectorConfiguration;
|
||||||
|
import org.wso2.carbon.apimgt.impl.jwt.JWTValidatorImpl;
|
||||||
|
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.Collections;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @scr.component name="org.wso2.carbon.apimgt.keymgt.extension.customKeyManagerConfigComponent" immediate="true"
|
||||||
|
*/
|
||||||
|
public class KeyManagerConnectorConfiguration extends DefaultKeyManagerConnectorConfiguration {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getImplementation() {
|
||||||
|
return CustomKeyManager.class.getName();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getJWTValidator() {
|
||||||
|
return JWTValidatorImpl.class.getName();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public List<ConfigurationDto> getApplicationConfigurations() {
|
||||||
|
return super.getApplicationConfigurations();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getType() {
|
||||||
|
return KeyMgtConstants.CUSTOM_TYPE;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getDefaultScopesClaim() {
|
||||||
|
return APIConstants.JwtTokenConstants.SCOPE;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getDefaultConsumerKeyClaim() {
|
||||||
|
return APIConstants.JwtTokenConstants.AUTHORIZED_PARTY;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public List<ConfigurationDto> getConnectionConfigurations() {
|
||||||
|
List<ConfigurationDto> configurationDtoList = new ArrayList<>();
|
||||||
|
configurationDtoList.add(new ConfigurationDto("Username", "Username", "input", "Username of admin user", "", true, false, Collections.emptyList(), false));
|
||||||
|
configurationDtoList.add(new ConfigurationDto("Password", "Password", "input", "Password of Admin user", "", true, true, Collections.emptyList(), false));
|
||||||
|
configurationDtoList.addAll(super.getConnectionConfigurations());
|
||||||
|
return configurationDtoList;
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,333 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.apimgt.keymgt.extension;
|
||||||
|
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
|
public class KeyManagerPayload {
|
||||||
|
private String name;
|
||||||
|
private String displayName;
|
||||||
|
private String type;
|
||||||
|
private String description;
|
||||||
|
private String wellKnownEndpoint;
|
||||||
|
private String introspectionEndpoint;
|
||||||
|
private String clientRegistrationEndpoint;
|
||||||
|
private String tokenEndpoint;
|
||||||
|
private String displayTokenEndpoint;
|
||||||
|
private String revokeEndpoint;
|
||||||
|
private String displayRevokeEndpoint;
|
||||||
|
private String userInfoEndpoint;
|
||||||
|
private String authorizeEndpoint;
|
||||||
|
private Map<String, String> certificates;
|
||||||
|
private String issuer;
|
||||||
|
private String scopeManagementEndpoint;
|
||||||
|
private List<String> availableGrantTypes;
|
||||||
|
private boolean enableTokenGeneration;
|
||||||
|
private boolean enableTokenEncryption;
|
||||||
|
private boolean enableTokenHashing;
|
||||||
|
private boolean enableMapOAuthConsumerApps;
|
||||||
|
private boolean enableOAuthAppCreation;
|
||||||
|
private boolean enableSelfValidationJWT;
|
||||||
|
private List<String> claimMapping;
|
||||||
|
private String consumerKeyClaim;
|
||||||
|
private String scopesClaim;
|
||||||
|
private List<Map<String, String>> tokenValidation;
|
||||||
|
private boolean enabled;
|
||||||
|
private Map<String, Object> additionalProperties;
|
||||||
|
|
||||||
|
public KeyManagerPayload(String domainName, int tenantId, String serverUrl, String name,
|
||||||
|
List<String> availableGrantTypes, Map<String, Object> additionalProperties) {
|
||||||
|
this.name = name;
|
||||||
|
this.displayName = name;
|
||||||
|
this.type = KeyMgtConstants.CUSTOM_TYPE;
|
||||||
|
this.description = "Custom Key Manager";
|
||||||
|
this.wellKnownEndpoint = null;
|
||||||
|
this.introspectionEndpoint = serverUrl + KeyMgtConstants.INTROSPECT_ENDPOINT;
|
||||||
|
this.clientRegistrationEndpoint = serverUrl + "/t/" + domainName + KeyMgtConstants.CLIENT_REGISTRATION_ENDPOINT;
|
||||||
|
this.tokenEndpoint = serverUrl + KeyMgtConstants.OAUTH2_TOKEN_ENDPOINT;
|
||||||
|
this.displayTokenEndpoint = serverUrl + KeyMgtConstants.OAUTH2_TOKEN_ENDPOINT;
|
||||||
|
this.revokeEndpoint = serverUrl + KeyMgtConstants.REVOKE_ENDPOINT;
|
||||||
|
this.displayRevokeEndpoint = serverUrl + KeyMgtConstants.REVOKE_ENDPOINT;
|
||||||
|
this.userInfoEndpoint = serverUrl + KeyMgtConstants.USER_INFO_ENDPOINT;
|
||||||
|
this.authorizeEndpoint = serverUrl + KeyMgtConstants.AUTHORIZE_ENDPOINT;
|
||||||
|
|
||||||
|
Map<String, String> certificates = new HashMap<>();
|
||||||
|
certificates.put("type", "JWKS");
|
||||||
|
certificates.put("value", serverUrl + "/t/" + domainName + KeyMgtConstants.JWKS_ENDPOINT);
|
||||||
|
this.certificates = certificates;
|
||||||
|
|
||||||
|
this.issuer = serverUrl + "/t/" + domainName + KeyMgtConstants.OAUTH2_TOKEN_ENDPOINT;
|
||||||
|
this.scopeManagementEndpoint = serverUrl + "/t/" + domainName + KeyMgtConstants.SCOPE_MANAGEMENT_ENDPOINT;
|
||||||
|
this.availableGrantTypes = availableGrantTypes;
|
||||||
|
this.enableTokenGeneration = true;
|
||||||
|
this.enableTokenEncryption = false;
|
||||||
|
this.enableTokenHashing = false;
|
||||||
|
this.enableMapOAuthConsumerApps = true;
|
||||||
|
this.enableOAuthAppCreation = true;
|
||||||
|
this.enableSelfValidationJWT = true;
|
||||||
|
this.claimMapping = new ArrayList<>();
|
||||||
|
this.consumerKeyClaim = KeyMgtConstants.CONSUMER_KEY_CLAIM;
|
||||||
|
this.scopesClaim = KeyMgtConstants.SCOPE_CLAIM;
|
||||||
|
|
||||||
|
List<Map<String, String>> tokenValidationList = new ArrayList<>();
|
||||||
|
Map<String, String> tokenValidation = new HashMap<>();
|
||||||
|
tokenValidation.put("type", KeyMgtConstants.REFERENCE);
|
||||||
|
tokenValidation.put("value", KeyMgtConstants.TOKEN_REGEX.replaceAll("<<tenantId>>", String.valueOf(tenantId)));
|
||||||
|
tokenValidationList.add(tokenValidation);
|
||||||
|
this.tokenValidation = tokenValidationList;
|
||||||
|
|
||||||
|
this.enabled = true;
|
||||||
|
this.additionalProperties = additionalProperties;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getName() {
|
||||||
|
return name;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setName(String name) {
|
||||||
|
this.name = name;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getDisplayName() {
|
||||||
|
return displayName;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setDisplayName(String displayName) {
|
||||||
|
this.displayName = displayName;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getType() {
|
||||||
|
return type;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setType(String type) {
|
||||||
|
this.type = type;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getDescription() {
|
||||||
|
return description;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setDescription(String description) {
|
||||||
|
this.description = description;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getWellKnownEndpoint() {
|
||||||
|
return wellKnownEndpoint;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setWellKnownEndpoint(String wellKnownEndpoint) {
|
||||||
|
this.wellKnownEndpoint = wellKnownEndpoint;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getIntrospectionEndpoint() {
|
||||||
|
return introspectionEndpoint;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setIntrospectionEndpoint(String introspectionEndpoint) {
|
||||||
|
this.introspectionEndpoint = introspectionEndpoint;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getClientRegistrationEndpoint() {
|
||||||
|
return clientRegistrationEndpoint;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setClientRegistrationEndpoint(String clientRegistrationEndpoint) {
|
||||||
|
this.clientRegistrationEndpoint = clientRegistrationEndpoint;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getTokenEndpoint() {
|
||||||
|
return tokenEndpoint;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setTokenEndpoint(String tokenEndpoint) {
|
||||||
|
this.tokenEndpoint = tokenEndpoint;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getDisplayTokenEndpoint() {
|
||||||
|
return displayTokenEndpoint;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setDisplayTokenEndpoint(String displayTokenEndpoint) {
|
||||||
|
this.displayTokenEndpoint = displayTokenEndpoint;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getRevokeEndpoint() {
|
||||||
|
return revokeEndpoint;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setRevokeEndpoint(String revokeEndpoint) {
|
||||||
|
this.revokeEndpoint = revokeEndpoint;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getDisplayRevokeEndpoint() {
|
||||||
|
return displayRevokeEndpoint;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setDisplayRevokeEndpoint(String displayRevokeEndpoint) {
|
||||||
|
this.displayRevokeEndpoint = displayRevokeEndpoint;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getUserInfoEndpoint() {
|
||||||
|
return userInfoEndpoint;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setUserInfoEndpoint(String userInfoEndpoint) {
|
||||||
|
this.userInfoEndpoint = userInfoEndpoint;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getAuthorizeEndpoint() {
|
||||||
|
return authorizeEndpoint;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setAuthorizeEndpoint(String authorizeEndpoint) {
|
||||||
|
this.authorizeEndpoint = authorizeEndpoint;
|
||||||
|
}
|
||||||
|
|
||||||
|
public Map<String, String> getCertificates() {
|
||||||
|
return certificates;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setCertificates(Map<String, String> certificates) {
|
||||||
|
this.certificates = certificates;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getIssuer() {
|
||||||
|
return issuer;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setIssuer(String issuer) {
|
||||||
|
this.issuer = issuer;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getScopeManagementEndpoint() {
|
||||||
|
return scopeManagementEndpoint;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setScopeManagementEndpoint(String scopeManagementEndpoint) {
|
||||||
|
this.scopeManagementEndpoint = scopeManagementEndpoint;
|
||||||
|
}
|
||||||
|
|
||||||
|
public List<String> getAvailableGrantTypes() {
|
||||||
|
return availableGrantTypes;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setAvailableGrantTypes(List<String> availableGrantTypes) {
|
||||||
|
this.availableGrantTypes = availableGrantTypes;
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean isEnableTokenGeneration() {
|
||||||
|
return enableTokenGeneration;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setEnableTokenGeneration(boolean enableTokenGeneration) {
|
||||||
|
this.enableTokenGeneration = enableTokenGeneration;
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean isEnableTokenEncryption() {
|
||||||
|
return enableTokenEncryption;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setEnableTokenEncryption(boolean enableTokenEncryption) {
|
||||||
|
this.enableTokenEncryption = enableTokenEncryption;
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean isEnableTokenHashing() {
|
||||||
|
return enableTokenHashing;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setEnableTokenHashing(boolean enableTokenHashing) {
|
||||||
|
this.enableTokenHashing = enableTokenHashing;
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean isEnableMapOAuthConsumerApps() {
|
||||||
|
return enableMapOAuthConsumerApps;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setEnableMapOAuthConsumerApps(boolean enableMapOAuthConsumerApps) {
|
||||||
|
this.enableMapOAuthConsumerApps = enableMapOAuthConsumerApps;
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean isEnableOAuthAppCreation() {
|
||||||
|
return enableOAuthAppCreation;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setEnableOAuthAppCreation(boolean enableOAuthAppCreation) {
|
||||||
|
this.enableOAuthAppCreation = enableOAuthAppCreation;
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean isEnableSelfValidationJWT() {
|
||||||
|
return enableSelfValidationJWT;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setEnableSelfValidationJWT(boolean enableSelfValidationJWT) {
|
||||||
|
this.enableSelfValidationJWT = enableSelfValidationJWT;
|
||||||
|
}
|
||||||
|
|
||||||
|
public List<String> getClaimMapping() {
|
||||||
|
return claimMapping;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setClaimMapping(List<String> claimMapping) {
|
||||||
|
this.claimMapping = claimMapping;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getConsumerKeyClaim() {
|
||||||
|
return consumerKeyClaim;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setConsumerKeyClaim(String consumerKeyClaim) {
|
||||||
|
this.consumerKeyClaim = consumerKeyClaim;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getScopesClaim() {
|
||||||
|
return scopesClaim;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setScopesClaim(String scopesClaim) {
|
||||||
|
this.scopesClaim = scopesClaim;
|
||||||
|
}
|
||||||
|
|
||||||
|
public List<Map<String, String>> getTokenValidation() {
|
||||||
|
return tokenValidation;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setTokenValidation(List<Map<String, String>> tokenValidation) {
|
||||||
|
this.tokenValidation = tokenValidation;
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean isEnabled() {
|
||||||
|
return enabled;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setEnabled(boolean enabled) {
|
||||||
|
this.enabled = enabled;
|
||||||
|
}
|
||||||
|
|
||||||
|
public Map<String, Object> getAdditionalProperties() {
|
||||||
|
return additionalProperties;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setAdditionalProperties(Map<String, Object> additionalProperties) {
|
||||||
|
this.additionalProperties = additionalProperties;
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,52 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.apimgt.keymgt.extension;
|
||||||
|
|
||||||
|
public class KeyMgtConstants {
|
||||||
|
public static final String CUSTOM_TYPE = "CustomKeyManager";
|
||||||
|
public static final String RESERVED_OAUTH_APP_NAME_PREFIX = "reserved_app_for_";
|
||||||
|
public static final String SUPER_TENANT = "carbon.super";
|
||||||
|
public static final String DEFAULT_ADMIN_SCOPES =
|
||||||
|
"openid apim:admin apim:admin_operations apim:subscribe apim:app_manage apim:sub_manage";
|
||||||
|
public static final String CLIENT_CREDENTIALS_GRANT_TYPE = "client_credentials";
|
||||||
|
public static final String CONSUMER_KEY_CLAIM = "azp";
|
||||||
|
public static final String SCOPE_CLAIM = "scope";
|
||||||
|
public static final String REFERENCE = "REFERENCE";
|
||||||
|
public static final String TOKEN_REGEX =
|
||||||
|
"^<<tenantId>>*_[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}";
|
||||||
|
public static final int TOKEN_VALIDITY_PERIOD = 3600;
|
||||||
|
public static final String CUSTOM_KEY_MANAGER_NAME_PREFIX = "KM_";
|
||||||
|
public static final String AUTHORIZATION_HEADER = "Authorization";
|
||||||
|
public static final String X_WSO2_TENANT_HEADER = "X-WSO2-Tenant";
|
||||||
|
|
||||||
|
public static final String OAUTH2_TOKEN_ENDPOINT = "/oauth2/token";
|
||||||
|
public static final String DCR_ENDPOINT = "/api-application-registration/register";
|
||||||
|
public static final String INTROSPECT_ENDPOINT = "/oauth2/introspect";
|
||||||
|
public static final String CLIENT_REGISTRATION_ENDPOINT = "/keymanager-operations/dcr/register";
|
||||||
|
public static final String REVOKE_ENDPOINT = "";
|
||||||
|
public static final String USER_INFO_ENDPOINT = "/oauth2/userInfo";
|
||||||
|
public static final String AUTHORIZE_ENDPOINT = "/oauth2/authorize";
|
||||||
|
public static final String SCOPE_MANAGEMENT_ENDPOINT = "/api/identity/oauth2/v1.0/scopes";
|
||||||
|
public static final String JWKS_ENDPOINT = "/oauth2/jwks";
|
||||||
|
public static final String CREATE_KEY_MANAGER_ENDPOINT = "/api/am/admin/v2/key-managers";
|
||||||
|
public static final String APPLICATION_KEY_MAPPING_ENDPOINT =
|
||||||
|
"/api/am/devportal/v2/applications/<applicationId>/map-keys";
|
||||||
|
public static final String APPLICATION_TOKEN_ENDPOINT =
|
||||||
|
"/api/am/devportal/v2/applications/<applicationId>/oauth-keys/<keyMappingId>/generate-token";
|
||||||
|
}
|
@ -0,0 +1,63 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.apimgt.keymgt.extension;
|
||||||
|
|
||||||
|
public class OAuthApplication {
|
||||||
|
private String clientName;
|
||||||
|
private String callBackUrl;
|
||||||
|
private String client_id;
|
||||||
|
private String client_secret;
|
||||||
|
|
||||||
|
public OAuthApplication(String client_id, String client_secret) {
|
||||||
|
this.client_id = client_id;
|
||||||
|
this.client_secret = client_secret;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getClientName() {
|
||||||
|
return clientName;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setClientName(String clientName) {
|
||||||
|
this.clientName = clientName;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getClientId() {
|
||||||
|
return client_id;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setClientId(String clientId) {
|
||||||
|
this.client_id = clientId;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getClientSecret() {
|
||||||
|
return client_secret;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setClientSecret(String clientSecret) {
|
||||||
|
this.client_secret = clientSecret;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getCallBackUrl() {
|
||||||
|
return callBackUrl;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setCallBackUrl(String callBackUrl) {
|
||||||
|
this.callBackUrl = callBackUrl;
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,75 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.apimgt.keymgt.extension;
|
||||||
|
|
||||||
|
public class TokenRequest {
|
||||||
|
private String clientId;
|
||||||
|
private String clientSecret;
|
||||||
|
private String refreshToken;
|
||||||
|
private String scope;
|
||||||
|
private String grantType;
|
||||||
|
|
||||||
|
public TokenRequest(String clientId, String clientSecret, String refreshToken, String scope, String grantType) {
|
||||||
|
this.clientId = clientId;
|
||||||
|
this.clientSecret = clientSecret;
|
||||||
|
this.refreshToken = refreshToken;
|
||||||
|
this.scope = scope;
|
||||||
|
this.grantType = grantType;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getClientId() {
|
||||||
|
return clientId;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setClientId(String clientId) {
|
||||||
|
this.clientId = clientId;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getClientSecret() {
|
||||||
|
return clientSecret;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setClientSecret(String clientSecret) {
|
||||||
|
this.clientSecret = clientSecret;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getScope() {
|
||||||
|
return scope;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setScope(String scope) {
|
||||||
|
this.scope = scope;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getGrantType() {
|
||||||
|
return grantType;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setGrantType(String grantType) {
|
||||||
|
this.grantType = grantType;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getRefreshToken() {
|
||||||
|
return refreshToken;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setRefreshToken(String refreshToken) {
|
||||||
|
this.refreshToken = refreshToken;
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,75 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.apimgt.keymgt.extension;
|
||||||
|
|
||||||
|
public class TokenResponse {
|
||||||
|
private String access_token;
|
||||||
|
private String refresh_token;
|
||||||
|
private String scope;
|
||||||
|
private String tokenType;
|
||||||
|
private int expires_in;
|
||||||
|
|
||||||
|
public TokenResponse(String access_token, String refresh_token, String scope, String tokenType, int expires_in) {
|
||||||
|
this.access_token = access_token;
|
||||||
|
this.refresh_token = refresh_token;
|
||||||
|
this.scope = scope;
|
||||||
|
this.tokenType = tokenType;
|
||||||
|
this.expires_in = expires_in;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getAccessToken() {
|
||||||
|
return access_token;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setAccessToken(String access_token) {
|
||||||
|
this.access_token = access_token;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getRefreshToken() {
|
||||||
|
return refresh_token;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setRefreshToken(String refresh_token) {
|
||||||
|
this.refresh_token = refresh_token;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getScope() {
|
||||||
|
return scope;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setScope(String scope) {
|
||||||
|
this.scope = scope;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getTokenType() {
|
||||||
|
return tokenType;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setTokenType(String tokenType) {
|
||||||
|
this.tokenType = tokenType;
|
||||||
|
}
|
||||||
|
|
||||||
|
public int getExpiresIn() {
|
||||||
|
return expires_in;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setExpiresIn(int expires_in) {
|
||||||
|
this.expires_in = expires_in;
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,34 @@
|
|||||||
|
/*
|
||||||
|
*
|
||||||
|
* * Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||||
|
* *
|
||||||
|
* * Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||||
|
* * Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* * in compliance with the License.
|
||||||
|
* * You may obtain a copy of the License at
|
||||||
|
* *
|
||||||
|
* * http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
* *
|
||||||
|
* * Unless required by applicable law or agreed to in writing,
|
||||||
|
* * software distributed under the License is distributed on an
|
||||||
|
* * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* * KIND, either express or implied. See the License for the
|
||||||
|
* * specific language governing permissions and limitations
|
||||||
|
* * under the License.
|
||||||
|
*
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Custom exception class for handling bad request exceptions.
|
||||||
|
*/
|
||||||
|
package org.wso2.carbon.apimgt.keymgt.extension.exception;
|
||||||
|
|
||||||
|
public class BadRequestException extends Exception {
|
||||||
|
|
||||||
|
private static final long serialVersionUID = -2387103750774855056L;
|
||||||
|
|
||||||
|
public BadRequestException(String errorMessage) {
|
||||||
|
super(errorMessage);
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,32 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.apimgt.keymgt.extension.exception;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Custom exception class for key management service related exceptions.
|
||||||
|
*/
|
||||||
|
public class KeyMgtException extends Exception {
|
||||||
|
|
||||||
|
private static final long serialVersionUID = -3806174803586013552L;
|
||||||
|
|
||||||
|
public KeyMgtException(String errorMessage) {
|
||||||
|
super(errorMessage);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,40 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.apimgt.keymgt.extension.internal;
|
||||||
|
|
||||||
|
import org.wso2.carbon.apimgt.keymgt.extension.service.KeyMgtService;
|
||||||
|
|
||||||
|
public class KeyMgtDataHolder {
|
||||||
|
|
||||||
|
private static final KeyMgtDataHolder thisInstance = new KeyMgtDataHolder();
|
||||||
|
private KeyMgtService keyMgtService;
|
||||||
|
|
||||||
|
public static KeyMgtDataHolder getInstance() {
|
||||||
|
return thisInstance;
|
||||||
|
}
|
||||||
|
|
||||||
|
public KeyMgtService getKeyMgtService() {
|
||||||
|
return keyMgtService;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setKeyMgtService(KeyMgtService keyMgtService) {
|
||||||
|
this.keyMgtService = keyMgtService;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,62 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.apimgt.keymgt.extension.internal;
|
||||||
|
|
||||||
|
import org.apache.commons.logging.Log;
|
||||||
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
import org.osgi.framework.BundleContext;
|
||||||
|
import org.osgi.service.component.ComponentContext;
|
||||||
|
import org.wso2.carbon.apimgt.keymgt.extension.service.KeyMgtService;
|
||||||
|
import org.wso2.carbon.apimgt.keymgt.extension.service.KeyMgtServiceImpl;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @scr.component name="org.wso2.carbon.apimgt.keymgt.extension.keyMgtServiceComponent" immediate="true"
|
||||||
|
*/
|
||||||
|
public class KeyMgtServiceComponent {
|
||||||
|
|
||||||
|
private static final Log log = LogFactory.getLog(KeyMgtServiceComponent.class);
|
||||||
|
|
||||||
|
@SuppressWarnings("unused")
|
||||||
|
protected void activate(ComponentContext componentContext) {
|
||||||
|
try {
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Initializing key management bundle");
|
||||||
|
}
|
||||||
|
|
||||||
|
BundleContext bundleContext = componentContext.getBundleContext();
|
||||||
|
|
||||||
|
KeyMgtService keyMgtService = new KeyMgtServiceImpl();
|
||||||
|
bundleContext.registerService(KeyMgtService.class.getName(), keyMgtService, null);
|
||||||
|
KeyMgtDataHolder.getInstance().setKeyMgtService(keyMgtService);
|
||||||
|
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Key management bundle has been successfully initialized");
|
||||||
|
}
|
||||||
|
} catch (Throwable e) {
|
||||||
|
log.error("Error occurred while initializing key management bundle", e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@SuppressWarnings("unused")
|
||||||
|
protected void deactivate(ComponentContext componentContext) {
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("De-activating Key Management Service Component");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,53 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.apimgt.keymgt.extension.service;
|
||||||
|
|
||||||
|
import org.wso2.carbon.apimgt.keymgt.extension.DCRResponse;
|
||||||
|
import org.wso2.carbon.apimgt.keymgt.extension.TokenRequest;
|
||||||
|
import org.wso2.carbon.apimgt.keymgt.extension.TokenResponse;
|
||||||
|
import org.wso2.carbon.apimgt.keymgt.extension.exception.BadRequestException;
|
||||||
|
import org.wso2.carbon.apimgt.keymgt.extension.exception.KeyMgtException;
|
||||||
|
|
||||||
|
public interface KeyMgtService {
|
||||||
|
|
||||||
|
/***
|
||||||
|
* This method will handle the DCR requests for applications
|
||||||
|
*
|
||||||
|
* @param clientName client name of the application
|
||||||
|
* @param owner owner of the application
|
||||||
|
* @param grantTypes grant types to be provided
|
||||||
|
* @param callBackUrl callback url of the application
|
||||||
|
* @param tags api tags for api subscription of the application
|
||||||
|
* @param isSaasApp if the application is a saas app
|
||||||
|
* @return @{@link DCRResponse} DCR Response object with client credentials
|
||||||
|
* @throws KeyMgtException if any error occurs during DCR process
|
||||||
|
*/
|
||||||
|
DCRResponse dynamicClientRegistration(String clientName, String owner, String grantTypes, String callBackUrl,
|
||||||
|
String[] tags, boolean isSaasApp) throws KeyMgtException;
|
||||||
|
|
||||||
|
/***
|
||||||
|
* This method will handle the access token requests
|
||||||
|
*
|
||||||
|
* @param tokenRequest token request object
|
||||||
|
* @return @{@link TokenResponse} Access token information
|
||||||
|
* @throws KeyMgtException if any errors occurred while generating access token
|
||||||
|
* @throws BadRequestException if any parameters provided are invalid
|
||||||
|
*/
|
||||||
|
TokenResponse generateAccessToken(TokenRequest tokenRequest) throws KeyMgtException, BadRequestException;
|
||||||
|
}
|
@ -0,0 +1,492 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.apimgt.keymgt.extension.service;
|
||||||
|
|
||||||
|
import com.google.gson.Gson;
|
||||||
|
import okhttp3.Credentials;
|
||||||
|
import okhttp3.MediaType;
|
||||||
|
import okhttp3.OkHttpClient;
|
||||||
|
import okhttp3.Request;
|
||||||
|
import okhttp3.RequestBody;
|
||||||
|
import okhttp3.Response;
|
||||||
|
import org.apache.commons.logging.Log;
|
||||||
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
import org.apache.http.HttpStatus;
|
||||||
|
import org.json.JSONObject;
|
||||||
|
import org.wso2.carbon.apimgt.api.APIConsumer;
|
||||||
|
import org.wso2.carbon.apimgt.api.APIManagementException;
|
||||||
|
import org.wso2.carbon.apimgt.api.model.APIKey;
|
||||||
|
import org.wso2.carbon.apimgt.api.model.Application;
|
||||||
|
import org.wso2.carbon.apimgt.impl.APIManagerFactory;
|
||||||
|
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
|
||||||
|
import org.wso2.carbon.apimgt.keymgt.extension.DCRResponse;
|
||||||
|
import org.wso2.carbon.apimgt.keymgt.extension.KeyManagerPayload;
|
||||||
|
import org.wso2.carbon.apimgt.keymgt.extension.KeyMgtConstants;
|
||||||
|
import org.wso2.carbon.apimgt.keymgt.extension.OAuthApplication;
|
||||||
|
import org.wso2.carbon.apimgt.keymgt.extension.TokenRequest;
|
||||||
|
import org.wso2.carbon.apimgt.keymgt.extension.TokenResponse;
|
||||||
|
import org.wso2.carbon.apimgt.keymgt.extension.exception.BadRequestException;
|
||||||
|
import org.wso2.carbon.apimgt.keymgt.extension.exception.KeyMgtException;
|
||||||
|
import org.wso2.carbon.context.PrivilegedCarbonContext;
|
||||||
|
import org.wso2.carbon.device.mgt.core.config.DeviceConfigurationManager;
|
||||||
|
import org.wso2.carbon.device.mgt.core.config.DeviceManagementConfig;
|
||||||
|
import org.wso2.carbon.device.mgt.core.config.keymanager.KeyManagerConfigurations;
|
||||||
|
import org.wso2.carbon.user.api.UserRealm;
|
||||||
|
import org.wso2.carbon.user.api.UserStoreException;
|
||||||
|
import org.wso2.carbon.user.api.UserStoreManager;
|
||||||
|
import org.wso2.carbon.user.core.service.RealmService;
|
||||||
|
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
|
||||||
|
|
||||||
|
import javax.net.ssl.HostnameVerifier;
|
||||||
|
import javax.net.ssl.SSLContext;
|
||||||
|
import javax.net.ssl.SSLSession;
|
||||||
|
import javax.net.ssl.SSLSocketFactory;
|
||||||
|
import javax.net.ssl.TrustManager;
|
||||||
|
import javax.net.ssl.X509TrustManager;
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.security.KeyManagementException;
|
||||||
|
import java.security.NoSuchAlgorithmException;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Map;
|
||||||
|
import java.util.Set;
|
||||||
|
|
||||||
|
public class KeyMgtServiceImpl implements KeyMgtService {
|
||||||
|
|
||||||
|
private static final Log log = LogFactory.getLog(KeyMgtServiceImpl.class);
|
||||||
|
|
||||||
|
private static final OkHttpClient client = getOkHttpClient();
|
||||||
|
private static final MediaType JSON = MediaType.parse("application/json; charset=utf-8");
|
||||||
|
private static final Gson gson = new Gson();
|
||||||
|
private KeyManagerConfigurations kmConfig = null;
|
||||||
|
RealmService realmService = null;
|
||||||
|
String subTenantUserUsername, subTenantUserPassword, keyManagerName, msg = null;
|
||||||
|
|
||||||
|
public DCRResponse dynamicClientRegistration(String clientName, String owner, String grantTypes, String callBackUrl,
|
||||||
|
String[] tags, boolean isSaasApp) throws KeyMgtException {
|
||||||
|
|
||||||
|
String tenantDomain = MultitenantUtils.getTenantDomain(owner);
|
||||||
|
int tenantId;
|
||||||
|
|
||||||
|
try {
|
||||||
|
tenantId = getRealmService()
|
||||||
|
.getTenantManager().getTenantId(tenantDomain);
|
||||||
|
} catch (UserStoreException e) {
|
||||||
|
msg = "Error while loading tenant configuration";
|
||||||
|
log.error(msg);
|
||||||
|
throw new KeyMgtException(msg);
|
||||||
|
}
|
||||||
|
|
||||||
|
kmConfig = getKeyManagerConfig();
|
||||||
|
|
||||||
|
if (KeyMgtConstants.SUPER_TENANT.equals(tenantDomain)) {
|
||||||
|
OAuthApplication superTenantOauthApp = createOauthApplication(
|
||||||
|
KeyMgtConstants.RESERVED_OAUTH_APP_NAME_PREFIX + KeyMgtConstants.SUPER_TENANT,
|
||||||
|
kmConfig.getAdminUsername(), tags);
|
||||||
|
return new DCRResponse(superTenantOauthApp.getClientId(), superTenantOauthApp.getClientSecret());
|
||||||
|
} else {
|
||||||
|
// super-tenant admin dcr and token generation
|
||||||
|
OAuthApplication superTenantOauthApp = createOauthApplication(
|
||||||
|
KeyMgtConstants.RESERVED_OAUTH_APP_NAME_PREFIX + KeyMgtConstants.SUPER_TENANT,
|
||||||
|
kmConfig.getAdminUsername(), null);
|
||||||
|
String superAdminAccessToken = createAccessToken(superTenantOauthApp);
|
||||||
|
|
||||||
|
// create new key manager for the tenant, under super-tenant space
|
||||||
|
createKeyManager(tenantId, tenantDomain, superAdminAccessToken);
|
||||||
|
|
||||||
|
// create a sub-tenant user
|
||||||
|
try {
|
||||||
|
subTenantUserUsername = getRealmService()
|
||||||
|
.getTenantUserRealm(tenantId).getRealmConfiguration()
|
||||||
|
.getRealmProperty("reserved_tenant_user_username") + "@" + tenantDomain;
|
||||||
|
subTenantUserPassword = getRealmService()
|
||||||
|
.getTenantUserRealm(tenantId).getRealmConfiguration()
|
||||||
|
.getRealmProperty("reserved_tenant_user_password");
|
||||||
|
} catch (UserStoreException e) {
|
||||||
|
msg = "Error while loading user realm configuration";
|
||||||
|
log.error(msg);
|
||||||
|
throw new KeyMgtException(msg);
|
||||||
|
}
|
||||||
|
createUserIfNotExists(subTenantUserUsername, subTenantUserPassword);
|
||||||
|
|
||||||
|
// DCR for the requesting user
|
||||||
|
OAuthApplication dcrApplication = createOauthApplication(clientName, owner, tags);
|
||||||
|
String requestingUserAccessToken = createAccessToken(dcrApplication);
|
||||||
|
|
||||||
|
// get application id
|
||||||
|
Application application = getApplication(clientName, owner);
|
||||||
|
String applicationUUID = application.getUUID();
|
||||||
|
|
||||||
|
// do app key mapping
|
||||||
|
mapApplicationKeys(dcrApplication.getClientId(), dcrApplication.getClientSecret(), keyManagerName,
|
||||||
|
applicationUUID, requestingUserAccessToken);
|
||||||
|
return new DCRResponse(dcrApplication.getClientId(), dcrApplication.getClientSecret());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public TokenResponse generateAccessToken(TokenRequest tokenRequest) throws KeyMgtException, BadRequestException {
|
||||||
|
try {
|
||||||
|
Application application = APIUtil.getApplicationByClientId(tokenRequest.getClientId());
|
||||||
|
String tenantDomain = MultitenantUtils.getTenantDomain(application.getOwner());
|
||||||
|
|
||||||
|
String username, password;
|
||||||
|
if (KeyMgtConstants.SUPER_TENANT.equals(tenantDomain)) {
|
||||||
|
kmConfig = getKeyManagerConfig();
|
||||||
|
username = kmConfig.getAdminUsername();
|
||||||
|
password = kmConfig.getAdminUsername();
|
||||||
|
} else {
|
||||||
|
try {
|
||||||
|
username = getRealmService()
|
||||||
|
.getTenantUserRealm(-1234).getRealmConfiguration()
|
||||||
|
.getRealmProperty("reserved_tenant_user_username") + "@" + tenantDomain;
|
||||||
|
password = getRealmService()
|
||||||
|
.getTenantUserRealm(-1234).getRealmConfiguration()
|
||||||
|
.getRealmProperty("reserved_tenant_user_password");
|
||||||
|
} catch (UserStoreException e) {
|
||||||
|
msg = "Error while loading user realm configuration";
|
||||||
|
log.error(msg);
|
||||||
|
throw new KeyMgtException(msg);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
JSONObject jsonObject = new JSONObject();
|
||||||
|
if ("client_credentials".equals(tokenRequest.getGrantType())) {
|
||||||
|
jsonObject.put("grant_type", "password");
|
||||||
|
jsonObject.put("username", username);
|
||||||
|
jsonObject.put("password", password);
|
||||||
|
} else if ("refresh_token".equals(tokenRequest.getGrantType())) {
|
||||||
|
jsonObject.put("grant_type", "refresh_token");
|
||||||
|
jsonObject.put("refresh_token", tokenRequest.getRefreshToken());
|
||||||
|
} else {
|
||||||
|
msg = "Invalid grant type: " + tokenRequest.getGrantType();
|
||||||
|
throw new BadRequestException(msg);
|
||||||
|
}
|
||||||
|
jsonObject.put("scope", tokenRequest.getScope());
|
||||||
|
|
||||||
|
RequestBody appTokenPayload = RequestBody.Companion.create(jsonObject.toString(), JSON);
|
||||||
|
kmConfig = getKeyManagerConfig();
|
||||||
|
String appTokenEndpoint = kmConfig.getServerUrl() + KeyMgtConstants.OAUTH2_TOKEN_ENDPOINT;
|
||||||
|
Request request = new Request.Builder()
|
||||||
|
.url(appTokenEndpoint)
|
||||||
|
.addHeader(KeyMgtConstants.AUTHORIZATION_HEADER, Credentials.basic(tokenRequest.getClientId(), tokenRequest.getClientSecret()))
|
||||||
|
.post(appTokenPayload)
|
||||||
|
.build();
|
||||||
|
|
||||||
|
Response response = client.newCall(request).execute();
|
||||||
|
jsonObject = new JSONObject(response.body().string());
|
||||||
|
String accessToken;
|
||||||
|
if (KeyMgtConstants.SUPER_TENANT.equals(tenantDomain)) {
|
||||||
|
accessToken = jsonObject.getString("access_token");
|
||||||
|
} else {
|
||||||
|
int tenantId = getRealmService()
|
||||||
|
.getTenantManager().getTenantId(tenantDomain);
|
||||||
|
accessToken = tenantId + "_" + jsonObject.getString("access_token");
|
||||||
|
}
|
||||||
|
return new TokenResponse(accessToken,
|
||||||
|
jsonObject.getString("refresh_token"),
|
||||||
|
jsonObject.getString("scope"),
|
||||||
|
jsonObject.getString("token_type"),
|
||||||
|
jsonObject.getInt("expires_in"));
|
||||||
|
|
||||||
|
} catch (APIManagementException e) {
|
||||||
|
msg = "Error occurred while retrieving application";
|
||||||
|
log.error(msg);
|
||||||
|
throw new KeyMgtException(msg);
|
||||||
|
} catch (IOException e) {
|
||||||
|
msg = "Error occurred while mapping application keys";
|
||||||
|
log.error(msg);
|
||||||
|
throw new KeyMgtException(msg);
|
||||||
|
} catch (UserStoreException e) {
|
||||||
|
msg = "Error occurred while fetching tenant id";
|
||||||
|
log.error(msg);
|
||||||
|
throw new KeyMgtException(msg);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/***
|
||||||
|
* Maps the application's keys with the given key manager
|
||||||
|
*
|
||||||
|
* @param consumerKey consumer key of the application
|
||||||
|
* @param consumerSecret consumer secret of the application
|
||||||
|
* @param keyManager key-manager name to which the keys should be mapped with
|
||||||
|
* @param applicationUUID application's UUID
|
||||||
|
* @param accessToken access token of the tenant user
|
||||||
|
* @throws KeyMgtException if an error occurs while mapping application keys with the key-manager
|
||||||
|
*/
|
||||||
|
private void mapApplicationKeys(String consumerKey, String consumerSecret, String keyManager,
|
||||||
|
String applicationUUID, String accessToken) throws KeyMgtException {
|
||||||
|
JSONObject jsonObject = new JSONObject();
|
||||||
|
jsonObject.put("consumerKey", consumerKey);
|
||||||
|
jsonObject.put("consumerSecret", consumerSecret);
|
||||||
|
jsonObject.put("keyManager", keyManager);
|
||||||
|
jsonObject.put("keyType", "PRODUCTION");
|
||||||
|
|
||||||
|
RequestBody keyMappingPayload = RequestBody.Companion.create(jsonObject.toString(), JSON);
|
||||||
|
kmConfig = getKeyManagerConfig();
|
||||||
|
String keyMappingEndpoint = kmConfig.getServerUrl() +
|
||||||
|
KeyMgtConstants.APPLICATION_KEY_MAPPING_ENDPOINT.replaceAll("<applicationId>", applicationUUID);
|
||||||
|
Request request = new Request.Builder()
|
||||||
|
.url(keyMappingEndpoint)
|
||||||
|
.addHeader(KeyMgtConstants.AUTHORIZATION_HEADER, "Bearer " + accessToken)
|
||||||
|
.addHeader(KeyMgtConstants.X_WSO2_TENANT_HEADER, KeyMgtConstants.SUPER_TENANT)
|
||||||
|
.post(keyMappingPayload)
|
||||||
|
.build();
|
||||||
|
|
||||||
|
try {
|
||||||
|
client.newCall(request).execute();
|
||||||
|
} catch (IOException e) {
|
||||||
|
msg = "Error occurred while mapping application keys";
|
||||||
|
throw new KeyMgtException(msg);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/***
|
||||||
|
* Creates user if not exists already in the user store
|
||||||
|
*
|
||||||
|
* @param username username of the user
|
||||||
|
* @param password password of the user
|
||||||
|
* @throws KeyMgtException if any error occurs while fetching tenant details
|
||||||
|
*/
|
||||||
|
private void createUserIfNotExists(String username, String password) throws KeyMgtException {
|
||||||
|
try {
|
||||||
|
String tenantDomain = MultitenantUtils.getTenantDomain(username);
|
||||||
|
int tenantId = getRealmService()
|
||||||
|
.getTenantManager().getTenantId(tenantDomain);
|
||||||
|
UserRealm userRealm = getRealmService()
|
||||||
|
.getTenantUserRealm(tenantId);
|
||||||
|
UserStoreManager userStoreManager = userRealm.getUserStoreManager();
|
||||||
|
|
||||||
|
if (!userStoreManager.isExistingUser(MultitenantUtils.getTenantAwareUsername(username))) {
|
||||||
|
String[] roles = {"admin"};
|
||||||
|
userStoreManager.addUser(MultitenantUtils.getTenantAwareUsername(username), password, roles, null, "");
|
||||||
|
}
|
||||||
|
} catch (UserStoreException e) {
|
||||||
|
msg = "Error when trying to fetch tenant details";
|
||||||
|
log.error(msg);
|
||||||
|
throw new KeyMgtException(msg);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/***
|
||||||
|
* Creates an OAuth Application
|
||||||
|
*
|
||||||
|
* @param clientName Name of the client application
|
||||||
|
* @param owner Owner's name of the client application
|
||||||
|
* @return @{@link OAuthApplication} OAuth application object
|
||||||
|
* @throws KeyMgtException if any error occurs while creating response object
|
||||||
|
*/
|
||||||
|
private OAuthApplication createOauthApplication (String clientName, String owner, String[] tags) throws KeyMgtException {
|
||||||
|
String oauthAppCreationPayloadStr = createOauthAppCreationPayload(clientName, owner, tags);
|
||||||
|
RequestBody oauthAppCreationPayload = RequestBody.Companion.create(oauthAppCreationPayloadStr, JSON);
|
||||||
|
kmConfig = getKeyManagerConfig();
|
||||||
|
String dcrEndpoint = kmConfig.getServerUrl() + KeyMgtConstants.DCR_ENDPOINT;
|
||||||
|
String username, password;
|
||||||
|
|
||||||
|
if (KeyMgtConstants.SUPER_TENANT.equals(MultitenantUtils.getTenantDomain(owner))) {
|
||||||
|
username = kmConfig.getAdminUsername();
|
||||||
|
password = kmConfig.getAdminPassword();
|
||||||
|
} else {
|
||||||
|
username = subTenantUserUsername;
|
||||||
|
password = subTenantUserPassword;
|
||||||
|
}
|
||||||
|
|
||||||
|
Request request = new Request.Builder()
|
||||||
|
.url(dcrEndpoint)
|
||||||
|
.addHeader(KeyMgtConstants.AUTHORIZATION_HEADER, Credentials.basic(username, password))
|
||||||
|
.post(oauthAppCreationPayload)
|
||||||
|
.build();
|
||||||
|
try {
|
||||||
|
Response response = client.newCall(request).execute();
|
||||||
|
return gson.fromJson(response.body().string(), OAuthApplication.class);
|
||||||
|
} catch (IOException e) {
|
||||||
|
msg = "Error occurred while processing the response";
|
||||||
|
throw new KeyMgtException(msg);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/***
|
||||||
|
* Creates access token with client credentials grant type
|
||||||
|
*
|
||||||
|
* @param oAuthApp OAuth application object
|
||||||
|
* @return Access token
|
||||||
|
* @throws KeyMgtException if any error occurs while reading access token from the response
|
||||||
|
*/
|
||||||
|
private String createAccessToken (OAuthApplication oAuthApp) throws KeyMgtException {
|
||||||
|
JSONObject jsonObject = new JSONObject();
|
||||||
|
jsonObject.put("grant_type", KeyMgtConstants.CLIENT_CREDENTIALS_GRANT_TYPE);
|
||||||
|
jsonObject.put("scope", KeyMgtConstants.DEFAULT_ADMIN_SCOPES);
|
||||||
|
|
||||||
|
RequestBody accessTokenReqPayload = RequestBody.Companion.create(jsonObject.toString(), JSON);
|
||||||
|
kmConfig = getKeyManagerConfig();
|
||||||
|
String tokenEndpoint = kmConfig.getServerUrl() + KeyMgtConstants.OAUTH2_TOKEN_ENDPOINT;
|
||||||
|
Request request = new Request.Builder()
|
||||||
|
.url(tokenEndpoint)
|
||||||
|
.addHeader(KeyMgtConstants.AUTHORIZATION_HEADER, Credentials.basic(oAuthApp.getClientId(), oAuthApp.getClientSecret()))
|
||||||
|
.post(accessTokenReqPayload)
|
||||||
|
.build();
|
||||||
|
|
||||||
|
try {
|
||||||
|
Response response = client.newCall(request).execute();
|
||||||
|
jsonObject = new JSONObject(response.body().string());
|
||||||
|
return jsonObject.getString("access_token");
|
||||||
|
} catch (IOException e) {
|
||||||
|
msg = "Error occurred while reading access token from response";
|
||||||
|
throw new KeyMgtException(msg);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/***
|
||||||
|
* Creates a key manager for a given tenant, under super-tenant space
|
||||||
|
*
|
||||||
|
* @param tenantId tenant-id of the key-manager
|
||||||
|
* @param tenantDomain tenant domain of the key-manager
|
||||||
|
* @param accessToken access token of the super-tenant user
|
||||||
|
* @throws KeyMgtException if any error occurs while creating a key-manager
|
||||||
|
*/
|
||||||
|
private void createKeyManager(int tenantId, String tenantDomain, String accessToken) throws KeyMgtException {
|
||||||
|
try {
|
||||||
|
List<String> kmGrantTypes = new ArrayList<>();
|
||||||
|
kmGrantTypes.add("client_credentials");
|
||||||
|
|
||||||
|
kmConfig = getKeyManagerConfig();
|
||||||
|
Map<String, Object> additionalProperties = new HashMap<>();
|
||||||
|
additionalProperties.put("Username", kmConfig.getAdminUsername());
|
||||||
|
additionalProperties.put("Password", kmConfig.getAdminPassword());
|
||||||
|
additionalProperties.put("self_validate_jwt", true);
|
||||||
|
|
||||||
|
keyManagerName = generateCustomKeyManagerName(tenantDomain);
|
||||||
|
KeyManagerPayload keyManagerPayload = new KeyManagerPayload(
|
||||||
|
tenantDomain, tenantId, kmConfig.getServerUrl(),
|
||||||
|
keyManagerName, kmGrantTypes, additionalProperties
|
||||||
|
);
|
||||||
|
String createKeyManagerPayload = gson.toJson(keyManagerPayload);
|
||||||
|
RequestBody requestBody = RequestBody.Companion.create(createKeyManagerPayload, JSON);
|
||||||
|
String keyManagerEndpoint = kmConfig.getServerUrl() + KeyMgtConstants.CREATE_KEY_MANAGER_ENDPOINT;
|
||||||
|
Request request = new Request.Builder()
|
||||||
|
.url(keyManagerEndpoint)
|
||||||
|
.addHeader(KeyMgtConstants.AUTHORIZATION_HEADER, "Bearer " + accessToken)
|
||||||
|
.post(requestBody)
|
||||||
|
.build();
|
||||||
|
client.newCall(request).execute();
|
||||||
|
} catch (IOException e) {
|
||||||
|
msg = "Error occurred while invoking create key manager endpoint";
|
||||||
|
log.error(msg);
|
||||||
|
throw new KeyMgtException(msg);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/***
|
||||||
|
* Retrieves an application by name and owner
|
||||||
|
*
|
||||||
|
* @param applicationName name of the application
|
||||||
|
* @param owner owner of the application
|
||||||
|
* @return @{@link Application} Application object
|
||||||
|
* @throws KeyMgtException if any error occurs while retrieving the application
|
||||||
|
*/
|
||||||
|
private Application getApplication(String applicationName, String owner) throws KeyMgtException {
|
||||||
|
try {
|
||||||
|
APIManagerFactory apiManagerFactory = APIManagerFactory.getInstance();
|
||||||
|
APIConsumer apiConsumer = apiManagerFactory.getAPIConsumer(owner);
|
||||||
|
return apiConsumer.getApplicationsByName(owner, applicationName, "");
|
||||||
|
} catch (APIManagementException e) {
|
||||||
|
msg = "Error while trying to retrieve the application";
|
||||||
|
log.error(msg);
|
||||||
|
throw new KeyMgtException(msg);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private String createOauthAppCreationPayload(String clientName, String owner, String[] tags) {
|
||||||
|
JSONObject jsonObject = new JSONObject();
|
||||||
|
jsonObject.put("applicationName", clientName);
|
||||||
|
jsonObject.put("username", owner);
|
||||||
|
jsonObject.put("tags", tags);
|
||||||
|
return jsonObject.toString();
|
||||||
|
}
|
||||||
|
|
||||||
|
private String generateCustomKeyManagerName(String tenantDomain) {
|
||||||
|
return KeyMgtConstants.CUSTOM_KEY_MANAGER_NAME_PREFIX + tenantDomain;
|
||||||
|
}
|
||||||
|
|
||||||
|
private RealmService getRealmService() {
|
||||||
|
if(realmService == null) {
|
||||||
|
PrivilegedCarbonContext context = PrivilegedCarbonContext.getThreadLocalCarbonContext();
|
||||||
|
return (RealmService) context.getOSGiService(RealmService.class, null);
|
||||||
|
} else {
|
||||||
|
return realmService;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private static OkHttpClient getOkHttpClient() {
|
||||||
|
X509TrustManager trustAllCerts = new X509TrustManager() {
|
||||||
|
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
|
||||||
|
return new java.security.cert.X509Certificate[0];
|
||||||
|
}
|
||||||
|
|
||||||
|
public void checkClientTrusted(
|
||||||
|
java.security.cert.X509Certificate[] certs, String authType) {
|
||||||
|
}
|
||||||
|
|
||||||
|
public void checkServerTrusted(
|
||||||
|
java.security.cert.X509Certificate[] certs, String authType) {
|
||||||
|
}
|
||||||
|
};
|
||||||
|
return new OkHttpClient.Builder()
|
||||||
|
.sslSocketFactory(getSimpleTrustedSSLSocketFactory(), trustAllCerts)
|
||||||
|
.hostnameVerifier(new HostnameVerifier() {
|
||||||
|
@Override
|
||||||
|
public boolean verify(String s, SSLSession sslSession) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}).build();
|
||||||
|
}
|
||||||
|
|
||||||
|
private static SSLSocketFactory getSimpleTrustedSSLSocketFactory() {
|
||||||
|
try {
|
||||||
|
TrustManager[] trustAllCerts = new TrustManager[]{
|
||||||
|
new X509TrustManager() {
|
||||||
|
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
public void checkClientTrusted(
|
||||||
|
java.security.cert.X509Certificate[] certs, String authType) {
|
||||||
|
}
|
||||||
|
public void checkServerTrusted(
|
||||||
|
java.security.cert.X509Certificate[] certs, String authType) {
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
SSLContext sc = SSLContext.getInstance("SSL");
|
||||||
|
sc.init(null, trustAllCerts, new java.security.SecureRandom());
|
||||||
|
return sc.getSocketFactory();
|
||||||
|
} catch (KeyManagementException | NoSuchAlgorithmException e) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
private KeyManagerConfigurations getKeyManagerConfig() {
|
||||||
|
if (kmConfig != null) {
|
||||||
|
return kmConfig;
|
||||||
|
} else {
|
||||||
|
DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance().getDeviceManagementConfig();
|
||||||
|
return deviceManagementConfig.getKeyManagerConfigurations();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
@ -1 +1,3 @@
|
|||||||
instructions.configure = \
|
instructions.configure = \
|
||||||
|
org.eclipse.equinox.p2.touchpoint.natives.mkdir(path:${installFolder}/../../deployment/server/webapps/);\
|
||||||
|
org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.apimgt.keymgt.extension_${feature.version}/webapps/api-key-management.war,target:${installFolder}/../../deployment/server/webapps/api-key-management.war,overwrite:true);\
|
||||||
|
Loading…
Reference in new issue