From bf8efa35a72ead0cc580c460944a5568b2b61d72 Mon Sep 17 00:00:00 2001 From: Amalka Subasinghe Date: Sat, 18 Mar 2023 01:45:17 +0530 Subject: [PATCH] updated keymgt extensions to support validity period --- .../APIManagementProviderServiceImpl.java | 6 +++++- .../keymgt/extension/api/DCRRequest.java | 11 +++++++++++ .../extension/api/KeyManagerService.java | 3 ++- .../extension/api/KeyManagerServiceImpl.java | 7 ++++--- .../apimgt/keymgt/extension/TokenRequest.java | 13 ++++++++++++- .../extension/service/KeyMgtService.java | 2 +- .../extension/service/KeyMgtServiceImpl.java | 18 ++++++++++-------- 7 files changed, 45 insertions(+), 15 deletions(-) diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderServiceImpl.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderServiceImpl.java index 4ef90936b2..95a95df957 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderServiceImpl.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderServiceImpl.java @@ -256,10 +256,14 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe keyManagerId = keyManagerConfigurationDTO.getUuid(); } } + String applicationAccessTokenExpiryTime = "N/A"; + if(!StringUtils.isEmpty(validityTime)) { + applicationAccessTokenExpiryTime = validityTime; + } String jsonString = "{\"grant_types\":\"refresh_token,access_token," + "urn:ietf:params:oauth:grant-type:saml2-bearer," + "password,client_credentials,iwa:ntlm,urn:ietf:params:oauth:grant-type:jwt-bearer\"," + - "\"additionalProperties\":\"{\\\"application_access_token_expiry_time\\\":\\\"N\\/A\\\"," + + "\"additionalProperties\":\"{\\\"application_access_token_expiry_time\\\":\\\""+applicationAccessTokenExpiryTime +"\\\"," + "\\\"user_access_token_expiry_time\\\":\\\"N\\/A\\\"," + "\\\"refresh_token_expiry_time\\\":\\\"N\\/A\\\"," + "\\\"id_token_expiry_time\\\":\\\"N\\/A\\\"}\"," + diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.keymgt.extension.api/src/main/java/org/wso2/carbon/apimgt/keymgt/extension/api/DCRRequest.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.keymgt.extension.api/src/main/java/org/wso2/carbon/apimgt/keymgt/extension/api/DCRRequest.java index 5054e2220d..7d45e71ef6 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.keymgt.extension.api/src/main/java/org/wso2/carbon/apimgt/keymgt/extension/api/DCRRequest.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.keymgt.extension.api/src/main/java/org/wso2/carbon/apimgt/keymgt/extension/api/DCRRequest.java @@ -40,6 +40,9 @@ public class DCRRequest { @XmlElement private boolean isSaasApp; + @XmlElement + private int validityPeriod; + public String getApplicationName() { return applicationName; } @@ -87,4 +90,12 @@ public class DCRRequest { public void setIsSaasApp(boolean saasApp) { isSaasApp = saasApp; } + + public int getValidityPeriod() { + return validityPeriod; + } + + public void setValidityPeriod(int validityPeriod) { + this.validityPeriod = validityPeriod; + } } diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.keymgt.extension.api/src/main/java/org/wso2/carbon/apimgt/keymgt/extension/api/KeyManagerService.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.keymgt.extension.api/src/main/java/org/wso2/carbon/apimgt/keymgt/extension/api/KeyManagerService.java index dfd6af295a..3775d6d9f1 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.keymgt.extension.api/src/main/java/org/wso2/carbon/apimgt/keymgt/extension/api/KeyManagerService.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.keymgt.extension.api/src/main/java/org/wso2/carbon/apimgt/keymgt/extension/api/KeyManagerService.java @@ -46,5 +46,6 @@ public interface KeyManagerService { @FormParam("assertion") String assertion, @FormParam("admin_access_token") String admin_access_token, @FormParam("username") String username, - @FormParam("password") String password); + @FormParam("password") String password, + @FormParam("validityPeriod") int validityPeriod); } diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.keymgt.extension.api/src/main/java/org/wso2/carbon/apimgt/keymgt/extension/api/KeyManagerServiceImpl.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.keymgt.extension.api/src/main/java/org/wso2/carbon/apimgt/keymgt/extension/api/KeyManagerServiceImpl.java index 961951f865..59d93912b0 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.keymgt.extension.api/src/main/java/org/wso2/carbon/apimgt/keymgt/extension/api/KeyManagerServiceImpl.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.keymgt.extension.api/src/main/java/org/wso2/carbon/apimgt/keymgt/extension/api/KeyManagerServiceImpl.java @@ -51,7 +51,7 @@ public class KeyManagerServiceImpl implements KeyManagerService { try { KeyMgtService keyMgtService = new KeyMgtServiceImpl(); DCRResponse resp = keyMgtService.dynamicClientRegistration(dcrRequest.getApplicationName(), dcrRequest.getUsername(), - dcrRequest.getGrantTypes(), dcrRequest.getCallBackUrl(), dcrRequest.getTags(), dcrRequest.getIsSaasApp()); + dcrRequest.getGrantTypes(), dcrRequest.getCallBackUrl(), dcrRequest.getTags(), dcrRequest.getIsSaasApp(), dcrRequest.getValidityPeriod()); return Response.status(Response.Status.CREATED).entity(gson.toJson(resp)).build(); } catch (KeyMgtException e) { return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); @@ -69,7 +69,8 @@ public class KeyManagerServiceImpl implements KeyManagerService { @FormParam("assertion") String assertion, @FormParam("admin_access_token") String admin_access_token, @FormParam("username") String username, - @FormParam("password") String password) { + @FormParam("password") String password, + @FormParam("validityPeriod") int validityPeriod) { try { if (basicAuthHeader == null) { String msg = "Invalid credentials. Make sure your API call is invoked with a Basic Authorization header."; @@ -80,7 +81,7 @@ public class KeyManagerServiceImpl implements KeyManagerService { TokenResponse resp = keyMgtService.generateAccessToken( new TokenRequest(encodedClientCredentials.split(":")[0], encodedClientCredentials.split(":")[1], refreshToken, scope, - grantType, assertion, admin_access_token, username, password)); + grantType, assertion, admin_access_token, username, password, validityPeriod)); return Response.status(Response.Status.OK).entity(gson.toJson(resp)).build(); } catch (KeyMgtException e) { return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.keymgt.extension/src/main/java/org/wso2/carbon/apimgt/keymgt/extension/TokenRequest.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.keymgt.extension/src/main/java/org/wso2/carbon/apimgt/keymgt/extension/TokenRequest.java index 860b267161..6bddd30d0b 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.keymgt.extension/src/main/java/org/wso2/carbon/apimgt/keymgt/extension/TokenRequest.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.keymgt.extension/src/main/java/org/wso2/carbon/apimgt/keymgt/extension/TokenRequest.java @@ -29,8 +29,10 @@ public class TokenRequest { private String username; private String password; + private int validityPeriod; + public TokenRequest(String clientId, String clientSecret, String refreshToken, String scope, String grantType, - String assertion, String admin_access_token, String username, String password) { + String assertion, String admin_access_token, String username, String password, int validityPeriod) { this.clientId = clientId; this.clientSecret = clientSecret; this.refreshToken = refreshToken; @@ -40,6 +42,7 @@ public class TokenRequest { this.admin_access_token = admin_access_token; this.username = username; this.password = password; + this.validityPeriod = validityPeriod; } public String getClientId() { @@ -113,4 +116,12 @@ public class TokenRequest { public void setPassword(String password) { this.password = password; } + + public int getValidityPeriod() { + return validityPeriod; + } + + public void setValidityPeriod(int validityPeriod) { + this.validityPeriod = validityPeriod; + } } diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.keymgt.extension/src/main/java/org/wso2/carbon/apimgt/keymgt/extension/service/KeyMgtService.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.keymgt.extension/src/main/java/org/wso2/carbon/apimgt/keymgt/extension/service/KeyMgtService.java index a9aa2d346a..4e185d2f4d 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.keymgt.extension/src/main/java/org/wso2/carbon/apimgt/keymgt/extension/service/KeyMgtService.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.keymgt.extension/src/main/java/org/wso2/carbon/apimgt/keymgt/extension/service/KeyMgtService.java @@ -39,7 +39,7 @@ public interface KeyMgtService { * @throws KeyMgtException if any error occurs during DCR process */ DCRResponse dynamicClientRegistration(String clientName, String owner, String grantTypes, String callBackUrl, - String[] tags, boolean isSaasApp) throws KeyMgtException; + String[] tags, boolean isSaasApp, int validityPeriod) throws KeyMgtException; /*** * This method will handle the access token requests diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.keymgt.extension/src/main/java/org/wso2/carbon/apimgt/keymgt/extension/service/KeyMgtServiceImpl.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.keymgt.extension/src/main/java/org/wso2/carbon/apimgt/keymgt/extension/service/KeyMgtServiceImpl.java index 4640fc9a57..1a564e1246 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.keymgt.extension/src/main/java/org/wso2/carbon/apimgt/keymgt/extension/service/KeyMgtServiceImpl.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.keymgt.extension/src/main/java/org/wso2/carbon/apimgt/keymgt/extension/service/KeyMgtServiceImpl.java @@ -77,7 +77,7 @@ public class KeyMgtServiceImpl implements KeyMgtService { String subTenantUserUsername, subTenantUserPassword, keyManagerName, msg = null; public DCRResponse dynamicClientRegistration(String clientName, String owner, String grantTypes, String callBackUrl, - String[] tags, boolean isSaasApp) throws KeyMgtException { + String[] tags, boolean isSaasApp, int validityPeriod) throws KeyMgtException { if (owner == null) { PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext(); @@ -105,13 +105,13 @@ public class KeyMgtServiceImpl implements KeyMgtService { kmConfig = getKeyManagerConfig(); if (KeyMgtConstants.SUPER_TENANT.equals(tenantDomain)) { - OAuthApplication dcrApplication = createOauthApplication(clientName, kmConfig.getAdminUsername(), tags); + OAuthApplication dcrApplication = createOauthApplication(clientName, kmConfig.getAdminUsername(), tags, validityPeriod); return new DCRResponse(dcrApplication.getClientId(), dcrApplication.getClientSecret()); } else { // super-tenant admin dcr and token generation OAuthApplication superTenantOauthApp = createOauthApplication( KeyMgtConstants.RESERVED_OAUTH_APP_NAME_PREFIX + KeyMgtConstants.SUPER_TENANT, - kmConfig.getAdminUsername(), null); + kmConfig.getAdminUsername(), null, validityPeriod); String superAdminAccessToken = createAccessToken(superTenantOauthApp); // create new key manager for the tenant, under super-tenant space @@ -133,7 +133,7 @@ public class KeyMgtServiceImpl implements KeyMgtService { createUserIfNotExists(subTenantUserUsername, subTenantUserPassword); // DCR for the requesting user - OAuthApplication dcrApplication = createOauthApplication(clientName, owner, tags); + OAuthApplication dcrApplication = createOauthApplication(clientName, owner, tags, validityPeriod); String requestingUserAccessToken = createAccessToken(dcrApplication); // get application id @@ -167,7 +167,8 @@ public class KeyMgtServiceImpl implements KeyMgtService { case "client_credentials": appTokenPayload = new FormBody.Builder() .add("grant_type", "client_credentials") - .add("scope", tokenRequest.getScope()).build(); + .add("scope", tokenRequest.getScope()) + .add("validityPeriod", String.valueOf(tokenRequest.getValidityPeriod())).build(); break; case "password": appTokenPayload = new FormBody.Builder() @@ -322,8 +323,8 @@ public class KeyMgtServiceImpl implements KeyMgtService { * @return @{@link OAuthApplication} OAuth application object * @throws KeyMgtException if any error occurs while creating response object */ - private OAuthApplication createOauthApplication (String clientName, String owner, String[] tags) throws KeyMgtException { - String oauthAppCreationPayloadStr = createOauthAppCreationPayload(clientName, owner, tags); + private OAuthApplication createOauthApplication (String clientName, String owner, String[] tags, int validityPeriod) throws KeyMgtException { + String oauthAppCreationPayloadStr = createOauthAppCreationPayload(clientName, owner, tags, validityPeriod); RequestBody oauthAppCreationPayload = RequestBody.Companion.create(oauthAppCreationPayloadStr, JSON); kmConfig = getKeyManagerConfig(); String dcrEndpoint = kmConfig.getServerUrl() + KeyMgtConstants.DCR_ENDPOINT; @@ -442,11 +443,12 @@ public class KeyMgtServiceImpl implements KeyMgtService { } } - private String createOauthAppCreationPayload(String clientName, String owner, String[] tags) { + private String createOauthAppCreationPayload(String clientName, String owner, String[] tags, int validityPeriod) { JSONObject jsonObject = new JSONObject(); jsonObject.put("applicationName", clientName); jsonObject.put("username", owner); jsonObject.put("tags", tags); + jsonObject.put("validityPeriod", validityPeriod); return jsonObject.toString(); }