few changes after testing the cluster

merge-requests/7/head
ayyoob 8 years ago
parent 0d721a226b
commit de957bec29

@ -59,7 +59,7 @@
<Bundle-Name>${project.artifactId}</Bundle-Name> <Bundle-Name>${project.artifactId}</Bundle-Name>
<Bundle-Version>${carbon.device.mgt.version}</Bundle-Version> <Bundle-Version>${carbon.device.mgt.version}</Bundle-Version>
<Bundle-Description>IoT Server Impl Bundle</Bundle-Description> <Bundle-Description>IoT Server Impl Bundle</Bundle-Description>
<Private-Package>org.wso2.carbon.device.mgt.iot.url.printer.internal</Private-Package> <Private-Package>org.wso2.carbon.device.mgt.url.printer.internal</Private-Package>
<Import-Package> <Import-Package>
org.osgi.framework, org.osgi.framework,
org.osgi.service.component, org.osgi.service.component,
@ -69,8 +69,8 @@
org.wso2.carbon.utils.*, org.wso2.carbon.utils.*,
</Import-Package> </Import-Package>
<Export-Package> <Export-Package>
!org.wso2.carbon.device.mgt.iot.url.printer.internal, !org.wso2.carbon.device.mgt.url.printer.internal,
org.wso2.carbon.device.mgt.iot.url.printer.*;version="${project.version}" org.wso2.carbon.device.mgt.url.printer.*;version="${project.version}"
</Export-Package> </Export-Package>
</instructions> </instructions>
</configuration> </configuration>

@ -62,7 +62,7 @@ public class JWTAuthenticator implements WebappAuthenticator {
private static final String DEFAULT_TRUST_STORE_LOCATION = "Security.TrustStore.Location"; private static final String DEFAULT_TRUST_STORE_LOCATION = "Security.TrustStore.Location";
private static final String DEFAULT_TRUST_STORE_PASSWORD = "Security.TrustStore.Password"; private static final String DEFAULT_TRUST_STORE_PASSWORD = "Security.TrustStore.Password";
private static final Map<String, PublicKey> publicKeyHolder = new HashMap<>(); private static final Map<IssuerAlias, PublicKey> publicKeyHolder = new HashMap<>();
private Properties properties; private Properties properties;
private static void loadTenantRegistry(int tenantId) throws RegistryException { private static void loadTenantRegistry(int tenantId) throws RegistryException {
@ -106,46 +106,37 @@ public class JWTAuthenticator implements WebappAuthenticator {
String username = jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_USERNAME); String username = jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_USERNAME);
String tenantDomain = MultitenantUtils.getTenantDomain(username); String tenantDomain = MultitenantUtils.getTenantDomain(username);
int tenantId = Integer.parseInt(jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_TENANT_ID)); int tenantId = Integer.parseInt(jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_TENANT_ID));
String issuer = jwsObject.getJWTClaimsSet().getIssuer();
PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain); PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain);
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(tenantId); PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(tenantId);
PublicKey publicKey = publicKeyHolder.get(tenantDomain); IssuerAlias issuerAlias = new IssuerAlias(issuer, tenantDomain);
PublicKey publicKey = publicKeyHolder.get(issuerAlias);
if (publicKey == null) { if (publicKey == null) {
loadTenantRegistry(tenantId); loadTenantRegistry(tenantId);
KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId); KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId);
if (MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) { if (MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
String defaultPublicKey = properties.getProperty("DefaultPublicKey"); String alias = properties.getProperty(issuer);
if (defaultPublicKey != null && !defaultPublicKey.isEmpty()) { if (alias != null && !alias.isEmpty()) {
boolean isDefaultPublicKey = Boolean.parseBoolean(defaultPublicKey); ServerConfiguration serverConfig = CarbonUtils.getServerConfiguration();
if (isDefaultPublicKey) { KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
publicKey = keyStoreManager.getDefaultPublicKey(); String trustStorePath = serverConfig.getFirstProperty(DEFAULT_TRUST_STORE_LOCATION);
} else { String trustStorePassword = serverConfig.getFirstProperty(
String alias = properties.getProperty("KeyAlias"); DEFAULT_TRUST_STORE_PASSWORD);
if (alias != null && !alias.isEmpty()) { keyStore.load(new FileInputStream(trustStorePath), trustStorePassword.toCharArray());
ServerConfiguration serverConfig = CarbonUtils.getServerConfiguration(); publicKey = keyStore.getCertificate(alias).getPublicKey();
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
String trustStorePath = serverConfig.getFirstProperty(DEFAULT_TRUST_STORE_LOCATION);
String trustStorePassword = serverConfig.getFirstProperty(
DEFAULT_TRUST_STORE_PASSWORD);
keyStore.load(new FileInputStream(trustStorePath), trustStorePassword.toCharArray());
publicKey = keyStore.getCertificate(alias).getPublicKey();
} else {
authenticationInfo.setStatus(Status.FAILURE);
return authenticationInfo;
}
}
} else { } else {
publicKey = keyStoreManager.getDefaultPublicKey(); authenticationInfo.setStatus(Status.FAILURE);
return authenticationInfo;
} }
} else { } else {
String ksName = tenantDomain.trim().replace('.', '-'); String ksName = tenantDomain.trim().replace('.', '-');
String jksName = ksName + ".jks"; String jksName = ksName + ".jks";
publicKey = keyStoreManager.getKeyStore(jksName).getCertificate(tenantDomain).getPublicKey(); publicKey = keyStoreManager.getKeyStore(jksName).getCertificate(tenantDomain).getPublicKey();
} }
if (publicKey != null) { if (publicKey != null) {
publicKeyHolder.put(tenantDomain, publicKey); issuerAlias = new IssuerAlias(tenantDomain);
publicKeyHolder.put(issuerAlias, publicKey);
} }
} }
@ -205,4 +196,34 @@ public class JWTAuthenticator implements WebappAuthenticator {
} }
return this.properties.getProperty(name); return this.properties.getProperty(name);
} }
private class IssuerAlias {
private String issuer;
private String tenantDomain;
private final String DEFAULT_ISSUER = "default";
public IssuerAlias(String tenantDomain) {
this.issuer = DEFAULT_ISSUER;
this.tenantDomain = tenantDomain;
}
public IssuerAlias(String issuer, String tenantDomain) {
this.issuer = issuer;
this.tenantDomain = tenantDomain;
}
@Override
public int hashCode() {
int result = this.issuer.hashCode();
result = 31 * result + ("@" + this.tenantDomain).hashCode();
return result;
}
@Override
public boolean equals(Object obj) {
return (obj instanceof IssuerAlias) && issuer.equals(
((IssuerAlias) obj).issuer) && tenantDomain == ((IssuerAlias) obj).tenantDomain;
}
}
} }

@ -122,6 +122,9 @@
<bundleDef> <bundleDef>
org.wso2.carbon.devicemgt:org.wso2.carbon.device.mgt.common:${carbon.device.mgt.version} org.wso2.carbon.devicemgt:org.wso2.carbon.device.mgt.common:${carbon.device.mgt.version}
</bundleDef> </bundleDef>
<bundleDef>
org.wso2.carbon.devicemgt:org.wso2.carbon.device.mgt.url.printer:${carbon.device.mgt.version}
</bundleDef>
<!--<bundleDef>--> <!--<bundleDef>-->
<!--org.wso2.carbon.commons:org.wso2.carbon.email.verification--> <!--org.wso2.carbon.commons:org.wso2.carbon.email.verification-->
<!--</bundleDef>--> <!--</bundleDef>-->

@ -17,13 +17,13 @@
# #
#issuer of the JWT #issuer of the JWT
iss=iot_default iss=wso2.org/products/iot
TokenEndpoint=https://localhost:${carbon.https.port}/oauth2/token TokenEndpoint=https://${iot.keymanager.host}:${iot.keymanager.https.port}/oauth2/token
#audience of JWT claim #audience of JWT claim
#comma seperated values #comma seperated values
aud=wso2.org/products/iot aud=devicemgt
#expiration time of JWT (number of minutes from the current time) #expiration time of JWT (number of minutes from the current time)
exp=1000 exp=1000

@ -20,9 +20,9 @@
<Name>JWT</Name> <Name>JWT</Name>
<ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.JWTAuthenticator</ClassName> <ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.JWTAuthenticator</ClassName>
<Parameters> <Parameters>
<Parameter Name="DefaultPublicKey">true</Parameter> <!--Issuers list and corresponding cert alias-->
<!--KeyAlias is alias of the certificate that is used to sign the JWT token--> <Parameter Name="wso2.org/products/am">wso2carbon</Parameter>
<!-- <Parameter Name="KeyAlias"></Parameter> --> <Parameter Name="wso2.org/products/iot">wso2carbon</Parameter>
</Parameters> </Parameters>
</Authenticator> </Authenticator>
<Authenticator> <Authenticator>

Loading…
Cancel
Save