few changes after testing the cluster

merge-requests/7/head
ayyoob 8 years ago
parent 0d721a226b
commit de957bec29

@ -59,7 +59,7 @@
<Bundle-Name>${project.artifactId}</Bundle-Name>
<Bundle-Version>${carbon.device.mgt.version}</Bundle-Version>
<Bundle-Description>IoT Server Impl Bundle</Bundle-Description>
<Private-Package>org.wso2.carbon.device.mgt.iot.url.printer.internal</Private-Package>
<Private-Package>org.wso2.carbon.device.mgt.url.printer.internal</Private-Package>
<Import-Package>
org.osgi.framework,
org.osgi.service.component,
@ -69,8 +69,8 @@
org.wso2.carbon.utils.*,
</Import-Package>
<Export-Package>
!org.wso2.carbon.device.mgt.iot.url.printer.internal,
org.wso2.carbon.device.mgt.iot.url.printer.*;version="${project.version}"
!org.wso2.carbon.device.mgt.url.printer.internal,
org.wso2.carbon.device.mgt.url.printer.*;version="${project.version}"
</Export-Package>
</instructions>
</configuration>

@ -62,7 +62,7 @@ public class JWTAuthenticator implements WebappAuthenticator {
private static final String DEFAULT_TRUST_STORE_LOCATION = "Security.TrustStore.Location";
private static final String DEFAULT_TRUST_STORE_PASSWORD = "Security.TrustStore.Password";
private static final Map<String, PublicKey> publicKeyHolder = new HashMap<>();
private static final Map<IssuerAlias, PublicKey> publicKeyHolder = new HashMap<>();
private Properties properties;
private static void loadTenantRegistry(int tenantId) throws RegistryException {
@ -106,21 +106,17 @@ public class JWTAuthenticator implements WebappAuthenticator {
String username = jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_USERNAME);
String tenantDomain = MultitenantUtils.getTenantDomain(username);
int tenantId = Integer.parseInt(jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_TENANT_ID));
String issuer = jwsObject.getJWTClaimsSet().getIssuer();
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain);
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(tenantId);
PublicKey publicKey = publicKeyHolder.get(tenantDomain);
IssuerAlias issuerAlias = new IssuerAlias(issuer, tenantDomain);
PublicKey publicKey = publicKeyHolder.get(issuerAlias);
if (publicKey == null) {
loadTenantRegistry(tenantId);
KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId);
if (MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
String defaultPublicKey = properties.getProperty("DefaultPublicKey");
if (defaultPublicKey != null && !defaultPublicKey.isEmpty()) {
boolean isDefaultPublicKey = Boolean.parseBoolean(defaultPublicKey);
if (isDefaultPublicKey) {
publicKey = keyStoreManager.getDefaultPublicKey();
} else {
String alias = properties.getProperty("KeyAlias");
String alias = properties.getProperty(issuer);
if (alias != null && !alias.isEmpty()) {
ServerConfiguration serverConfig = CarbonUtils.getServerConfiguration();
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
@ -133,19 +129,14 @@ public class JWTAuthenticator implements WebappAuthenticator {
authenticationInfo.setStatus(Status.FAILURE);
return authenticationInfo;
}
}
} else {
publicKey = keyStoreManager.getDefaultPublicKey();
}
} else {
String ksName = tenantDomain.trim().replace('.', '-');
String jksName = ksName + ".jks";
publicKey = keyStoreManager.getKeyStore(jksName).getCertificate(tenantDomain).getPublicKey();
}
if (publicKey != null) {
publicKeyHolder.put(tenantDomain, publicKey);
issuerAlias = new IssuerAlias(tenantDomain);
publicKeyHolder.put(issuerAlias, publicKey);
}
}
@ -205,4 +196,34 @@ public class JWTAuthenticator implements WebappAuthenticator {
}
return this.properties.getProperty(name);
}
private class IssuerAlias {
private String issuer;
private String tenantDomain;
private final String DEFAULT_ISSUER = "default";
public IssuerAlias(String tenantDomain) {
this.issuer = DEFAULT_ISSUER;
this.tenantDomain = tenantDomain;
}
public IssuerAlias(String issuer, String tenantDomain) {
this.issuer = issuer;
this.tenantDomain = tenantDomain;
}
@Override
public int hashCode() {
int result = this.issuer.hashCode();
result = 31 * result + ("@" + this.tenantDomain).hashCode();
return result;
}
@Override
public boolean equals(Object obj) {
return (obj instanceof IssuerAlias) && issuer.equals(
((IssuerAlias) obj).issuer) && tenantDomain == ((IssuerAlias) obj).tenantDomain;
}
}
}

@ -122,6 +122,9 @@
<bundleDef>
org.wso2.carbon.devicemgt:org.wso2.carbon.device.mgt.common:${carbon.device.mgt.version}
</bundleDef>
<bundleDef>
org.wso2.carbon.devicemgt:org.wso2.carbon.device.mgt.url.printer:${carbon.device.mgt.version}
</bundleDef>
<!--<bundleDef>-->
<!--org.wso2.carbon.commons:org.wso2.carbon.email.verification-->
<!--</bundleDef>-->

@ -17,13 +17,13 @@
#
#issuer of the JWT
iss=iot_default
iss=wso2.org/products/iot
TokenEndpoint=https://localhost:${carbon.https.port}/oauth2/token
TokenEndpoint=https://${iot.keymanager.host}:${iot.keymanager.https.port}/oauth2/token
#audience of JWT claim
#comma seperated values
aud=wso2.org/products/iot
aud=devicemgt
#expiration time of JWT (number of minutes from the current time)
exp=1000

@ -20,9 +20,9 @@
<Name>JWT</Name>
<ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.JWTAuthenticator</ClassName>
<Parameters>
<Parameter Name="DefaultPublicKey">true</Parameter>
<!--KeyAlias is alias of the certificate that is used to sign the JWT token-->
<!-- <Parameter Name="KeyAlias"></Parameter> -->
<!--Issuers list and corresponding cert alias-->
<Parameter Name="wso2.org/products/am">wso2carbon</Parameter>
<Parameter Name="wso2.org/products/iot">wso2carbon</Parameter>
</Parameters>
</Authenticator>
<Authenticator>

Loading…
Cancel
Save