forked from community/device-mgt-core
Fix cross-tenant api subscription issue See merge request entgra/carbon-device-mgt!905master
commit
2a5630cfb7
@ -0,0 +1,60 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||
<parent>
|
||||
<artifactId>apimgt-extensions</artifactId>
|
||||
<groupId>org.wso2.carbon.devicemgt</groupId>
|
||||
<version>5.0.11-SNAPSHOT</version>
|
||||
</parent>
|
||||
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<artifactId>org.wso2.carbon.apimgt.keymgt.extension.api</artifactId>
|
||||
<packaging>war</packaging>
|
||||
<name>WSO2 Carbon - API Key Management API</name>
|
||||
<description>This module extends the API manager's key management apis.</description>
|
||||
<url>http://wso2.org</url>
|
||||
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<artifactId>maven-compiler-plugin</artifactId>
|
||||
<configuration>
|
||||
<source>1.8</source>
|
||||
<target>1.8</target>
|
||||
</configuration>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<artifactId>maven-war-plugin</artifactId>
|
||||
<configuration>
|
||||
<packagingExcludes>WEB-INF/lib/*cxf*.jar</packagingExcludes>
|
||||
<warName>${project.artifactId}</warName>
|
||||
</configuration>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.springframework</groupId>
|
||||
<artifactId>spring-web</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.cxf</groupId>
|
||||
<artifactId>cxf-bundle-jaxrs</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.codehaus.jackson</groupId>
|
||||
<artifactId>jackson-jaxrs</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.wso2.carbon.devicemgt</groupId>
|
||||
<artifactId>org.wso2.carbon.apimgt.keymgt.extension</artifactId>
|
||||
<version>${carbon.device.mgt.version}</version>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
</project>
|
@ -0,0 +1,90 @@
|
||||
/*
|
||||
* Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
*
|
||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.apimgt.keymgt.extension.api;
|
||||
|
||||
import org.codehaus.jackson.annotate.JsonIgnoreProperties;
|
||||
|
||||
import javax.xml.bind.annotation.XmlElement;
|
||||
import javax.xml.bind.annotation.XmlRootElement;
|
||||
|
||||
@XmlRootElement
|
||||
|
||||
@JsonIgnoreProperties(ignoreUnknown = true)
|
||||
public class DCRRequest {
|
||||
@XmlElement(required = true)
|
||||
private String clientName;
|
||||
@XmlElement(required = true)
|
||||
private String owner;
|
||||
@XmlElement(required = true)
|
||||
private String grantTypes;
|
||||
@XmlElement
|
||||
private String callBackUrl;
|
||||
@XmlElement(required = true)
|
||||
private String[] tags;
|
||||
@XmlElement
|
||||
private boolean isSaasApp;
|
||||
|
||||
public String getClientName() {
|
||||
return clientName;
|
||||
}
|
||||
|
||||
public void setClientName(String clientName) {
|
||||
this.clientName = clientName;
|
||||
}
|
||||
|
||||
public String getOwner() {
|
||||
return owner;
|
||||
}
|
||||
|
||||
public void setOwner(String owner) {
|
||||
this.owner = owner;
|
||||
}
|
||||
|
||||
public String getGrantTypes() {
|
||||
return grantTypes;
|
||||
}
|
||||
|
||||
public void setGrantTypes(String grantTypes) {
|
||||
this.grantTypes = grantTypes;
|
||||
}
|
||||
|
||||
public String getCallBackUrl() {
|
||||
return callBackUrl;
|
||||
}
|
||||
|
||||
public void setCallBackUrl(String callBackUrl) {
|
||||
this.callBackUrl = callBackUrl;
|
||||
}
|
||||
|
||||
public String[] getTags() {
|
||||
return tags;
|
||||
}
|
||||
|
||||
public void setTags(String[] tags) {
|
||||
this.tags = tags;
|
||||
}
|
||||
|
||||
public boolean getIsSaasApp() {
|
||||
return isSaasApp;
|
||||
}
|
||||
|
||||
public void setIsSaasApp(boolean saasApp) {
|
||||
isSaasApp = saasApp;
|
||||
}
|
||||
}
|
@ -0,0 +1,46 @@
|
||||
/*
|
||||
* Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
*
|
||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.apimgt.keymgt.extension.api;
|
||||
|
||||
import javax.ws.rs.Consumes;
|
||||
import javax.ws.rs.FormParam;
|
||||
import javax.ws.rs.POST;
|
||||
import javax.ws.rs.Path;
|
||||
import javax.ws.rs.Produces;
|
||||
import javax.ws.rs.core.MediaType;
|
||||
import javax.ws.rs.core.Response;
|
||||
|
||||
public interface KeyManagerService {
|
||||
|
||||
@POST
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
@Consumes(MediaType.APPLICATION_JSON)
|
||||
@Path("/dynamic-client-registration")
|
||||
Response dynamicClientRegistration(DCRRequest request);
|
||||
|
||||
@POST
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
|
||||
@Path("/token")
|
||||
Response generateAccessToken(@FormParam("client_id") String clientId,
|
||||
@FormParam("client_secret") String clientSecret,
|
||||
@FormParam("refresh_token") String refreshToken,
|
||||
@FormParam("scope") String scope,
|
||||
@FormParam("grant_type") String grantType);
|
||||
}
|
@ -0,0 +1,77 @@
|
||||
/*
|
||||
* Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
*
|
||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.apimgt.keymgt.extension.api;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.wso2.carbon.apimgt.keymgt.extension.DCRResponse;
|
||||
import org.wso2.carbon.apimgt.keymgt.extension.TokenRequest;
|
||||
import org.wso2.carbon.apimgt.keymgt.extension.TokenResponse;
|
||||
import org.wso2.carbon.apimgt.keymgt.extension.exception.BadRequestException;
|
||||
import org.wso2.carbon.apimgt.keymgt.extension.exception.KeyMgtException;
|
||||
import org.wso2.carbon.apimgt.keymgt.extension.service.KeyMgtService;
|
||||
import org.wso2.carbon.apimgt.keymgt.extension.service.KeyMgtServiceImpl;
|
||||
|
||||
import javax.ws.rs.Consumes;
|
||||
import javax.ws.rs.FormParam;
|
||||
import javax.ws.rs.POST;
|
||||
import javax.ws.rs.Path;
|
||||
import javax.ws.rs.Produces;
|
||||
import javax.ws.rs.core.MediaType;
|
||||
import javax.ws.rs.core.Response;
|
||||
|
||||
public class KeyManagerServiceImpl implements KeyManagerService {
|
||||
|
||||
@Override
|
||||
@POST
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
@Consumes(MediaType.APPLICATION_JSON)
|
||||
@Path("/dynamic-client-registration")
|
||||
public Response dynamicClientRegistration(DCRRequest dcrRequest) {
|
||||
try {
|
||||
KeyMgtService keyMgtService = new KeyMgtServiceImpl();
|
||||
DCRResponse resp = keyMgtService.dynamicClientRegistration(dcrRequest.getClientName(), dcrRequest.getOwner(),
|
||||
dcrRequest.getGrantTypes(), dcrRequest.getCallBackUrl(), dcrRequest.getTags(), dcrRequest.getIsSaasApp());
|
||||
return Response.status(Response.Status.CREATED).entity(resp).build();
|
||||
} catch (KeyMgtException e) {
|
||||
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build();
|
||||
}
|
||||
}
|
||||
|
||||
@POST
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
|
||||
@Path("/token")
|
||||
public Response generateAccessToken(@FormParam("client_id") String clientId,
|
||||
@FormParam("client_secret") String clientSecret,
|
||||
@FormParam("refresh_token") String refreshToken,
|
||||
@FormParam("scope") String scope,
|
||||
@FormParam("grant_type") String grantType) {
|
||||
try {
|
||||
KeyMgtService keyMgtService = new KeyMgtServiceImpl();
|
||||
TokenResponse resp = keyMgtService.generateAccessToken(
|
||||
new TokenRequest(clientId, clientSecret, refreshToken, scope, grantType));
|
||||
return Response.status(Response.Status.CREATED).entity(resp).build();
|
||||
} catch (KeyMgtException e) {
|
||||
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build();
|
||||
} catch (BadRequestException e) {
|
||||
return Response.status(Response.Status.BAD_REQUEST).entity(e.getMessage()).build();
|
||||
}
|
||||
}
|
||||
}
|
@ -0,0 +1,32 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright (c) 2019, Entgra (pvt) Ltd. (http://entgra.io) All Rights Reserved.
|
||||
~
|
||||
~ Entgra (pvt) Ltd. licenses this file to you under the Apache License,
|
||||
~ Version 2.0 (the "License"); you may not use this file except
|
||||
~ in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing,
|
||||
~ software distributed under the License is distributed on an
|
||||
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
~ KIND, either express or implied. See the License for the
|
||||
~ specific language governing permissions and limitations
|
||||
~ under the License.
|
||||
-->
|
||||
|
||||
<!-- This file contains the list of permissions that are associated with URL end points
|
||||
of the web app. Each permission should contain the name, permission path ,API path
|
||||
(URL) , HTTP method and OAUTH2 authorization scope (not-required).
|
||||
When defining dynamic paths for APIs, path variables are denoted by '*' notation.
|
||||
For ex:
|
||||
Actual API endpoint: devicemgt_admin/1.0.0/devices/{device-id}
|
||||
URL to be represented here: /devices/*
|
||||
NOTE: All the endpoints of the web app should be available in this file. Otherwise
|
||||
it will result 403 error at the runtime.
|
||||
-->
|
||||
<PermissionConfiguration>
|
||||
<APIVersion></APIVersion>
|
||||
</PermissionConfiguration>
|
@ -0,0 +1,35 @@
|
||||
<?xml version="1.0" encoding="ISO-8859-1"?>
|
||||
|
||||
<!--
|
||||
* Copyright (c) 2019, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
*
|
||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
-->
|
||||
|
||||
<!--
|
||||
This file defines class loading policy of the whole container. But this behaviour can be overridden by individual webapps by putting this file into the META-INF/ directory.
|
||||
-->
|
||||
<Classloading xmlns="http://wso2.org/projects/as/classloading">
|
||||
|
||||
<!-- Parent-first or child-first. Default behaviour is child-first.-->
|
||||
<ParentFirst>false</ParentFirst>
|
||||
|
||||
<!--
|
||||
Default environments that contains provides to all the webapps. This can be overridden by individual webapps by specifing required environments
|
||||
Tomcat environment is the default and every webapps gets it even if they didn't specify it.
|
||||
e.g. If a webapps requires CXF, they will get both Tomcat and CXF.
|
||||
-->
|
||||
<Environments>CXF3,Carbon</Environments>
|
||||
</Classloading>
|
@ -0,0 +1,37 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
~
|
||||
~ Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
~ Version 2.0 (the "License"); you may not use this file except
|
||||
~ in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing,
|
||||
~ software distributed under the License is distributed on an
|
||||
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
~ KIND, either express or implied. See the License for the
|
||||
~ specific language governing permissions and limitations
|
||||
~ under the License.
|
||||
-->
|
||||
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:jaxrs="http://cxf.apache.org/jaxrs" xmlns:cxf="http://cxf.apache.org/core"
|
||||
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
|
||||
http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd">
|
||||
|
||||
<jaxrs:server id="services" address="/">
|
||||
<jaxrs:serviceBeans>
|
||||
<ref bean="keyManagerService"/>
|
||||
</jaxrs:serviceBeans>
|
||||
<jaxrs:providers>
|
||||
<bean class="org.codehaus.jackson.jaxrs.JacksonJsonProvider"/>
|
||||
</jaxrs:providers>
|
||||
</jaxrs:server>
|
||||
|
||||
<bean id="keyManagerService" class="org.wso2.carbon.apimgt.keymgt.extension.api.KeyManagerServiceImpl"/>
|
||||
|
||||
</beans>
|
@ -0,0 +1,109 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!--
|
||||
~ Copyright (c) 2021, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
~
|
||||
~ Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
~ Version 2.0 (the "License"); you may not use this file except
|
||||
~ in compliance with the License.
|
||||
~ You may obtain a copy of the License at
|
||||
~
|
||||
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||
~
|
||||
~ Unless required by applicable law or agreed to in writing,
|
||||
~ software distributed under the License is distributed on an
|
||||
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
~ KIND, either express or implied. See the License for the
|
||||
~ specific language governing permissions and limitations
|
||||
~ under the License.
|
||||
-->
|
||||
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5">
|
||||
<display-name>Grafana-API-Proxy-Webapp</display-name>
|
||||
<servlet>
|
||||
<description>JAX-WS/JAX-RS Grafana API Management Endpoint</description>
|
||||
<display-name>JAX-WS/JAX-RS Servlet</display-name>
|
||||
<servlet-name>CXFServlet</servlet-name>
|
||||
<servlet-class>
|
||||
org.apache.cxf.transport.servlet.CXFServlet
|
||||
</servlet-class>
|
||||
<!-- configure a security filter -->
|
||||
<init-param>
|
||||
<param-name>swagger.security.filter</param-name>
|
||||
<param-value>ApiAuthorizationFilterImpl</param-value>
|
||||
</init-param>
|
||||
<load-on-startup>1</load-on-startup>
|
||||
</servlet>
|
||||
<servlet-mapping>
|
||||
<servlet-name>CXFServlet</servlet-name>
|
||||
<url-pattern>/*</url-pattern>
|
||||
</servlet-mapping>
|
||||
<session-config>
|
||||
<session-timeout>60</session-timeout>
|
||||
</session-config>
|
||||
|
||||
<context-param>
|
||||
<param-name>doAuthentication</param-name>
|
||||
<param-value>false</param-value>
|
||||
</context-param>
|
||||
<context-param>
|
||||
<param-name>basicAuth</param-name>
|
||||
<param-value>false</param-value>
|
||||
</context-param>
|
||||
|
||||
<context-param>
|
||||
<param-name>nonSecuredEndPoints</param-name>
|
||||
<param-value>
|
||||
/keymgt-test-api/.*,
|
||||
</param-value>
|
||||
</context-param>
|
||||
|
||||
<!--publish to apim-->
|
||||
<context-param>
|
||||
<param-name>managed-api-enabled</param-name>
|
||||
<param-value>true</param-value>
|
||||
</context-param>
|
||||
<context-param>
|
||||
<param-name>managed-api-owner</param-name>
|
||||
<param-value>admin</param-value>
|
||||
</context-param>
|
||||
<context-param>
|
||||
<param-name>isSharedWithAllTenants</param-name>
|
||||
<param-value>true</param-value>
|
||||
</context-param>
|
||||
|
||||
<filter>
|
||||
<filter-name>HttpHeaderSecurityFilter</filter-name>
|
||||
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
|
||||
<init-param>
|
||||
<param-name>hstsEnabled</param-name>
|
||||
<param-value>false</param-value>
|
||||
</init-param>
|
||||
</filter>
|
||||
|
||||
<filter>
|
||||
<filter-name>ContentTypeBasedCachePreventionFilter</filter-name>
|
||||
<filter-class>org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter</filter-class>
|
||||
<init-param>
|
||||
<param-name>patterns</param-name>
|
||||
<param-value>text/html" ,application/json" ,text/plain</param-value>
|
||||
</init-param>
|
||||
<init-param>
|
||||
<param-name>filterAction</param-name>
|
||||
<param-value>enforce</param-value>
|
||||
</init-param>
|
||||
<init-param>
|
||||
<param-name>httpHeaders</param-name>
|
||||
<param-value>Cache-Control: no-store, no-cache, must-revalidate, private</param-value>
|
||||
</init-param>
|
||||
</filter>
|
||||
|
||||
<filter-mapping>
|
||||
<filter-name>HttpHeaderSecurityFilter</filter-name>
|
||||
<url-pattern>/*</url-pattern>
|
||||
</filter-mapping>
|
||||
|
||||
<filter-mapping>
|
||||
<filter-name>ContentTypeBasedCachePreventionFilter</filter-name>
|
||||
<url-pattern>/*</url-pattern>
|
||||
</filter-mapping>
|
||||
|
||||
</web-app>
|
@ -0,0 +1,49 @@
|
||||
/*
|
||||
* Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
*
|
||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.apimgt.keymgt.extension;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.wso2.carbon.apimgt.api.APIManagementException;
|
||||
import org.wso2.carbon.apimgt.api.model.AccessTokenInfo;
|
||||
import org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl;
|
||||
|
||||
public class CustomKeyManager extends AMDefaultKeyManagerImpl {
|
||||
private static final Log log = LogFactory.getLog(CustomKeyManager.class);
|
||||
|
||||
/**
|
||||
* This is used to get the metadata of the access token.
|
||||
*
|
||||
* @param accessToken AccessToken.
|
||||
* @return The meta data details of access token.
|
||||
* @throws APIManagementException This is the custom exception class for API management.
|
||||
*/
|
||||
@Override
|
||||
public AccessTokenInfo getTokenMetaData(String accessToken) throws APIManagementException {
|
||||
log.debug("Access Token With Prefix : "+accessToken);
|
||||
String accessTokenWithoutPrefix = accessToken.substring(accessToken.indexOf("_")+1);
|
||||
log.debug("Access Token WithOut Prefix : "+accessTokenWithoutPrefix);
|
||||
return super.getTokenMetaData(accessTokenWithoutPrefix);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getType() {
|
||||
return KeyMgtConstants.CUSTOM_TYPE;
|
||||
}
|
||||
}
|
@ -0,0 +1,45 @@
|
||||
/*
|
||||
* Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
*
|
||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.apimgt.keymgt.extension;
|
||||
|
||||
public class DCRResponse {
|
||||
String clientId;
|
||||
String clientSecret;
|
||||
|
||||
public DCRResponse(String clientId, String clientSecret) {
|
||||
this.clientId = clientId;
|
||||
this.clientSecret = clientSecret;
|
||||
}
|
||||
|
||||
public String getClientId() {
|
||||
return clientId;
|
||||
}
|
||||
|
||||
public void setClientId(String clientId) {
|
||||
this.clientId = clientId;
|
||||
}
|
||||
|
||||
public String getClientSecret() {
|
||||
return clientSecret;
|
||||
}
|
||||
|
||||
public void setClientSecret(String clientSecret) {
|
||||
this.clientSecret = clientSecret;
|
||||
}
|
||||
}
|
@ -0,0 +1,73 @@
|
||||
/*
|
||||
* Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
*
|
||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.apimgt.keymgt.extension;
|
||||
|
||||
import org.wso2.carbon.apimgt.api.model.ConfigurationDto;
|
||||
import org.wso2.carbon.apimgt.impl.APIConstants;
|
||||
import org.wso2.carbon.apimgt.impl.DefaultKeyManagerConnectorConfiguration;
|
||||
import org.wso2.carbon.apimgt.impl.jwt.JWTValidatorImpl;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* @scr.component name="org.wso2.carbon.apimgt.keymgt.extension.customKeyManagerConfigComponent" immediate="true"
|
||||
*/
|
||||
public class KeyManagerConnectorConfiguration extends DefaultKeyManagerConnectorConfiguration {
|
||||
|
||||
@Override
|
||||
public String getImplementation() {
|
||||
return CustomKeyManager.class.getName();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getJWTValidator() {
|
||||
return JWTValidatorImpl.class.getName();
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<ConfigurationDto> getApplicationConfigurations() {
|
||||
return super.getApplicationConfigurations();
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getType() {
|
||||
return KeyMgtConstants.CUSTOM_TYPE;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getDefaultScopesClaim() {
|
||||
return APIConstants.JwtTokenConstants.SCOPE;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getDefaultConsumerKeyClaim() {
|
||||
return APIConstants.JwtTokenConstants.AUTHORIZED_PARTY;
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<ConfigurationDto> getConnectionConfigurations() {
|
||||
List<ConfigurationDto> configurationDtoList = new ArrayList<>();
|
||||
configurationDtoList.add(new ConfigurationDto("Username", "Username", "input", "Username of admin user", "", true, false, Collections.emptyList(), false));
|
||||
configurationDtoList.add(new ConfigurationDto("Password", "Password", "input", "Password of Admin user", "", true, true, Collections.emptyList(), false));
|
||||
configurationDtoList.addAll(super.getConnectionConfigurations());
|
||||
return configurationDtoList;
|
||||
}
|
||||
}
|
@ -0,0 +1,333 @@
|
||||
/*
|
||||
* Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
*
|
||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.apimgt.keymgt.extension;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
public class KeyManagerPayload {
|
||||
private String name;
|
||||
private String displayName;
|
||||
private String type;
|
||||
private String description;
|
||||
private String wellKnownEndpoint;
|
||||
private String introspectionEndpoint;
|
||||
private String clientRegistrationEndpoint;
|
||||
private String tokenEndpoint;
|
||||
private String displayTokenEndpoint;
|
||||
private String revokeEndpoint;
|
||||
private String displayRevokeEndpoint;
|
||||
private String userInfoEndpoint;
|
||||
private String authorizeEndpoint;
|
||||
private Map<String, String> certificates;
|
||||
private String issuer;
|
||||
private String scopeManagementEndpoint;
|
||||
private List<String> availableGrantTypes;
|
||||
private boolean enableTokenGeneration;
|
||||
private boolean enableTokenEncryption;
|
||||
private boolean enableTokenHashing;
|
||||
private boolean enableMapOAuthConsumerApps;
|
||||
private boolean enableOAuthAppCreation;
|
||||
private boolean enableSelfValidationJWT;
|
||||
private List<String> claimMapping;
|
||||
private String consumerKeyClaim;
|
||||
private String scopesClaim;
|
||||
private List<Map<String, String>> tokenValidation;
|
||||
private boolean enabled;
|
||||
private Map<String, Object> additionalProperties;
|
||||
|
||||
public KeyManagerPayload(String domainName, int tenantId, String serverUrl, String name,
|
||||
List<String> availableGrantTypes, Map<String, Object> additionalProperties) {
|
||||
this.name = name;
|
||||
this.displayName = name;
|
||||
this.type = KeyMgtConstants.CUSTOM_TYPE;
|
||||
this.description = "Custom Key Manager";
|
||||
this.wellKnownEndpoint = null;
|
||||
this.introspectionEndpoint = serverUrl + KeyMgtConstants.INTROSPECT_ENDPOINT;
|
||||
this.clientRegistrationEndpoint = serverUrl + "/t/" + domainName + KeyMgtConstants.CLIENT_REGISTRATION_ENDPOINT;
|
||||
this.tokenEndpoint = serverUrl + KeyMgtConstants.OAUTH2_TOKEN_ENDPOINT;
|
||||
this.displayTokenEndpoint = serverUrl + KeyMgtConstants.OAUTH2_TOKEN_ENDPOINT;
|
||||
this.revokeEndpoint = serverUrl + KeyMgtConstants.REVOKE_ENDPOINT;
|
||||
this.displayRevokeEndpoint = serverUrl + KeyMgtConstants.REVOKE_ENDPOINT;
|
||||
this.userInfoEndpoint = serverUrl + KeyMgtConstants.USER_INFO_ENDPOINT;
|
||||
this.authorizeEndpoint = serverUrl + KeyMgtConstants.AUTHORIZE_ENDPOINT;
|
||||
|
||||
Map<String, String> certificates = new HashMap<>();
|
||||
certificates.put("type", "JWKS");
|
||||
certificates.put("value", serverUrl + "/t/" + domainName + KeyMgtConstants.JWKS_ENDPOINT);
|
||||
this.certificates = certificates;
|
||||
|
||||
this.issuer = serverUrl + "/t/" + domainName + KeyMgtConstants.OAUTH2_TOKEN_ENDPOINT;
|
||||
this.scopeManagementEndpoint = serverUrl + "/t/" + domainName + KeyMgtConstants.SCOPE_MANAGEMENT_ENDPOINT;
|
||||
this.availableGrantTypes = availableGrantTypes;
|
||||
this.enableTokenGeneration = true;
|
||||
this.enableTokenEncryption = false;
|
||||
this.enableTokenHashing = false;
|
||||
this.enableMapOAuthConsumerApps = true;
|
||||
this.enableOAuthAppCreation = true;
|
||||
this.enableSelfValidationJWT = true;
|
||||
this.claimMapping = new ArrayList<>();
|
||||
this.consumerKeyClaim = KeyMgtConstants.CONSUMER_KEY_CLAIM;
|
||||
this.scopesClaim = KeyMgtConstants.SCOPE_CLAIM;
|
||||
|
||||
List<Map<String, String>> tokenValidationList = new ArrayList<>();
|
||||
Map<String, String> tokenValidation = new HashMap<>();
|
||||
tokenValidation.put("type", KeyMgtConstants.REFERENCE);
|
||||
tokenValidation.put("value", KeyMgtConstants.TOKEN_REGEX.replaceAll("<<tenantId>>", String.valueOf(tenantId)));
|
||||
tokenValidationList.add(tokenValidation);
|
||||
this.tokenValidation = tokenValidationList;
|
||||
|
||||
this.enabled = true;
|
||||
this.additionalProperties = additionalProperties;
|
||||
}
|
||||
|
||||
public String getName() {
|
||||
return name;
|
||||
}
|
||||
|
||||
public void setName(String name) {
|
||||
this.name = name;
|
||||
}
|
||||
|
||||
public String getDisplayName() {
|
||||
return displayName;
|
||||
}
|
||||
|
||||
public void setDisplayName(String displayName) {
|
||||
this.displayName = displayName;
|
||||
}
|
||||
|
||||
public String getType() {
|
||||
return type;
|
||||
}
|
||||
|
||||
public void setType(String type) {
|
||||
this.type = type;
|
||||
}
|
||||
|
||||
public String getDescription() {
|
||||
return description;
|
||||
}
|
||||
|
||||
public void setDescription(String description) {
|
||||
this.description = description;
|
||||
}
|
||||
|
||||
public String getWellKnownEndpoint() {
|
||||
return wellKnownEndpoint;
|
||||
}
|
||||
|
||||
public void setWellKnownEndpoint(String wellKnownEndpoint) {
|
||||
this.wellKnownEndpoint = wellKnownEndpoint;
|
||||
}
|
||||
|
||||
public String getIntrospectionEndpoint() {
|
||||
return introspectionEndpoint;
|
||||
}
|
||||
|
||||
public void setIntrospectionEndpoint(String introspectionEndpoint) {
|
||||
this.introspectionEndpoint = introspectionEndpoint;
|
||||
}
|
||||
|
||||
public String getClientRegistrationEndpoint() {
|
||||
return clientRegistrationEndpoint;
|
||||
}
|
||||
|
||||
public void setClientRegistrationEndpoint(String clientRegistrationEndpoint) {
|
||||
this.clientRegistrationEndpoint = clientRegistrationEndpoint;
|
||||
}
|
||||
|
||||
public String getTokenEndpoint() {
|
||||
return tokenEndpoint;
|
||||
}
|
||||
|
||||
public void setTokenEndpoint(String tokenEndpoint) {
|
||||
this.tokenEndpoint = tokenEndpoint;
|
||||
}
|
||||
|
||||
public String getDisplayTokenEndpoint() {
|
||||
return displayTokenEndpoint;
|
||||
}
|
||||
|
||||
public void setDisplayTokenEndpoint(String displayTokenEndpoint) {
|
||||
this.displayTokenEndpoint = displayTokenEndpoint;
|
||||
}
|
||||
|
||||
public String getRevokeEndpoint() {
|
||||
return revokeEndpoint;
|
||||
}
|
||||
|
||||
public void setRevokeEndpoint(String revokeEndpoint) {
|
||||
this.revokeEndpoint = revokeEndpoint;
|
||||
}
|
||||
|
||||
public String getDisplayRevokeEndpoint() {
|
||||
return displayRevokeEndpoint;
|
||||
}
|
||||
|
||||
public void setDisplayRevokeEndpoint(String displayRevokeEndpoint) {
|
||||
this.displayRevokeEndpoint = displayRevokeEndpoint;
|
||||
}
|
||||
|
||||
public String getUserInfoEndpoint() {
|
||||
return userInfoEndpoint;
|
||||
}
|
||||
|
||||
public void setUserInfoEndpoint(String userInfoEndpoint) {
|
||||
this.userInfoEndpoint = userInfoEndpoint;
|
||||
}
|
||||
|
||||
public String getAuthorizeEndpoint() {
|
||||
return authorizeEndpoint;
|
||||
}
|
||||
|
||||
public void setAuthorizeEndpoint(String authorizeEndpoint) {
|
||||
this.authorizeEndpoint = authorizeEndpoint;
|
||||
}
|
||||
|
||||
public Map<String, String> getCertificates() {
|
||||
return certificates;
|
||||
}
|
||||
|
||||
public void setCertificates(Map<String, String> certificates) {
|
||||
this.certificates = certificates;
|
||||
}
|
||||
|
||||
public String getIssuer() {
|
||||
return issuer;
|
||||
}
|
||||
|
||||
public void setIssuer(String issuer) {
|
||||
this.issuer = issuer;
|
||||
}
|
||||
|
||||
public String getScopeManagementEndpoint() {
|
||||
return scopeManagementEndpoint;
|
||||
}
|
||||
|
||||
public void setScopeManagementEndpoint(String scopeManagementEndpoint) {
|
||||
this.scopeManagementEndpoint = scopeManagementEndpoint;
|
||||
}
|
||||
|
||||
public List<String> getAvailableGrantTypes() {
|
||||
return availableGrantTypes;
|
||||
}
|
||||
|
||||
public void setAvailableGrantTypes(List<String> availableGrantTypes) {
|
||||
this.availableGrantTypes = availableGrantTypes;
|
||||
}
|
||||
|
||||
public boolean isEnableTokenGeneration() {
|
||||
return enableTokenGeneration;
|
||||
}
|
||||
|
||||
public void setEnableTokenGeneration(boolean enableTokenGeneration) {
|
||||
this.enableTokenGeneration = enableTokenGeneration;
|
||||
}
|
||||
|
||||
public boolean isEnableTokenEncryption() {
|
||||
return enableTokenEncryption;
|
||||
}
|
||||
|
||||
public void setEnableTokenEncryption(boolean enableTokenEncryption) {
|
||||
this.enableTokenEncryption = enableTokenEncryption;
|
||||
}
|
||||
|
||||
public boolean isEnableTokenHashing() {
|
||||
return enableTokenHashing;
|
||||
}
|
||||
|
||||
public void setEnableTokenHashing(boolean enableTokenHashing) {
|
||||
this.enableTokenHashing = enableTokenHashing;
|
||||
}
|
||||
|
||||
public boolean isEnableMapOAuthConsumerApps() {
|
||||
return enableMapOAuthConsumerApps;
|
||||
}
|
||||
|
||||
public void setEnableMapOAuthConsumerApps(boolean enableMapOAuthConsumerApps) {
|
||||
this.enableMapOAuthConsumerApps = enableMapOAuthConsumerApps;
|
||||
}
|
||||
|
||||
public boolean isEnableOAuthAppCreation() {
|
||||
return enableOAuthAppCreation;
|
||||
}
|
||||
|
||||
public void setEnableOAuthAppCreation(boolean enableOAuthAppCreation) {
|
||||
this.enableOAuthAppCreation = enableOAuthAppCreation;
|
||||
}
|
||||
|
||||
public boolean isEnableSelfValidationJWT() {
|
||||
return enableSelfValidationJWT;
|
||||
}
|
||||
|
||||
public void setEnableSelfValidationJWT(boolean enableSelfValidationJWT) {
|
||||
this.enableSelfValidationJWT = enableSelfValidationJWT;
|
||||
}
|
||||
|
||||
public List<String> getClaimMapping() {
|
||||
return claimMapping;
|
||||
}
|
||||
|
||||
public void setClaimMapping(List<String> claimMapping) {
|
||||
this.claimMapping = claimMapping;
|
||||
}
|
||||
|
||||
public String getConsumerKeyClaim() {
|
||||
return consumerKeyClaim;
|
||||
}
|
||||
|
||||
public void setConsumerKeyClaim(String consumerKeyClaim) {
|
||||
this.consumerKeyClaim = consumerKeyClaim;
|
||||
}
|
||||
|
||||
public String getScopesClaim() {
|
||||
return scopesClaim;
|
||||
}
|
||||
|
||||
public void setScopesClaim(String scopesClaim) {
|
||||
this.scopesClaim = scopesClaim;
|
||||
}
|
||||
|
||||
public List<Map<String, String>> getTokenValidation() {
|
||||
return tokenValidation;
|
||||
}
|
||||
|
||||
public void setTokenValidation(List<Map<String, String>> tokenValidation) {
|
||||
this.tokenValidation = tokenValidation;
|
||||
}
|
||||
|
||||
public boolean isEnabled() {
|
||||
return enabled;
|
||||
}
|
||||
|
||||
public void setEnabled(boolean enabled) {
|
||||
this.enabled = enabled;
|
||||
}
|
||||
|
||||
public Map<String, Object> getAdditionalProperties() {
|
||||
return additionalProperties;
|
||||
}
|
||||
|
||||
public void setAdditionalProperties(Map<String, Object> additionalProperties) {
|
||||
this.additionalProperties = additionalProperties;
|
||||
}
|
||||
}
|
@ -0,0 +1,52 @@
|
||||
/*
|
||||
* Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
*
|
||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.apimgt.keymgt.extension;
|
||||
|
||||
public class KeyMgtConstants {
|
||||
public static final String CUSTOM_TYPE = "CustomKeyManager";
|
||||
public static final String RESERVED_OAUTH_APP_NAME_PREFIX = "reserved_app_for_";
|
||||
public static final String SUPER_TENANT = "carbon.super";
|
||||
public static final String DEFAULT_ADMIN_SCOPES =
|
||||
"openid apim:admin apim:admin_operations apim:subscribe apim:app_manage apim:sub_manage";
|
||||
public static final String CLIENT_CREDENTIALS_GRANT_TYPE = "client_credentials";
|
||||
public static final String CONSUMER_KEY_CLAIM = "azp";
|
||||
public static final String SCOPE_CLAIM = "scope";
|
||||
public static final String REFERENCE = "REFERENCE";
|
||||
public static final String TOKEN_REGEX =
|
||||
"^<<tenantId>>*_[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}";
|
||||
public static final int TOKEN_VALIDITY_PERIOD = 3600;
|
||||
public static final String CUSTOM_KEY_MANAGER_NAME_PREFIX = "KM_";
|
||||
public static final String AUTHORIZATION_HEADER = "Authorization";
|
||||
public static final String X_WSO2_TENANT_HEADER = "X-WSO2-Tenant";
|
||||
|
||||
public static final String OAUTH2_TOKEN_ENDPOINT = "/oauth2/token";
|
||||
public static final String DCR_ENDPOINT = "/api-application-registration/register";
|
||||
public static final String INTROSPECT_ENDPOINT = "/oauth2/introspect";
|
||||
public static final String CLIENT_REGISTRATION_ENDPOINT = "/keymanager-operations/dcr/register";
|
||||
public static final String REVOKE_ENDPOINT = "";
|
||||
public static final String USER_INFO_ENDPOINT = "/oauth2/userInfo";
|
||||
public static final String AUTHORIZE_ENDPOINT = "/oauth2/authorize";
|
||||
public static final String SCOPE_MANAGEMENT_ENDPOINT = "/api/identity/oauth2/v1.0/scopes";
|
||||
public static final String JWKS_ENDPOINT = "/oauth2/jwks";
|
||||
public static final String CREATE_KEY_MANAGER_ENDPOINT = "/api/am/admin/v2/key-managers";
|
||||
public static final String APPLICATION_KEY_MAPPING_ENDPOINT =
|
||||
"/api/am/devportal/v2/applications/<applicationId>/map-keys";
|
||||
public static final String APPLICATION_TOKEN_ENDPOINT =
|
||||
"/api/am/devportal/v2/applications/<applicationId>/oauth-keys/<keyMappingId>/generate-token";
|
||||
}
|
@ -0,0 +1,63 @@
|
||||
/*
|
||||
* Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
*
|
||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.apimgt.keymgt.extension;
|
||||
|
||||
public class OAuthApplication {
|
||||
private String clientName;
|
||||
private String callBackUrl;
|
||||
private String client_id;
|
||||
private String client_secret;
|
||||
|
||||
public OAuthApplication(String client_id, String client_secret) {
|
||||
this.client_id = client_id;
|
||||
this.client_secret = client_secret;
|
||||
}
|
||||
|
||||
public String getClientName() {
|
||||
return clientName;
|
||||
}
|
||||
|
||||
public void setClientName(String clientName) {
|
||||
this.clientName = clientName;
|
||||
}
|
||||
|
||||
public String getClientId() {
|
||||
return client_id;
|
||||
}
|
||||
|
||||
public void setClientId(String clientId) {
|
||||
this.client_id = clientId;
|
||||
}
|
||||
|
||||
public String getClientSecret() {
|
||||
return client_secret;
|
||||
}
|
||||
|
||||
public void setClientSecret(String clientSecret) {
|
||||
this.client_secret = clientSecret;
|
||||
}
|
||||
|
||||
public String getCallBackUrl() {
|
||||
return callBackUrl;
|
||||
}
|
||||
|
||||
public void setCallBackUrl(String callBackUrl) {
|
||||
this.callBackUrl = callBackUrl;
|
||||
}
|
||||
}
|
@ -0,0 +1,75 @@
|
||||
/*
|
||||
* Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
*
|
||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.apimgt.keymgt.extension;
|
||||
|
||||
public class TokenRequest {
|
||||
private String clientId;
|
||||
private String clientSecret;
|
||||
private String refreshToken;
|
||||
private String scope;
|
||||
private String grantType;
|
||||
|
||||
public TokenRequest(String clientId, String clientSecret, String refreshToken, String scope, String grantType) {
|
||||
this.clientId = clientId;
|
||||
this.clientSecret = clientSecret;
|
||||
this.refreshToken = refreshToken;
|
||||
this.scope = scope;
|
||||
this.grantType = grantType;
|
||||
}
|
||||
|
||||
public String getClientId() {
|
||||
return clientId;
|
||||
}
|
||||
|
||||
public void setClientId(String clientId) {
|
||||
this.clientId = clientId;
|
||||
}
|
||||
|
||||
public String getClientSecret() {
|
||||
return clientSecret;
|
||||
}
|
||||
|
||||
public void setClientSecret(String clientSecret) {
|
||||
this.clientSecret = clientSecret;
|
||||
}
|
||||
|
||||
public String getScope() {
|
||||
return scope;
|
||||
}
|
||||
|
||||
public void setScope(String scope) {
|
||||
this.scope = scope;
|
||||
}
|
||||
|
||||
public String getGrantType() {
|
||||
return grantType;
|
||||
}
|
||||
|
||||
public void setGrantType(String grantType) {
|
||||
this.grantType = grantType;
|
||||
}
|
||||
|
||||
public String getRefreshToken() {
|
||||
return refreshToken;
|
||||
}
|
||||
|
||||
public void setRefreshToken(String refreshToken) {
|
||||
this.refreshToken = refreshToken;
|
||||
}
|
||||
}
|
@ -0,0 +1,75 @@
|
||||
/*
|
||||
* Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
*
|
||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.apimgt.keymgt.extension;
|
||||
|
||||
public class TokenResponse {
|
||||
private String access_token;
|
||||
private String refresh_token;
|
||||
private String scope;
|
||||
private String tokenType;
|
||||
private int expires_in;
|
||||
|
||||
public TokenResponse(String access_token, String refresh_token, String scope, String tokenType, int expires_in) {
|
||||
this.access_token = access_token;
|
||||
this.refresh_token = refresh_token;
|
||||
this.scope = scope;
|
||||
this.tokenType = tokenType;
|
||||
this.expires_in = expires_in;
|
||||
}
|
||||
|
||||
public String getAccessToken() {
|
||||
return access_token;
|
||||
}
|
||||
|
||||
public void setAccessToken(String access_token) {
|
||||
this.access_token = access_token;
|
||||
}
|
||||
|
||||
public String getRefreshToken() {
|
||||
return refresh_token;
|
||||
}
|
||||
|
||||
public void setRefreshToken(String refresh_token) {
|
||||
this.refresh_token = refresh_token;
|
||||
}
|
||||
|
||||
public String getScope() {
|
||||
return scope;
|
||||
}
|
||||
|
||||
public void setScope(String scope) {
|
||||
this.scope = scope;
|
||||
}
|
||||
|
||||
public String getTokenType() {
|
||||
return tokenType;
|
||||
}
|
||||
|
||||
public void setTokenType(String tokenType) {
|
||||
this.tokenType = tokenType;
|
||||
}
|
||||
|
||||
public int getExpiresIn() {
|
||||
return expires_in;
|
||||
}
|
||||
|
||||
public void setExpiresIn(int expires_in) {
|
||||
this.expires_in = expires_in;
|
||||
}
|
||||
}
|
@ -0,0 +1,34 @@
|
||||
/*
|
||||
*
|
||||
* * Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
* *
|
||||
* * Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
* * Version 2.0 (the "License"); you may not use this file except
|
||||
* * in compliance with the License.
|
||||
* * You may obtain a copy of the License at
|
||||
* *
|
||||
* * http://www.apache.org/licenses/LICENSE-2.0
|
||||
* *
|
||||
* * Unless required by applicable law or agreed to in writing,
|
||||
* * software distributed under the License is distributed on an
|
||||
* * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* * KIND, either express or implied. See the License for the
|
||||
* * specific language governing permissions and limitations
|
||||
* * under the License.
|
||||
*
|
||||
*
|
||||
*/
|
||||
|
||||
/**
|
||||
* Custom exception class for handling bad request exceptions.
|
||||
*/
|
||||
package org.wso2.carbon.apimgt.keymgt.extension.exception;
|
||||
|
||||
public class BadRequestException extends Exception {
|
||||
|
||||
private static final long serialVersionUID = -2387103750774855056L;
|
||||
|
||||
public BadRequestException(String errorMessage) {
|
||||
super(errorMessage);
|
||||
}
|
||||
}
|
@ -0,0 +1,32 @@
|
||||
/*
|
||||
* Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
*
|
||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.apimgt.keymgt.extension.exception;
|
||||
|
||||
/**
|
||||
* Custom exception class for key management service related exceptions.
|
||||
*/
|
||||
public class KeyMgtException extends Exception {
|
||||
|
||||
private static final long serialVersionUID = -3806174803586013552L;
|
||||
|
||||
public KeyMgtException(String errorMessage) {
|
||||
super(errorMessage);
|
||||
}
|
||||
}
|
||||
|
@ -0,0 +1,40 @@
|
||||
/*
|
||||
* Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
*
|
||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.apimgt.keymgt.extension.internal;
|
||||
|
||||
import org.wso2.carbon.apimgt.keymgt.extension.service.KeyMgtService;
|
||||
|
||||
public class KeyMgtDataHolder {
|
||||
|
||||
private static final KeyMgtDataHolder thisInstance = new KeyMgtDataHolder();
|
||||
private KeyMgtService keyMgtService;
|
||||
|
||||
public static KeyMgtDataHolder getInstance() {
|
||||
return thisInstance;
|
||||
}
|
||||
|
||||
public KeyMgtService getKeyMgtService() {
|
||||
return keyMgtService;
|
||||
}
|
||||
|
||||
public void setKeyMgtService(KeyMgtService keyMgtService) {
|
||||
this.keyMgtService = keyMgtService;
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,62 @@
|
||||
/*
|
||||
* Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
*
|
||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.apimgt.keymgt.extension.internal;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.osgi.framework.BundleContext;
|
||||
import org.osgi.service.component.ComponentContext;
|
||||
import org.wso2.carbon.apimgt.keymgt.extension.service.KeyMgtService;
|
||||
import org.wso2.carbon.apimgt.keymgt.extension.service.KeyMgtServiceImpl;
|
||||
|
||||
/**
|
||||
* @scr.component name="org.wso2.carbon.apimgt.keymgt.extension.keyMgtServiceComponent" immediate="true"
|
||||
*/
|
||||
public class KeyMgtServiceComponent {
|
||||
|
||||
private static final Log log = LogFactory.getLog(KeyMgtServiceComponent.class);
|
||||
|
||||
@SuppressWarnings("unused")
|
||||
protected void activate(ComponentContext componentContext) {
|
||||
try {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Initializing key management bundle");
|
||||
}
|
||||
|
||||
BundleContext bundleContext = componentContext.getBundleContext();
|
||||
|
||||
KeyMgtService keyMgtService = new KeyMgtServiceImpl();
|
||||
bundleContext.registerService(KeyMgtService.class.getName(), keyMgtService, null);
|
||||
KeyMgtDataHolder.getInstance().setKeyMgtService(keyMgtService);
|
||||
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Key management bundle has been successfully initialized");
|
||||
}
|
||||
} catch (Throwable e) {
|
||||
log.error("Error occurred while initializing key management bundle", e);
|
||||
}
|
||||
}
|
||||
|
||||
@SuppressWarnings("unused")
|
||||
protected void deactivate(ComponentContext componentContext) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("De-activating Key Management Service Component");
|
||||
}
|
||||
}
|
||||
}
|
@ -0,0 +1,53 @@
|
||||
/*
|
||||
* Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
*
|
||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.apimgt.keymgt.extension.service;
|
||||
|
||||
import org.wso2.carbon.apimgt.keymgt.extension.DCRResponse;
|
||||
import org.wso2.carbon.apimgt.keymgt.extension.TokenRequest;
|
||||
import org.wso2.carbon.apimgt.keymgt.extension.TokenResponse;
|
||||
import org.wso2.carbon.apimgt.keymgt.extension.exception.BadRequestException;
|
||||
import org.wso2.carbon.apimgt.keymgt.extension.exception.KeyMgtException;
|
||||
|
||||
public interface KeyMgtService {
|
||||
|
||||
/***
|
||||
* This method will handle the DCR requests for applications
|
||||
*
|
||||
* @param clientName client name of the application
|
||||
* @param owner owner of the application
|
||||
* @param grantTypes grant types to be provided
|
||||
* @param callBackUrl callback url of the application
|
||||
* @param tags api tags for api subscription of the application
|
||||
* @param isSaasApp if the application is a saas app
|
||||
* @return @{@link DCRResponse} DCR Response object with client credentials
|
||||
* @throws KeyMgtException if any error occurs during DCR process
|
||||
*/
|
||||
DCRResponse dynamicClientRegistration(String clientName, String owner, String grantTypes, String callBackUrl,
|
||||
String[] tags, boolean isSaasApp) throws KeyMgtException;
|
||||
|
||||
/***
|
||||
* This method will handle the access token requests
|
||||
*
|
||||
* @param tokenRequest token request object
|
||||
* @return @{@link TokenResponse} Access token information
|
||||
* @throws KeyMgtException if any errors occurred while generating access token
|
||||
* @throws BadRequestException if any parameters provided are invalid
|
||||
*/
|
||||
TokenResponse generateAccessToken(TokenRequest tokenRequest) throws KeyMgtException, BadRequestException;
|
||||
}
|
@ -0,0 +1,492 @@
|
||||
/*
|
||||
* Copyright (c) 2022, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
|
||||
*
|
||||
* Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.apimgt.keymgt.extension.service;
|
||||
|
||||
import com.google.gson.Gson;
|
||||
import okhttp3.Credentials;
|
||||
import okhttp3.MediaType;
|
||||
import okhttp3.OkHttpClient;
|
||||
import okhttp3.Request;
|
||||
import okhttp3.RequestBody;
|
||||
import okhttp3.Response;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.apache.http.HttpStatus;
|
||||
import org.json.JSONObject;
|
||||
import org.wso2.carbon.apimgt.api.APIConsumer;
|
||||
import org.wso2.carbon.apimgt.api.APIManagementException;
|
||||
import org.wso2.carbon.apimgt.api.model.APIKey;
|
||||
import org.wso2.carbon.apimgt.api.model.Application;
|
||||
import org.wso2.carbon.apimgt.impl.APIManagerFactory;
|
||||
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
|
||||
import org.wso2.carbon.apimgt.keymgt.extension.DCRResponse;
|
||||
import org.wso2.carbon.apimgt.keymgt.extension.KeyManagerPayload;
|
||||
import org.wso2.carbon.apimgt.keymgt.extension.KeyMgtConstants;
|
||||
import org.wso2.carbon.apimgt.keymgt.extension.OAuthApplication;
|
||||
import org.wso2.carbon.apimgt.keymgt.extension.TokenRequest;
|
||||
import org.wso2.carbon.apimgt.keymgt.extension.TokenResponse;
|
||||
import org.wso2.carbon.apimgt.keymgt.extension.exception.BadRequestException;
|
||||
import org.wso2.carbon.apimgt.keymgt.extension.exception.KeyMgtException;
|
||||
import org.wso2.carbon.context.PrivilegedCarbonContext;
|
||||
import org.wso2.carbon.device.mgt.core.config.DeviceConfigurationManager;
|
||||
import org.wso2.carbon.device.mgt.core.config.DeviceManagementConfig;
|
||||
import org.wso2.carbon.device.mgt.core.config.keymanager.KeyManagerConfigurations;
|
||||
import org.wso2.carbon.user.api.UserRealm;
|
||||
import org.wso2.carbon.user.api.UserStoreException;
|
||||
import org.wso2.carbon.user.api.UserStoreManager;
|
||||
import org.wso2.carbon.user.core.service.RealmService;
|
||||
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
|
||||
|
||||
import javax.net.ssl.HostnameVerifier;
|
||||
import javax.net.ssl.SSLContext;
|
||||
import javax.net.ssl.SSLSession;
|
||||
import javax.net.ssl.SSLSocketFactory;
|
||||
import javax.net.ssl.TrustManager;
|
||||
import javax.net.ssl.X509TrustManager;
|
||||
import java.io.IOException;
|
||||
import java.security.KeyManagementException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
public class KeyMgtServiceImpl implements KeyMgtService {
|
||||
|
||||
private static final Log log = LogFactory.getLog(KeyMgtServiceImpl.class);
|
||||
|
||||
private static final OkHttpClient client = getOkHttpClient();
|
||||
private static final MediaType JSON = MediaType.parse("application/json; charset=utf-8");
|
||||
private static final Gson gson = new Gson();
|
||||
private KeyManagerConfigurations kmConfig = null;
|
||||
RealmService realmService = null;
|
||||
String subTenantUserUsername, subTenantUserPassword, keyManagerName, msg = null;
|
||||
|
||||
public DCRResponse dynamicClientRegistration(String clientName, String owner, String grantTypes, String callBackUrl,
|
||||
String[] tags, boolean isSaasApp) throws KeyMgtException {
|
||||
|
||||
String tenantDomain = MultitenantUtils.getTenantDomain(owner);
|
||||
int tenantId;
|
||||
|
||||
try {
|
||||
tenantId = getRealmService()
|
||||
.getTenantManager().getTenantId(tenantDomain);
|
||||
} catch (UserStoreException e) {
|
||||
msg = "Error while loading tenant configuration";
|
||||
log.error(msg);
|
||||
throw new KeyMgtException(msg);
|
||||
}
|
||||
|
||||
kmConfig = getKeyManagerConfig();
|
||||
|
||||
if (KeyMgtConstants.SUPER_TENANT.equals(tenantDomain)) {
|
||||
OAuthApplication superTenantOauthApp = createOauthApplication(
|
||||
KeyMgtConstants.RESERVED_OAUTH_APP_NAME_PREFIX + KeyMgtConstants.SUPER_TENANT,
|
||||
kmConfig.getAdminUsername(), tags);
|
||||
return new DCRResponse(superTenantOauthApp.getClientId(), superTenantOauthApp.getClientSecret());
|
||||
} else {
|
||||
// super-tenant admin dcr and token generation
|
||||
OAuthApplication superTenantOauthApp = createOauthApplication(
|
||||
KeyMgtConstants.RESERVED_OAUTH_APP_NAME_PREFIX + KeyMgtConstants.SUPER_TENANT,
|
||||
kmConfig.getAdminUsername(), null);
|
||||
String superAdminAccessToken = createAccessToken(superTenantOauthApp);
|
||||
|
||||
// create new key manager for the tenant, under super-tenant space
|
||||
createKeyManager(tenantId, tenantDomain, superAdminAccessToken);
|
||||
|
||||
// create a sub-tenant user
|
||||
try {
|
||||
subTenantUserUsername = getRealmService()
|
||||
.getTenantUserRealm(tenantId).getRealmConfiguration()
|
||||
.getRealmProperty("reserved_tenant_user_username") + "@" + tenantDomain;
|
||||
subTenantUserPassword = getRealmService()
|
||||
.getTenantUserRealm(tenantId).getRealmConfiguration()
|
||||
.getRealmProperty("reserved_tenant_user_password");
|
||||
} catch (UserStoreException e) {
|
||||
msg = "Error while loading user realm configuration";
|
||||
log.error(msg);
|
||||
throw new KeyMgtException(msg);
|
||||
}
|
||||
createUserIfNotExists(subTenantUserUsername, subTenantUserPassword);
|
||||
|
||||
// DCR for the requesting user
|
||||
OAuthApplication dcrApplication = createOauthApplication(clientName, owner, tags);
|
||||
String requestingUserAccessToken = createAccessToken(dcrApplication);
|
||||
|
||||
// get application id
|
||||
Application application = getApplication(clientName, owner);
|
||||
String applicationUUID = application.getUUID();
|
||||
|
||||
// do app key mapping
|
||||
mapApplicationKeys(dcrApplication.getClientId(), dcrApplication.getClientSecret(), keyManagerName,
|
||||
applicationUUID, requestingUserAccessToken);
|
||||
return new DCRResponse(dcrApplication.getClientId(), dcrApplication.getClientSecret());
|
||||
}
|
||||
}
|
||||
|
||||
public TokenResponse generateAccessToken(TokenRequest tokenRequest) throws KeyMgtException, BadRequestException {
|
||||
try {
|
||||
Application application = APIUtil.getApplicationByClientId(tokenRequest.getClientId());
|
||||
String tenantDomain = MultitenantUtils.getTenantDomain(application.getOwner());
|
||||
|
||||
String username, password;
|
||||
if (KeyMgtConstants.SUPER_TENANT.equals(tenantDomain)) {
|
||||
kmConfig = getKeyManagerConfig();
|
||||
username = kmConfig.getAdminUsername();
|
||||
password = kmConfig.getAdminUsername();
|
||||
} else {
|
||||
try {
|
||||
username = getRealmService()
|
||||
.getTenantUserRealm(-1234).getRealmConfiguration()
|
||||
.getRealmProperty("reserved_tenant_user_username") + "@" + tenantDomain;
|
||||
password = getRealmService()
|
||||
.getTenantUserRealm(-1234).getRealmConfiguration()
|
||||
.getRealmProperty("reserved_tenant_user_password");
|
||||
} catch (UserStoreException e) {
|
||||
msg = "Error while loading user realm configuration";
|
||||
log.error(msg);
|
||||
throw new KeyMgtException(msg);
|
||||
}
|
||||
}
|
||||
|
||||
JSONObject jsonObject = new JSONObject();
|
||||
if ("client_credentials".equals(tokenRequest.getGrantType())) {
|
||||
jsonObject.put("grant_type", "password");
|
||||
jsonObject.put("username", username);
|
||||
jsonObject.put("password", password);
|
||||
} else if ("refresh_token".equals(tokenRequest.getGrantType())) {
|
||||
jsonObject.put("grant_type", "refresh_token");
|
||||
jsonObject.put("refresh_token", tokenRequest.getRefreshToken());
|
||||
} else {
|
||||
msg = "Invalid grant type: " + tokenRequest.getGrantType();
|
||||
throw new BadRequestException(msg);
|
||||
}
|
||||
jsonObject.put("scope", tokenRequest.getScope());
|
||||
|
||||
RequestBody appTokenPayload = RequestBody.Companion.create(jsonObject.toString(), JSON);
|
||||
kmConfig = getKeyManagerConfig();
|
||||
String appTokenEndpoint = kmConfig.getServerUrl() + KeyMgtConstants.OAUTH2_TOKEN_ENDPOINT;
|
||||
Request request = new Request.Builder()
|
||||
.url(appTokenEndpoint)
|
||||
.addHeader(KeyMgtConstants.AUTHORIZATION_HEADER, Credentials.basic(tokenRequest.getClientId(), tokenRequest.getClientSecret()))
|
||||
.post(appTokenPayload)
|
||||
.build();
|
||||
|
||||
Response response = client.newCall(request).execute();
|
||||
jsonObject = new JSONObject(response.body().string());
|
||||
String accessToken;
|
||||
if (KeyMgtConstants.SUPER_TENANT.equals(tenantDomain)) {
|
||||
accessToken = jsonObject.getString("access_token");
|
||||
} else {
|
||||
int tenantId = getRealmService()
|
||||
.getTenantManager().getTenantId(tenantDomain);
|
||||
accessToken = tenantId + "_" + jsonObject.getString("access_token");
|
||||
}
|
||||
return new TokenResponse(accessToken,
|
||||
jsonObject.getString("refresh_token"),
|
||||
jsonObject.getString("scope"),
|
||||
jsonObject.getString("token_type"),
|
||||
jsonObject.getInt("expires_in"));
|
||||
|
||||
} catch (APIManagementException e) {
|
||||
msg = "Error occurred while retrieving application";
|
||||
log.error(msg);
|
||||
throw new KeyMgtException(msg);
|
||||
} catch (IOException e) {
|
||||
msg = "Error occurred while mapping application keys";
|
||||
log.error(msg);
|
||||
throw new KeyMgtException(msg);
|
||||
} catch (UserStoreException e) {
|
||||
msg = "Error occurred while fetching tenant id";
|
||||
log.error(msg);
|
||||
throw new KeyMgtException(msg);
|
||||
}
|
||||
}
|
||||
|
||||
/***
|
||||
* Maps the application's keys with the given key manager
|
||||
*
|
||||
* @param consumerKey consumer key of the application
|
||||
* @param consumerSecret consumer secret of the application
|
||||
* @param keyManager key-manager name to which the keys should be mapped with
|
||||
* @param applicationUUID application's UUID
|
||||
* @param accessToken access token of the tenant user
|
||||
* @throws KeyMgtException if an error occurs while mapping application keys with the key-manager
|
||||
*/
|
||||
private void mapApplicationKeys(String consumerKey, String consumerSecret, String keyManager,
|
||||
String applicationUUID, String accessToken) throws KeyMgtException {
|
||||
JSONObject jsonObject = new JSONObject();
|
||||
jsonObject.put("consumerKey", consumerKey);
|
||||
jsonObject.put("consumerSecret", consumerSecret);
|
||||
jsonObject.put("keyManager", keyManager);
|
||||
jsonObject.put("keyType", "PRODUCTION");
|
||||
|
||||
RequestBody keyMappingPayload = RequestBody.Companion.create(jsonObject.toString(), JSON);
|
||||
kmConfig = getKeyManagerConfig();
|
||||
String keyMappingEndpoint = kmConfig.getServerUrl() +
|
||||
KeyMgtConstants.APPLICATION_KEY_MAPPING_ENDPOINT.replaceAll("<applicationId>", applicationUUID);
|
||||
Request request = new Request.Builder()
|
||||
.url(keyMappingEndpoint)
|
||||
.addHeader(KeyMgtConstants.AUTHORIZATION_HEADER, "Bearer " + accessToken)
|
||||
.addHeader(KeyMgtConstants.X_WSO2_TENANT_HEADER, KeyMgtConstants.SUPER_TENANT)
|
||||
.post(keyMappingPayload)
|
||||
.build();
|
||||
|
||||
try {
|
||||
client.newCall(request).execute();
|
||||
} catch (IOException e) {
|
||||
msg = "Error occurred while mapping application keys";
|
||||
throw new KeyMgtException(msg);
|
||||
}
|
||||
}
|
||||
|
||||
/***
|
||||
* Creates user if not exists already in the user store
|
||||
*
|
||||
* @param username username of the user
|
||||
* @param password password of the user
|
||||
* @throws KeyMgtException if any error occurs while fetching tenant details
|
||||
*/
|
||||
private void createUserIfNotExists(String username, String password) throws KeyMgtException {
|
||||
try {
|
||||
String tenantDomain = MultitenantUtils.getTenantDomain(username);
|
||||
int tenantId = getRealmService()
|
||||
.getTenantManager().getTenantId(tenantDomain);
|
||||
UserRealm userRealm = getRealmService()
|
||||
.getTenantUserRealm(tenantId);
|
||||
UserStoreManager userStoreManager = userRealm.getUserStoreManager();
|
||||
|
||||
if (!userStoreManager.isExistingUser(MultitenantUtils.getTenantAwareUsername(username))) {
|
||||
String[] roles = {"admin"};
|
||||
userStoreManager.addUser(MultitenantUtils.getTenantAwareUsername(username), password, roles, null, "");
|
||||
}
|
||||
} catch (UserStoreException e) {
|
||||
msg = "Error when trying to fetch tenant details";
|
||||
log.error(msg);
|
||||
throw new KeyMgtException(msg);
|
||||
}
|
||||
}
|
||||
|
||||
/***
|
||||
* Creates an OAuth Application
|
||||
*
|
||||
* @param clientName Name of the client application
|
||||
* @param owner Owner's name of the client application
|
||||
* @return @{@link OAuthApplication} OAuth application object
|
||||
* @throws KeyMgtException if any error occurs while creating response object
|
||||
*/
|
||||
private OAuthApplication createOauthApplication (String clientName, String owner, String[] tags) throws KeyMgtException {
|
||||
String oauthAppCreationPayloadStr = createOauthAppCreationPayload(clientName, owner, tags);
|
||||
RequestBody oauthAppCreationPayload = RequestBody.Companion.create(oauthAppCreationPayloadStr, JSON);
|
||||
kmConfig = getKeyManagerConfig();
|
||||
String dcrEndpoint = kmConfig.getServerUrl() + KeyMgtConstants.DCR_ENDPOINT;
|
||||
String username, password;
|
||||
|
||||
if (KeyMgtConstants.SUPER_TENANT.equals(MultitenantUtils.getTenantDomain(owner))) {
|
||||
username = kmConfig.getAdminUsername();
|
||||
password = kmConfig.getAdminPassword();
|
||||
} else {
|
||||
username = subTenantUserUsername;
|
||||
password = subTenantUserPassword;
|
||||
}
|
||||
|
||||
Request request = new Request.Builder()
|
||||
.url(dcrEndpoint)
|
||||
.addHeader(KeyMgtConstants.AUTHORIZATION_HEADER, Credentials.basic(username, password))
|
||||
.post(oauthAppCreationPayload)
|
||||
.build();
|
||||
try {
|
||||
Response response = client.newCall(request).execute();
|
||||
return gson.fromJson(response.body().string(), OAuthApplication.class);
|
||||
} catch (IOException e) {
|
||||
msg = "Error occurred while processing the response";
|
||||
throw new KeyMgtException(msg);
|
||||
}
|
||||
}
|
||||
|
||||
/***
|
||||
* Creates access token with client credentials grant type
|
||||
*
|
||||
* @param oAuthApp OAuth application object
|
||||
* @return Access token
|
||||
* @throws KeyMgtException if any error occurs while reading access token from the response
|
||||
*/
|
||||
private String createAccessToken (OAuthApplication oAuthApp) throws KeyMgtException {
|
||||
JSONObject jsonObject = new JSONObject();
|
||||
jsonObject.put("grant_type", KeyMgtConstants.CLIENT_CREDENTIALS_GRANT_TYPE);
|
||||
jsonObject.put("scope", KeyMgtConstants.DEFAULT_ADMIN_SCOPES);
|
||||
|
||||
RequestBody accessTokenReqPayload = RequestBody.Companion.create(jsonObject.toString(), JSON);
|
||||
kmConfig = getKeyManagerConfig();
|
||||
String tokenEndpoint = kmConfig.getServerUrl() + KeyMgtConstants.OAUTH2_TOKEN_ENDPOINT;
|
||||
Request request = new Request.Builder()
|
||||
.url(tokenEndpoint)
|
||||
.addHeader(KeyMgtConstants.AUTHORIZATION_HEADER, Credentials.basic(oAuthApp.getClientId(), oAuthApp.getClientSecret()))
|
||||
.post(accessTokenReqPayload)
|
||||
.build();
|
||||
|
||||
try {
|
||||
Response response = client.newCall(request).execute();
|
||||
jsonObject = new JSONObject(response.body().string());
|
||||
return jsonObject.getString("access_token");
|
||||
} catch (IOException e) {
|
||||
msg = "Error occurred while reading access token from response";
|
||||
throw new KeyMgtException(msg);
|
||||
}
|
||||
}
|
||||
|
||||
/***
|
||||
* Creates a key manager for a given tenant, under super-tenant space
|
||||
*
|
||||
* @param tenantId tenant-id of the key-manager
|
||||
* @param tenantDomain tenant domain of the key-manager
|
||||
* @param accessToken access token of the super-tenant user
|
||||
* @throws KeyMgtException if any error occurs while creating a key-manager
|
||||
*/
|
||||
private void createKeyManager(int tenantId, String tenantDomain, String accessToken) throws KeyMgtException {
|
||||
try {
|
||||
List<String> kmGrantTypes = new ArrayList<>();
|
||||
kmGrantTypes.add("client_credentials");
|
||||
|
||||
kmConfig = getKeyManagerConfig();
|
||||
Map<String, Object> additionalProperties = new HashMap<>();
|
||||
additionalProperties.put("Username", kmConfig.getAdminUsername());
|
||||
additionalProperties.put("Password", kmConfig.getAdminPassword());
|
||||
additionalProperties.put("self_validate_jwt", true);
|
||||
|
||||
keyManagerName = generateCustomKeyManagerName(tenantDomain);
|
||||
KeyManagerPayload keyManagerPayload = new KeyManagerPayload(
|
||||
tenantDomain, tenantId, kmConfig.getServerUrl(),
|
||||
keyManagerName, kmGrantTypes, additionalProperties
|
||||
);
|
||||
String createKeyManagerPayload = gson.toJson(keyManagerPayload);
|
||||
RequestBody requestBody = RequestBody.Companion.create(createKeyManagerPayload, JSON);
|
||||
String keyManagerEndpoint = kmConfig.getServerUrl() + KeyMgtConstants.CREATE_KEY_MANAGER_ENDPOINT;
|
||||
Request request = new Request.Builder()
|
||||
.url(keyManagerEndpoint)
|
||||
.addHeader(KeyMgtConstants.AUTHORIZATION_HEADER, "Bearer " + accessToken)
|
||||
.post(requestBody)
|
||||
.build();
|
||||
client.newCall(request).execute();
|
||||
} catch (IOException e) {
|
||||
msg = "Error occurred while invoking create key manager endpoint";
|
||||
log.error(msg);
|
||||
throw new KeyMgtException(msg);
|
||||
}
|
||||
}
|
||||
|
||||
/***
|
||||
* Retrieves an application by name and owner
|
||||
*
|
||||
* @param applicationName name of the application
|
||||
* @param owner owner of the application
|
||||
* @return @{@link Application} Application object
|
||||
* @throws KeyMgtException if any error occurs while retrieving the application
|
||||
*/
|
||||
private Application getApplication(String applicationName, String owner) throws KeyMgtException {
|
||||
try {
|
||||
APIManagerFactory apiManagerFactory = APIManagerFactory.getInstance();
|
||||
APIConsumer apiConsumer = apiManagerFactory.getAPIConsumer(owner);
|
||||
return apiConsumer.getApplicationsByName(owner, applicationName, "");
|
||||
} catch (APIManagementException e) {
|
||||
msg = "Error while trying to retrieve the application";
|
||||
log.error(msg);
|
||||
throw new KeyMgtException(msg);
|
||||
}
|
||||
}
|
||||
|
||||
private String createOauthAppCreationPayload(String clientName, String owner, String[] tags) {
|
||||
JSONObject jsonObject = new JSONObject();
|
||||
jsonObject.put("applicationName", clientName);
|
||||
jsonObject.put("username", owner);
|
||||
jsonObject.put("tags", tags);
|
||||
return jsonObject.toString();
|
||||
}
|
||||
|
||||
private String generateCustomKeyManagerName(String tenantDomain) {
|
||||
return KeyMgtConstants.CUSTOM_KEY_MANAGER_NAME_PREFIX + tenantDomain;
|
||||
}
|
||||
|
||||
private RealmService getRealmService() {
|
||||
if(realmService == null) {
|
||||
PrivilegedCarbonContext context = PrivilegedCarbonContext.getThreadLocalCarbonContext();
|
||||
return (RealmService) context.getOSGiService(RealmService.class, null);
|
||||
} else {
|
||||
return realmService;
|
||||
}
|
||||
}
|
||||
|
||||
private static OkHttpClient getOkHttpClient() {
|
||||
X509TrustManager trustAllCerts = new X509TrustManager() {
|
||||
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
|
||||
return new java.security.cert.X509Certificate[0];
|
||||
}
|
||||
|
||||
public void checkClientTrusted(
|
||||
java.security.cert.X509Certificate[] certs, String authType) {
|
||||
}
|
||||
|
||||
public void checkServerTrusted(
|
||||
java.security.cert.X509Certificate[] certs, String authType) {
|
||||
}
|
||||
};
|
||||
return new OkHttpClient.Builder()
|
||||
.sslSocketFactory(getSimpleTrustedSSLSocketFactory(), trustAllCerts)
|
||||
.hostnameVerifier(new HostnameVerifier() {
|
||||
@Override
|
||||
public boolean verify(String s, SSLSession sslSession) {
|
||||
return true;
|
||||
}
|
||||
}).build();
|
||||
}
|
||||
|
||||
private static SSLSocketFactory getSimpleTrustedSSLSocketFactory() {
|
||||
try {
|
||||
TrustManager[] trustAllCerts = new TrustManager[]{
|
||||
new X509TrustManager() {
|
||||
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
|
||||
return null;
|
||||
}
|
||||
public void checkClientTrusted(
|
||||
java.security.cert.X509Certificate[] certs, String authType) {
|
||||
}
|
||||
public void checkServerTrusted(
|
||||
java.security.cert.X509Certificate[] certs, String authType) {
|
||||
}
|
||||
}
|
||||
};
|
||||
SSLContext sc = SSLContext.getInstance("SSL");
|
||||
sc.init(null, trustAllCerts, new java.security.SecureRandom());
|
||||
return sc.getSocketFactory();
|
||||
} catch (KeyManagementException | NoSuchAlgorithmException e) {
|
||||
return null;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
private KeyManagerConfigurations getKeyManagerConfig() {
|
||||
if (kmConfig != null) {
|
||||
return kmConfig;
|
||||
} else {
|
||||
DeviceManagementConfig deviceManagementConfig = DeviceConfigurationManager.getInstance().getDeviceManagementConfig();
|
||||
return deviceManagementConfig.getKeyManagerConfigurations();
|
||||
}
|
||||
}
|
||||
}
|
@ -1 +1,3 @@
|
||||
instructions.configure = \
|
||||
org.eclipse.equinox.p2.touchpoint.natives.mkdir(path:${installFolder}/../../deployment/server/webapps/);\
|
||||
org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.apimgt.keymgt.extension_${feature.version}/webapps/api-key-management.war,target:${installFolder}/../../deployment/server/webapps/api-key-management.war,overwrite:true);\
|
||||
|
Loading…
Reference in new issue