transferred mutual authenticator to jwt authenticator

4.x.x
ayyoob 8 years ago
parent ed7b67dd24
commit 87910bc92b

@ -286,6 +286,11 @@
<artifactId>org.wso2.carbon.application.mgt.stub</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>org.wso2.carbon.identity.jwt.client.extension</artifactId>
<scope>provided</scope>
</dependency>
</dependencies>
</project>

@ -18,8 +18,6 @@
*/
package org.wso2.carbon.device.mgt.jaxrs.service.impl.admin;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMXMLBuilderFactory;
import org.apache.axis2.client.Options;
import org.apache.axis2.java.security.SSLProtocolSocketFactory;
import org.apache.axis2.transport.http.HTTPConstants;
@ -36,6 +34,7 @@ import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.util.Utils;
import org.wso2.carbon.device.mgt.jaxrs.service.api.admin.DeviceTypePublisherAdminService;
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils;
import org.wso2.carbon.identity.jwt.client.extension.JWTClient;
import org.wso2.carbon.registry.core.Registry;
import org.wso2.carbon.registry.core.Resource;
import org.wso2.carbon.registry.core.ResourceImpl;
@ -65,9 +64,14 @@ import java.util.List;
public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherAdminService {
/**
* required soap header for mutualSSL
* required soap header for authorization
*/
private static final String USER_NAME_HEADER = "UserName";
private static final String AUTHORIZATION_HEADER = "Authorization";
/**
* required soap header value for mutualSSL
*/
private static final String AUTHORIZATION_HEADER_VALUE = "Bearer";
private static final String KEY_STORE_TYPE = "JKS";
/**
@ -129,22 +133,16 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA
//Call to load the TrustStore.
loadTrustStore(trustStoreLocation, trustStorePassword);
//Create the SSL context with the loaded TrustStore/keystore.
initMutualSSLConnection();
//Constructing the soap header that required for mutual SSL
String strHeader =
"<m:UserName soapenv:mustUnderstand=\"0\" xmlns:m=\"http://mutualssl.carbon.wso2.org\" " +
"xmlns:soapenv=\"http://www.w3.org/2001/12/soap-envelope\" >'" + tenantAdminUser +
"'</m:UserName>";
initSSLConnection();
JWTClient jwtClient = DeviceMgtAPIUtils.getJWTClientManagerService().getJWTClient();
InputStream is = new ByteArrayInputStream(strHeader.getBytes());
OMElement header = OMXMLBuilderFactory.createOMBuilder(is).getDocumentElement();
String authValue = AUTHORIZATION_HEADER_VALUE + " " + new String(Base64.encodeBase64(
jwtClient.getJwtToken(tenantAdminUser).getBytes()));
List<Header> list = new ArrayList<Header>();
Header httpHeader = new Header();
httpHeader.setName(USER_NAME_HEADER);
byte[] encodedBytes = Base64.encodeBase64(tenantAdminUser.getBytes());
httpHeader.setValue(new String(encodedBytes));
httpHeader.setName(AUTHORIZATION_HEADER);
httpHeader.setValue(authValue);
list.add(httpHeader);//"https"
File directory = new File(CAR_FILE_LOCATION + File.separator + type);
@ -153,7 +151,6 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA
if (uploadedFileItems.length > 0) {
CarbonAppUploaderStub carbonAppUploaderStub = new CarbonAppUploaderStub(Utils.replaceSystemProperty(
IOT_MGT_URL));
carbonAppUploaderStub._getServiceClient().addHeader(header);
Options appUploaderOptions = carbonAppUploaderStub._getServiceClient().getOptions();
if (appUploaderOptions == null) {
appUploaderOptions = new Options();
@ -168,7 +165,6 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA
if (!DEVICE_MANAGEMENT_TYPE.equals(type.toLowerCase())) {
carbonAppUploaderStub = new CarbonAppUploaderStub(Utils.replaceSystemProperty(DAS_URL));
carbonAppUploaderStub._getServiceClient().addHeader(header);
appUploaderOptions = carbonAppUploaderStub._getServiceClient().getOptions();
if (appUploaderOptions == null) {
appUploaderOptions = new Options();
@ -297,7 +293,7 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA
/**
* Initializes the SSL Context
*/
private void initMutualSSLConnection() throws NoSuchAlgorithmException, UnrecoverableKeyException,
private void initSSLConnection() throws NoSuchAlgorithmException, UnrecoverableKeyException,
KeyStoreException, KeyManagementException {
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KEY_MANAGER_TYPE);
keyManagerFactory.init(keyStore, keyStorePassword);

@ -36,6 +36,7 @@ import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
import org.wso2.carbon.device.mgt.core.service.GroupManagementProviderService;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.InputValidationException;
import org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService;
import org.wso2.carbon.policy.mgt.common.PolicyMonitoringTaskException;
import org.wso2.carbon.policy.mgt.core.PolicyManagerService;
import org.wso2.carbon.policy.mgt.core.task.TaskScheduleService;
@ -168,6 +169,18 @@ public class DeviceMgtAPIUtils {
return registryService;
}
public static JWTClientManagerService getJWTClientManagerService() {
JWTClientManagerService jwtClientManagerService;
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
jwtClientManagerService = (JWTClientManagerService) ctx.getOSGiService(JWTClientManagerService.class, null);
if (jwtClientManagerService == null) {
String msg = "jwtClientManagerServicehas not initialized.";
log.error(msg);
throw new IllegalStateException(msg);
}
return jwtClientManagerService;
}
/**
* Getting the current tenant's user realm
*/

@ -72,6 +72,10 @@ public class JWTClientUtil {
private static final String JWT_CONFIG_FILE_NAME = "jwt.properties";
private static final String SUPERTENANT_JWT_CONFIG_LOCATION =
CarbonUtils.getEtcCarbonConfigDirPath() + File.separator + JWT_CONFIG_FILE_NAME;
/**
* This is added for the carbon authenticator.
*/
public static final String SIGNED_JWT_AUTH_USERNAME = "Username";
/**
* Return a http client instance
@ -226,10 +230,11 @@ public class JWTClientUtil {
claimsSet.setIssueTime(new Date(iat));
claimsSet.setExpirationTime(new Date(exp));
claimsSet.setIssuer(iss);
claimsSet.setSubject(username);
claimsSet.setNotBeforeTime(new Date(nbf));
claimsSet.setSubject(username);
claimsSet.setNotBeforeTime(new Date(nbf));
claimsSet.setJWTID(jti);
claimsSet.setAudience(aud);
claimsSet.setClaim(SIGNED_JWT_AUTH_USERNAME, username);
if (customClaims != null && !customClaims.isEmpty()) {
for (String key : customClaims.keySet()) {
claimsSet.setClaim(key, customClaims.get(key));

Loading…
Cancel
Save