updated keymgt extensions to support validity period

mutual-tls-auth
Amalka Subasinghe 2 years ago
parent 4d8d4bdcf7
commit bf8efa35a7

@ -256,10 +256,14 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
keyManagerId = keyManagerConfigurationDTO.getUuid(); keyManagerId = keyManagerConfigurationDTO.getUuid();
} }
} }
String applicationAccessTokenExpiryTime = "N/A";
if(!StringUtils.isEmpty(validityTime)) {
applicationAccessTokenExpiryTime = validityTime;
}
String jsonString = "{\"grant_types\":\"refresh_token,access_token," + String jsonString = "{\"grant_types\":\"refresh_token,access_token," +
"urn:ietf:params:oauth:grant-type:saml2-bearer," + "urn:ietf:params:oauth:grant-type:saml2-bearer," +
"password,client_credentials,iwa:ntlm,urn:ietf:params:oauth:grant-type:jwt-bearer\"," + "password,client_credentials,iwa:ntlm,urn:ietf:params:oauth:grant-type:jwt-bearer\"," +
"\"additionalProperties\":\"{\\\"application_access_token_expiry_time\\\":\\\"N\\/A\\\"," + "\"additionalProperties\":\"{\\\"application_access_token_expiry_time\\\":\\\""+applicationAccessTokenExpiryTime +"\\\"," +
"\\\"user_access_token_expiry_time\\\":\\\"N\\/A\\\"," + "\\\"user_access_token_expiry_time\\\":\\\"N\\/A\\\"," +
"\\\"refresh_token_expiry_time\\\":\\\"N\\/A\\\"," + "\\\"refresh_token_expiry_time\\\":\\\"N\\/A\\\"," +
"\\\"id_token_expiry_time\\\":\\\"N\\/A\\\"}\"," + "\\\"id_token_expiry_time\\\":\\\"N\\/A\\\"}\"," +

@ -40,6 +40,9 @@ public class DCRRequest {
@XmlElement @XmlElement
private boolean isSaasApp; private boolean isSaasApp;
@XmlElement
private int validityPeriod;
public String getApplicationName() { public String getApplicationName() {
return applicationName; return applicationName;
} }
@ -87,4 +90,12 @@ public class DCRRequest {
public void setIsSaasApp(boolean saasApp) { public void setIsSaasApp(boolean saasApp) {
isSaasApp = saasApp; isSaasApp = saasApp;
} }
public int getValidityPeriod() {
return validityPeriod;
}
public void setValidityPeriod(int validityPeriod) {
this.validityPeriod = validityPeriod;
}
} }

@ -46,5 +46,6 @@ public interface KeyManagerService {
@FormParam("assertion") String assertion, @FormParam("assertion") String assertion,
@FormParam("admin_access_token") String admin_access_token, @FormParam("admin_access_token") String admin_access_token,
@FormParam("username") String username, @FormParam("username") String username,
@FormParam("password") String password); @FormParam("password") String password,
@FormParam("validityPeriod") int validityPeriod);
} }

@ -51,7 +51,7 @@ public class KeyManagerServiceImpl implements KeyManagerService {
try { try {
KeyMgtService keyMgtService = new KeyMgtServiceImpl(); KeyMgtService keyMgtService = new KeyMgtServiceImpl();
DCRResponse resp = keyMgtService.dynamicClientRegistration(dcrRequest.getApplicationName(), dcrRequest.getUsername(), DCRResponse resp = keyMgtService.dynamicClientRegistration(dcrRequest.getApplicationName(), dcrRequest.getUsername(),
dcrRequest.getGrantTypes(), dcrRequest.getCallBackUrl(), dcrRequest.getTags(), dcrRequest.getIsSaasApp()); dcrRequest.getGrantTypes(), dcrRequest.getCallBackUrl(), dcrRequest.getTags(), dcrRequest.getIsSaasApp(), dcrRequest.getValidityPeriod());
return Response.status(Response.Status.CREATED).entity(gson.toJson(resp)).build(); return Response.status(Response.Status.CREATED).entity(gson.toJson(resp)).build();
} catch (KeyMgtException e) { } catch (KeyMgtException e) {
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build();
@ -69,7 +69,8 @@ public class KeyManagerServiceImpl implements KeyManagerService {
@FormParam("assertion") String assertion, @FormParam("assertion") String assertion,
@FormParam("admin_access_token") String admin_access_token, @FormParam("admin_access_token") String admin_access_token,
@FormParam("username") String username, @FormParam("username") String username,
@FormParam("password") String password) { @FormParam("password") String password,
@FormParam("validityPeriod") int validityPeriod) {
try { try {
if (basicAuthHeader == null) { if (basicAuthHeader == null) {
String msg = "Invalid credentials. Make sure your API call is invoked with a Basic Authorization header."; String msg = "Invalid credentials. Make sure your API call is invoked with a Basic Authorization header.";
@ -80,7 +81,7 @@ public class KeyManagerServiceImpl implements KeyManagerService {
TokenResponse resp = keyMgtService.generateAccessToken( TokenResponse resp = keyMgtService.generateAccessToken(
new TokenRequest(encodedClientCredentials.split(":")[0], new TokenRequest(encodedClientCredentials.split(":")[0],
encodedClientCredentials.split(":")[1], refreshToken, scope, encodedClientCredentials.split(":")[1], refreshToken, scope,
grantType, assertion, admin_access_token, username, password)); grantType, assertion, admin_access_token, username, password, validityPeriod));
return Response.status(Response.Status.OK).entity(gson.toJson(resp)).build(); return Response.status(Response.Status.OK).entity(gson.toJson(resp)).build();
} catch (KeyMgtException e) { } catch (KeyMgtException e) {
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build(); return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e.getMessage()).build();

@ -29,8 +29,10 @@ public class TokenRequest {
private String username; private String username;
private String password; private String password;
private int validityPeriod;
public TokenRequest(String clientId, String clientSecret, String refreshToken, String scope, String grantType, public TokenRequest(String clientId, String clientSecret, String refreshToken, String scope, String grantType,
String assertion, String admin_access_token, String username, String password) { String assertion, String admin_access_token, String username, String password, int validityPeriod) {
this.clientId = clientId; this.clientId = clientId;
this.clientSecret = clientSecret; this.clientSecret = clientSecret;
this.refreshToken = refreshToken; this.refreshToken = refreshToken;
@ -40,6 +42,7 @@ public class TokenRequest {
this.admin_access_token = admin_access_token; this.admin_access_token = admin_access_token;
this.username = username; this.username = username;
this.password = password; this.password = password;
this.validityPeriod = validityPeriod;
} }
public String getClientId() { public String getClientId() {
@ -113,4 +116,12 @@ public class TokenRequest {
public void setPassword(String password) { public void setPassword(String password) {
this.password = password; this.password = password;
} }
public int getValidityPeriod() {
return validityPeriod;
}
public void setValidityPeriod(int validityPeriod) {
this.validityPeriod = validityPeriod;
}
} }

@ -39,7 +39,7 @@ public interface KeyMgtService {
* @throws KeyMgtException if any error occurs during DCR process * @throws KeyMgtException if any error occurs during DCR process
*/ */
DCRResponse dynamicClientRegistration(String clientName, String owner, String grantTypes, String callBackUrl, DCRResponse dynamicClientRegistration(String clientName, String owner, String grantTypes, String callBackUrl,
String[] tags, boolean isSaasApp) throws KeyMgtException; String[] tags, boolean isSaasApp, int validityPeriod) throws KeyMgtException;
/*** /***
* This method will handle the access token requests * This method will handle the access token requests

@ -77,7 +77,7 @@ public class KeyMgtServiceImpl implements KeyMgtService {
String subTenantUserUsername, subTenantUserPassword, keyManagerName, msg = null; String subTenantUserUsername, subTenantUserPassword, keyManagerName, msg = null;
public DCRResponse dynamicClientRegistration(String clientName, String owner, String grantTypes, String callBackUrl, public DCRResponse dynamicClientRegistration(String clientName, String owner, String grantTypes, String callBackUrl,
String[] tags, boolean isSaasApp) throws KeyMgtException { String[] tags, boolean isSaasApp, int validityPeriod) throws KeyMgtException {
if (owner == null) { if (owner == null) {
PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext(); PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
@ -105,13 +105,13 @@ public class KeyMgtServiceImpl implements KeyMgtService {
kmConfig = getKeyManagerConfig(); kmConfig = getKeyManagerConfig();
if (KeyMgtConstants.SUPER_TENANT.equals(tenantDomain)) { if (KeyMgtConstants.SUPER_TENANT.equals(tenantDomain)) {
OAuthApplication dcrApplication = createOauthApplication(clientName, kmConfig.getAdminUsername(), tags); OAuthApplication dcrApplication = createOauthApplication(clientName, kmConfig.getAdminUsername(), tags, validityPeriod);
return new DCRResponse(dcrApplication.getClientId(), dcrApplication.getClientSecret()); return new DCRResponse(dcrApplication.getClientId(), dcrApplication.getClientSecret());
} else { } else {
// super-tenant admin dcr and token generation // super-tenant admin dcr and token generation
OAuthApplication superTenantOauthApp = createOauthApplication( OAuthApplication superTenantOauthApp = createOauthApplication(
KeyMgtConstants.RESERVED_OAUTH_APP_NAME_PREFIX + KeyMgtConstants.SUPER_TENANT, KeyMgtConstants.RESERVED_OAUTH_APP_NAME_PREFIX + KeyMgtConstants.SUPER_TENANT,
kmConfig.getAdminUsername(), null); kmConfig.getAdminUsername(), null, validityPeriod);
String superAdminAccessToken = createAccessToken(superTenantOauthApp); String superAdminAccessToken = createAccessToken(superTenantOauthApp);
// create new key manager for the tenant, under super-tenant space // create new key manager for the tenant, under super-tenant space
@ -133,7 +133,7 @@ public class KeyMgtServiceImpl implements KeyMgtService {
createUserIfNotExists(subTenantUserUsername, subTenantUserPassword); createUserIfNotExists(subTenantUserUsername, subTenantUserPassword);
// DCR for the requesting user // DCR for the requesting user
OAuthApplication dcrApplication = createOauthApplication(clientName, owner, tags); OAuthApplication dcrApplication = createOauthApplication(clientName, owner, tags, validityPeriod);
String requestingUserAccessToken = createAccessToken(dcrApplication); String requestingUserAccessToken = createAccessToken(dcrApplication);
// get application id // get application id
@ -167,7 +167,8 @@ public class KeyMgtServiceImpl implements KeyMgtService {
case "client_credentials": case "client_credentials":
appTokenPayload = new FormBody.Builder() appTokenPayload = new FormBody.Builder()
.add("grant_type", "client_credentials") .add("grant_type", "client_credentials")
.add("scope", tokenRequest.getScope()).build(); .add("scope", tokenRequest.getScope())
.add("validityPeriod", String.valueOf(tokenRequest.getValidityPeriod())).build();
break; break;
case "password": case "password":
appTokenPayload = new FormBody.Builder() appTokenPayload = new FormBody.Builder()
@ -322,8 +323,8 @@ public class KeyMgtServiceImpl implements KeyMgtService {
* @return @{@link OAuthApplication} OAuth application object * @return @{@link OAuthApplication} OAuth application object
* @throws KeyMgtException if any error occurs while creating response object * @throws KeyMgtException if any error occurs while creating response object
*/ */
private OAuthApplication createOauthApplication (String clientName, String owner, String[] tags) throws KeyMgtException { private OAuthApplication createOauthApplication (String clientName, String owner, String[] tags, int validityPeriod) throws KeyMgtException {
String oauthAppCreationPayloadStr = createOauthAppCreationPayload(clientName, owner, tags); String oauthAppCreationPayloadStr = createOauthAppCreationPayload(clientName, owner, tags, validityPeriod);
RequestBody oauthAppCreationPayload = RequestBody.Companion.create(oauthAppCreationPayloadStr, JSON); RequestBody oauthAppCreationPayload = RequestBody.Companion.create(oauthAppCreationPayloadStr, JSON);
kmConfig = getKeyManagerConfig(); kmConfig = getKeyManagerConfig();
String dcrEndpoint = kmConfig.getServerUrl() + KeyMgtConstants.DCR_ENDPOINT; String dcrEndpoint = kmConfig.getServerUrl() + KeyMgtConstants.DCR_ENDPOINT;
@ -442,11 +443,12 @@ public class KeyMgtServiceImpl implements KeyMgtService {
} }
} }
private String createOauthAppCreationPayload(String clientName, String owner, String[] tags) { private String createOauthAppCreationPayload(String clientName, String owner, String[] tags, int validityPeriod) {
JSONObject jsonObject = new JSONObject(); JSONObject jsonObject = new JSONObject();
jsonObject.put("applicationName", clientName); jsonObject.put("applicationName", clientName);
jsonObject.put("username", owner); jsonObject.put("username", owner);
jsonObject.put("tags", tags); jsonObject.put("tags", tags);
jsonObject.put("validityPeriod", validityPeriod);
return jsonObject.toString(); return jsonObject.toString();
} }

Loading…
Cancel
Save