diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/main/java/org/wso2/carbon/apimgt/handlers/AuthenticationHandler.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/main/java/org/wso2/carbon/apimgt/handlers/AuthenticationHandler.java index 087adce6388..c5fe71dd4a8 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/main/java/org/wso2/carbon/apimgt/handlers/AuthenticationHandler.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/main/java/org/wso2/carbon/apimgt/handlers/AuthenticationHandler.java @@ -38,6 +38,7 @@ import java.net.URI; import java.net.URISyntaxException; import java.util.HashMap; import java.util.Map; +import java.util.StringTokenizer; /** * Synapse gateway handler for API authentication. @@ -48,6 +49,12 @@ public class AuthenticationHandler extends AbstractHandler { private HandlerDescription handlerDesc; private RESTInvoker restInvoker; + private static final String X_JWT_ASSERTION = "X-JWT-Assertion"; + private static final String JWTTOKEN = "JWTToken"; + private static final String AUTHORIZATION = "Authorization"; + private static final String BEARER = "Bearer "; + private static final String CONTENT_TYPE = "Content-Type"; + private IOTServerConfiguration iotServerConfiguration; /** @@ -62,6 +69,7 @@ public class AuthenticationHandler extends AbstractHandler { /** * Handling the message and checking the security. + * * @param messageContext * @return */ @@ -84,14 +92,9 @@ public class AuthenticationHandler extends AbstractHandler { if (log.isDebugEnabled()) { log.debug("Verify Cert:\n" + mdmSignature); } - String accessToken = Utils.getAccessToken(iotServerConfiguration); - String deviceType = this.getDeviceType(messageContext.getTo().getAddress().trim()); URI certVerifyUrl = new URI(iotServerConfiguration.getVerificationEndpoint() + deviceType); - - Map certVerifyHeaders = new HashMap<>(); - certVerifyHeaders.put("Authorization", "Bearer " + accessToken); - certVerifyHeaders.put("Content-Type", "application/json"); + Map certVerifyHeaders = this.setHeaders(); Certificate certificate = new Certificate(); certificate.setPem(mdmSignature); @@ -104,15 +107,16 @@ public class AuthenticationHandler extends AbstractHandler { null, certVerifyContent); String str = response.getContent(); - if (str.contains("JWTToken")) { - ValidationResponce validationResponce = gson.fromJson(str, ValidationResponce.class); - // TODO: send the JWT token with user details. - // headers.put("X-JWT-Assertion", validationResponce.getJWTToken()); - } if (log.isDebugEnabled()) { log.debug("Verify response:" + response.getContent()); log.debug("Response String : " + str); } + if (response.getHttpStatus() == 200 && str.contains(JWTTOKEN)) { + ValidationResponce validationResponce = gson.fromJson(str, ValidationResponce.class); + headers.put(X_JWT_ASSERTION, validationResponce.getJWTToken()); + } else { + return false; + } } else if (headers.containsKey(AuthConstants.PROXY_MUTUAL_AUTH_HEADER)) { String subjectDN = headers.get(AuthConstants.PROXY_MUTUAL_AUTH_HEADER).toString(); @@ -120,12 +124,10 @@ public class AuthenticationHandler extends AbstractHandler { if (log.isDebugEnabled()) { log.debug("Verify subject DN: " + subjectDN); } - String accessToken = Utils.getAccessToken(iotServerConfiguration); + String deviceType = this.getDeviceType(messageContext.getTo().getAddress().trim()); URI certVerifyUrl = new URI(iotServerConfiguration.getVerificationEndpoint() + deviceType); - Map certVerifyHeaders = new HashMap<>(); - certVerifyHeaders.put("Authorization", "Bearer " + accessToken); - certVerifyHeaders.put("Content-Type", "application/json"); + Map certVerifyHeaders = this.setHeaders(); Certificate certificate = new Certificate(); certificate.setPem(subjectDN); certificate.setTenantId(tenantId); @@ -143,11 +145,9 @@ public class AuthenticationHandler extends AbstractHandler { if (log.isDebugEnabled()) { log.debug("Verify Cert:\n" + encodedPem); } - String accessToken = Utils.getAccessToken(iotServerConfiguration); - URI certVerifyUrl = new URI(iotServerConfiguration.getVerificationEndpoint() + "android"); - Map certVerifyHeaders = new HashMap<>(); - certVerifyHeaders.put("Authorization", "Bearer " + accessToken); - certVerifyHeaders.put("Content-Type", "application/json"); + String deviceType = this.getDeviceType(messageContext.getTo().getAddress().trim()); + URI certVerifyUrl = new URI(iotServerConfiguration.getVerificationEndpoint() + deviceType); + Map certVerifyHeaders = this.setHeaders(); Certificate certificate = new Certificate(); certificate.setPem(encodedPem); @@ -188,13 +188,21 @@ public class AuthenticationHandler extends AbstractHandler { } - // TODO : take this from the url. private String getDeviceType(String url) { - if (url.contains("ios")) { - return "ios"; - } else if (url.contains("android")) { - return "android"; - } else return null; + StringTokenizer parts = new StringTokenizer(url, "/"); + while (parts.hasMoreElements()) { + if (parts.nextElement().equals("api")) { + return (String) parts.nextElement(); + } + } + return null; + } + private Map setHeaders() throws APIMCertificateMGTException { + Map map = new HashMap<>(); + String accessToken = Utils.getAccessToken(iotServerConfiguration); + map.put(AUTHORIZATION, BEARER + accessToken); + map.put(CONTENT_TYPE, "application/json"); + return map; } } diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/impl/CertificateManagementAdminServiceImpl.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/impl/CertificateManagementAdminServiceImpl.java index 0f62d9e72b8..3a8a39d3f8f 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/impl/CertificateManagementAdminServiceImpl.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/impl/CertificateManagementAdminServiceImpl.java @@ -27,7 +27,9 @@ import javax.ws.rs.*; import javax.ws.rs.core.Response; import java.security.cert.X509Certificate; import java.util.ArrayList; +import java.util.HashMap; import java.util.List; +import java.util.Map; @Path("/admin/certificates") public class CertificateManagementAdminServiceImpl implements CertificateManagementAdminService { @@ -230,10 +232,20 @@ public class CertificateManagementAdminServiceImpl implements CertificateManagem deviceIdentifier.setId(challengeToken); deviceIdentifier.setType(DeviceManagementConstants.MobileDeviceTypes.MOBILE_DEVICE_TYPE_IOS); TenantedDeviceWrapper tenantedDeviceWrapper = scepManager.getValidatedDevice(deviceIdentifier); +// +// var claims = {"http://wso2.org/claims/enduserTenantId": adminUserTenantId, +// "http://wso2.org/claims/enduser": adminUsername}; + + Map claims = new HashMap<>(); + + claims.put("http://wso2.org/claims/enduserTenantId", String.valueOf(tenantedDeviceWrapper.getTenantId())); + claims.put("http://wso2.org/claims/enduser", tenantedDeviceWrapper.getDevice().getEnrolmentInfo().getOwner()); + claims.put("http://wso2.org/claims/deviceIdentifier", tenantedDeviceWrapper.getDevice().getDeviceIdentifier()); + claims.put("http://wso2.org/claims/deviceIdType", tenantedDeviceWrapper.getDevice().getType()); JWTClientManagerService jwtClientManagerService = CertificateMgtAPIUtils.getJwtClientManagerService(); String jwdToken = jwtClientManagerService.getJWTClient().getJwtToken( - tenantedDeviceWrapper.getDevice().getEnrolmentInfo().getOwner()); + tenantedDeviceWrapper.getDevice().getEnrolmentInfo().getOwner(), claims); ValidationResponce validationResponce = new ValidationResponce(); validationResponce.setDeviceId(challengeToken);