forked from community/device-mgt-core
Merge branch 'cloud-3.1.0' of https://github.com/wso2/carbon-device-mgt into cloud-3.1.0
commit
71a689ea4b
@ -0,0 +1,148 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
package org.wso2.carbon.device.mgt.jaxrs.service.api.admin;
|
||||||
|
|
||||||
|
|
||||||
|
import io.swagger.annotations.*;
|
||||||
|
import org.wso2.carbon.apimgt.annotations.api.Scope;
|
||||||
|
import org.wso2.carbon.apimgt.annotations.api.Scopes;
|
||||||
|
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
|
||||||
|
import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
|
||||||
|
|
||||||
|
import javax.ws.rs.GET;
|
||||||
|
import javax.ws.rs.POST;
|
||||||
|
import javax.ws.rs.Path;
|
||||||
|
import javax.ws.rs.PathParam;
|
||||||
|
import javax.ws.rs.QueryParam;
|
||||||
|
import javax.ws.rs.core.Response;
|
||||||
|
|
||||||
|
@SwaggerDefinition(
|
||||||
|
info = @Info(
|
||||||
|
version = "1.0.0",
|
||||||
|
title = "",
|
||||||
|
extensions = {
|
||||||
|
@Extension(properties = {
|
||||||
|
@ExtensionProperty(name = "name", value = "DeviceTypePublisherAdminService"),
|
||||||
|
@ExtensionProperty(name = "context", value = "/api/device-mgt/v1.0/admin/devicetype"),
|
||||||
|
})
|
||||||
|
}
|
||||||
|
),
|
||||||
|
tags = {
|
||||||
|
@Tag(name = "device_management", description = "")
|
||||||
|
}
|
||||||
|
)
|
||||||
|
@Path("/admin/devicetype")
|
||||||
|
@Api(value = "Devicetype deployment Administrative Service", description = "This an API intended to be used to " +
|
||||||
|
"deploy device type components" +
|
||||||
|
"Further, this is strictly restricted to admin users only ")
|
||||||
|
@Scopes(
|
||||||
|
scopes = {
|
||||||
|
@Scope(
|
||||||
|
name = "Devicetype deployment",
|
||||||
|
description = "Deploy devicetype",
|
||||||
|
key = "perm:devicetype:deployment",
|
||||||
|
permissions = {"/device-mgt/devicetype/deploy"}
|
||||||
|
)
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
public interface DeviceTypePublisherAdminService {
|
||||||
|
|
||||||
|
@POST
|
||||||
|
@Path("/deploy/{type}")
|
||||||
|
@ApiOperation(
|
||||||
|
httpMethod = "POST",
|
||||||
|
value = "Deploy device type\n",
|
||||||
|
notes = "This is an API that can be used to deploy existing device type artifact for tenant",
|
||||||
|
response = Response.class,
|
||||||
|
tags = "Devicetype Deployment Service",
|
||||||
|
extensions = {
|
||||||
|
@Extension(properties = {
|
||||||
|
@ExtensionProperty(name = Constants.SCOPE, value = "perm:devicetype:deployment")
|
||||||
|
})
|
||||||
|
})
|
||||||
|
|
||||||
|
@ApiResponses(value = {
|
||||||
|
@ApiResponse(
|
||||||
|
code = 201,
|
||||||
|
message = "OK. \n Successfully deployed the artifacts.",
|
||||||
|
response = Response.class),
|
||||||
|
@ApiResponse(
|
||||||
|
code = 400,
|
||||||
|
message = "Bad Request. \n Invalid request or validation error.",
|
||||||
|
response = ErrorResponse.class),
|
||||||
|
@ApiResponse(
|
||||||
|
code = 404,
|
||||||
|
message = "Not Found. \n The specified resource does not exist."),
|
||||||
|
@ApiResponse(
|
||||||
|
code = 415,
|
||||||
|
message = "Unsupported media type. \n The entity of the request was in a not supported format."),
|
||||||
|
@ApiResponse(
|
||||||
|
code = 500,
|
||||||
|
message = "Internal Server Error. \n Server error occurred while checking the authorization" +
|
||||||
|
" for a specified set of devices.",
|
||||||
|
response = ErrorResponse.class)
|
||||||
|
})
|
||||||
|
|
||||||
|
Response doPublish(
|
||||||
|
@ApiParam(name = "type",
|
||||||
|
value = "The type of deployment." +
|
||||||
|
"INFO: Deploy artifact with given type.",
|
||||||
|
required = true)
|
||||||
|
@PathParam("type") String type);
|
||||||
|
|
||||||
|
@GET
|
||||||
|
@Path("/deploy/{type}/status")
|
||||||
|
@ApiOperation(
|
||||||
|
httpMethod = "GET",
|
||||||
|
value = "Check the status of device type artifact\n",
|
||||||
|
notes = "This is an API that can be used to check the status of the artifact",
|
||||||
|
response = Response.class,
|
||||||
|
tags = "Devicetype Status Service",
|
||||||
|
extensions = {
|
||||||
|
@Extension(properties = {
|
||||||
|
@ExtensionProperty(name = Constants.SCOPE, value = "perm:devicetype:deployment")
|
||||||
|
})
|
||||||
|
})
|
||||||
|
|
||||||
|
@ApiResponses(value = {
|
||||||
|
@ApiResponse(
|
||||||
|
code = 201,
|
||||||
|
message = "OK. \n Successfully deployed the artifacts.",
|
||||||
|
response = Response.class),
|
||||||
|
@ApiResponse(
|
||||||
|
code = 400,
|
||||||
|
message = "Bad Request. \n Invalid request or validation error.",
|
||||||
|
response = ErrorResponse.class),
|
||||||
|
@ApiResponse(
|
||||||
|
code = 404,
|
||||||
|
message = "Not Found. \n The specified resource does not exist."),
|
||||||
|
@ApiResponse(
|
||||||
|
code = 415,
|
||||||
|
message = "Unsupported media type. \n The entity of the request was in a not supported format."),
|
||||||
|
@ApiResponse(
|
||||||
|
code = 500,
|
||||||
|
message = "Internal Server Error. \n Server error occurred while checking the authorization" +
|
||||||
|
" for a specified set of devices.",
|
||||||
|
response = ErrorResponse.class)
|
||||||
|
})
|
||||||
|
|
||||||
|
Response getStatus(@PathParam("type") String deviceType);
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,315 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
package org.wso2.carbon.device.mgt.jaxrs.service.impl.admin;
|
||||||
|
|
||||||
|
import org.apache.axiom.om.OMElement;
|
||||||
|
import org.apache.axiom.om.OMXMLBuilderFactory;
|
||||||
|
import org.apache.axis2.client.Options;
|
||||||
|
import org.apache.axis2.java.security.SSLProtocolSocketFactory;
|
||||||
|
import org.apache.axis2.transport.http.HTTPConstants;
|
||||||
|
import org.apache.commons.codec.binary.Base64;
|
||||||
|
import org.apache.commons.httpclient.Header;
|
||||||
|
import org.apache.commons.httpclient.protocol.Protocol;
|
||||||
|
import org.apache.commons.httpclient.protocol.ProtocolSocketFactory;
|
||||||
|
import org.apache.commons.logging.Log;
|
||||||
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
import org.wso2.carbon.application.mgt.stub.upload.CarbonAppUploaderStub;
|
||||||
|
import org.wso2.carbon.application.mgt.stub.upload.types.carbon.UploadedFileItem;
|
||||||
|
import org.wso2.carbon.base.ServerConfiguration;
|
||||||
|
import org.wso2.carbon.context.PrivilegedCarbonContext;
|
||||||
|
import org.wso2.carbon.core.util.Utils;
|
||||||
|
import org.wso2.carbon.device.mgt.jaxrs.service.api.admin.DeviceTypePublisherAdminService;
|
||||||
|
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils;
|
||||||
|
import org.wso2.carbon.registry.core.Registry;
|
||||||
|
import org.wso2.carbon.registry.core.Resource;
|
||||||
|
import org.wso2.carbon.registry.core.ResourceImpl;
|
||||||
|
import org.wso2.carbon.registry.core.exceptions.RegistryException;
|
||||||
|
import org.wso2.carbon.utils.CarbonUtils;
|
||||||
|
|
||||||
|
import javax.activation.DataHandler;
|
||||||
|
import javax.net.ssl.KeyManagerFactory;
|
||||||
|
import javax.net.ssl.SSLContext;
|
||||||
|
import javax.net.ssl.TrustManagerFactory;
|
||||||
|
import javax.ws.rs.GET;
|
||||||
|
import javax.ws.rs.POST;
|
||||||
|
import javax.ws.rs.Path;
|
||||||
|
import javax.ws.rs.PathParam;
|
||||||
|
import javax.ws.rs.core.Response;
|
||||||
|
import java.io.*;
|
||||||
|
import java.security.KeyManagementException;
|
||||||
|
import java.security.KeyStore;
|
||||||
|
import java.security.KeyStoreException;
|
||||||
|
import java.security.NoSuchAlgorithmException;
|
||||||
|
import java.security.UnrecoverableKeyException;
|
||||||
|
import java.security.cert.CertificateException;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
@Path("/admin/devicetype")
|
||||||
|
public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherAdminService {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* required soap header for mutualSSL
|
||||||
|
*/
|
||||||
|
private static final String USER_NAME_HEADER = "UserName";
|
||||||
|
|
||||||
|
private static final String KEY_STORE_TYPE = "JKS";
|
||||||
|
/**
|
||||||
|
* Default truststore type of the client
|
||||||
|
*/
|
||||||
|
private static final String TRUST_STORE_TYPE = "JKS";
|
||||||
|
/**
|
||||||
|
* Default keymanager type of the client
|
||||||
|
*/
|
||||||
|
private static final String KEY_MANAGER_TYPE = "SunX509"; //Default Key Manager Type
|
||||||
|
/**
|
||||||
|
* Default trustmanager type of the client
|
||||||
|
*/
|
||||||
|
private static final String TRUST_MANAGER_TYPE = "SunX509"; //Default Trust Manager Type
|
||||||
|
|
||||||
|
private static final String SSLV3 = "SSLv3";
|
||||||
|
|
||||||
|
private KeyStore keyStore;
|
||||||
|
private KeyStore trustStore;
|
||||||
|
private char[] keyStorePassword;
|
||||||
|
private SSLContext sslContext;
|
||||||
|
|
||||||
|
private static final Log log = LogFactory.getLog(DeviceTypePublisherAdminServiceImpl.class);
|
||||||
|
private static final String DEFAULT_RESOURCE_LOCATION = "/resources/devicetypes";
|
||||||
|
private static final String CAR_FILE_LOCATION = CarbonUtils.getCarbonHome() + File.separator + "repository" +
|
||||||
|
File.separator + "resources" + File.separator + "devicetypes";
|
||||||
|
private static final String DAS_PORT = "${iot.analytics.https.port}";
|
||||||
|
private static final String DAS_HOST_NAME = "${iot.analytics.host}";
|
||||||
|
private static final String DEFAULT_HTTP_PROTOCOL = "https";
|
||||||
|
private static final String IOT_MGT_PORT = "${iot.manager.https.port}";
|
||||||
|
private static final String IOT_MGT_HOST_NAME = "${iot.manager.host}";
|
||||||
|
private static final String DAS_URL = DEFAULT_HTTP_PROTOCOL + "://" + DAS_HOST_NAME
|
||||||
|
+ ":" + DAS_PORT + "/services/CarbonAppUploader" + "/";
|
||||||
|
private static final String IOT_MGT_URL = DEFAULT_HTTP_PROTOCOL + "://" + IOT_MGT_HOST_NAME
|
||||||
|
+ ":" + IOT_MGT_PORT + "/services/CarbonAppUploader" + "/";
|
||||||
|
private static final String MEDIA_TYPE_XML = "application/xml";
|
||||||
|
private static final String DEVICE_MANAGEMENT_TYPE = "device_management";
|
||||||
|
|
||||||
|
@Override
|
||||||
|
@POST
|
||||||
|
@Path("/deploy/{type}")
|
||||||
|
public Response doPublish(@PathParam("type") String type) {
|
||||||
|
|
||||||
|
try {
|
||||||
|
//Getting the tenant Domain
|
||||||
|
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
|
||||||
|
String username = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername();
|
||||||
|
String tenantAdminUser = username + "@" + tenantDomain;
|
||||||
|
|
||||||
|
String keyStorePassword = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Password");
|
||||||
|
String trustStorePassword = ServerConfiguration.getInstance().getFirstProperty(
|
||||||
|
"Security.TrustStore.Password");
|
||||||
|
String keyStoreLocation = ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.Location");
|
||||||
|
String trustStoreLocation = ServerConfiguration.getInstance().getFirstProperty(
|
||||||
|
"Security.TrustStore.Location");
|
||||||
|
|
||||||
|
//Call to load the keystore.
|
||||||
|
loadKeyStore(keyStoreLocation, keyStorePassword);
|
||||||
|
//Call to load the TrustStore.
|
||||||
|
loadTrustStore(trustStoreLocation, trustStorePassword);
|
||||||
|
//Create the SSL context with the loaded TrustStore/keystore.
|
||||||
|
initMutualSSLConnection();
|
||||||
|
|
||||||
|
//Constructing the soap header that required for mutual SSL
|
||||||
|
String strHeader =
|
||||||
|
"<m:UserName soapenv:mustUnderstand=\"0\" xmlns:m=\"http://mutualssl.carbon.wso2.org\" " +
|
||||||
|
"xmlns:soapenv=\"http://www.w3.org/2001/12/soap-envelope\" >'" + tenantAdminUser +
|
||||||
|
"'</m:UserName>";
|
||||||
|
|
||||||
|
InputStream is = new ByteArrayInputStream(strHeader.getBytes());
|
||||||
|
OMElement header = OMXMLBuilderFactory.createOMBuilder(is).getDocumentElement();
|
||||||
|
|
||||||
|
List<Header> list = new ArrayList<Header>();
|
||||||
|
Header httpHeader = new Header();
|
||||||
|
httpHeader.setName(USER_NAME_HEADER);
|
||||||
|
byte[] encodedBytes = Base64.encodeBase64(tenantAdminUser.getBytes());
|
||||||
|
httpHeader.setValue(new String(encodedBytes));
|
||||||
|
list.add(httpHeader);//"https"
|
||||||
|
|
||||||
|
File directory = new File(CAR_FILE_LOCATION + File.separator + type);
|
||||||
|
if (directory.isDirectory() && directory.exists()) {
|
||||||
|
UploadedFileItem[] uploadedFileItems = loadCappFromFileSystem(type);
|
||||||
|
if (uploadedFileItems.length > 0) {
|
||||||
|
CarbonAppUploaderStub carbonAppUploaderStub = new CarbonAppUploaderStub(Utils.replaceSystemProperty(
|
||||||
|
IOT_MGT_URL));
|
||||||
|
carbonAppUploaderStub._getServiceClient().addHeader(header);
|
||||||
|
Options appUploaderOptions = carbonAppUploaderStub._getServiceClient().getOptions();
|
||||||
|
if (appUploaderOptions == null) {
|
||||||
|
appUploaderOptions = new Options();
|
||||||
|
}
|
||||||
|
appUploaderOptions.setProperty(HTTPConstants.HTTP_HEADERS, list);
|
||||||
|
appUploaderOptions.setProperty(HTTPConstants.CUSTOM_PROTOCOL_HANDLER
|
||||||
|
, new Protocol(DEFAULT_HTTP_PROTOCOL, (ProtocolSocketFactory) new SSLProtocolSocketFactory
|
||||||
|
(sslContext), Integer.parseInt(Utils.replaceSystemProperty(IOT_MGT_PORT))));
|
||||||
|
|
||||||
|
carbonAppUploaderStub._getServiceClient().setOptions(appUploaderOptions);
|
||||||
|
carbonAppUploaderStub.uploadApp(uploadedFileItems);
|
||||||
|
|
||||||
|
if (!DEVICE_MANAGEMENT_TYPE.equals(type.toLowerCase())) {
|
||||||
|
carbonAppUploaderStub = new CarbonAppUploaderStub(Utils.replaceSystemProperty(DAS_URL));
|
||||||
|
carbonAppUploaderStub._getServiceClient().addHeader(header);
|
||||||
|
appUploaderOptions = carbonAppUploaderStub._getServiceClient().getOptions();
|
||||||
|
if (appUploaderOptions == null) {
|
||||||
|
appUploaderOptions = new Options();
|
||||||
|
}
|
||||||
|
appUploaderOptions.setProperty(HTTPConstants.HTTP_HEADERS, list);
|
||||||
|
appUploaderOptions.setProperty(HTTPConstants.CUSTOM_PROTOCOL_HANDLER
|
||||||
|
, new Protocol(DEFAULT_HTTP_PROTOCOL
|
||||||
|
, (ProtocolSocketFactory) new SSLProtocolSocketFactory(sslContext)
|
||||||
|
, Integer.parseInt(Utils.replaceSystemProperty(DAS_PORT))));
|
||||||
|
|
||||||
|
carbonAppUploaderStub._getServiceClient().setOptions(appUploaderOptions);
|
||||||
|
carbonAppUploaderStub.uploadApp(uploadedFileItems);
|
||||||
|
}
|
||||||
|
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
|
||||||
|
Registry registry = DeviceMgtAPIUtils.getRegistryService().getConfigSystemRegistry(tenantId);
|
||||||
|
if (!registry.resourceExists(DEFAULT_RESOURCE_LOCATION + type + ".exist")) {
|
||||||
|
Resource resource = new ResourceImpl();
|
||||||
|
resource.setContent("</exist>");
|
||||||
|
resource.setMediaType(MEDIA_TYPE_XML);
|
||||||
|
registry.put(DEFAULT_RESOURCE_LOCATION + type + ".exist", resource);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
return Response.status(Response.Status.BAD_REQUEST)
|
||||||
|
.entity("\"Error, Artifact does not exist.\"").build();
|
||||||
|
}
|
||||||
|
|
||||||
|
} catch (Exception e) {
|
||||||
|
log.error("Capp deployment failed due to " + e.getMessage(), e);
|
||||||
|
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(
|
||||||
|
"\"Error, Artifact deployment has failed\"").build();
|
||||||
|
}
|
||||||
|
|
||||||
|
return Response.status(Response.Status.CREATED).entity("\"OK. \\n Successfully uploaded the artifacts.\"")
|
||||||
|
.build();
|
||||||
|
}
|
||||||
|
|
||||||
|
@GET
|
||||||
|
@Path("/deploy/{type}/status")
|
||||||
|
@Override
|
||||||
|
public Response getStatus(@PathParam("type") String deviceType) {
|
||||||
|
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
|
||||||
|
Registry registry = null;
|
||||||
|
try {
|
||||||
|
registry = DeviceMgtAPIUtils.getRegistryService().getConfigSystemRegistry(tenantId);
|
||||||
|
if (registry.resourceExists(DEFAULT_RESOURCE_LOCATION + deviceType + ".exist")) {
|
||||||
|
return Response.status(Response.Status.OK).entity("Exist").build();
|
||||||
|
} else {
|
||||||
|
return Response.status(Response.Status.NO_CONTENT).entity("Does not Exist").build();
|
||||||
|
}
|
||||||
|
} catch (RegistryException e) {
|
||||||
|
log.error("Registry failed to load." + e.getMessage(), e);
|
||||||
|
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(
|
||||||
|
"\"Error, Artifact status check has failed\"").build();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private UploadedFileItem[] loadCappFromFileSystem(String deviceType) throws IOException {
|
||||||
|
|
||||||
|
File directory = new File(CAR_FILE_LOCATION + File.separator + deviceType);
|
||||||
|
File[] carFiles = directory.listFiles(new FilenameFilter() {
|
||||||
|
@Override
|
||||||
|
public boolean accept(File dir, String name) {
|
||||||
|
return name.toLowerCase().endsWith(".car");
|
||||||
|
}
|
||||||
|
});
|
||||||
|
List<UploadedFileItem> uploadedFileItemLis = new ArrayList<>();
|
||||||
|
if (carFiles != null) {
|
||||||
|
|
||||||
|
for (File carFile : carFiles) {
|
||||||
|
UploadedFileItem uploadedFileItem = new UploadedFileItem();
|
||||||
|
DataHandler param = new DataHandler(carFile.toURI().toURL());
|
||||||
|
uploadedFileItem.setDataHandler(param);
|
||||||
|
uploadedFileItem.setFileName(carFile.getName());
|
||||||
|
uploadedFileItem.setFileType("jar");
|
||||||
|
uploadedFileItemLis.add(uploadedFileItem);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
UploadedFileItem[] fileItems = new UploadedFileItem[uploadedFileItemLis.size()];
|
||||||
|
fileItems = uploadedFileItemLis.toArray(fileItems);
|
||||||
|
return fileItems;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Loads the keystore.
|
||||||
|
*
|
||||||
|
* @param keyStorePath - the path of the keystore
|
||||||
|
* @param ksPassword - the keystore password
|
||||||
|
*/
|
||||||
|
private void loadKeyStore(String keyStorePath, String ksPassword)
|
||||||
|
throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
|
||||||
|
InputStream fis = null;
|
||||||
|
try {
|
||||||
|
keyStorePassword = ksPassword.toCharArray();
|
||||||
|
keyStore = KeyStore.getInstance(KEY_STORE_TYPE);
|
||||||
|
fis = new FileInputStream(keyStorePath);
|
||||||
|
keyStore.load(fis, keyStorePassword);
|
||||||
|
} finally {
|
||||||
|
if (fis != null) {
|
||||||
|
fis.close();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Loads the trustore
|
||||||
|
*
|
||||||
|
* @param trustStorePath - the trustore path in the filesystem.
|
||||||
|
* @param tsPassword - the truststore password
|
||||||
|
*/
|
||||||
|
private void loadTrustStore(String trustStorePath, String tsPassword)
|
||||||
|
throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
|
||||||
|
|
||||||
|
InputStream fis = null;
|
||||||
|
try {
|
||||||
|
trustStore = KeyStore.getInstance(TRUST_STORE_TYPE);
|
||||||
|
fis = new FileInputStream(trustStorePath);
|
||||||
|
trustStore.load(fis, tsPassword.toCharArray());
|
||||||
|
} finally {
|
||||||
|
if (fis != null) {
|
||||||
|
fis.close();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Initializes the SSL Context
|
||||||
|
*/
|
||||||
|
private void initMutualSSLConnection() throws NoSuchAlgorithmException, UnrecoverableKeyException,
|
||||||
|
KeyStoreException, KeyManagementException {
|
||||||
|
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KEY_MANAGER_TYPE);
|
||||||
|
keyManagerFactory.init(keyStore, keyStorePassword);
|
||||||
|
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TRUST_MANAGER_TYPE);
|
||||||
|
trustManagerFactory.init(trustStore);
|
||||||
|
|
||||||
|
// Create and initialize SSLContext for HTTPS communication
|
||||||
|
sslContext = SSLContext.getInstance(SSLV3);
|
||||||
|
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
|
||||||
|
SSLContext.setDefault(sslContext);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,61 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.wso2.carbon.device.mgt.oauth.extensions.handlers.grant;
|
||||||
|
|
||||||
|
import org.apache.commons.logging.Log;
|
||||||
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
import org.wso2.carbon.apimgt.keymgt.ScopesIssuer;
|
||||||
|
import org.wso2.carbon.base.MultitenantConstants;
|
||||||
|
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
|
||||||
|
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
|
||||||
|
import org.wso2.carbon.identity.oauth2.grant.jwt.JWTBearerGrantHandler;
|
||||||
|
import org.wso2.carbon.identity.oauth2.model.RequestParameter;
|
||||||
|
import org.wso2.carbon.identity.oauth2.token.OAuthTokenReqMessageContext;
|
||||||
|
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This sets up user with tenant aware username.
|
||||||
|
*/
|
||||||
|
@SuppressWarnings("unused")
|
||||||
|
public class ExtendedJWTGrantHandler extends JWTBearerGrantHandler {
|
||||||
|
private static Log log = LogFactory.getLog(ExtendedJWTGrantHandler.class);
|
||||||
|
private static final String TENANT_DOMAIN_KEY = "tenantDomain";
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean validateScope(OAuthTokenReqMessageContext tokReqMsgCtx) {
|
||||||
|
return ScopesIssuer.getInstance().setScopes(tokReqMsgCtx);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean validateGrant(OAuthTokenReqMessageContext tokReqMsgCtx) throws IdentityOAuth2Exception {
|
||||||
|
|
||||||
|
RequestParameter[] requestParameters = tokReqMsgCtx.getOauth2AccessTokenReqDTO().getRequestParameters();
|
||||||
|
for (RequestParameter requestParameter : requestParameters) {
|
||||||
|
if (TENANT_DOMAIN_KEY.equals(requestParameter.getKey())) {
|
||||||
|
String[] values = requestParameter.getValue();
|
||||||
|
if (values != null && values.length > 0) {
|
||||||
|
tokReqMsgCtx.getOauth2AccessTokenReqDTO()
|
||||||
|
.setTenantDomain(values[0]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return super.validateGrant(tokReqMsgCtx);
|
||||||
|
}
|
||||||
|
}
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in new issue