Add token validation with one time token

This is to validate one time tokens in the APIM handlers and in the valve

components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/main/java/org/wso2/carbon/apimgt/handlers/AuthenticationHandler.java

@@ -182,6 +182,15 @@ public class AuthenticationHandler extends AbstractHandler {
                 if (log.isDebugEnabled()) {
                     log.debug("Verify response:" + response.getContent());
                 }
+            } else if (headers.containsKey(AuthConstants.ONE_TIME_TOKEN_HEADER)) {
+                String token = headers.get(AuthConstants.ONE_TIME_TOKEN_HEADER);
+                //TODO: validate token service. Since this is getting validated in the valve,
+                // this may not even be necessery
+//                if (log.isDebugEnabled()) {
+//                    log.debug("One time time :" + token + ", status : "  + );
+//                }
+                return true;
+
             } else {
                 log.warn("Unauthorized request for api: " + ctxPath);
                 return false;

components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/main/java/org/wso2/carbon/apimgt/handlers/utils/AuthConstants.java

@@ -24,6 +24,7 @@ public class AuthConstants {
     public static final String MDM_SIGNATURE = "mdm-signature";
     public static final String PROXY_MUTUAL_AUTH_HEADER = "proxy-mutual-auth-header";
     public static final String MUTUAL_AUTH_HEADER = "mutual-auth-header";
+    public static final String ONE_TIME_TOKEN_HEADER = "one-time-token";
     public static final String ENCODED_PEM = "encoded-pem";
     public static final String CALLBACK_URL = "";
     public static final String CLIENT_NAME = "IOT-API-MANAGER";

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Constants.java

@@ -31,6 +31,7 @@ public final class Constants {
 
         public static final String HEADER_HTTP_ACCEPT = "Accept";
         public static final String HEADER_HTTP_AUTHORIZATION = "Authorization";
+        public static final String ONE_TIME_TOKEN_HEADER = "one-time-token";
     }
 
     public static final class ContentTypes {

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OneTimeTokenAuthenticator.java

@@ -0,0 +1,93 @@
+/*
+ *   Copyright (c) 2020, Entgra (Pvt) Ltd. (http://www.entgra.io) All Rights Reserved.
+ *
+ *   Entgra (Pvt) Ltd. licenses this file to you under the Apache License,
+ *   Version 2.0 (the "License"); you may not use this file except
+ *   in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing,
+ *   software distributed under the License is distributed on an
+ *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *   KIND, either express or implied.  See the License for the
+ *   specific language governing permissions and limitations
+ *   under the License.
+ */
+package org.wso2.carbon.webapp.authenticator.framework.authenticator;
+
+import org.apache.catalina.connector.Response;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.tomcat.util.buf.ByteChunk;
+import org.apache.tomcat.util.buf.MessageBytes;
+import org.wso2.carbon.device.mgt.common.general.OneTimeTokenDetails;
+import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException;
+import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo;
+import org.wso2.carbon.webapp.authenticator.framework.Constants;
+import org.wso2.carbon.webapp.authenticator.framework.Utils.Utils;
+import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuth2TokenValidator;
+import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthTokenValidationException;
+import org.wso2.carbon.webapp.authenticator.framework.authenticator.oauth.OAuthValidationResponse;
+
+import java.util.Properties;
+import java.util.StringTokenizer;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+public class OneTimeTokenAuthenticator implements WebappAuthenticator {
+    private static final Log log = LogFactory.getLog(OneTimeTokenAuthenticator.class);
+
+
+    @Override
+    public void init() {
+
+    }
+
+    public boolean canHandle(org.apache.catalina.connector.Request request) {
+        return request.getHeader(Constants.HTTPHeaders.ONE_TIME_TOKEN_HEADER) != null;
+    }
+
+    public AuthenticationInfo authenticate(org.apache.catalina.connector.Request request, Response response) {
+
+        String token = request.getHeader(Constants.HTTPHeaders.ONE_TIME_TOKEN_HEADER);
+//        DeviceMgtAPIUtils.getDeviceManagementService();//TODO: call token validate service in core
+        OneTimeTokenDetails tokenDetails = new OneTimeTokenDetails();//TODO: use token details
+
+        AuthenticationInfo authenticationInfo = new AuthenticationInfo();
+
+        try {
+            authenticationInfo.setTenantDomain(tokenDetails.getDomain());
+            authenticationInfo.setStatus(Status.CONTINUE);
+            //authenticationInfo.setUsername(tokenDetails.get); //TODO: set username
+            //authenticationInfo.setTenantId();//TODO: set tenant Id
+        } catch (Exception e) { // TODO: remove this if not needed
+            authenticationInfo.setStatus(Status.FAILURE);
+            authenticationInfo.setMessage("Could not identify tenant domain.");
+        }
+
+        return null;
+    }
+
+    public String getName() {
+        return "One-Time-Token";
+    }
+
+    @Override
+    public void setProperties(Properties properties) {
+
+    }
+
+    @Override
+    public Properties getProperties() {
+        return null;
+    }
+
+    @Override
+    public String getProperty(String name) {
+        return null;
+    }
+
+
+}

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/AuthenticatorFrameworkDataHolder.java

@@ -20,6 +20,7 @@ package org.wso2.carbon.webapp.authenticator.framework.internal;
 
 import org.wso2.carbon.certificate.mgt.core.scep.SCEPManager;
 import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService;
+import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
 import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
 import org.wso2.carbon.registry.core.service.TenantRegistryLoader;
 import org.wso2.carbon.registry.indexing.service.TenantIndexingLoader;
@@ -35,6 +36,7 @@ public class AuthenticatorFrameworkDataHolder {
     private OAuth2TokenValidationService oAuth2TokenValidationService;
     private TenantIndexingLoader tenantIndexingLoader;
     private TenantRegistryLoader tenantRegistryLoader;
+    private DeviceManagementProviderService deviceManagementService;
 
     private static AuthenticatorFrameworkDataHolder
             thisInstance = new AuthenticatorFrameworkDataHolder();
@@ -114,4 +116,13 @@ public class AuthenticatorFrameworkDataHolder {
     public TenantRegistryLoader getTenantRegistryLoader() {
         return  tenantRegistryLoader;
     }
+
+
+    public DeviceManagementProviderService getDeviceManagementService() {
+        return deviceManagementService;
+    }
+
+    public void setDeviceManagementService(DeviceManagementProviderService deviceManagementService) {
+        this.deviceManagementService = deviceManagementService;
+    }
 }

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java

@@ -25,6 +25,7 @@ import org.osgi.framework.BundleContext;
 import org.osgi.service.component.ComponentContext;
 import org.wso2.carbon.certificate.mgt.core.scep.SCEPManager;
 import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService;
+import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
 import org.wso2.carbon.identity.oauth2.OAuth2TokenValidationService;
 import org.wso2.carbon.registry.core.service.TenantRegistryLoader;
 import org.wso2.carbon.registry.indexing.service.TenantIndexingLoader;
@@ -80,6 +81,12 @@ import java.util.Properties;
  * cardinality="1..1" policy="dynamic"
  * bind="setTenantRegistryLoader"
  * unbind="unsetTenantRegistryLoader"
+ * @scr.reference name="org.wso2.carbon.device.manager"
+ * interface="org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService"
+ * cardinality="1..1"
+ * policy="dynamic"
+ * bind="setDeviceManagementService"
+ * unbind="unsetDeviceManagementService"
  */
 public class WebappAuthenticatorFrameworkServiceComponent {
     private static final Log log = LogFactory.getLog(WebappAuthenticatorFrameworkServiceComponent.class);
@@ -211,4 +218,20 @@ public class WebappAuthenticatorFrameworkServiceComponent {
     protected void unsetTenantRegistryLoader(TenantRegistryLoader tenantRegistryLoader) {
         AuthenticatorFrameworkDataHolder.getInstance().setTenantRegistryLoader(null);
     }
+
+    @SuppressWarnings("unused")
+    protected void setDeviceManagementService(DeviceManagementProviderService deviceManagementProviderService) {
+        if (log.isDebugEnabled()) {
+            log.debug("Setting ApplicationDTO Management OSGI Manager");
+        }
+        AuthenticatorFrameworkDataHolder.getInstance().setDeviceManagementService(deviceManagementProviderService);
+    }
+
+    @SuppressWarnings("unused")
+    protected void unsetDeviceManagementService(DeviceManagementProviderService deviceManagementProviderService) {
+        if (log.isDebugEnabled()) {
+            log.debug("Removing ApplicationDTO Management OSGI Manager");
+        }
+        AuthenticatorFrameworkDataHolder.getInstance().setDeviceManagementService(null);
+    }
 }