|
|
@ -62,7 +62,7 @@ public class JWTAuthenticator implements WebappAuthenticator {
|
|
|
|
private static final String DEFAULT_TRUST_STORE_LOCATION = "Security.TrustStore.Location";
|
|
|
|
private static final String DEFAULT_TRUST_STORE_LOCATION = "Security.TrustStore.Location";
|
|
|
|
private static final String DEFAULT_TRUST_STORE_PASSWORD = "Security.TrustStore.Password";
|
|
|
|
private static final String DEFAULT_TRUST_STORE_PASSWORD = "Security.TrustStore.Password";
|
|
|
|
|
|
|
|
|
|
|
|
private static final Map<String, PublicKey> publicKeyHolder = new HashMap<>();
|
|
|
|
private static final Map<IssuerAlias, PublicKey> publicKeyHolder = new HashMap<>();
|
|
|
|
private Properties properties;
|
|
|
|
private Properties properties;
|
|
|
|
|
|
|
|
|
|
|
|
private static void loadTenantRegistry(int tenantId) throws RegistryException {
|
|
|
|
private static void loadTenantRegistry(int tenantId) throws RegistryException {
|
|
|
@ -106,46 +106,37 @@ public class JWTAuthenticator implements WebappAuthenticator {
|
|
|
|
String username = jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_USERNAME);
|
|
|
|
String username = jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_USERNAME);
|
|
|
|
String tenantDomain = MultitenantUtils.getTenantDomain(username);
|
|
|
|
String tenantDomain = MultitenantUtils.getTenantDomain(username);
|
|
|
|
int tenantId = Integer.parseInt(jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_TENANT_ID));
|
|
|
|
int tenantId = Integer.parseInt(jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_TENANT_ID));
|
|
|
|
|
|
|
|
String issuer = jwsObject.getJWTClaimsSet().getIssuer();
|
|
|
|
PrivilegedCarbonContext.startTenantFlow();
|
|
|
|
PrivilegedCarbonContext.startTenantFlow();
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain);
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain);
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(tenantId);
|
|
|
|
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(tenantId);
|
|
|
|
PublicKey publicKey = publicKeyHolder.get(tenantDomain);
|
|
|
|
IssuerAlias issuerAlias = new IssuerAlias(issuer, tenantDomain);
|
|
|
|
|
|
|
|
PublicKey publicKey = publicKeyHolder.get(issuerAlias);
|
|
|
|
if (publicKey == null) {
|
|
|
|
if (publicKey == null) {
|
|
|
|
loadTenantRegistry(tenantId);
|
|
|
|
loadTenantRegistry(tenantId);
|
|
|
|
KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId);
|
|
|
|
KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId);
|
|
|
|
if (MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
|
|
|
|
if (MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
|
|
|
|
String defaultPublicKey = properties.getProperty("DefaultPublicKey");
|
|
|
|
String alias = properties.getProperty(issuer);
|
|
|
|
if (defaultPublicKey != null && !defaultPublicKey.isEmpty()) {
|
|
|
|
if (alias != null && !alias.isEmpty()) {
|
|
|
|
boolean isDefaultPublicKey = Boolean.parseBoolean(defaultPublicKey);
|
|
|
|
ServerConfiguration serverConfig = CarbonUtils.getServerConfiguration();
|
|
|
|
if (isDefaultPublicKey) {
|
|
|
|
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
|
|
|
|
publicKey = keyStoreManager.getDefaultPublicKey();
|
|
|
|
String trustStorePath = serverConfig.getFirstProperty(DEFAULT_TRUST_STORE_LOCATION);
|
|
|
|
} else {
|
|
|
|
String trustStorePassword = serverConfig.getFirstProperty(
|
|
|
|
String alias = properties.getProperty("KeyAlias");
|
|
|
|
DEFAULT_TRUST_STORE_PASSWORD);
|
|
|
|
if (alias != null && !alias.isEmpty()) {
|
|
|
|
keyStore.load(new FileInputStream(trustStorePath), trustStorePassword.toCharArray());
|
|
|
|
ServerConfiguration serverConfig = CarbonUtils.getServerConfiguration();
|
|
|
|
publicKey = keyStore.getCertificate(alias).getPublicKey();
|
|
|
|
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
|
|
|
|
|
|
|
|
String trustStorePath = serverConfig.getFirstProperty(DEFAULT_TRUST_STORE_LOCATION);
|
|
|
|
|
|
|
|
String trustStorePassword = serverConfig.getFirstProperty(
|
|
|
|
|
|
|
|
DEFAULT_TRUST_STORE_PASSWORD);
|
|
|
|
|
|
|
|
keyStore.load(new FileInputStream(trustStorePath), trustStorePassword.toCharArray());
|
|
|
|
|
|
|
|
publicKey = keyStore.getCertificate(alias).getPublicKey();
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
authenticationInfo.setStatus(Status.FAILURE);
|
|
|
|
|
|
|
|
return authenticationInfo;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
publicKey = keyStoreManager.getDefaultPublicKey();
|
|
|
|
authenticationInfo.setStatus(Status.FAILURE);
|
|
|
|
|
|
|
|
return authenticationInfo;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
String ksName = tenantDomain.trim().replace('.', '-');
|
|
|
|
String ksName = tenantDomain.trim().replace('.', '-');
|
|
|
|
String jksName = ksName + ".jks";
|
|
|
|
String jksName = ksName + ".jks";
|
|
|
|
publicKey = keyStoreManager.getKeyStore(jksName).getCertificate(tenantDomain).getPublicKey();
|
|
|
|
publicKey = keyStoreManager.getKeyStore(jksName).getCertificate(tenantDomain).getPublicKey();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (publicKey != null) {
|
|
|
|
if (publicKey != null) {
|
|
|
|
publicKeyHolder.put(tenantDomain, publicKey);
|
|
|
|
issuerAlias = new IssuerAlias(tenantDomain);
|
|
|
|
|
|
|
|
publicKeyHolder.put(issuerAlias, publicKey);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
@ -205,4 +196,34 @@ public class JWTAuthenticator implements WebappAuthenticator {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return this.properties.getProperty(name);
|
|
|
|
return this.properties.getProperty(name);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private class IssuerAlias {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private String issuer;
|
|
|
|
|
|
|
|
private String tenantDomain;
|
|
|
|
|
|
|
|
private final String DEFAULT_ISSUER = "default";
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public IssuerAlias(String tenantDomain) {
|
|
|
|
|
|
|
|
this.issuer = DEFAULT_ISSUER;
|
|
|
|
|
|
|
|
this.tenantDomain = tenantDomain;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public IssuerAlias(String issuer, String tenantDomain) {
|
|
|
|
|
|
|
|
this.issuer = issuer;
|
|
|
|
|
|
|
|
this.tenantDomain = tenantDomain;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
|
|
|
public int hashCode() {
|
|
|
|
|
|
|
|
int result = this.issuer.hashCode();
|
|
|
|
|
|
|
|
result = 31 * result + ("@" + this.tenantDomain).hashCode();
|
|
|
|
|
|
|
|
return result;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
|
|
|
|
public boolean equals(Object obj) {
|
|
|
|
|
|
|
|
return (obj instanceof IssuerAlias) && issuer.equals(
|
|
|
|
|
|
|
|
((IssuerAlias) obj).issuer) && tenantDomain == ((IssuerAlias) obj).tenantDomain;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|