few changes after testing the cluster

8 years ago · de957bec29
parent 0d721a226b
commit de957bec29
5 changed files with 59 additions and 35 deletions
--- a/components/device-mgt/org.wso2.carbon.device.mgt.url.printer/pom.xml
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.url.printer/pom.xml
@ -59,7 +59,7 @@
                        <Bundle-Name>${project.artifactId}</Bundle-Name>
                        <Bundle-Version>${carbon.device.mgt.version}</Bundle-Version>
                        <Bundle-Description>IoT Server Impl Bundle</Bundle-Description>
-                        <Private-Package>org.wso2.carbon.device.mgt.iot.url.printer.internal</Private-Package>
+                        <Private-Package>org.wso2.carbon.device.mgt.url.printer.internal</Private-Package>
                        <Import-Package>
                            org.osgi.framework,
                            org.osgi.service.component,
@ -69,8 +69,8 @@
                            org.wso2.carbon.utils.*,
                        </Import-Package>
                        <Export-Package>
-                            !org.wso2.carbon.device.mgt.iot.url.printer.internal,
-                            org.wso2.carbon.device.mgt.iot.url.printer.*;version="${project.version}"
+                            !org.wso2.carbon.device.mgt.url.printer.internal,
+                            org.wso2.carbon.device.mgt.url.printer.*;version="${project.version}"
                        </Export-Package>
                    </instructions>
                </configuration>
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java
@ -62,7 +62,7 @@ public class JWTAuthenticator implements WebappAuthenticator {
    private static final String DEFAULT_TRUST_STORE_LOCATION = "Security.TrustStore.Location";
    private static final String DEFAULT_TRUST_STORE_PASSWORD = "Security.TrustStore.Password";

-    private static final Map<String, PublicKey> publicKeyHolder = new HashMap<>();
+    private static final Map<IssuerAlias, PublicKey> publicKeyHolder = new HashMap<>();
    private Properties properties;

    private static void loadTenantRegistry(int tenantId) throws RegistryException {
@ -106,46 +106,37 @@ public class JWTAuthenticator implements WebappAuthenticator {
            String username = jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_USERNAME);
            String tenantDomain = MultitenantUtils.getTenantDomain(username);
            int tenantId = Integer.parseInt(jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_TENANT_ID));
+            String issuer = jwsObject.getJWTClaimsSet().getIssuer();
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain);
            PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(tenantId);
-            PublicKey publicKey =  publicKeyHolder.get(tenantDomain);
+            IssuerAlias issuerAlias = new IssuerAlias(issuer, tenantDomain);
+            PublicKey publicKey =  publicKeyHolder.get(issuerAlias);
            if (publicKey == null) {
                loadTenantRegistry(tenantId);
                KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId);
                if (MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
-                    String defaultPublicKey = properties.getProperty("DefaultPublicKey");
-                    if (defaultPublicKey != null && !defaultPublicKey.isEmpty()) {
-                        boolean isDefaultPublicKey = Boolean.parseBoolean(defaultPublicKey);
-                        if (isDefaultPublicKey) {
-                            publicKey = keyStoreManager.getDefaultPublicKey();
-                        } else {
-                            String alias = properties.getProperty("KeyAlias");
-                            if (alias != null && !alias.isEmpty()) {
-                                ServerConfiguration serverConfig = CarbonUtils.getServerConfiguration();
-                                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
-                                String trustStorePath = serverConfig.getFirstProperty(DEFAULT_TRUST_STORE_LOCATION);
-                                String trustStorePassword = serverConfig.getFirstProperty(
-                                        DEFAULT_TRUST_STORE_PASSWORD);
-                                keyStore.load(new FileInputStream(trustStorePath), trustStorePassword.toCharArray());
-                                publicKey = keyStore.getCertificate(alias).getPublicKey();
-                            } else {
-                                authenticationInfo.setStatus(Status.FAILURE);
-                                return  authenticationInfo;
-                            }
-                        }
-
+                    String alias = properties.getProperty(issuer);
+                    if (alias != null && !alias.isEmpty()) {
+                        ServerConfiguration serverConfig = CarbonUtils.getServerConfiguration();
+                        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+                        String trustStorePath = serverConfig.getFirstProperty(DEFAULT_TRUST_STORE_LOCATION);
+                        String trustStorePassword = serverConfig.getFirstProperty(
+                                DEFAULT_TRUST_STORE_PASSWORD);
+                        keyStore.load(new FileInputStream(trustStorePath), trustStorePassword.toCharArray());
+                        publicKey = keyStore.getCertificate(alias).getPublicKey();
                    } else {
-                        publicKey = keyStoreManager.getDefaultPublicKey();
+                        authenticationInfo.setStatus(Status.FAILURE);
+                        return  authenticationInfo;
                    }
-
                } else {
                    String ksName = tenantDomain.trim().replace('.', '-');
                    String jksName = ksName + ".jks";
                    publicKey = keyStoreManager.getKeyStore(jksName).getCertificate(tenantDomain).getPublicKey();
                }
                if (publicKey != null) {
-                    publicKeyHolder.put(tenantDomain, publicKey);
+                    issuerAlias = new IssuerAlias(tenantDomain);
+                    publicKeyHolder.put(issuerAlias, publicKey);
                }
            }

@ -205,4 +196,34 @@ public class JWTAuthenticator implements WebappAuthenticator {
        }
        return this.properties.getProperty(name);
    }
+
+    private class IssuerAlias {
+
+        private String issuer;
+        private String tenantDomain;
+        private final String DEFAULT_ISSUER = "default";
+
+        public  IssuerAlias(String tenantDomain) {
+            this.issuer = DEFAULT_ISSUER;
+            this.tenantDomain = tenantDomain;
+        }
+
+        public  IssuerAlias(String issuer, String tenantDomain) {
+            this.issuer = issuer;
+            this.tenantDomain = tenantDomain;
+        }
+
+        @Override
+        public int hashCode() {
+            int result = this.issuer.hashCode();
+            result = 31 * result + ("@" + this.tenantDomain).hashCode();
+            return result;
+        }
+
+        @Override
+        public boolean equals(Object obj) {
+            return (obj instanceof IssuerAlias) && issuer.equals(
+                    ((IssuerAlias) obj).issuer) && tenantDomain == ((IssuerAlias) obj).tenantDomain;
+        }
+    }
 }
--- a/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/pom.xml
+++ b/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/pom.xml
@ -122,6 +122,9 @@
                                <bundleDef>
                                    org.wso2.carbon.devicemgt:org.wso2.carbon.device.mgt.common:${carbon.device.mgt.version}
                                </bundleDef>
+								<bundleDef>
+									org.wso2.carbon.devicemgt:org.wso2.carbon.device.mgt.url.printer:${carbon.device.mgt.version}
+								</bundleDef>
                                <!--<bundleDef>-->
                                    <!--org.wso2.carbon.commons:org.wso2.carbon.email.verification-->
                                <!--</bundleDef>-->
--- a/features/jwt-client/org.wso2.carbon.identity.jwt.client.extension.feature/src/main/resources/jwt.properties
+++ b/features/jwt-client/org.wso2.carbon.identity.jwt.client.extension.feature/src/main/resources/jwt.properties
@ -17,13 +17,13 @@
 #

 #issuer of the JWT
-iss=iot_default
+iss=wso2.org/products/iot

-TokenEndpoint=https://localhost:${carbon.https.port}/oauth2/token
+TokenEndpoint=https://${iot.keymanager.host}:${iot.keymanager.https.port}/oauth2/token

 #audience of JWT claim
 #comma seperated values
-aud=wso2.org/products/iot
+aud=devicemgt

 #expiration time of JWT (number of minutes from the current time)
 exp=1000
--- a/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml
+++ b/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml
@ -20,9 +20,9 @@
            <Name>JWT</Name>
            <ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.JWTAuthenticator</ClassName>
            <Parameters>
-                <Parameter Name="DefaultPublicKey">true</Parameter>
-                <!--KeyAlias is alias of the certificate that is used to sign the JWT token-->
-                <!-- <Parameter Name="KeyAlias"></Parameter> -->
+				<!--Issuers list and corresponding cert alias-->
+                <Parameter Name="wso2.org/products/am">wso2carbon</Parameter>
+				<Parameter Name="wso2.org/products/iot">wso2carbon</Parameter>
            </Parameters>
        </Authenticator>
        <Authenticator>