Add improvements to APIM application creating logic

secure-folder-policy
Dharmakeerthi Lasantha 2 years ago
parent cb2fb990e7
commit 342e201c4c

@ -33,22 +33,22 @@ public interface APIManagementProviderService {
*/ */
boolean isTierLoaded(); boolean isTierLoaded();
/** // /**
* Generate and retreive application keys. if the application does exist then // * Generate and retreive application keys. if the application does exist then
* create it and subscribe to apis that are grouped with the tags. // * create it and subscribe to apis that are grouped with the tags.
* // *
* @param apiApplicationName name of the application. // * @param apiApplicationName name of the application.
* @param tags tags of the apis that application needs to be subscribed. // * @param tags tags of the apis that application needs to be subscribed.
* @param keyType of the application. // * @param keyType of the application.
* @param username to whom the application is created // * @param username to whom the application is created
* @param isAllowedAllDomains application is allowed to all the tenants // * @param isAllowedAllDomains application is allowed to all the tenants
* @param validityTime validity period of the application // * @param validityTime validity period of the application
* @return consumerkey and secrete of the created application. // * @return consumerkey and secrete of the created application.
* @throws APIManagerException // * @throws APIManagerException
*/ // */
ApiApplicationKey generateAndRetrieveApplicationKeys(String apiApplicationName, String tags[], // ApiApplicationKey generateAndRetrieveApplicationKeys(String apiApplicationName, String tags[],
String keyType, String username, boolean isAllowedAllDomains, // String keyType, String username, boolean isAllowedAllDomains,
String validityTime) throws APIManagerException; // String validityTime) throws APIManagerException;
ApiApplicationKey generateAndRetrieveApplicationKeys(String applicationName, String[] tags, ApiApplicationKey generateAndRetrieveApplicationKeys(String applicationName, String[] tags,
String keyType, String username, String keyType, String username,
@ -60,10 +60,10 @@ public interface APIManagementProviderService {
boolean isAllowedAllDomains, boolean isAllowedAllDomains,
String validityTime, String accessToken) throws APIManagerException; String validityTime, String accessToken) throws APIManagerException;
/** // /**
* Remove APIM Application. // * Remove APIM Application.
*/ // */
void removeAPIApplication(String applicationName, String username) throws APIManagerException; // void removeAPIApplication(String applicationName, String username) throws APIManagerException;
/** /**
* To get access token for given scopes and for the given validity period * To get access token for given scopes and for the given validity period

@ -54,7 +54,6 @@ import org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO;
import org.wso2.carbon.apimgt.api.model.API; import org.wso2.carbon.apimgt.api.model.API;
import org.wso2.carbon.apimgt.api.model.APIKey; import org.wso2.carbon.apimgt.api.model.APIKey;
import org.wso2.carbon.apimgt.api.model.ApiTypeWrapper; import org.wso2.carbon.apimgt.api.model.ApiTypeWrapper;
import org.wso2.carbon.apimgt.api.model.Application;
import org.wso2.carbon.apimgt.api.model.SubscribedAPI; import org.wso2.carbon.apimgt.api.model.SubscribedAPI;
import org.wso2.carbon.apimgt.api.model.Subscriber; import org.wso2.carbon.apimgt.api.model.Subscriber;
import org.wso2.carbon.apimgt.impl.APIAdminImpl; import org.wso2.carbon.apimgt.impl.APIAdminImpl;
@ -97,23 +96,23 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
return false; return false;
} }
@Override // @Override
public void removeAPIApplication(String applicationName, String username) throws APIManagerException { // public void removeAPIApplication(String applicationName, String username) throws APIManagerException {
//
try { // try {
APIConsumer apiConsumer = API_MANAGER_FACTORY.getAPIConsumer(username); // APIConsumer apiConsumer = API_MANAGER_FACTORY.getAPIConsumer(username);
Application application = null; // todo:apim - apiConsumer.getApplicationsByName(username, applicationName, ""); // Application application = null; // todo:apim - apiConsumer.getApplicationsByName(username, applicationName, "");
// curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" "https://localhost:9443/api/am/devportal/v3/applications?query=CalculatorApp" //// curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" "https://localhost:9443/api/am/devportal/v3/applications?query=CalculatorApp"
if (application != null) { // if (application != null) {
// todo:apim - apiConsumer.removeApplication(application, username); // // todo:apim - apiConsumer.removeApplication(application, username);
//curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -X DELETE "https://localhost:9443/api/am/devportal/v3/applications/896658a0-b4ee-4535-bbfa-806c894a4015" // //curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -X DELETE "https://localhost:9443/api/am/devportal/v3/applications/896658a0-b4ee-4535-bbfa-806c894a4015"
} // }
} catch (APIManagementException e) { // } catch (APIManagementException e) {
throw new APIManagerException("Failed to remove api application : " + applicationName, e); // throw new APIManagerException("Failed to remove api application : " + applicationName, e);
} // }
//
//
} // }
@Override @Override
public synchronized ApiApplicationKey generateAndRetrieveApplicationKeys(String applicationName, String[] tags, public synchronized ApiApplicationKey generateAndRetrieveApplicationKeys(String applicationName, String[] tags,
@ -123,8 +122,7 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
TokenInfo tokenInfo = new TokenInfo(); TokenInfo tokenInfo = new TokenInfo();
tokenInfo.setApiApplicationInfo(null); tokenInfo.setApiApplicationInfo(null);
tokenInfo.setAccessToken(accessToken); tokenInfo.setAccessToken(accessToken);
return generateAndRetrieveApplicationKeys(applicationName, tags ,keyType, isAllowedAllDomains, validityTime, tokenInfo);
return generateAndRetrieveApplicationKeys(applicationName, tags ,keyType, null, isAllowedAllDomains, validityTime, tokenInfo);
} }
@Override @Override
@ -136,16 +134,14 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
ApiApplicationInfo applicationInfo = getApplicationInfo(username, password); ApiApplicationInfo applicationInfo = getApplicationInfo(username, password);
TokenInfo tokenInfo = new TokenInfo(); TokenInfo tokenInfo = new TokenInfo();
tokenInfo.setApiApplicationInfo(applicationInfo); tokenInfo.setApiApplicationInfo(applicationInfo);
tokenInfo.setAccessToken(null); tokenInfo.setAccessToken(null);
return generateAndRetrieveApplicationKeys(applicationName, tags, keyType,isAllowedAllDomains, validityTime, tokenInfo);
return generateAndRetrieveApplicationKeys(applicationName, tags, keyType, username,isAllowedAllDomains, validityTime, tokenInfo);
} }
private ApiApplicationKey generateAndRetrieveApplicationKeys(String applicationName, String[] tags, private ApiApplicationKey generateAndRetrieveApplicationKeys(String applicationName, String[] tags,
String keyType, String username, String keyType,
boolean isAllowedAllDomains, boolean isAllowedAllDomains,
String validityTime, TokenInfo tokenInfo) throws APIManagerException { String validityTime, TokenInfo tokenInfo) throws APIManagerException {
@ -175,30 +171,78 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application[] applications = io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application[] applications =
consumerRESTAPIServices.getAllApplications(tokenInfo, applicationName); consumerRESTAPIServices.getAllApplications(tokenInfo, applicationName);
io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application application; io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application application;
boolean isNewApplication = false; MetadataManagementService metadataManagementService = APIApplicationManagerExtensionDataHolder.getInstance().getMetadataManagementService();
if (applications.length == 0) { if (applications.length == 0) {
isNewApplication = true; return handleNewAPIApplication(applicationName, uniqueApiList, tokenInfo, keyType, validityTime);
application = new io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application();
application.setName(applicationName);
application = consumerRESTAPIServices.createApplication(tokenInfo, application);
addSubscriptions(application, uniqueApiList, tokenInfo);
} else { } else {
if (applications.length == 1) { if (applications.length == 1) {
Optional<io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application> applicationOpt = Optional<io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application> applicationOpt =
Arrays.stream(applications).findFirst(); Arrays.stream(applications).findFirst();
application = applicationOpt.get(); application = applicationOpt.get();
Metadata metaData = metadataManagementService.retrieveMetadata(applicationName);
if (metaData == null) {
// Todo add a comment
consumerRESTAPIServices.deleteApplication(tokenInfo, application.getApplicationId());
return handleNewAPIApplication(applicationName, uniqueApiList, tokenInfo, keyType, validityTime);
} else {
Subscription[] subscriptions = consumerRESTAPIServices.getAllSubscriptions(tokenInfo, application.getApplicationId()); Subscription[] subscriptions = consumerRESTAPIServices.getAllSubscriptions(tokenInfo, application.getApplicationId());
Arrays.stream(subscriptions).map(Subscription::getApiInfo).forEachOrdered(uniqueApiList::remove); Arrays.stream(subscriptions).map(Subscription::getApiInfo).forEachOrdered(uniqueApiList::remove);
addSubscriptions(application, uniqueApiList, tokenInfo); addSubscriptions(application, uniqueApiList, tokenInfo);
String[] metaValues = metaData.getMetaValue().split(":");
if (metaValues.length != 2) {
String msg = "Found invalid Meta value for meta key: " + applicationName + ". Meta Value: "
+ metaData.getMetaValue();
log.error(msg);
throw new APIManagerException(msg);
}
String applicationId = metaValues[0];
String keyMappingId = metaValues[1];
ApplicationKey applicationKey = consumerRESTAPIServices.getKeyDetails(tokenInfo, applicationId, keyMappingId);
ApiApplicationKey apiApplicationKey = new ApiApplicationKey();
apiApplicationKey.setConsumerKey(applicationKey.getConsumerKey());
apiApplicationKey.setConsumerSecret(applicationKey.getConsumerSecret());
return apiApplicationKey;
}
} else { } else {
String msg = "Found more than one application for application name: " + applicationName; String msg = "Found more than one application for application name: " + applicationName;
log.error(msg); log.error(msg);
throw new APIManagerException(msg); throw new APIManagerException(msg);
} }
} }
} catch (APIServicesException e) {
String msg = "Error occurred while processing the response of APIM REST endpoints.";
log.error(msg, e);
throw new APIManagerException(msg, e);
} catch (BadRequestException e) {
String msg = "Provided incorrect payload when invoking APIM REST endpoints.";
log.error(msg, e);
throw new APIManagerException(msg, e);
} catch (UnexpectedResponseException e) {
String msg = "Error occurred while invoking APIM REST endpoints.";
log.error(msg, e);
throw new APIManagerException(msg, e);
} catch (MetadataManagementException e) {
String msg = "Error occurred while getting meta data for meta key: " + applicationName;
log.error(msg, e);
throw new APIManagerException(msg, e);
}
}
private ApiApplicationKey handleNewAPIApplication(String applicationName, List<APIInfo> uniqueApiList,
TokenInfo tokenInfo, String keyType, String validityTime) throws APIManagerException {
ConsumerRESTAPIServices consumerRESTAPIServices =
APIApplicationManagerExtensionDataHolder.getInstance().getConsumerRESTAPIServices();
io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application application = new io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application();
application.setName(applicationName);
try {
application = consumerRESTAPIServices.createApplication(tokenInfo, application);
addSubscriptions(application, uniqueApiList, tokenInfo);
MetadataManagementService metadataManagementService = APIApplicationManagerExtensionDataHolder.getInstance().getMetadataManagementService();
if (isNewApplication) {
KeyManager[] keyManagers = consumerRESTAPIServices.getAllKeyManagers(tokenInfo); KeyManager[] keyManagers = consumerRESTAPIServices.getAllKeyManagers(tokenInfo);
KeyManager keyManager; KeyManager keyManager;
if (keyManagers.length == 1) { if (keyManagers.length == 1) {
@ -206,6 +250,7 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
} else { } else {
String msg = String msg =
"Found invalid number of key managers. No of key managers found from the APIM: " + keyManagers.length; "Found invalid number of key managers. No of key managers found from the APIM: " + keyManagers.length;
log.error(msg);
throw new APIManagerException(msg); throw new APIManagerException(msg);
} }
ApplicationKey applicationKey = consumerRESTAPIServices.generateApplicationKeys(tokenInfo, application.getApplicationId(), ApplicationKey applicationKey = consumerRESTAPIServices.generateApplicationKeys(tokenInfo, application.getApplicationId(),
@ -218,57 +263,30 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
metaData.setMetaKey(applicationName); metaData.setMetaKey(applicationName);
String metaValue = application.getApplicationId() + ":" + applicationKey.getKeyMappingId(); String metaValue = application.getApplicationId() + ":" + applicationKey.getKeyMappingId();
metaData.setMetaValue(metaValue); metaData.setMetaValue(metaValue);
try {
MetadataManagementService metadataManagementService = APIApplicationManagerExtensionDataHolder.getInstance().getMetadataManagementService();
metadataManagementService.createMetadata(metaData); metadataManagementService.createMetadata(metaData);
return apiApplicationKey; return apiApplicationKey;
} catch (MetadataManagementException e) { } catch (MetadataManagementException e) {
String msg = "Error occurred while creating the meta data entry for mata key: " + applicationName; String msg = "Error occurred while creating meta data for meta key: " + applicationName;
log.error(msg, e); log.error(msg, e);
throw new APIManagerException(msg, e); throw new APIManagerException(msg, e);
} catch (MetadataKeyAlreadyExistsException e) { } catch (MetadataKeyAlreadyExistsException e) {
String msg = "Found duplicate meta value entry for meta key: " + applicationName; String msg =
log.error(msg, e); "Since meta key:" + applicationName + " already exists, meta data creating process " +
throw new APIManagerException(msg, e); "failed.";
}
} else {
try {
Metadata metaData = metadataManagementService.retrieveMetadata(applicationName);
if (metaData == null) {
String msg = "Couldn't find application key data from meta data mgt service. Meta key: "
+ applicationName;
log.error(msg);
throw new APIManagerException(msg);
}
String[] metaValues = metaData.getMetaValue().split(":");
if (metaValues.length != 2) {
String msg = "Found invalid Meta value for meta key: " + applicationName + ". Meta Value: "
+ metaData.getMetaValue();
log.error(msg);
throw new APIManagerException(msg);
}
String applicationId = metaValues[0];
String keyMappingId = metaValues[1];
ApplicationKey applicationKey = consumerRESTAPIServices.getKeyDetails(tokenInfo, applicationId, keyMappingId);
ApiApplicationKey apiApplicationKey = new ApiApplicationKey();
apiApplicationKey.setConsumerKey(applicationKey.getConsumerKey());
apiApplicationKey.setConsumerSecret(applicationKey.getConsumerSecret());
return apiApplicationKey;
} catch (MetadataManagementException e) {
String msg = "Error occurred while getting meta data for meta key: " + applicationName;
log.error(msg, e);
throw new APIManagerException(msg, e);
}
}
} catch (APIServicesException e) {
String msg = "Error occurred while processing the response of APIM REST endpoints.";
log.error(msg, e); log.error(msg, e);
throw new APIManagerException(msg, e); throw new APIManagerException(msg, e);
} catch (BadRequestException e) { } catch (BadRequestException e) {
String msg = "Provided incorrect payload when invoking APIM REST endpoints."; String msg = "Provided incorrect payload when invoking APIM REST endpoints to handle new API application.";
log.error(msg, e); log.error(msg, e);
throw new APIManagerException(msg, e); throw new APIManagerException(msg, e);
} catch (UnexpectedResponseException e) { } catch (UnexpectedResponseException e) {
String msg = "Error occurred while invoking APIM REST endpoints."; String msg = "Error occurred while invoking APIM REST endpoints to handle new API application.";
log.error(msg, e);
throw new APIManagerException(msg, e);
} catch (APIServicesException e) {
String msg = "Error occurred while processing the response of APIM REST endpoints to handle new API application.";
log.error(msg, e); log.error(msg, e);
throw new APIManagerException(msg, e); throw new APIManagerException(msg, e);
} }
@ -305,234 +323,234 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
consumerRESTAPIServices.createSubscriptions(tokenInfo, subscriptionList); consumerRESTAPIServices.createSubscriptions(tokenInfo, subscriptionList);
} }
/** // /**
* {@inheritDoc} // * {@inheritDoc}
*/ // */
@Override // @Override
public synchronized ApiApplicationKey generateAndRetrieveApplicationKeys(String applicationName, String tags[], // public synchronized ApiApplicationKey generateAndRetrieveApplicationKeys(String applicationName, String tags[],
String keyType, String username, boolean isAllowedAllDomains, String validityTime) // String keyType, String username, boolean isAllowedAllDomains, String validityTime)
throws APIManagerException { // throws APIManagerException {
//
//
/* ///*
//
todo - Modify generateAndRetrieveApplicationKeys //todo - Modify generateAndRetrieveApplicationKeys
//
Check the existence of the API application. //Check the existence of the API application.
//
if Application is not exists //if Application is not exists
Create the Application // Create the Application
//
If super tenants //If super tenants
Get set of tagged APIs // Get set of tagged APIs
If the tenant domain is not super tenant //If the tenant domain is not super tenant
Get set of tagged APIs from super tenant space // Get set of tagged APIs from super tenant space
//
If new Application //If new Application
Subscribed to tagged APIs // Subscribed to tagged APIs
Else //Else
Get all subscribed APIs of application // Get all subscribed APIs of application
Filter out APIs and subscribed to APIs which can be subscribed // Filter out APIs and subscribed to APIs which can be subscribed
Filter -> Use set of tagged APis // Filter -> Use set of tagged APis
Remove already subscribed APIs from the set // Remove already subscribed APIs from the set
Subscribed to remaining APIs // Subscribed to remaining APIs
//
Get Application keys from application //Get Application keys from application
If API keys are there return API keys // If API keys are there return API keys
//
Otherwise, Generate Application Keys and return them //Otherwise, Generate Application Keys and return them
//
*/ // */
//
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(); // String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
if (StringUtils.isEmpty(username)) { // if (StringUtils.isEmpty(username)) {
username = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername() + "@" + tenantDomain; // username = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername() + "@" + tenantDomain;
} // }
try { // try {
APIConsumer apiConsumer = API_MANAGER_FACTORY.getAPIConsumer(username); // APIConsumer apiConsumer = API_MANAGER_FACTORY.getAPIConsumer(username);
Application application = null; // todo:resolve:apim - apiConsumer.getApplicationsByName(username, applicationName, ""); // Application application = null; // todo:resolve:apim - apiConsumer.getApplicationsByName(username, applicationName, "");
int applicationId = 0; // int applicationId = 0;
Subscriber subscriber = null; // Subscriber subscriber = null;
if (application == null) { // if (application == null) {
subscriber = null; // todo:resolve:apim - apiConsumer.getSubscriber(username); // subscriber = null; // todo:resolve:apim - apiConsumer.getSubscriber(username);
if (subscriber == null) { // if (subscriber == null) {
// create subscriber // // create subscriber
// todo:resolve:apim - apiConsumer.addSubscriber(username, ""); // // todo:resolve:apim - apiConsumer.addSubscriber(username, "");
subscriber = null; // todo:resolve:apim - apiConsumer.getSubscriber(username); // subscriber = null; // todo:resolve:apim - apiConsumer.getSubscriber(username);
} // }
//create application // //create application
application = new Application(applicationName, subscriber); // application = new Application(applicationName, subscriber);
application.setTier(ApiApplicationConstants.DEFAULT_TIER); // application.setTier(ApiApplicationConstants.DEFAULT_TIER);
application.setGroupId(""); // application.setGroupId("");
application.setTokenType("OAUTH"); // application.setTokenType("OAUTH");
// todo:resolve:apim - apiConsumer.addApplication(application, username); // // todo:resolve:apim - apiConsumer.addApplication(application, username);
application = null; // todo:resolve:apim - apiConsumer.getApplicationsByName(username, applicationName, ""); // application = null; // todo:resolve:apim - apiConsumer.getApplicationsByName(username, applicationName, "");
} else { // } else {
subscriber = null; // todo:resolve:apim - apiConsumer.getSubscriber(username); // subscriber = null; // todo:resolve:apim - apiConsumer.getSubscriber(username);
} // }
//
Set<SubscribedAPI> subscribedAPIs = // Set<SubscribedAPI> subscribedAPIs =
null; // todo:resolve:apim - apiConsumer.getSubscribedAPIs(subscriber, applicationName, ""); // null; // todo:resolve:apim - apiConsumer.getSubscribedAPIs(subscriber, applicationName, "");
//
log.info("Already subscribed API count: " + subscribedAPIs.size()); // log.info("Already subscribed API count: " + subscribedAPIs.size());
//
// subscribe to apis. // // subscribe to apis.
APIConsumer apiConsumerAPIPublishedTenant = apiConsumer; // APIConsumer apiConsumerAPIPublishedTenant = apiConsumer;
if (tags != null && tags.length > 0) { // if (tags != null && tags.length > 0) {
for (String tag : tags) { // for (String tag : tags) {
boolean startedTenantFlow = false; // boolean startedTenantFlow = false;
Set<API> apisWithTag = null; // todo:resolve:apim - apiConsumer.getAPIsWithTag(tag, tenantDomain); // Set<API> apisWithTag = null; // todo:resolve:apim - apiConsumer.getAPIsWithTag(tag, tenantDomain);
//
/** // /**
* From APIM 4.0.0, APIs published in the super tenant can only be listed by // * From APIM 4.0.0, APIs published in the super tenant can only be listed by
* APIConsumer, only if the APIConsumer belongs to the super tenant. So we // * APIConsumer, only if the APIConsumer belongs to the super tenant. So we
* are starting tenant flow if we are not already in super tenant(child // * are starting tenant flow if we are not already in super tenant(child
* tenant starting to create OAuth app). // * tenant starting to create OAuth app).
*/ // */
if (apisWithTag == null || apisWithTag.size() == 0) { // if (apisWithTag == null || apisWithTag.size() == 0) {
PrivilegedCarbonContext.startTenantFlow(); // PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME, // PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME,
true); // true);
//
try { // try {
String superAdminUsername = PrivilegedCarbonContext // String superAdminUsername = PrivilegedCarbonContext
.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration().getAdminUserName(); // .getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration().getAdminUserName();
apiConsumerAPIPublishedTenant = API_MANAGER_FACTORY.getAPIConsumer(superAdminUsername); // apiConsumerAPIPublishedTenant = API_MANAGER_FACTORY.getAPIConsumer(superAdminUsername);
} catch (UserStoreException e) { // } catch (UserStoreException e) {
throw new APIManagerException("Failed to create api application for " + // throw new APIManagerException("Failed to create api application for " +
"tenant: " + tenantDomain + // "tenant: " + tenantDomain +
". Caused by to inability to get super tenant username", e); // ". Caused by to inability to get super tenant username", e);
} // }
//
apisWithTag = null; // todo:resolve:apim - apiConsumerAPIPublishedTenant.getAPIsWithTag(tag, MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); // apisWithTag = null; // todo:resolve:apim - apiConsumerAPIPublishedTenant.getAPIsWithTag(tag, MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
startedTenantFlow = true; // startedTenantFlow = true;
} // }
//
Set<ApiTypeWrapper> apiTypeWrapperList = new HashSet<>(); // Set<ApiTypeWrapper> apiTypeWrapperList = new HashSet<>();
if (apisWithTag != null && apisWithTag.size() > 0) { // if (apisWithTag != null && apisWithTag.size() > 0) {
Set<String> tempApiIds = new HashSet<>(); // Set<String> tempApiIds = new HashSet<>();
for (API apiInfo : apisWithTag) { // for (API apiInfo : apisWithTag) {
String id = apiInfo.getId().getProviderName().replace("@", "-AT-") // String id = apiInfo.getId().getProviderName().replace("@", "-AT-")
+ "-" + apiInfo.getId().getName() + "-" + apiInfo.getId().getVersion(); // + "-" + apiInfo.getId().getName() + "-" + apiInfo.getId().getVersion();
boolean subscriptionExist = false; // boolean subscriptionExist = false;
if (subscribedAPIs.size() > 0) { // if (subscribedAPIs.size() > 0) {
for (SubscribedAPI subscribedAPI : subscribedAPIs) { // for (SubscribedAPI subscribedAPI : subscribedAPIs) {
// todo:resolve:apim // // todo:resolve:apim
// if (String.valueOf(subscribedAPI.getApiId().toString()).equals(id)) { //// if (String.valueOf(subscribedAPI.getApiId().toString()).equals(id)) {
// subscriptionExist = true; //// subscriptionExist = true;
// break; //// break;
//// }
// }
// }
// if (!subscriptionExist && !tempApiIds.contains(id)) {
// ApiTypeWrapper apiTypeWrapper;
// if (startedTenantFlow) {
// /**
// * This mean APIs were not found in the child tenant, so all
// * calls to get info about APIs need to be to super tenant.
// */
// apiTypeWrapper = apiConsumerAPIPublishedTenant.getAPIorAPIProductByUUID(
// apiInfo.getUuid(), MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
// } else {
// /**
// * Ideally, in all usecases of IoT server, tenant domain here
// * will be carbon.super. This block is kept to make sure in
// * the future, if there are some APIs published to a specific
// * tenant only.
// */
// apiTypeWrapper = apiConsumerAPIPublishedTenant.getAPIorAPIProductByUUID(
// apiInfo.getUuid(), tenantDomain);
// }
// apiTypeWrapper.setTier(ApiApplicationConstants.DEFAULT_TIER);
// apiTypeWrapperList.add(apiTypeWrapper);
// tempApiIds.add(id);
// }
// }
// if (startedTenantFlow) {
// PrivilegedCarbonContext.endTenantFlow();
// }
//
// /** This is done in a redundant loop instead of doing in the same loop
// * that populates apiTypeWrapperList because in a tenanted scenario,
// * apiConsumerAPIPublishedTenant will belong to super tenant. So super
// * tenant flow need to end before starting subscription to avoid adding
// * subscriptions inside super tenant when we are trying to create an
// * Oauth app for a child tenant.
// */
// for (ApiTypeWrapper apiTypeWrapper : apiTypeWrapperList) {
// // todo:resolve:apim - apiConsumer.addSubscription(apiTypeWrapper, username, application);
// }
// }
// }
// }
// //end of subscription
//
// List<APIKey> applicationKeys = application.getKeys();
// if (applicationKeys != null) {
// for (APIKey applicationKey : applicationKeys) {
// if (keyType.equals(applicationKey.getType())) {
// if (applicationKey.getConsumerKey() != null && !applicationKey.getConsumerKey().isEmpty()) {
// ApiApplicationKey apiApplicationKey = new ApiApplicationKey();
// apiApplicationKey.setConsumerKey(applicationKey.getConsumerKey());
// apiApplicationKey.setConsumerSecret(applicationKey.getConsumerSecret());
// return apiApplicationKey;
// }
// }
// }
// }
//
// List<String> allowedDomains = new ArrayList<>();
// if (isAllowedAllDomains) {
// allowedDomains.add(ApiApplicationConstants.ALLOWED_DOMAINS);
// } else {
// allowedDomains.add(APIManagerUtil.getTenantDomain());
// }
//
// APIAdmin apiAdmin = new APIAdminImpl();
// String keyManagerId = null;
// try {
// List<KeyManagerConfigurationDTO> keyManagerConfigurations = null; // todo:resolve:apim -
// // apiAdmin.getKeyManagerConfigurationsByTenant(tenantDomain);
// if (keyManagerConfigurations != null) {
// for (KeyManagerConfigurationDTO keyManagerConfigurationDTO : keyManagerConfigurations) {
// keyManagerId = keyManagerConfigurationDTO.getUuid();
// }
// }
// String applicationAccessTokenExpiryTime = "N/A";
// if (!StringUtils.isEmpty(validityTime)) {
// applicationAccessTokenExpiryTime = validityTime;
// }
// String jsonString = "{\"grant_types\":\"refresh_token,access_token," +
// "urn:ietf:params:oauth:grant-type:saml2-bearer," +
// "password,client_credentials,iwa:ntlm,urn:ietf:params:oauth:grant-type:jwt-bearer\"," +
// "\"additionalProperties\":\"{\\\"application_access_token_expiry_time\\\":\\\"" + applicationAccessTokenExpiryTime + "\\\"," +
// "\\\"user_access_token_expiry_time\\\":\\\"N\\/A\\\"," +
// "\\\"refresh_token_expiry_time\\\":\\\"N\\/A\\\"," +
// "\\\"id_token_expiry_time\\\":\\\"N\\/A\\\"}\"," +
// "\"username\":\"" + username + "\"}";
//
// Map<String, Object> keyDetails = null; // todo:resolve:apim - apiConsumer
//// .requestApprovalForApplicationRegistration(username, applicationName, keyType, "",
//// allowedDomains.toArray(new String[allowedDomains.size()]), validityTime, "default", "",
//// jsonString, keyManagerId, tenantDomain);
//
// if (keyDetails != null) {
// ApiApplicationKey apiApplicationKey = new ApiApplicationKey();
// apiApplicationKey.setConsumerKey((String) keyDetails.get("consumerKey"));
// apiApplicationKey.setConsumerSecret((String) keyDetails.get("consumerSecret"));
// return apiApplicationKey;
// }
// throw new APIManagerException("Failed to generate keys for tenant: " + tenantDomain);
//// todo:resolve:apim - commected as it says never throw since we commented apim calls above
//// cnt rm
//// } catch (APIManagementException e) {
// } catch (Exception e) {
// throw new APIManagerException("Failed to create api application for tenant: " + tenantDomain, e);
// } // }
}
}
if (!subscriptionExist && !tempApiIds.contains(id)) {
ApiTypeWrapper apiTypeWrapper;
if (startedTenantFlow) {
/**
* This mean APIs were not found in the child tenant, so all
* calls to get info about APIs need to be to super tenant.
*/
apiTypeWrapper = apiConsumerAPIPublishedTenant.getAPIorAPIProductByUUID(
apiInfo.getUuid(), MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
} else {
/**
* Ideally, in all usecases of IoT server, tenant domain here
* will be carbon.super. This block is kept to make sure in
* the future, if there are some APIs published to a specific
* tenant only.
*/
apiTypeWrapper = apiConsumerAPIPublishedTenant.getAPIorAPIProductByUUID(
apiInfo.getUuid(), tenantDomain);
}
apiTypeWrapper.setTier(ApiApplicationConstants.DEFAULT_TIER);
apiTypeWrapperList.add(apiTypeWrapper);
tempApiIds.add(id);
}
}
if (startedTenantFlow) {
PrivilegedCarbonContext.endTenantFlow();
}
/** This is done in a redundant loop instead of doing in the same loop
* that populates apiTypeWrapperList because in a tenanted scenario,
* apiConsumerAPIPublishedTenant will belong to super tenant. So super
* tenant flow need to end before starting subscription to avoid adding
* subscriptions inside super tenant when we are trying to create an
* Oauth app for a child tenant.
*/
for (ApiTypeWrapper apiTypeWrapper : apiTypeWrapperList) {
// todo:resolve:apim - apiConsumer.addSubscription(apiTypeWrapper, username, application);
}
}
}
}
//end of subscription
List<APIKey> applicationKeys = application.getKeys();
if (applicationKeys != null) {
for (APIKey applicationKey : applicationKeys) {
if (keyType.equals(applicationKey.getType())) {
if (applicationKey.getConsumerKey() != null && !applicationKey.getConsumerKey().isEmpty()) {
ApiApplicationKey apiApplicationKey = new ApiApplicationKey();
apiApplicationKey.setConsumerKey(applicationKey.getConsumerKey());
apiApplicationKey.setConsumerSecret(applicationKey.getConsumerSecret());
return apiApplicationKey;
}
}
}
}
List<String> allowedDomains = new ArrayList<>();
if (isAllowedAllDomains) {
allowedDomains.add(ApiApplicationConstants.ALLOWED_DOMAINS);
} else {
allowedDomains.add(APIManagerUtil.getTenantDomain());
}
APIAdmin apiAdmin = new APIAdminImpl();
String keyManagerId = null;
try {
List<KeyManagerConfigurationDTO> keyManagerConfigurations = null; // todo:resolve:apim -
// apiAdmin.getKeyManagerConfigurationsByTenant(tenantDomain);
if (keyManagerConfigurations != null) {
for (KeyManagerConfigurationDTO keyManagerConfigurationDTO : keyManagerConfigurations) {
keyManagerId = keyManagerConfigurationDTO.getUuid();
}
}
String applicationAccessTokenExpiryTime = "N/A";
if (!StringUtils.isEmpty(validityTime)) {
applicationAccessTokenExpiryTime = validityTime;
}
String jsonString = "{\"grant_types\":\"refresh_token,access_token," +
"urn:ietf:params:oauth:grant-type:saml2-bearer," +
"password,client_credentials,iwa:ntlm,urn:ietf:params:oauth:grant-type:jwt-bearer\"," +
"\"additionalProperties\":\"{\\\"application_access_token_expiry_time\\\":\\\"" + applicationAccessTokenExpiryTime + "\\\"," +
"\\\"user_access_token_expiry_time\\\":\\\"N\\/A\\\"," +
"\\\"refresh_token_expiry_time\\\":\\\"N\\/A\\\"," +
"\\\"id_token_expiry_time\\\":\\\"N\\/A\\\"}\"," +
"\"username\":\"" + username + "\"}";
Map<String, Object> keyDetails = null; // todo:resolve:apim - apiConsumer
// .requestApprovalForApplicationRegistration(username, applicationName, keyType, "",
// allowedDomains.toArray(new String[allowedDomains.size()]), validityTime, "default", "",
// jsonString, keyManagerId, tenantDomain);
if (keyDetails != null) {
ApiApplicationKey apiApplicationKey = new ApiApplicationKey();
apiApplicationKey.setConsumerKey((String) keyDetails.get("consumerKey"));
apiApplicationKey.setConsumerSecret((String) keyDetails.get("consumerSecret"));
return apiApplicationKey;
}
throw new APIManagerException("Failed to generate keys for tenant: " + tenantDomain);
// todo:resolve:apim - commected as it says never throw since we commented apim calls above
// cnt rm
// } catch (APIManagementException e) { // } catch (APIManagementException e) {
} catch (Exception e) { // throw new APIManagerException("Failed to create api application for tenant: " + tenantDomain, e);
throw new APIManagerException("Failed to create api application for tenant: " + tenantDomain, e); // }
} // }
} catch (APIManagementException e) {
throw new APIManagerException("Failed to create api application for tenant: " + tenantDomain, e);
}
}
@Override @Override
public AccessTokenInfo getAccessToken(String scopes, String[] tags, String applicationName, String tokenType, public AccessTokenInfo getAccessToken(String scopes, String[] tags, String applicationName, String tokenType,

@ -34,11 +34,8 @@ import okhttp3.*;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.json.JSONObject; import org.json.JSONObject;
import org.wso2.carbon.apimgt.api.APIConsumer;
import org.wso2.carbon.apimgt.api.APIManagementException; import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.api.model.APIKey;
import org.wso2.carbon.apimgt.api.model.Application; import org.wso2.carbon.apimgt.api.model.Application;
import org.wso2.carbon.apimgt.impl.APIManagerFactory;
import org.wso2.carbon.apimgt.impl.utils.APIUtil; import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.user.api.UserRealm; import org.wso2.carbon.user.api.UserRealm;
@ -132,8 +129,9 @@ public class KeyMgtServiceImpl implements KeyMgtService {
// get application id // get application id
//todo --> can use requestingUserAccessToken token here to get application data - modify getApplication //todo --> can use requestingUserAccessToken token here to get application data - modify getApplication
// method signature // method signature
Application application = getApplication(clientName, owner);
String applicationUUID = application.getUUID(); io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application application = getApplication(clientName, owner);
String applicationUUID = application.getApplicationId();
// do app key mapping // do app key mapping
mapApplicationKeys(dcrApplication.getClientId(), dcrApplication.getClientSecret(), keyManagerName, mapApplicationKeys(dcrApplication.getClientId(), dcrApplication.getClientSecret(), keyManagerName,
@ -426,11 +424,11 @@ public class KeyMgtServiceImpl implements KeyMgtService {
* Retrieves an application by name and owner * Retrieves an application by name and owner
* *
* @param applicationName name of the application * @param applicationName name of the application
* @param owner owner of the application * @param accessToken Access Token
* @return @{@link Application} Application object * @return @{@link Application} Application object
* @throws KeyMgtException if any error occurs while retrieving the application * @throws KeyMgtException if any error occurs while retrieving the application
*/ */
private Application getApplication(String applicationName, String accessToken) throws KeyMgtException { private io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application getApplication(String applicationName, String accessToken) throws KeyMgtException {
TokenInfo tokenInfo = new TokenInfo(); TokenInfo tokenInfo = new TokenInfo();
tokenInfo.setApiApplicationInfo(null); tokenInfo.setApiApplicationInfo(null);
@ -440,38 +438,26 @@ public class KeyMgtServiceImpl implements KeyMgtService {
KeyMgtDataHolder.getInstance().getConsumerRESTAPIServices(); KeyMgtDataHolder.getInstance().getConsumerRESTAPIServices();
io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application[] applications = io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application[] applications =
consumerRESTAPIServices.getAllApplications(tokenInfo, applicationName); consumerRESTAPIServices.getAllApplications(tokenInfo, applicationName);
io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application applicationFromRestCall;
if (applications.length == 1) { if (applications.length == 1) {
applicationFromRestCall = applications[0]; return applications[0];
} else { } else {
String msg = String msg =
"Found invalid number of applications. No of applications found from the APIM: " + applications.length; "Found invalid number of applications. No of applications found from the APIM: " + applications.length;
log.error(msg);
throw new KeyMgtException(msg); throw new KeyMgtException(msg);
} }
} catch (io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.BadRequestException e) {
Application application = null;
application.setUUID(applicationFromRestCall.getApplicationId());
application.setName(applicationFromRestCall.getName());
application.setDescription(applicationFromRestCall.getDescription());
application.setApplicationAttributes(applicationFromRestCall.getAttributes());
application.setTokenType(applicationFromRestCall.getTokenType());
application.setStatus(applicationFromRestCall.getStatus());
application.setSubscriptionCount(applicationFromRestCall.getSubscriptionCount());
application.setOwner(applicationFromRestCall.getOwner());
application.setIsBlackListed(applicationFromRestCall.isHashEnabled());
return application;
}
catch (io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.BadRequestException e) {
e.printStackTrace();
msg = "Error while trying to retrieve the application"; msg = "Error while trying to retrieve the application";
log.error(msg); log.error(msg, e);
throw new KeyMgtException(msg); throw new KeyMgtException(msg);
} catch (UnexpectedResponseException e) { } catch (UnexpectedResponseException e) {
throw new KeyMgtException(""); msg = "Received invalid response for the API applications retrieving REST API call.";
log.error(msg, e);
throw new KeyMgtException(msg);
} catch (APIServicesException e) { } catch (APIServicesException e) {
throw new KeyMgtException(""); msg = "Error occurred while processing the API Response.";
log.error(msg, e);
throw new KeyMgtException(msg);
} }
} }

@ -802,7 +802,7 @@ public class DeviceManagementServiceImpl implements DeviceManagementService {
KeyMgtService keyMgtService = new KeyMgtServiceImpl(); KeyMgtService keyMgtService = new KeyMgtServiceImpl();
try { try {
//todo - lasantha - can't get password from here //todo - lasantha - can't get password from here
ApiApplicationKey apiApplicationKey = null; ApiApplicationKey apiApplicationKey;
try { try {
DCRResponse adminDCRResponse = keyMgtService.dynamicClientRegistration(applicationName, DCRResponse adminDCRResponse = keyMgtService.dynamicClientRegistration(applicationName,
PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm() PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm()

@ -218,8 +218,7 @@ public class JWTClientUtil {
long nbf = currentTimeMillis + jwtConfig.getValidityPeriodFromCurrentTime() * 60 * 1000; long nbf = currentTimeMillis + jwtConfig.getValidityPeriodFromCurrentTime() * 60 * 1000;
String jti = jwtConfig.getJti(); String jti = jwtConfig.getJti();
if (jti == null) { if (jti == null) {
String defaultTokenId = currentTimeMillis + "" + new SecureRandom().nextInt(); jti = currentTimeMillis + "" + new SecureRandom().nextInt();
jti = defaultTokenId;
} }
List<String> aud = jwtConfig.getAudiences(); List<String> aud = jwtConfig.getAudiences();
//set up the basic claims //set up the basic claims
@ -273,8 +272,7 @@ public class JWTClientUtil {
JWSSigner signer = new RSASSASigner(rsaPrivateKey); JWSSigner signer = new RSASSASigner(rsaPrivateKey);
SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), claimsSet.build()); SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), claimsSet.build());
signedJWT.sign(signer); signedJWT.sign(signer);
String assertion = signedJWT.serialize(); return signedJWT.serialize();
return assertion;
} catch (KeyStoreException e) { } catch (KeyStoreException e) {
throw new JWTClientException("Failed loading the keystore.", e); throw new JWTClientException("Failed loading the keystore.", e);
} catch (IOException e) { } catch (IOException e) {

Loading…
Cancel
Save