Add improvements to APIM application creating logic

secure-folder-policy
Dharmakeerthi Lasantha 2 years ago
parent cb2fb990e7
commit 342e201c4c

@ -33,22 +33,22 @@ public interface APIManagementProviderService {
*/
boolean isTierLoaded();
/**
* Generate and retreive application keys. if the application does exist then
* create it and subscribe to apis that are grouped with the tags.
*
* @param apiApplicationName name of the application.
* @param tags tags of the apis that application needs to be subscribed.
* @param keyType of the application.
* @param username to whom the application is created
* @param isAllowedAllDomains application is allowed to all the tenants
* @param validityTime validity period of the application
* @return consumerkey and secrete of the created application.
* @throws APIManagerException
*/
ApiApplicationKey generateAndRetrieveApplicationKeys(String apiApplicationName, String tags[],
String keyType, String username, boolean isAllowedAllDomains,
String validityTime) throws APIManagerException;
// /**
// * Generate and retreive application keys. if the application does exist then
// * create it and subscribe to apis that are grouped with the tags.
// *
// * @param apiApplicationName name of the application.
// * @param tags tags of the apis that application needs to be subscribed.
// * @param keyType of the application.
// * @param username to whom the application is created
// * @param isAllowedAllDomains application is allowed to all the tenants
// * @param validityTime validity period of the application
// * @return consumerkey and secrete of the created application.
// * @throws APIManagerException
// */
// ApiApplicationKey generateAndRetrieveApplicationKeys(String apiApplicationName, String tags[],
// String keyType, String username, boolean isAllowedAllDomains,
// String validityTime) throws APIManagerException;
ApiApplicationKey generateAndRetrieveApplicationKeys(String applicationName, String[] tags,
String keyType, String username,
@ -60,10 +60,10 @@ public interface APIManagementProviderService {
boolean isAllowedAllDomains,
String validityTime, String accessToken) throws APIManagerException;
/**
* Remove APIM Application.
*/
void removeAPIApplication(String applicationName, String username) throws APIManagerException;
// /**
// * Remove APIM Application.
// */
// void removeAPIApplication(String applicationName, String username) throws APIManagerException;
/**
* To get access token for given scopes and for the given validity period

@ -54,7 +54,6 @@ import org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO;
import org.wso2.carbon.apimgt.api.model.API;
import org.wso2.carbon.apimgt.api.model.APIKey;
import org.wso2.carbon.apimgt.api.model.ApiTypeWrapper;
import org.wso2.carbon.apimgt.api.model.Application;
import org.wso2.carbon.apimgt.api.model.SubscribedAPI;
import org.wso2.carbon.apimgt.api.model.Subscriber;
import org.wso2.carbon.apimgt.impl.APIAdminImpl;
@ -97,23 +96,23 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
return false;
}
@Override
public void removeAPIApplication(String applicationName, String username) throws APIManagerException {
try {
APIConsumer apiConsumer = API_MANAGER_FACTORY.getAPIConsumer(username);
Application application = null; // todo:apim - apiConsumer.getApplicationsByName(username, applicationName, "");
// curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" "https://localhost:9443/api/am/devportal/v3/applications?query=CalculatorApp"
if (application != null) {
// todo:apim - apiConsumer.removeApplication(application, username);
//curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -X DELETE "https://localhost:9443/api/am/devportal/v3/applications/896658a0-b4ee-4535-bbfa-806c894a4015"
}
} catch (APIManagementException e) {
throw new APIManagerException("Failed to remove api application : " + applicationName, e);
}
}
// @Override
// public void removeAPIApplication(String applicationName, String username) throws APIManagerException {
//
// try {
// APIConsumer apiConsumer = API_MANAGER_FACTORY.getAPIConsumer(username);
// Application application = null; // todo:apim - apiConsumer.getApplicationsByName(username, applicationName, "");
//// curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" "https://localhost:9443/api/am/devportal/v3/applications?query=CalculatorApp"
// if (application != null) {
// // todo:apim - apiConsumer.removeApplication(application, username);
// //curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -X DELETE "https://localhost:9443/api/am/devportal/v3/applications/896658a0-b4ee-4535-bbfa-806c894a4015"
// }
// } catch (APIManagementException e) {
// throw new APIManagerException("Failed to remove api application : " + applicationName, e);
// }
//
//
// }
@Override
public synchronized ApiApplicationKey generateAndRetrieveApplicationKeys(String applicationName, String[] tags,
@ -123,8 +122,7 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
TokenInfo tokenInfo = new TokenInfo();
tokenInfo.setApiApplicationInfo(null);
tokenInfo.setAccessToken(accessToken);
return generateAndRetrieveApplicationKeys(applicationName, tags ,keyType, null, isAllowedAllDomains, validityTime, tokenInfo);
return generateAndRetrieveApplicationKeys(applicationName, tags ,keyType, isAllowedAllDomains, validityTime, tokenInfo);
}
@Override
@ -136,18 +134,16 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
ApiApplicationInfo applicationInfo = getApplicationInfo(username, password);
TokenInfo tokenInfo = new TokenInfo();
tokenInfo.setApiApplicationInfo(applicationInfo);
tokenInfo.setAccessToken(null);
return generateAndRetrieveApplicationKeys(applicationName, tags, keyType, username,isAllowedAllDomains, validityTime, tokenInfo);
return generateAndRetrieveApplicationKeys(applicationName, tags, keyType,isAllowedAllDomains, validityTime, tokenInfo);
}
private ApiApplicationKey generateAndRetrieveApplicationKeys(String applicationName, String[] tags,
String keyType, String username,
boolean isAllowedAllDomains,
String validityTime, TokenInfo tokenInfo) throws APIManagerException {
String keyType,
boolean isAllowedAllDomains,
String validityTime, TokenInfo tokenInfo) throws APIManagerException {
ConsumerRESTAPIServices consumerRESTAPIServices =
APIApplicationManagerExtensionDataHolder.getInstance().getConsumerRESTAPIServices();
@ -175,88 +171,45 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application[] applications =
consumerRESTAPIServices.getAllApplications(tokenInfo, applicationName);
io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application application;
boolean isNewApplication = false;
MetadataManagementService metadataManagementService = APIApplicationManagerExtensionDataHolder.getInstance().getMetadataManagementService();
if (applications.length == 0) {
isNewApplication = true;
application = new io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application();
application.setName(applicationName);
application = consumerRESTAPIServices.createApplication(tokenInfo, application);
addSubscriptions(application, uniqueApiList, tokenInfo);
return handleNewAPIApplication(applicationName, uniqueApiList, tokenInfo, keyType, validityTime);
} else {
if (applications.length == 1) {
Optional<io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application> applicationOpt =
Arrays.stream(applications).findFirst();
application = applicationOpt.get();
Subscription[] subscriptions = consumerRESTAPIServices.getAllSubscriptions(tokenInfo, application.getApplicationId());
Arrays.stream(subscriptions).map(Subscription::getApiInfo).forEachOrdered(uniqueApiList::remove);
addSubscriptions(application, uniqueApiList, tokenInfo);
} else {
String msg = "Found more than one application for application name: " + applicationName;
log.error(msg);
throw new APIManagerException(msg);
}
}
MetadataManagementService metadataManagementService = APIApplicationManagerExtensionDataHolder.getInstance().getMetadataManagementService();
if (isNewApplication) {
KeyManager[] keyManagers = consumerRESTAPIServices.getAllKeyManagers(tokenInfo);
KeyManager keyManager;
if (keyManagers.length == 1) {
keyManager = keyManagers[0];
} else {
String msg =
"Found invalid number of key managers. No of key managers found from the APIM: " + keyManagers.length;
throw new APIManagerException(msg);
}
ApplicationKey applicationKey = consumerRESTAPIServices.generateApplicationKeys(tokenInfo, application.getApplicationId(),
keyManager.getName(), keyType, validityTime);
ApiApplicationKey apiApplicationKey = new ApiApplicationKey();
apiApplicationKey.setConsumerKey(applicationKey.getConsumerKey());
apiApplicationKey.setConsumerSecret(applicationKey.getConsumerSecret());
Metadata metaData = new Metadata();
metaData.setMetaKey(applicationName);
String metaValue = application.getApplicationId() + ":" + applicationKey.getKeyMappingId();
metaData.setMetaValue(metaValue);
try {
metadataManagementService.createMetadata(metaData);
return apiApplicationKey;
} catch (MetadataManagementException e) {
String msg = "Error occurred while creating the meta data entry for mata key: " + applicationName;
log.error(msg, e);
throw new APIManagerException(msg, e);
} catch (MetadataKeyAlreadyExistsException e) {
String msg = "Found duplicate meta value entry for meta key: " + applicationName;
log.error(msg, e);
throw new APIManagerException(msg, e);
}
} else {
try {
Metadata metaData = metadataManagementService.retrieveMetadata(applicationName);
if (metaData == null) {
String msg = "Couldn't find application key data from meta data mgt service. Meta key: "
+ applicationName;
log.error(msg);
throw new APIManagerException(msg);
}
String[] metaValues = metaData.getMetaValue().split(":");
if (metaValues.length != 2) {
String msg = "Found invalid Meta value for meta key: " + applicationName + ". Meta Value: "
+ metaData.getMetaValue();
log.error(msg);
throw new APIManagerException(msg);
// Todo add a comment
consumerRESTAPIServices.deleteApplication(tokenInfo, application.getApplicationId());
return handleNewAPIApplication(applicationName, uniqueApiList, tokenInfo, keyType, validityTime);
} else {
Subscription[] subscriptions = consumerRESTAPIServices.getAllSubscriptions(tokenInfo, application.getApplicationId());
Arrays.stream(subscriptions).map(Subscription::getApiInfo).forEachOrdered(uniqueApiList::remove);
addSubscriptions(application, uniqueApiList, tokenInfo);
String[] metaValues = metaData.getMetaValue().split(":");
if (metaValues.length != 2) {
String msg = "Found invalid Meta value for meta key: " + applicationName + ". Meta Value: "
+ metaData.getMetaValue();
log.error(msg);
throw new APIManagerException(msg);
}
String applicationId = metaValues[0];
String keyMappingId = metaValues[1];
ApplicationKey applicationKey = consumerRESTAPIServices.getKeyDetails(tokenInfo, applicationId, keyMappingId);
ApiApplicationKey apiApplicationKey = new ApiApplicationKey();
apiApplicationKey.setConsumerKey(applicationKey.getConsumerKey());
apiApplicationKey.setConsumerSecret(applicationKey.getConsumerSecret());
return apiApplicationKey;
}
String applicationId = metaValues[0];
String keyMappingId = metaValues[1];
ApplicationKey applicationKey = consumerRESTAPIServices.getKeyDetails(tokenInfo, applicationId, keyMappingId);
ApiApplicationKey apiApplicationKey = new ApiApplicationKey();
apiApplicationKey.setConsumerKey(applicationKey.getConsumerKey());
apiApplicationKey.setConsumerSecret(applicationKey.getConsumerSecret());
return apiApplicationKey;
} catch (MetadataManagementException e) {
String msg = "Error occurred while getting meta data for meta key: " + applicationName;
log.error(msg, e);
throw new APIManagerException(msg, e);
} else {
String msg = "Found more than one application for application name: " + applicationName;
log.error(msg);
throw new APIManagerException(msg);
}
}
} catch (APIServicesException e) {
@ -271,6 +224,71 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
String msg = "Error occurred while invoking APIM REST endpoints.";
log.error(msg, e);
throw new APIManagerException(msg, e);
} catch (MetadataManagementException e) {
String msg = "Error occurred while getting meta data for meta key: " + applicationName;
log.error(msg, e);
throw new APIManagerException(msg, e);
}
}
private ApiApplicationKey handleNewAPIApplication(String applicationName, List<APIInfo> uniqueApiList,
TokenInfo tokenInfo, String keyType, String validityTime) throws APIManagerException {
ConsumerRESTAPIServices consumerRESTAPIServices =
APIApplicationManagerExtensionDataHolder.getInstance().getConsumerRESTAPIServices();
io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application application = new io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application();
application.setName(applicationName);
try {
application = consumerRESTAPIServices.createApplication(tokenInfo, application);
addSubscriptions(application, uniqueApiList, tokenInfo);
KeyManager[] keyManagers = consumerRESTAPIServices.getAllKeyManagers(tokenInfo);
KeyManager keyManager;
if (keyManagers.length == 1) {
keyManager = keyManagers[0];
} else {
String msg =
"Found invalid number of key managers. No of key managers found from the APIM: " + keyManagers.length;
log.error(msg);
throw new APIManagerException(msg);
}
ApplicationKey applicationKey = consumerRESTAPIServices.generateApplicationKeys(tokenInfo, application.getApplicationId(),
keyManager.getName(), keyType, validityTime);
ApiApplicationKey apiApplicationKey = new ApiApplicationKey();
apiApplicationKey.setConsumerKey(applicationKey.getConsumerKey());
apiApplicationKey.setConsumerSecret(applicationKey.getConsumerSecret());
Metadata metaData = new Metadata();
metaData.setMetaKey(applicationName);
String metaValue = application.getApplicationId() + ":" + applicationKey.getKeyMappingId();
metaData.setMetaValue(metaValue);
MetadataManagementService metadataManagementService = APIApplicationManagerExtensionDataHolder.getInstance().getMetadataManagementService();
metadataManagementService.createMetadata(metaData);
return apiApplicationKey;
} catch (MetadataManagementException e) {
String msg = "Error occurred while creating meta data for meta key: " + applicationName;
log.error(msg, e);
throw new APIManagerException(msg, e);
} catch (MetadataKeyAlreadyExistsException e) {
String msg =
"Since meta key:" + applicationName + " already exists, meta data creating process " +
"failed.";
log.error(msg, e);
throw new APIManagerException(msg, e);
} catch (BadRequestException e) {
String msg = "Provided incorrect payload when invoking APIM REST endpoints to handle new API application.";
log.error(msg, e);
throw new APIManagerException(msg, e);
} catch (UnexpectedResponseException e) {
String msg = "Error occurred while invoking APIM REST endpoints to handle new API application.";
log.error(msg, e);
throw new APIManagerException(msg, e);
} catch (APIServicesException e) {
String msg = "Error occurred while processing the response of APIM REST endpoints to handle new API application.";
log.error(msg, e);
throw new APIManagerException(msg, e);
}
}
@ -305,234 +323,234 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe
consumerRESTAPIServices.createSubscriptions(tokenInfo, subscriptionList);
}
/**
* {@inheritDoc}
*/
@Override
public synchronized ApiApplicationKey generateAndRetrieveApplicationKeys(String applicationName, String tags[],
String keyType, String username, boolean isAllowedAllDomains, String validityTime)
throws APIManagerException {
/*
todo - Modify generateAndRetrieveApplicationKeys
Check the existence of the API application.
if Application is not exists
Create the Application
If super tenants
Get set of tagged APIs
If the tenant domain is not super tenant
Get set of tagged APIs from super tenant space
If new Application
Subscribed to tagged APIs
Else
Get all subscribed APIs of application
Filter out APIs and subscribed to APIs which can be subscribed
Filter -> Use set of tagged APis
Remove already subscribed APIs from the set
Subscribed to remaining APIs
Get Application keys from application
If API keys are there return API keys
Otherwise, Generate Application Keys and return them
*/
String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
if (StringUtils.isEmpty(username)) {
username = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername() + "@" + tenantDomain;
}
try {
APIConsumer apiConsumer = API_MANAGER_FACTORY.getAPIConsumer(username);
Application application = null; // todo:resolve:apim - apiConsumer.getApplicationsByName(username, applicationName, "");
int applicationId = 0;
Subscriber subscriber = null;
if (application == null) {
subscriber = null; // todo:resolve:apim - apiConsumer.getSubscriber(username);
if (subscriber == null) {
// create subscriber
// todo:resolve:apim - apiConsumer.addSubscriber(username, "");
subscriber = null; // todo:resolve:apim - apiConsumer.getSubscriber(username);
}
//create application
application = new Application(applicationName, subscriber);
application.setTier(ApiApplicationConstants.DEFAULT_TIER);
application.setGroupId("");
application.setTokenType("OAUTH");
// todo:resolve:apim - apiConsumer.addApplication(application, username);
application = null; // todo:resolve:apim - apiConsumer.getApplicationsByName(username, applicationName, "");
} else {
subscriber = null; // todo:resolve:apim - apiConsumer.getSubscriber(username);
}
Set<SubscribedAPI> subscribedAPIs =
null; // todo:resolve:apim - apiConsumer.getSubscribedAPIs(subscriber, applicationName, "");
log.info("Already subscribed API count: " + subscribedAPIs.size());
// subscribe to apis.
APIConsumer apiConsumerAPIPublishedTenant = apiConsumer;
if (tags != null && tags.length > 0) {
for (String tag : tags) {
boolean startedTenantFlow = false;
Set<API> apisWithTag = null; // todo:resolve:apim - apiConsumer.getAPIsWithTag(tag, tenantDomain);
/**
* From APIM 4.0.0, APIs published in the super tenant can only be listed by
* APIConsumer, only if the APIConsumer belongs to the super tenant. So we
* are starting tenant flow if we are not already in super tenant(child
* tenant starting to create OAuth app).
*/
if (apisWithTag == null || apisWithTag.size() == 0) {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME,
true);
try {
String superAdminUsername = PrivilegedCarbonContext
.getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration().getAdminUserName();
apiConsumerAPIPublishedTenant = API_MANAGER_FACTORY.getAPIConsumer(superAdminUsername);
} catch (UserStoreException e) {
throw new APIManagerException("Failed to create api application for " +
"tenant: " + tenantDomain +
". Caused by to inability to get super tenant username", e);
}
apisWithTag = null; // todo:resolve:apim - apiConsumerAPIPublishedTenant.getAPIsWithTag(tag, MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
startedTenantFlow = true;
}
Set<ApiTypeWrapper> apiTypeWrapperList = new HashSet<>();
if (apisWithTag != null && apisWithTag.size() > 0) {
Set<String> tempApiIds = new HashSet<>();
for (API apiInfo : apisWithTag) {
String id = apiInfo.getId().getProviderName().replace("@", "-AT-")
+ "-" + apiInfo.getId().getName() + "-" + apiInfo.getId().getVersion();
boolean subscriptionExist = false;
if (subscribedAPIs.size() > 0) {
for (SubscribedAPI subscribedAPI : subscribedAPIs) {
// todo:resolve:apim
// if (String.valueOf(subscribedAPI.getApiId().toString()).equals(id)) {
// subscriptionExist = true;
// break;
// }
}
}
if (!subscriptionExist && !tempApiIds.contains(id)) {
ApiTypeWrapper apiTypeWrapper;
if (startedTenantFlow) {
/**
* This mean APIs were not found in the child tenant, so all
* calls to get info about APIs need to be to super tenant.
*/
apiTypeWrapper = apiConsumerAPIPublishedTenant.getAPIorAPIProductByUUID(
apiInfo.getUuid(), MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
} else {
/**
* Ideally, in all usecases of IoT server, tenant domain here
* will be carbon.super. This block is kept to make sure in
* the future, if there are some APIs published to a specific
* tenant only.
*/
apiTypeWrapper = apiConsumerAPIPublishedTenant.getAPIorAPIProductByUUID(
apiInfo.getUuid(), tenantDomain);
}
apiTypeWrapper.setTier(ApiApplicationConstants.DEFAULT_TIER);
apiTypeWrapperList.add(apiTypeWrapper);
tempApiIds.add(id);
}
}
if (startedTenantFlow) {
PrivilegedCarbonContext.endTenantFlow();
}
/** This is done in a redundant loop instead of doing in the same loop
* that populates apiTypeWrapperList because in a tenanted scenario,
* apiConsumerAPIPublishedTenant will belong to super tenant. So super
* tenant flow need to end before starting subscription to avoid adding
* subscriptions inside super tenant when we are trying to create an
* Oauth app for a child tenant.
*/
for (ApiTypeWrapper apiTypeWrapper : apiTypeWrapperList) {
// todo:resolve:apim - apiConsumer.addSubscription(apiTypeWrapper, username, application);
}
}
}
}
//end of subscription
List<APIKey> applicationKeys = application.getKeys();
if (applicationKeys != null) {
for (APIKey applicationKey : applicationKeys) {
if (keyType.equals(applicationKey.getType())) {
if (applicationKey.getConsumerKey() != null && !applicationKey.getConsumerKey().isEmpty()) {
ApiApplicationKey apiApplicationKey = new ApiApplicationKey();
apiApplicationKey.setConsumerKey(applicationKey.getConsumerKey());
apiApplicationKey.setConsumerSecret(applicationKey.getConsumerSecret());
return apiApplicationKey;
}
}
}
}
List<String> allowedDomains = new ArrayList<>();
if (isAllowedAllDomains) {
allowedDomains.add(ApiApplicationConstants.ALLOWED_DOMAINS);
} else {
allowedDomains.add(APIManagerUtil.getTenantDomain());
}
APIAdmin apiAdmin = new APIAdminImpl();
String keyManagerId = null;
try {
List<KeyManagerConfigurationDTO> keyManagerConfigurations = null; // todo:resolve:apim -
// apiAdmin.getKeyManagerConfigurationsByTenant(tenantDomain);
if (keyManagerConfigurations != null) {
for (KeyManagerConfigurationDTO keyManagerConfigurationDTO : keyManagerConfigurations) {
keyManagerId = keyManagerConfigurationDTO.getUuid();
}
}
String applicationAccessTokenExpiryTime = "N/A";
if (!StringUtils.isEmpty(validityTime)) {
applicationAccessTokenExpiryTime = validityTime;
}
String jsonString = "{\"grant_types\":\"refresh_token,access_token," +
"urn:ietf:params:oauth:grant-type:saml2-bearer," +
"password,client_credentials,iwa:ntlm,urn:ietf:params:oauth:grant-type:jwt-bearer\"," +
"\"additionalProperties\":\"{\\\"application_access_token_expiry_time\\\":\\\"" + applicationAccessTokenExpiryTime + "\\\"," +
"\\\"user_access_token_expiry_time\\\":\\\"N\\/A\\\"," +
"\\\"refresh_token_expiry_time\\\":\\\"N\\/A\\\"," +
"\\\"id_token_expiry_time\\\":\\\"N\\/A\\\"}\"," +
"\"username\":\"" + username + "\"}";
Map<String, Object> keyDetails = null; // todo:resolve:apim - apiConsumer
// .requestApprovalForApplicationRegistration(username, applicationName, keyType, "",
// allowedDomains.toArray(new String[allowedDomains.size()]), validityTime, "default", "",
// jsonString, keyManagerId, tenantDomain);
if (keyDetails != null) {
ApiApplicationKey apiApplicationKey = new ApiApplicationKey();
apiApplicationKey.setConsumerKey((String) keyDetails.get("consumerKey"));
apiApplicationKey.setConsumerSecret((String) keyDetails.get("consumerSecret"));
return apiApplicationKey;
}
throw new APIManagerException("Failed to generate keys for tenant: " + tenantDomain);
// todo:resolve:apim - commected as it says never throw since we commented apim calls above
// cnt rm
// } catch (APIManagementException e) {
} catch (Exception e) {
throw new APIManagerException("Failed to create api application for tenant: " + tenantDomain, e);
}
} catch (APIManagementException e) {
throw new APIManagerException("Failed to create api application for tenant: " + tenantDomain, e);
}
}
// /**
// * {@inheritDoc}
// */
// @Override
// public synchronized ApiApplicationKey generateAndRetrieveApplicationKeys(String applicationName, String tags[],
// String keyType, String username, boolean isAllowedAllDomains, String validityTime)
// throws APIManagerException {
//
//
///*
//
//todo - Modify generateAndRetrieveApplicationKeys
//
//Check the existence of the API application.
//
//if Application is not exists
// Create the Application
//
//If super tenants
// Get set of tagged APIs
//If the tenant domain is not super tenant
// Get set of tagged APIs from super tenant space
//
//If new Application
// Subscribed to tagged APIs
//Else
// Get all subscribed APIs of application
// Filter out APIs and subscribed to APIs which can be subscribed
// Filter -> Use set of tagged APis
// Remove already subscribed APIs from the set
// Subscribed to remaining APIs
//
//Get Application keys from application
// If API keys are there return API keys
//
//Otherwise, Generate Application Keys and return them
//
// */
//
// String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
// if (StringUtils.isEmpty(username)) {
// username = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername() + "@" + tenantDomain;
// }
// try {
// APIConsumer apiConsumer = API_MANAGER_FACTORY.getAPIConsumer(username);
// Application application = null; // todo:resolve:apim - apiConsumer.getApplicationsByName(username, applicationName, "");
// int applicationId = 0;
// Subscriber subscriber = null;
// if (application == null) {
// subscriber = null; // todo:resolve:apim - apiConsumer.getSubscriber(username);
// if (subscriber == null) {
// // create subscriber
// // todo:resolve:apim - apiConsumer.addSubscriber(username, "");
// subscriber = null; // todo:resolve:apim - apiConsumer.getSubscriber(username);
// }
// //create application
// application = new Application(applicationName, subscriber);
// application.setTier(ApiApplicationConstants.DEFAULT_TIER);
// application.setGroupId("");
// application.setTokenType("OAUTH");
// // todo:resolve:apim - apiConsumer.addApplication(application, username);
// application = null; // todo:resolve:apim - apiConsumer.getApplicationsByName(username, applicationName, "");
// } else {
// subscriber = null; // todo:resolve:apim - apiConsumer.getSubscriber(username);
// }
//
// Set<SubscribedAPI> subscribedAPIs =
// null; // todo:resolve:apim - apiConsumer.getSubscribedAPIs(subscriber, applicationName, "");
//
// log.info("Already subscribed API count: " + subscribedAPIs.size());
//
// // subscribe to apis.
// APIConsumer apiConsumerAPIPublishedTenant = apiConsumer;
// if (tags != null && tags.length > 0) {
// for (String tag : tags) {
// boolean startedTenantFlow = false;
// Set<API> apisWithTag = null; // todo:resolve:apim - apiConsumer.getAPIsWithTag(tag, tenantDomain);
//
// /**
// * From APIM 4.0.0, APIs published in the super tenant can only be listed by
// * APIConsumer, only if the APIConsumer belongs to the super tenant. So we
// * are starting tenant flow if we are not already in super tenant(child
// * tenant starting to create OAuth app).
// */
// if (apisWithTag == null || apisWithTag.size() == 0) {
// PrivilegedCarbonContext.startTenantFlow();
// PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME,
// true);
//
// try {
// String superAdminUsername = PrivilegedCarbonContext
// .getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration().getAdminUserName();
// apiConsumerAPIPublishedTenant = API_MANAGER_FACTORY.getAPIConsumer(superAdminUsername);
// } catch (UserStoreException e) {
// throw new APIManagerException("Failed to create api application for " +
// "tenant: " + tenantDomain +
// ". Caused by to inability to get super tenant username", e);
// }
//
// apisWithTag = null; // todo:resolve:apim - apiConsumerAPIPublishedTenant.getAPIsWithTag(tag, MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
// startedTenantFlow = true;
// }
//
// Set<ApiTypeWrapper> apiTypeWrapperList = new HashSet<>();
// if (apisWithTag != null && apisWithTag.size() > 0) {
// Set<String> tempApiIds = new HashSet<>();
// for (API apiInfo : apisWithTag) {
// String id = apiInfo.getId().getProviderName().replace("@", "-AT-")
// + "-" + apiInfo.getId().getName() + "-" + apiInfo.getId().getVersion();
// boolean subscriptionExist = false;
// if (subscribedAPIs.size() > 0) {
// for (SubscribedAPI subscribedAPI : subscribedAPIs) {
// // todo:resolve:apim
//// if (String.valueOf(subscribedAPI.getApiId().toString()).equals(id)) {
//// subscriptionExist = true;
//// break;
//// }
// }
// }
// if (!subscriptionExist && !tempApiIds.contains(id)) {
// ApiTypeWrapper apiTypeWrapper;
// if (startedTenantFlow) {
// /**
// * This mean APIs were not found in the child tenant, so all
// * calls to get info about APIs need to be to super tenant.
// */
// apiTypeWrapper = apiConsumerAPIPublishedTenant.getAPIorAPIProductByUUID(
// apiInfo.getUuid(), MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
// } else {
// /**
// * Ideally, in all usecases of IoT server, tenant domain here
// * will be carbon.super. This block is kept to make sure in
// * the future, if there are some APIs published to a specific
// * tenant only.
// */
// apiTypeWrapper = apiConsumerAPIPublishedTenant.getAPIorAPIProductByUUID(
// apiInfo.getUuid(), tenantDomain);
// }
// apiTypeWrapper.setTier(ApiApplicationConstants.DEFAULT_TIER);
// apiTypeWrapperList.add(apiTypeWrapper);
// tempApiIds.add(id);
// }
// }
// if (startedTenantFlow) {
// PrivilegedCarbonContext.endTenantFlow();
// }
//
// /** This is done in a redundant loop instead of doing in the same loop
// * that populates apiTypeWrapperList because in a tenanted scenario,
// * apiConsumerAPIPublishedTenant will belong to super tenant. So super
// * tenant flow need to end before starting subscription to avoid adding
// * subscriptions inside super tenant when we are trying to create an
// * Oauth app for a child tenant.
// */
// for (ApiTypeWrapper apiTypeWrapper : apiTypeWrapperList) {
// // todo:resolve:apim - apiConsumer.addSubscription(apiTypeWrapper, username, application);
// }
// }
// }
// }
// //end of subscription
//
// List<APIKey> applicationKeys = application.getKeys();
// if (applicationKeys != null) {
// for (APIKey applicationKey : applicationKeys) {
// if (keyType.equals(applicationKey.getType())) {
// if (applicationKey.getConsumerKey() != null && !applicationKey.getConsumerKey().isEmpty()) {
// ApiApplicationKey apiApplicationKey = new ApiApplicationKey();
// apiApplicationKey.setConsumerKey(applicationKey.getConsumerKey());
// apiApplicationKey.setConsumerSecret(applicationKey.getConsumerSecret());
// return apiApplicationKey;
// }
// }
// }
// }
//
// List<String> allowedDomains = new ArrayList<>();
// if (isAllowedAllDomains) {
// allowedDomains.add(ApiApplicationConstants.ALLOWED_DOMAINS);
// } else {
// allowedDomains.add(APIManagerUtil.getTenantDomain());
// }
//
// APIAdmin apiAdmin = new APIAdminImpl();
// String keyManagerId = null;
// try {
// List<KeyManagerConfigurationDTO> keyManagerConfigurations = null; // todo:resolve:apim -
// // apiAdmin.getKeyManagerConfigurationsByTenant(tenantDomain);
// if (keyManagerConfigurations != null) {
// for (KeyManagerConfigurationDTO keyManagerConfigurationDTO : keyManagerConfigurations) {
// keyManagerId = keyManagerConfigurationDTO.getUuid();
// }
// }
// String applicationAccessTokenExpiryTime = "N/A";
// if (!StringUtils.isEmpty(validityTime)) {
// applicationAccessTokenExpiryTime = validityTime;
// }
// String jsonString = "{\"grant_types\":\"refresh_token,access_token," +
// "urn:ietf:params:oauth:grant-type:saml2-bearer," +
// "password,client_credentials,iwa:ntlm,urn:ietf:params:oauth:grant-type:jwt-bearer\"," +
// "\"additionalProperties\":\"{\\\"application_access_token_expiry_time\\\":\\\"" + applicationAccessTokenExpiryTime + "\\\"," +
// "\\\"user_access_token_expiry_time\\\":\\\"N\\/A\\\"," +
// "\\\"refresh_token_expiry_time\\\":\\\"N\\/A\\\"," +
// "\\\"id_token_expiry_time\\\":\\\"N\\/A\\\"}\"," +
// "\"username\":\"" + username + "\"}";
//
// Map<String, Object> keyDetails = null; // todo:resolve:apim - apiConsumer
//// .requestApprovalForApplicationRegistration(username, applicationName, keyType, "",
//// allowedDomains.toArray(new String[allowedDomains.size()]), validityTime, "default", "",
//// jsonString, keyManagerId, tenantDomain);
//
// if (keyDetails != null) {
// ApiApplicationKey apiApplicationKey = new ApiApplicationKey();
// apiApplicationKey.setConsumerKey((String) keyDetails.get("consumerKey"));
// apiApplicationKey.setConsumerSecret((String) keyDetails.get("consumerSecret"));
// return apiApplicationKey;
// }
// throw new APIManagerException("Failed to generate keys for tenant: " + tenantDomain);
//// todo:resolve:apim - commected as it says never throw since we commented apim calls above
//// cnt rm
//// } catch (APIManagementException e) {
// } catch (Exception e) {
// throw new APIManagerException("Failed to create api application for tenant: " + tenantDomain, e);
// }
// } catch (APIManagementException e) {
// throw new APIManagerException("Failed to create api application for tenant: " + tenantDomain, e);
// }
// }
@Override
public AccessTokenInfo getAccessToken(String scopes, String[] tags, String applicationName, String tokenType,

@ -34,11 +34,8 @@ import okhttp3.*;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.JSONObject;
import org.wso2.carbon.apimgt.api.APIConsumer;
import org.wso2.carbon.apimgt.api.APIManagementException;
import org.wso2.carbon.apimgt.api.model.APIKey;
import org.wso2.carbon.apimgt.api.model.Application;
import org.wso2.carbon.apimgt.impl.APIManagerFactory;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.user.api.UserRealm;
@ -132,8 +129,9 @@ public class KeyMgtServiceImpl implements KeyMgtService {
// get application id
//todo --> can use requestingUserAccessToken token here to get application data - modify getApplication
// method signature
Application application = getApplication(clientName, owner);
String applicationUUID = application.getUUID();
io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application application = getApplication(clientName, owner);
String applicationUUID = application.getApplicationId();
// do app key mapping
mapApplicationKeys(dcrApplication.getClientId(), dcrApplication.getClientSecret(), keyManagerName,
@ -426,11 +424,11 @@ public class KeyMgtServiceImpl implements KeyMgtService {
* Retrieves an application by name and owner
*
* @param applicationName name of the application
* @param owner owner of the application
* @param accessToken Access Token
* @return @{@link Application} Application object
* @throws KeyMgtException if any error occurs while retrieving the application
*/
private Application getApplication(String applicationName, String accessToken) throws KeyMgtException {
private io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application getApplication(String applicationName, String accessToken) throws KeyMgtException {
TokenInfo tokenInfo = new TokenInfo();
tokenInfo.setApiApplicationInfo(null);
@ -440,38 +438,26 @@ public class KeyMgtServiceImpl implements KeyMgtService {
KeyMgtDataHolder.getInstance().getConsumerRESTAPIServices();
io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application[] applications =
consumerRESTAPIServices.getAllApplications(tokenInfo, applicationName);
io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application applicationFromRestCall;
if (applications.length == 1) {
applicationFromRestCall = applications[0];
return applications[0];
} else {
String msg =
"Found invalid number of applications. No of applications found from the APIM: " + applications.length;
log.error(msg);
throw new KeyMgtException(msg);
}
Application application = null;
application.setUUID(applicationFromRestCall.getApplicationId());
application.setName(applicationFromRestCall.getName());
application.setDescription(applicationFromRestCall.getDescription());
application.setApplicationAttributes(applicationFromRestCall.getAttributes());
application.setTokenType(applicationFromRestCall.getTokenType());
application.setStatus(applicationFromRestCall.getStatus());
application.setSubscriptionCount(applicationFromRestCall.getSubscriptionCount());
application.setOwner(applicationFromRestCall.getOwner());
application.setIsBlackListed(applicationFromRestCall.isHashEnabled());
return application;
}
catch (io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.BadRequestException e) {
e.printStackTrace();
} catch (io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.BadRequestException e) {
msg = "Error while trying to retrieve the application";
log.error(msg);
log.error(msg, e);
throw new KeyMgtException(msg);
} catch (UnexpectedResponseException e) {
throw new KeyMgtException("");
msg = "Received invalid response for the API applications retrieving REST API call.";
log.error(msg, e);
throw new KeyMgtException(msg);
} catch (APIServicesException e) {
throw new KeyMgtException("");
msg = "Error occurred while processing the API Response.";
log.error(msg, e);
throw new KeyMgtException(msg);
}
}

@ -802,7 +802,7 @@ public class DeviceManagementServiceImpl implements DeviceManagementService {
KeyMgtService keyMgtService = new KeyMgtServiceImpl();
try {
//todo - lasantha - can't get password from here
ApiApplicationKey apiApplicationKey = null;
ApiApplicationKey apiApplicationKey;
try {
DCRResponse adminDCRResponse = keyMgtService.dynamicClientRegistration(applicationName,
PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm()

@ -218,8 +218,7 @@ public class JWTClientUtil {
long nbf = currentTimeMillis + jwtConfig.getValidityPeriodFromCurrentTime() * 60 * 1000;
String jti = jwtConfig.getJti();
if (jti == null) {
String defaultTokenId = currentTimeMillis + "" + new SecureRandom().nextInt();
jti = defaultTokenId;
jti = currentTimeMillis + "" + new SecureRandom().nextInt();
}
List<String> aud = jwtConfig.getAudiences();
//set up the basic claims
@ -273,8 +272,7 @@ public class JWTClientUtil {
JWSSigner signer = new RSASSASigner(rsaPrivateKey);
SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), claimsSet.build());
signedJWT.sign(signer);
String assertion = signedJWT.serialize();
return assertion;
return signedJWT.serialize();
} catch (KeyStoreException e) {
throw new JWTClientException("Failed loading the keystore.", e);
} catch (IOException e) {

Loading…
Cancel
Save