Merge pull request #544 from geethkokila/release-2.0.x

Adding support for identifying the device type from the url
revert-70aa11f8
Rasika Perera 8 years ago committed by GitHub
commit 24a7179c4b

@ -38,6 +38,7 @@ import java.net.URI;
import java.net.URISyntaxException; import java.net.URISyntaxException;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
import java.util.StringTokenizer;
/** /**
* Synapse gateway handler for API authentication. * Synapse gateway handler for API authentication.
@ -48,6 +49,12 @@ public class AuthenticationHandler extends AbstractHandler {
private HandlerDescription handlerDesc; private HandlerDescription handlerDesc;
private RESTInvoker restInvoker; private RESTInvoker restInvoker;
private static final String X_JWT_ASSERTION = "X-JWT-Assertion";
private static final String JWTTOKEN = "JWTToken";
private static final String AUTHORIZATION = "Authorization";
private static final String BEARER = "Bearer ";
private static final String CONTENT_TYPE = "Content-Type";
private IOTServerConfiguration iotServerConfiguration; private IOTServerConfiguration iotServerConfiguration;
/** /**
@ -62,6 +69,7 @@ public class AuthenticationHandler extends AbstractHandler {
/** /**
* Handling the message and checking the security. * Handling the message and checking the security.
*
* @param messageContext * @param messageContext
* @return * @return
*/ */
@ -84,14 +92,9 @@ public class AuthenticationHandler extends AbstractHandler {
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug("Verify Cert:\n" + mdmSignature); log.debug("Verify Cert:\n" + mdmSignature);
} }
String accessToken = Utils.getAccessToken(iotServerConfiguration);
String deviceType = this.getDeviceType(messageContext.getTo().getAddress().trim()); String deviceType = this.getDeviceType(messageContext.getTo().getAddress().trim());
URI certVerifyUrl = new URI(iotServerConfiguration.getVerificationEndpoint() + deviceType); URI certVerifyUrl = new URI(iotServerConfiguration.getVerificationEndpoint() + deviceType);
Map<String, String> certVerifyHeaders = this.setHeaders();
Map<String, String> certVerifyHeaders = new HashMap<>();
certVerifyHeaders.put("Authorization", "Bearer " + accessToken);
certVerifyHeaders.put("Content-Type", "application/json");
Certificate certificate = new Certificate(); Certificate certificate = new Certificate();
certificate.setPem(mdmSignature); certificate.setPem(mdmSignature);
@ -104,15 +107,16 @@ public class AuthenticationHandler extends AbstractHandler {
null, certVerifyContent); null, certVerifyContent);
String str = response.getContent(); String str = response.getContent();
if (str.contains("JWTToken")) {
ValidationResponce validationResponce = gson.fromJson(str, ValidationResponce.class);
// TODO: send the JWT token with user details.
// headers.put("X-JWT-Assertion", validationResponce.getJWTToken());
}
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug("Verify response:" + response.getContent()); log.debug("Verify response:" + response.getContent());
log.debug("Response String : " + str); log.debug("Response String : " + str);
} }
if (response.getHttpStatus() == 200 && str.contains(JWTTOKEN)) {
ValidationResponce validationResponce = gson.fromJson(str, ValidationResponce.class);
headers.put(X_JWT_ASSERTION, validationResponce.getJWTToken());
} else {
return false;
}
} else if (headers.containsKey(AuthConstants.PROXY_MUTUAL_AUTH_HEADER)) { } else if (headers.containsKey(AuthConstants.PROXY_MUTUAL_AUTH_HEADER)) {
String subjectDN = headers.get(AuthConstants.PROXY_MUTUAL_AUTH_HEADER).toString(); String subjectDN = headers.get(AuthConstants.PROXY_MUTUAL_AUTH_HEADER).toString();
@ -120,12 +124,10 @@ public class AuthenticationHandler extends AbstractHandler {
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug("Verify subject DN: " + subjectDN); log.debug("Verify subject DN: " + subjectDN);
} }
String accessToken = Utils.getAccessToken(iotServerConfiguration);
String deviceType = this.getDeviceType(messageContext.getTo().getAddress().trim()); String deviceType = this.getDeviceType(messageContext.getTo().getAddress().trim());
URI certVerifyUrl = new URI(iotServerConfiguration.getVerificationEndpoint() + deviceType); URI certVerifyUrl = new URI(iotServerConfiguration.getVerificationEndpoint() + deviceType);
Map<String, String> certVerifyHeaders = new HashMap<>(); Map<String, String> certVerifyHeaders = this.setHeaders();
certVerifyHeaders.put("Authorization", "Bearer " + accessToken);
certVerifyHeaders.put("Content-Type", "application/json");
Certificate certificate = new Certificate(); Certificate certificate = new Certificate();
certificate.setPem(subjectDN); certificate.setPem(subjectDN);
certificate.setTenantId(tenantId); certificate.setTenantId(tenantId);
@ -143,11 +145,9 @@ public class AuthenticationHandler extends AbstractHandler {
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug("Verify Cert:\n" + encodedPem); log.debug("Verify Cert:\n" + encodedPem);
} }
String accessToken = Utils.getAccessToken(iotServerConfiguration); String deviceType = this.getDeviceType(messageContext.getTo().getAddress().trim());
URI certVerifyUrl = new URI(iotServerConfiguration.getVerificationEndpoint() + "android"); URI certVerifyUrl = new URI(iotServerConfiguration.getVerificationEndpoint() + deviceType);
Map<String, String> certVerifyHeaders = new HashMap<>(); Map<String, String> certVerifyHeaders = this.setHeaders();
certVerifyHeaders.put("Authorization", "Bearer " + accessToken);
certVerifyHeaders.put("Content-Type", "application/json");
Certificate certificate = new Certificate(); Certificate certificate = new Certificate();
certificate.setPem(encodedPem); certificate.setPem(encodedPem);
@ -188,13 +188,21 @@ public class AuthenticationHandler extends AbstractHandler {
} }
// TODO : take this from the url.
private String getDeviceType(String url) { private String getDeviceType(String url) {
if (url.contains("ios")) { StringTokenizer parts = new StringTokenizer(url, "/");
return "ios"; while (parts.hasMoreElements()) {
} else if (url.contains("android")) { if (parts.nextElement().equals("api")) {
return "android"; return (String) parts.nextElement();
} else return null; }
}
return null;
}
private Map<String, String> setHeaders() throws APIMCertificateMGTException {
Map<String, String> map = new HashMap<>();
String accessToken = Utils.getAccessToken(iotServerConfiguration);
map.put(AUTHORIZATION, BEARER + accessToken);
map.put(CONTENT_TYPE, "application/json");
return map;
} }
} }

@ -27,7 +27,9 @@ import javax.ws.rs.*;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Map;
@Path("/admin/certificates") @Path("/admin/certificates")
public class CertificateManagementAdminServiceImpl implements CertificateManagementAdminService { public class CertificateManagementAdminServiceImpl implements CertificateManagementAdminService {
@ -230,10 +232,20 @@ public class CertificateManagementAdminServiceImpl implements CertificateManagem
deviceIdentifier.setId(challengeToken); deviceIdentifier.setId(challengeToken);
deviceIdentifier.setType(DeviceManagementConstants.MobileDeviceTypes.MOBILE_DEVICE_TYPE_IOS); deviceIdentifier.setType(DeviceManagementConstants.MobileDeviceTypes.MOBILE_DEVICE_TYPE_IOS);
TenantedDeviceWrapper tenantedDeviceWrapper = scepManager.getValidatedDevice(deviceIdentifier); TenantedDeviceWrapper tenantedDeviceWrapper = scepManager.getValidatedDevice(deviceIdentifier);
//
// var claims = {"http://wso2.org/claims/enduserTenantId": adminUserTenantId,
// "http://wso2.org/claims/enduser": adminUsername};
Map<String, String> claims = new HashMap<>();
claims.put("http://wso2.org/claims/enduserTenantId", String.valueOf(tenantedDeviceWrapper.getTenantId()));
claims.put("http://wso2.org/claims/enduser", tenantedDeviceWrapper.getDevice().getEnrolmentInfo().getOwner());
claims.put("http://wso2.org/claims/deviceIdentifier", tenantedDeviceWrapper.getDevice().getDeviceIdentifier());
claims.put("http://wso2.org/claims/deviceIdType", tenantedDeviceWrapper.getDevice().getType());
JWTClientManagerService jwtClientManagerService = CertificateMgtAPIUtils.getJwtClientManagerService(); JWTClientManagerService jwtClientManagerService = CertificateMgtAPIUtils.getJwtClientManagerService();
String jwdToken = jwtClientManagerService.getJWTClient().getJwtToken( String jwdToken = jwtClientManagerService.getJWTClient().getJwtToken(
tenantedDeviceWrapper.getDevice().getEnrolmentInfo().getOwner()); tenantedDeviceWrapper.getDevice().getEnrolmentInfo().getOwner(), claims);
ValidationResponce validationResponce = new ValidationResponce(); ValidationResponce validationResponce = new ValidationResponce();
validationResponce.setDeviceId(challengeToken); validationResponce.setDeviceId(challengeToken);

Loading…
Cancel
Save