From 87910bc92bc4cc981207785a01645a7255d2a3b8 Mon Sep 17 00:00:00 2001 From: ayyoob Date: Wed, 8 Feb 2017 13:10:36 +0530 Subject: [PATCH] transferred mutual authenticator to jwt authenticator --- .../org.wso2.carbon.device.mgt.api/pom.xml | 5 +++ .../DeviceTypePublisherAdminServiceImpl.java | 34 ++++++++----------- .../mgt/jaxrs/util/DeviceMgtAPIUtils.java | 13 +++++++ .../client/extension/util/JWTClientUtil.java | 9 +++-- 4 files changed, 40 insertions(+), 21 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml b/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml index 11b998998d..56d1b5b78b 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/pom.xml @@ -286,6 +286,11 @@ org.wso2.carbon.application.mgt.stub provided + + org.wso2.carbon.devicemgt + org.wso2.carbon.identity.jwt.client.extension + provided + diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/admin/DeviceTypePublisherAdminServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/admin/DeviceTypePublisherAdminServiceImpl.java index 66548fee52..0efa036da0 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/admin/DeviceTypePublisherAdminServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/admin/DeviceTypePublisherAdminServiceImpl.java @@ -18,8 +18,6 @@ */ package org.wso2.carbon.device.mgt.jaxrs.service.impl.admin; -import org.apache.axiom.om.OMElement; -import org.apache.axiom.om.OMXMLBuilderFactory; import org.apache.axis2.client.Options; import org.apache.axis2.java.security.SSLProtocolSocketFactory; import org.apache.axis2.transport.http.HTTPConstants; @@ -36,6 +34,7 @@ import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.core.util.Utils; import org.wso2.carbon.device.mgt.jaxrs.service.api.admin.DeviceTypePublisherAdminService; import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils; +import org.wso2.carbon.identity.jwt.client.extension.JWTClient; import org.wso2.carbon.registry.core.Registry; import org.wso2.carbon.registry.core.Resource; import org.wso2.carbon.registry.core.ResourceImpl; @@ -65,9 +64,14 @@ import java.util.List; public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherAdminService { /** - * required soap header for mutualSSL + * required soap header for authorization */ - private static final String USER_NAME_HEADER = "UserName"; + private static final String AUTHORIZATION_HEADER = "Authorization"; + + /** + * required soap header value for mutualSSL + */ + private static final String AUTHORIZATION_HEADER_VALUE = "Bearer"; private static final String KEY_STORE_TYPE = "JKS"; /** @@ -129,22 +133,16 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA //Call to load the TrustStore. loadTrustStore(trustStoreLocation, trustStorePassword); //Create the SSL context with the loaded TrustStore/keystore. - initMutualSSLConnection(); - - //Constructing the soap header that required for mutual SSL - String strHeader = - "'" + tenantAdminUser + - "'"; + initSSLConnection(); + JWTClient jwtClient = DeviceMgtAPIUtils.getJWTClientManagerService().getJWTClient(); - InputStream is = new ByteArrayInputStream(strHeader.getBytes()); - OMElement header = OMXMLBuilderFactory.createOMBuilder(is).getDocumentElement(); + String authValue = AUTHORIZATION_HEADER_VALUE + " " + new String(Base64.encodeBase64( + jwtClient.getJwtToken(tenantAdminUser).getBytes())); List
list = new ArrayList
(); Header httpHeader = new Header(); - httpHeader.setName(USER_NAME_HEADER); - byte[] encodedBytes = Base64.encodeBase64(tenantAdminUser.getBytes()); - httpHeader.setValue(new String(encodedBytes)); + httpHeader.setName(AUTHORIZATION_HEADER); + httpHeader.setValue(authValue); list.add(httpHeader);//"https" File directory = new File(CAR_FILE_LOCATION + File.separator + type); @@ -153,7 +151,6 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA if (uploadedFileItems.length > 0) { CarbonAppUploaderStub carbonAppUploaderStub = new CarbonAppUploaderStub(Utils.replaceSystemProperty( IOT_MGT_URL)); - carbonAppUploaderStub._getServiceClient().addHeader(header); Options appUploaderOptions = carbonAppUploaderStub._getServiceClient().getOptions(); if (appUploaderOptions == null) { appUploaderOptions = new Options(); @@ -168,7 +165,6 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA if (!DEVICE_MANAGEMENT_TYPE.equals(type.toLowerCase())) { carbonAppUploaderStub = new CarbonAppUploaderStub(Utils.replaceSystemProperty(DAS_URL)); - carbonAppUploaderStub._getServiceClient().addHeader(header); appUploaderOptions = carbonAppUploaderStub._getServiceClient().getOptions(); if (appUploaderOptions == null) { appUploaderOptions = new Options(); @@ -297,7 +293,7 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA /** * Initializes the SSL Context */ - private void initMutualSSLConnection() throws NoSuchAlgorithmException, UnrecoverableKeyException, + private void initSSLConnection() throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, KeyManagementException { KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KEY_MANAGER_TYPE); keyManagerFactory.init(keyStore, keyStorePassword); diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/util/DeviceMgtAPIUtils.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/util/DeviceMgtAPIUtils.java index 2e562b03b3..87d055c34f 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/util/DeviceMgtAPIUtils.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/util/DeviceMgtAPIUtils.java @@ -36,6 +36,7 @@ import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; import org.wso2.carbon.device.mgt.core.service.GroupManagementProviderService; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.InputValidationException; +import org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService; import org.wso2.carbon.policy.mgt.common.PolicyMonitoringTaskException; import org.wso2.carbon.policy.mgt.core.PolicyManagerService; import org.wso2.carbon.policy.mgt.core.task.TaskScheduleService; @@ -168,6 +169,18 @@ public class DeviceMgtAPIUtils { return registryService; } + public static JWTClientManagerService getJWTClientManagerService() { + JWTClientManagerService jwtClientManagerService; + PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); + jwtClientManagerService = (JWTClientManagerService) ctx.getOSGiService(JWTClientManagerService.class, null); + if (jwtClientManagerService == null) { + String msg = "jwtClientManagerServicehas not initialized."; + log.error(msg); + throw new IllegalStateException(msg); + } + return jwtClientManagerService; + } + /** * Getting the current tenant's user realm */ diff --git a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/util/JWTClientUtil.java b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/util/JWTClientUtil.java index 20ff82c531..cbce86c405 100644 --- a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/util/JWTClientUtil.java +++ b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/util/JWTClientUtil.java @@ -72,6 +72,10 @@ public class JWTClientUtil { private static final String JWT_CONFIG_FILE_NAME = "jwt.properties"; private static final String SUPERTENANT_JWT_CONFIG_LOCATION = CarbonUtils.getEtcCarbonConfigDirPath() + File.separator + JWT_CONFIG_FILE_NAME; + /** + * This is added for the carbon authenticator. + */ + public static final String SIGNED_JWT_AUTH_USERNAME = "Username"; /** * Return a http client instance @@ -226,10 +230,11 @@ public class JWTClientUtil { claimsSet.setIssueTime(new Date(iat)); claimsSet.setExpirationTime(new Date(exp)); claimsSet.setIssuer(iss); - claimsSet.setSubject(username); - claimsSet.setNotBeforeTime(new Date(nbf)); + claimsSet.setSubject(username); + claimsSet.setNotBeforeTime(new Date(nbf)); claimsSet.setJWTID(jti); claimsSet.setAudience(aud); + claimsSet.setClaim(SIGNED_JWT_AUTH_USERNAME, username); if (customClaims != null && !customClaims.isEmpty()) { for (String key : customClaims.keySet()) { claimsSet.setClaim(key, customClaims.get(key));