transferred mutual authenticator to jwt authenticator

revert-70aa11f8
ayyoob 8 years ago
parent ed7b67dd24
commit 87910bc92b

@ -286,6 +286,11 @@
<artifactId>org.wso2.carbon.application.mgt.stub</artifactId> <artifactId>org.wso2.carbon.application.mgt.stub</artifactId>
<scope>provided</scope> <scope>provided</scope>
</dependency> </dependency>
<dependency>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>org.wso2.carbon.identity.jwt.client.extension</artifactId>
<scope>provided</scope>
</dependency>
</dependencies> </dependencies>
</project> </project>

@ -18,8 +18,6 @@
*/ */
package org.wso2.carbon.device.mgt.jaxrs.service.impl.admin; package org.wso2.carbon.device.mgt.jaxrs.service.impl.admin;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMXMLBuilderFactory;
import org.apache.axis2.client.Options; import org.apache.axis2.client.Options;
import org.apache.axis2.java.security.SSLProtocolSocketFactory; import org.apache.axis2.java.security.SSLProtocolSocketFactory;
import org.apache.axis2.transport.http.HTTPConstants; import org.apache.axis2.transport.http.HTTPConstants;
@ -36,6 +34,7 @@ import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.util.Utils; import org.wso2.carbon.core.util.Utils;
import org.wso2.carbon.device.mgt.jaxrs.service.api.admin.DeviceTypePublisherAdminService; import org.wso2.carbon.device.mgt.jaxrs.service.api.admin.DeviceTypePublisherAdminService;
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils; import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils;
import org.wso2.carbon.identity.jwt.client.extension.JWTClient;
import org.wso2.carbon.registry.core.Registry; import org.wso2.carbon.registry.core.Registry;
import org.wso2.carbon.registry.core.Resource; import org.wso2.carbon.registry.core.Resource;
import org.wso2.carbon.registry.core.ResourceImpl; import org.wso2.carbon.registry.core.ResourceImpl;
@ -65,9 +64,14 @@ import java.util.List;
public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherAdminService { public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherAdminService {
/** /**
* required soap header for mutualSSL * required soap header for authorization
*/ */
private static final String USER_NAME_HEADER = "UserName"; private static final String AUTHORIZATION_HEADER = "Authorization";
/**
* required soap header value for mutualSSL
*/
private static final String AUTHORIZATION_HEADER_VALUE = "Bearer";
private static final String KEY_STORE_TYPE = "JKS"; private static final String KEY_STORE_TYPE = "JKS";
/** /**
@ -129,22 +133,16 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA
//Call to load the TrustStore. //Call to load the TrustStore.
loadTrustStore(trustStoreLocation, trustStorePassword); loadTrustStore(trustStoreLocation, trustStorePassword);
//Create the SSL context with the loaded TrustStore/keystore. //Create the SSL context with the loaded TrustStore/keystore.
initMutualSSLConnection(); initSSLConnection();
JWTClient jwtClient = DeviceMgtAPIUtils.getJWTClientManagerService().getJWTClient();
//Constructing the soap header that required for mutual SSL
String strHeader =
"<m:UserName soapenv:mustUnderstand=\"0\" xmlns:m=\"http://mutualssl.carbon.wso2.org\" " +
"xmlns:soapenv=\"http://www.w3.org/2001/12/soap-envelope\" >'" + tenantAdminUser +
"'</m:UserName>";
InputStream is = new ByteArrayInputStream(strHeader.getBytes()); String authValue = AUTHORIZATION_HEADER_VALUE + " " + new String(Base64.encodeBase64(
OMElement header = OMXMLBuilderFactory.createOMBuilder(is).getDocumentElement(); jwtClient.getJwtToken(tenantAdminUser).getBytes()));
List<Header> list = new ArrayList<Header>(); List<Header> list = new ArrayList<Header>();
Header httpHeader = new Header(); Header httpHeader = new Header();
httpHeader.setName(USER_NAME_HEADER); httpHeader.setName(AUTHORIZATION_HEADER);
byte[] encodedBytes = Base64.encodeBase64(tenantAdminUser.getBytes()); httpHeader.setValue(authValue);
httpHeader.setValue(new String(encodedBytes));
list.add(httpHeader);//"https" list.add(httpHeader);//"https"
File directory = new File(CAR_FILE_LOCATION + File.separator + type); File directory = new File(CAR_FILE_LOCATION + File.separator + type);
@ -153,7 +151,6 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA
if (uploadedFileItems.length > 0) { if (uploadedFileItems.length > 0) {
CarbonAppUploaderStub carbonAppUploaderStub = new CarbonAppUploaderStub(Utils.replaceSystemProperty( CarbonAppUploaderStub carbonAppUploaderStub = new CarbonAppUploaderStub(Utils.replaceSystemProperty(
IOT_MGT_URL)); IOT_MGT_URL));
carbonAppUploaderStub._getServiceClient().addHeader(header);
Options appUploaderOptions = carbonAppUploaderStub._getServiceClient().getOptions(); Options appUploaderOptions = carbonAppUploaderStub._getServiceClient().getOptions();
if (appUploaderOptions == null) { if (appUploaderOptions == null) {
appUploaderOptions = new Options(); appUploaderOptions = new Options();
@ -168,7 +165,6 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA
if (!DEVICE_MANAGEMENT_TYPE.equals(type.toLowerCase())) { if (!DEVICE_MANAGEMENT_TYPE.equals(type.toLowerCase())) {
carbonAppUploaderStub = new CarbonAppUploaderStub(Utils.replaceSystemProperty(DAS_URL)); carbonAppUploaderStub = new CarbonAppUploaderStub(Utils.replaceSystemProperty(DAS_URL));
carbonAppUploaderStub._getServiceClient().addHeader(header);
appUploaderOptions = carbonAppUploaderStub._getServiceClient().getOptions(); appUploaderOptions = carbonAppUploaderStub._getServiceClient().getOptions();
if (appUploaderOptions == null) { if (appUploaderOptions == null) {
appUploaderOptions = new Options(); appUploaderOptions = new Options();
@ -297,7 +293,7 @@ public class DeviceTypePublisherAdminServiceImpl implements DeviceTypePublisherA
/** /**
* Initializes the SSL Context * Initializes the SSL Context
*/ */
private void initMutualSSLConnection() throws NoSuchAlgorithmException, UnrecoverableKeyException, private void initSSLConnection() throws NoSuchAlgorithmException, UnrecoverableKeyException,
KeyStoreException, KeyManagementException { KeyStoreException, KeyManagementException {
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KEY_MANAGER_TYPE); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KEY_MANAGER_TYPE);
keyManagerFactory.init(keyStore, keyStorePassword); keyManagerFactory.init(keyStore, keyStorePassword);

@ -36,6 +36,7 @@ import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
import org.wso2.carbon.device.mgt.core.service.GroupManagementProviderService; import org.wso2.carbon.device.mgt.core.service.GroupManagementProviderService;
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.InputValidationException; import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.InputValidationException;
import org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService;
import org.wso2.carbon.policy.mgt.common.PolicyMonitoringTaskException; import org.wso2.carbon.policy.mgt.common.PolicyMonitoringTaskException;
import org.wso2.carbon.policy.mgt.core.PolicyManagerService; import org.wso2.carbon.policy.mgt.core.PolicyManagerService;
import org.wso2.carbon.policy.mgt.core.task.TaskScheduleService; import org.wso2.carbon.policy.mgt.core.task.TaskScheduleService;
@ -168,6 +169,18 @@ public class DeviceMgtAPIUtils {
return registryService; return registryService;
} }
public static JWTClientManagerService getJWTClientManagerService() {
JWTClientManagerService jwtClientManagerService;
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
jwtClientManagerService = (JWTClientManagerService) ctx.getOSGiService(JWTClientManagerService.class, null);
if (jwtClientManagerService == null) {
String msg = "jwtClientManagerServicehas not initialized.";
log.error(msg);
throw new IllegalStateException(msg);
}
return jwtClientManagerService;
}
/** /**
* Getting the current tenant's user realm * Getting the current tenant's user realm
*/ */

@ -72,6 +72,10 @@ public class JWTClientUtil {
private static final String JWT_CONFIG_FILE_NAME = "jwt.properties"; private static final String JWT_CONFIG_FILE_NAME = "jwt.properties";
private static final String SUPERTENANT_JWT_CONFIG_LOCATION = private static final String SUPERTENANT_JWT_CONFIG_LOCATION =
CarbonUtils.getEtcCarbonConfigDirPath() + File.separator + JWT_CONFIG_FILE_NAME; CarbonUtils.getEtcCarbonConfigDirPath() + File.separator + JWT_CONFIG_FILE_NAME;
/**
* This is added for the carbon authenticator.
*/
public static final String SIGNED_JWT_AUTH_USERNAME = "Username";
/** /**
* Return a http client instance * Return a http client instance
@ -226,10 +230,11 @@ public class JWTClientUtil {
claimsSet.setIssueTime(new Date(iat)); claimsSet.setIssueTime(new Date(iat));
claimsSet.setExpirationTime(new Date(exp)); claimsSet.setExpirationTime(new Date(exp));
claimsSet.setIssuer(iss); claimsSet.setIssuer(iss);
claimsSet.setSubject(username); claimsSet.setSubject(username);
claimsSet.setNotBeforeTime(new Date(nbf)); claimsSet.setNotBeforeTime(new Date(nbf));
claimsSet.setJWTID(jti); claimsSet.setJWTID(jti);
claimsSet.setAudience(aud); claimsSet.setAudience(aud);
claimsSet.setClaim(SIGNED_JWT_AUTH_USERNAME, username);
if (customClaims != null && !customClaims.isEmpty()) { if (customClaims != null && !customClaims.isEmpty()) {
for (String key : customClaims.keySet()) { for (String key : customClaims.keySet()) {
claimsSet.setClaim(key, customClaims.get(key)); claimsSet.setClaim(key, customClaims.get(key));

Loading…
Cancel
Save