From 8ea49320196101f01af045abde085b63267404e4 Mon Sep 17 00:00:00 2001 From: pasindu Date: Thu, 13 Jul 2023 12:20:48 +0530 Subject: [PATCH] Fixes in JWT token generation --- .../APIManagementProviderServiceImpl.java | 9 +++++-- .../rest/api/APIApplicationServices.java | 5 ++-- .../rest/api/APIApplicationServicesImpl.java | 12 ++++----- .../rest/api/constants/Constants.java | 2 -- .../extension/service/KeyMgtServiceImpl.java | 2 +- .../publisher/APIPublisherServiceImpl.java | 10 +++++-- .../impl/DeviceManagementServiceImpl.java | 27 ++++++++++++------- .../mgt/api/jaxrs/util/DeviceMgtAPIUtils.java | 21 +++++++++++++++ 8 files changed, 64 insertions(+), 24 deletions(-) diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.application.extension/src/main/java/io/entgra/device/mgt/core/apimgt/application/extension/APIManagementProviderServiceImpl.java b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.application.extension/src/main/java/io/entgra/device/mgt/core/apimgt/application/extension/APIManagementProviderServiceImpl.java index f57d7db079..b4a1f11e14 100644 --- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.application.extension/src/main/java/io/entgra/device/mgt/core/apimgt/application/extension/APIManagementProviderServiceImpl.java +++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.application.extension/src/main/java/io/entgra/device/mgt/core/apimgt/application/extension/APIManagementProviderServiceImpl.java @@ -800,9 +800,14 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.AccessTokenInfo accessTokenInfo; try { if (username == null || password == null) { - apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials(); + apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials( + "ClientForConsumerRestCalls", + "client_credentials password refresh_token urn:ietf:params:oauth:grant-type:jwt-bearer"); } else { - apiApplicationKey = apiApplicationServices.generateAndRetrieveApplicationKeys(username, password); + apiApplicationKey = apiApplicationServices.generateAndRetrieveApplicationKeys( + "ClientForConsumerRestCalls", + username, password, + "client_credentials password refresh_token urn:ietf:params:oauth:grant-type:jwt-bearer"); } accessTokenInfo = apiApplicationServices.generateAccessTokenFromRegisteredApplication( apiApplicationKey.getClientId(), apiApplicationKey.getClientSecret()); diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.extension.rest.api/src/main/java/io/entgra/device/mgt/core/apimgt/extension/rest/api/APIApplicationServices.java b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.extension.rest.api/src/main/java/io/entgra/device/mgt/core/apimgt/extension/rest/api/APIApplicationServices.java index 1cdceff56a..f5cc8b3ec1 100644 --- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.extension.rest.api/src/main/java/io/entgra/device/mgt/core/apimgt/extension/rest/api/APIApplicationServices.java +++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.extension.rest.api/src/main/java/io/entgra/device/mgt/core/apimgt/extension/rest/api/APIApplicationServices.java @@ -24,9 +24,10 @@ import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.APIService public interface APIApplicationServices { - APIApplicationKey createAndRetrieveApplicationCredentials() throws APIServicesException; + APIApplicationKey createAndRetrieveApplicationCredentials(String clientName, String grantType) + throws APIServicesException; - APIApplicationKey generateAndRetrieveApplicationKeys(String username, String password) + APIApplicationKey generateAndRetrieveApplicationKeys(String clientName, String username, String password, String grantType) throws APIServicesException; AccessTokenInfo generateAccessTokenFromRegisteredApplication(String clientId, String clientSecret) throws APIServicesException; diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.extension.rest.api/src/main/java/io/entgra/device/mgt/core/apimgt/extension/rest/api/APIApplicationServicesImpl.java b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.extension.rest.api/src/main/java/io/entgra/device/mgt/core/apimgt/extension/rest/api/APIApplicationServicesImpl.java index 9dbd5f52cc..a03f81d086 100644 --- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.extension.rest.api/src/main/java/io/entgra/device/mgt/core/apimgt/extension/rest/api/APIApplicationServicesImpl.java +++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.extension.rest.api/src/main/java/io/entgra/device/mgt/core/apimgt/extension/rest/api/APIApplicationServicesImpl.java @@ -44,7 +44,7 @@ public class APIApplicationServicesImpl implements APIApplicationServices { getAPIManagerConfigurationService().getAPIManagerConfiguration(); @Override - public APIApplicationKey createAndRetrieveApplicationCredentials() + public APIApplicationKey createAndRetrieveApplicationCredentials(String clientName, String grantType) throws APIServicesException { String applicationEndpoint = config.getFirstProperty(Constants.DCR_END_POINT); @@ -53,8 +53,8 @@ public class APIApplicationServicesImpl implements APIApplicationServices { JSONObject jsonObject = new JSONObject(); jsonObject.put("callbackUrl", Constants.EMPTY_STRING); - jsonObject.put("clientName", Constants.CLIENT_NAME); - jsonObject.put("grantType", Constants.GRANT_TYPE); + jsonObject.put("clientName", clientName); + jsonObject.put("grantType", grantType); jsonObject.put("owner", serverUser); jsonObject.put("saasApp", true); @@ -75,15 +75,15 @@ public class APIApplicationServicesImpl implements APIApplicationServices { } @Override - public APIApplicationKey generateAndRetrieveApplicationKeys(String username, String password) + public APIApplicationKey generateAndRetrieveApplicationKeys(String clientName, String username, String password, String grantType) throws APIServicesException { String applicationEndpoint = config.getFirstProperty(Constants.DCR_END_POINT); JSONObject jsonObject = new JSONObject(); jsonObject.put("callbackUrl", Constants.EMPTY_STRING); - jsonObject.put("clientName", username); - jsonObject.put("grantType", Constants.GRANT_TYPE); + jsonObject.put("clientName", clientName); + jsonObject.put("grantType", grantType); jsonObject.put("owner", username); jsonObject.put("saasApp", true); diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.extension.rest.api/src/main/java/io/entgra/device/mgt/core/apimgt/extension/rest/api/constants/Constants.java b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.extension.rest.api/src/main/java/io/entgra/device/mgt/core/apimgt/extension/rest/api/constants/Constants.java index 6c3cf21c89..6ca26f74f0 100644 --- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.extension.rest.api/src/main/java/io/entgra/device/mgt/core/apimgt/extension/rest/api/constants/Constants.java +++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.extension.rest.api/src/main/java/io/entgra/device/mgt/core/apimgt/extension/rest/api/constants/Constants.java @@ -27,10 +27,8 @@ public final class Constants { public static final String AMPERSAND = "&"; public static final String SLASH = "/"; public static final String EQUAL = "="; - public static final String CLIENT_NAME = "rest_api_publisher_code"; public static final String SERVER_USER = "WorkflowConfigurations.ServerUser"; public static final String SERVER_PASSWORD = "WorkflowConfigurations.ServerPassword"; - public static final String GRANT_TYPE = "client_credentials password refresh_token"; public static final String REFRESH_TOKEN_GRANT_TYPE_PARAM_NAME = "refresh_token"; public static final String OAUTH_EXPIRES_IN = "expires_in"; public static final String OAUTH_TOKEN_SCOPE = "scope"; diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.keymgt.extension/src/main/java/io/entgra/device/mgt/core/apimgt/keymgt/extension/service/KeyMgtServiceImpl.java b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.keymgt.extension/src/main/java/io/entgra/device/mgt/core/apimgt/keymgt/extension/service/KeyMgtServiceImpl.java index 69f51fff56..63e42132f0 100644 --- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.keymgt.extension/src/main/java/io/entgra/device/mgt/core/apimgt/keymgt/extension/service/KeyMgtServiceImpl.java +++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.keymgt.extension/src/main/java/io/entgra/device/mgt/core/apimgt/keymgt/extension/service/KeyMgtServiceImpl.java @@ -344,7 +344,7 @@ public class KeyMgtServiceImpl implements KeyMgtService { Response response = client.newCall(request).execute(); return gson.fromJson(response.body().string(), OAuthApplication.class); } catch (IOException e) { - msg = "Error occurred while processing the response"; + msg = "Error occurred while processing the response" + e; throw new KeyMgtException(msg); } } diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherServiceImpl.java b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherServiceImpl.java index fe98a8cef8..e188ae799b 100644 --- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherServiceImpl.java +++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.webapp.publisher/src/main/java/io/entgra/device/mgt/core/apimgt/webapp/publisher/APIPublisherServiceImpl.java @@ -90,7 +90,10 @@ public class APIPublisherServiceImpl implements APIPublisherService { APIApplicationKey apiApplicationKey; AccessTokenInfo accessTokenInfo; try { - apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials(); + apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials( + "ClientForPublisherRestCalls", + "client_credentials password refresh_token" + ); accessTokenInfo = apiApplicationServices.generateAccessTokenFromRegisteredApplication( apiApplicationKey.getClientId(), apiApplicationKey.getClientSecret()); } catch (APIServicesException e) { @@ -403,7 +406,10 @@ public class APIPublisherServiceImpl implements APIPublisherService { APIApplicationKey apiApplicationKey; AccessTokenInfo accessTokenInfo; try { - apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials(); + apiApplicationKey = apiApplicationServices.createAndRetrieveApplicationCredentials( + "ClientForPublisherRestCalls", + "client_credentials password refresh_token" + ); accessTokenInfo = apiApplicationServices.generateAccessTokenFromRegisteredApplication( apiApplicationKey.getClientId(), apiApplicationKey.getClientSecret()); } catch (APIServicesException e) { diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/DeviceManagementServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/DeviceManagementServiceImpl.java index 09be7963fd..67042ede8b 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/DeviceManagementServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/DeviceManagementServiceImpl.java @@ -23,6 +23,11 @@ import io.entgra.device.mgt.core.apimgt.application.extension.APIManagementProvi import io.entgra.device.mgt.core.apimgt.application.extension.APIManagementProviderServiceImpl; import io.entgra.device.mgt.core.apimgt.application.extension.dto.ApiApplicationKey; import io.entgra.device.mgt.core.apimgt.application.extension.exception.APIManagerException; +import io.entgra.device.mgt.core.apimgt.application.extension.internal.APIApplicationManagerExtensionDataHolder; +import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServices; +import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServicesImpl; +import io.entgra.device.mgt.core.apimgt.extension.rest.api.dto.APIApplicationKey; +import io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.APIServicesException; import io.entgra.device.mgt.core.apimgt.keymgt.extension.DCRResponse; import io.entgra.device.mgt.core.apimgt.keymgt.extension.TokenRequest; import io.entgra.device.mgt.core.apimgt.keymgt.extension.TokenResponse; @@ -804,11 +809,12 @@ public class DeviceManagementServiceImpl implements DeviceManagementService { //todo - lasantha - can't get password from here ApiApplicationKey apiApplicationKey; try { - DCRResponse adminDCRResponse = keyMgtService.dynamicClientRegistration(applicationName, - PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm() - .getRealmConfiguration().getAdminUserName(), - "client_credentials", null, new String[] {"device_management"}, false, validityTime, PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm() - .getRealmConfiguration().getAdminPassword()); + + APIApplicationServices apiApplicationServices = DeviceMgtAPIUtils.getApiApplicationServices(); + APIApplicationKey adminDCRResponse = apiApplicationServices.createAndRetrieveApplicationCredentials( + "ClientForJWTTokenGeneration", + "client_credentials password refresh_token urn:ietf:params:oauth:grant-type:jwt-bearer" + ); PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); JWTClientManagerService jwtClientManagerService = (JWTClientManagerService) ctx. @@ -816,11 +822,14 @@ public class DeviceManagementServiceImpl implements DeviceManagementService { JWTClient jwtClient = jwtClientManagerService.getJWTClient(); AccessTokenInfo accessTokenInfo = jwtClient.getAccessToken(adminDCRResponse.getClientId(), adminDCRResponse.getClientSecret(), - username, "appm:subscribe"); + username, "appm:subscribe apim:admin apim:api_key apim:app_import_export apim:app_manage" + + " apim:store_settings apim:sub_alert_manage apim:sub_manage apim:subscribe openid perm:device:enroll " + + "perm:devices:details perm:devices:features perm:devices:search perm:devices:view perm:groups:groups " + + "perm:users:send-invitation"); APIManagementProviderService apiManagementProviderService = DeviceMgtAPIUtils.getAPIManagementService(); apiApplicationKey = apiManagementProviderService.generateAndRetrieveApplicationKeys(applicationName, - new String[] {"device_management"}, null, false, String.valueOf(validityTime), + new String[] {"device_management"}, "PRODUCTION", false, String.valueOf(validityTime), accessTokenInfo.getAccessToken()); } catch (JWTClientException e) { @@ -828,8 +837,8 @@ public class DeviceManagementServiceImpl implements DeviceManagementService { log.error(msg, e); return Response.serverError().entity( new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build(); - } catch (UserStoreException e) { - String msg = "Error while getting user credentials."; + } catch (APIServicesException e) { + String msg = "Error while generating api Application"; log.error(msg, e); return Response.serverError().entity( new ErrorResponse.ErrorResponseBuilder().setMessage(msg).build()).build(); diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/DeviceMgtAPIUtils.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/DeviceMgtAPIUtils.java index a297bffd48..f1a5db1156 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/DeviceMgtAPIUtils.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/util/DeviceMgtAPIUtils.java @@ -19,6 +19,7 @@ package io.entgra.device.mgt.core.device.mgt.api.jaxrs.util; import io.entgra.device.mgt.core.apimgt.application.extension.APIManagementProviderService; +import io.entgra.device.mgt.core.apimgt.extension.rest.api.APIApplicationServices; import io.entgra.device.mgt.core.apimgt.extension.rest.api.ConsumerRESTAPIServices; import io.entgra.device.mgt.core.application.mgt.common.services.ApplicationManager; import io.entgra.device.mgt.core.application.mgt.common.services.SubscriptionManager; @@ -157,6 +158,7 @@ public class DeviceMgtAPIUtils { private static volatile SubscriptionManager subscriptionManager; private static volatile ApplicationManager applicationManager; private static volatile ConsumerRESTAPIServices consumerRESTAPIServices; + private static volatile APIApplicationServices apiApplicationServices; private static volatile APIManagementProviderService apiManagementProviderService; static { @@ -410,6 +412,25 @@ public class DeviceMgtAPIUtils { return consumerRESTAPIServices; } + /** + * Initializing and accessing method for APIM API application REST API. + * + * @return APIApplicationServices instance + * @throws IllegalStateException if APIApplicationServices cannot be initialized + */ + public static synchronized APIApplicationServices getApiApplicationServices() { + if (apiApplicationServices == null) { + PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); + apiApplicationServices = (APIApplicationServices) ctx.getOSGiService(APIApplicationServices.class, null); + if (apiApplicationServices == null) { + String msg = "API application service has not initialized."; + log.error(msg); + throw new IllegalStateException(msg); + } + } + return apiApplicationServices; + } + /** * Initializing and accessing method for API management Provider Service. *