Adding support for identifying the device type from the url

components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/main/java/org/wso2/carbon/apimgt/handlers/AuthenticationHandler.java

@@ -38,6 +38,7 @@ import java.net.URI;
 import java.net.URISyntaxException;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.StringTokenizer;
 
 /**
  * Synapse gateway handler for API authentication.
@@ -48,6 +49,12 @@ public class AuthenticationHandler extends AbstractHandler {
     private HandlerDescription handlerDesc;
     private RESTInvoker restInvoker;
 
+    private static final String X_JWT_ASSERTION  = "X-JWT-Assertion";
+    private static final String JWTTOKEN = "JWTToken";
+    private static final String AUTHORIZATION = "Authorization";
+    private static final String BEARER = "Bearer ";
+    private static final String CONTENT_TYPE = "Content-Type";
+
     private IOTServerConfiguration iotServerConfiguration;
 
     /**
@@ -62,6 +69,7 @@ public class AuthenticationHandler extends AbstractHandler {
 
     /**
      * Handling the message and checking the security.
+     *
      * @param messageContext
      * @return
      */
@@ -84,14 +92,9 @@ public class AuthenticationHandler extends AbstractHandler {
                 if (log.isDebugEnabled()) {
                     log.debug("Verify Cert:\n" + mdmSignature);
                 }
-                String accessToken = Utils.getAccessToken(iotServerConfiguration);
-
                 String deviceType = this.getDeviceType(messageContext.getTo().getAddress().trim());
                 URI certVerifyUrl = new URI(iotServerConfiguration.getVerificationEndpoint() + deviceType);
-
+                Map<String, String> certVerifyHeaders = this.setHeaders();
-                Map<String, String> certVerifyHeaders = new HashMap<>();
-                certVerifyHeaders.put("Authorization", "Bearer " + accessToken);
-                certVerifyHeaders.put("Content-Type", "application/json");
 
                 Certificate certificate = new Certificate();
                 certificate.setPem(mdmSignature);
@@ -104,15 +107,16 @@ public class AuthenticationHandler extends AbstractHandler {
                         null, certVerifyContent);
 
                 String str = response.getContent();
-                if (str.contains("JWTToken")) {
-                    ValidationResponce validationResponce = gson.fromJson(str, ValidationResponce.class);
-                    // TODO: send the JWT token with user details.
-                    // headers.put("X-JWT-Assertion", validationResponce.getJWTToken());
-                }
                 if (log.isDebugEnabled()) {
                     log.debug("Verify response:" + response.getContent());
                     log.debug("Response String : " + str);
                 }
+                if (response.getHttpStatus() == 200 && str.contains(JWTTOKEN)) {
+                    ValidationResponce validationResponce = gson.fromJson(str, ValidationResponce.class);
+                    headers.put(X_JWT_ASSERTION, validationResponce.getJWTToken());
+                } else {
+                    return false;
+                }
 
             } else if (headers.containsKey(AuthConstants.PROXY_MUTUAL_AUTH_HEADER)) {
                 String subjectDN = headers.get(AuthConstants.PROXY_MUTUAL_AUTH_HEADER).toString();
@@ -120,12 +124,10 @@ public class AuthenticationHandler extends AbstractHandler {
                 if (log.isDebugEnabled()) {
                     log.debug("Verify subject DN: " + subjectDN);
                 }
-                String accessToken = Utils.getAccessToken(iotServerConfiguration);
+
                 String deviceType = this.getDeviceType(messageContext.getTo().getAddress().trim());
                 URI certVerifyUrl = new URI(iotServerConfiguration.getVerificationEndpoint() + deviceType);
-                Map<String, String> certVerifyHeaders = new HashMap<>();
+                Map<String, String> certVerifyHeaders = this.setHeaders();
-                certVerifyHeaders.put("Authorization", "Bearer " + accessToken);
-                certVerifyHeaders.put("Content-Type", "application/json");
                 Certificate certificate = new Certificate();
                 certificate.setPem(subjectDN);
                 certificate.setTenantId(tenantId);
@@ -143,11 +145,9 @@ public class AuthenticationHandler extends AbstractHandler {
                 if (log.isDebugEnabled()) {
                     log.debug("Verify Cert:\n" + encodedPem);
                 }
-                String accessToken = Utils.getAccessToken(iotServerConfiguration);
+                String deviceType = this.getDeviceType(messageContext.getTo().getAddress().trim());
-                URI certVerifyUrl = new URI(iotServerConfiguration.getVerificationEndpoint() + "android");
+                URI certVerifyUrl = new URI(iotServerConfiguration.getVerificationEndpoint() + deviceType);
-                Map<String, String> certVerifyHeaders = new HashMap<>();
+                Map<String, String> certVerifyHeaders = this.setHeaders();
-                certVerifyHeaders.put("Authorization", "Bearer " + accessToken);
-                certVerifyHeaders.put("Content-Type", "application/json");
 
                 Certificate certificate = new Certificate();
                 certificate.setPem(encodedPem);
@@ -188,13 +188,21 @@ public class AuthenticationHandler extends AbstractHandler {
     }
 
 
-    // TODO : take this from the url.
     private String getDeviceType(String url) {
-        if (url.contains("ios")) {
+        StringTokenizer parts = new StringTokenizer(url, "/");
-            return "ios";
+        while (parts.hasMoreElements()) {
-        } else if (url.contains("android")) {
+            if (parts.nextElement().equals("api")) {
-            return "android";
+                return (String) parts.nextElement();
-        } else return null;
+            }
+        }
+        return null;
+    }
 
+    private Map<String, String> setHeaders() throws APIMCertificateMGTException {
+        Map<String, String> map = new HashMap<>();
+        String accessToken = Utils.getAccessToken(iotServerConfiguration);
+        map.put(AUTHORIZATION, BEARER + accessToken);
+        map.put(CONTENT_TYPE, "application/json");
+        return map;
     }
 }

components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/impl/CertificateManagementAdminServiceImpl.java

@@ -27,7 +27,9 @@ import javax.ws.rs.*;
 import javax.ws.rs.core.Response;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 
 @Path("/admin/certificates")
 public class CertificateManagementAdminServiceImpl implements CertificateManagementAdminService {
@@ -230,10 +232,20 @@ public class CertificateManagementAdminServiceImpl implements CertificateManagem
                     deviceIdentifier.setId(challengeToken);
                     deviceIdentifier.setType(DeviceManagementConstants.MobileDeviceTypes.MOBILE_DEVICE_TYPE_IOS);
                     TenantedDeviceWrapper tenantedDeviceWrapper = scepManager.getValidatedDevice(deviceIdentifier);
+//
+//                    var claims = {"http://wso2.org/claims/enduserTenantId": adminUserTenantId,
+//                            "http://wso2.org/claims/enduser": adminUsername};
+
+                    Map<String, String> claims = new HashMap<>();
+
+                    claims.put("http://wso2.org/claims/enduserTenantId", String.valueOf(tenantedDeviceWrapper.getTenantId()));
+                    claims.put("http://wso2.org/claims/enduser", tenantedDeviceWrapper.getDevice().getEnrolmentInfo().getOwner());
+                    claims.put("http://wso2.org/claims/deviceIdentifier", tenantedDeviceWrapper.getDevice().getDeviceIdentifier());
+                    claims.put("http://wso2.org/claims/deviceIdType", tenantedDeviceWrapper.getDevice().getType());
 
                     JWTClientManagerService jwtClientManagerService = CertificateMgtAPIUtils.getJwtClientManagerService();
                     String jwdToken = jwtClientManagerService.getJWTClient().getJwtToken(
-                            tenantedDeviceWrapper.getDevice().getEnrolmentInfo().getOwner());
+                            tenantedDeviceWrapper.getDevice().getEnrolmentInfo().getOwner(), claims);
 
                     ValidationResponce validationResponce = new ValidationResponce();
                     validationResponce.setDeviceId(challengeToken);