From 342e201c4cc61057ff7191a560303b93f2962e6a Mon Sep 17 00:00:00 2001 From: Dharmakeerthi Lasantha Date: Tue, 20 Jun 2023 09:39:49 +0530 Subject: [PATCH] Add improvements to APIM application creating logic --- .../APIManagementProviderService.java | 40 +- .../APIManagementProviderServiceImpl.java | 670 +++++++++--------- .../extension/service/KeyMgtServiceImpl.java | 44 +- .../impl/DeviceManagementServiceImpl.java | 2 +- .../client/extension/util/JWTClientUtil.java | 6 +- 5 files changed, 382 insertions(+), 380 deletions(-) diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.application.extension/src/main/java/io/entgra/device/mgt/core/apimgt/application/extension/APIManagementProviderService.java b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.application.extension/src/main/java/io/entgra/device/mgt/core/apimgt/application/extension/APIManagementProviderService.java index 1e561ae465..14449cdf09 100644 --- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.application.extension/src/main/java/io/entgra/device/mgt/core/apimgt/application/extension/APIManagementProviderService.java +++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.application.extension/src/main/java/io/entgra/device/mgt/core/apimgt/application/extension/APIManagementProviderService.java @@ -33,22 +33,22 @@ public interface APIManagementProviderService { */ boolean isTierLoaded(); - /** - * Generate and retreive application keys. if the application does exist then - * create it and subscribe to apis that are grouped with the tags. - * - * @param apiApplicationName name of the application. - * @param tags tags of the apis that application needs to be subscribed. - * @param keyType of the application. - * @param username to whom the application is created - * @param isAllowedAllDomains application is allowed to all the tenants - * @param validityTime validity period of the application - * @return consumerkey and secrete of the created application. - * @throws APIManagerException - */ - ApiApplicationKey generateAndRetrieveApplicationKeys(String apiApplicationName, String tags[], - String keyType, String username, boolean isAllowedAllDomains, - String validityTime) throws APIManagerException; +// /** +// * Generate and retreive application keys. if the application does exist then +// * create it and subscribe to apis that are grouped with the tags. +// * +// * @param apiApplicationName name of the application. +// * @param tags tags of the apis that application needs to be subscribed. +// * @param keyType of the application. +// * @param username to whom the application is created +// * @param isAllowedAllDomains application is allowed to all the tenants +// * @param validityTime validity period of the application +// * @return consumerkey and secrete of the created application. +// * @throws APIManagerException +// */ +// ApiApplicationKey generateAndRetrieveApplicationKeys(String apiApplicationName, String tags[], +// String keyType, String username, boolean isAllowedAllDomains, +// String validityTime) throws APIManagerException; ApiApplicationKey generateAndRetrieveApplicationKeys(String applicationName, String[] tags, String keyType, String username, @@ -60,10 +60,10 @@ public interface APIManagementProviderService { boolean isAllowedAllDomains, String validityTime, String accessToken) throws APIManagerException; - /** - * Remove APIM Application. - */ - void removeAPIApplication(String applicationName, String username) throws APIManagerException; +// /** +// * Remove APIM Application. +// */ +// void removeAPIApplication(String applicationName, String username) throws APIManagerException; /** * To get access token for given scopes and for the given validity period diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.application.extension/src/main/java/io/entgra/device/mgt/core/apimgt/application/extension/APIManagementProviderServiceImpl.java b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.application.extension/src/main/java/io/entgra/device/mgt/core/apimgt/application/extension/APIManagementProviderServiceImpl.java index 3174473b70..730bb53c16 100644 --- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.application.extension/src/main/java/io/entgra/device/mgt/core/apimgt/application/extension/APIManagementProviderServiceImpl.java +++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.application.extension/src/main/java/io/entgra/device/mgt/core/apimgt/application/extension/APIManagementProviderServiceImpl.java @@ -54,7 +54,6 @@ import org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO; import org.wso2.carbon.apimgt.api.model.API; import org.wso2.carbon.apimgt.api.model.APIKey; import org.wso2.carbon.apimgt.api.model.ApiTypeWrapper; -import org.wso2.carbon.apimgt.api.model.Application; import org.wso2.carbon.apimgt.api.model.SubscribedAPI; import org.wso2.carbon.apimgt.api.model.Subscriber; import org.wso2.carbon.apimgt.impl.APIAdminImpl; @@ -97,23 +96,23 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe return false; } - @Override - public void removeAPIApplication(String applicationName, String username) throws APIManagerException { - - try { - APIConsumer apiConsumer = API_MANAGER_FACTORY.getAPIConsumer(username); - Application application = null; // todo:apim - apiConsumer.getApplicationsByName(username, applicationName, ""); -// curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" "https://localhost:9443/api/am/devportal/v3/applications?query=CalculatorApp" - if (application != null) { - // todo:apim - apiConsumer.removeApplication(application, username); - //curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -X DELETE "https://localhost:9443/api/am/devportal/v3/applications/896658a0-b4ee-4535-bbfa-806c894a4015" - } - } catch (APIManagementException e) { - throw new APIManagerException("Failed to remove api application : " + applicationName, e); - } - - - } +// @Override +// public void removeAPIApplication(String applicationName, String username) throws APIManagerException { +// +// try { +// APIConsumer apiConsumer = API_MANAGER_FACTORY.getAPIConsumer(username); +// Application application = null; // todo:apim - apiConsumer.getApplicationsByName(username, applicationName, ""); +//// curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" "https://localhost:9443/api/am/devportal/v3/applications?query=CalculatorApp" +// if (application != null) { +// // todo:apim - apiConsumer.removeApplication(application, username); +// //curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -X DELETE "https://localhost:9443/api/am/devportal/v3/applications/896658a0-b4ee-4535-bbfa-806c894a4015" +// } +// } catch (APIManagementException e) { +// throw new APIManagerException("Failed to remove api application : " + applicationName, e); +// } +// +// +// } @Override public synchronized ApiApplicationKey generateAndRetrieveApplicationKeys(String applicationName, String[] tags, @@ -123,8 +122,7 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe TokenInfo tokenInfo = new TokenInfo(); tokenInfo.setApiApplicationInfo(null); tokenInfo.setAccessToken(accessToken); - - return generateAndRetrieveApplicationKeys(applicationName, tags ,keyType, null, isAllowedAllDomains, validityTime, tokenInfo); + return generateAndRetrieveApplicationKeys(applicationName, tags ,keyType, isAllowedAllDomains, validityTime, tokenInfo); } @Override @@ -136,18 +134,16 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe ApiApplicationInfo applicationInfo = getApplicationInfo(username, password); - TokenInfo tokenInfo = new TokenInfo(); tokenInfo.setApiApplicationInfo(applicationInfo); tokenInfo.setAccessToken(null); - - return generateAndRetrieveApplicationKeys(applicationName, tags, keyType, username,isAllowedAllDomains, validityTime, tokenInfo); + return generateAndRetrieveApplicationKeys(applicationName, tags, keyType,isAllowedAllDomains, validityTime, tokenInfo); } private ApiApplicationKey generateAndRetrieveApplicationKeys(String applicationName, String[] tags, - String keyType, String username, - boolean isAllowedAllDomains, - String validityTime, TokenInfo tokenInfo) throws APIManagerException { + String keyType, + boolean isAllowedAllDomains, + String validityTime, TokenInfo tokenInfo) throws APIManagerException { ConsumerRESTAPIServices consumerRESTAPIServices = APIApplicationManagerExtensionDataHolder.getInstance().getConsumerRESTAPIServices(); @@ -175,88 +171,45 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application[] applications = consumerRESTAPIServices.getAllApplications(tokenInfo, applicationName); io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application application; - boolean isNewApplication = false; + MetadataManagementService metadataManagementService = APIApplicationManagerExtensionDataHolder.getInstance().getMetadataManagementService(); if (applications.length == 0) { - isNewApplication = true; - application = new io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application(); - application.setName(applicationName); - application = consumerRESTAPIServices.createApplication(tokenInfo, application); - addSubscriptions(application, uniqueApiList, tokenInfo); + return handleNewAPIApplication(applicationName, uniqueApiList, tokenInfo, keyType, validityTime); } else { if (applications.length == 1) { Optional applicationOpt = Arrays.stream(applications).findFirst(); application = applicationOpt.get(); - Subscription[] subscriptions = consumerRESTAPIServices.getAllSubscriptions(tokenInfo, application.getApplicationId()); - Arrays.stream(subscriptions).map(Subscription::getApiInfo).forEachOrdered(uniqueApiList::remove); - addSubscriptions(application, uniqueApiList, tokenInfo); - } else { - String msg = "Found more than one application for application name: " + applicationName; - log.error(msg); - throw new APIManagerException(msg); - } - } - MetadataManagementService metadataManagementService = APIApplicationManagerExtensionDataHolder.getInstance().getMetadataManagementService(); - if (isNewApplication) { - KeyManager[] keyManagers = consumerRESTAPIServices.getAllKeyManagers(tokenInfo); - KeyManager keyManager; - if (keyManagers.length == 1) { - keyManager = keyManagers[0]; - } else { - String msg = - "Found invalid number of key managers. No of key managers found from the APIM: " + keyManagers.length; - throw new APIManagerException(msg); - } - ApplicationKey applicationKey = consumerRESTAPIServices.generateApplicationKeys(tokenInfo, application.getApplicationId(), - keyManager.getName(), keyType, validityTime); - ApiApplicationKey apiApplicationKey = new ApiApplicationKey(); - apiApplicationKey.setConsumerKey(applicationKey.getConsumerKey()); - apiApplicationKey.setConsumerSecret(applicationKey.getConsumerSecret()); - - Metadata metaData = new Metadata(); - metaData.setMetaKey(applicationName); - String metaValue = application.getApplicationId() + ":" + applicationKey.getKeyMappingId(); - metaData.setMetaValue(metaValue); - try { - metadataManagementService.createMetadata(metaData); - return apiApplicationKey; - } catch (MetadataManagementException e) { - String msg = "Error occurred while creating the meta data entry for mata key: " + applicationName; - log.error(msg, e); - throw new APIManagerException(msg, e); - } catch (MetadataKeyAlreadyExistsException e) { - String msg = "Found duplicate meta value entry for meta key: " + applicationName; - log.error(msg, e); - throw new APIManagerException(msg, e); - } - } else { - try { Metadata metaData = metadataManagementService.retrieveMetadata(applicationName); if (metaData == null) { - String msg = "Couldn't find application key data from meta data mgt service. Meta key: " - + applicationName; - log.error(msg); - throw new APIManagerException(msg); - } - String[] metaValues = metaData.getMetaValue().split(":"); - if (metaValues.length != 2) { - String msg = "Found invalid Meta value for meta key: " + applicationName + ". Meta Value: " - + metaData.getMetaValue(); - log.error(msg); - throw new APIManagerException(msg); + // Todo add a comment + consumerRESTAPIServices.deleteApplication(tokenInfo, application.getApplicationId()); + return handleNewAPIApplication(applicationName, uniqueApiList, tokenInfo, keyType, validityTime); + } else { + Subscription[] subscriptions = consumerRESTAPIServices.getAllSubscriptions(tokenInfo, application.getApplicationId()); + Arrays.stream(subscriptions).map(Subscription::getApiInfo).forEachOrdered(uniqueApiList::remove); + addSubscriptions(application, uniqueApiList, tokenInfo); + + String[] metaValues = metaData.getMetaValue().split(":"); + if (metaValues.length != 2) { + String msg = "Found invalid Meta value for meta key: " + applicationName + ". Meta Value: " + + metaData.getMetaValue(); + log.error(msg); + throw new APIManagerException(msg); + } + String applicationId = metaValues[0]; + String keyMappingId = metaValues[1]; + ApplicationKey applicationKey = consumerRESTAPIServices.getKeyDetails(tokenInfo, applicationId, keyMappingId); + ApiApplicationKey apiApplicationKey = new ApiApplicationKey(); + apiApplicationKey.setConsumerKey(applicationKey.getConsumerKey()); + apiApplicationKey.setConsumerSecret(applicationKey.getConsumerSecret()); + return apiApplicationKey; } - String applicationId = metaValues[0]; - String keyMappingId = metaValues[1]; - ApplicationKey applicationKey = consumerRESTAPIServices.getKeyDetails(tokenInfo, applicationId, keyMappingId); - ApiApplicationKey apiApplicationKey = new ApiApplicationKey(); - apiApplicationKey.setConsumerKey(applicationKey.getConsumerKey()); - apiApplicationKey.setConsumerSecret(applicationKey.getConsumerSecret()); - return apiApplicationKey; - } catch (MetadataManagementException e) { - String msg = "Error occurred while getting meta data for meta key: " + applicationName; - log.error(msg, e); - throw new APIManagerException(msg, e); + + } else { + String msg = "Found more than one application for application name: " + applicationName; + log.error(msg); + throw new APIManagerException(msg); } } } catch (APIServicesException e) { @@ -271,6 +224,71 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe String msg = "Error occurred while invoking APIM REST endpoints."; log.error(msg, e); throw new APIManagerException(msg, e); + } catch (MetadataManagementException e) { + String msg = "Error occurred while getting meta data for meta key: " + applicationName; + log.error(msg, e); + throw new APIManagerException(msg, e); + } + } + + + private ApiApplicationKey handleNewAPIApplication(String applicationName, List uniqueApiList, + TokenInfo tokenInfo, String keyType, String validityTime) throws APIManagerException { + ConsumerRESTAPIServices consumerRESTAPIServices = + APIApplicationManagerExtensionDataHolder.getInstance().getConsumerRESTAPIServices(); + io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application application = new io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application(); + application.setName(applicationName); + + try { + application = consumerRESTAPIServices.createApplication(tokenInfo, application); + addSubscriptions(application, uniqueApiList, tokenInfo); + + KeyManager[] keyManagers = consumerRESTAPIServices.getAllKeyManagers(tokenInfo); + KeyManager keyManager; + if (keyManagers.length == 1) { + keyManager = keyManagers[0]; + } else { + String msg = + "Found invalid number of key managers. No of key managers found from the APIM: " + keyManagers.length; + log.error(msg); + throw new APIManagerException(msg); + } + ApplicationKey applicationKey = consumerRESTAPIServices.generateApplicationKeys(tokenInfo, application.getApplicationId(), + keyManager.getName(), keyType, validityTime); + ApiApplicationKey apiApplicationKey = new ApiApplicationKey(); + apiApplicationKey.setConsumerKey(applicationKey.getConsumerKey()); + apiApplicationKey.setConsumerSecret(applicationKey.getConsumerSecret()); + + Metadata metaData = new Metadata(); + metaData.setMetaKey(applicationName); + String metaValue = application.getApplicationId() + ":" + applicationKey.getKeyMappingId(); + metaData.setMetaValue(metaValue); + + MetadataManagementService metadataManagementService = APIApplicationManagerExtensionDataHolder.getInstance().getMetadataManagementService(); + metadataManagementService.createMetadata(metaData); + return apiApplicationKey; + } catch (MetadataManagementException e) { + String msg = "Error occurred while creating meta data for meta key: " + applicationName; + log.error(msg, e); + throw new APIManagerException(msg, e); + } catch (MetadataKeyAlreadyExistsException e) { + String msg = + "Since meta key:" + applicationName + " already exists, meta data creating process " + + "failed."; + log.error(msg, e); + throw new APIManagerException(msg, e); + } catch (BadRequestException e) { + String msg = "Provided incorrect payload when invoking APIM REST endpoints to handle new API application."; + log.error(msg, e); + throw new APIManagerException(msg, e); + } catch (UnexpectedResponseException e) { + String msg = "Error occurred while invoking APIM REST endpoints to handle new API application."; + log.error(msg, e); + throw new APIManagerException(msg, e); + } catch (APIServicesException e) { + String msg = "Error occurred while processing the response of APIM REST endpoints to handle new API application."; + log.error(msg, e); + throw new APIManagerException(msg, e); } } @@ -305,234 +323,234 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe consumerRESTAPIServices.createSubscriptions(tokenInfo, subscriptionList); } - /** - * {@inheritDoc} - */ - @Override - public synchronized ApiApplicationKey generateAndRetrieveApplicationKeys(String applicationName, String tags[], - String keyType, String username, boolean isAllowedAllDomains, String validityTime) - throws APIManagerException { - - -/* - -todo - Modify generateAndRetrieveApplicationKeys - -Check the existence of the API application. - -if Application is not exists - Create the Application - -If super tenants - Get set of tagged APIs -If the tenant domain is not super tenant - Get set of tagged APIs from super tenant space - -If new Application - Subscribed to tagged APIs -Else - Get all subscribed APIs of application - Filter out APIs and subscribed to APIs which can be subscribed - Filter -> Use set of tagged APis - Remove already subscribed APIs from the set - Subscribed to remaining APIs - -Get Application keys from application - If API keys are there return API keys - -Otherwise, Generate Application Keys and return them - - */ - - String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(); - if (StringUtils.isEmpty(username)) { - username = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername() + "@" + tenantDomain; - } - try { - APIConsumer apiConsumer = API_MANAGER_FACTORY.getAPIConsumer(username); - Application application = null; // todo:resolve:apim - apiConsumer.getApplicationsByName(username, applicationName, ""); - int applicationId = 0; - Subscriber subscriber = null; - if (application == null) { - subscriber = null; // todo:resolve:apim - apiConsumer.getSubscriber(username); - if (subscriber == null) { - // create subscriber - // todo:resolve:apim - apiConsumer.addSubscriber(username, ""); - subscriber = null; // todo:resolve:apim - apiConsumer.getSubscriber(username); - } - //create application - application = new Application(applicationName, subscriber); - application.setTier(ApiApplicationConstants.DEFAULT_TIER); - application.setGroupId(""); - application.setTokenType("OAUTH"); - // todo:resolve:apim - apiConsumer.addApplication(application, username); - application = null; // todo:resolve:apim - apiConsumer.getApplicationsByName(username, applicationName, ""); - } else { - subscriber = null; // todo:resolve:apim - apiConsumer.getSubscriber(username); - } - - Set subscribedAPIs = - null; // todo:resolve:apim - apiConsumer.getSubscribedAPIs(subscriber, applicationName, ""); - - log.info("Already subscribed API count: " + subscribedAPIs.size()); - - // subscribe to apis. - APIConsumer apiConsumerAPIPublishedTenant = apiConsumer; - if (tags != null && tags.length > 0) { - for (String tag : tags) { - boolean startedTenantFlow = false; - Set apisWithTag = null; // todo:resolve:apim - apiConsumer.getAPIsWithTag(tag, tenantDomain); - - /** - * From APIM 4.0.0, APIs published in the super tenant can only be listed by - * APIConsumer, only if the APIConsumer belongs to the super tenant. So we - * are starting tenant flow if we are not already in super tenant(child - * tenant starting to create OAuth app). - */ - if (apisWithTag == null || apisWithTag.size() == 0) { - PrivilegedCarbonContext.startTenantFlow(); - PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME, - true); - - try { - String superAdminUsername = PrivilegedCarbonContext - .getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration().getAdminUserName(); - apiConsumerAPIPublishedTenant = API_MANAGER_FACTORY.getAPIConsumer(superAdminUsername); - } catch (UserStoreException e) { - throw new APIManagerException("Failed to create api application for " + - "tenant: " + tenantDomain + - ". Caused by to inability to get super tenant username", e); - } - - apisWithTag = null; // todo:resolve:apim - apiConsumerAPIPublishedTenant.getAPIsWithTag(tag, MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); - startedTenantFlow = true; - } - - Set apiTypeWrapperList = new HashSet<>(); - if (apisWithTag != null && apisWithTag.size() > 0) { - Set tempApiIds = new HashSet<>(); - for (API apiInfo : apisWithTag) { - String id = apiInfo.getId().getProviderName().replace("@", "-AT-") - + "-" + apiInfo.getId().getName() + "-" + apiInfo.getId().getVersion(); - boolean subscriptionExist = false; - if (subscribedAPIs.size() > 0) { - for (SubscribedAPI subscribedAPI : subscribedAPIs) { - // todo:resolve:apim -// if (String.valueOf(subscribedAPI.getApiId().toString()).equals(id)) { -// subscriptionExist = true; -// break; -// } - } - } - if (!subscriptionExist && !tempApiIds.contains(id)) { - ApiTypeWrapper apiTypeWrapper; - if (startedTenantFlow) { - /** - * This mean APIs were not found in the child tenant, so all - * calls to get info about APIs need to be to super tenant. - */ - apiTypeWrapper = apiConsumerAPIPublishedTenant.getAPIorAPIProductByUUID( - apiInfo.getUuid(), MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); - } else { - /** - * Ideally, in all usecases of IoT server, tenant domain here - * will be carbon.super. This block is kept to make sure in - * the future, if there are some APIs published to a specific - * tenant only. - */ - apiTypeWrapper = apiConsumerAPIPublishedTenant.getAPIorAPIProductByUUID( - apiInfo.getUuid(), tenantDomain); - } - apiTypeWrapper.setTier(ApiApplicationConstants.DEFAULT_TIER); - apiTypeWrapperList.add(apiTypeWrapper); - tempApiIds.add(id); - } - } - if (startedTenantFlow) { - PrivilegedCarbonContext.endTenantFlow(); - } - - /** This is done in a redundant loop instead of doing in the same loop - * that populates apiTypeWrapperList because in a tenanted scenario, - * apiConsumerAPIPublishedTenant will belong to super tenant. So super - * tenant flow need to end before starting subscription to avoid adding - * subscriptions inside super tenant when we are trying to create an - * Oauth app for a child tenant. - */ - for (ApiTypeWrapper apiTypeWrapper : apiTypeWrapperList) { - // todo:resolve:apim - apiConsumer.addSubscription(apiTypeWrapper, username, application); - } - } - } - } - //end of subscription - - List applicationKeys = application.getKeys(); - if (applicationKeys != null) { - for (APIKey applicationKey : applicationKeys) { - if (keyType.equals(applicationKey.getType())) { - if (applicationKey.getConsumerKey() != null && !applicationKey.getConsumerKey().isEmpty()) { - ApiApplicationKey apiApplicationKey = new ApiApplicationKey(); - apiApplicationKey.setConsumerKey(applicationKey.getConsumerKey()); - apiApplicationKey.setConsumerSecret(applicationKey.getConsumerSecret()); - return apiApplicationKey; - } - } - } - } - - List allowedDomains = new ArrayList<>(); - if (isAllowedAllDomains) { - allowedDomains.add(ApiApplicationConstants.ALLOWED_DOMAINS); - } else { - allowedDomains.add(APIManagerUtil.getTenantDomain()); - } - - APIAdmin apiAdmin = new APIAdminImpl(); - String keyManagerId = null; - try { - List keyManagerConfigurations = null; // todo:resolve:apim - - // apiAdmin.getKeyManagerConfigurationsByTenant(tenantDomain); - if (keyManagerConfigurations != null) { - for (KeyManagerConfigurationDTO keyManagerConfigurationDTO : keyManagerConfigurations) { - keyManagerId = keyManagerConfigurationDTO.getUuid(); - } - } - String applicationAccessTokenExpiryTime = "N/A"; - if (!StringUtils.isEmpty(validityTime)) { - applicationAccessTokenExpiryTime = validityTime; - } - String jsonString = "{\"grant_types\":\"refresh_token,access_token," + - "urn:ietf:params:oauth:grant-type:saml2-bearer," + - "password,client_credentials,iwa:ntlm,urn:ietf:params:oauth:grant-type:jwt-bearer\"," + - "\"additionalProperties\":\"{\\\"application_access_token_expiry_time\\\":\\\"" + applicationAccessTokenExpiryTime + "\\\"," + - "\\\"user_access_token_expiry_time\\\":\\\"N\\/A\\\"," + - "\\\"refresh_token_expiry_time\\\":\\\"N\\/A\\\"," + - "\\\"id_token_expiry_time\\\":\\\"N\\/A\\\"}\"," + - "\"username\":\"" + username + "\"}"; - - Map keyDetails = null; // todo:resolve:apim - apiConsumer -// .requestApprovalForApplicationRegistration(username, applicationName, keyType, "", -// allowedDomains.toArray(new String[allowedDomains.size()]), validityTime, "default", "", -// jsonString, keyManagerId, tenantDomain); - - if (keyDetails != null) { - ApiApplicationKey apiApplicationKey = new ApiApplicationKey(); - apiApplicationKey.setConsumerKey((String) keyDetails.get("consumerKey")); - apiApplicationKey.setConsumerSecret((String) keyDetails.get("consumerSecret")); - return apiApplicationKey; - } - throw new APIManagerException("Failed to generate keys for tenant: " + tenantDomain); -// todo:resolve:apim - commected as it says never throw since we commented apim calls above -// cnt rm -// } catch (APIManagementException e) { - } catch (Exception e) { - throw new APIManagerException("Failed to create api application for tenant: " + tenantDomain, e); - } - } catch (APIManagementException e) { - throw new APIManagerException("Failed to create api application for tenant: " + tenantDomain, e); - } - } +// /** +// * {@inheritDoc} +// */ +// @Override +// public synchronized ApiApplicationKey generateAndRetrieveApplicationKeys(String applicationName, String tags[], +// String keyType, String username, boolean isAllowedAllDomains, String validityTime) +// throws APIManagerException { +// +// +///* +// +//todo - Modify generateAndRetrieveApplicationKeys +// +//Check the existence of the API application. +// +//if Application is not exists +// Create the Application +// +//If super tenants +// Get set of tagged APIs +//If the tenant domain is not super tenant +// Get set of tagged APIs from super tenant space +// +//If new Application +// Subscribed to tagged APIs +//Else +// Get all subscribed APIs of application +// Filter out APIs and subscribed to APIs which can be subscribed +// Filter -> Use set of tagged APis +// Remove already subscribed APIs from the set +// Subscribed to remaining APIs +// +//Get Application keys from application +// If API keys are there return API keys +// +//Otherwise, Generate Application Keys and return them +// +// */ +// +// String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(); +// if (StringUtils.isEmpty(username)) { +// username = PrivilegedCarbonContext.getThreadLocalCarbonContext().getUsername() + "@" + tenantDomain; +// } +// try { +// APIConsumer apiConsumer = API_MANAGER_FACTORY.getAPIConsumer(username); +// Application application = null; // todo:resolve:apim - apiConsumer.getApplicationsByName(username, applicationName, ""); +// int applicationId = 0; +// Subscriber subscriber = null; +// if (application == null) { +// subscriber = null; // todo:resolve:apim - apiConsumer.getSubscriber(username); +// if (subscriber == null) { +// // create subscriber +// // todo:resolve:apim - apiConsumer.addSubscriber(username, ""); +// subscriber = null; // todo:resolve:apim - apiConsumer.getSubscriber(username); +// } +// //create application +// application = new Application(applicationName, subscriber); +// application.setTier(ApiApplicationConstants.DEFAULT_TIER); +// application.setGroupId(""); +// application.setTokenType("OAUTH"); +// // todo:resolve:apim - apiConsumer.addApplication(application, username); +// application = null; // todo:resolve:apim - apiConsumer.getApplicationsByName(username, applicationName, ""); +// } else { +// subscriber = null; // todo:resolve:apim - apiConsumer.getSubscriber(username); +// } +// +// Set subscribedAPIs = +// null; // todo:resolve:apim - apiConsumer.getSubscribedAPIs(subscriber, applicationName, ""); +// +// log.info("Already subscribed API count: " + subscribedAPIs.size()); +// +// // subscribe to apis. +// APIConsumer apiConsumerAPIPublishedTenant = apiConsumer; +// if (tags != null && tags.length > 0) { +// for (String tag : tags) { +// boolean startedTenantFlow = false; +// Set apisWithTag = null; // todo:resolve:apim - apiConsumer.getAPIsWithTag(tag, tenantDomain); +// +// /** +// * From APIM 4.0.0, APIs published in the super tenant can only be listed by +// * APIConsumer, only if the APIConsumer belongs to the super tenant. So we +// * are starting tenant flow if we are not already in super tenant(child +// * tenant starting to create OAuth app). +// */ +// if (apisWithTag == null || apisWithTag.size() == 0) { +// PrivilegedCarbonContext.startTenantFlow(); +// PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME, +// true); +// +// try { +// String superAdminUsername = PrivilegedCarbonContext +// .getThreadLocalCarbonContext().getUserRealm().getRealmConfiguration().getAdminUserName(); +// apiConsumerAPIPublishedTenant = API_MANAGER_FACTORY.getAPIConsumer(superAdminUsername); +// } catch (UserStoreException e) { +// throw new APIManagerException("Failed to create api application for " + +// "tenant: " + tenantDomain + +// ". Caused by to inability to get super tenant username", e); +// } +// +// apisWithTag = null; // todo:resolve:apim - apiConsumerAPIPublishedTenant.getAPIsWithTag(tag, MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); +// startedTenantFlow = true; +// } +// +// Set apiTypeWrapperList = new HashSet<>(); +// if (apisWithTag != null && apisWithTag.size() > 0) { +// Set tempApiIds = new HashSet<>(); +// for (API apiInfo : apisWithTag) { +// String id = apiInfo.getId().getProviderName().replace("@", "-AT-") +// + "-" + apiInfo.getId().getName() + "-" + apiInfo.getId().getVersion(); +// boolean subscriptionExist = false; +// if (subscribedAPIs.size() > 0) { +// for (SubscribedAPI subscribedAPI : subscribedAPIs) { +// // todo:resolve:apim +//// if (String.valueOf(subscribedAPI.getApiId().toString()).equals(id)) { +//// subscriptionExist = true; +//// break; +//// } +// } +// } +// if (!subscriptionExist && !tempApiIds.contains(id)) { +// ApiTypeWrapper apiTypeWrapper; +// if (startedTenantFlow) { +// /** +// * This mean APIs were not found in the child tenant, so all +// * calls to get info about APIs need to be to super tenant. +// */ +// apiTypeWrapper = apiConsumerAPIPublishedTenant.getAPIorAPIProductByUUID( +// apiInfo.getUuid(), MultitenantConstants.SUPER_TENANT_DOMAIN_NAME); +// } else { +// /** +// * Ideally, in all usecases of IoT server, tenant domain here +// * will be carbon.super. This block is kept to make sure in +// * the future, if there are some APIs published to a specific +// * tenant only. +// */ +// apiTypeWrapper = apiConsumerAPIPublishedTenant.getAPIorAPIProductByUUID( +// apiInfo.getUuid(), tenantDomain); +// } +// apiTypeWrapper.setTier(ApiApplicationConstants.DEFAULT_TIER); +// apiTypeWrapperList.add(apiTypeWrapper); +// tempApiIds.add(id); +// } +// } +// if (startedTenantFlow) { +// PrivilegedCarbonContext.endTenantFlow(); +// } +// +// /** This is done in a redundant loop instead of doing in the same loop +// * that populates apiTypeWrapperList because in a tenanted scenario, +// * apiConsumerAPIPublishedTenant will belong to super tenant. So super +// * tenant flow need to end before starting subscription to avoid adding +// * subscriptions inside super tenant when we are trying to create an +// * Oauth app for a child tenant. +// */ +// for (ApiTypeWrapper apiTypeWrapper : apiTypeWrapperList) { +// // todo:resolve:apim - apiConsumer.addSubscription(apiTypeWrapper, username, application); +// } +// } +// } +// } +// //end of subscription +// +// List applicationKeys = application.getKeys(); +// if (applicationKeys != null) { +// for (APIKey applicationKey : applicationKeys) { +// if (keyType.equals(applicationKey.getType())) { +// if (applicationKey.getConsumerKey() != null && !applicationKey.getConsumerKey().isEmpty()) { +// ApiApplicationKey apiApplicationKey = new ApiApplicationKey(); +// apiApplicationKey.setConsumerKey(applicationKey.getConsumerKey()); +// apiApplicationKey.setConsumerSecret(applicationKey.getConsumerSecret()); +// return apiApplicationKey; +// } +// } +// } +// } +// +// List allowedDomains = new ArrayList<>(); +// if (isAllowedAllDomains) { +// allowedDomains.add(ApiApplicationConstants.ALLOWED_DOMAINS); +// } else { +// allowedDomains.add(APIManagerUtil.getTenantDomain()); +// } +// +// APIAdmin apiAdmin = new APIAdminImpl(); +// String keyManagerId = null; +// try { +// List keyManagerConfigurations = null; // todo:resolve:apim - +// // apiAdmin.getKeyManagerConfigurationsByTenant(tenantDomain); +// if (keyManagerConfigurations != null) { +// for (KeyManagerConfigurationDTO keyManagerConfigurationDTO : keyManagerConfigurations) { +// keyManagerId = keyManagerConfigurationDTO.getUuid(); +// } +// } +// String applicationAccessTokenExpiryTime = "N/A"; +// if (!StringUtils.isEmpty(validityTime)) { +// applicationAccessTokenExpiryTime = validityTime; +// } +// String jsonString = "{\"grant_types\":\"refresh_token,access_token," + +// "urn:ietf:params:oauth:grant-type:saml2-bearer," + +// "password,client_credentials,iwa:ntlm,urn:ietf:params:oauth:grant-type:jwt-bearer\"," + +// "\"additionalProperties\":\"{\\\"application_access_token_expiry_time\\\":\\\"" + applicationAccessTokenExpiryTime + "\\\"," + +// "\\\"user_access_token_expiry_time\\\":\\\"N\\/A\\\"," + +// "\\\"refresh_token_expiry_time\\\":\\\"N\\/A\\\"," + +// "\\\"id_token_expiry_time\\\":\\\"N\\/A\\\"}\"," + +// "\"username\":\"" + username + "\"}"; +// +// Map keyDetails = null; // todo:resolve:apim - apiConsumer +//// .requestApprovalForApplicationRegistration(username, applicationName, keyType, "", +//// allowedDomains.toArray(new String[allowedDomains.size()]), validityTime, "default", "", +//// jsonString, keyManagerId, tenantDomain); +// +// if (keyDetails != null) { +// ApiApplicationKey apiApplicationKey = new ApiApplicationKey(); +// apiApplicationKey.setConsumerKey((String) keyDetails.get("consumerKey")); +// apiApplicationKey.setConsumerSecret((String) keyDetails.get("consumerSecret")); +// return apiApplicationKey; +// } +// throw new APIManagerException("Failed to generate keys for tenant: " + tenantDomain); +//// todo:resolve:apim - commected as it says never throw since we commented apim calls above +//// cnt rm +//// } catch (APIManagementException e) { +// } catch (Exception e) { +// throw new APIManagerException("Failed to create api application for tenant: " + tenantDomain, e); +// } +// } catch (APIManagementException e) { +// throw new APIManagerException("Failed to create api application for tenant: " + tenantDomain, e); +// } +// } @Override public AccessTokenInfo getAccessToken(String scopes, String[] tags, String applicationName, String tokenType, diff --git a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.keymgt.extension/src/main/java/io/entgra/device/mgt/core/apimgt/keymgt/extension/service/KeyMgtServiceImpl.java b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.keymgt.extension/src/main/java/io/entgra/device/mgt/core/apimgt/keymgt/extension/service/KeyMgtServiceImpl.java index 7629403290..69f51fff56 100644 --- a/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.keymgt.extension/src/main/java/io/entgra/device/mgt/core/apimgt/keymgt/extension/service/KeyMgtServiceImpl.java +++ b/components/apimgt-extensions/io.entgra.device.mgt.core.apimgt.keymgt.extension/src/main/java/io/entgra/device/mgt/core/apimgt/keymgt/extension/service/KeyMgtServiceImpl.java @@ -34,11 +34,8 @@ import okhttp3.*; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.json.JSONObject; -import org.wso2.carbon.apimgt.api.APIConsumer; import org.wso2.carbon.apimgt.api.APIManagementException; -import org.wso2.carbon.apimgt.api.model.APIKey; import org.wso2.carbon.apimgt.api.model.Application; -import org.wso2.carbon.apimgt.impl.APIManagerFactory; import org.wso2.carbon.apimgt.impl.utils.APIUtil; import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.user.api.UserRealm; @@ -132,8 +129,9 @@ public class KeyMgtServiceImpl implements KeyMgtService { // get application id //todo --> can use requestingUserAccessToken token here to get application data - modify getApplication // method signature - Application application = getApplication(clientName, owner); - String applicationUUID = application.getUUID(); + + io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application application = getApplication(clientName, owner); + String applicationUUID = application.getApplicationId(); // do app key mapping mapApplicationKeys(dcrApplication.getClientId(), dcrApplication.getClientSecret(), keyManagerName, @@ -426,11 +424,11 @@ public class KeyMgtServiceImpl implements KeyMgtService { * Retrieves an application by name and owner * * @param applicationName name of the application - * @param owner owner of the application + * @param accessToken Access Token * @return @{@link Application} Application object * @throws KeyMgtException if any error occurs while retrieving the application */ - private Application getApplication(String applicationName, String accessToken) throws KeyMgtException { + private io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application getApplication(String applicationName, String accessToken) throws KeyMgtException { TokenInfo tokenInfo = new TokenInfo(); tokenInfo.setApiApplicationInfo(null); @@ -440,38 +438,26 @@ public class KeyMgtServiceImpl implements KeyMgtService { KeyMgtDataHolder.getInstance().getConsumerRESTAPIServices(); io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application[] applications = consumerRESTAPIServices.getAllApplications(tokenInfo, applicationName); - - io.entgra.device.mgt.core.apimgt.extension.rest.api.bean.APIMConsumer.Application applicationFromRestCall; if (applications.length == 1) { - applicationFromRestCall = applications[0]; + return applications[0]; } else { String msg = "Found invalid number of applications. No of applications found from the APIM: " + applications.length; + log.error(msg); throw new KeyMgtException(msg); } - - Application application = null; - application.setUUID(applicationFromRestCall.getApplicationId()); - application.setName(applicationFromRestCall.getName()); - application.setDescription(applicationFromRestCall.getDescription()); - application.setApplicationAttributes(applicationFromRestCall.getAttributes()); - application.setTokenType(applicationFromRestCall.getTokenType()); - application.setStatus(applicationFromRestCall.getStatus()); - application.setSubscriptionCount(applicationFromRestCall.getSubscriptionCount()); - application.setOwner(applicationFromRestCall.getOwner()); - application.setIsBlackListed(applicationFromRestCall.isHashEnabled()); - return application; - } - - catch (io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.BadRequestException e) { - e.printStackTrace(); + } catch (io.entgra.device.mgt.core.apimgt.extension.rest.api.exceptions.BadRequestException e) { msg = "Error while trying to retrieve the application"; - log.error(msg); + log.error(msg, e); throw new KeyMgtException(msg); } catch (UnexpectedResponseException e) { - throw new KeyMgtException(""); + msg = "Received invalid response for the API applications retrieving REST API call."; + log.error(msg, e); + throw new KeyMgtException(msg); } catch (APIServicesException e) { - throw new KeyMgtException(""); + msg = "Error occurred while processing the API Response."; + log.error(msg, e); + throw new KeyMgtException(msg); } } diff --git a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/DeviceManagementServiceImpl.java b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/DeviceManagementServiceImpl.java index abcdbacc93..09be7963fd 100644 --- a/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/DeviceManagementServiceImpl.java +++ b/components/device-mgt/io.entgra.device.mgt.core.device.mgt.api/src/main/java/io/entgra/device/mgt/core/device/mgt/api/jaxrs/service/impl/DeviceManagementServiceImpl.java @@ -802,7 +802,7 @@ public class DeviceManagementServiceImpl implements DeviceManagementService { KeyMgtService keyMgtService = new KeyMgtServiceImpl(); try { //todo - lasantha - can't get password from here - ApiApplicationKey apiApplicationKey = null; + ApiApplicationKey apiApplicationKey; try { DCRResponse adminDCRResponse = keyMgtService.dynamicClientRegistration(applicationName, PrivilegedCarbonContext.getThreadLocalCarbonContext().getUserRealm() diff --git a/components/identity-extensions/io.entgra.device.mgt.core.identity.jwt.client.extension/src/main/java/io/entgra/device/mgt/core/identity/jwt/client/extension/util/JWTClientUtil.java b/components/identity-extensions/io.entgra.device.mgt.core.identity.jwt.client.extension/src/main/java/io/entgra/device/mgt/core/identity/jwt/client/extension/util/JWTClientUtil.java index b223a98a66..e2e5d30bb4 100644 --- a/components/identity-extensions/io.entgra.device.mgt.core.identity.jwt.client.extension/src/main/java/io/entgra/device/mgt/core/identity/jwt/client/extension/util/JWTClientUtil.java +++ b/components/identity-extensions/io.entgra.device.mgt.core.identity.jwt.client.extension/src/main/java/io/entgra/device/mgt/core/identity/jwt/client/extension/util/JWTClientUtil.java @@ -218,8 +218,7 @@ public class JWTClientUtil { long nbf = currentTimeMillis + jwtConfig.getValidityPeriodFromCurrentTime() * 60 * 1000; String jti = jwtConfig.getJti(); if (jti == null) { - String defaultTokenId = currentTimeMillis + "" + new SecureRandom().nextInt(); - jti = defaultTokenId; + jti = currentTimeMillis + "" + new SecureRandom().nextInt(); } List aud = jwtConfig.getAudiences(); //set up the basic claims @@ -273,8 +272,7 @@ public class JWTClientUtil { JWSSigner signer = new RSASSASigner(rsaPrivateKey); SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), claimsSet.build()); signedJWT.sign(signer); - String assertion = signedJWT.serialize(); - return assertion; + return signedJWT.serialize(); } catch (KeyStoreException e) { throw new JWTClientException("Failed loading the keystore.", e); } catch (IOException e) {