From de957bec29a364186f084970264c2493d0e8c409 Mon Sep 17 00:00:00 2001 From: ayyoob Date: Thu, 12 Jan 2017 11:12:28 +0530 Subject: [PATCH] few changes after testing the cluster --- .../pom.xml | 6 +- .../authenticator/JWTAuthenticator.java | 73 ++++++++++++------- .../pom.xml | 3 + .../src/main/resources/jwt.properties | 6 +- .../conf/webapp-authenticator-config.xml | 6 +- 5 files changed, 59 insertions(+), 35 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.url.printer/pom.xml b/components/device-mgt/org.wso2.carbon.device.mgt.url.printer/pom.xml index 83c552cb52..3a8e2a3b4c 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.url.printer/pom.xml +++ b/components/device-mgt/org.wso2.carbon.device.mgt.url.printer/pom.xml @@ -59,7 +59,7 @@ ${project.artifactId} ${carbon.device.mgt.version} IoT Server Impl Bundle - org.wso2.carbon.device.mgt.iot.url.printer.internal + org.wso2.carbon.device.mgt.url.printer.internal org.osgi.framework, org.osgi.service.component, @@ -69,8 +69,8 @@ org.wso2.carbon.utils.*, - !org.wso2.carbon.device.mgt.iot.url.printer.internal, - org.wso2.carbon.device.mgt.iot.url.printer.*;version="${project.version}" + !org.wso2.carbon.device.mgt.url.printer.internal, + org.wso2.carbon.device.mgt.url.printer.*;version="${project.version}" diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java index b269f7c285..81f885cd36 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java @@ -62,7 +62,7 @@ public class JWTAuthenticator implements WebappAuthenticator { private static final String DEFAULT_TRUST_STORE_LOCATION = "Security.TrustStore.Location"; private static final String DEFAULT_TRUST_STORE_PASSWORD = "Security.TrustStore.Password"; - private static final Map publicKeyHolder = new HashMap<>(); + private static final Map publicKeyHolder = new HashMap<>(); private Properties properties; private static void loadTenantRegistry(int tenantId) throws RegistryException { @@ -106,46 +106,37 @@ public class JWTAuthenticator implements WebappAuthenticator { String username = jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_USERNAME); String tenantDomain = MultitenantUtils.getTenantDomain(username); int tenantId = Integer.parseInt(jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_TENANT_ID)); + String issuer = jwsObject.getJWTClaimsSet().getIssuer(); PrivilegedCarbonContext.startTenantFlow(); PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain); PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(tenantId); - PublicKey publicKey = publicKeyHolder.get(tenantDomain); + IssuerAlias issuerAlias = new IssuerAlias(issuer, tenantDomain); + PublicKey publicKey = publicKeyHolder.get(issuerAlias); if (publicKey == null) { loadTenantRegistry(tenantId); KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId); if (MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) { - String defaultPublicKey = properties.getProperty("DefaultPublicKey"); - if (defaultPublicKey != null && !defaultPublicKey.isEmpty()) { - boolean isDefaultPublicKey = Boolean.parseBoolean(defaultPublicKey); - if (isDefaultPublicKey) { - publicKey = keyStoreManager.getDefaultPublicKey(); - } else { - String alias = properties.getProperty("KeyAlias"); - if (alias != null && !alias.isEmpty()) { - ServerConfiguration serverConfig = CarbonUtils.getServerConfiguration(); - KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); - String trustStorePath = serverConfig.getFirstProperty(DEFAULT_TRUST_STORE_LOCATION); - String trustStorePassword = serverConfig.getFirstProperty( - DEFAULT_TRUST_STORE_PASSWORD); - keyStore.load(new FileInputStream(trustStorePath), trustStorePassword.toCharArray()); - publicKey = keyStore.getCertificate(alias).getPublicKey(); - } else { - authenticationInfo.setStatus(Status.FAILURE); - return authenticationInfo; - } - } - + String alias = properties.getProperty(issuer); + if (alias != null && !alias.isEmpty()) { + ServerConfiguration serverConfig = CarbonUtils.getServerConfiguration(); + KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); + String trustStorePath = serverConfig.getFirstProperty(DEFAULT_TRUST_STORE_LOCATION); + String trustStorePassword = serverConfig.getFirstProperty( + DEFAULT_TRUST_STORE_PASSWORD); + keyStore.load(new FileInputStream(trustStorePath), trustStorePassword.toCharArray()); + publicKey = keyStore.getCertificate(alias).getPublicKey(); } else { - publicKey = keyStoreManager.getDefaultPublicKey(); + authenticationInfo.setStatus(Status.FAILURE); + return authenticationInfo; } - } else { String ksName = tenantDomain.trim().replace('.', '-'); String jksName = ksName + ".jks"; publicKey = keyStoreManager.getKeyStore(jksName).getCertificate(tenantDomain).getPublicKey(); } if (publicKey != null) { - publicKeyHolder.put(tenantDomain, publicKey); + issuerAlias = new IssuerAlias(tenantDomain); + publicKeyHolder.put(issuerAlias, publicKey); } } @@ -205,4 +196,34 @@ public class JWTAuthenticator implements WebappAuthenticator { } return this.properties.getProperty(name); } + + private class IssuerAlias { + + private String issuer; + private String tenantDomain; + private final String DEFAULT_ISSUER = "default"; + + public IssuerAlias(String tenantDomain) { + this.issuer = DEFAULT_ISSUER; + this.tenantDomain = tenantDomain; + } + + public IssuerAlias(String issuer, String tenantDomain) { + this.issuer = issuer; + this.tenantDomain = tenantDomain; + } + + @Override + public int hashCode() { + int result = this.issuer.hashCode(); + result = 31 * result + ("@" + this.tenantDomain).hashCode(); + return result; + } + + @Override + public boolean equals(Object obj) { + return (obj instanceof IssuerAlias) && issuer.equals( + ((IssuerAlias) obj).issuer) && tenantDomain == ((IssuerAlias) obj).tenantDomain; + } + } } diff --git a/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/pom.xml b/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/pom.xml index ba37ab67c8..a18ed81000 100644 --- a/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/pom.xml +++ b/features/device-mgt/org.wso2.carbon.device.mgt.server.feature/pom.xml @@ -122,6 +122,9 @@ org.wso2.carbon.devicemgt:org.wso2.carbon.device.mgt.common:${carbon.device.mgt.version} + + org.wso2.carbon.devicemgt:org.wso2.carbon.device.mgt.url.printer:${carbon.device.mgt.version} + diff --git a/features/jwt-client/org.wso2.carbon.identity.jwt.client.extension.feature/src/main/resources/jwt.properties b/features/jwt-client/org.wso2.carbon.identity.jwt.client.extension.feature/src/main/resources/jwt.properties index 9e4021a913..3c38465581 100644 --- a/features/jwt-client/org.wso2.carbon.identity.jwt.client.extension.feature/src/main/resources/jwt.properties +++ b/features/jwt-client/org.wso2.carbon.identity.jwt.client.extension.feature/src/main/resources/jwt.properties @@ -17,13 +17,13 @@ # #issuer of the JWT -iss=iot_default +iss=wso2.org/products/iot -TokenEndpoint=https://localhost:${carbon.https.port}/oauth2/token +TokenEndpoint=https://${iot.keymanager.host}:${iot.keymanager.https.port}/oauth2/token #audience of JWT claim #comma seperated values -aud=wso2.org/products/iot +aud=devicemgt #expiration time of JWT (number of minutes from the current time) exp=1000 diff --git a/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml b/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml index 115442d9df..8725f4a99a 100644 --- a/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml +++ b/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml @@ -20,9 +20,9 @@ JWT org.wso2.carbon.webapp.authenticator.framework.authenticator.JWTAuthenticator - true - - + + wso2carbon + wso2carbon