Adding support for identifying the device type from the url

8 years ago · bf8ab0da11
parent 625124da38
commit bf8ab0da11
2 changed files with 47 additions and 27 deletions
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/main/java/org/wso2/carbon/apimgt/handlers/AuthenticationHandler.java
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/main/java/org/wso2/carbon/apimgt/handlers/AuthenticationHandler.java
@ -38,6 +38,7 @@ import java.net.URI;
 import java.net.URISyntaxException;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.StringTokenizer;

 /**
 * Synapse gateway handler for API authentication.
@ -48,6 +49,12 @@ public class AuthenticationHandler extends AbstractHandler {
    private HandlerDescription handlerDesc;
    private RESTInvoker restInvoker;

+    private static final String X_JWT_ASSERTION  = "X-JWT-Assertion";
+    private static final String JWTTOKEN = "JWTToken";
+    private static final String AUTHORIZATION = "Authorization";
+    private static final String BEARER = "Bearer ";
+    private static final String CONTENT_TYPE = "Content-Type";
+
    private IOTServerConfiguration iotServerConfiguration;

    /**
@ -62,6 +69,7 @@ public class AuthenticationHandler extends AbstractHandler {

    /**
     * Handling the message and checking the security.
+     *
     * @param messageContext
     * @return
     */
@ -84,14 +92,9 @@ public class AuthenticationHandler extends AbstractHandler {
                if (log.isDebugEnabled()) {
                    log.debug("Verify Cert:\n" + mdmSignature);
                }
-                String accessToken = Utils.getAccessToken(iotServerConfiguration);
-
                String deviceType = this.getDeviceType(messageContext.getTo().getAddress().trim());
                URI certVerifyUrl = new URI(iotServerConfiguration.getVerificationEndpoint() + deviceType);
-
-                Map<String, String> certVerifyHeaders = new HashMap<>();
-                certVerifyHeaders.put("Authorization", "Bearer " + accessToken);
-                certVerifyHeaders.put("Content-Type", "application/json");
+                Map<String, String> certVerifyHeaders = this.setHeaders();

                Certificate certificate = new Certificate();
                certificate.setPem(mdmSignature);
@ -104,15 +107,16 @@ public class AuthenticationHandler extends AbstractHandler {
                        null, certVerifyContent);

                String str = response.getContent();
-                if (str.contains("JWTToken")) {
-                    ValidationResponce validationResponce = gson.fromJson(str, ValidationResponce.class);
-                    // TODO: send the JWT token with user details.
-                    // headers.put("X-JWT-Assertion", validationResponce.getJWTToken());
-                }
                if (log.isDebugEnabled()) {
                    log.debug("Verify response:" + response.getContent());
                    log.debug("Response String : " + str);
                }
+                if (response.getHttpStatus() == 200 && str.contains(JWTTOKEN)) {
+                    ValidationResponce validationResponce = gson.fromJson(str, ValidationResponce.class);
+                    headers.put(X_JWT_ASSERTION, validationResponce.getJWTToken());
+                } else {
+                    return false;
+                }

            } else if (headers.containsKey(AuthConstants.PROXY_MUTUAL_AUTH_HEADER)) {
                String subjectDN = headers.get(AuthConstants.PROXY_MUTUAL_AUTH_HEADER).toString();
@ -120,12 +124,10 @@ public class AuthenticationHandler extends AbstractHandler {
                if (log.isDebugEnabled()) {
                    log.debug("Verify subject DN: " + subjectDN);
                }
-                String accessToken = Utils.getAccessToken(iotServerConfiguration);
+
                String deviceType = this.getDeviceType(messageContext.getTo().getAddress().trim());
                URI certVerifyUrl = new URI(iotServerConfiguration.getVerificationEndpoint() + deviceType);
-                Map<String, String> certVerifyHeaders = new HashMap<>();
-                certVerifyHeaders.put("Authorization", "Bearer " + accessToken);
-                certVerifyHeaders.put("Content-Type", "application/json");
+                Map<String, String> certVerifyHeaders = this.setHeaders();
                Certificate certificate = new Certificate();
                certificate.setPem(subjectDN);
                certificate.setTenantId(tenantId);
@ -143,11 +145,9 @@ public class AuthenticationHandler extends AbstractHandler {
                if (log.isDebugEnabled()) {
                    log.debug("Verify Cert:\n" + encodedPem);
                }
-                String accessToken = Utils.getAccessToken(iotServerConfiguration);
-                URI certVerifyUrl = new URI(iotServerConfiguration.getVerificationEndpoint() + "android");
-                Map<String, String> certVerifyHeaders = new HashMap<>();
-                certVerifyHeaders.put("Authorization", "Bearer " + accessToken);
-                certVerifyHeaders.put("Content-Type", "application/json");
+                String deviceType = this.getDeviceType(messageContext.getTo().getAddress().trim());
+                URI certVerifyUrl = new URI(iotServerConfiguration.getVerificationEndpoint() + deviceType);
+                Map<String, String> certVerifyHeaders = this.setHeaders();

                Certificate certificate = new Certificate();
                certificate.setPem(encodedPem);
@ -188,13 +188,21 @@ public class AuthenticationHandler extends AbstractHandler {
    }


-    // TODO : take this from the url.
    private String getDeviceType(String url) {
-        if (url.contains("ios")) {
-            return "ios";
-        } else if (url.contains("android")) {
-            return "android";
-        } else return null;
+        StringTokenizer parts = new StringTokenizer(url, "/");
+        while (parts.hasMoreElements()) {
+            if (parts.nextElement().equals("api")) {
+                return (String) parts.nextElement();
+            }
+        }
+        return null;
+    }

+    private Map<String, String> setHeaders() throws APIMCertificateMGTException {
+        Map<String, String> map = new HashMap<>();
+        String accessToken = Utils.getAccessToken(iotServerConfiguration);
+        map.put(AUTHORIZATION, BEARER + accessToken);
+        map.put(CONTENT_TYPE, "application/json");
+        return map;
    }
 }
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/impl/CertificateManagementAdminServiceImpl.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/impl/CertificateManagementAdminServiceImpl.java
@ -27,7 +27,9 @@ import javax.ws.rs.*;
 import javax.ws.rs.core.Response;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;

@Path("/admin/certificates")
 public class CertificateManagementAdminServiceImpl implements CertificateManagementAdminService {
@ -230,10 +232,20 @@ public class CertificateManagementAdminServiceImpl implements CertificateManagem
                    deviceIdentifier.setId(challengeToken);
                    deviceIdentifier.setType(DeviceManagementConstants.MobileDeviceTypes.MOBILE_DEVICE_TYPE_IOS);
                    TenantedDeviceWrapper tenantedDeviceWrapper = scepManager.getValidatedDevice(deviceIdentifier);
+//
+//                    var claims = {"http://wso2.org/claims/enduserTenantId": adminUserTenantId,
+//                            "http://wso2.org/claims/enduser": adminUsername};
+
+                    Map<String, String> claims = new HashMap<>();
+
+                    claims.put("http://wso2.org/claims/enduserTenantId", String.valueOf(tenantedDeviceWrapper.getTenantId()));
+                    claims.put("http://wso2.org/claims/enduser", tenantedDeviceWrapper.getDevice().getEnrolmentInfo().getOwner());
+                    claims.put("http://wso2.org/claims/deviceIdentifier", tenantedDeviceWrapper.getDevice().getDeviceIdentifier());
+                    claims.put("http://wso2.org/claims/deviceIdType", tenantedDeviceWrapper.getDevice().getType());

                    JWTClientManagerService jwtClientManagerService = CertificateMgtAPIUtils.getJwtClientManagerService();
                    String jwdToken = jwtClientManagerService.getJWTClient().getJwtToken(
-                            tenantedDeviceWrapper.getDevice().getEnrolmentInfo().getOwner());
+                            tenantedDeviceWrapper.getDevice().getEnrolmentInfo().getOwner(), claims);

                    ValidationResponce validationResponce = new ValidationResponce();
                    validationResponce.setDeviceId(challengeToken);