diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/ApiApplicationRegistrationServiceImpl.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/ApiApplicationRegistrationServiceImpl.java index 641605b87a3..d01a2fb7ec9 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/ApiApplicationRegistrationServiceImpl.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/ApiApplicationRegistrationServiceImpl.java @@ -34,7 +34,6 @@ import org.wso2.carbon.user.api.UserStoreException; import javax.ws.rs.DELETE; import javax.ws.rs.POST; import javax.ws.rs.Path; -import javax.ws.rs.PathParam; import javax.ws.rs.QueryParam; import javax.ws.rs.core.Response; @@ -97,7 +96,7 @@ public class ApiApplicationRegistrationServiceImpl implements ApiApplicationRegi apiManagementProviderService.registerExistingOAuthApplicationToAPIApplication( jsonStringObject.toJSONString(), registrationProfile.getApplicationName(), registrationProfile.getConsumerKey(), username, registrationProfile.isAllowedToAllDomains(), - ApiApplicationConstants.DEFAULT_TOKEN_TYPE); + ApiApplicationConstants.DEFAULT_TOKEN_TYPE, registrationProfile.getTags()); return Response.status(Response.Status.ACCEPTED).entity("true").build(); } else { ApiApplicationKey apiApplicationKey = apiManagementProviderService.generateAndRetrieveApplicationKeys( diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderService.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderService.java index 33003b97682..9d8b05dfb6a 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderService.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderService.java @@ -59,8 +59,8 @@ public interface APIManagementProviderService { * Register existing Oauth application as apim application. */ void registerExistingOAuthApplicationToAPIApplication(String jsonString, String applicationName, String clientId, - String username, boolean isAllowedAllDomains, String keyType) - throws APIManagerException; + String username, boolean isAllowedAllDomains, String keyType, + String tags[]) throws APIManagerException; /** * Remove APIM Application. diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderServiceImpl.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderServiceImpl.java index 30f8d62d436..bc02828ee37 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderServiceImpl.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension/src/main/java/org/wso2/carbon/apimgt/application/extension/APIManagementProviderServiceImpl.java @@ -35,7 +35,6 @@ import org.wso2.carbon.apimgt.application.extension.exception.APIManagerExceptio import org.wso2.carbon.apimgt.application.extension.util.APIManagerUtil; import org.wso2.carbon.apimgt.impl.APIConstants; import org.wso2.carbon.apimgt.impl.APIManagerFactory; -import org.wso2.carbon.registry.core.exceptions.RegistryException; import org.wso2.carbon.utils.multitenancy.MultitenantConstants; import org.wso2.carbon.utils.multitenancy.MultitenantUtils; @@ -120,8 +119,8 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe @Override public void registerExistingOAuthApplicationToAPIApplication(String jsonString, String applicationName, String clientId, String username, - boolean isAllowedAllDomains, String keyType) - throws APIManagerException { + boolean isAllowedAllDomains, String keyType, + String tags[]) throws APIManagerException { try { APIManagerUtil.loadTenantRegistry(); APIConsumer apiConsumer = APIManagerFactory.getInstance().getAPIConsumer(username); @@ -156,6 +155,9 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe } if (retrievedApiApplicationKey != null) { if (retrievedApiApplicationKey.getConsumerKey().equals(clientId)) { + if (tags != null && tags.length > 0) { + createApplicationAndSubscribeToAPIs(applicationName, tags, username); + } return; } else { throw new APIManagerException("Api application already mapped to another OAuth App"); @@ -170,6 +172,9 @@ public class APIManagementProviderServiceImpl implements APIManagementProviderSe } apiConsumer.mapExistingOAuthClient(jsonString, username, clientId, applicationName, ApiApplicationConstants.DEFAULT_TOKEN_TYPE, allowedDomains); + if (tags != null && tags.length > 0) { + createApplicationAndSubscribeToAPIs(applicationName, tags, username); + } } } catch (APIManagementException e) { throw new APIManagerException( diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/lifecycle/listener/FeatureManagementLifecycleListener.java b/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/lifecycle/listener/FeatureManagementLifecycleListener.java index 6fba635c3ef..3884411ee2a 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/lifecycle/listener/FeatureManagementLifecycleListener.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.extensions/src/main/java/org/wso2/carbon/device/mgt/extensions/feature/mgt/lifecycle/listener/FeatureManagementLifecycleListener.java @@ -42,10 +42,6 @@ public class FeatureManagementLifecycleListener implements LifecycleListener { private static final String PARAM_MANAGED_API_ENABLED = "managed-api-enabled"; private static final Log log = LogFactory.getLog(FeatureManagementLifecycleListener.class); - private static final String UNLIMITED = "Unlimited"; - public static final String PROPERTY_PROFILE = "profile"; - public static final String PROFILE_DT_WORKER = "dtWorker"; - public static final String PROFILE_DEFAULT = "default"; @Override public void lifecycleEvent(LifecycleEvent lifecycleEvent) { @@ -54,11 +50,7 @@ public class FeatureManagementLifecycleListener implements LifecycleListener { ServletContext servletContext = context.getServletContext(); String param = servletContext.getInitParameter(PARAM_MANAGED_API_ENABLED); boolean isManagedApi = (param != null && !param.isEmpty()) && Boolean.parseBoolean(param); - - String profile = System.getProperty(PROPERTY_PROFILE); - - if ((profile.equalsIgnoreCase(PROFILE_DT_WORKER) || - profile.equalsIgnoreCase(PROFILE_DEFAULT)) && isManagedApi) { + if (isManagedApi) { try { AnnotationProcessor annotationProcessor = new AnnotationProcessor(context); Set annotatedAPIClasses = annotationProcessor.scanStandardContext(DeviceType.class.getName()); diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json index af5f0e25187..8c732e33cd5 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json @@ -11,7 +11,7 @@ "enrollmentDir": "/emm-web-agent/enrollment", "iOSConfigRoot" : "%https.ip%/ios-enrollment/", "iOSAPIRoot" : "%https.ip%/ios/", - "dynamicClientRegistrationEndPoint" : "%https.ip%/dynamic-client-web/register/", + "dynamicClientRegistrationEndPoint" : "https://localhost:8243/dynamic-client-web/register/", "adminService":"%https.ip%", "idPServer":"https://localhost:8243", "callBackUrl":"%https.ip%/devicemgt_admin", diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/backend-service-invoker.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/backend-service-invoker.js index 02cd2ed18fa..30c5edaff84 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/backend-service-invoker.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/backend-service-invoker.js @@ -306,7 +306,7 @@ var backendServiceInvoker = function () { * @param errorCallback a function to be called if en error is reserved. */ publicHTTPClientInvokers.get = function (url, successCallback, errorCallback, contentType, acceptType) { - return privateMethods.initiateHTTPClientRequest(constants.HTTP_GET, url, successCallback, errorCallback, contentType, acceptType); + return privateMethods.initiateHTTPClientRequest(constants.HTTP_GET, url, successCallback, errorCallback, null, contentType, acceptType); }; /** diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/utility.js b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/utility.js index 9bdbe12353b..c92fea29cd6 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/utility.js +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/utility.js @@ -48,10 +48,6 @@ utility = function () { PrivilegedCarbonContext.endTenantFlow(); }; - publicMethods.getConfigurationService = function () { - return getOsgiService('org.wso2.carbon.device.mgt.iot.service.ConfigurationService'); - }; - publicMethods.getDeviceManagementService = function () { return getOsgiService('org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService'); }; diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java index 1b754e4ee2d..8746cb14551 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java @@ -27,16 +27,20 @@ import org.apache.catalina.connector.Response; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.base.MultitenantConstants; +import org.wso2.carbon.base.ServerConfiguration; import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.core.util.KeyStoreManager; import org.wso2.carbon.registry.core.exceptions.RegistryException; import org.wso2.carbon.registry.core.service.TenantRegistryLoader; import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.api.UserStoreManager; +import org.wso2.carbon.utils.CarbonUtils; import org.wso2.carbon.utils.multitenancy.MultitenantUtils; import org.wso2.carbon.webapp.authenticator.framework.AuthenticationInfo; import org.wso2.carbon.webapp.authenticator.framework.AuthenticatorFrameworkDataHolder; +import java.io.FileInputStream; +import java.security.KeyStore; import java.security.PublicKey; import java.security.interfaces.RSAPublicKey; import java.text.ParseException; @@ -55,7 +59,12 @@ public class JWTAuthenticator implements WebappAuthenticator { private static final String SIGNED_JWT_AUTH_TENANT_ID = "http://wso2.org/claims/enduserTenantId"; private static final String JWT_AUTHENTICATOR = "JWT"; private static final String JWT_ASSERTION_HEADER = "X-JWT-Assertion"; + private static final String DEFAULT_TRUST_STORE_LOCATION = "Security.TrustStore.Location"; + private static final String DEFAULT_TRUST_STORE_PASSWORD = "Security.TrustStore.Password"; + private static final Map publicKeyHolder = new HashMap<>(); + private Properties properties; + @Override public void init() { @@ -98,7 +107,31 @@ public class JWTAuthenticator implements WebappAuthenticator { loadTenantRegistry(tenantId); KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId); if (tenantDomain.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) { - publicKey = keyStoreManager.getDefaultPublicKey(); + String defaultPublicKey = properties.getProperty("DefaultPublicKey"); + if (defaultPublicKey != null && !defaultPublicKey.isEmpty()) { + boolean isDefaultPublicKey = Boolean.parseBoolean(defaultPublicKey); + if (isDefaultPublicKey) { + publicKey = keyStoreManager.getDefaultPublicKey(); + } else { + String alias = properties.getProperty("KeyAlias"); + if (alias != null && !alias.isEmpty()) { + ServerConfiguration serverConfig = CarbonUtils.getServerConfiguration(); + KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); + String trustStorePath = serverConfig.getFirstProperty(DEFAULT_TRUST_STORE_LOCATION); + String trustStorePassword = serverConfig.getFirstProperty( + DEFAULT_TRUST_STORE_PASSWORD); + keyStore.load(new FileInputStream(trustStorePath), trustStorePassword.toCharArray()); + publicKey = keyStore.getCertificate(alias).getPublicKey(); + } else { + authenticationInfo.setStatus(Status.FAILURE); + return authenticationInfo; + } + } + + } else { + publicKey = keyStoreManager.getDefaultPublicKey(); + } + } else { String ksName = tenantDomain.trim().replace('.', '-'); String jksName = ksName + ".jks"; @@ -150,17 +183,20 @@ public class JWTAuthenticator implements WebappAuthenticator { @Override public void setProperties(Properties properties) { - + this.properties = properties; } @Override public Properties getProperties() { - return null; + return properties; } @Override public String getProperty(String name) { - return null; + if (this.properties == null) { + return null; + } + return this.properties.getProperty(name); } private static void loadTenantRegistry(int tenantId) throws RegistryException { diff --git a/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml b/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml index bd6c1fa9955..115442d9dfc 100644 --- a/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml +++ b/features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml @@ -19,6 +19,11 @@ JWT org.wso2.carbon.webapp.authenticator.framework.authenticator.JWTAuthenticator + + true + + + CertificateAuth