diff --git a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/JWTClient.java b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/JWTClient.java index aea6607a9e6..0ade855c711 100644 --- a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/JWTClient.java +++ b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/JWTClient.java @@ -46,8 +46,6 @@ import java.util.ArrayList; import java.util.List; import java.util.Map; -; - /** * this class represents an implementation of Token Client which is based on JWT */ @@ -70,7 +68,7 @@ public class JWTClient { throws JWTClientException { List params = new ArrayList<>(); params.add(new BasicNameValuePair(JWTConstants.GRANT_TYPE_PARAM_NAME, jwtConfig.getJwtGrantType())); - String assertion = JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient, false); + String assertion = JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient); if (assertion == null) { throw new JWTClientException("JWT is not configured properly for user : " + username); } @@ -85,7 +83,7 @@ public class JWTClient { throws JWTClientException { List params = new ArrayList<>(); params.add(new BasicNameValuePair(JWTConstants.GRANT_TYPE_PARAM_NAME, jwtConfig.getJwtGrantType())); - String assertion = JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient, false); + String assertion = JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient); if (assertion == null) { throw new JWTClientException("JWT is not configured properly for user : " + username); } @@ -105,7 +103,7 @@ public class JWTClient { throws JWTClientException { List params = new ArrayList<>(); params.add(new BasicNameValuePair(JWTConstants.GRANT_TYPE_PARAM_NAME, jwtConfig.getJwtGrantType())); - String assertion = JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient, false); + String assertion = JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient); if (assertion == null) { throw new JWTClientException("JWT is not configured properly for user : " + username); } @@ -189,16 +187,21 @@ public class JWTClient { } public String getJwtToken(String username) throws JWTClientException { - return JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient, false); + return JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient); } public String getJwtToken(String username, Map claims) throws JWTClientException { - return JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient, claims, false); + return JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient, claims); } - public String getJwtToken(String username, Map claims, boolean isTenantMode) throws JWTClientException { - return JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient, claims, isTenantMode); - } + public String getJwtToken(String username, Map claims, boolean enableTenantSigning) + throws JWTClientException { + if (enableTenantSigning) { + return JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, false, claims); + } else { + return getJwtToken(username, claims); + } + } } diff --git a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/util/JWTClientUtil.java b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/util/JWTClientUtil.java index 75ea7bfe319..d4c21f6e5a5 100644 --- a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/util/JWTClientUtil.java +++ b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/util/JWTClientUtil.java @@ -207,13 +207,13 @@ public class JWTClientUtil { tenantRegistryLoader.loadTenantRegistry(tenantId); } - public static String generateSignedJWTAssertion(String username, JWTConfig jwtConfig, boolean isDefaultJWTClient, - boolean isMultiTenantMode) throws JWTClientException { - return generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient, null, isMultiTenantMode); + public static String generateSignedJWTAssertion(String username, JWTConfig jwtConfig, boolean isDefaultJWTClient) + throws JWTClientException { + return generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient, null); } public static String generateSignedJWTAssertion(String username, JWTConfig jwtConfig, boolean isDefaultJWTClient, - Map customClaims, boolean isMultiTenantMode) throws JWTClientException { + Map customClaims) throws JWTClientException { try { long currentTimeMillis = System.currentTimeMillis(); // add the skew between servers @@ -253,22 +253,30 @@ public class JWTClientUtil { String privateKeyPassword = jwtConfig.getPrivateKeyPassword(); KeyStore keyStore; RSAPrivateKey rsaPrivateKey; - if (!isMultiTenantMode && (keyStorePath != null && !keyStorePath.isEmpty())) { + if (!isDefaultJWTClient && (keyStorePath != null && !keyStorePath.isEmpty())) { String keyStorePassword = jwtConfig.getKeyStorePassword(); keyStore = loadKeyStore(new File(keyStorePath), keyStorePassword, "JKS"); rsaPrivateKey = (RSAPrivateKey) keyStore.getKey(privateKeyAlias, privateKeyPassword.toCharArray()); } else { int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(true); JWTClientUtil.loadTenantRegistry(tenantId); - if (isMultiTenantMode || !(MultitenantConstants.SUPER_TENANT_ID == tenantId) && !isDefaultJWTClient) { + if (!(MultitenantConstants.SUPER_TENANT_ID == tenantId) && !isDefaultJWTClient) { KeyStoreManager tenantKeyStoreManager = KeyStoreManager.getInstance(tenantId); String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(true); String ksName = tenantDomain.trim().replace('.', '-'); String jksName = ksName + ".jks"; rsaPrivateKey = (RSAPrivateKey) tenantKeyStoreManager.getPrivateKey(jksName, tenantDomain); } else { - KeyStoreManager tenantKeyStoreManager = KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID); - rsaPrivateKey = (RSAPrivateKey) tenantKeyStoreManager.getDefaultPrivateKey(); + try { + PrivilegedCarbonContext.startTenantFlow(); + PrivilegedCarbonContext.getThreadLocalCarbonContext() + .setTenantId(MultitenantConstants.SUPER_TENANT_ID); + KeyStoreManager tenantKeyStoreManager = KeyStoreManager + .getInstance(MultitenantConstants.SUPER_TENANT_ID); + rsaPrivateKey = (RSAPrivateKey) tenantKeyStoreManager.getDefaultPrivateKey(); + } finally { + PrivilegedCarbonContext.endTenantFlow(); + } } } JWSSigner signer = new RSASSASigner(rsaPrivateKey);