Merge pull request #518 from geethkokila/mutual_ssl_feature

Adding gateway support for IOS device type
revert-70aa11f8
Rasika Perera 8 years ago committed by GitHub
commit dfcf72cae0

@ -0,0 +1,103 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
~
~ WSO2 Inc. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
~ in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<artifactId>apimgt-extensions</artifactId>
<groupId>org.wso2.carbon.devicemgt</groupId>
<version>2.0.6-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>org.wso2.carbon.apimgt.handlers</artifactId>
<version>2.0.6-SNAPSHOT</version>
<packaging>bundle</packaging>
<name>WSO2 Carbon - API Security Handler Component</name>
<description>WSO2 Carbon - API Management Security Handler Module</description>
<url>http://wso2.org</url>
<dependencies>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.logging</artifactId>
</dependency>
<dependency>
<groupId>org.apache.synapse</groupId>
<artifactId>synapse-core</artifactId>
</dependency>
<dependency>
<groupId>org.apache.ws.security.wso2</groupId>
<artifactId>wss4j</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>org.wso2.carbon.certificate.mgt.core</artifactId>
</dependency>
<dependency>
<groupId>org.json.wso2</groupId>
<artifactId>json</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-scr-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<version>1.4.0</version>
<extensions>true</extensions>
<configuration>
<instructions>
<Bundle-SymbolicName>${project.artifactId}</Bundle-SymbolicName>
<Bundle-Name>${project.artifactId}</Bundle-Name>
<Bundle-Version>${carbon.device.mgt.version}</Bundle-Version>
<Bundle-Description>WSO2 Carbon - API Security Handler Component</Bundle-Description>
<Import-Package>
org.apache.axiom.*,
javax.xml.parsers;version="${javax.xml.parsers.import.pkg.version}";resolution:=optional,
javax.xml.*,
org.apache.axis2.*,
org.apache.commons.*,
org.apache.http.*,
org.apache.http.util,
org.apache.ws.*;version="${org.apache.ws.security.wso2.version}",
org.json,
org.wso2.carbon.utils,
org.wso2.carbon.context,
com.google.gson,
org.w3c.dom,
org.apache.synapse,
org.apache.synapse.core.axis2,
org.apache.synapse.rest
</Import-Package>
</instructions>
</configuration>
</plugin>
</plugins>
</build>
</project>

@ -0,0 +1,59 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.apimgt.handlers;
public class APIMCertificateMGTExcepton extends Exception{
private static final long serialVersionUID = -37676242646464497L;
private String errorMessage;
public String getErrorMessage() {
return errorMessage;
}
public void setErrorMessage(String errorMessage) {
this.errorMessage = errorMessage;
}
public APIMCertificateMGTExcepton(String msg, Exception nestedEx) {
super(msg, nestedEx);
setErrorMessage(msg);
}
public APIMCertificateMGTExcepton(String message, Throwable cause) {
super(message, cause);
setErrorMessage(message);
}
public APIMCertificateMGTExcepton(String msg) {
super(msg);
setErrorMessage(msg);
}
public APIMCertificateMGTExcepton() {
super();
}
public APIMCertificateMGTExcepton(Throwable cause) {
super(cause);
}
}

@ -0,0 +1,192 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.apimgt.handlers;
import com.google.gson.Gson;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.description.HandlerDescription;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.core.axis2.Axis2MessageContext;
import org.apache.synapse.rest.AbstractHandler;
import org.wso2.carbon.apimgt.handlers.beans.Certificate;
import org.wso2.carbon.apimgt.handlers.beans.ValidationResponce;
import org.wso2.carbon.apimgt.handlers.config.IOTServerConfiguration;
import org.wso2.carbon.apimgt.handlers.invoker.RESTInvoker;
import org.wso2.carbon.apimgt.handlers.invoker.RESTResponse;
import org.wso2.carbon.apimgt.handlers.utils.AuthConstants;
import org.wso2.carbon.apimgt.handlers.utils.Utils;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.HashMap;
import java.util.Map;
public class AuthenticationHandler extends AbstractHandler {
private static final Log log = LogFactory.getLog(AuthenticationHandler.class);
private static HandlerDescription EMPTY_HANDLER_METADATA = new HandlerDescription("API Security Handler");
private HandlerDescription handlerDesc;
private RESTInvoker restInvoker;
private IOTServerConfiguration iotServerConfiguration;
/**
* Setting up configurations at the constructor
*/
public AuthenticationHandler() {
log.info("Engaging API Security Handler..........");
restInvoker = new RESTInvoker();
this.handlerDesc = EMPTY_HANDLER_METADATA;
this.iotServerConfiguration = Utils.initConfig();
}
@Override
public boolean handleRequest(org.apache.synapse.MessageContext messageContext) {
org.apache.axis2.context.MessageContext axisMC = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
String ctxPath = messageContext.getTo().getAddress().trim();
if (log.isDebugEnabled()) {
log.debug("Authentication handler invoked by: " + ctxPath);
}
Map<String, String> headers = (Map<String, String>) axisMC.getProperty(MessageContext.TRANSPORT_HEADERS);
try {
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
RESTResponse response;
if (headers.containsKey(AuthConstants.MDM_SIGNATURE)) {
String mdmSignature = headers.get(AuthConstants.MDM_SIGNATURE).toString();
if (log.isDebugEnabled()) {
log.debug("Verify Cert:\n" + mdmSignature);
}
String accessToken = Utils.getAccessToken(iotServerConfiguration);
String deviceType = this.getDeviceType(messageContext.getTo().getAddress().trim());
URI certVerifyUrl = new URI(iotServerConfiguration.getVerificationEndpoint() + deviceType);
Map<String, String> certVerifyHeaders = new HashMap<>();
certVerifyHeaders.put("Authorization", "Bearer " + accessToken);
certVerifyHeaders.put("Content-Type", "application/json");
Certificate certificate = new Certificate();
certificate.setPem(mdmSignature);
certificate.setTenantId(tenantId);
certificate.setSerial("");
Gson gson = new Gson();
String certVerifyContent = gson.toJson(certificate);
response = restInvoker.invokePOST(certVerifyUrl, certVerifyHeaders, null,
null, certVerifyContent);
String str = response.getContent();
if (str.contains("JWTToken")) {
ValidationResponce validationResponce = gson.fromJson(str, ValidationResponce.class);
// TODO: send the JWT token with user details.
// headers.put("X-JWT-Assertion", validationResponce.getJWTToken());
}
if (log.isDebugEnabled()) {
log.debug("Verify response:" + response.getContent());
log.debug("Response String : " + str);
}
} else if (headers.containsKey(AuthConstants.PROXY_MUTUAL_AUTH_HEADER)) {
String subjectDN = headers.get(AuthConstants.PROXY_MUTUAL_AUTH_HEADER).toString();
if (log.isDebugEnabled()) {
log.debug("Verify subject DN: " + subjectDN);
}
String accessToken = Utils.getAccessToken(iotServerConfiguration);
String deviceType = this.getDeviceType(messageContext.getTo().getAddress().trim());
URI certVerifyUrl = new URI(iotServerConfiguration.getVerificationEndpoint() + deviceType);
Map<String, String> certVerifyHeaders = new HashMap<>();
certVerifyHeaders.put("Authorization", "Bearer " + accessToken);
certVerifyHeaders.put("Content-Type", "application/json");
Certificate certificate = new Certificate();
certificate.setPem(subjectDN);
certificate.setTenantId(tenantId);
certificate.setSerial(AuthConstants.PROXY_MUTUAL_AUTH_HEADER);
Gson gson = new Gson();
String certVerifyContent = gson.toJson(certificate);
response = restInvoker.invokePOST(certVerifyUrl, certVerifyHeaders, null,
null, certVerifyContent);
if (log.isDebugEnabled()) {
log.debug("Verify response:" + response.getContent());
}
} else if (headers.containsKey(AuthConstants.ENCODED_PEM)) {
String encodedPem = headers.get(AuthConstants.ENCODED_PEM).toString();
if (log.isDebugEnabled()) {
log.debug("Verify Cert:\n" + encodedPem);
}
String accessToken = Utils.getAccessToken(iotServerConfiguration);
URI certVerifyUrl = new URI(iotServerConfiguration.getVerificationEndpoint() + "android");
Map<String, String> certVerifyHeaders = new HashMap<>();
certVerifyHeaders.put("Authorization", "Bearer " + accessToken);
certVerifyHeaders.put("Content-Type", "application/json");
Certificate certificate = new Certificate();
certificate.setPem(encodedPem);
certificate.setTenantId(tenantId);
certificate.setSerial("");
Gson gson = new Gson();
String certVerifyContent = gson.toJson(certificate);
response = restInvoker.invokePOST(certVerifyUrl, certVerifyHeaders, null,
null, certVerifyContent);
if (log.isDebugEnabled()) {
log.debug("Verify response:" + response.getContent());
}
} else {
log.warn("Unauthorized request for api: " + ctxPath);
return false;
}
if (response != null && !response.getContent().contains("invalid")) {
return true;
}
log.warn("Unauthorized request for api: " + ctxPath);
return false;
} catch (IOException e) {
log.error("Error while processing certificate.", e);
return false;
} catch (URISyntaxException e) {
log.error("Error while processing certificate.", e);
return false;
} catch (APIMCertificateMGTExcepton e) {
log.error("Error while processing certificate.", e);
return false;
}
}
@Override
public boolean handleResponse(org.apache.synapse.MessageContext messageContext) {
return true;
}
// TODO : take this from the url.
private String getDeviceType(String url) {
if (url.contains("ios")) {
return "ios";
} else if (url.contains("android")) {
return "android";
} else return null;
}
}

@ -0,0 +1,52 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.apimgt.handlers.beans;
public class Certificate {
private String pem;
private int tenantId;
private String serial;
public String getPem() {
return pem;
}
public void setPem(String pem) {
this.pem = pem;
}
public int getTenantId() {
return tenantId;
}
public void setTenantId(int tenantId) {
this.tenantId = tenantId;
}
public String getSerial() {
return serial;
}
public void setSerial(String serial) {
this.serial = serial;
}
}

@ -0,0 +1,61 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.apimgt.handlers.beans;
public class DCR {
private String owner;
private String clientName;
private String grantType;
private String tokenScope;
public String getOwner() {
return owner;
}
public void setOwner(String owner) {
this.owner = owner;
}
public String getClientName() {
return clientName;
}
public void setClientName(String clientName) {
this.clientName = clientName;
}
public String getGrantType() {
return grantType;
}
public void setGrantType(String grantType) {
this.grantType = grantType;
}
public String getTokenScope() {
return tokenScope;
}
public void setTokenScope(String tokenScope) {
this.tokenScope = tokenScope;
}
}

@ -0,0 +1,61 @@
/*
* Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.apimgt.handlers.beans;
public class ValidationResponce {
private String JWTToken; // X-JWT-Assertion
private String deviceId;
private String deviceType;
private int tenantId;
public String getJWTToken() {
return JWTToken;
}
public void setJWTToken(String JWTToken) {
this.JWTToken = JWTToken;
}
public String getDeviceId() {
return deviceId;
}
public void setDeviceId(String deviceId) {
this.deviceId = deviceId;
}
public String getDeviceType() {
return deviceType;
}
public void setDeviceType(String deviceType) {
this.deviceType = deviceType;
}
public int getTenantId() {
return tenantId;
}
public void setTenantId(int tenantId) {
this.tenantId = tenantId;
}
}

@ -0,0 +1,118 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.apimgt.handlers.config;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlElementWrapper;
import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.bind.annotation.XmlValue;
import java.util.List;
@XmlRootElement(name = "ServerConfiguration")
public class IOTServerConfiguration {
private String hostname;
private String verificationEndpoint;
private String username;
private String password;
private String dynamicClientRegistrationEndpoint;
private String oauthTokenEndpoint;
private List<ContextPath> apis;
@XmlElement(name = "Hostname", required = true)
public String getHostname() {
return hostname;
}
public void setHostname(String hostname) {
this.hostname = hostname;
}
@XmlElement(name = "VerificationEndpoint", required = true)
public String getVerificationEndpoint() {
return verificationEndpoint;
}
public void setVerificationEndpoint(String verificationEndpoint) {
this.verificationEndpoint = verificationEndpoint;
}
@XmlElement(name = "Username", required = true)
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
@XmlElement(name = "Password", required = true)
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
@XmlElement(name = "DynamicClientRegistrationEndpoint", required = true)
public String getDynamicClientRegistrationEndpoint() {
return dynamicClientRegistrationEndpoint;
}
public void setDynamicClientRegistrationEndpoint(String dynamicClientRegistrationEndpoint) {
this.dynamicClientRegistrationEndpoint = dynamicClientRegistrationEndpoint;
}
@XmlElement(name = "OauthTokenEndpoint", required = true)
public String getOauthTokenEndpoint() {
return oauthTokenEndpoint;
}
public void setOauthTokenEndpoint(String oauthTokenEndpoint) {
this.oauthTokenEndpoint = oauthTokenEndpoint;
}
@XmlElementWrapper(name="APIS")
@XmlElement(name = "ContextPath", required = true)
public List<ContextPath> getApis() {
return apis;
}
public void setApis(List<ContextPath> apis) {
this.apis = apis;
}
@XmlRootElement(name = "ContextPath")
public static class ContextPath {
private String contextPath;
@XmlValue()
public String getContextPath() {
return contextPath;
}
public void setContextPath(String contextPath) {
this.contextPath = contextPath;
}
}
}

@ -0,0 +1,26 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.apimgt.handlers.invoker;
public class RESTConstants {
static String REST_CLIENT_CONFIG_ELEMENT = "restClientConfiguration";
static String REST_CLIENT_MAX_TOTAL_CONNECTIONS = "maxTotalConnections";
static String REST_CLIENT_MAX_CONNECTIONS_PER_ROUTE = "maxConnectionsPerRoute";
static String REST_CLEINT_CONNECTION_TIMEOUT = "connectionTimeout";
static String REST_CLEINT_SOCKET_TIMEOUT = "socketTimeout";
}

@ -0,0 +1,350 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.apimgt.handlers.invoker;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.util.AXIOMUtil;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.Header;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.*;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.util.EntityUtils;
import org.wso2.carbon.apimgt.handlers.utils.AuthConstants;
import org.wso2.carbon.apimgt.handlers.utils.CoreUtils;
import org.wso2.carbon.utils.CarbonUtils;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamException;
import java.io.File;
import java.io.IOException;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.util.Iterator;
import java.util.Map;
public class RESTInvoker {
private static final Log log = LogFactory.getLog(RESTInvoker.class);
private int maxTotalConnections = 100;
private int maxTotalConnectionsPerRoute = 100;
private int connectionTimeout = 120000;
private int socketTimeout = 120000;
private CloseableHttpClient client = null;
private PoolingHttpClientConnectionManager connectionManager = null;
public RESTInvoker() {
configureHttpClient();
}
// private void parseConfiguration() {
// String carbonConfigDirPath = CarbonUtils.getCarbonConfigDirPath();
// String apiFilterConfigPath = carbonConfigDirPath + File.separator +
// AuthConstants.AUTH_CONFIGURATION_FILE_NAME;
// File configFile = new File(apiFilterConfigPath);
//
// try {
// String configContent = FileUtils.readFileToString(configFile);
// OMElement configElement = AXIOMUtil.stringToOM(configContent);
// Iterator beans = configElement.getChildrenWithName(
// new QName("http://www.springframework.org/schema/beans", "bean"));
//
// while (beans.hasNext()) {
// OMElement bean = (OMElement) beans.next();
// String beanId = bean.getAttributeValue(new QName(null, "id"));
// if (beanId.equals(RESTConstants.REST_CLIENT_CONFIG_ELEMENT)) {
// Iterator beanProps = bean.getChildrenWithName(
// new QName("http://www.springframework.org/schema/beans", "property"));
//
// while (beanProps.hasNext()) {
// OMElement beanProp = (OMElement) beanProps.next();
// String beanName = beanProp.getAttributeValue(new QName(null, "name"));
// if (RESTConstants.REST_CLIENT_MAX_TOTAL_CONNECTIONS.equals(beanName)) {
// String value = beanProp.getAttributeValue(new QName(null, "value"));
// if (value != null && !value.trim().equals("")) {
// maxTotalConnections = Integer.parseInt(value);
// }
// CoreUtils.debugLog(log, "Max total http connections ", maxTotalConnections);
// } else if (RESTConstants.REST_CLIENT_MAX_CONNECTIONS_PER_ROUTE.equals(beanName)) {
// String value = beanProp.getAttributeValue(new QName(null, "value"));
// if (value != null && !value.trim().equals("")) {
// maxTotalConnectionsPerRoute = Integer.parseInt(value);
// }
// CoreUtils.debugLog(log, "Max total client connections per route ", maxTotalConnectionsPerRoute);
// } else if (RESTConstants.REST_CLEINT_CONNECTION_TIMEOUT.equals(beanName)) {
// String value = beanProp.getAttributeValue(new QName(null, "value"));
// if (value != null && !value.trim().equals("")) {
// connectionTimeout = Integer.parseInt(value);
// }
// } else if (RESTConstants.REST_CLEINT_SOCKET_TIMEOUT.equals(beanName)) {
// String value = beanProp.getAttributeValue(new QName(null, "value"));
// if (value != null && !value.trim().equals("")) {
// socketTimeout = Integer.parseInt(value);
// }
// }
// }
// }
// }
// } catch (XMLStreamException e) {
// log.error("Error in processing http connection settings, using default settings", e);
// } catch (IOException e) {
// log.error("Error in processing http connection settings, using default settings", e);
// }
// }
private void configureHttpClient() {
// parseConfiguration();
RequestConfig defaultRequestConfig = RequestConfig.custom()
.setExpectContinueEnabled(true)
.setConnectTimeout(connectionTimeout)
.setSocketTimeout(socketTimeout)
.build();
connectionManager = new PoolingHttpClientConnectionManager();
connectionManager.setDefaultMaxPerRoute(maxTotalConnectionsPerRoute);
connectionManager.setMaxTotal(maxTotalConnections);
client = HttpClients.custom()
.setConnectionManager(connectionManager)
.setDefaultRequestConfig(defaultRequestConfig)
.build();
if(log.isDebugEnabled()){
log.debug("REST client initialized with " +
"maxTotalConnection = " + maxTotalConnections +
"maxConnectionsPerRoute = " + maxTotalConnectionsPerRoute +
"connectionTimeout = " + connectionTimeout);
}
//
// CoreUtils.debugLog(log, "REST client initialized with ",
// "maxTotalConnection = ", maxTotalConnections,
// "maxConnectionsPerRoute = ", maxTotalConnectionsPerRoute,
// "connectionTimeout = ", connectionTimeout);
}
public void closeHttpClient() {
IOUtils.closeQuietly(client);
IOUtils.closeQuietly(connectionManager);
}
/**
* Invokes the http GET method
*
* @param uri endpoint/service url
* @param requestHeaders header list
* @param username username for authentication
* @param password password for authentication
* @return RESTResponse of the GET request (can be the response body or the response status code)
* @throws Exception
*/
public RESTResponse invokeGET(URI uri, Map<String, String> requestHeaders, String username, String password) throws IOException {
HttpGet httpGet = null;
CloseableHttpResponse response = null;
Header[] headers;
int httpStatus;
String contentType;
String output;
try {
httpGet = new HttpGet(uri);
if (requestHeaders != null && !requestHeaders.isEmpty()) {
Object keys[] = requestHeaders.keySet().toArray();
for (Object header : keys) {
httpGet.setHeader(header.toString(), requestHeaders.get(header).toString());
}
}
response = sendReceiveRequest(httpGet, username, password);
output = IOUtils.toString(response.getEntity().getContent());
headers = response.getAllHeaders();
httpStatus = response.getStatusLine().getStatusCode();
contentType = response.getEntity().getContentType().getValue();
if (log.isDebugEnabled()) {
log.debug("Invoked GET " + uri.toString() + " - Response message: " + output);
}
EntityUtils.consume(response.getEntity());
} finally {
if (response != null) {
IOUtils.closeQuietly(response);
}
if (httpGet != null) {
httpGet.releaseConnection();
}
}
return new RESTResponse(contentType, output, headers, httpStatus);
}
public RESTResponse invokePOST(URI uri, Map<String, String> requestHeaders, String username,
String password, String payload) throws IOException {
HttpPost httpPost = null;
CloseableHttpResponse response = null;
Header[] headers;
int httpStatus;
String contentType;
String output;
try {
httpPost = new HttpPost(uri);
httpPost.setEntity(new StringEntity(payload));
if (requestHeaders != null && !requestHeaders.isEmpty()) {
Object keys[] = requestHeaders.keySet().toArray();
for (Object header : keys) {
httpPost.setHeader(header.toString(), requestHeaders.get(header).toString());
}
}
response = sendReceiveRequest(httpPost, username, password);
output = IOUtils.toString(response.getEntity().getContent());
headers = response.getAllHeaders();
httpStatus = response.getStatusLine().getStatusCode();
contentType = response.getEntity().getContentType().getValue();
if (log.isDebugEnabled()) {
log.debug("Invoked POST " + uri.toString() +
" - Input payload: " + payload + " - Response message: " + output);
}
EntityUtils.consume(response.getEntity());
} finally {
if (response != null) {
IOUtils.closeQuietly(response);
}
if (httpPost != null) {
httpPost.releaseConnection();
}
}
return new RESTResponse(contentType, output, headers, httpStatus);
}
/**
* Invokes the http PUT method
*
* @param uri endpoint/service url
* @param requestHeaders header list
* @param username username for authentication
* @param password password for authentication
* @param payload payload body passed
* @return RESTResponse of the PUT request (can be the response body or the response status code)
* @throws Exception
*/
public RESTResponse invokePUT(URI uri, Map<String, String> requestHeaders, String username, String password,
String payload) throws IOException {
HttpPut httpPut = null;
CloseableHttpResponse response = null;
Header[] headers;
int httpStatus;
String contentType;
String output;
try {
httpPut = new HttpPut(uri);
httpPut.setEntity(new StringEntity(payload));
if (requestHeaders != null && !requestHeaders.isEmpty()) {
Object keys[] = requestHeaders.keySet().toArray();
for (Object header : keys) {
httpPut.setHeader(header.toString(), requestHeaders.get(header).toString());
}
}
response = sendReceiveRequest(httpPut, username, password);
output = IOUtils.toString(response.getEntity().getContent());
headers = response.getAllHeaders();
httpStatus = response.getStatusLine().getStatusCode();
contentType = response.getEntity().getContentType().getValue();
if (log.isDebugEnabled()) {
log.debug("Invoked PUT " + uri.toString() + " - Response message: " + output);
}
EntityUtils.consume(response.getEntity());
} finally {
if (response != null) {
IOUtils.closeQuietly(response);
}
if (httpPut != null) {
httpPut.releaseConnection();
}
}
return new RESTResponse(contentType, output, headers, httpStatus);
}
/**
* Invokes the http DELETE method
*
* @param uri endpoint/service url
* @param requestHeaders header list
* @param username username for authentication
* @param password password for authentication
* @return RESTResponse of the DELETE (can be the response status code or the response body)
* @throws Exception
*/
public RESTResponse invokeDELETE(URI uri, Map<String, String> requestHeaders, String username, String password) throws IOException {
HttpDelete httpDelete = null;
CloseableHttpResponse response = null;
Header[] headers;
int httpStatus;
String contentType;
String output;
try {
httpDelete = new HttpDelete(uri);
if (requestHeaders != null && !requestHeaders.isEmpty()) {
Object keys[] = requestHeaders.keySet().toArray();
for (Object header : keys) {
httpDelete.setHeader(header.toString(), requestHeaders.get(header).toString());
}
}
response = sendReceiveRequest(httpDelete, username, password);
output = IOUtils.toString(response.getEntity().getContent());
headers = response.getAllHeaders();
httpStatus = response.getStatusLine().getStatusCode();
contentType = response.getEntity().getContentType().getValue();
if (log.isDebugEnabled()) {
log.debug("Invoked DELETE " + uri.toString() + " - Response message: " + output);
}
EntityUtils.consume(response.getEntity());
} finally {
if (response != null) {
IOUtils.closeQuietly(response);
}
if (httpDelete != null) {
httpDelete.releaseConnection();
}
}
return new RESTResponse(contentType, output, headers, httpStatus);
}
private CloseableHttpResponse sendReceiveRequest(HttpRequestBase requestBase, String username, String password)
throws IOException {
CloseableHttpResponse response;
if (username != null && !username.equals("") && password != null) {
String combinedCredentials = username + ":" + password;
byte[] encodedCredentials = Base64.encodeBase64(combinedCredentials.getBytes(StandardCharsets.UTF_8));
requestBase.addHeader("Authorization", "Basic " + new String(encodedCredentials));
response = client.execute(requestBase);
} else {
response = client.execute(requestBase);
}
return response;
}
}

@ -0,0 +1,81 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.apimgt.handlers.invoker;
import org.apache.http.Header;
/**
* RESTResponse class holds the data retrieved from the HTTP invoke response.
*/
public class RESTResponse {
private String contentType;
private String content;
private Header[] headers;
private int httpStatus;
/**
* Constructor
*
* @param contentType from the REST invoke response
* @param content from the REST invoke response
* @param headers from the REST invoke response
* @param httpStatus from the REST invoke response
*/
public RESTResponse(String contentType, String content, Header[] headers, int httpStatus) {
this.contentType = contentType;
this.content = content;
this.headers = headers;
this.httpStatus = httpStatus;
}
/**
* Get the content type of the EST invoke response
*
* @return String content type of the response
*/
public String getContentType() {
return contentType;
}
/**
* Get contents of the REST invoke response
*
* @return contents of the REST invoke response
*/
public String getContent() {
return content;
}
/**
* Get headers of the REST invoke response
*
* @return headers of the REST invoke response
*/
public Header[] getHeaders() {
return headers;
}
/**
* Get the HTTP Status code from REST invoke response
*
* @return int HTTP status code
*/
public int getHttpStatus() {
return httpStatus;
}
}

@ -0,0 +1,36 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.apimgt.handlers.utils;
public class AuthConstants {
public static final String SEC_FAULT = "SECURITY_VALIDATION_FAILURE";
public static final String HTTPS = "https";
public static final String WSSE = "wsse";
public static final String AUTH_CONFIGURATION_FILE_NAME = "api-filter-config.xml";
public static final String API_FILTER_CONFIG_ELEMENT = "apiFilterConfig";
public static final String API_LIST_PROPERTY = "apiList";
public static final String HOST = "host";
public static final String HTTPS_PORT = "httpsPort";
public static final String USERNAME = "username";
public static final String PASSWORD = "password";
public static final String IOS_VERIFY_ENDPOINT = "ios-verify-endpoint";
public static final String ANDROID_VERIFY_ENDPOINT = "android-verify-endpoint";
public static final String MDM_SIGNATURE = "mdm-signature";
public static final String PROXY_MUTUAL_AUTH_HEADER = "proxy-mutual-auth-header";
public static final String ENCODED_PEM = "encoded-pem";
}

@ -0,0 +1,156 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.apimgt.handlers.utils;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.util.AXIOMUtil;
import org.apache.commons.io.FileUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.utils.CarbonUtils;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamException;
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
public class CoreUtils {
private static final Log log = LogFactory.getLog(CoreUtils.class);
private static String host = "localhost";
private static int httpsPort = 9443;
private static String username = "admin";
private static String password = "admin";
private static String iosVerifyEndpoint = "/api/certificate-mgt/v1.0/admin/certificates/verify/ios";
private static String androidVerifyEndpoint = "/api/certificate-mgt/v1.0/admin/certificates/verify/android";
// /**
// * Reading configurations from api-filter-config.xml file
// *
// * @return ArrayList of api contexts
// */
// public static ArrayList<String> readApiFilterList() {
// ArrayList<String> apiList = new ArrayList<String>();
// String carbonConfigDirPath = CarbonUtils.getCarbonConfigDirPath();
// String apiFilterConfigPath = carbonConfigDirPath + File.separator +
// AuthConstants.AUTH_CONFIGURATION_FILE_NAME;
// File configFile = new File(apiFilterConfigPath);
//
// try {
// String configContent = FileUtils.readFileToString(configFile);
// OMElement configElement = AXIOMUtil.stringToOM(configContent);
// Iterator beans = configElement.getChildrenWithName(
// new QName("http://www.springframework.org/schema/beans", "bean"));
//
// while (beans.hasNext()) {
// OMElement bean = (OMElement) beans.next();
// String beanId = bean.getAttributeValue(new QName(null, "id"));
// if (beanId.equals(AuthConstants.API_FILTER_CONFIG_ELEMENT)) {
// Iterator beanProps = bean.getChildrenWithName(
// new QName("http://www.springframework.org/schema/beans", "property"));
//
// while (beanProps.hasNext()) {
// OMElement beanProp = (OMElement) beanProps.next();
// String beanName = beanProp.getAttributeValue(new QName(null, "name"));
// if (AuthConstants.API_LIST_PROPERTY.equals(beanName)) {
// Iterator apiListSet = ((OMElement) beanProp.getChildrenWithLocalName("set").next())
// .getChildrenWithLocalName("value");
// while (apiListSet.hasNext()) {
// String apiContext = ((OMElement) apiListSet.next()).getText();
// apiList.add(apiContext);
// CoreUtils.debugLog(log, "Adding security to api: ", apiContext);
// }
// } else if (AuthConstants.HOST.equals(beanName)) {
// String value = beanProp.getAttributeValue(new QName(null, "value"));
// host = value;
// } else if (AuthConstants.HTTPS_PORT.equals(beanName)) {
// String value = beanProp.getAttributeValue(new QName(null, "value"));
// if (value != null && !value.trim().equals("")) {
// httpsPort = Integer.parseInt(value);
// }
// } else if (AuthConstants.USERNAME.equals(beanName)) {
// String value = beanProp.getAttributeValue(new QName(null, "value"));
// username = value;
// } else if (AuthConstants.PASSWORD.equals(beanName)) {
// String value = beanProp.getAttributeValue(new QName(null, "value"));
// password = value;
// } else if (AuthConstants.IOS_VERIFY_ENDPOINT.equals(beanName)) {
// String value = beanProp.getAttributeValue(new QName(null, "value"));
// iosVerifyEndpoint = value;
// } else if (AuthConstants.ANDROID_VERIFY_ENDPOINT.equals(beanName)) {
// String value = beanProp.getAttributeValue(new QName(null, "value"));
// androidVerifyEndpoint = value;
// }
// }
// }
// }
// } catch (IOException e) {
// log.error("Error in reading api filter settings", e);
// } catch (XMLStreamException e) {
// log.error("Error in reading api filter settings", e);
// }
// return apiList;
// }
//
// /**
// * Universal debug log function
// *
// * @param logger Log object specific to the class
// * @param message initial debug log message
// * @param vars optional strings to be appended for the log
// */
// public static void debugLog(Log logger, String message, Object ... vars) {
// if(logger.isDebugEnabled()) {
// if (vars.length < 1) {
// logger.debug(message);
// return;
// }
// StringBuilder stringBuilder = new StringBuilder();
// stringBuilder.append(message);
// for (Object var : vars) {
// stringBuilder.append(var.toString());
// }
// logger.debug(stringBuilder.toString());
// }
// }
public static String getHost() {
return host;
}
public static int getHttpsPort() {
return httpsPort;
}
public static String getUsername() {
return username;
}
public static String getPassword() {
return password;
}
public static String getIosVerifyEndpoint() {
return iosVerifyEndpoint;
}
public static String getAndroidVerifyEndpoint() {
return androidVerifyEndpoint;
}
}

@ -0,0 +1,154 @@
/*
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.apimgt.handlers.utils;
import com.google.gson.Gson;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.util.Base64;
import org.json.JSONException;
import org.json.JSONObject;
import org.w3c.dom.Document;
import org.wso2.carbon.apimgt.handlers.APIMCertificateMGTExcepton;
import org.wso2.carbon.apimgt.handlers.beans.DCR;
import org.wso2.carbon.apimgt.handlers.config.IOTServerConfiguration;
import org.wso2.carbon.apimgt.handlers.invoker.RESTInvoker;
import org.wso2.carbon.apimgt.handlers.invoker.RESTResponse;
import org.wso2.carbon.utils.CarbonUtils;
import javax.xml.XMLConstants;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import java.io.File;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.HashMap;
import java.util.Map;
public class Utils {
private static final Log log = LogFactory.getLog(Utils.class);
private static final String IOT_APIS_CONFIG_FILE = "iot-api-config.xml";
private static String clientId;
private static String clientSecret;
public static IOTServerConfiguration initConfig() {
try {
String IOTServerAPIConfigurationPath =
CarbonUtils.getCarbonConfigDirPath() + File.separator + IOT_APIS_CONFIG_FILE;
File file = new File(IOTServerAPIConfigurationPath);
Document doc = Utils.convertToDocument(file);
JAXBContext fileContext = JAXBContext.newInstance(IOTServerConfiguration.class);
Unmarshaller unmarshaller = fileContext.createUnmarshaller();
return (IOTServerConfiguration) unmarshaller.unmarshal(doc);
} catch (JAXBException | APIMCertificateMGTExcepton e) {
log.error("Error occurred while initializing Data Source config", e);
return null;
}
}
public static Document convertToDocument(File file) throws APIMCertificateMGTExcepton {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setNamespaceAware(true);
try {
DocumentBuilder docBuilder = factory.newDocumentBuilder();
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
return docBuilder.parse(file);
} catch (Exception e) {
throw new APIMCertificateMGTExcepton("Error occurred while parsing file, while converting " +
"to a org.w3c.dom.Document", e);
}
}
public static String getAccessToken(IOTServerConfiguration iotServerConfiguration)
throws APIMCertificateMGTExcepton {
try {
if (clientId == null || clientSecret == null) {
getClientSecretes(iotServerConfiguration);
}
URI tokenUrl = new URI(iotServerConfiguration.getOauthTokenEndpoint());
String tokenContent = "grant_type=password&username=" + iotServerConfiguration.getUsername()+ "&password=" +
iotServerConfiguration.getPassword() + "&scope=activity-view";
String tokenBasicAuth = "Basic " + Base64.encode((clientId + ":" + clientSecret).getBytes());
Map<String, String> tokenHeaders = new HashMap<String, String>();
tokenHeaders.put("Authorization", tokenBasicAuth);
tokenHeaders.put("Content-Type", "application/x-www-form-urlencoded");
RESTInvoker restInvoker = new RESTInvoker();
RESTResponse response = restInvoker.invokePOST(tokenUrl, tokenHeaders, null,
null, tokenContent);
if(log.isDebugEnabled()) {
log.debug("Token response:" + response.getContent());
}
JSONObject jsonResponse = new JSONObject(response.getContent());
String accessToken = jsonResponse.getString("access_token");
return accessToken;
} catch (URISyntaxException e) {
throw new APIMCertificateMGTExcepton("Error occurred while trying to call oauth token endpoint", e);
} catch (JSONException e) {
throw new APIMCertificateMGTExcepton("Error occurred while converting the json to object", e);
} catch (IOException e) {
throw new APIMCertificateMGTExcepton("Error occurred while trying to call oauth token endpoint", e);
}
}
private static void getClientSecretes(IOTServerConfiguration iotServerConfiguration)
throws APIMCertificateMGTExcepton {
try {
DCR dcr = new DCR();
dcr.setOwner(iotServerConfiguration.getUsername());
dcr.setClientName("IOT-API-MANAGER");
dcr.setGrantType("refresh_token password client_credentials");
dcr.setTokenScope("default");
Gson gson = new Gson();
String dcrContent = gson.toJson(dcr);
Map<String, String> drcHeaders = new HashMap<String, String>();
drcHeaders.put("Content-Type", "application/json");
URI dcrUrl = new URI(iotServerConfiguration.getDynamicClientRegistrationEndpoint());
RESTInvoker restInvoker = new RESTInvoker();
RESTResponse response = restInvoker.invokePOST(dcrUrl, drcHeaders, null,
null, dcrContent);
if (log.isDebugEnabled()) {
log.debug("DCR response :" + response.getContent());
}
JSONObject jsonResponse = new JSONObject(response.getContent());
clientId = jsonResponse.getString("client_id");
clientSecret = jsonResponse.getString("client_secret");
} catch (JSONException e) {
throw new APIMCertificateMGTExcepton("Error occurred while converting the json to object", e);
} catch (IOException e) {
throw new APIMCertificateMGTExcepton("Error occurred while trying to call DCR endpoint", e);
} catch (URISyntaxException e) {
throw new APIMCertificateMGTExcepton("Error occurred while trying to call DCR endpoint", e);
}
}
}

@ -0,0 +1,40 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<!--
~ Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
~
~ WSO2 Inc. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
~ in compliance with the License.
~ you may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->
<ServerConfiguration>
<!-- IoT server host name, this is referred from APIM gateway to call to IoT server for certificate validation-->
<Hostname>https://localhost:9443/</Hostname>
<!--End point to verify the certificate-->
<VerificationEndpoint>https://localhost:9443/api/certificate-mgt/v1.0/admin/certificates/verify/</VerificationEndpoint>
<!--Admin username/password - this is to use for oauth token generation-->
<Username>admin</Username>
<Password>admin</Password>
<!--Dynamic client registration endpoint-->
<DynamicClientRegistrationEndpoint>https://localhost:9443/dynamic-client-web/register</DynamicClientRegistrationEndpoint>
<!--Oauth token endpoint-->
<OauthTokenEndpoint>https://localhost:9443/oauth2/token</OauthTokenEndpoint>
<APIS>
<ContextPath>/services/echo</ContextPath>
</APIS>
</ServerConfiguration>

@ -38,6 +38,7 @@
<module>org.wso2.carbon.apimgt.application.extension</module> <module>org.wso2.carbon.apimgt.application.extension</module>
<module>org.wso2.carbon.apimgt.application.extension.api</module> <module>org.wso2.carbon.apimgt.application.extension.api</module>
<module>org.wso2.carbon.apimgt.annotations</module> <module>org.wso2.carbon.apimgt.annotations</module>
<module>org.wso2.carbon.apimgt.handlers</module>
</modules> </modules>
<build> <build>

@ -149,6 +149,11 @@
<artifactId>org.wso2.carbon.certificate.mgt.core</artifactId> <artifactId>org.wso2.carbon.certificate.mgt.core</artifactId>
<scope>provided</scope> <scope>provided</scope>
</dependency> </dependency>
<dependency>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>org.wso2.carbon.identity.jwt.client.extension</artifactId>
<scope>provided</scope>
</dependency>
<dependency> <dependency>
<groupId>io.swagger</groupId> <groupId>io.swagger</groupId>
<artifactId>swagger-annotations</artifactId> <artifactId>swagger-annotations</artifactId>

@ -18,6 +18,7 @@ import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.EnrollmentCertificat
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.ErrorResponse; import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.ErrorResponse;
import org.wso2.carbon.certificate.mgt.core.dto.CertificateResponse; import org.wso2.carbon.certificate.mgt.core.dto.CertificateResponse;
import javax.validation.constraints.Size;
import javax.ws.rs.*; import javax.ws.rs.*;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
@ -337,4 +338,125 @@ public interface CertificateManagementAdminService {
defaultValue = "12438035315552875930") defaultValue = "12438035315552875930")
@PathParam("serialNumber") String serialNumber); @PathParam("serialNumber") String serialNumber);
// /**
// * Verify IOS Certificate for the API security filter
// *
// * @param certificate to be verified as a String
// * @return Status of the certificate verification.
// */
// @POST
// @Path("/verify/ios")
// @ApiOperation(
// consumes = MediaType.APPLICATION_JSON,
// produces = MediaType.APPLICATION_JSON,
// httpMethod = "POST",
// value = "Verify IOS SSL certificate",
// notes = "Verify IOS Certificate for the API security filter.\n",
// tags = "Certificate Management")
// @ApiResponses(
// value = {
// @ApiResponse(
// code = 200,
// message = "Return the status of the IOS certificate verification.",
// responseHeaders = {
// @ResponseHeader(
// name = "Content-Type",
// description = "The content type of the body")}),
// @ApiResponse(
// code = 400,
// message = "Bad Request. \n Invalid request or validation error.",
// response = ErrorResponse.class)
// })
// Response verifyIOSCertificate(
// @ApiParam(
// name = "certificate",
// value = "The properties to verify certificate. It includes the following: \n" +
// "serial: The unique ID of the certificate. (optional) \n" +
// "pem: mdm-signature of the certificate",
// required = true) EnrollmentCertificate certificate);
//
// /**
// * Verify Android Certificate for the API security filter
// *
// * @param certificate to be verified as a String
// * @return Status of the certificate verification.
// */
// @POST
// @Path("/verify/android")
// @ApiOperation(
// consumes = MediaType.APPLICATION_JSON,
// produces = MediaType.APPLICATION_JSON,
// httpMethod = "POST",
// value = "Verify Android SSL certificate",
// notes = "Verify Android Certificate for the API security filter.\n",
// tags = "Certificate Management")
// @ApiResponses(
// value = {
// @ApiResponse(
// code = 200,
// message = "Return the status of the Android certificate verification.",
// responseHeaders = {
// @ResponseHeader(
// name = "Content-Type",
// description = "The content type of the body")}),
// @ApiResponse(
// code = 400,
// message = "Bad Request. \n Invalid request or validation error.",
// response = ErrorResponse.class)
// })
// Response verifyAndroidCertificate(
// @ApiParam(
// name = "certificate",
// value = "The properties to verify certificate. It includes the following: \n" +
// "serial: The unique ID of the certificate. (optional) \n" +
// "pem: pem String of the certificate",
// required = true) EnrollmentCertificate certificate);
//
/**
* Verify Android Certificate for the API security filter
*
* @param certificate to be verified as a String
* @return Status of the certificate verification.
*/
@POST
@Path("/verify/{type}")
@ApiOperation(
consumes = MediaType.APPLICATION_JSON,
produces = MediaType.APPLICATION_JSON,
httpMethod = "POST",
value = "Verify Android SSL certificate",
notes = "Verify Android Certificate for the API security filter.\n",
tags = "Certificate Management")
@ApiResponses(
value = {
@ApiResponse(
code = 200,
message = "Return the status of the Android certificate verification.",
responseHeaders = {
@ResponseHeader(
name = "Content-Type",
description = "The content type of the body")}),
@ApiResponse(
code = 400,
message = "Bad Request. \n Invalid request or validation error.",
response = ErrorResponse.class)
})
Response verifyCertificate(
@ApiParam(
name = "type",
value = "The device type, such as ios, android or windows.",
required = true,
allowableValues = "android, ios, windows")
@PathParam("type")
@Size(max = 45)
String type,
@ApiParam(
name = "certificate",
value = "The properties to verify certificate. It includes the following: \n" +
"serial: The unique ID of the certificate. (optional) \n" +
"pem: pem String of the certificate",
required = true) EnrollmentCertificate certificate);
} }

@ -0,0 +1,61 @@
/*
* Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* WSO2 Inc. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans;
public class ValidationResponce {
private String JWTToken; // X-JWT-Assertion
private String deviceId;
private String deviceType;
private int tenantId;
public String getJWTToken() {
return JWTToken;
}
public void setJWTToken(String JWTToken) {
this.JWTToken = JWTToken;
}
public String getDeviceId() {
return deviceId;
}
public void setDeviceId(String deviceId) {
this.deviceId = deviceId;
}
public String getDeviceType() {
return deviceType;
}
public void setDeviceType(String deviceType) {
this.deviceType = deviceType;
}
public int getTenantId() {
return tenantId;
}
public void setTenantId(int tenantId) {
this.tenantId = tenantId;
}
}

@ -6,14 +6,22 @@ import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.CertificateManagementAdmin
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.CertificateList; import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.CertificateList;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.EnrollmentCertificate; import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.EnrollmentCertificate;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.ErrorResponse; import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.ErrorResponse;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.beans.ValidationResponce;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.util.CertificateMgtAPIUtils; import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.util.CertificateMgtAPIUtils;
import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.util.RequestValidationUtil; import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.util.RequestValidationUtil;
import org.wso2.carbon.certificate.mgt.core.dto.CertificateResponse; import org.wso2.carbon.certificate.mgt.core.dto.CertificateResponse;
import org.wso2.carbon.certificate.mgt.core.exception.CertificateManagementException; import org.wso2.carbon.certificate.mgt.core.exception.CertificateManagementException;
import org.wso2.carbon.certificate.mgt.core.exception.KeystoreException; import org.wso2.carbon.certificate.mgt.core.exception.KeystoreException;
import org.wso2.carbon.certificate.mgt.core.scep.SCEPException;
import org.wso2.carbon.certificate.mgt.core.scep.SCEPManager;
import org.wso2.carbon.certificate.mgt.core.scep.TenantedDeviceWrapper;
import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService; import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService;
import org.wso2.carbon.certificate.mgt.core.service.PaginationResult; import org.wso2.carbon.certificate.mgt.core.service.PaginationResult;
import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
import org.wso2.carbon.device.mgt.common.DeviceManagementConstants;
import org.wso2.carbon.identity.jwt.client.extension.exception.JWTClientException;
import org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService;
import javax.ws.rs.*; import javax.ws.rs.*;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
@ -25,6 +33,7 @@ import java.util.List;
public class CertificateManagementAdminServiceImpl implements CertificateManagementAdminService { public class CertificateManagementAdminServiceImpl implements CertificateManagementAdminService {
private static Log log = LogFactory.getLog(CertificateManagementAdminServiceImpl.class); private static Log log = LogFactory.getLog(CertificateManagementAdminServiceImpl.class);
private static final String PROXY_AUTH_MUTUAL_HEADER = "proxy-mutual-auth-header";
/** /**
* Save a list of certificates and relevant information in the database. * Save a list of certificates and relevant information in the database.
@ -138,4 +147,138 @@ public class CertificateManagementAdminServiceImpl implements CertificateManagem
} }
} }
// @POST
// @Path("/verify/ios")
// public Response verifyIOSCertificate(@ApiParam(name = "certificate", value = "Mdm-Signature of the " +
// "certificate that needs to be verified", required = true) EnrollmentCertificate certificate) {
// try {
// CertificateManagementService certMgtService = CertificateMgtAPIUtils.getCertificateManagementService();
// X509Certificate cert = certMgtService.extractCertificateFromSignature(certificate.getPem());
// String challengeToken = certMgtService.extractChallengeToken(cert);
//
// if (challengeToken != null) {
// challengeToken = challengeToken.substring(challengeToken.indexOf("(") + 1).trim();
//
// SCEPManager scepManager = CertificateMgtAPIUtils.getSCEPManagerService();
// DeviceIdentifier deviceIdentifier = new DeviceIdentifier();
// deviceIdentifier.setId(challengeToken);
// deviceIdentifier.setType(DeviceManagementConstants.MobileDeviceTypes.MOBILE_DEVICE_TYPE_IOS);
// TenantedDeviceWrapper tenantedDeviceWrapper = scepManager.getValidatedDevice(deviceIdentifier);
//
// if (tenantedDeviceWrapper != null) {
// return Response.status(Response.Status.OK).entity("valid").build();
// }
// }
// } catch (SCEPException e) {
// String msg = "Error occurred while extracting information from certificate.";
// log.error(msg, e);
// return Response.serverError().entity(
// new ErrorResponse.ErrorResponseBuilder().setCode(500l).setMessage(msg).build()).build();
// } catch (KeystoreException e) {
// String msg = "Error occurred while converting PEM file to X509Certificate.";
// log.error(msg, e);
// return Response.serverError().entity(
// new ErrorResponse.ErrorResponseBuilder().setCode(500l).setMessage(msg).build()).build();
// }
// return Response.status(Response.Status.OK).entity("invalid").build();
// }
//
// @POST
// @Path("/verify/android")
// public Response verifyAndroidCertificate(@ApiParam(name = "certificate", value = "Base64 encoded .pem file of the " +
// "certificate that needs to be verified", required = true) EnrollmentCertificate certificate) {
// CertificateResponse certificateResponse = null;
// try {
// CertificateManagementService certMgtService = CertificateMgtAPIUtils.getCertificateManagementService();
// if (certificate.getSerial().toLowerCase().contains(PROXY_AUTH_MUTUAL_HEADER)) {
// certificateResponse = certMgtService.verifySubjectDN(certificate.getPem());
// } else {
// X509Certificate clientCertificate = certMgtService.pemToX509Certificate(certificate.getPem());
// if (clientCertificate != null) {
// certificateResponse = certMgtService.verifyPEMSignature(clientCertificate);
// }
// }
//
// if (certificateResponse != null && certificateResponse.getCommonName() != null && !certificateResponse
// .getCommonName().isEmpty()) {
// return Response.status(Response.Status.OK).entity("valid").build();
// }
// } catch (KeystoreException e) {
// String msg = "Error occurred while converting PEM file to X509Certificate.";
// log.error(msg, e);
// return Response.serverError().entity(
// new ErrorResponse.ErrorResponseBuilder().setCode(500l).setMessage(msg).build()).build();
// }
// return Response.status(Response.Status.OK).entity("invalid").build();
// }
@POST
@Path("/verify/{type}")
public Response verifyCertificate(@PathParam("type") String type, EnrollmentCertificate certificate) {
try {
CertificateManagementService certMgtService = CertificateMgtAPIUtils.getCertificateManagementService();
if (DeviceManagementConstants.MobileDeviceTypes.MOBILE_DEVICE_TYPE_IOS.equalsIgnoreCase(type)) {
X509Certificate cert = certMgtService.extractCertificateFromSignature(certificate.getPem());
String challengeToken = certMgtService.extractChallengeToken(cert);
if (challengeToken != null) {
challengeToken = challengeToken.substring(challengeToken.indexOf("(") + 1).trim();
SCEPManager scepManager = CertificateMgtAPIUtils.getSCEPManagerService();
DeviceIdentifier deviceIdentifier = new DeviceIdentifier();
deviceIdentifier.setId(challengeToken);
deviceIdentifier.setType(DeviceManagementConstants.MobileDeviceTypes.MOBILE_DEVICE_TYPE_IOS);
TenantedDeviceWrapper tenantedDeviceWrapper = scepManager.getValidatedDevice(deviceIdentifier);
JWTClientManagerService jwtClientManagerService = CertificateMgtAPIUtils.getJwtClientManagerService();
String jwdToken = jwtClientManagerService.getJWTClient().getJwtToken(
tenantedDeviceWrapper.getDevice().getEnrolmentInfo().getOwner());
ValidationResponce validationResponce = new ValidationResponce();
validationResponce.setDeviceId(challengeToken);
validationResponce.setDeviceType(DeviceManagementConstants.MobileDeviceTypes.MOBILE_DEVICE_TYPE_IOS);
validationResponce.setJWTToken(jwdToken);
validationResponce.setTenantId(tenantedDeviceWrapper.getTenantId());
if (tenantedDeviceWrapper != null) {
return Response.status(Response.Status.OK).entity(validationResponce).build();
}
}
}
if (DeviceManagementConstants.MobileDeviceTypes.MOBILE_DEVICE_TYPE_ANDROID.equalsIgnoreCase(type)) {
CertificateResponse certificateResponse = null;
if (certificate.getSerial().toLowerCase().contains(PROXY_AUTH_MUTUAL_HEADER)) {
certificateResponse = certMgtService.verifySubjectDN(certificate.getPem());
} else {
X509Certificate clientCertificate = certMgtService.pemToX509Certificate(certificate.getPem());
if (clientCertificate != null) {
certificateResponse = certMgtService.verifyPEMSignature(clientCertificate);
}
}
if (certificateResponse != null && certificateResponse.getCommonName() != null && !certificateResponse
.getCommonName().isEmpty()) {
return Response.status(Response.Status.OK).entity("valid").build();
}
}
} catch (SCEPException e) {
String msg = "Error occurred while extracting information from certificate.";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setCode(500l).setMessage(msg).build()).build();
} catch (KeystoreException e) {
String msg = "Error occurred while converting PEM file to X509Certificate.";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setCode(500l).setMessage(msg).build()).build();
} catch (JWTClientException e) {
String msg = "Error occurred while converting PEM file to X509Certificate.";
log.error(msg, e);
return Response.serverError().entity(
new ErrorResponse.ErrorResponseBuilder().setCode(500l).setMessage(msg).build()).build();
}
return Response.status(Response.Status.OK).entity("invalid").build();
}
} }

@ -20,9 +20,11 @@ package org.wso2.carbon.certificate.mgt.cert.jaxrs.api.util;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.certificate.mgt.core.scep.SCEPManager;
import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService; import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService;
import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.device.mgt.core.search.mgt.SearchManagerService; import org.wso2.carbon.device.mgt.core.search.mgt.SearchManagerService;
import org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
@ -50,6 +52,37 @@ public class CertificateMgtAPIUtils {
} }
public static JWTClientManagerService getJwtClientManagerService() {
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
JWTClientManagerService jwtClientManagerService = (JWTClientManagerService)
ctx.getOSGiService(JWTClientManagerService.class, null);
if (jwtClientManagerService == null) {
String msg = "JWTClientManagerService Management service not initialized.";
log.error(msg);
throw new IllegalStateException(msg);
}
return jwtClientManagerService;
}
public static SCEPManager getSCEPManagerService() {
PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
SCEPManager scepManagerService = (SCEPManager)
ctx.getOSGiService(SCEPManager.class, null);
if (scepManagerService == null) {
String msg = "SCEPManagerImpl Management service not initialized.";
log.error(msg);
throw new IllegalStateException(msg);
}
return scepManagerService;
}
public static MediaType getResponseMediaType(String acceptHeader) { public static MediaType getResponseMediaType(String acceptHeader) {
MediaType responseMediaType; MediaType responseMediaType;
if (acceptHeader == null || MediaType.WILDCARD.equals(acceptHeader)) { if (acceptHeader == null || MediaType.WILDCARD.equals(acceptHeader)) {

@ -51,7 +51,8 @@
<Bundle-Version>${carbon.device.mgt.version}</Bundle-Version> <Bundle-Version>${carbon.device.mgt.version}</Bundle-Version>
<Bundle-Description>Device Management Core Bundle</Bundle-Description> <Bundle-Description>Device Management Core Bundle</Bundle-Description>
<Private-Package> <Private-Package>
org.wso2.carbon.certificate.mgt.core.internal org.wso2.carbon.certificate.mgt.core.internal,
org.wso2.carbon.certificate.mgt.core.util
</Private-Package> </Private-Package>
<Import-Package> <Import-Package>
org.osgi.framework, org.osgi.framework,
@ -59,7 +60,7 @@
org.apache.commons.logging, org.apache.commons.logging,
javax.security.auth.x500, javax.security.auth.x500,
javax.xml.*, javax.xml.*,
javax.xml.parsers;version="${javax.xml.parsers.import.pkg.version}";resolution:=optional, javax.xml.parsers;version="${javax.xml.parsers.import.pkg.version}";resolution:=optional,
org.apache.commons.codec.binary, org.apache.commons.codec.binary,
org.bouncycastle.asn1, org.bouncycastle.asn1,
org.bouncycastle.asn1.x500, org.bouncycastle.asn1.x500,
@ -97,6 +98,7 @@
</Import-Package> </Import-Package>
<Export-Package> <Export-Package>
!org.wso2.carbon.certificate.mgt.core.internal.*, !org.wso2.carbon.certificate.mgt.core.internal.*,
!org.wso2.carbon.certificate.mgt.core.util,
org.wso2.carbon.certificate.mgt.core.* org.wso2.carbon.certificate.mgt.core.*
</Export-Package> </Export-Package>
</instructions> </instructions>

@ -108,7 +108,7 @@
"contextParams" : [ "contextParams" : [
{ {
"name" : "Owasp.CsrfGuard.Config", "name" : "Owasp.CsrfGuard.Config",
"value" : "/repository/conf/security/Owasp.CsrfGuard.Carbon.properties" "value" : "/repository/conf/security/Owasp.CsrfGuard.dashboard.properties"
} }
] ]
} }

@ -71,7 +71,7 @@
"contextParams" : [ "contextParams" : [
{ {
"name" : "Owasp.CsrfGuard.Config", "name" : "Owasp.CsrfGuard.Config",
"value" : "/repository/conf/security/Owasp.CsrfGuard.Carbon.properties" "value" : "/repository/conf/security/Owasp.CsrfGuard.dashboard.properties"
} }
] ]
} }

@ -520,7 +520,7 @@ var module = {};
response.sendError(500, msg); response.sendError(500, msg);
return; return;
} }
/** /**
* @type {{sessionId: string, loggedInUser: string, sessionIndex: string, samlToken: * @type {{sessionId: string, loggedInUser: string, sessionIndex: string, samlToken:
* string}} * string}}
@ -533,7 +533,7 @@ var module = {};
if (ssoSession.sessionIndex) { if (ssoSession.sessionIndex) {
module.loadTenant(ssoSession.loggedInUser); module.loadTenant(ssoSession.loggedInUser);
var carbonUser = (require("carbon")).server.tenantUser(ssoSession.loggedInUser); var carbonUser = (require("carbon")).server.tenantUser(ssoSession.loggedInUser);
module.loadTenant(ssoSession.loggedInUser); module.loadTenant(ssoSession.loggedInUser);
utils.setCurrentUser(carbonUser.username, carbonUser.domain, carbonUser.tenantId); utils.setCurrentUser(carbonUser.username, carbonUser.domain, carbonUser.tenantId);
var scriptArgument = {input: {samlToken: ssoSession.samlToken}, user: module.getCurrentUser()}; var scriptArgument = {input: {samlToken: ssoSession.samlToken}, user: module.getCurrentUser()};
handleEvent(OPERATION_LOGIN, EVENT_SUCCESS, scriptArgument); handleEvent(OPERATION_LOGIN, EVENT_SUCCESS, scriptArgument);

@ -17,7 +17,8 @@
~ under the License. ~ under the License.
--> -->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent> <parent>
<groupId>org.wso2.carbon.devicemgt</groupId> <groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>webapp-authenticator-framework</artifactId> <artifactId>webapp-authenticator-framework</artifactId>
@ -81,7 +82,8 @@
org.wso2.carbon.core.util, org.wso2.carbon.core.util,
org.wso2.carbon.identity.base; version="${carbon.identity.imp.pkg.version}", org.wso2.carbon.identity.base; version="${carbon.identity.imp.pkg.version}",
org.wso2.carbon.identity.core.util; version="${carbon.identity.imp.pkg.version}", org.wso2.carbon.identity.core.util; version="${carbon.identity.imp.pkg.version}",
org.wso2.carbon.identity.oauth2.*; version="${carbon.identity-inbound-auth-oauth.imp.pkg.version}", org.wso2.carbon.identity.oauth2.*;
version="${carbon.identity-inbound-auth-oauth.imp.pkg.version}",
org.wso2.carbon.tomcat.ext.valves, org.wso2.carbon.tomcat.ext.valves,
org.wso2.carbon.user.api, org.wso2.carbon.user.api,
org.wso2.carbon.user.core.service, org.wso2.carbon.user.core.service,
@ -111,7 +113,7 @@
org.apache.http.impl.conn, org.apache.http.impl.conn,
javax.xml.soap; version="${javax.xml.soap.imp.pkg.version}", javax.xml.soap; version="${javax.xml.soap.imp.pkg.version}",
javax.xml.stream, javax.xml.stream,
org.apache.axiom.*; version="${axiom.osgi.version.range}", org.apache.axiom.*; version="${axiom.osgi.version.range}",
org.wso2.carbon.registry.core.*, org.wso2.carbon.registry.core.*,
org.wso2.carbon.registry.common.*;version="${carbon.registry.imp.pkg.version.range}", org.wso2.carbon.registry.common.*;version="${carbon.registry.imp.pkg.version.range}",
org.wso2.carbon.registry.indexing.*; version="${carbon.registry.imp.pkg.version.range}", org.wso2.carbon.registry.indexing.*; version="${carbon.registry.imp.pkg.version.range}",

@ -0,0 +1,106 @@
<?xml version="1.0" encoding="utf-8"?>
<!--
~ Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
~
~ WSO2 Inc. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
~ in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<parent>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>apimgt-extensions-feature</artifactId>
<version>2.0.6-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>org.wso2.carbon.apimgt.handler.server.feature</artifactId>
<packaging>pom</packaging>
<version>2.0.6-SNAPSHOT</version>
<name>WSO2 Carbon - Device Management - APIM handler Server Feature</name>
<url>http://wso2.org</url>
<description>This feature contains the handler for the api authentications
</description>
<dependencies>
<dependency>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>org.wso2.carbon.apimgt.handlers</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<version>2.6</version>
<executions>
<execution>
<id>copy-resources</id>
<phase>generate-resources</phase>
<goals>
<goal>copy-resources</goal>
</goals>
<configuration>
<outputDirectory>src/main/resources</outputDirectory>
<resources>
<resource>
<directory>resources</directory>
<includes>
<include>build.properties</include>
<include>p2.inf</include>
</includes>
</resource>
</resources>
</configuration>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.wso2.maven</groupId>
<artifactId>carbon-p2-plugin</artifactId>
<version>${carbon.p2.plugin.version}</version>
<executions>
<execution>
<id>p2-feature-generation</id>
<phase>package</phase>
<goals>
<goal>p2-feature-gen</goal>
</goals>
<configuration>
<id>org.wso2.carbon.apimgt.handler.server</id>
<propertiesFile>../../../features/etc/feature.properties</propertiesFile>
<adviceFile>
<properties>
<propertyDef>org.wso2.carbon.p2.category.type:server</propertyDef>
<propertyDef>org.eclipse.equinox.p2.type.group:false</propertyDef>
</properties>
</adviceFile>
<bundles>
<bundleDef>
org.wso2.carbon.devicemgt:org.wso2.carbon.apimgt.handlers:${carbon.device.mgt.version}
</bundleDef>
<!--<bundleDef>-->
<!--org.apache.ws.security.wso2:wss4j:${org.apache.ws.security.wso2.version}-->
<!--</bundleDef>-->
</bundles>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>

@ -0,0 +1,40 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<!--
~ Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
~
~ WSO2 Inc. licenses this file to you under the Apache License,
~ Version 2.0 (the "License"); you may not use this file except
~ in compliance with the License.
~ you may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing,
~ software distributed under the License is distributed on an
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~ KIND, either express or implied. See the License for the
~ specific language governing permissions and limitations
~ under the License.
-->
<ServerConfiguration>
<!-- IoT server host name, this is referred from APIM gateway to call to IoT server for certificate validation-->
<Hostname>https://localhost:9443/</Hostname>
<!--End point to verify the certificate-->
<VerificationEndpoint>https://localhost:9443/api/certificate-mgt/v1.0/admin/certificates/verify/</VerificationEndpoint>
<!--Admin username/password - this is to use for oauth token generation-->
<Username>admin</Username>
<Password>admin</Password>
<!--Dynamic client registration endpoint-->
<DynamicClientRegistrationEndpoint>https://localhost:9443/dynamic-client-web/register</DynamicClientRegistrationEndpoint>
<!--Oauth token endpoint-->
<OauthTokenEndpoint>https://localhost:9443/oauth2/token</OauthTokenEndpoint>
<APIS>
<ContextPath>/services</ContextPath>
</APIS>
</ServerConfiguration>

@ -0,0 +1,2 @@
instructions.configure = \
org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.apimgt.handler.server_${feature.version}/conf/iot-api-config.xml,target:${installFolder}/../../conf/iot-api-config.xml,overwrite:true);\

@ -37,6 +37,7 @@
<modules> <modules>
<module>org.wso2.carbon.apimgt.webapp.publisher.feature</module> <module>org.wso2.carbon.apimgt.webapp.publisher.feature</module>
<module>org.wso2.carbon.apimgt.application.extension.feature</module> <module>org.wso2.carbon.apimgt.application.extension.feature</module>
<module>org.wso2.carbon.apimgt.handler.server.feature</module>
</modules> </modules>
</project> </project>

@ -314,6 +314,12 @@
<artifactId>org.wso2.carbon.apimgt.application.extension.api</artifactId> <artifactId>org.wso2.carbon.apimgt.application.extension.api</artifactId>
<version>${carbon.device.mgt.version}</version> <version>${carbon.device.mgt.version}</version>
</dependency> </dependency>
<dependency>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>org.wso2.carbon.apimgt.handlers</artifactId>
<version>${carbon.device.mgt.version}</version>
</dependency>
<!-- Device Management dependencies --> <!-- Device Management dependencies -->
<!-- Governance dependencies --> <!-- Governance dependencies -->
@ -1647,6 +1653,17 @@
<artifactId>jersey-core</artifactId> <artifactId>jersey-core</artifactId>
<version>${jersey.version}</version> <version>${jersey.version}</version>
</dependency> </dependency>
<dependency>
<groupId>org.apache.synapse</groupId>
<artifactId>synapse-core</artifactId>
<version>${org.apache.synapse.version}</version>
</dependency>
<dependency>
<groupId>org.apache.ws.security.wso2</groupId>
<artifactId>wss4j</artifactId>
<version>${org.apache.ws.security.wso2.version}</version>
</dependency>
</dependencies> </dependencies>
</dependencyManagement> </dependencyManagement>
@ -2038,6 +2055,10 @@
<!-- apache pdfbox version --> <!-- apache pdfbox version -->
<slf4j.simple.version>1.6.1</slf4j.simple.version> <slf4j.simple.version>1.6.1</slf4j.simple.version>
<!-- api-mgt handler version properties -->
<org.apache.synapse.version>2.1.7-wso2v7</org.apache.synapse.version>
<org.apache.ws.security.wso2.version>1.5.11.wso2v15</org.apache.ws.security.wso2.version>
</properties> </properties>
</project> </project>

Loading…
Cancel
Save