Example 1 with ClaimMappingDto
use of org.wso2.carbon.apimgt.common.gateway.dto.ClaimMappingDto in project carbon-apimgt by wso2.
the class APIManagerConfiguration method setJWTTokenIssuers.
private void setJWTTokenIssuers(OMElement omElement) {
Iterator tokenIssuersElement = omElement.getChildrenWithLocalName(APIConstants.TokenIssuer.TOKEN_ISSUER);
while (tokenIssuersElement.hasNext()) {
OMElement issuerElement = (OMElement) tokenIssuersElement.next();
String issuer = issuerElement.getAttributeValue(new QName("issuer"));
OMElement consumerKeyClaimElement = issuerElement.getFirstChildWithName(new QName(APIConstants.TokenIssuer.CONSUMER_KEY_CLAIM));
OMElement scopesElement = issuerElement.getFirstChildWithName(new QName(APIConstants.TokenIssuer.SCOPES_CLAIM));
TokenIssuerDto tokenIssuerDto = new TokenIssuerDto(issuer);
if (consumerKeyClaimElement != null) {
tokenIssuerDto.setConsumerKeyClaim(consumerKeyClaimElement.getText());
}
if (scopesElement != null) {
tokenIssuerDto.setScopesClaim(scopesElement.getText());
}
OMElement jwksConfiguration = issuerElement.getFirstChildWithName(new QName(APIConstants.TokenIssuer.JWKS_CONFIGURATION));
if (jwksConfiguration != null) {
JWKSConfigurationDTO jwksConfigurationDTO = tokenIssuerDto.getJwksConfigurationDTO();
jwksConfigurationDTO.setEnabled(true);
jwksConfigurationDTO.setUrl(jwksConfiguration.getFirstChildWithName(new QName(APIConstants.TokenIssuer.JWKSConfiguration.URL)).getText());
}
OMElement claimMappingsElement = issuerElement.getFirstChildWithName(new QName(APIConstants.TokenIssuer.CLAIM_MAPPINGS));
if (claimMappingsElement != null) {
OMAttribute disableDefaultClaimMappingAttribute = claimMappingsElement.getAttribute(new QName("disable-default-claim-mapping"));
if (disableDefaultClaimMappingAttribute != null) {
String disableDefaultClaimMapping = disableDefaultClaimMappingAttribute.getAttributeValue();
tokenIssuerDto.setDisableDefaultClaimMapping(Boolean.parseBoolean(disableDefaultClaimMapping));
}
Iterator claimMapping = claimMappingsElement.getChildrenWithName(new QName(APIConstants.TokenIssuer.CLAIM_MAPPING));
while (claimMapping.hasNext()) {
OMElement claim = (OMElement) claimMapping.next();
OMElement remoteClaimElement = claim.getFirstChildWithName(new QName(APIConstants.TokenIssuer.ClaimMapping.REMOTE_CLAIM));
OMElement localClaimElement = claim.getFirstChildWithName(new QName(APIConstants.TokenIssuer.ClaimMapping.LOCAL_CLAIM));
if (remoteClaimElement != null && localClaimElement != null) {
String remoteClaim = remoteClaimElement.getText();
String localClaim = localClaimElement.getText();
if (StringUtils.isNotEmpty(remoteClaim) && StringUtils.isNotEmpty(localClaim)) {
tokenIssuerDto.getClaimConfigurations().put(remoteClaim, new ClaimMappingDto(remoteClaim, localClaim));
}
}
}
}
jwtConfigurationDto.getTokenIssuerDtoMap().put(tokenIssuerDto.getIssuer(), tokenIssuerDto);
}
}
Also used :
ClaimMappingDto(org.wso2.carbon.apimgt.common.gateway.dto.ClaimMappingDto)
JWKSConfigurationDTO(org.wso2.carbon.apimgt.common.gateway.dto.JWKSConfigurationDTO)
QName(javax.xml.namespace.QName)
Iterator(java.util.Iterator)
OMElement(org.apache.axiom.om.OMElement)
TokenIssuerDto(org.wso2.carbon.apimgt.common.gateway.dto.TokenIssuerDto)
OMAttribute(org.apache.axiom.om.OMAttribute)
Example 2 with ClaimMappingDto
use of org.wso2.carbon.apimgt.common.gateway.dto.ClaimMappingDto in project carbon-apimgt by wso2.
the class APIUtil method getDefaultClaimMappings.
public static List<ClaimMappingDto> getDefaultClaimMappings() {
List<ClaimMappingDto> claimMappingDtoList = new ArrayList<>();
try (InputStream resourceAsStream = APIUtil.class.getClassLoader().getResourceAsStream("claimMappings/default-claim-mapping.json")) {
String content = IOUtils.toString(resourceAsStream);
Map<String, String> claimMapping = new Gson().fromJson(content, Map.class);
claimMapping.forEach((remoteClaim, localClaim) -> {
claimMappingDtoList.add(new ClaimMappingDto(remoteClaim, localClaim));
});
} catch (IOException e) {
log.error("Error while reading default-claim-mapping.json", e);
}
return claimMappingDtoList;
}
Also used :
ClaimMappingDto(org.wso2.carbon.apimgt.common.gateway.dto.ClaimMappingDto)
ByteArrayInputStream(java.io.ByteArrayInputStream)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
ArrayList(java.util.ArrayList)
Gson(com.google.gson.Gson)
IOException(java.io.IOException)
Example 3 with ClaimMappingDto
use of org.wso2.carbon.apimgt.common.gateway.dto.ClaimMappingDto in project carbon-apimgt by wso2.
the class DefaultJWTTransformer method transform.
@Override
public JWTClaimsSet transform(JWTClaimsSet jwtClaimsSet) {
JWTClaimsSet.Builder transformedJWT = new JWTClaimsSet.Builder();
if (tokenIssuer != null) {
Map<String, ClaimMappingDto> claimConfigurations = tokenIssuer.getClaimConfigurations();
for (Map.Entry<String, Object> claimEntry : jwtClaimsSet.getClaims().entrySet()) {
ClaimMappingDto claimMappingDto = claimConfigurations.get(claimEntry.getKey());
String claimKey = claimEntry.getKey();
if (claimMappingDto != null) {
claimKey = claimMappingDto.getLocalClaim();
}
transformedJWT.claim(claimKey, claimEntry.getValue());
}
return transformedJWT.build();
}
return jwtClaimsSet;
}
Also used :
ClaimMappingDto(org.wso2.carbon.apimgt.common.gateway.dto.ClaimMappingDto)
JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet)
Map(java.util.Map)
Example 4 with ClaimMappingDto
use of org.wso2.carbon.apimgt.common.gateway.dto.ClaimMappingDto in project carbon-apimgt by wso2.
the class KeyManagerHolder method getJWTValidator.
private static JWTValidator getJWTValidator(KeyManagerConfiguration keyManagerConfiguration, String jwtValidatorImplementation) throws APIManagementException {
Object selfValidateJWT = keyManagerConfiguration.getParameter(APIConstants.KeyManager.SELF_VALIDATE_JWT);
if (selfValidateJWT != null && (Boolean) selfValidateJWT) {
Object issuer = keyManagerConfiguration.getParameter(APIConstants.KeyManager.ISSUER);
if (issuer != null) {
TokenIssuerDto tokenIssuerDto = new TokenIssuerDto((String) issuer);
Object claimMappings = keyManagerConfiguration.getParameter(APIConstants.KeyManager.CLAIM_MAPPING);
if (claimMappings instanceof List) {
Gson gson = new Gson();
JsonElement jsonElement = gson.toJsonTree(claimMappings);
ClaimMappingDto[] claimMappingDto = gson.fromJson(jsonElement, ClaimMappingDto[].class);
tokenIssuerDto.addClaimMappings(claimMappingDto);
}
Object consumerKeyClaim = keyManagerConfiguration.getParameter(APIConstants.KeyManager.CONSUMER_KEY_CLAIM);
if (consumerKeyClaim instanceof String && StringUtils.isNotEmpty((String) consumerKeyClaim)) {
tokenIssuerDto.setConsumerKeyClaim((String) consumerKeyClaim);
}
Object scopeClaim = keyManagerConfiguration.getParameter(APIConstants.KeyManager.SCOPES_CLAIM);
if (scopeClaim instanceof String && StringUtils.isNotEmpty((String) scopeClaim)) {
tokenIssuerDto.setScopesClaim((String) scopeClaim);
}
Object jwksEndpoint = keyManagerConfiguration.getParameter(APIConstants.KeyManager.JWKS_ENDPOINT);
if (jwksEndpoint != null) {
if (StringUtils.isNotEmpty((String) jwksEndpoint)) {
JWKSConfigurationDTO jwksConfigurationDTO = new JWKSConfigurationDTO();
jwksConfigurationDTO.setEnabled(true);
jwksConfigurationDTO.setUrl((String) jwksEndpoint);
tokenIssuerDto.setJwksConfigurationDTO(jwksConfigurationDTO);
}
}
Object certificateType = keyManagerConfiguration.getParameter(APIConstants.KeyManager.CERTIFICATE_TYPE);
Object certificateValue = keyManagerConfiguration.getParameter(APIConstants.KeyManager.CERTIFICATE_VALUE);
if (certificateType != null && StringUtils.isNotEmpty((String) certificateType) && certificateValue != null && StringUtils.isNotEmpty((String) certificateValue)) {
if (APIConstants.KeyManager.CERTIFICATE_TYPE_JWKS_ENDPOINT.equals(certificateType)) {
JWKSConfigurationDTO jwksConfigurationDTO = new JWKSConfigurationDTO();
jwksConfigurationDTO.setEnabled(true);
jwksConfigurationDTO.setUrl((String) certificateValue);
tokenIssuerDto.setJwksConfigurationDTO(jwksConfigurationDTO);
} else {
X509Certificate x509Certificate = APIUtil.retrieveCertificateFromContent((String) certificateValue);
if (x509Certificate != null) {
tokenIssuerDto.setCertificate(x509Certificate);
}
}
}
JWTValidator jwtValidator;
if (StringUtils.isEmpty(jwtValidatorImplementation)) {
jwtValidator = new JWTValidatorImpl();
} else {
try {
jwtValidator = (JWTValidator) Class.forName(jwtValidatorImplementation).newInstance();
} catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
log.error("Error while initializing JWT Validator", e);
throw new APIManagementException("Error while initializing JWT Validator", e);
}
}
jwtValidator.loadTokenIssuerConfiguration(tokenIssuerDto);
return jwtValidator;
}
}
return null;
}
Also used :
ClaimMappingDto(org.wso2.carbon.apimgt.common.gateway.dto.ClaimMappingDto)
JWKSConfigurationDTO(org.wso2.carbon.apimgt.common.gateway.dto.JWKSConfigurationDTO)
JWTValidatorImpl(org.wso2.carbon.apimgt.impl.jwt.JWTValidatorImpl)
Gson(com.google.gson.Gson)
TokenIssuerDto(org.wso2.carbon.apimgt.common.gateway.dto.TokenIssuerDto)
X509Certificate(javax.security.cert.X509Certificate)
APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException)
JsonElement(com.google.gson.JsonElement)
List(java.util.List)
JWTValidator(org.wso2.carbon.apimgt.impl.jwt.JWTValidator)
Aggregations
ClaimMappingDto (org.wso2.carbon.apimgt.common.gateway.dto.ClaimMappingDto)4
Gson (com.google.gson.Gson)2
JWKSConfigurationDTO (org.wso2.carbon.apimgt.common.gateway.dto.JWKSConfigurationDTO)2
TokenIssuerDto (org.wso2.carbon.apimgt.common.gateway.dto.TokenIssuerDto)2
JsonElement (com.google.gson.JsonElement)1
JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)1
ByteArrayInputStream (java.io.ByteArrayInputStream)1
FileInputStream (java.io.FileInputStream)1
IOException (java.io.IOException)1
InputStream (java.io.InputStream)1
ArrayList (java.util.ArrayList)1
Iterator (java.util.Iterator)1
List (java.util.List)1
Map (java.util.Map)1
X509Certificate (javax.security.cert.X509Certificate)1
QName (javax.xml.namespace.QName)1
OMAttribute (org.apache.axiom.om.OMAttribute)1
OMElement (org.apache.axiom.om.OMElement)1
APIManagementException (org.wso2.carbon.apimgt.api.APIManagementException)1
JWTValidator (org.wso2.carbon.apimgt.impl.jwt.JWTValidator)1
