use of org.wso2.carbon.apimgt.common.gateway.dto.JWTInfoDto in project carbon-apimgt by wso2.
the class MappingUtil method toJWTInfoDTO.
/**
* Converts RegistrationSummary JWT information into JWTInfoDTO
*
* @param registrationSummary the registration summary required by gateway
* @return JWTInfoDTO
*/
private static JWTInfoDTO toJWTInfoDTO(RegistrationSummary registrationSummary) {
JWTInfoDTO jwtInfoDTO = new JWTInfoDTO();
jwtInfoDTO.enableJWTGeneration(registrationSummary.getJwtInfo().isEnableJWTGeneration());
jwtInfoDTO.jwtHeader(registrationSummary.getJwtInfo().getJwtHeader());
return jwtInfoDTO;
}
use of org.wso2.carbon.apimgt.common.gateway.dto.JWTInfoDto in project carbon-apimgt by wso2.
the class JWTValidator method getUserClaimsFromKeyManager.
private Map<String, String> getUserClaimsFromKeyManager(JWTInfoDto jwtInfoDto) {
if (jwtConfigurationDto.isEnableUserClaimRetrievalFromUserStore()) {
String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
JWTValidationInfo jwtValidationInfo = jwtInfoDto.getJwtValidationInfo();
if (jwtValidationInfo != null) {
KeyManager keyManagerInstance = KeyManagerHolder.getKeyManagerInstance(tenantDomain, jwtValidationInfo.getKeyManager());
if (keyManagerInstance != null) {
Map<String, Object> properties = new HashMap<>();
if (jwtValidationInfo.getRawPayload() != null) {
properties.put(APIConstants.KeyManager.ACCESS_TOKEN, jwtValidationInfo.getRawPayload());
}
if (!StringUtils.isEmpty(jwtConfigurationDto.getConsumerDialectUri())) {
properties.put(APIConstants.KeyManager.CLAIM_DIALECT, jwtConfigurationDto.getConsumerDialectUri());
}
properties.put(APIConstants.KeyManager.BINDING_FEDERATED_USER_CLAIMS, jwtConfigurationDto.isBindFederatedUserClaims());
try {
return keyManagerInstance.getUserClaims(jwtInfoDto.getEndUser(), properties);
} catch (APIManagementException e) {
log.error("Error while retrieving User claims from Key Manager ", e);
}
}
}
}
return new HashMap<>();
}
use of org.wso2.carbon.apimgt.common.gateway.dto.JWTInfoDto in project carbon-apimgt by wso2.
the class JWTValidator method generateBackendJWTForWS.
/**
* Generate backend JWT for WS API requests.
*
* @param jwtValidationInfo JWTValidationInfo
* @param apiKeyValidationInfoDTO APIKeyValidationInfoDTO
* @param apiContext API Context
* @param apiVersion API Version
* @param tokenSignature Token signature
* @return Backend JWT String
* @throws APISecurityException if an error ocurrs
*/
private String generateBackendJWTForWS(JWTValidationInfo jwtValidationInfo, APIKeyValidationInfoDTO apiKeyValidationInfoDTO, String apiContext, String apiVersion, String tokenSignature) throws APISecurityException {
String endUserToken = null;
JWTInfoDto jwtInfoDto;
if (jwtGenerationEnabled) {
jwtInfoDto = GatewayUtils.generateJWTInfoDto(jwtValidationInfo, apiKeyValidationInfoDTO, apiContext, apiVersion);
endUserToken = generateAndRetrieveJWTToken(tokenSignature, jwtInfoDto);
}
return endUserToken;
}
use of org.wso2.carbon.apimgt.common.gateway.dto.JWTInfoDto in project carbon-apimgt by wso2.
the class GatewayUtils method generateJWTInfoDto.
public static JWTInfoDto generateJWTInfoDto(JSONObject subscribedAPI, JWTValidationInfo jwtValidationInfo, APIKeyValidationInfoDTO apiKeyValidationInfoDTO, org.apache.synapse.MessageContext synCtx) {
JWTInfoDto jwtInfoDto = new JWTInfoDto();
jwtInfoDto.setJwtValidationInfo(jwtValidationInfo);
// jwtInfoDto.setMessageContext(synCtx);
String apiContext = (String) synCtx.getProperty(RESTConstants.REST_API_CONTEXT);
String apiVersion = (String) synCtx.getProperty(RESTConstants.SYNAPSE_REST_API_VERSION);
jwtInfoDto.setApiContext(apiContext);
jwtInfoDto.setVersion(apiVersion);
constructJWTContent(subscribedAPI, apiKeyValidationInfoDTO, jwtInfoDto);
return jwtInfoDto;
}
use of org.wso2.carbon.apimgt.common.gateway.dto.JWTInfoDto in project carbon-apimgt by wso2.
the class ApiKeyAuthenticator method generateAndRetrieveBackendJWTToken.
private String generateAndRetrieveBackendJWTToken(String tokenSignature, JWTInfoDto jwtInfoDto) throws APISecurityException {
String endUserToken = null;
boolean valid = false;
String jwtTokenCacheKey = jwtInfoDto.getApiContext().concat(":").concat(jwtInfoDto.getVersion()).concat(":").concat(tokenSignature);
if (isGatewayTokenCacheEnabled) {
Object token = getGatewayApiKeyCache().get(jwtTokenCacheKey);
if (token != null) {
endUserToken = (String) token;
String[] splitToken = ((String) token).split("\\.");
JSONObject payload = new JSONObject(new String(Base64.getUrlDecoder().decode(splitToken[1])));
long exp = payload.getLong("exp");
long timestampSkew = OAuthServerConfiguration.getInstance().getTimeStampSkewInSeconds() * 1000;
valid = (exp - System.currentTimeMillis() > timestampSkew);
}
if (StringUtils.isEmpty(endUserToken) || !valid) {
try {
endUserToken = apiMgtGatewayJWTGenerator.generateToken(jwtInfoDto);
getGatewayApiKeyCache().put(jwtTokenCacheKey, endUserToken);
} catch (JWTGeneratorException e) {
log.error("Error while Generating Backend JWT", e);
throw new APISecurityException(APISecurityConstants.API_AUTH_GENERAL_ERROR, APISecurityConstants.API_AUTH_GENERAL_ERROR_MESSAGE, e);
}
}
} else {
try {
endUserToken = apiMgtGatewayJWTGenerator.generateToken(jwtInfoDto);
} catch (JWTGeneratorException e) {
log.error("Error while Generating Backend JWT", e);
throw new APISecurityException(APISecurityConstants.API_AUTH_GENERAL_ERROR, APISecurityConstants.API_AUTH_GENERAL_ERROR_MESSAGE, e);
}
}
return endUserToken;
}
Aggregations