Search in sources :

Example 6 with JWTInfoDto

use of org.wso2.carbon.apimgt.common.gateway.dto.JWTInfoDto in project carbon-apimgt by wso2.

the class MappingUtil method toJWTInfoDTO.

/**
 * Converts RegistrationSummary JWT information into JWTInfoDTO
 *
 * @param registrationSummary the registration summary required by gateway
 * @return JWTInfoDTO
 */
private static JWTInfoDTO toJWTInfoDTO(RegistrationSummary registrationSummary) {
    JWTInfoDTO jwtInfoDTO = new JWTInfoDTO();
    jwtInfoDTO.enableJWTGeneration(registrationSummary.getJwtInfo().isEnableJWTGeneration());
    jwtInfoDTO.jwtHeader(registrationSummary.getJwtInfo().getJwtHeader());
    return jwtInfoDTO;
}
Also used : JWTInfoDTO(org.wso2.carbon.apimgt.rest.api.core.dto.JWTInfoDTO)

Example 7 with JWTInfoDto

use of org.wso2.carbon.apimgt.common.gateway.dto.JWTInfoDto in project carbon-apimgt by wso2.

the class JWTValidator method getUserClaimsFromKeyManager.

private Map<String, String> getUserClaimsFromKeyManager(JWTInfoDto jwtInfoDto) {
    if (jwtConfigurationDto.isEnableUserClaimRetrievalFromUserStore()) {
        String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        JWTValidationInfo jwtValidationInfo = jwtInfoDto.getJwtValidationInfo();
        if (jwtValidationInfo != null) {
            KeyManager keyManagerInstance = KeyManagerHolder.getKeyManagerInstance(tenantDomain, jwtValidationInfo.getKeyManager());
            if (keyManagerInstance != null) {
                Map<String, Object> properties = new HashMap<>();
                if (jwtValidationInfo.getRawPayload() != null) {
                    properties.put(APIConstants.KeyManager.ACCESS_TOKEN, jwtValidationInfo.getRawPayload());
                }
                if (!StringUtils.isEmpty(jwtConfigurationDto.getConsumerDialectUri())) {
                    properties.put(APIConstants.KeyManager.CLAIM_DIALECT, jwtConfigurationDto.getConsumerDialectUri());
                }
                properties.put(APIConstants.KeyManager.BINDING_FEDERATED_USER_CLAIMS, jwtConfigurationDto.isBindFederatedUserClaims());
                try {
                    return keyManagerInstance.getUserClaims(jwtInfoDto.getEndUser(), properties);
                } catch (APIManagementException e) {
                    log.error("Error while retrieving User claims from Key Manager ", e);
                }
            }
        }
    }
    return new HashMap<>();
}
Also used : APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException) HashMap(java.util.HashMap) JSONObject(org.json.JSONObject) KeyManager(org.wso2.carbon.apimgt.api.model.KeyManager) JWTValidationInfo(org.wso2.carbon.apimgt.common.gateway.dto.JWTValidationInfo)

Example 8 with JWTInfoDto

use of org.wso2.carbon.apimgt.common.gateway.dto.JWTInfoDto in project carbon-apimgt by wso2.

the class JWTValidator method generateBackendJWTForWS.

/**
 * Generate backend JWT for WS API requests.
 *
 * @param jwtValidationInfo       JWTValidationInfo
 * @param apiKeyValidationInfoDTO APIKeyValidationInfoDTO
 * @param apiContext              API Context
 * @param apiVersion              API Version
 * @param tokenSignature          Token signature
 * @return Backend JWT String
 * @throws APISecurityException if an error ocurrs
 */
private String generateBackendJWTForWS(JWTValidationInfo jwtValidationInfo, APIKeyValidationInfoDTO apiKeyValidationInfoDTO, String apiContext, String apiVersion, String tokenSignature) throws APISecurityException {
    String endUserToken = null;
    JWTInfoDto jwtInfoDto;
    if (jwtGenerationEnabled) {
        jwtInfoDto = GatewayUtils.generateJWTInfoDto(jwtValidationInfo, apiKeyValidationInfoDTO, apiContext, apiVersion);
        endUserToken = generateAndRetrieveJWTToken(tokenSignature, jwtInfoDto);
    }
    return endUserToken;
}
Also used : JWTInfoDto(org.wso2.carbon.apimgt.common.gateway.dto.JWTInfoDto)

Example 9 with JWTInfoDto

use of org.wso2.carbon.apimgt.common.gateway.dto.JWTInfoDto in project carbon-apimgt by wso2.

the class GatewayUtils method generateJWTInfoDto.

public static JWTInfoDto generateJWTInfoDto(JSONObject subscribedAPI, JWTValidationInfo jwtValidationInfo, APIKeyValidationInfoDTO apiKeyValidationInfoDTO, org.apache.synapse.MessageContext synCtx) {
    JWTInfoDto jwtInfoDto = new JWTInfoDto();
    jwtInfoDto.setJwtValidationInfo(jwtValidationInfo);
    // jwtInfoDto.setMessageContext(synCtx);
    String apiContext = (String) synCtx.getProperty(RESTConstants.REST_API_CONTEXT);
    String apiVersion = (String) synCtx.getProperty(RESTConstants.SYNAPSE_REST_API_VERSION);
    jwtInfoDto.setApiContext(apiContext);
    jwtInfoDto.setVersion(apiVersion);
    constructJWTContent(subscribedAPI, apiKeyValidationInfoDTO, jwtInfoDto);
    return jwtInfoDto;
}
Also used : JWTInfoDto(org.wso2.carbon.apimgt.common.gateway.dto.JWTInfoDto)

Example 10 with JWTInfoDto

use of org.wso2.carbon.apimgt.common.gateway.dto.JWTInfoDto in project carbon-apimgt by wso2.

the class ApiKeyAuthenticator method generateAndRetrieveBackendJWTToken.

private String generateAndRetrieveBackendJWTToken(String tokenSignature, JWTInfoDto jwtInfoDto) throws APISecurityException {
    String endUserToken = null;
    boolean valid = false;
    String jwtTokenCacheKey = jwtInfoDto.getApiContext().concat(":").concat(jwtInfoDto.getVersion()).concat(":").concat(tokenSignature);
    if (isGatewayTokenCacheEnabled) {
        Object token = getGatewayApiKeyCache().get(jwtTokenCacheKey);
        if (token != null) {
            endUserToken = (String) token;
            String[] splitToken = ((String) token).split("\\.");
            JSONObject payload = new JSONObject(new String(Base64.getUrlDecoder().decode(splitToken[1])));
            long exp = payload.getLong("exp");
            long timestampSkew = OAuthServerConfiguration.getInstance().getTimeStampSkewInSeconds() * 1000;
            valid = (exp - System.currentTimeMillis() > timestampSkew);
        }
        if (StringUtils.isEmpty(endUserToken) || !valid) {
            try {
                endUserToken = apiMgtGatewayJWTGenerator.generateToken(jwtInfoDto);
                getGatewayApiKeyCache().put(jwtTokenCacheKey, endUserToken);
            } catch (JWTGeneratorException e) {
                log.error("Error while Generating Backend JWT", e);
                throw new APISecurityException(APISecurityConstants.API_AUTH_GENERAL_ERROR, APISecurityConstants.API_AUTH_GENERAL_ERROR_MESSAGE, e);
            }
        }
    } else {
        try {
            endUserToken = apiMgtGatewayJWTGenerator.generateToken(jwtInfoDto);
        } catch (JWTGeneratorException e) {
            log.error("Error while Generating Backend JWT", e);
            throw new APISecurityException(APISecurityConstants.API_AUTH_GENERAL_ERROR, APISecurityConstants.API_AUTH_GENERAL_ERROR_MESSAGE, e);
        }
    }
    return endUserToken;
}
Also used : APISecurityException(org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException) JSONObject(org.json.JSONObject) JSONObject(org.json.JSONObject) JWTGeneratorException(org.wso2.carbon.apimgt.common.gateway.exception.JWTGeneratorException)

Aggregations

JWTInfoDto (org.wso2.carbon.apimgt.common.gateway.dto.JWTInfoDto)6 JWTValidationInfo (org.wso2.carbon.apimgt.common.gateway.dto.JWTValidationInfo)4 APISecurityException (org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException)4 JSONObject (org.json.JSONObject)3 Axis2MessageContext (org.apache.synapse.core.axis2.Axis2MessageContext)2 APIManagementException (org.wso2.carbon.apimgt.api.APIManagementException)2 JWTGeneratorException (org.wso2.carbon.apimgt.common.gateway.exception.JWTGeneratorException)2 JWSHeader (com.nimbusds.jose.JWSHeader)1 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)1 SignedJWT (com.nimbusds.jwt.SignedJWT)1 OpenAPI (io.swagger.v3.oas.models.OpenAPI)1 ParseException (java.text.ParseException)1 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 X509Certificate (javax.security.cert.X509Certificate)1 JSONException (org.json.JSONException)1 KeyManager (org.wso2.carbon.apimgt.api.model.KeyManager)1 MethodStats (org.wso2.carbon.apimgt.gateway.MethodStats)1 JWTTokenPayloadInfo (org.wso2.carbon.apimgt.gateway.dto.JWTTokenPayloadInfo)1 AuthenticationContext (org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext)1