Example 56 with APISecurityException
use of org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException in project carbon-apimgt by wso2.
the class JWTValidator method validateSubscriptionsForWS.
/**
* This method is used to validate subscriptions for WS API requests.
*
* @param jwtValidationInfo JWTValidationInfo
* @param apiContext API Context
* @param apiVersion API Version
* @return APIKeyValidationInfoDTO
* @throws APISecurityException if an error occurs.
*/
private APIKeyValidationInfoDTO validateSubscriptionsForWS(JWTValidationInfo jwtValidationInfo, String apiContext, String apiVersion) throws APISecurityException {
log.debug("Begin subscription validation via Key Manager: " + jwtValidationInfo.getKeyManager());
APIKeyValidationInfoDTO apiKeyValidationInfoDTO = validateSubscriptionUsingKeyManager(apiContext, apiVersion, jwtValidationInfo);
if (log.isDebugEnabled()) {
log.debug("Subscription validation via Key Manager: " + jwtValidationInfo.getKeyManager() + ". Status: " + apiKeyValidationInfoDTO.isAuthorized());
}
return apiKeyValidationInfoDTO;
}
Also used :
APIKeyValidationInfoDTO(org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO)
Example 57 with APISecurityException
use of org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException in project carbon-apimgt by wso2.
the class JWTValidator method generateBackendJWTForWS.
/**
* Generate backend JWT for WS API requests.
*
* @param jwtValidationInfo JWTValidationInfo
* @param apiKeyValidationInfoDTO APIKeyValidationInfoDTO
* @param apiContext API Context
* @param apiVersion API Version
* @param tokenSignature Token signature
* @return Backend JWT String
* @throws APISecurityException if an error ocurrs
*/
private String generateBackendJWTForWS(JWTValidationInfo jwtValidationInfo, APIKeyValidationInfoDTO apiKeyValidationInfoDTO, String apiContext, String apiVersion, String tokenSignature) throws APISecurityException {
String endUserToken = null;
JWTInfoDto jwtInfoDto;
if (jwtGenerationEnabled) {
jwtInfoDto = GatewayUtils.generateJWTInfoDto(jwtValidationInfo, apiKeyValidationInfoDTO, apiContext, apiVersion);
endUserToken = generateAndRetrieveJWTToken(tokenSignature, jwtInfoDto);
}
return endUserToken;
}
Also used :
JWTInfoDto(org.wso2.carbon.apimgt.common.gateway.dto.JWTInfoDto)
Example 58 with APISecurityException
use of org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException in project carbon-apimgt by wso2.
the class HandshakeProcessor method processHandshake.
/**
* This method process websocket handshake and perform authentication using the inbound message context.
* For successful authentications, it sets the resource map of the invoking API to the context.
*
* @param inboundMessageContext InboundMessageContext
* @return InboundProcessorResponseDTO with handshake processing response
*/
public InboundProcessorResponseDTO processHandshake(InboundMessageContext inboundMessageContext) {
if (log.isDebugEnabled()) {
log.debug("Processing handshake message for inbound websocket context: " + inboundMessageContext.getApiContext());
}
InboundProcessorResponseDTO inboundProcessorResponseDTO = new InboundProcessorResponseDTO();
boolean isOAuthHeaderValid;
try {
isOAuthHeaderValid = InboundWebsocketProcessorUtil.isAuthenticated(inboundMessageContext);
} catch (APIManagementException e) {
log.error(WebSocketApiConstants.HandshakeErrorConstants.API_AUTH_GENERAL_MESSAGE, e);
return InboundWebsocketProcessorUtil.getHandshakeErrorDTO(WebSocketApiConstants.HandshakeErrorConstants.API_AUTH_ERROR, WebSocketApiConstants.HandshakeErrorConstants.API_AUTH_GENERAL_MESSAGE);
} catch (APISecurityException e) {
log.error(e);
return InboundWebsocketProcessorUtil.getHandshakeErrorDTO(WebSocketApiConstants.HandshakeErrorConstants.API_AUTH_ERROR, e.getMessage());
}
if (isOAuthHeaderValid) {
if (log.isDebugEnabled()) {
log.debug("Handshake authentication success for inbound websocket context: " + inboundMessageContext.getApiContext() + " Setting ResourceInfoDTOs of elected API " + "to inbound message context");
}
setResourcesMapToContext(inboundMessageContext);
} else {
log.error("Authentication failed for " + inboundMessageContext.getApiContext());
return InboundWebsocketProcessorUtil.getHandshakeErrorDTO(WebSocketApiConstants.HandshakeErrorConstants.API_AUTH_ERROR, WebSocketApiConstants.HandshakeErrorConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
}
return inboundProcessorResponseDTO;
}
Also used :
APISecurityException(org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException)
APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException)
InboundProcessorResponseDTO(org.wso2.carbon.apimgt.gateway.inbound.websocket.InboundProcessorResponseDTO)
Example 59 with APISecurityException
use of org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException in project carbon-apimgt by wso2.
the class APIKeyValidatorTestCase method testCheckForValidTokenForTenant.
// Test for first time invocation for valid token for Tenant
// Expectation : token need to put into token cache at super tenant,tenant and put @APIKeyValidationInfoDTO to cache
@Test
public void testCheckForValidTokenForTenant() throws APISecurityException {
try {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain("abc.com");
String tenantDomain = "abc.com";
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(1);
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername("admin");
APIKeyValidationInfoDTO apiKeyValidationInfoDTO = new APIKeyValidationInfoDTO();
apiKeyValidationInfoDTO.setAuthorized(true);
AxisConfiguration axisConfiguration = Mockito.mock(AxisConfiguration.class);
Cache tokenCache = Mockito.mock(Cache.class);
Cache keyCache = Mockito.mock(Cache.class);
Cache resourceCache = Mockito.mock(Cache.class);
Cache invalidTokenCache = Mockito.mock(Cache.class);
APIKeyDataStore apiKeyDataStore = Mockito.mock(APIKeyDataStore.class);
APIKeyValidator apiKeyValidator = getAPIKeyValidator(axisConfiguration, invalidTokenCache, tokenCache, keyCache, resourceCache, apiKeyDataStore, "abc.com");
Mockito.when(tokenCache.get(Mockito.anyString())).thenReturn(null);
Mockito.when(invalidTokenCache.get(Mockito.anyString())).thenReturn(null);
Mockito.when(apiKeyDataStore.getAPIKeyData(context, apiVersion, apiKey, authenticationScheme, matchingResource, httpVerb, tenantDomain, new ArrayList<>())).thenReturn(apiKeyValidationInfoDTO);
apiKeyValidator.getKeyValidationInfo(context, apiKey, apiVersion, authenticationScheme, matchingResource, httpVerb, defaultVersionInvoked, new ArrayList<>());
Mockito.verify(tokenCache, Mockito.times(1)).get(Mockito.anyString());
Mockito.verify(invalidTokenCache, Mockito.times(1)).get(Mockito.anyString());
Mockito.verify(keyCache, Mockito.times(0)).get(Mockito.anyString());
Mockito.verify(tokenCache, Mockito.times(2)).put(Mockito.anyString(), Mockito.anyString());
Mockito.verify(keyCache, Mockito.times(1)).put(Mockito.any(APIKeyValidationInfoDTO.class), Mockito.anyString());
Mockito.verify(invalidTokenCache, Mockito.times(0)).put(Mockito.anyString(), Mockito.anyString());
Mockito.verify(tokenCache, Mockito.times(0)).remove(Mockito.anyString());
Mockito.verify(invalidTokenCache, Mockito.times(0)).remove(Mockito.anyString());
Mockito.verify(keyCache, Mockito.times(0)).remove(Mockito.anyString());
Mockito.verify(apiKeyDataStore, Mockito.times(1)).getAPIKeyData(context, apiVersion, apiKey, authenticationScheme, matchingResource, httpVerb, tenantDomain, new ArrayList<>());
} finally {
PrivilegedCarbonContext.endTenantFlow();
}
}
Also used :
AxisConfiguration(org.apache.axis2.engine.AxisConfiguration)
WSAPIKeyDataStore(org.wso2.carbon.apimgt.gateway.handlers.security.keys.WSAPIKeyDataStore)
APIKeyDataStore(org.wso2.carbon.apimgt.gateway.handlers.security.keys.APIKeyDataStore)
APIKeyValidationInfoDTO(org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO)
Cache(javax.cache.Cache)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Test(org.junit.Test)
Example 60 with APISecurityException
use of org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException in project carbon-apimgt by wso2.
the class APIKeyValidatorTestCase method testCheckForExpiredTokenWhileTokenInCache.
// Token is expired in cache
// Expectation : token get from token cache then get from key cache check token is expiry
// remove from key cache remove from token cache put into invalid token cache
@Test
public void testCheckForExpiredTokenWhileTokenInCache() throws APISecurityException {
try {
String tenantDomain = "carbon.super";
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID);
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername("admin");
APIKeyValidationInfoDTO apiKeyValidationInfoDTO = new APIKeyValidationInfoDTO();
apiKeyValidationInfoDTO.setAuthorized(true);
PowerMockito.when(APIUtil.isAccessTokenExpired(apiKeyValidationInfoDTO)).thenReturn(true);
AxisConfiguration axisConfiguration = Mockito.mock(AxisConfiguration.class);
Cache tokenCache = Mockito.mock(Cache.class);
Cache keyCache = Mockito.mock(Cache.class);
Cache resourceCache = Mockito.mock(Cache.class);
Cache invalidTokenCache = Mockito.mock(Cache.class);
APIKeyDataStore apiKeyDataStore = Mockito.mock(APIKeyDataStore.class);
APIKeyValidator apiKeyValidator = getAPIKeyValidator(axisConfiguration, invalidTokenCache, tokenCache, keyCache, resourceCache, apiKeyDataStore, "abc.com");
Mockito.when(tokenCache.get(Mockito.anyString())).thenReturn("carbon.super");
Mockito.when(keyCache.get(Mockito.anyString())).thenReturn(apiKeyValidationInfoDTO);
Mockito.when(apiKeyDataStore.getAPIKeyData(context, apiVersion, apiKey, authenticationScheme, matchingResource, httpVerb, tenantDomain, new ArrayList<>())).thenReturn(apiKeyValidationInfoDTO);
apiKeyValidator.getKeyValidationInfo(context, apiKey, apiVersion, authenticationScheme, matchingResource, httpVerb, defaultVersionInvoked, new ArrayList<>());
Mockito.verify(tokenCache, Mockito.times(1)).get(Mockito.anyString());
Mockito.verify(invalidTokenCache, Mockito.times(0)).get(Mockito.anyString());
Mockito.verify(keyCache, Mockito.times(1)).get(Mockito.anyString());
Mockito.verify(tokenCache, Mockito.times(0)).put(Mockito.anyString(), Mockito.anyString());
Mockito.verify(keyCache, Mockito.times(0)).put(Mockito.any(APIKeyValidationInfoDTO.class), Mockito.anyString());
Mockito.verify(invalidTokenCache, Mockito.times(1)).put(Mockito.anyString(), Mockito.anyString());
Mockito.verify(tokenCache, Mockito.times(1)).remove(Mockito.anyString());
Mockito.verify(invalidTokenCache, Mockito.times(0)).remove(Mockito.anyString());
Mockito.verify(keyCache, Mockito.times(1)).remove(Mockito.anyString());
Mockito.verify(apiKeyDataStore, Mockito.times(0)).getAPIKeyData(context, apiVersion, apiKey, authenticationScheme, matchingResource, httpVerb, tenantDomain, new ArrayList<>());
} finally {
PrivilegedCarbonContext.endTenantFlow();
}
}
Also used :
AxisConfiguration(org.apache.axis2.engine.AxisConfiguration)
WSAPIKeyDataStore(org.wso2.carbon.apimgt.gateway.handlers.security.keys.WSAPIKeyDataStore)
APIKeyDataStore(org.wso2.carbon.apimgt.gateway.handlers.security.keys.APIKeyDataStore)
APIKeyValidationInfoDTO(org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO)
Cache(javax.cache.Cache)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Test(org.junit.Test)
Aggregations
APISecurityException (org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException)34
Test (org.junit.Test)28
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)28
APIKeyValidationInfoDTO (org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO)28
Axis2MessageContext (org.apache.synapse.core.axis2.Axis2MessageContext)26
Cache (javax.cache.Cache)22
AuthenticationContext (org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext)16
JWTValidationInfo (org.wso2.carbon.apimgt.common.gateway.dto.JWTValidationInfo)15
APIKeyValidator (org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator)15
MessageContext (org.apache.synapse.MessageContext)14
APIManagerConfiguration (org.wso2.carbon.apimgt.impl.APIManagerConfiguration)14
SignedJWTInfo (org.wso2.carbon.apimgt.impl.jwt.SignedJWTInfo)12
SignedJWT (com.nimbusds.jwt.SignedJWT)11
HashMap (java.util.HashMap)11
VerbInfoDTO (org.wso2.carbon.apimgt.impl.dto.VerbInfoDTO)11
ArrayList (java.util.ArrayList)10
APIManagementException (org.wso2.carbon.apimgt.api.APIManagementException)10
ExtendedJWTConfigurationDto (org.wso2.carbon.apimgt.impl.dto.ExtendedJWTConfigurationDto)10
JWTValidationService (org.wso2.carbon.apimgt.impl.jwt.JWTValidationService)10
TokenValidationContext (org.wso2.carbon.apimgt.keymgt.service.TokenValidationContext)10
