Search in sources :

Example 31 with SignedJWTInfo

use of org.wso2.carbon.apimgt.impl.jwt.SignedJWTInfo in project carbon-apimgt by wso2.

the class JWTValidator method authenticateForWebSocket.

/**
 * Authenticates the given WebSocket handshake request with a JWT token to see if an API consumer is allowed to
 * access a particular API or not.
 *
 * @param signedJWTInfo    The JWT token sent with the API request
 * @param apiContext       The context of the invoked API
 * @param apiVersion       The version of the invoked API
 * @param matchingResource template of matching api resource
 * @return an AuthenticationContext object which contains the authentication information
 * @throws APISecurityException in case of authentication failure
 */
@MethodStats
public AuthenticationContext authenticateForWebSocket(SignedJWTInfo signedJWTInfo, String apiContext, String apiVersion, String matchingResource) throws APISecurityException {
    String tokenSignature = signedJWTInfo.getSignedJWT().getSignature().toString();
    JWTClaimsSet jwtClaimsSet = signedJWTInfo.getJwtClaimsSet();
    String jti = getJWTTokenIdentifier(signedJWTInfo);
    JWTValidationInfo jwtValidationInfo = validateTokenForWS(signedJWTInfo, tokenSignature, jti);
    if (jwtValidationInfo != null && jwtValidationInfo.isValid()) {
        APIKeyValidationInfoDTO apiKeyValidationInfoDTO = validateSubscriptionsForWS(jwtValidationInfo, apiContext, apiVersion);
        if (apiKeyValidationInfoDTO.isAuthorized()) {
            validateScopes(apiContext, apiVersion, matchingResource, WebSocketApiConstants.WEBSOCKET_DUMMY_HTTP_METHOD_NAME, jwtValidationInfo, signedJWTInfo);
            log.debug("JWT authentication successful. user: " + apiKeyValidationInfoDTO.getEndUserName());
            String endUserToken = generateBackendJWTForWS(jwtValidationInfo, apiKeyValidationInfoDTO, apiContext, apiVersion, tokenSignature);
            return generateAuthenticationContextForWS(jti, jwtValidationInfo, apiKeyValidationInfoDTO, endUserToken, apiVersion);
        } else {
            String message = "User is NOT authorized to access the Resource. API Subscription validation failed.";
            log.debug(message);
            throw new APISecurityException(apiKeyValidationInfoDTO.getValidationStatus(), message);
        }
    } else if (!jwtValidationInfo.isValid()) {
        throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, "Invalid JWT token");
    }
    throw new APISecurityException(APISecurityConstants.API_AUTH_GENERAL_ERROR, APISecurityConstants.API_AUTH_GENERAL_ERROR_MESSAGE);
}
Also used : APISecurityException(org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException) JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) APIKeyValidationInfoDTO(org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO) JWTValidationInfo(org.wso2.carbon.apimgt.common.gateway.dto.JWTValidationInfo) MethodStats(org.wso2.carbon.apimgt.gateway.MethodStats)

Example 32 with SignedJWTInfo

use of org.wso2.carbon.apimgt.impl.jwt.SignedJWTInfo in project carbon-apimgt by wso2.

the class OAuthAuthenticator method getSignedJwt.

private SignedJWTInfo getSignedJwt(String accessToken) throws ParseException {
    String signature = accessToken.split("\\.")[2];
    SignedJWTInfo signedJWTInfo = null;
    Cache gatewaySignedJWTParseCache = CacheProvider.getGatewaySignedJWTParseCache();
    if (gatewaySignedJWTParseCache != null) {
        Object cachedEntry = gatewaySignedJWTParseCache.get(signature);
        if (cachedEntry != null) {
            signedJWTInfo = (SignedJWTInfo) cachedEntry;
        }
        if (signedJWTInfo == null || !signedJWTInfo.getToken().equals(accessToken)) {
            SignedJWT signedJWT = SignedJWT.parse(accessToken);
            JWTClaimsSet jwtClaimsSet = signedJWT.getJWTClaimsSet();
            signedJWTInfo = new SignedJWTInfo(accessToken, signedJWT, jwtClaimsSet);
            gatewaySignedJWTParseCache.put(signature, signedJWTInfo);
        }
    } else {
        SignedJWT signedJWT = SignedJWT.parse(accessToken);
        JWTClaimsSet jwtClaimsSet = signedJWT.getJWTClaimsSet();
        signedJWTInfo = new SignedJWTInfo(accessToken, signedJWT, jwtClaimsSet);
    }
    return signedJWTInfo;
}
Also used : JWTClaimsSet(com.nimbusds.jwt.JWTClaimsSet) SignedJWT(com.nimbusds.jwt.SignedJWT) SignedJWTInfo(org.wso2.carbon.apimgt.impl.jwt.SignedJWTInfo) Cache(javax.cache.Cache)

Aggregations

JWTValidationInfo (org.wso2.carbon.apimgt.common.gateway.dto.JWTValidationInfo)22 SignedJWTInfo (org.wso2.carbon.apimgt.impl.jwt.SignedJWTInfo)18 SignedJWT (com.nimbusds.jwt.SignedJWT)15 APISecurityException (org.wso2.carbon.apimgt.gateway.handlers.security.APISecurityException)15 APIKeyValidationInfoDTO (org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO)15 Cache (javax.cache.Cache)12 Axis2MessageContext (org.apache.synapse.core.axis2.Axis2MessageContext)12 APIKeyValidator (org.wso2.carbon.apimgt.gateway.handlers.security.APIKeyValidator)11 AuthenticationContext (org.wso2.carbon.apimgt.gateway.handlers.security.AuthenticationContext)11 HashMap (java.util.HashMap)10 Test (org.junit.Test)10 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)10 ExtendedJWTConfigurationDto (org.wso2.carbon.apimgt.impl.dto.ExtendedJWTConfigurationDto)10 JWTValidationService (org.wso2.carbon.apimgt.impl.jwt.JWTValidationService)10 TokenValidationContext (org.wso2.carbon.apimgt.keymgt.service.TokenValidationContext)10 JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)9 MessageContext (org.apache.synapse.MessageContext)9 APIManagerConfiguration (org.wso2.carbon.apimgt.impl.APIManagerConfiguration)9 APIManagementException (org.wso2.carbon.apimgt.api.APIManagementException)7 ParseException (java.text.ParseException)6