Examples with SignedJWTInfo org.wso2.carbon.apimgt.impl.jwt.SignedJWTInfo used on opensource projects

Example 31 with SignedJWTInfo

use of org.wso2.carbon.apimgt.impl.jwt.SignedJWTInfo in project carbon-apimgt by wso2.

the class JWTValidator method authenticateForWebSocket.

/**
 * Authenticates the given WebSocket handshake request with a JWT token to see if an API consumer is allowed to
 * access a particular API or not.
 *
 * @param signedJWTInfo    The JWT token sent with the API request
 * @param apiContext       The context of the invoked API
 * @param apiVersion       The version of the invoked API
 * @param matchingResource template of matching api resource
 * @return an AuthenticationContext object which contains the authentication information
 * @throws APISecurityException in case of authentication failure
 */
@MethodStats
public AuthenticationContext authenticateForWebSocket(SignedJWTInfo signedJWTInfo, String apiContext, String apiVersion, String matchingResource) throws APISecurityException {
    String tokenSignature = signedJWTInfo.getSignedJWT().getSignature().toString();
    JWTClaimsSet jwtClaimsSet = signedJWTInfo.getJwtClaimsSet();
    String jti = getJWTTokenIdentifier(signedJWTInfo);
    JWTValidationInfo jwtValidationInfo = validateTokenForWS(signedJWTInfo, tokenSignature, jti);
    if (jwtValidationInfo != null && jwtValidationInfo.isValid()) {
        APIKeyValidationInfoDTO apiKeyValidationInfoDTO = validateSubscriptionsForWS(jwtValidationInfo, apiContext, apiVersion);
        if (apiKeyValidationInfoDTO.isAuthorized()) {
            validateScopes(apiContext, apiVersion, matchingResource, WebSocketApiConstants.WEBSOCKET_DUMMY_HTTP_METHOD_NAME, jwtValidationInfo, signedJWTInfo);
            log.debug("JWT authentication successful. user: " + apiKeyValidationInfoDTO.getEndUserName());
            String endUserToken = generateBackendJWTForWS(jwtValidationInfo, apiKeyValidationInfoDTO, apiContext, apiVersion, tokenSignature);
            return generateAuthenticationContextForWS(jti, jwtValidationInfo, apiKeyValidationInfoDTO, endUserToken, apiVersion);
        } else {
            String message = "User is NOT authorized to access the Resource. API Subscription validation failed.";
            log.debug(message);
            throw new APISecurityException(apiKeyValidationInfoDTO.getValidationStatus(), message);
        }
    } else if (!jwtValidationInfo.isValid()) {
        throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, "Invalid JWT token");
    }
    throw new APISecurityException(APISecurityConstants.API_AUTH_GENERAL_ERROR, APISecurityConstants.API_AUTH_GENERAL_ERROR_MESSAGE);
}

Example 32 with SignedJWTInfo

use of org.wso2.carbon.apimgt.impl.jwt.SignedJWTInfo in project carbon-apimgt by wso2.

the class OAuthAuthenticator method getSignedJwt.

private SignedJWTInfo getSignedJwt(String accessToken) throws ParseException {
    String signature = accessToken.split("\\.")[2];
    SignedJWTInfo signedJWTInfo = null;
    Cache gatewaySignedJWTParseCache = CacheProvider.getGatewaySignedJWTParseCache();
    if (gatewaySignedJWTParseCache != null) {
        Object cachedEntry = gatewaySignedJWTParseCache.get(signature);
        if (cachedEntry != null) {
            signedJWTInfo = (SignedJWTInfo) cachedEntry;
        }
        if (signedJWTInfo == null || !signedJWTInfo.getToken().equals(accessToken)) {
            SignedJWT signedJWT = SignedJWT.parse(accessToken);
            JWTClaimsSet jwtClaimsSet = signedJWT.getJWTClaimsSet();
            signedJWTInfo = new SignedJWTInfo(accessToken, signedJWT, jwtClaimsSet);
            gatewaySignedJWTParseCache.put(signature, signedJWTInfo);
        }
    } else {
        SignedJWT signedJWT = SignedJWT.parse(accessToken);
        JWTClaimsSet jwtClaimsSet = signedJWT.getJWTClaimsSet();
        signedJWTInfo = new SignedJWTInfo(accessToken, signedJWT, jwtClaimsSet);
    }
    return signedJWTInfo;
}