use of org.wso2.carbon.apimgt.impl.jwt.SignedJWTInfo in project carbon-apimgt by wso2.
the class JWTValidator method authenticateForWebSocket.
/**
* Authenticates the given WebSocket handshake request with a JWT token to see if an API consumer is allowed to
* access a particular API or not.
*
* @param signedJWTInfo The JWT token sent with the API request
* @param apiContext The context of the invoked API
* @param apiVersion The version of the invoked API
* @param matchingResource template of matching api resource
* @return an AuthenticationContext object which contains the authentication information
* @throws APISecurityException in case of authentication failure
*/
@MethodStats
public AuthenticationContext authenticateForWebSocket(SignedJWTInfo signedJWTInfo, String apiContext, String apiVersion, String matchingResource) throws APISecurityException {
String tokenSignature = signedJWTInfo.getSignedJWT().getSignature().toString();
JWTClaimsSet jwtClaimsSet = signedJWTInfo.getJwtClaimsSet();
String jti = getJWTTokenIdentifier(signedJWTInfo);
JWTValidationInfo jwtValidationInfo = validateTokenForWS(signedJWTInfo, tokenSignature, jti);
if (jwtValidationInfo != null && jwtValidationInfo.isValid()) {
APIKeyValidationInfoDTO apiKeyValidationInfoDTO = validateSubscriptionsForWS(jwtValidationInfo, apiContext, apiVersion);
if (apiKeyValidationInfoDTO.isAuthorized()) {
validateScopes(apiContext, apiVersion, matchingResource, WebSocketApiConstants.WEBSOCKET_DUMMY_HTTP_METHOD_NAME, jwtValidationInfo, signedJWTInfo);
log.debug("JWT authentication successful. user: " + apiKeyValidationInfoDTO.getEndUserName());
String endUserToken = generateBackendJWTForWS(jwtValidationInfo, apiKeyValidationInfoDTO, apiContext, apiVersion, tokenSignature);
return generateAuthenticationContextForWS(jti, jwtValidationInfo, apiKeyValidationInfoDTO, endUserToken, apiVersion);
} else {
String message = "User is NOT authorized to access the Resource. API Subscription validation failed.";
log.debug(message);
throw new APISecurityException(apiKeyValidationInfoDTO.getValidationStatus(), message);
}
} else if (!jwtValidationInfo.isValid()) {
throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, "Invalid JWT token");
}
throw new APISecurityException(APISecurityConstants.API_AUTH_GENERAL_ERROR, APISecurityConstants.API_AUTH_GENERAL_ERROR_MESSAGE);
}
use of org.wso2.carbon.apimgt.impl.jwt.SignedJWTInfo in project carbon-apimgt by wso2.
the class OAuthAuthenticator method getSignedJwt.
private SignedJWTInfo getSignedJwt(String accessToken) throws ParseException {
String signature = accessToken.split("\\.")[2];
SignedJWTInfo signedJWTInfo = null;
Cache gatewaySignedJWTParseCache = CacheProvider.getGatewaySignedJWTParseCache();
if (gatewaySignedJWTParseCache != null) {
Object cachedEntry = gatewaySignedJWTParseCache.get(signature);
if (cachedEntry != null) {
signedJWTInfo = (SignedJWTInfo) cachedEntry;
}
if (signedJWTInfo == null || !signedJWTInfo.getToken().equals(accessToken)) {
SignedJWT signedJWT = SignedJWT.parse(accessToken);
JWTClaimsSet jwtClaimsSet = signedJWT.getJWTClaimsSet();
signedJWTInfo = new SignedJWTInfo(accessToken, signedJWT, jwtClaimsSet);
gatewaySignedJWTParseCache.put(signature, signedJWTInfo);
}
} else {
SignedJWT signedJWT = SignedJWT.parse(accessToken);
JWTClaimsSet jwtClaimsSet = signedJWT.getJWTClaimsSet();
signedJWTInfo = new SignedJWTInfo(accessToken, signedJWT, jwtClaimsSet);
}
return signedJWTInfo;
}
Aggregations