Example 1 with OpenIdConnectConfiguration
use of org.wso2.carbon.apimgt.impl.kmclient.model.OpenIdConnectConfiguration in project carbon-apimgt by wso2.
the class KeyManagersApiServiceImpl method keyManagersDiscoverPost.
@Override
public Response keyManagersDiscoverPost(String url, String type, MessageContext messageContext) throws APIManagementException {
if (StringUtils.isNotEmpty(url)) {
Gson gson = new GsonBuilder().serializeNulls().create();
OpenIDConnectDiscoveryClient openIDConnectDiscoveryClient = Feign.builder().client(new ApacheFeignHttpClient(APIUtil.getHttpClient(url))).encoder(new GsonEncoder(gson)).decoder(new GsonDecoder(gson)).errorDecoder(new KMClientErrorDecoder()).target(OpenIDConnectDiscoveryClient.class, url);
OpenIdConnectConfiguration openIdConnectConfiguration = openIDConnectDiscoveryClient.getOpenIdConnectConfiguration();
if (openIdConnectConfiguration != null) {
KeyManagerWellKnownResponseDTO keyManagerWellKnownResponseDTO = KeyManagerMappingUtil.fromOpenIdConnectConfigurationToKeyManagerConfiguration(openIdConnectConfiguration);
keyManagerWellKnownResponseDTO.getValue().setWellKnownEndpoint(url);
keyManagerWellKnownResponseDTO.getValue().setType(type);
return Response.ok().entity(keyManagerWellKnownResponseDTO).build();
}
}
return Response.ok(new KeyManagerWellKnownResponseDTO()).build();
}
Also used :
KMClientErrorDecoder(org.wso2.carbon.apimgt.impl.kmclient.KMClientErrorDecoder)
GsonEncoder(feign.gson.GsonEncoder)
OpenIdConnectConfiguration(org.wso2.carbon.apimgt.impl.kmclient.model.OpenIdConnectConfiguration)
OpenIDConnectDiscoveryClient(org.wso2.carbon.apimgt.impl.kmclient.model.OpenIDConnectDiscoveryClient)
GsonBuilder(com.google.gson.GsonBuilder)
KeyManagerWellKnownResponseDTO(org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerWellKnownResponseDTO)
GsonDecoder(feign.gson.GsonDecoder)
Gson(com.google.gson.Gson)
ApacheFeignHttpClient(org.wso2.carbon.apimgt.impl.kmclient.ApacheFeignHttpClient)
Example 2 with OpenIdConnectConfiguration
use of org.wso2.carbon.apimgt.impl.kmclient.model.OpenIdConnectConfiguration in project carbon-apimgt by wso2.
the class KeyManagerMappingUtil method fromOpenIdConnectConfigurationToKeyManagerConfiguration.
public static KeyManagerWellKnownResponseDTO fromOpenIdConnectConfigurationToKeyManagerConfiguration(OpenIdConnectConfiguration openIdConnectConfiguration) {
KeyManagerWellKnownResponseDTO keyManagerWellKnownResponseDTO = new KeyManagerWellKnownResponseDTO();
if (openIdConnectConfiguration != null) {
keyManagerWellKnownResponseDTO.setValid(true);
KeyManagerDTO keyManagerDto = new KeyManagerDTO();
keyManagerDto.setIssuer(openIdConnectConfiguration.getIssuer());
keyManagerDto.setIntrospectionEndpoint(openIdConnectConfiguration.getIntrospectionEndpoint());
keyManagerDto.setClientRegistrationEndpoint(openIdConnectConfiguration.getRegistrationEndpoint());
keyManagerDto.setAuthorizeEndpoint(openIdConnectConfiguration.getAuthorizeEndpoint());
keyManagerDto.setTokenEndpoint(openIdConnectConfiguration.getTokenEndpoint());
keyManagerDto.setRevokeEndpoint(openIdConnectConfiguration.getRevokeEndpoint());
keyManagerDto.setEnabled(true);
keyManagerDto.setEnableTokenGeneration(true);
keyManagerDto.setEnableMapOAuthConsumerApps(true);
keyManagerDto.setEnableOAuthAppCreation(true);
keyManagerDto.setEnableSelfValidationJWT(true);
keyManagerDto.setAvailableGrantTypes(openIdConnectConfiguration.getGrantTypesSupported());
if (StringUtils.isNotEmpty(openIdConnectConfiguration.getJwksEndpoint())) {
KeyManagerCertificatesDTO keyManagerCertificatesDTO = new KeyManagerCertificatesDTO();
keyManagerCertificatesDTO.setType(KeyManagerCertificatesDTO.TypeEnum.JWKS);
keyManagerCertificatesDTO.setValue(openIdConnectConfiguration.getJwksEndpoint());
keyManagerDto.setCertificates(keyManagerCertificatesDTO);
}
keyManagerWellKnownResponseDTO.setValue(keyManagerDto);
}
return keyManagerWellKnownResponseDTO;
}
Also used :
KeyManagerCertificatesDTO(org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerCertificatesDTO)
KeyManagerWellKnownResponseDTO(org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerWellKnownResponseDTO)
KeyManagerDTO(org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerDTO)
Example 3 with OpenIdConnectConfiguration
use of org.wso2.carbon.apimgt.impl.kmclient.model.OpenIdConnectConfiguration in project carbon-apimgt by wso2.
the class APIUtil method getAndSetDefaultKeyManagerConfiguration.
public static KeyManagerConfigurationDTO getAndSetDefaultKeyManagerConfiguration(KeyManagerConfigurationDTO keyManagerConfigurationDTO) throws APIManagementException {
boolean clientSecretHashEnabled = ServiceReferenceHolder.getInstance().getOauthServerConfiguration().isClientSecretHashEnabled();
Set<String> availableGrantTypes = ServiceReferenceHolder.getInstance().getOauthServerConfiguration().getSupportedGrantTypes().keySet();
long validityPeriod = ServiceReferenceHolder.getInstance().getOauthServerConfiguration().getApplicationAccessTokenValidityPeriodInSeconds();
APIManagerConfigurationService config = ServiceReferenceHolder.getInstance().getAPIManagerConfigurationService();
String issuerIdentifier = OAuthServerConfiguration.getInstance().getOpenIDConnectIDTokenIssuerIdentifier();
if (config != null) {
OpenIdConnectConfiguration openIdConnectConfigurations = null;
APIManagerConfiguration apiManagerConfiguration = config.getAPIManagerConfiguration();
String keyManagerUrl;
String enableTokenEncryption = apiManagerConfiguration.getFirstProperty(APIConstants.ENCRYPT_TOKENS_ON_PERSISTENCE);
if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.AUTHSERVER_URL)) {
keyManagerConfigurationDTO.addProperty(APIConstants.AUTHSERVER_URL, apiManagerConfiguration.getFirstProperty(APIConstants.KEYMANAGER_SERVERURL));
}
keyManagerUrl = (String) keyManagerConfigurationDTO.getAdditionalProperties().get(APIConstants.AUTHSERVER_URL);
if (StringUtils.isNotEmpty(keyManagerUrl)) {
openIdConnectConfigurations = APIUtil.getOpenIdConnectConfigurations(keyManagerUrl.split("/" + APIConstants.SERVICES_URL_RELATIVE_PATH)[0].concat(getTenantAwareContext(keyManagerConfigurationDTO.getOrganization())).concat(APIConstants.KeyManager.DEFAULT_KEY_MANAGER_OPENID_CONNECT_DISCOVERY_ENDPOINT));
}
if (keyManagerConfigurationDTO.getProperty(APIConstants.KeyManager.ENABLE_TOKEN_ENCRYPTION) == null) {
keyManagerConfigurationDTO.addProperty(APIConstants.ENCRYPT_TOKENS_ON_PERSISTENCE, Boolean.parseBoolean(enableTokenEncryption));
}
if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.REVOKE_URL)) {
keyManagerConfigurationDTO.addProperty(APIConstants.REVOKE_URL, keyManagerUrl.split("/" + APIConstants.SERVICES_URL_RELATIVE_PATH)[0].concat(APIConstants.IDENTITY_REVOKE_ENDPOINT));
}
if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.TOKEN_URL)) {
keyManagerConfigurationDTO.addProperty(APIConstants.TOKEN_URL, keyManagerUrl.split("/" + APIConstants.SERVICES_URL_RELATIVE_PATH)[0].concat(APIConstants.IDENTITY_TOKEN_ENDPOINT_CONTEXT));
}
if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.KeyManager.AVAILABLE_GRANT_TYPE)) {
keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.AVAILABLE_GRANT_TYPE, new ArrayList<>(availableGrantTypes));
}
if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.KeyManager.ENABLE_TOKEN_HASH)) {
keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.ENABLE_TOKEN_HASH, clientSecretHashEnabled);
}
if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.KeyManager.ENABLE_OAUTH_APP_CREATION)) {
keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.ENABLE_OAUTH_APP_CREATION, true);
}
if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.KeyManager.ENABLE_MAP_OAUTH_CONSUMER_APPS)) {
keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.ENABLE_MAP_OAUTH_CONSUMER_APPS, isMapExistingAuthAppsEnabled());
}
if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.KeyManager.ENABLE_TOKEN_GENERATION)) {
keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.ENABLE_TOKEN_GENERATION, true);
}
if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.KeyManager.TOKEN_ENDPOINT)) {
keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.TOKEN_ENDPOINT, keyManagerConfigurationDTO.getAdditionalProperties().get(APIConstants.TOKEN_URL));
}
if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.KeyManager.REVOKE_ENDPOINT)) {
keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.REVOKE_ENDPOINT, keyManagerConfigurationDTO.getAdditionalProperties().get(APIConstants.REVOKE_URL));
}
if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.IDENTITY_OAUTH2_FIELD_VALIDITY_PERIOD)) {
keyManagerConfigurationDTO.addProperty(APIConstants.IDENTITY_OAUTH2_FIELD_VALIDITY_PERIOD, String.valueOf(validityPeriod));
}
if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.KeyManager.ENABLE_TOKEN_VALIDATION)) {
keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.ENABLE_TOKEN_VALIDATION, true);
}
if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.KeyManager.SELF_VALIDATE_JWT)) {
keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.SELF_VALIDATE_JWT, true);
}
if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.KeyManager.ISSUER)) {
if (openIdConnectConfigurations == null) {
throw new APIMgtInternalException("Error in fetching Open ID configuration.");
}
keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.ISSUER, openIdConnectConfigurations.getIssuer());
}
if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.KeyManager.CLAIM_MAPPING)) {
keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.CLAIM_MAPPING, getDefaultClaimMappings());
}
if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.KeyManager.CERTIFICATE_TYPE)) {
keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.CERTIFICATE_TYPE, APIConstants.KeyManager.CERTIFICATE_TYPE_JWKS_ENDPOINT);
}
if (!keyManagerConfigurationDTO.getAdditionalProperties().containsKey(APIConstants.KeyManager.CERTIFICATE_VALUE)) {
if (openIdConnectConfigurations != null) {
keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.CERTIFICATE_VALUE, openIdConnectConfigurations.getJwksEndpoint());
} else {
keyManagerConfigurationDTO.addProperty(APIConstants.KeyManager.CERTIFICATE_VALUE, keyManagerUrl.split("/" + APIConstants.SERVICES_URL_RELATIVE_PATH)[0].concat(getTenantAwareContext(keyManagerConfigurationDTO.getOrganization())).concat(APIConstants.KeyManager.DEFAULT_JWKS_ENDPOINT));
}
}
String defaultKeyManagerType = apiManagerConfiguration.getFirstProperty(APIConstants.DEFAULT_KEY_MANAGER_TYPE);
if (StringUtils.isNotEmpty(defaultKeyManagerType)) {
keyManagerConfigurationDTO.setType(defaultKeyManagerType);
}
}
return keyManagerConfigurationDTO;
}
Also used :
APIMgtInternalException(org.wso2.carbon.apimgt.api.APIMgtInternalException)
OpenIdConnectConfiguration(org.wso2.carbon.apimgt.impl.kmclient.model.OpenIdConnectConfiguration)
APIManagerConfiguration(org.wso2.carbon.apimgt.impl.APIManagerConfiguration)
APIManagerConfigurationService(org.wso2.carbon.apimgt.impl.APIManagerConfigurationService)
Aggregations
OpenIdConnectConfiguration (org.wso2.carbon.apimgt.impl.kmclient.model.OpenIdConnectConfiguration)2
KeyManagerWellKnownResponseDTO (org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerWellKnownResponseDTO)2
Gson (com.google.gson.Gson)1
GsonBuilder (com.google.gson.GsonBuilder)1
GsonDecoder (feign.gson.GsonDecoder)1
GsonEncoder (feign.gson.GsonEncoder)1
APIMgtInternalException (org.wso2.carbon.apimgt.api.APIMgtInternalException)1
APIManagerConfiguration (org.wso2.carbon.apimgt.impl.APIManagerConfiguration)1
APIManagerConfigurationService (org.wso2.carbon.apimgt.impl.APIManagerConfigurationService)1
ApacheFeignHttpClient (org.wso2.carbon.apimgt.impl.kmclient.ApacheFeignHttpClient)1
KMClientErrorDecoder (org.wso2.carbon.apimgt.impl.kmclient.KMClientErrorDecoder)1
OpenIDConnectDiscoveryClient (org.wso2.carbon.apimgt.impl.kmclient.model.OpenIDConnectDiscoveryClient)1
KeyManagerCertificatesDTO (org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerCertificatesDTO)1
KeyManagerDTO (org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerDTO)1
