Search in sources :

Example 1 with ClaimsRetriever

use of org.wso2.carbon.apimgt.impl.token.ClaimsRetriever in project carbon-apimgt by wso2.

the class JWTGenerator method populateCustomClaims.

@Override
public Map<String, String> populateCustomClaims(TokenValidationContext validationContext) throws APIManagementException {
    APIManagerConfiguration apiManagerConfiguration = ServiceReferenceHolder.getInstance().getAPIManagerConfigurationService().getAPIManagerConfiguration();
    JWTConfigurationDto jwtConfigurationDto = apiManagerConfiguration.getJwtConfigurationDto();
    Map<String, String> customClaims = new HashMap<>();
    Map<String, Object> properties = new HashMap<>();
    String username = validationContext.getValidationInfoDTO().getEndUserName();
    int tenantId = APIUtil.getTenantId(username);
    if (jwtConfigurationDto.isEnableUserClaims()) {
        String accessToken = validationContext.getAccessToken();
        if (accessToken != null) {
            properties.put(APIConstants.KeyManager.ACCESS_TOKEN, accessToken);
        }
        String dialectURI = jwtConfigurationDto.getConsumerDialectUri();
        if (!StringUtils.isEmpty(dialectURI)) {
            properties.put(APIConstants.KeyManager.CLAIM_DIALECT, dialectURI);
            String keymanagerName = validationContext.getValidationInfoDTO().getKeyManager();
            KeyManager keymanager = KeyManagerHolder.getKeyManagerInstance(APIUtil.getTenantDomainFromTenantId(tenantId), keymanagerName);
            if (keymanager != null) {
                customClaims = keymanager.getUserClaims(username, properties);
                if (log.isDebugEnabled()) {
                    log.debug("Retrieved claims :" + customClaims);
                }
            }
        }
    }
    ClaimsRetriever claimsRetriever = getClaimsRetriever();
    if (claimsRetriever != null) {
        customClaims.putAll(claimsRetriever.getClaims(username));
    }
    return customClaims;
}
Also used : APIManagerConfiguration(org.wso2.carbon.apimgt.impl.APIManagerConfiguration) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) KeyManager(org.wso2.carbon.apimgt.api.model.KeyManager) ClaimsRetriever(org.wso2.carbon.apimgt.impl.token.ClaimsRetriever) JWTConfigurationDto(org.wso2.carbon.apimgt.common.gateway.dto.JWTConfigurationDto)

Example 2 with ClaimsRetriever

use of org.wso2.carbon.apimgt.impl.token.ClaimsRetriever in project carbon-apimgt by wso2.

the class JWTGenerator method populateStandardClaims.

@Override
public Map<String, String> populateStandardClaims(TokenValidationContext validationContext) throws APIManagementException {
    // generating expiring timestamp
    long currentTime = System.currentTimeMillis();
    long expireIn = currentTime + getTTL() * 1000;
    String dialect;
    ClaimsRetriever claimsRetriever = getClaimsRetriever();
    if (claimsRetriever != null) {
        dialect = claimsRetriever.getDialectURI(validationContext.getValidationInfoDTO().getEndUserName());
    } else {
        dialect = getDialectURI();
    }
    // dialect is either empty or '/' do not append a backslash. otherwise append a backslash '/'
    if (!"".equals(dialect) && !"/".equals(dialect)) {
        dialect = dialect + "/";
    }
    String subscriber = validationContext.getValidationInfoDTO().getSubscriber();
    String applicationName = validationContext.getValidationInfoDTO().getApplicationName();
    String applicationId = validationContext.getValidationInfoDTO().getApplicationId();
    String tier = validationContext.getValidationInfoDTO().getTier();
    String endUserName = validationContext.getValidationInfoDTO().getEndUserName();
    String keyType = validationContext.getValidationInfoDTO().getType();
    String userType = validationContext.getValidationInfoDTO().getUserType();
    String applicationTier = validationContext.getValidationInfoDTO().getApplicationTier();
    String enduserTenantId = String.valueOf(APIUtil.getTenantId(endUserName));
    String apiName = validationContext.getValidationInfoDTO().getApiName();
    Application application = getApplicationById(validationContext.getValidationInfoDTO().getSubscriberTenantDomain(), Integer.parseInt(applicationId));
    String uuid = null;
    Map<String, String> appAttributes = null;
    if (application != null) {
        appAttributes = application.getAttributes();
        uuid = application.getUUID();
    }
    Map<String, String> claims = new LinkedHashMap<String, String>(20);
    claims.put("iss", API_GATEWAY_ID);
    claims.put("exp", String.valueOf(expireIn));
    claims.put(dialect + "subscriber", subscriber);
    claims.put(dialect + "applicationid", applicationId);
    claims.put(dialect + "applicationname", applicationName);
    claims.put(dialect + "applicationtier", applicationTier);
    claims.put(dialect + "apiname", apiName);
    claims.put(dialect + "apicontext", validationContext.getContext());
    claims.put(dialect + "version", validationContext.getVersion());
    claims.put(dialect + "tier", tier);
    claims.put(dialect + "keytype", keyType);
    claims.put(dialect + "usertype", userType);
    claims.put(dialect + "enduser", APIUtil.getUserNameWithTenantSuffix(endUserName));
    claims.put(dialect + "enduserTenantId", enduserTenantId);
    claims.put(dialect + "applicationUUId", uuid);
    try {
        if (appAttributes != null && !appAttributes.isEmpty()) {
            String stringAppAttributes = new ObjectMapper().writeValueAsString(appAttributes);
            claims.put(dialect + "applicationAttributes", stringAppAttributes);
        }
    } catch (JsonProcessingException e) {
        log.error("Error in converting Map to String");
    }
    return claims;
}
Also used : ClaimsRetriever(org.wso2.carbon.apimgt.impl.token.ClaimsRetriever) Application(org.wso2.carbon.apimgt.keymgt.model.entity.Application) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) LinkedHashMap(java.util.LinkedHashMap)

Example 3 with ClaimsRetriever

use of org.wso2.carbon.apimgt.impl.token.ClaimsRetriever in project carbon-apimgt by wso2.

the class JWTGenerator method convertClaimMap.

protected Map<String, String> convertClaimMap(Map<ClaimMapping, String> userAttributes, String username) throws APIManagementException {
    Map<String, String> userClaims = new HashMap<>();
    Map<String, String> userClaimsCopy = new HashMap<>();
    for (Map.Entry<ClaimMapping, String> entry : userAttributes.entrySet()) {
        Claim claimObject = entry.getKey().getLocalClaim();
        if (claimObject == null) {
            claimObject = entry.getKey().getRemoteClaim();
        }
        userClaims.put(claimObject.getClaimUri(), entry.getValue());
        userClaimsCopy.put(claimObject.getClaimUri(), entry.getValue());
    }
    String convertClaimsFromOIDCtoConsumerDialect = ServiceReferenceHolder.getInstance().getAPIManagerConfigurationService().getAPIManagerConfiguration().getFirstProperty(APIConstants.CONVERT_CLAIMS_TO_CONSUMER_DIALECT);
    if (convertClaimsFromOIDCtoConsumerDialect != null && !Boolean.parseBoolean(convertClaimsFromOIDCtoConsumerDialect)) {
        return userClaims;
    }
    int tenantId = APIUtil.getTenantId(username);
    String tenantDomain = APIUtil.getTenantDomainFromTenantId(tenantId);
    String dialect;
    ClaimsRetriever claimsRetriever = getClaimsRetriever();
    if (claimsRetriever != null) {
        dialect = claimsRetriever.getDialectURI(username);
    } else {
        dialect = getDialectURI();
    }
    // (key) configuredDialectClaimURI -> (value)
    Map<String, String> configuredDialectToCarbonClaimMapping = null;
    // carbonClaimURI
    // (key) carbonClaimURI ->  value (oidcClaimURI)
    Map<String, String> carbonToOIDCclaimMapping = null;
    Set<String> claimUris = new HashSet<String>(userClaims.keySet());
    try {
        carbonToOIDCclaimMapping = new ClaimMetadataHandler().getMappingsMapFromOtherDialectToCarbon(OIDC_DIALECT_URI, claimUris, tenantDomain, true);
        configuredDialectToCarbonClaimMapping = ClaimManagerHandler.getInstance().getMappingsMapFromCarbonDialectToOther(dialect, carbonToOIDCclaimMapping.keySet(), tenantDomain);
    } catch (ClaimMetadataException e) {
        String error = "Error while mapping claims from Carbon dialect to " + OIDC_DIALECT_URI + " dialect";
        throw new APIManagementException(error, e);
    } catch (ClaimManagementException e) {
        String error = "Error while mapping claims from configured dialect to Carbon dialect";
        throw new APIManagementException(error, e);
    }
    for (Map.Entry<String, String> oidcClaimValEntry : userClaims.entrySet()) {
        for (Map.Entry<String, String> carbonToOIDCEntry : carbonToOIDCclaimMapping.entrySet()) {
            if (oidcClaimValEntry.getKey().equals(carbonToOIDCEntry.getValue())) {
                for (Map.Entry<String, String> configuredToCarbonEntry : configuredDialectToCarbonClaimMapping.entrySet()) {
                    if (configuredToCarbonEntry.getValue().equals(carbonToOIDCEntry.getKey())) {
                        userClaimsCopy.remove(oidcClaimValEntry.getKey());
                        userClaimsCopy.put(configuredToCarbonEntry.getKey(), oidcClaimValEntry.getValue());
                    }
                }
            }
        }
    }
    return userClaimsCopy;
}
Also used : ClaimMetadataException(org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) ClaimMetadataHandler(org.wso2.carbon.identity.claim.metadata.mgt.ClaimMetadataHandler) ClaimsRetriever(org.wso2.carbon.apimgt.impl.token.ClaimsRetriever) ClaimMapping(org.wso2.carbon.identity.application.common.model.ClaimMapping) APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException) ClaimManagementException(org.wso2.carbon.claim.mgt.ClaimManagementException) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) Map(java.util.Map) Claim(org.wso2.carbon.identity.application.common.model.Claim) HashSet(java.util.HashSet)

Example 4 with ClaimsRetriever

use of org.wso2.carbon.apimgt.impl.token.ClaimsRetriever in project carbon-apimgt by wso2.

the class NewAPIVersionEmailNotifierTest method testShouldNotThrowExceptionWhenRetrievingNotifiers.

@Test
public void testShouldNotThrowExceptionWhenRetrievingNotifiers() throws APIManagementException {
    NewAPIVersionEmailNotifier emailNotifier = new NewAPIVersionEmailNotifierWrapper(registry, claimsRetriever);
    ClaimsRetriever claimsRetriever = Mockito.mock(ClaimsRetriever.class);
    Mockito.doNothing().when(claimsRetriever).init();
    try {
        emailNotifier.getNotifierSet(notificationDTO);
    } catch (NotificationException e) {
        Assert.fail("Should not throw any exceptions");
    }
}
Also used : NewAPIVersionEmailNotifierWrapper(org.wso2.carbon.apimgt.impl.notification.util.NewAPIVersionEmailNotifierWrapper) NotificationException(org.wso2.carbon.apimgt.impl.notification.exception.NotificationException) ClaimsRetriever(org.wso2.carbon.apimgt.impl.token.ClaimsRetriever) Test(org.junit.Test)

Example 5 with ClaimsRetriever

use of org.wso2.carbon.apimgt.impl.token.ClaimsRetriever in project carbon-apimgt by wso2.

the class NewAPIVersionEmailNotifierTest method setup.

@Before
public void setup() {
    notifier = new NewAPIVersionEmailNotifier();
    registry = Mockito.mock(Registry.class);
    claimsRetriever = Mockito.mock(ClaimsRetriever.class);
    Subscriber subscriber = new Subscriber(ADMIN);
    Set<Subscriber> subscribersOfAPI = new HashSet<Subscriber>();
    subscribersOfAPI.add(subscriber);
    Properties properties = new Properties();
    properties.put(NotifierConstants.API_KEY, new APIIdentifier(ADMIN, API_NAME, "1.0.0"));
    properties.put(NotifierConstants.NEW_API_KEY, new APIIdentifier(ADMIN, API_NAME, "2.0.0"));
    properties.put(NotifierConstants.TITLE_KEY, "New Version");
    properties.put(NotifierConstants.SUBSCRIBERS_PER_API, subscribersOfAPI);
    properties.put(NotifierConstants.CLAIMS_RETRIEVER_IMPL_CLASS, "org.wso2.carbon.apimgt.impl.token.DefaultClaimsRetriever");
    properties.put(NotifierConstants.TEMPLATE_KEY, "<html>$1</html>");
    notificationDTO = new NotificationDTO(properties, NotifierConstants.NOTIFICATION_TYPE_NEW_VERSION);
    notificationDTO.setTenantID(TENANT_ID);
}
Also used : Subscriber(org.wso2.carbon.apimgt.api.model.Subscriber) APIIdentifier(org.wso2.carbon.apimgt.api.model.APIIdentifier) Registry(org.wso2.carbon.registry.core.Registry) ClaimsRetriever(org.wso2.carbon.apimgt.impl.token.ClaimsRetriever) Before(org.junit.Before)

Aggregations

ClaimsRetriever (org.wso2.carbon.apimgt.impl.token.ClaimsRetriever)7 LinkedHashMap (java.util.LinkedHashMap)3 NotificationException (org.wso2.carbon.apimgt.impl.notification.exception.NotificationException)3 HashMap (java.util.HashMap)2 HashSet (java.util.HashSet)2 Test (org.junit.Test)2 APIManagementException (org.wso2.carbon.apimgt.api.APIManagementException)2 Subscriber (org.wso2.carbon.apimgt.api.model.Subscriber)2 JsonProcessingException (com.fasterxml.jackson.core.JsonProcessingException)1 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)1 Map (java.util.Map)1 Set (java.util.Set)1 Before (org.junit.Before)1 APIIdentifier (org.wso2.carbon.apimgt.api.model.APIIdentifier)1 KeyManager (org.wso2.carbon.apimgt.api.model.KeyManager)1 JWTConfigurationDto (org.wso2.carbon.apimgt.common.gateway.dto.JWTConfigurationDto)1 APIManagerConfiguration (org.wso2.carbon.apimgt.impl.APIManagerConfiguration)1 NewAPIVersionEmailNotifierWrapper (org.wso2.carbon.apimgt.impl.notification.util.NewAPIVersionEmailNotifierWrapper)1 Application (org.wso2.carbon.apimgt.keymgt.model.entity.Application)1 ClaimManagementException (org.wso2.carbon.claim.mgt.ClaimManagementException)1