Search in sources :

Example 1 with KeyValidationHandler

use of org.wso2.carbon.apimgt.keymgt.handlers.KeyValidationHandler in project carbon-apimgt by wso2.

the class APIKeyValidationService method validateKeyForHandshake.

/**
 * Validate access token for websocket handshake
 *
 * @param context          context of the API
 * @param version          version of the API
 * @param accessToken      access token of the request
 * @param tenantDomain
 * @param keyManagers
 * @return
 * @throws APIKeyMgtException
 * @throws APIManagementException
 */
public APIKeyValidationInfoDTO validateKeyForHandshake(String context, String version, String accessToken, String tenantDomain, List<String> keyManagers) throws APIKeyMgtException, APIManagementException {
    APIKeyValidationInfoDTO info = new APIKeyValidationInfoDTO();
    info.setAuthorized(false);
    TokenValidationContext validationContext = new TokenValidationContext();
    validationContext.setAccessToken(accessToken);
    validationContext.setContext(context);
    validationContext.setValidationInfoDTO(new APIKeyValidationInfoDTO());
    validationContext.setVersion(version);
    validationContext.setTenantDomain(tenantDomain);
    validationContext.setRequiredAuthenticationLevel("Any");
    validationContext.setKeyManagers(keyManagers);
    KeyValidationHandler keyValidationHandler = ServiceReferenceHolder.getInstance().getKeyValidationHandler(tenantDomain);
    boolean state = keyValidationHandler.validateToken(validationContext);
    if (state) {
        state = keyValidationHandler.validateSubscription(validationContext);
        if (state) {
            if (APIKeyMgtDataHolder.isJwtGenerationEnabled() && validationContext.getValidationInfoDTO().getEndUserName() != null && !validationContext.isCacheHit()) {
                Application application = APIUtil.getApplicationByClientId(validationContext.getValidationInfoDTO().getConsumerKey());
                validationContext.getValidationInfoDTO().setApplicationId(String.valueOf(application.getId()));
                validationContext.getValidationInfoDTO().setApplicationTier(application.getTier());
                keyValidationHandler.generateConsumerToken(validationContext);
                info.setEndUserToken(validationContext.getValidationInfoDTO().getEndUserToken());
            }
        }
        return validationContext.getValidationInfoDTO();
    }
    return info;
}
Also used : KeyValidationHandler(org.wso2.carbon.apimgt.keymgt.handlers.KeyValidationHandler) Application(org.wso2.carbon.apimgt.api.model.Application) APIKeyValidationInfoDTO(org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO)

Example 2 with KeyValidationHandler

use of org.wso2.carbon.apimgt.keymgt.handlers.KeyValidationHandler in project carbon-apimgt by wso2.

the class ServiceReferenceHolder method getKeyValidationHandler.

public KeyValidationHandler getKeyValidationHandler(String tenantDomain) {
    if (keyValidationHandlerMap.containsKey(tenantDomain)) {
        return keyValidationHandlerMap.get(tenantDomain);
    }
    KeyValidationHandler keyValidationHandler = null;
    String className = amConfigurationService.getAPIManagerConfiguration().getFirstProperty(APIConstants.KEY_VALIDATION_HANDLER_CLASSNAME);
    try {
        if (StringUtils.isNotEmpty(className)) {
            keyValidationHandler = (KeyValidationHandler) APIUtil.getClassInstance(className);
        } else {
            keyValidationHandler = new DefaultKeyValidationHandler();
        }
    } catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
        log.error("Key validation handler object creation error", e);
    }
    keyValidationHandlerMap.put(tenantDomain, keyValidationHandler);
    return keyValidationHandler;
}
Also used : KeyValidationHandler(org.wso2.carbon.apimgt.keymgt.handlers.KeyValidationHandler) DefaultKeyValidationHandler(org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler) DefaultKeyValidationHandler(org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler)

Example 3 with KeyValidationHandler

use of org.wso2.carbon.apimgt.keymgt.handlers.KeyValidationHandler in project carbon-apimgt by wso2.

the class APIKeyValidationService method validateKey.

/**
 * Validates the access tokens issued for a particular user to access an API.
 *
 * @param context     Requested context
 * @param accessToken Provided access token
 * @return APIKeyValidationInfoDTO with authorization info and tier info if authorized. If it is not
 * authorized, tier information will be <pre>null</pre>
 * @throws APIKeyMgtException Error occurred when accessing the underlying database or registry.
 */
public APIKeyValidationInfoDTO validateKey(String context, String version, String accessToken, String requiredAuthenticationLevel, String matchingResource, String httpVerb, String tenantDomain, List keyManagers) throws APIKeyMgtException, APIManagementException {
    TracingSpan validateMainSpan = null;
    TracingSpan getAccessTokenCacheSpan = null;
    TracingSpan fetchingKeyValDTOSpan = null;
    TracingSpan validateTokenSpan = null;
    TracingSpan validateSubscriptionSpan = null;
    TracingSpan validateScopeSpan = null;
    TracingSpan generateJWTSpan = null;
    TracingSpan keyCache = null;
    TracingSpan keyValResponseSpan = null;
    TracingTracer tracer = Util.getGlobalTracer();
    Timer timer = MetricManager.timer(org.wso2.carbon.metrics.manager.Level.INFO, MetricManager.name(APIConstants.METRICS_PREFIX, this.getClass().getSimpleName(), "VALIDATE_MAIN"));
    Timer.Context timerContext = timer.start();
    MessageContext axis2MessageContext = MessageContext.getCurrentMessageContext();
    if (Util.tracingEnabled() && axis2MessageContext != null) {
        Map map = (Map) axis2MessageContext.getProperty(MessageContext.TRANSPORT_HEADERS);
        TracingSpan spanContext = Util.extract(tracer, map);
        validateMainSpan = Util.startSpan(TracingConstants.VALIDATE_MAIN, spanContext, tracer);
    }
    Map headersMap = null;
    String activityID = null;
    try {
        if (axis2MessageContext != null) {
            MessageContext responseMessageContext = axis2MessageContext.getOperationContext().getMessageContext(WSDLConstants.MESSAGE_LABEL_OUT_VALUE);
            if (responseMessageContext != null) {
                if (log.isDebugEnabled()) {
                    List headersList = new ArrayList();
                    Object headers = axis2MessageContext.getProperty(org.apache.axis2.context.MessageContext.TRANSPORT_HEADERS);
                    if (headers != null && headers instanceof Map) {
                        headersMap = (Map) headers;
                        activityID = (String) headersMap.get("activityID");
                    }
                    if (headersMap != null) {
                        headersList.add(new Header("activityID", (String) headersMap.get("activityID")));
                    }
                    responseMessageContext.setProperty(HTTPConstants.HTTP_HEADERS, headersList);
                }
            }
        }
    } catch (AxisFault axisFault) {
        throw new APIKeyMgtException("Error while building response messageContext: " + axisFault.getLocalizedMessage());
    }
    if (log.isDebugEnabled()) {
        String logMsg = "KeyValidation request from gateway: requestTime= " + new SimpleDateFormat("[yyyy.MM.dd HH:mm:ss,SSS zzz]").format(new Date()) + " , for:" + context + " with accessToken=" + accessToken;
        if (activityID != null) {
            logMsg = logMsg + " , transactionId=" + activityID;
        }
        log.debug(logMsg);
    }
    TokenValidationContext validationContext = new TokenValidationContext();
    validationContext.setAccessToken(accessToken);
    validationContext.setContext(context);
    validationContext.setHttpVerb(httpVerb);
    validationContext.setMatchingResource(matchingResource);
    validationContext.setRequiredAuthenticationLevel(requiredAuthenticationLevel);
    validationContext.setValidationInfoDTO(new APIKeyValidationInfoDTO());
    validationContext.setVersion(version);
    validationContext.setTenantDomain(tenantDomain);
    validationContext.setKeyManagers(keyManagers);
    if (Util.tracingEnabled()) {
        getAccessTokenCacheSpan = Util.startSpan(TracingConstants.GET_ACCESS_TOKEN_CACHE_KEY, validateMainSpan, tracer);
    }
    String cacheKey = APIUtil.getAccessTokenCacheKey(accessToken, context, version, matchingResource, httpVerb, requiredAuthenticationLevel);
    validationContext.setCacheKey(cacheKey);
    if (Util.tracingEnabled()) {
        Util.finishSpan(getAccessTokenCacheSpan);
        fetchingKeyValDTOSpan = Util.startSpan(TracingConstants.FETCHING_API_KEY_VAL_INFO_DTO_FROM_CACHE, validateMainSpan, tracer);
    }
    APIKeyValidationInfoDTO infoDTO = APIKeyMgtUtil.getFromKeyManagerCache(cacheKey);
    if (Util.tracingEnabled()) {
        Util.finishSpan(fetchingKeyValDTOSpan);
    }
    if (infoDTO != null) {
        validationContext.setCacheHit(true);
        log.debug("APIKeyValidationInfoDTO fetched from cache. Setting cache hit to true...");
        validationContext.setValidationInfoDTO(infoDTO);
    }
    log.debug("Before calling Validate Token method...");
    Timer timer2 = MetricManager.timer(org.wso2.carbon.metrics.manager.Level.INFO, MetricManager.name(APIConstants.METRICS_PREFIX, this.getClass().getSimpleName(), "VALIDATE_TOKEN"));
    Timer.Context timerContext2 = timer2.start();
    if (Util.tracingEnabled()) {
        validateTokenSpan = Util.startSpan(TracingConstants.VALIDATE_TOKEN, validateMainSpan, tracer);
    }
    KeyValidationHandler keyValidationHandler = ServiceReferenceHolder.getInstance().getKeyValidationHandler(tenantDomain);
    boolean state = keyValidationHandler.validateToken(validationContext);
    timerContext2.stop();
    if (Util.tracingEnabled()) {
        Util.finishSpan(validateTokenSpan);
    }
    log.debug("State after calling validateToken ... " + state);
    if (state) {
        Timer timer3 = MetricManager.timer(org.wso2.carbon.metrics.manager.Level.INFO, MetricManager.name(APIConstants.METRICS_PREFIX, this.getClass().getSimpleName(), "VALIDATE_SUBSCRIPTION"));
        Timer.Context timerContext3 = timer3.start();
        if (Util.tracingEnabled()) {
            validateSubscriptionSpan = Util.startSpan(TracingConstants.VALIDATE_SUBSCRIPTION, validateMainSpan, tracer);
        }
        state = keyValidationHandler.validateSubscription(validationContext);
        timerContext3.stop();
        if (Util.tracingEnabled()) {
            Util.finishSpan(validateSubscriptionSpan);
        }
    }
    log.debug("State after calling validateSubscription... " + state);
    if (state) {
        Timer timer4 = MetricManager.timer(org.wso2.carbon.metrics.manager.Level.INFO, MetricManager.name(APIConstants.METRICS_PREFIX, this.getClass().getSimpleName(), "VALIDATE_SCOPES"));
        Timer.Context timerContext4 = timer4.start();
        if (Util.tracingEnabled()) {
            validateScopeSpan = Util.startSpan(TracingConstants.VALIDATE_SCOPES, validateMainSpan, tracer);
        }
        state = keyValidationHandler.validateScopes(validationContext);
        timerContext4.stop();
        if (Util.tracingEnabled()) {
            Util.finishSpan(validateScopeSpan);
        }
    }
    log.debug("State after calling validateScopes... " + state);
    if (state && APIKeyMgtDataHolder.isJwtGenerationEnabled() && validationContext.getValidationInfoDTO().getEndUserName() != null && !validationContext.isCacheHit()) {
        Timer timer5 = MetricManager.timer(org.wso2.carbon.metrics.manager.Level.INFO, MetricManager.name(APIConstants.METRICS_PREFIX, this.getClass().getSimpleName(), "GENERATE_JWT"));
        Timer.Context timerContext5 = timer5.start();
        if (Util.tracingEnabled()) {
            generateJWTSpan = Util.startSpan(TracingConstants.GENERATE_JWT, validateMainSpan, tracer);
        }
        keyValidationHandler.generateConsumerToken(validationContext);
        timerContext5.stop();
        if (Util.tracingEnabled()) {
            Util.finishSpan(generateJWTSpan);
        }
    }
    log.debug("State after calling generateConsumerToken... " + state);
    if (!validationContext.isCacheHit()) {
        if (Util.tracingEnabled()) {
            keyCache = Util.startSpan(TracingConstants.WRITE_TO_KEY_MANAGER_CACHE, validateMainSpan, tracer);
        }
        APIKeyMgtUtil.writeToKeyManagerCache(cacheKey, validationContext.getValidationInfoDTO());
        if (Util.tracingEnabled()) {
            Util.finishSpan(keyCache);
        }
    }
    if (Util.tracingEnabled()) {
        keyValResponseSpan = Util.startSpan(TracingConstants.PUBLISHING_KEY_VALIDATION_RESPONSE, validateMainSpan, tracer);
    }
    if (log.isDebugEnabled() && axis2MessageContext != null) {
        logMessageDetails(axis2MessageContext, validationContext.getValidationInfoDTO());
    }
    if (log.isDebugEnabled()) {
        log.debug("APIKeyValidationInfoDTO before returning : " + validationContext.getValidationInfoDTO());
        log.debug("KeyValidation response from keymanager to gateway for access token:" + accessToken + " at " + new SimpleDateFormat("[yyyy.MM.dd HH:mm:ss,SSS zzz]").format(new Date()));
    }
    if (Util.tracingEnabled()) {
        Util.finishSpan(keyValResponseSpan);
    }
    timerContext.stop();
    if (Util.tracingEnabled() && validateMainSpan != null) {
        Util.finishSpan(validateMainSpan);
    }
    return validationContext.getValidationInfoDTO();
}
Also used : AxisFault(org.apache.axis2.AxisFault) TracingTracer(org.wso2.carbon.apimgt.tracing.TracingTracer) ArrayList(java.util.ArrayList) Date(java.util.Date) APIKeyMgtException(org.wso2.carbon.apimgt.keymgt.APIKeyMgtException) Timer(org.wso2.carbon.metrics.manager.Timer) Header(org.apache.commons.httpclient.Header) KeyValidationHandler(org.wso2.carbon.apimgt.keymgt.handlers.KeyValidationHandler) ArrayList(java.util.ArrayList) List(java.util.List) TracingSpan(org.wso2.carbon.apimgt.tracing.TracingSpan) MessageContext(org.apache.axis2.context.MessageContext) HashMap(java.util.HashMap) Map(java.util.Map) SimpleDateFormat(java.text.SimpleDateFormat) APIKeyValidationInfoDTO(org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO)

Aggregations

KeyValidationHandler (org.wso2.carbon.apimgt.keymgt.handlers.KeyValidationHandler)3 APIKeyValidationInfoDTO (org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO)2 SimpleDateFormat (java.text.SimpleDateFormat)1 ArrayList (java.util.ArrayList)1 Date (java.util.Date)1 HashMap (java.util.HashMap)1 List (java.util.List)1 Map (java.util.Map)1 AxisFault (org.apache.axis2.AxisFault)1 MessageContext (org.apache.axis2.context.MessageContext)1 Header (org.apache.commons.httpclient.Header)1 Application (org.wso2.carbon.apimgt.api.model.Application)1 APIKeyMgtException (org.wso2.carbon.apimgt.keymgt.APIKeyMgtException)1 DefaultKeyValidationHandler (org.wso2.carbon.apimgt.keymgt.handlers.DefaultKeyValidationHandler)1 TracingSpan (org.wso2.carbon.apimgt.tracing.TracingSpan)1 TracingTracer (org.wso2.carbon.apimgt.tracing.TracingTracer)1 Timer (org.wso2.carbon.metrics.manager.Timer)1