use of org.wso2.carbon.apimgt.keymgt.handlers.KeyValidationHandler in project carbon-apimgt by wso2.
the class APIKeyValidationService method validateKeyForHandshake.
/**
* Validate access token for websocket handshake
*
* @param context context of the API
* @param version version of the API
* @param accessToken access token of the request
* @param tenantDomain
* @param keyManagers
* @return
* @throws APIKeyMgtException
* @throws APIManagementException
*/
public APIKeyValidationInfoDTO validateKeyForHandshake(String context, String version, String accessToken, String tenantDomain, List<String> keyManagers) throws APIKeyMgtException, APIManagementException {
APIKeyValidationInfoDTO info = new APIKeyValidationInfoDTO();
info.setAuthorized(false);
TokenValidationContext validationContext = new TokenValidationContext();
validationContext.setAccessToken(accessToken);
validationContext.setContext(context);
validationContext.setValidationInfoDTO(new APIKeyValidationInfoDTO());
validationContext.setVersion(version);
validationContext.setTenantDomain(tenantDomain);
validationContext.setRequiredAuthenticationLevel("Any");
validationContext.setKeyManagers(keyManagers);
KeyValidationHandler keyValidationHandler = ServiceReferenceHolder.getInstance().getKeyValidationHandler(tenantDomain);
boolean state = keyValidationHandler.validateToken(validationContext);
if (state) {
state = keyValidationHandler.validateSubscription(validationContext);
if (state) {
if (APIKeyMgtDataHolder.isJwtGenerationEnabled() && validationContext.getValidationInfoDTO().getEndUserName() != null && !validationContext.isCacheHit()) {
Application application = APIUtil.getApplicationByClientId(validationContext.getValidationInfoDTO().getConsumerKey());
validationContext.getValidationInfoDTO().setApplicationId(String.valueOf(application.getId()));
validationContext.getValidationInfoDTO().setApplicationTier(application.getTier());
keyValidationHandler.generateConsumerToken(validationContext);
info.setEndUserToken(validationContext.getValidationInfoDTO().getEndUserToken());
}
}
return validationContext.getValidationInfoDTO();
}
return info;
}
use of org.wso2.carbon.apimgt.keymgt.handlers.KeyValidationHandler in project carbon-apimgt by wso2.
the class ServiceReferenceHolder method getKeyValidationHandler.
public KeyValidationHandler getKeyValidationHandler(String tenantDomain) {
if (keyValidationHandlerMap.containsKey(tenantDomain)) {
return keyValidationHandlerMap.get(tenantDomain);
}
KeyValidationHandler keyValidationHandler = null;
String className = amConfigurationService.getAPIManagerConfiguration().getFirstProperty(APIConstants.KEY_VALIDATION_HANDLER_CLASSNAME);
try {
if (StringUtils.isNotEmpty(className)) {
keyValidationHandler = (KeyValidationHandler) APIUtil.getClassInstance(className);
} else {
keyValidationHandler = new DefaultKeyValidationHandler();
}
} catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
log.error("Key validation handler object creation error", e);
}
keyValidationHandlerMap.put(tenantDomain, keyValidationHandler);
return keyValidationHandler;
}
use of org.wso2.carbon.apimgt.keymgt.handlers.KeyValidationHandler in project carbon-apimgt by wso2.
the class APIKeyValidationService method validateKey.
/**
* Validates the access tokens issued for a particular user to access an API.
*
* @param context Requested context
* @param accessToken Provided access token
* @return APIKeyValidationInfoDTO with authorization info and tier info if authorized. If it is not
* authorized, tier information will be <pre>null</pre>
* @throws APIKeyMgtException Error occurred when accessing the underlying database or registry.
*/
public APIKeyValidationInfoDTO validateKey(String context, String version, String accessToken, String requiredAuthenticationLevel, String matchingResource, String httpVerb, String tenantDomain, List keyManagers) throws APIKeyMgtException, APIManagementException {
TracingSpan validateMainSpan = null;
TracingSpan getAccessTokenCacheSpan = null;
TracingSpan fetchingKeyValDTOSpan = null;
TracingSpan validateTokenSpan = null;
TracingSpan validateSubscriptionSpan = null;
TracingSpan validateScopeSpan = null;
TracingSpan generateJWTSpan = null;
TracingSpan keyCache = null;
TracingSpan keyValResponseSpan = null;
TracingTracer tracer = Util.getGlobalTracer();
Timer timer = MetricManager.timer(org.wso2.carbon.metrics.manager.Level.INFO, MetricManager.name(APIConstants.METRICS_PREFIX, this.getClass().getSimpleName(), "VALIDATE_MAIN"));
Timer.Context timerContext = timer.start();
MessageContext axis2MessageContext = MessageContext.getCurrentMessageContext();
if (Util.tracingEnabled() && axis2MessageContext != null) {
Map map = (Map) axis2MessageContext.getProperty(MessageContext.TRANSPORT_HEADERS);
TracingSpan spanContext = Util.extract(tracer, map);
validateMainSpan = Util.startSpan(TracingConstants.VALIDATE_MAIN, spanContext, tracer);
}
Map headersMap = null;
String activityID = null;
try {
if (axis2MessageContext != null) {
MessageContext responseMessageContext = axis2MessageContext.getOperationContext().getMessageContext(WSDLConstants.MESSAGE_LABEL_OUT_VALUE);
if (responseMessageContext != null) {
if (log.isDebugEnabled()) {
List headersList = new ArrayList();
Object headers = axis2MessageContext.getProperty(org.apache.axis2.context.MessageContext.TRANSPORT_HEADERS);
if (headers != null && headers instanceof Map) {
headersMap = (Map) headers;
activityID = (String) headersMap.get("activityID");
}
if (headersMap != null) {
headersList.add(new Header("activityID", (String) headersMap.get("activityID")));
}
responseMessageContext.setProperty(HTTPConstants.HTTP_HEADERS, headersList);
}
}
}
} catch (AxisFault axisFault) {
throw new APIKeyMgtException("Error while building response messageContext: " + axisFault.getLocalizedMessage());
}
if (log.isDebugEnabled()) {
String logMsg = "KeyValidation request from gateway: requestTime= " + new SimpleDateFormat("[yyyy.MM.dd HH:mm:ss,SSS zzz]").format(new Date()) + " , for:" + context + " with accessToken=" + accessToken;
if (activityID != null) {
logMsg = logMsg + " , transactionId=" + activityID;
}
log.debug(logMsg);
}
TokenValidationContext validationContext = new TokenValidationContext();
validationContext.setAccessToken(accessToken);
validationContext.setContext(context);
validationContext.setHttpVerb(httpVerb);
validationContext.setMatchingResource(matchingResource);
validationContext.setRequiredAuthenticationLevel(requiredAuthenticationLevel);
validationContext.setValidationInfoDTO(new APIKeyValidationInfoDTO());
validationContext.setVersion(version);
validationContext.setTenantDomain(tenantDomain);
validationContext.setKeyManagers(keyManagers);
if (Util.tracingEnabled()) {
getAccessTokenCacheSpan = Util.startSpan(TracingConstants.GET_ACCESS_TOKEN_CACHE_KEY, validateMainSpan, tracer);
}
String cacheKey = APIUtil.getAccessTokenCacheKey(accessToken, context, version, matchingResource, httpVerb, requiredAuthenticationLevel);
validationContext.setCacheKey(cacheKey);
if (Util.tracingEnabled()) {
Util.finishSpan(getAccessTokenCacheSpan);
fetchingKeyValDTOSpan = Util.startSpan(TracingConstants.FETCHING_API_KEY_VAL_INFO_DTO_FROM_CACHE, validateMainSpan, tracer);
}
APIKeyValidationInfoDTO infoDTO = APIKeyMgtUtil.getFromKeyManagerCache(cacheKey);
if (Util.tracingEnabled()) {
Util.finishSpan(fetchingKeyValDTOSpan);
}
if (infoDTO != null) {
validationContext.setCacheHit(true);
log.debug("APIKeyValidationInfoDTO fetched from cache. Setting cache hit to true...");
validationContext.setValidationInfoDTO(infoDTO);
}
log.debug("Before calling Validate Token method...");
Timer timer2 = MetricManager.timer(org.wso2.carbon.metrics.manager.Level.INFO, MetricManager.name(APIConstants.METRICS_PREFIX, this.getClass().getSimpleName(), "VALIDATE_TOKEN"));
Timer.Context timerContext2 = timer2.start();
if (Util.tracingEnabled()) {
validateTokenSpan = Util.startSpan(TracingConstants.VALIDATE_TOKEN, validateMainSpan, tracer);
}
KeyValidationHandler keyValidationHandler = ServiceReferenceHolder.getInstance().getKeyValidationHandler(tenantDomain);
boolean state = keyValidationHandler.validateToken(validationContext);
timerContext2.stop();
if (Util.tracingEnabled()) {
Util.finishSpan(validateTokenSpan);
}
log.debug("State after calling validateToken ... " + state);
if (state) {
Timer timer3 = MetricManager.timer(org.wso2.carbon.metrics.manager.Level.INFO, MetricManager.name(APIConstants.METRICS_PREFIX, this.getClass().getSimpleName(), "VALIDATE_SUBSCRIPTION"));
Timer.Context timerContext3 = timer3.start();
if (Util.tracingEnabled()) {
validateSubscriptionSpan = Util.startSpan(TracingConstants.VALIDATE_SUBSCRIPTION, validateMainSpan, tracer);
}
state = keyValidationHandler.validateSubscription(validationContext);
timerContext3.stop();
if (Util.tracingEnabled()) {
Util.finishSpan(validateSubscriptionSpan);
}
}
log.debug("State after calling validateSubscription... " + state);
if (state) {
Timer timer4 = MetricManager.timer(org.wso2.carbon.metrics.manager.Level.INFO, MetricManager.name(APIConstants.METRICS_PREFIX, this.getClass().getSimpleName(), "VALIDATE_SCOPES"));
Timer.Context timerContext4 = timer4.start();
if (Util.tracingEnabled()) {
validateScopeSpan = Util.startSpan(TracingConstants.VALIDATE_SCOPES, validateMainSpan, tracer);
}
state = keyValidationHandler.validateScopes(validationContext);
timerContext4.stop();
if (Util.tracingEnabled()) {
Util.finishSpan(validateScopeSpan);
}
}
log.debug("State after calling validateScopes... " + state);
if (state && APIKeyMgtDataHolder.isJwtGenerationEnabled() && validationContext.getValidationInfoDTO().getEndUserName() != null && !validationContext.isCacheHit()) {
Timer timer5 = MetricManager.timer(org.wso2.carbon.metrics.manager.Level.INFO, MetricManager.name(APIConstants.METRICS_PREFIX, this.getClass().getSimpleName(), "GENERATE_JWT"));
Timer.Context timerContext5 = timer5.start();
if (Util.tracingEnabled()) {
generateJWTSpan = Util.startSpan(TracingConstants.GENERATE_JWT, validateMainSpan, tracer);
}
keyValidationHandler.generateConsumerToken(validationContext);
timerContext5.stop();
if (Util.tracingEnabled()) {
Util.finishSpan(generateJWTSpan);
}
}
log.debug("State after calling generateConsumerToken... " + state);
if (!validationContext.isCacheHit()) {
if (Util.tracingEnabled()) {
keyCache = Util.startSpan(TracingConstants.WRITE_TO_KEY_MANAGER_CACHE, validateMainSpan, tracer);
}
APIKeyMgtUtil.writeToKeyManagerCache(cacheKey, validationContext.getValidationInfoDTO());
if (Util.tracingEnabled()) {
Util.finishSpan(keyCache);
}
}
if (Util.tracingEnabled()) {
keyValResponseSpan = Util.startSpan(TracingConstants.PUBLISHING_KEY_VALIDATION_RESPONSE, validateMainSpan, tracer);
}
if (log.isDebugEnabled() && axis2MessageContext != null) {
logMessageDetails(axis2MessageContext, validationContext.getValidationInfoDTO());
}
if (log.isDebugEnabled()) {
log.debug("APIKeyValidationInfoDTO before returning : " + validationContext.getValidationInfoDTO());
log.debug("KeyValidation response from keymanager to gateway for access token:" + accessToken + " at " + new SimpleDateFormat("[yyyy.MM.dd HH:mm:ss,SSS zzz]").format(new Date()));
}
if (Util.tracingEnabled()) {
Util.finishSpan(keyValResponseSpan);
}
timerContext.stop();
if (Util.tracingEnabled() && validateMainSpan != null) {
Util.finishSpan(validateMainSpan);
}
return validationContext.getValidationInfoDTO();
}
Aggregations