Search in sources :

Example 11 with KeyManagerDTO

use of org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerDTO in project carbon-apimgt by wso2.

the class APIProviderImpl method registerOrUpdateResourceInKeyManager.

/**
 * Notify the key manager with API update or addition
 *
 * @param api API
 * @param tenantDomain
 * @throws APIManagementException when error occurs when register/update API at Key Manager side
 */
private void registerOrUpdateResourceInKeyManager(API api, String tenantDomain) throws APIManagementException {
    // get new key manager instance for  resource registration.
    Map<String, KeyManagerDto> tenantKeyManagers = KeyManagerHolder.getTenantKeyManagers(tenantDomain);
    for (Map.Entry<String, KeyManagerDto> keyManagerDtoEntry : tenantKeyManagers.entrySet()) {
        KeyManager keyManager = keyManagerDtoEntry.getValue().getKeyManager();
        if (keyManager != null) {
            try {
                Map registeredResource = keyManager.getResourceByApiId(api.getId().toString());
                if (registeredResource == null) {
                    boolean isNewResourceRegistered = keyManager.registerNewResource(api, null);
                    if (!isNewResourceRegistered) {
                        log.warn("APIResource registration is failed while adding the API- " + api.getId().getApiName() + "-" + api.getId().getVersion() + " into Key Manager : " + keyManagerDtoEntry.getKey());
                    }
                } else {
                    // update APIResource.
                    String resourceId = (String) registeredResource.get("resourceId");
                    if (resourceId == null) {
                        handleException("APIResource update is failed because of empty resourceID.");
                    }
                    keyManager.updateRegisteredResource(api, registeredResource);
                }
            } catch (APIManagementException e) {
                log.error("API Resource Registration failed in Key Manager " + keyManagerDtoEntry.getKey(), e);
            }
        }
    }
}
Also used : APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException) KeyManagerDto(org.wso2.carbon.apimgt.impl.dto.KeyManagerDto) Map(java.util.Map) TreeMap(java.util.TreeMap) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) HashMap(java.util.HashMap) KeyManager(org.wso2.carbon.apimgt.api.model.KeyManager)

Example 12 with KeyManagerDTO

use of org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerDTO in project carbon-apimgt by wso2.

the class DefaultKeyValidationHandler method getAccessTokenInfo.

private AccessTokenInfo getAccessTokenInfo(TokenValidationContext validationContext) throws APIManagementException {
    Object cachedAccessTokenInfo = CacheProvider.createIntrospectionCache().get(validationContext.getAccessToken());
    if (cachedAccessTokenInfo != null) {
        log.debug("AccessToken available in introspection Cache.");
        return (AccessTokenInfo) cachedAccessTokenInfo;
    }
    String electedKeyManager = null;
    // Obtaining details about the token.
    if (StringUtils.isNotEmpty(validationContext.getTenantDomain())) {
        Map<String, KeyManagerDto> tenantKeyManagers = KeyManagerHolder.getTenantKeyManagers(validationContext.getTenantDomain());
        KeyManager keyManagerInstance = null;
        if (tenantKeyManagers.values().size() == 1) {
            log.debug("KeyManager count is 1");
            Map.Entry<String, KeyManagerDto> entry = tenantKeyManagers.entrySet().iterator().next();
            if (entry != null) {
                KeyManagerDto keyManagerDto = entry.getValue();
                if (keyManagerDto != null && (validationContext.getKeyManagers().contains(APIConstants.KeyManager.API_LEVEL_ALL_KEY_MANAGERS) || validationContext.getKeyManagers().contains(keyManagerDto.getName()))) {
                    if (log.isDebugEnabled()) {
                        log.debug("KeyManager " + keyManagerDto.getName() + " Available in API level KM list " + String.join(",", validationContext.getKeyManagers()));
                    }
                    if (keyManagerDto.getKeyManager() != null && keyManagerDto.getKeyManager().canHandleToken(validationContext.getAccessToken())) {
                        if (log.isDebugEnabled()) {
                            log.debug("KeyManager " + keyManagerDto.getName() + " can handle the token");
                        }
                        keyManagerInstance = keyManagerDto.getKeyManager();
                        electedKeyManager = entry.getKey();
                    }
                }
            }
        } else if (tenantKeyManagers.values().size() > 1) {
            log.debug("KeyManager count is > 1");
            if (validationContext.getKeyManagers().contains(APIConstants.KeyManager.API_LEVEL_ALL_KEY_MANAGERS)) {
                if (log.isDebugEnabled()) {
                    log.debug("API level KeyManagers contains " + APIConstants.KeyManager.API_LEVEL_ALL_KEY_MANAGERS);
                }
                for (Map.Entry<String, KeyManagerDto> keyManagerDtoEntry : tenantKeyManagers.entrySet()) {
                    if (keyManagerDtoEntry.getValue().getKeyManager() != null && keyManagerDtoEntry.getValue().getKeyManager().canHandleToken(validationContext.getAccessToken())) {
                        if (log.isDebugEnabled()) {
                            log.debug("KeyManager " + keyManagerDtoEntry.getValue().getName() + " can handle the token");
                        }
                        keyManagerInstance = keyManagerDtoEntry.getValue().getKeyManager();
                        electedKeyManager = keyManagerDtoEntry.getKey();
                        break;
                    }
                }
            } else {
                for (String selectedKeyManager : validationContext.getKeyManagers()) {
                    KeyManagerDto keyManagerDto = tenantKeyManagers.get(selectedKeyManager);
                    if (keyManagerDto != null && keyManagerDto.getKeyManager() != null && keyManagerDto.getKeyManager().canHandleToken(validationContext.getAccessToken())) {
                        if (log.isDebugEnabled()) {
                            log.debug("KeyManager " + keyManagerDto.getName() + " can handle the token");
                        }
                        keyManagerInstance = keyManagerDto.getKeyManager();
                        electedKeyManager = selectedKeyManager;
                        break;
                    }
                }
            }
        }
        if (keyManagerInstance != null) {
            log.debug("KeyManager instance available to validate token.");
            AccessTokenInfo tokenInfo = keyManagerInstance.getTokenMetaData(validationContext.getAccessToken());
            tokenInfo.setKeyManager(electedKeyManager);
            CacheProvider.getGatewayIntrospectCache().put(validationContext.getAccessToken(), tokenInfo);
            return tokenInfo;
        } else {
            AccessTokenInfo tokenInfo = new AccessTokenInfo();
            tokenInfo.setTokenValid(false);
            tokenInfo.setErrorcode(APIConstants.KeyValidationStatus.API_AUTH_INVALID_CREDENTIALS);
            log.debug("KeyManager not available to authorize token.");
            return tokenInfo;
        }
    }
    return null;
}
Also used : AccessTokenInfo(org.wso2.carbon.apimgt.api.model.AccessTokenInfo) KeyManagerDto(org.wso2.carbon.apimgt.impl.dto.KeyManagerDto) KeyManager(org.wso2.carbon.apimgt.api.model.KeyManager) Map(java.util.Map)

Example 13 with KeyManagerDTO

use of org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerDTO in project carbon-apimgt by wso2.

the class KeymanagersApiServiceImpl method keymanagersGet.

public Response keymanagersGet(String xWSO2Tenant, MessageContext messageContext) {
    xWSO2Tenant = SubscriptionValidationDataUtil.validateTenantDomain(xWSO2Tenant, messageContext);
    try {
        APIAdmin apiAdmin = new APIAdminImpl();
        List<KeyManagerConfigurationDTO> keyManagerConfigurations = apiAdmin.getKeyManagerConfigurationsByOrganization(xWSO2Tenant);
        List<KeyManagerDTO> keyManagerDTOList = new ArrayList<>();
        for (KeyManagerConfigurationDTO keyManagerConfiguration : keyManagerConfigurations) {
            keyManagerDTOList.add(toKeyManagerDTO(xWSO2Tenant, keyManagerConfiguration));
        }
        return Response.ok(keyManagerDTOList).build();
    } catch (APIManagementException e) {
        RestApiUtil.handleInternalServerError("Error while retrieving key manager configurations", e, log);
    }
    return null;
}
Also used : KeyManagerConfigurationDTO(org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO) APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException) APIAdmin(org.wso2.carbon.apimgt.api.APIAdmin) ArrayList(java.util.ArrayList) KeyManagerDTO(org.wso2.carbon.apimgt.internal.service.dto.KeyManagerDTO) APIAdminImpl(org.wso2.carbon.apimgt.impl.APIAdminImpl)

Example 14 with KeyManagerDTO

use of org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerDTO in project carbon-apimgt by wso2.

the class JWTValidationServiceImpl method validateJWTToken.

@Override
public JWTValidationInfo validateJWTToken(SignedJWTInfo signedJWTInfo) throws APIManagementException {
    String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
    JWTValidationInfo jwtValidationInfo = new JWTValidationInfo();
    String issuer = signedJWTInfo.getJwtClaimsSet().getIssuer();
    if (StringUtils.isNotEmpty(issuer)) {
        KeyManagerDto keyManagerDto = KeyManagerHolder.getKeyManagerByIssuer(tenantDomain, issuer);
        if (keyManagerDto != null && keyManagerDto.getJwtValidator() != null) {
            JWTValidationInfo validationInfo = keyManagerDto.getJwtValidator().validateToken(signedJWTInfo);
            validationInfo.setKeyManager(keyManagerDto.getName());
            return validationInfo;
        }
    }
    jwtValidationInfo.setValid(false);
    jwtValidationInfo.setValidationCode(APIConstants.KeyValidationStatus.API_AUTH_GENERAL_ERROR);
    return jwtValidationInfo;
}
Also used : KeyManagerDto(org.wso2.carbon.apimgt.impl.dto.KeyManagerDto) JWTValidationInfo(org.wso2.carbon.apimgt.common.gateway.dto.JWTValidationInfo)

Example 15 with KeyManagerDTO

use of org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerDTO in project carbon-apimgt by wso2.

the class JWTValidationServiceImpl method getKeyManagerNameIfJwtValidatorExist.

@Override
public String getKeyManagerNameIfJwtValidatorExist(SignedJWTInfo signedJWTInfo) throws APIManagementException {
    String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
    String issuer = signedJWTInfo.getJwtClaimsSet().getIssuer();
    KeyManagerDto keyManagerDto = KeyManagerHolder.getKeyManagerByIssuer(tenantDomain, issuer);
    if (keyManagerDto != null && keyManagerDto.getJwtValidator() != null) {
        return keyManagerDto.getName();
    } else {
        return null;
    }
}
Also used : KeyManagerDto(org.wso2.carbon.apimgt.impl.dto.KeyManagerDto)

Aggregations

KeyManagerDto (org.wso2.carbon.apimgt.impl.dto.KeyManagerDto)16 APIManagementException (org.wso2.carbon.apimgt.api.APIManagementException)15 HashMap (java.util.HashMap)13 Map (java.util.Map)13 KeyManager (org.wso2.carbon.apimgt.api.model.KeyManager)13 TreeMap (java.util.TreeMap)10 ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)9 KeyManagerConfigurationDTO (org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO)5 Gson (com.google.gson.Gson)4 APIAdmin (org.wso2.carbon.apimgt.api.APIAdmin)4 APIAdminImpl (org.wso2.carbon.apimgt.impl.APIAdminImpl)4 JsonObject (com.google.gson.JsonObject)3 ArrayList (java.util.ArrayList)3 APIIdentifier (org.wso2.carbon.apimgt.api.model.APIIdentifier)3 Scope (org.wso2.carbon.apimgt.api.model.Scope)3 URITemplate (org.wso2.carbon.apimgt.api.model.URITemplate)3 KeyManagerDTO (org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerDTO)3 JsonArray (com.google.gson.JsonArray)2 HashSet (java.util.HashSet)2 List (java.util.List)2