Merge branch 'release-2.0.x' of https://github.com/wso2/carbon-device-mgt into release-2.0.x

components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/ApiApplicationRegistrationServiceImpl.java

@@ -37,7 +37,6 @@ import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.Response;
-import java.util.ArrayList;
 import java.util.Arrays;
 
 
@@ -106,8 +105,13 @@ public class ApiApplicationRegistrationServiceImpl implements ApiApplicationRegi
                 jsonStringObject.put(ApiApplicationConstants.OAUTH_CLIENT_ID, registrationProfile.getConsumerKey());
                 jsonStringObject.put(ApiApplicationConstants.OAUTH_CLIENT_SECRET,
                                      registrationProfile.getConsumerSecret());
-                jsonStringObject.put(ApiApplicationConstants.JSONSTRING_VALIDITY_PERIOD_TAG,
+                if (registrationProfile.getValidityPeriod() == 0) {
-                                     ApiApplicationConstants.DEFAULT_VALIDITY_PERIOD);
+                    jsonStringObject.put(ApiApplicationConstants.JSONSTRING_VALIDITY_PERIOD_TAG,
+                            ApiApplicationConstants.DEFAULT_VALIDITY_PERIOD);
+                } else {
+                    jsonStringObject.put(ApiApplicationConstants.JSONSTRING_VALIDITY_PERIOD_TAG,
+                            registrationProfile.getValidityPeriod());
+                }
                 apiManagementProviderService.registerExistingOAuthApplicationToAPIApplication(
                         jsonStringObject.toJSONString(), registrationProfile.getApplicationName(),
                         registrationProfile.getConsumerKey(), username, registrationProfile.isAllowedToAllDomains(),

components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/RegistrationProfile.java

@@ -41,6 +41,8 @@ public class RegistrationProfile {
     private boolean isMappingAnExistingOAuthApp;
     private String consumerKey;
     private String consumerSecret;
+    @XmlElement(required = false)
+    private int validityPeriod;
 
     public String getApplicationName() {
         return applicationName;
@@ -89,4 +91,12 @@ public class RegistrationProfile {
     public void setConsumerSecret(String consumerSecret) {
         this.consumerSecret = consumerSecret;
     }
+
+    public int getValidityPeriod() {
+        return validityPeriod;
+    }
+
+    public void setValidityPeriod(int validityPeriod) {
+        this.validityPeriod = validityPeriod;
+    }
 }

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/constants.js

@@ -60,6 +60,8 @@ var WEB_SERVICE_ADDRESSING_VERSION = 1.0;
 var TOKEN_PAIR = "tokenPair";
 var ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS = "encodedTenantBasedClientAppCredentials";
 var CONTENT_TYPE_IDENTIFIER = "Content-Type";
+var ENCODED_TENANT_BASED_WEB_SOCKET_CLIENT_CREDENTIALS = "encodedTenantBasedWebSocketClientCredentials";
+
 var CONTENT_DISPOSITION_IDENTIFIER = "Content-Disposition";
 var APPLICATION_JSON = "application/json";
 var APPLICATION_ZIP = "application/zip";
@@ -76,4 +78,6 @@ var HTTP_CONFLICT = 409;
 var HTTP_CREATED = 201;
 
 var CACHED_CREDENTIALS = "tenantBasedCredentials";
+var CACHED_CREDENTIALS_FOR_WEBSOCKET_APP = "tenantBasedWebSocketClientCredentials";
+
 var ALLOWED_SCOPES = "scopes";

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handler-utils.js

@@ -138,6 +138,63 @@ var utils = function () {
         }
     };
 
+    publicMethods["getTenantBasedWebSocketClientAppCredentials"] = function (username) {
+        if (!username) {
+            log.error("{/app/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
+                "based client app credentials. No username " +
+                "as input - getTenantBasedWebSocketClientAppCredentials(x)");
+            return null;
+        } else {
+            //noinspection JSUnresolvedFunction, JSUnresolvedVariable
+            var tenantDomain = carbon.server.tenantDomain({username: username});
+            if (!tenantDomain) {
+                log.error("{/app/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
+                    "based client application credentials. Unable to obtain a valid tenant domain for provided " +
+                    "username - getTenantBasedWebSocketClientAppCredentials(x, y)");
+                return null;
+            } else {
+                var cachedBasedWebsocketClientAppCredentials = privateMethods.
+                getCachedBasedWebSocketClientAppCredentials(tenantDomain);
+                if (cachedBasedWebsocketClientAppCredentials) {
+                    return cachedBasedWebsocketClientAppCredentials;
+                } else {
+                    var adminUsername = deviceMgtProps["adminUser"];
+                    var adminUserTenantId = deviceMgtProps["adminUserTenantId"];
+                    //claims required for jwtAuthenticator.
+                    var claims = {"http://wso2.org/claims/enduserTenantId": adminUserTenantId,
+                        "http://wso2.org/claims/enduser": adminUsername};
+                    var jwtToken = publicMethods.getJwtToken(adminUsername, claims);
+
+                    // register a tenant based  app at API Manager
+                    var applicationName = "websocket_webapp_" + tenantDomain;
+                    var requestURL = deviceMgtProps["oauthProvider"]["appRegistration"]
+                            ["apiManagerClientAppRegistrationServiceURL"] +
+                        "?tenantDomain=" + tenantDomain + "&applicationName=" + applicationName;
+                    var xhr = new XMLHttpRequest();
+                    xhr.open("POST", requestURL, false);
+                    xhr.setRequestHeader("Content-Type", "application/json");
+                    xhr.setRequestHeader("X-JWT-Assertion", "" + jwtToken);
+                    xhr.send();
+                    if (xhr["status"] == 201 && xhr["responseText"]) {
+                        var responsePayload = parse(xhr["responseText"]);
+                        var tenantTenantBasedWebsocketClientAppCredentials = {};
+                        tenantTenantBasedWebsocketClientAppCredentials["clientId"] = responsePayload["client_id"];
+                        tenantTenantBasedWebsocketClientAppCredentials["clientSecret"] =
+                            responsePayload["client_secret"];
+                        privateMethods.setCachedBasedWebSocketClientAppCredentials(tenantDomain,
+                            tenantTenantBasedWebsocketClientAppCredentials);
+                        return tenantTenantBasedWebsocketClientAppCredentials;
+                    } else {
+                        log.error("{/app/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
+                            "based client application credentials from API " +
+                            "Manager - getTenantBasedWebSocketClientAppCredentials(x, y)");
+                        return null;
+                    }
+                }
+            }
+        }
+    };
+
     privateMethods["setCachedTenantBasedClientAppCredentials"] = function (tenantDomain, clientAppCredentials) {
         var cachedTenantBasedClientAppCredentialsMap = application.get(constants["CACHED_CREDENTIALS"]);
         if (!cachedTenantBasedClientAppCredentialsMap) {
@@ -159,7 +216,32 @@ var utils = function () {
         }
     };
 
-    publicMethods["getTokenPairAndScopesByPasswordGrantType"] = function (username, password, encodedClientAppCredentials, scopes) {
+    privateMethods["getCachedBasedWebSocketClientAppCredentials"] = function (tenantDomain) {
+        var cachedBasedWebSocketClientAppCredentialsMap
+            = application.get(constants["CACHED_CREDENTIALS_FOR_WEBSOCKET_APP"]);
+        if (!cachedBasedWebSocketClientAppCredentialsMap ||
+            !cachedBasedWebSocketClientAppCredentialsMap[tenantDomain]) {
+            return null;
+        } else {
+            return cachedBasedWebSocketClientAppCredentialsMap[tenantDomain];
+        }
+    };
+
+    privateMethods["setCachedBasedWebSocketClientAppCredentials"] = function (tenantDomain, clientAppCredentials) {
+        var cachedBasedWebSocketClientAppCredentialsMap
+            = application.get(constants["CACHED_CREDENTIALS_FOR_WEBSOCKET_APP"]);
+        if (!cachedBasedWebSocketClientAppCredentialsMap) {
+            cachedBasedWebSocketClientAppCredentialsMap = {};
+            cachedBasedWebSocketClientAppCredentialsMap[tenantDomain] = clientAppCredentials;
+            application.put(constants["CACHED_CREDENTIALS_FOR_WEBSOCKET_APP"]
+                , cachedBasedWebSocketClientAppCredentialsMap);
+        } else if (!cachedBasedWebSocketClientAppCredentialsMap[tenantDomain]) {
+            cachedBasedWebSocketClientAppCredentialsMap[tenantDomain] = clientAppCredentials;
+        }
+    };
+
+    publicMethods["getTokenPairAndScopesByPasswordGrantType"] = function (username, password
+        , encodedClientAppCredentials, scopes) {
         if (!username || !password || !encodedClientAppCredentials || !scopes) {
             log.error("{/app/modules/oauth/token-handler-utils.js} Error in retrieving access token by password " +
                 "grant type. No username, password, encoded client app credentials or scopes are " +

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/oauth/token-handlers.js

@@ -39,6 +39,7 @@ var handlers = function () {
                     "as input - setupTokenPairByPasswordGrantType(x, y)");
         } else {
             privateMethods.setUpEncodedTenantBasedClientAppCredentials(username);
+            privateMethods.setUpEncodedTenantBasedWebSocketClientAppCredentials(username);
             var encodedClientAppCredentials = session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS"]);
             if (!encodedClientAppCredentials) {
                 throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair by " +
@@ -81,6 +82,7 @@ var handlers = function () {
                     "as input - setupTokenPairByPasswordGrantType(x, y)");
         } else {
             privateMethods.setUpEncodedTenantBasedClientAppCredentials(username);
+            privateMethods.setUpEncodedTenantBasedWebSocketClientAppCredentials(username);
             var encodedClientAppCredentials = session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS"]);
             if (!encodedClientAppCredentials) {
                 throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair " +
@@ -168,5 +170,44 @@ var handlers = function () {
         }
     };
 
+    privateMethods["setUpEncodedTenantBasedWebSocketClientAppCredentials"] = function (username) {
+        if (!username) {
+            throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant based " +
+                "client credentials to session context. No username of logged in user is found as " +
+                "input - setUpEncodedTenantBasedWebSocketClientAppCredentials(x)");
+        } else {
+            if (devicemgtProps["apimgt-gateway"]) {
+                var tenantBasedWebSocketClientAppCredentials
+                    = tokenUtil.getTenantBasedWebSocketClientAppCredentials(username);
+                if (!tenantBasedWebSocketClientAppCredentials) {
+                    throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant " +
+                        "based client credentials to session context as the server is unable " +
+                        "to obtain such credentials - setUpEncodedTenantBasedWebSocketClientAppCredentials(x)");
+                } else {
+                    var encodedTenantBasedWebSocketClientAppCredentials =
+                        tokenUtil.encode(tenantBasedWebSocketClientAppCredentials["clientId"] + ":" +
+                            tenantBasedWebSocketClientAppCredentials["clientSecret"]);
+                    // setting up encoded tenant based client credentials to session context.
+                    session.put(constants["ENCODED_TENANT_BASED_WEB_SOCKET_CLIENT_CREDENTIALS"],
+                        encodedTenantBasedWebSocketClientAppCredentials);
+                }
+            } else {
+                var dynamicClientAppCredentials = tokenUtil.getDynamicClientAppCredentials();
+                if (!dynamicClientAppCredentials) {
+                    throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up encoded tenant based " +
+                        "client credentials to session context as the server is unable to obtain " +
+                        "dynamic client credentials - setUpEncodedTenantBasedWebSocketClientAppCredentials(x)");
+                }
+                var encodedTenantBasedWebSocketClientAppCredentials =
+                    tokenUtil.encode(dynamicClientAppCredentials["clientId"] + ":" +
+                        dynamicClientAppCredentials["clientSecret"]);
+                // setting up encoded tenant based client credentials to session context.
+                session.put(constants["ENCODED_TENANT_BASED_WEB_SOCKET_CLIENT_CREDENTIALS"],
+                    encodedTenantBasedWebSocketClientAppCredentials);
+            }
+
+        }
+    };
+
     return publicMethods;
 }();