Merge pull request #543 from ayyoob/release-2.0.x

Moved the traffic through the gateway and fixed cluster issues

components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/pom.xml

@@ -173,6 +173,11 @@
             <artifactId>org.wso2.carbon.device.mgt.common</artifactId>
             <scope>provided</scope>
         </dependency>
+		<dependency>
+			<groupId>org.wso2.carbon</groupId>
+			<artifactId>org.wso2.carbon.registry.core</artifactId>
+			<scope>provided</scope>
+		</dependency>
     </dependencies>
 
     <build>

components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/filter/ApiPermissionFilter.java

@@ -56,6 +56,9 @@ public class ApiPermissionFilter implements Filter {
                 PermissionConfiguration permissionConfiguration = (PermissionConfiguration)
                         unmarshaller.unmarshal(permissionStream);
                 permissions = permissionConfiguration.getPermissions();
+                for (Permission permission : permissions) {
+                    APIUtil.putPermission(PERMISSION_PREFIX + permission.getPath());
+                }
             } catch (JAXBException e) {
                 log.error("invalid permissions.xml", e);
             }

components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/java/org/wso2/carbon/apimgt/application/extension/api/util/APIUtil.java

@@ -21,12 +21,18 @@ package org.wso2.carbon.apimgt.application.extension.api.util;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.wso2.carbon.apimgt.application.extension.APIManagementProviderService;
+import org.wso2.carbon.base.MultitenantConstants;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
 import org.wso2.carbon.device.mgt.common.DeviceManagementException;
 import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
+import org.wso2.carbon.registry.api.Resource;
+import org.wso2.carbon.registry.core.Registry;
+import org.wso2.carbon.registry.core.exceptions.RegistryException;
+import org.wso2.carbon.registry.core.service.RegistryService;
 import org.wso2.carbon.user.core.service.RealmService;
 
 import java.util.List;
+import java.util.StringTokenizer;
 
 /**
  * This class provides utility functions used by REST-API.
@@ -35,6 +41,8 @@ public class APIUtil {
 
     private static Log log = LogFactory.getLog(APIUtil.class);
     private static final String DEFAULT_CDMF_API_TAG = "device_management";
+    private static final String DEFAULT_CERT_API_TAG = "scep_management";
+    public static final String PERMISSION_PROPERTY_NAME = "name";
 
     public static String getAuthenticatedUser() {
         PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
@@ -48,8 +56,7 @@ public class APIUtil {
 
     public static String getTenantDomainOftheUser() {
         PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
-        String tenantDomain = threadLocalCarbonContext.getTenantDomain();
+        return threadLocalCarbonContext.getTenantDomain();
-        return tenantDomain;
     }
 
     public static APIManagementProviderService getAPIManagementProviderService() {
@@ -92,6 +99,55 @@ public class APIUtil {
         //Todo get allowed cdmf service tags from config.
         List<String> allowedApisTags = getDeviceManagementProviderService().getAvailableDeviceTypes();
         allowedApisTags.add(DEFAULT_CDMF_API_TAG);
+        allowedApisTags.add(DEFAULT_CERT_API_TAG);
         return allowedApisTags;
     }
+
+    public static void putPermission(String permission) {
+        try {
+            StringTokenizer tokenizer = new StringTokenizer(permission, "/");
+            String lastToken = "", currentToken, tempPath;
+            while (tokenizer.hasMoreTokens()) {
+                currentToken = tokenizer.nextToken();
+                tempPath = lastToken + "/" + currentToken;
+                if (!checkResourceExists(tempPath)) {
+                    createRegistryCollection(tempPath, currentToken);
+
+                }
+                lastToken = tempPath;
+            }
+        } catch (org.wso2.carbon.registry.api.RegistryException e) {
+            log.error("Failed to creation permission in registry" + permission, e);
+        }
+    }
+
+    public static void createRegistryCollection(String path, String resourceName)
+            throws org.wso2.carbon.registry.api.RegistryException {
+        Resource resource = getGovernanceRegistry().newCollection();
+        resource.addProperty(PERMISSION_PROPERTY_NAME, resourceName);
+        getGovernanceRegistry().beginTransaction();
+        getGovernanceRegistry().put(path, resource);
+        getGovernanceRegistry().commitTransaction();
+    }
+
+    public static boolean checkResourceExists(String path)
+            throws RegistryException {
+        return getGovernanceRegistry().resourceExists(path);
+    }
+
+    public static Registry getGovernanceRegistry() throws RegistryException {
+        return getRegistryService().getGovernanceSystemRegistry(MultitenantConstants.SUPER_TENANT_ID);
+    }
+
+    public static RegistryService getRegistryService() {
+        PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext();
+        RegistryService registryService =
+                (RegistryService) ctx.getOSGiService(RegistryService.class, null);
+        if (registryService == null) {
+            String msg = "registry service has not initialized.";
+            log.error(msg);
+            throw new IllegalStateException(msg);
+        }
+        return registryService;
+    }
 }

components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/META-INF/permissions.xml

@@ -37,14 +37,14 @@
     </Permission>
     <Permission>
         <name>Register application</name>
-        <path>/device-mgt/user/api/application</path>
+        <path>/device-mgt/api/application</path>
         <url>/register</url>
         <method>POST</method>
         <scope>application_user</scope>
     </Permission>
     <Permission>
         <name>Delete application</name>
-        <path>/device-mgt/user/api/application</path>
+        <path>/device-mgt/api/application</path>
         <url>/unregister</url>
         <method>DELETE</method>
         <scope>application_user</scope>

components/apimgt-extensions/org.wso2.carbon.apimgt.application.extension.api/src/main/webapp/WEB-INF/web.xml

@@ -35,10 +35,6 @@
         <servlet-name>CXFServlet</servlet-name>
         <url-pattern>/*</url-pattern>
     </servlet-mapping>
-    <context-param>
-        <param-name>isAdminService</param-name>
-        <param-value>false</param-value>
-    </context-param>
     <context-param>
         <param-name>doAuthentication</param-name>
         <param-value>true</param-value>

components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/lifecycle/util/AnnotationProcessor.java

@@ -74,6 +74,7 @@ public class AnnotationProcessor {
     private static final String SWAGGER_ANNOTATIONS_PROPERTIES_VALUE = "value";
     private static final String ANNOTATIONS_SCOPES = "scopes";
     private static final String ANNOTATIONS_SCOPE = "scope";
+    private static final String DEFAULT_SCOPE_NAME = "default admin scope";
     private static final String DEFAULT_SCOPE_KEY = "perm:admin";
     private static final String DEFAULT_SCOPE_PERMISSION = "/permision/device-mgt";
 
@@ -283,6 +284,8 @@ public class AnnotationProcessor {
                             log.warn("Scope is not defined for '" + makeContextURLReady(resourceRootContext) +
                                     makeContextURLReady(subCtx) + "' endpoint, hence assigning the default scope");
                             scope = new Scope();
+                            scope.setName(DEFAULT_SCOPE_NAME);
+                            scope.setDescription(DEFAULT_SCOPE_NAME);
                             scope.setKey(DEFAULT_SCOPE_KEY);
                             scope.setRoles(DEFAULT_SCOPE_PERMISSION);
                             resource.setScope(scope);

components/certificate-mgt/org.wso2.carbon.certificate.mgt.api/src/main/webapp/WEB-INF/web.xml

@@ -33,11 +33,6 @@
     <session-config>
         <session-timeout>60</session-timeout>
     </session-config>
-
-    <context-param>
-        <param-name>isAdminService</param-name>
-        <param-value>false</param-value>
-    </context-param>
     <context-param>
         <param-name>doAuthentication</param-name>
         <param-value>true</param-value>

components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/CertificateManagementAdminService.java

@@ -66,10 +66,10 @@ import javax.ws.rs.core.Response;
                 permissions = {"/device-mgt/admin/certificates/delete"}
         ),
         @Scope(
-                name = "Verifying an SSL Certificate",
+                name = "Verify SSL certificate",
-                description = "Verifying an SSL Certificate",
+                description = "Verify SSL certificate",
                 key = "perm:admin:certificates:verify",
-                permissions = {"/device-mgt/admin/certificates/details"}
+                permissions = {"/device-mgt/admin/certificates/verify"}
         )
 }
 )

components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/webapp/WEB-INF/web.xml

@@ -38,11 +38,6 @@
     <session-config>
         <session-timeout>60</session-timeout>
     </session-config>
-
-    <context-param>
-        <param-name>isAdminService</param-name>
-        <param-value>false</param-value>
-    </context-param>
     <context-param>
         <param-name>doAuthentication</param-name>
         <param-value>true</param-value>

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/DeviceManagementService.java

@@ -29,7 +29,6 @@ import io.swagger.annotations.ApiParam;
 import io.swagger.annotations.ApiResponse;
 import io.swagger.annotations.ApiResponses;
 import io.swagger.annotations.ResponseHeader;
-import org.json.JSONObject;
 import org.wso2.carbon.apimgt.annotations.api.Scope;
 import org.wso2.carbon.apimgt.annotations.api.Scopes;
 import org.wso2.carbon.device.mgt.common.Device;

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/api/admin/DeviceAccessAuthorizationAdminService.java

@@ -22,9 +22,17 @@ import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiResponse;
 import io.swagger.annotations.ApiResponses;
+import io.swagger.annotations.Extension;
+import io.swagger.annotations.ExtensionProperty;
+import io.swagger.annotations.Info;
+import io.swagger.annotations.SwaggerDefinition;
+import io.swagger.annotations.Tag;
+import org.wso2.carbon.apimgt.annotations.api.Scope;
+import org.wso2.carbon.apimgt.annotations.api.Scopes;
 import org.wso2.carbon.device.mgt.common.authorization.DeviceAuthorizationResult;
 import org.wso2.carbon.device.mgt.jaxrs.beans.AuthorizationRequest;
 import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
+import org.wso2.carbon.device.mgt.jaxrs.util.Constants;
 
 import javax.ws.rs.Consumes;
 import javax.ws.rs.POST;
@@ -37,6 +45,32 @@ import javax.ws.rs.core.Response;
 @Api(value = "Device Authorization Administrative Service", description = "This an  API intended to be used by " +
         "'internal' components to log in as an admin user and validate whether the user/device are trusted entity." +
         "Further, this is strictly restricted to admin users only ")
+
+@SwaggerDefinition(
+        info = @Info(
+                version = "1.0.0",
+                title = "",
+                extensions = {
+                        @Extension(properties = {
+                                @ExtensionProperty(name = "name", value = "DeviceAccessAuthorizationAdminService"),
+                                @ExtensionProperty(name = "context", value = "/api/device-mgt/v1.0/admin/authorization"),
+                        })
+                }
+        ),
+        tags = {
+                @Tag(name = "device_management", description = "")
+        }
+)
+@Scopes(
+        scopes = {
+                @Scope(
+                        name = "Verify device authorization",
+                        description = "Verify device authorization",
+                        key = "perm:authorization:verify",
+                        permissions = {"/device-mgt/authorization/verify"}
+                )
+        }
+)
 @Produces(MediaType.APPLICATION_JSON)
 @Consumes(MediaType.APPLICATION_JSON)
 /**
@@ -52,7 +86,13 @@ public interface DeviceAccessAuthorizationAdminService {
             value = "Check for device access authorization\n",
             notes = "This is an internal API that can be used to check for authorization.",
             response = DeviceAuthorizationResult.class,
-            tags = "Authorization Administrative Service")
+            tags = "Authorization Administrative Service",
+            extensions = {
+                    @Extension(properties = {
+                            @ExtensionProperty(name = Constants.SCOPE, value = "perm:authorization:verify")
+                    })
+            })
+
     @ApiResponses(value = {
             @ApiResponse(
                     code = 200,

components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/webapp/WEB-INF/web.xml

@@ -40,30 +40,10 @@
         <session-timeout>60</session-timeout>
     </session-config>
 
-    <context-param>
-        <param-name>isAdminService</param-name>
-        <param-value>false</param-value>
-    </context-param>
     <context-param>
         <param-name>doAuthentication</param-name>
         <param-value>true</param-value>
     </context-param>
-    <!--context-param>
-        <param-name>managed-api-enabled</param-name>
-        <param-value>true</param-value>
-    </context-param>
-    <context-param>
-        <param-name>managed-api-owner</param-name>
-        <param-value>admin</param-value>
-    </context-param>
-    <context-param>
-        <param-name>managed-api-version</param-name>
-        <param-value>1.0.0</param-value>
-    </context-param>
-    <context-param>
-        <param-name>managed-api-isSecured</param-name>
-        <param-value>true</param-value>
-    </context-param-->
 
     <!--publish to apim-->
     <context-param>

components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/AnnotationProcessor.java

@@ -71,7 +71,8 @@ public class AnnotationProcessor {
     private static final String SWAGGER_ANNOTATIONS_PROPERTIES_PERMISSIONS = "permissions";
     private static final String ANNOTATIONS_SCOPES = "scopes";
     private static final String ANNOTATIONS_SCOPE = "scope";
-
+    private static final String DEFAULT_PERM_NAME = "default";
+    private static final String DEFAULT_PERM = "/device-mgt";
     private static final String PERMISSION_PREFIX = "/permission/admin";
 
     private StandardContext context;
@@ -252,7 +253,12 @@ public class AnnotationProcessor {
                         this.setPermission(annotations[i], permission);
                     }
                 }
-                permissions.add(permission);
+                if (permission.getName() == null || permission.getPath() == null) {
+                    log.warn("Permission not assigned to the resource url - " + permission.getMethod() + ":"
+                                     + permission.getUrl());
+                } else {
+                    permissions.add(permission);
+                }
             }
         }
         return permissions;
@@ -392,9 +398,15 @@ public class AnnotationProcessor {
                             .getMethod(SWAGGER_ANNOTATIONS_PROPERTIES_VALUE, null), null);
                     if (!scopeKey.isEmpty()) {
                         scope = apiScopes.get(scopeKey);
-                        permission.setName(scope.getName());
+                        if (scope != null) {
-                        //TODO: currently permission tree supports only adding one permission per API point.
+                            permission.setName(scope.getName());
-                        permission.setPath(scope.getRoles().split(" ")[0]);
+                            //TODO: currently permission tree supports only adding one permission per API point.
+                            permission.setPath(scope.getRoles().split(" ")[0]);
+                        } else {
+                            log.warn("No Scope mapping is done for scope key: " + scopeKey);
+                            permission.setName(DEFAULT_PERM_NAME);
+                            permission.setPath(DEFAULT_PERM);
+                        }
                     }
                 }
             }

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/conf/config.json

@@ -1,7 +1,7 @@
 {
     "appContext": "/devicemgt/",
-    "httpsURL" : "https://localhost:8243",
+    "httpsURL" : "https://%server.ip%:8243",
-    "httpURL" : "http://localhost:8280",
+    "httpURL" : "http://%server.ip%:8280",
     "wssURL" : "https://localhost:9445",
     "wsURL" : "%http.ip%",
     "portalURL": "https://%server.ip%:9445",

components/device-mgt/org.wso2.carbon.device.mgt.url.printer/pom.xml

@@ -59,7 +59,7 @@
                         <Bundle-Name>${project.artifactId}</Bundle-Name>
                         <Bundle-Version>${carbon.device.mgt.version}</Bundle-Version>
                         <Bundle-Description>IoT Server Impl Bundle</Bundle-Description>
-                        <Private-Package>org.wso2.carbon.device.mgt.iot.url.printer.internal</Private-Package>
+                        <Private-Package>org.wso2.carbon.device.mgt.url.printer.internal</Private-Package>
                         <Import-Package>
                             org.osgi.framework,
                             org.osgi.service.component,
@@ -69,8 +69,8 @@
                             org.wso2.carbon.utils.*,
                         </Import-Package>
                         <Export-Package>
-                            !org.wso2.carbon.device.mgt.iot.url.printer.internal,
+                            !org.wso2.carbon.device.mgt.url.printer.internal,
-                            org.wso2.carbon.device.mgt.iot.url.printer.*;version="${project.version}"
+                            org.wso2.carbon.device.mgt.url.printer.*;version="${project.version}"
                         </Export-Package>
                     </instructions>
                 </configuration>

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/Utils/Utils.java

@@ -35,6 +35,8 @@ import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
 import org.wso2.carbon.webapp.authenticator.framework.AuthenticationException;
 
 import java.util.Properties;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 public class Utils {
 
@@ -86,4 +88,18 @@ public class Utils {
         }
     }
 
+    public static String replaceSystemProperty(String urlWithPlaceholders)  {
+        String regex = "\\$\\{(.*?)\\}";
+        Pattern pattern = Pattern.compile(regex);
+        Matcher matchPattern = pattern.matcher(urlWithPlaceholders);
+        while (matchPattern.find()) {
+            String sysPropertyName = matchPattern.group(1);
+            String sysPropertyValue = System.getProperty(sysPropertyName);
+            if (sysPropertyValue != null && !sysPropertyName.isEmpty()) {
+                urlWithPlaceholders = urlWithPlaceholders.replaceAll("\\$\\{(" + sysPropertyName + ")\\}", sysPropertyValue);
+            }
+        }
+        return urlWithPlaceholders;
+    }
+
 }

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java

@@ -41,7 +41,7 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
     @Override
     public void invoke(Request request, Response response, CompositeValve compositeValve) {
 
-        if (this.isContextSkipped(request) || (!this.isAdminService(request) && this.skipAuthentication(request))) {
+        if (this.isContextSkipped(request) ||  this.skipAuthentication(request)) {
             this.getNext().invoke(request, response, compositeValve);
             return;
         }
@@ -74,11 +74,6 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
         }
     }
 
-    private boolean isAdminService(Request request) {
-        String param = request.getContext().findParameter("isAdminService");
-        return (param != null && Boolean.parseBoolean(param));
-    }
-
     private boolean skipAuthentication(Request request) {
         String param = request.getContext().findParameter("doAuthentication");
         return (param == null || !Boolean.parseBoolean(param) || isNonSecuredEndPoint(request));

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/BSTAuthenticator.java

@@ -66,7 +66,7 @@ public class BSTAuthenticator implements WebappAuthenticator {
                     "are not provided");
         }
 
-        String url = this.properties.getProperty("TokenValidationEndpointUrl");
+        String url = Utils.replaceSystemProperty(this.properties.getProperty("TokenValidationEndpointUrl"));
         if ((url == null) || (url.isEmpty())) {
             throw new IllegalArgumentException("OAuth token validation endpoint url is not provided");
         }

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java

@@ -62,7 +62,7 @@ public class JWTAuthenticator implements WebappAuthenticator {
     private static final String DEFAULT_TRUST_STORE_LOCATION = "Security.TrustStore.Location";
     private static final String DEFAULT_TRUST_STORE_PASSWORD = "Security.TrustStore.Password";
 
-    private static final Map<String, PublicKey> publicKeyHolder = new HashMap<>();
+    private static final Map<IssuerAlias, PublicKey> publicKeyHolder = new HashMap<>();
     private Properties properties;
 
     private static void loadTenantRegistry(int tenantId) throws RegistryException {
@@ -106,46 +106,37 @@ public class JWTAuthenticator implements WebappAuthenticator {
             String username = jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_USERNAME);
             String tenantDomain = MultitenantUtils.getTenantDomain(username);
             int tenantId = Integer.parseInt(jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_TENANT_ID));
+            String issuer = jwsObject.getJWTClaimsSet().getIssuer();
             PrivilegedCarbonContext.startTenantFlow();
             PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain);
             PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(tenantId);
-            PublicKey publicKey =  publicKeyHolder.get(tenantDomain);
+            IssuerAlias issuerAlias = new IssuerAlias(issuer, tenantDomain);
+            PublicKey publicKey =  publicKeyHolder.get(issuerAlias);
             if (publicKey == null) {
                 loadTenantRegistry(tenantId);
                 KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId);
                 if (MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
-                    String defaultPublicKey = properties.getProperty("DefaultPublicKey");
+                    String alias = properties.getProperty(issuer);
-                    if (defaultPublicKey != null && !defaultPublicKey.isEmpty()) {
+                    if (alias != null && !alias.isEmpty()) {
-                        boolean isDefaultPublicKey = Boolean.parseBoolean(defaultPublicKey);
+                        ServerConfiguration serverConfig = CarbonUtils.getServerConfiguration();
-                        if (isDefaultPublicKey) {
+                        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
-                            publicKey = keyStoreManager.getDefaultPublicKey();
+                        String trustStorePath = serverConfig.getFirstProperty(DEFAULT_TRUST_STORE_LOCATION);
-                        } else {
+                        String trustStorePassword = serverConfig.getFirstProperty(
-                            String alias = properties.getProperty("KeyAlias");
+                                DEFAULT_TRUST_STORE_PASSWORD);
-                            if (alias != null && !alias.isEmpty()) {
+                        keyStore.load(new FileInputStream(trustStorePath), trustStorePassword.toCharArray());
-                                ServerConfiguration serverConfig = CarbonUtils.getServerConfiguration();
+                        publicKey = keyStore.getCertificate(alias).getPublicKey();
-                                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
-                                String trustStorePath = serverConfig.getFirstProperty(DEFAULT_TRUST_STORE_LOCATION);
-                                String trustStorePassword = serverConfig.getFirstProperty(
-                                        DEFAULT_TRUST_STORE_PASSWORD);
-                                keyStore.load(new FileInputStream(trustStorePath), trustStorePassword.toCharArray());
-                                publicKey = keyStore.getCertificate(alias).getPublicKey();
-                            } else {
-                                authenticationInfo.setStatus(Status.FAILURE);
-                                return  authenticationInfo;
-                            }
-                        }
-
                     } else {
-                        publicKey = keyStoreManager.getDefaultPublicKey();
+                        authenticationInfo.setStatus(Status.FAILURE);
+                        return  authenticationInfo;
                     }
-
                 } else {
                     String ksName = tenantDomain.trim().replace('.', '-');
                     String jksName = ksName + ".jks";
                     publicKey = keyStoreManager.getKeyStore(jksName).getCertificate(tenantDomain).getPublicKey();
                 }
                 if (publicKey != null) {
-                    publicKeyHolder.put(tenantDomain, publicKey);
+                    issuerAlias = new IssuerAlias(tenantDomain);
+                    publicKeyHolder.put(issuerAlias, publicKey);
                 }
             }
 
@@ -205,4 +196,34 @@ public class JWTAuthenticator implements WebappAuthenticator {
         }
         return this.properties.getProperty(name);
     }
+
+    private class IssuerAlias {
+
+        private String issuer;
+        private String tenantDomain;
+        private final String DEFAULT_ISSUER = "default";
+
+        public  IssuerAlias(String tenantDomain) {
+            this.issuer = DEFAULT_ISSUER;
+            this.tenantDomain = tenantDomain;
+        }
+
+        public  IssuerAlias(String issuer, String tenantDomain) {
+            this.issuer = issuer;
+            this.tenantDomain = tenantDomain;
+        }
+
+        @Override
+        public int hashCode() {
+            int result = this.issuer.hashCode();
+            result = 31 * result + ("@" + this.tenantDomain).hashCode();
+            return result;
+        }
+
+        @Override
+        public boolean equals(Object obj) {
+            return (obj instanceof IssuerAlias) && issuer.equals(
+                    ((IssuerAlias) obj).issuer) && tenantDomain == ((IssuerAlias) obj).tenantDomain;
+        }
+    }
 }

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java

@@ -55,7 +55,7 @@ public class OAuthAuthenticator implements WebappAuthenticator {
                     "are not provided");
         }
 
-        String url = this.properties.getProperty("TokenValidationEndpointUrl");
+        String url = Utils.replaceSystemProperty(this.properties.getProperty("TokenValidationEndpointUrl"));
         if ((url == null) || (url.isEmpty())) {
             throw new IllegalArgumentException("OAuth token validation endpoint url is not provided");
         }

features/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher.feature/src/main/resources/conf/webapp-publisher-config.xml

@@ -24,7 +24,7 @@
 <WebappPublisherConfigs>
 
     <!-- This host is used to define the host address which is used to publish APIs -->
-    <Host>https://localhost:${carbon.https.port}</Host>
+    <Host>https://${iot.core.host}:${iot.core.https.port}</Host>
 
     <!-- If it is true, the APIs of this instance will be published to the defined host -->
     <PublishAPI>true</PublishAPI>

features/device-mgt/org.wso2.carbon.device.mgt.server.feature/pom.xml

@@ -122,6 +122,9 @@
                                 <bundleDef>
                                     org.wso2.carbon.devicemgt:org.wso2.carbon.device.mgt.common:${carbon.device.mgt.version}
                                 </bundleDef>
+								<bundleDef>
+									org.wso2.carbon.devicemgt:org.wso2.carbon.device.mgt.url.printer:${carbon.device.mgt.version}
+								</bundleDef>
                                 <!--<bundleDef>-->
                                     <!--org.wso2.carbon.commons:org.wso2.carbon.email.verification-->
                                 <!--</bundleDef>-->

features/jwt-client/org.wso2.carbon.identity.jwt.client.extension.feature/src/main/resources/jwt.properties

@@ -17,13 +17,13 @@
 #
 
 #issuer of the JWT
-iss=iot_default
+iss=wso2.org/products/iot
 
-TokenEndpoint=https://localhost:${carbon.https.port}/oauth2/token
+TokenEndpoint=https://${iot.keymanager.host}:${iot.keymanager.https.port}/oauth2/token
 
 #audience of JWT claim
 #comma seperated values
-aud=wso2.org/products/iot
+aud=devicemgt
 
 #expiration time of JWT (number of minutes from the current time)
 exp=1000

features/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework.server.feature/src/main/resources/conf/webapp-authenticator-config.xml

@@ -5,7 +5,7 @@
 			<ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.OAuthAuthenticator</ClassName>
             <Parameters>
                 <Parameter Name="IsRemote">false</Parameter>
-                <Parameter Name="TokenValidationEndpointUrl">https://localhost:9443</Parameter>
+                <Parameter Name="TokenValidationEndpointUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}</Parameter>
                 <Parameter Name="Username">admin</Parameter>
                 <Parameter Name="Password">admin</Parameter>
                 <Parameter Name="MaxTotalConnections">100</Parameter>
@@ -20,9 +20,10 @@
             <Name>JWT</Name>
             <ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.JWTAuthenticator</ClassName>
             <Parameters>
-                <Parameter Name="DefaultPublicKey">true</Parameter>
+				<!--Issuers list and corresponding cert alias-->
-                <!--KeyAlias is alias of the certificate that is used to sign the JWT token-->
+                <Parameter Name="wso2.org/products/am">wso2carbon</Parameter>
-                <!-- <Parameter Name="KeyAlias"></Parameter> -->
+				<Parameter Name="wso2.org/products/iot">wso2carbon</Parameter>
+				<Parameter Name="wso2.org/products/analytics">wso2carbon</Parameter>
             </Parameters>
         </Authenticator>
         <Authenticator>
@@ -34,7 +35,7 @@
             <ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.BSTAuthenticator</ClassName>
             <Parameters>
                 <Parameter Name="IsRemote">false</Parameter>
-                <Parameter Name="TokenValidationEndpointUrl">https://localhost:9443</Parameter>
+                <Parameter Name="TokenValidationEndpointUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}</Parameter>
                 <Parameter Name="Username">admin</Parameter>
                 <Parameter Name="Password">admin</Parameter>
                 <Parameter Name="MaxTotalConnections">100</Parameter>