Merge pull request 'Fix signature validation issue for jwt token requests' (#17) from vigneshan/device-mgt-core:fix/key-mgt-api into master

Reviewed-on: https://repository.entgra.net/community/device-mgt-core/pulls/17

components/apimgt-extensions/org.wso2.carbon.apimgt.keymgt.extension/src/main/java/org/wso2/carbon/apimgt/keymgt/extension/service/KeyMgtServiceImpl.java

@@ -159,6 +159,8 @@ public class KeyMgtServiceImpl implements KeyMgtService {
             }
 
             String tenantDomain = MultitenantUtils.getTenantDomain(application.getOwner());
+            kmConfig = getKeyManagerConfig();
+            String appTokenEndpoint = kmConfig.getServerUrl() + KeyMgtConstants.OAUTH2_TOKEN_ENDPOINT;
 
             RequestBody appTokenPayload;
             switch (tokenRequest.getGrantType()) {
@@ -184,6 +186,7 @@ public class KeyMgtServiceImpl implements KeyMgtService {
                             .add("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer")
                             .add("assertion", tokenRequest.getAssertion())
                             .add("scope", tokenRequest.getScope()).build();
+                    appTokenEndpoint += "?tenantDomain=carbon.super";
                     break;
                 case "access_token":
                     appTokenPayload = new FormBody.Builder()
@@ -198,8 +201,6 @@ public class KeyMgtServiceImpl implements KeyMgtService {
                     break;
             }
 
-            kmConfig = getKeyManagerConfig();
-            String appTokenEndpoint = kmConfig.getServerUrl() + KeyMgtConstants.OAUTH2_TOKEN_ENDPOINT;
             Request request = new Request.Builder()
                     .url(appTokenEndpoint)
                     .addHeader(KeyMgtConstants.AUTHORIZATION_HEADER, Credentials.basic(tokenRequest.getClientId(), tokenRequest.getClientSecret()))

components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/LoginHandler.java

@@ -229,7 +229,7 @@ public class LoginHandler extends HttpServlet {
      * @throws IOException IO exception throws if an error occurred when invoking token endpoint
      */
     private ProxyResponse getTokenResult(String encodedClientApp, JsonArray scopes) throws IOException {
-        HttpPost tokenEndpoint = new HttpPost(kmManagerUrl+ HandlerConstants.TOKEN_ENDPOINT);
+        HttpPost tokenEndpoint = new HttpPost(gatewayUrl + HandlerConstants.INTERNAL_TOKEN_ENDPOINT);
         tokenEndpoint.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC + encodedClientApp);
         tokenEndpoint.setHeader(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_FORM_URLENCODED.toString());
         String scopeString = HandlerUtil.getScopeString(scopes);

components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginCallbackHandler.java

@@ -68,7 +68,7 @@ public class SsoLoginCallbackHandler extends HttpServlet {
 
         String scope = session.getAttribute("scope").toString();
 
-        HttpPost tokenEndpoint = new HttpPost(keyManagerUrl + HandlerConstants.TOKEN_ENDPOINT);
+        HttpPost tokenEndpoint = new HttpPost(keyManagerUrl + HandlerConstants.OAUTH2_TOKEN_ENDPOINT);
         tokenEndpoint.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC + session.getAttribute("encodedClientApp"));
         tokenEndpoint.setHeader(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_FORM_URLENCODED.toString());
 

components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/SsoLoginHandler.java

@@ -325,7 +325,7 @@ public class SsoLoginHandler extends HttpServlet {
      * @throws IOException IO exception throws if an error occurred when invoking token endpoint
      */
     private ProxyResponse getTokenResult(String encodedClientApp) throws IOException {
-        HttpPost tokenEndpoint = new HttpPost(keyManagerUrl + HandlerConstants.TOKEN_ENDPOINT);
+        HttpPost tokenEndpoint = new HttpPost(keyManagerUrl + HandlerConstants.OAUTH2_TOKEN_ENDPOINT);
         tokenEndpoint.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC + encodedClientApp);
         tokenEndpoint.setHeader(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_FORM_URLENCODED.toString());
 

components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/UserHandler.java

@@ -71,6 +71,7 @@ public class UserHandler extends HttpServlet {
             }
 
             String accessToken = authData.getAccessToken();
+            String accessTokenWithoutPrefix = accessToken.substring(accessToken.indexOf("_") + 1);
 
             HttpPost tokenEndpoint = new HttpPost(keymanagerUrl + HandlerConstants.INTROSPECT_ENDPOINT);
             tokenEndpoint.setHeader(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_FORM_URLENCODED.toString());
@@ -79,7 +80,7 @@ public class UserHandler extends HttpServlet {
             String adminPassword = dmc.getKeyManagerConfigurations().getAdminPassword();
             tokenEndpoint.setHeader(HttpHeaders.AUTHORIZATION, HandlerConstants.BASIC + Base64.getEncoder()
                     .encodeToString((adminUsername + HandlerConstants.COLON + adminPassword).getBytes()));
-            StringEntity tokenEPPayload = new StringEntity("token=" + accessToken,
+            StringEntity tokenEPPayload = new StringEntity("token=" + accessTokenWithoutPrefix,
                     ContentType.APPLICATION_FORM_URLENCODED);
             tokenEndpoint.setEntity(tokenEPPayload);
             ProxyResponse tokenStatus = HandlerUtil.execute(tokenEndpoint);

components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerConstants.java

@@ -22,7 +22,8 @@ public class HandlerConstants {
     public static final String PUBLISHER_APPLICATION_NAME = "application-mgt-publisher";
     public static final String APP_REG_ENDPOINT = "/api-application-registration/register";
     public static final String UI_CONFIG_ENDPOINT = "/api/device-mgt-config/v1.0/configurations/ui-config";
-    public static final String TOKEN_ENDPOINT = "/oauth2/token";
+    public static final String OAUTH2_TOKEN_ENDPOINT = "/oauth2/token";
+    public static final String INTERNAL_TOKEN_ENDPOINT = "/token";
     public static final String INTROSPECT_ENDPOINT = "/oauth2/introspect";
     public static final String AUTHORIZATION_ENDPOINT = "/oauth2/authorize";
     public static final String APIM_APPLICATIONS_ENDPOINT = "/api/am/devportal/v2/applications/";

components/ui-request-interceptor/io.entgra.ui.request.interceptor/src/main/java/io/entgra/ui/request/interceptor/util/HandlerUtil.java

@@ -55,7 +55,6 @@ import org.json.JSONException;
 import org.json.JSONObject;
 import org.w3c.dom.Document;
 import io.entgra.ui.request.interceptor.beans.ProxyResponse;
-import org.wso2.carbon.device.mgt.core.common.util.HttpUtil;
 import org.xml.sax.SAXException;
 
 import javax.servlet.http.HttpServletRequest;
@@ -654,7 +653,7 @@ public class HandlerUtil {
         return tokenResultResponse;
     }
     public static ProxyResponse getTokenResult(AuthData authData, String keymanagerUrl) throws IOException {
-        HttpPost tokenEndpoint = new HttpPost(keymanagerUrl + HandlerConstants.TOKEN_ENDPOINT);
+        HttpPost tokenEndpoint = new HttpPost(keymanagerUrl + HandlerConstants.OAUTH2_TOKEN_ENDPOINT);
         StringEntity tokenEndpointPayload = new StringEntity(
                 "grant_type=refresh_token&refresh_token=" + authData.getRefreshToken(),
                 ContentType.APPLICATION_FORM_URLENCODED);