few fixes in JWT client after testing with multi tenancy

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/user-api.jag

@@ -147,7 +147,7 @@ if (uriMatcher.match("/{context}/api/user/authenticate")) {
     lastname = addUserFormData.lastname;
     emailAddress = addUserFormData.emailAddress;
     password = addUserFormData.password;
-    userRoles = ["devicemgt-user"];
+    userRoles = ["internal/devicemgt-user"];
 
     try {
         result = userModule.registerUser(username, firstname, lastname, emailAddress, password,

components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/app/modules/init.js

@@ -28,6 +28,7 @@ var userModule = require("/app/modules/user.js")["userModule"];
 var utility = require("/app/modules/utility.js")["utility"];
 
 var permissions = {
-    '/permission/admin/device-mgt/user': ['ui.execute']
+    '/permission/admin/device-mgt/user': ['ui.execute'],
+    '/permission/admin/device-mgt/api/application': ['ui.execute']
 };
-userModule.addRole("devicemgt-user", ["admin"], permissions);
+userModule.addRole("internal/devicemgt-user", ["admin"], permissions);

components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/JWTClient.java

@@ -52,11 +52,18 @@ public class JWTClient {
 
 	private static Log log = LogFactory.getLog(JWTClient.class);
 	private JWTConfig jwtConfig;
+	private boolean isDefaultJWTClient;
 
 	public JWTClient(JWTConfig jwtConfig) {
 		this.jwtConfig = jwtConfig;
 	}
 
+	public JWTClient(JWTConfig jwtConfig, boolean isDefaultJWTClient) {
+		this.jwtConfig = jwtConfig;
+		this.isDefaultJWTClient = isDefaultJWTClient;
+	}
+
+
 	/**
 	 * {@inheritDoc}
 	 */
@@ -64,7 +71,7 @@ public class JWTClient {
 			throws JWTClientException {
 		List<NameValuePair> params = new ArrayList<>();
 		params.add(new BasicNameValuePair(JWTConstants.GRANT_TYPE_PARAM_NAME, JWTConstants.JWT_GRANT_TYPE));
-		String assertion = JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig);
+		String assertion = JWTClientUtil.generateSignedJWTAssertion(username, jwtConfig, isDefaultJWTClient);
 		if (assertion == null) {
 			throw new JWTClientException("JWT is not configured properly for user : " + username);
 		}

components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/service/JWTClientManagerServiceImpl.java

@@ -106,7 +106,7 @@ public class JWTClientManagerServiceImpl implements  JWTClientManagerService{
 		if (isDefaultJwtClient) {
 			try {
 				JWTConfig jwtConfig = new JWTConfig(properties);
-				defaultJWTClient = new JWTClient(jwtConfig);
+				defaultJWTClient = new JWTClient(jwtConfig, true);
 				addJWTClient(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME, defaultJWTClient);
 			} catch (JWTClientAlreadyExistsException e) {
 				log.warn("Attempting to register a jwt client for the super tenant" +

components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/util/JWTClientUtil.java

@@ -33,6 +33,7 @@ import org.apache.http.conn.ssl.SSLContextBuilder;
 import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
 import org.apache.http.impl.client.HttpClients;
 import org.apache.http.util.EntityUtils;
+import org.wso2.carbon.base.MultitenantConstants;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
 import org.wso2.carbon.core.util.KeyStoreManager;
 import org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService;
@@ -193,7 +194,8 @@ public class JWTClientUtil {
 		tenantRegistryLoader.loadTenantRegistry(tenantId);
 	}
 
-	public static String generateSignedJWTAssertion(String username, JWTConfig jwtConfig) throws JWTClientException {
+	public static String generateSignedJWTAssertion(String username, JWTConfig jwtConfig, boolean isDefaultJWTClient)
+			throws JWTClientException {
 		try {
 			String subject = username;
 			long currentTimeMillis = System.currentTimeMillis();
@@ -227,15 +229,27 @@ public class JWTClientUtil {
 			String privateKeyAlias = jwtConfig.getPrivateKeyAlias();
 			String privateKeyPassword = jwtConfig.getPrivateKeyPassword();
 			KeyStore keyStore;
-			RSAPrivateKey rsaPrivateKey;
+			RSAPrivateKey rsaPrivateKey = null;
 			if (keyStorePath != null && !keyStorePath.isEmpty()) {
 				String keyStorePassword = jwtConfig.getKeyStorePassword();
 				keyStore = loadKeyStore(new File(keyStorePath), keyStorePassword, "JKS");
 				rsaPrivateKey = (RSAPrivateKey) keyStore.getKey(privateKeyAlias, privateKeyPassword.toCharArray());
 			} else {
 				int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(true);
-				KeyStoreManager tenantKeyStoreManager = KeyStoreManager.getInstance(tenantId);
+				JWTClientUtil.loadTenantRegistry(tenantId);
-				rsaPrivateKey = (RSAPrivateKey) tenantKeyStoreManager.getDefaultPrivateKey();
+				if (!(MultitenantConstants.SUPER_TENANT_ID == tenantId) && !isDefaultJWTClient) {
+					KeyStoreManager tenantKeyStoreManager = KeyStoreManager.getInstance(tenantId);
+					String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain(true);
+					String ksName = tenantDomain.trim().replace('.', '-');
+					String jksName = ksName + ".jks";
+					rsaPrivateKey = (RSAPrivateKey) tenantKeyStoreManager.getPrivateKey(jksName, tenantDomain);
+				} else {
+					PrivilegedCarbonContext.startTenantFlow();
+					PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID);
+					KeyStoreManager tenantKeyStoreManager = KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID);
+					rsaPrivateKey = (RSAPrivateKey) tenantKeyStoreManager.getDefaultPrivateKey();
+					PrivilegedCarbonContext.endTenantFlow();
+				}
 			}
 			JWSSigner signer = new RSASSASigner(rsaPrivateKey);
 			SignedJWT signedJWT = new SignedJWT(new JWSHeader(JWSAlgorithm.RS256), claimsSet);