mirror of
https://repository.entgra.net/community/device-mgt-core.git
synced 2025-10-06 02:01:45 +00:00
few changes after testing the cluster
This commit is contained in:
ayyoob
parent
0d721a226b
commit
de957bec29
@ -59,7 +59,7 @@
|
||||
<Bundle-Name>${project.artifactId}</Bundle-Name>
|
||||
<Bundle-Version>${carbon.device.mgt.version}</Bundle-Version>
|
||||
<Bundle-Description>IoT Server Impl Bundle</Bundle-Description>
|
||||
<Private-Package>org.wso2.carbon.device.mgt.iot.url.printer.internal</Private-Package>
|
||||
<Private-Package>org.wso2.carbon.device.mgt.url.printer.internal</Private-Package>
|
||||
<Import-Package>
|
||||
org.osgi.framework,
|
||||
org.osgi.service.component,
|
||||
@ -69,8 +69,8 @@
|
||||
org.wso2.carbon.utils.*,
|
||||
</Import-Package>
|
||||
<Export-Package>
|
||||
!org.wso2.carbon.device.mgt.iot.url.printer.internal,
|
||||
org.wso2.carbon.device.mgt.iot.url.printer.*;version="${project.version}"
|
||||
!org.wso2.carbon.device.mgt.url.printer.internal,
|
||||
org.wso2.carbon.device.mgt.url.printer.*;version="${project.version}"
|
||||
</Export-Package>
|
||||
</instructions>
|
||||
</configuration>
|
||||
|
||||
@ -62,7 +62,7 @@ public class JWTAuthenticator implements WebappAuthenticator {
|
||||
private static final String DEFAULT_TRUST_STORE_LOCATION = "Security.TrustStore.Location";
|
||||
private static final String DEFAULT_TRUST_STORE_PASSWORD = "Security.TrustStore.Password";
|
||||
|
||||
private static final Map<String, PublicKey> publicKeyHolder = new HashMap<>();
|
||||
private static final Map<IssuerAlias, PublicKey> publicKeyHolder = new HashMap<>();
|
||||
private Properties properties;
|
||||
|
||||
private static void loadTenantRegistry(int tenantId) throws RegistryException {
|
||||
@ -106,46 +106,37 @@ public class JWTAuthenticator implements WebappAuthenticator {
|
||||
String username = jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_USERNAME);
|
||||
String tenantDomain = MultitenantUtils.getTenantDomain(username);
|
||||
int tenantId = Integer.parseInt(jwsObject.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_TENANT_ID));
|
||||
String issuer = jwsObject.getJWTClaimsSet().getIssuer();
|
||||
PrivilegedCarbonContext.startTenantFlow();
|
||||
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain);
|
||||
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(tenantId);
|
||||
PublicKey publicKey = publicKeyHolder.get(tenantDomain);
|
||||
IssuerAlias issuerAlias = new IssuerAlias(issuer, tenantDomain);
|
||||
PublicKey publicKey = publicKeyHolder.get(issuerAlias);
|
||||
if (publicKey == null) {
|
||||
loadTenantRegistry(tenantId);
|
||||
KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId);
|
||||
if (MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
|
||||
String defaultPublicKey = properties.getProperty("DefaultPublicKey");
|
||||
if (defaultPublicKey != null && !defaultPublicKey.isEmpty()) {
|
||||
boolean isDefaultPublicKey = Boolean.parseBoolean(defaultPublicKey);
|
||||
if (isDefaultPublicKey) {
|
||||
publicKey = keyStoreManager.getDefaultPublicKey();
|
||||
} else {
|
||||
String alias = properties.getProperty("KeyAlias");
|
||||
if (alias != null && !alias.isEmpty()) {
|
||||
ServerConfiguration serverConfig = CarbonUtils.getServerConfiguration();
|
||||
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
|
||||
String trustStorePath = serverConfig.getFirstProperty(DEFAULT_TRUST_STORE_LOCATION);
|
||||
String trustStorePassword = serverConfig.getFirstProperty(
|
||||
DEFAULT_TRUST_STORE_PASSWORD);
|
||||
keyStore.load(new FileInputStream(trustStorePath), trustStorePassword.toCharArray());
|
||||
publicKey = keyStore.getCertificate(alias).getPublicKey();
|
||||
} else {
|
||||
authenticationInfo.setStatus(Status.FAILURE);
|
||||
return authenticationInfo;
|
||||
}
|
||||
}
|
||||
|
||||
String alias = properties.getProperty(issuer);
|
||||
if (alias != null && !alias.isEmpty()) {
|
||||
ServerConfiguration serverConfig = CarbonUtils.getServerConfiguration();
|
||||
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
|
||||
String trustStorePath = serverConfig.getFirstProperty(DEFAULT_TRUST_STORE_LOCATION);
|
||||
String trustStorePassword = serverConfig.getFirstProperty(
|
||||
DEFAULT_TRUST_STORE_PASSWORD);
|
||||
keyStore.load(new FileInputStream(trustStorePath), trustStorePassword.toCharArray());
|
||||
publicKey = keyStore.getCertificate(alias).getPublicKey();
|
||||
} else {
|
||||
publicKey = keyStoreManager.getDefaultPublicKey();
|
||||
authenticationInfo.setStatus(Status.FAILURE);
|
||||
return authenticationInfo;
|
||||
}
|
||||
|
||||
} else {
|
||||
String ksName = tenantDomain.trim().replace('.', '-');
|
||||
String jksName = ksName + ".jks";
|
||||
publicKey = keyStoreManager.getKeyStore(jksName).getCertificate(tenantDomain).getPublicKey();
|
||||
}
|
||||
if (publicKey != null) {
|
||||
publicKeyHolder.put(tenantDomain, publicKey);
|
||||
issuerAlias = new IssuerAlias(tenantDomain);
|
||||
publicKeyHolder.put(issuerAlias, publicKey);
|
||||
}
|
||||
}
|
||||
|
||||
@ -205,4 +196,34 @@ public class JWTAuthenticator implements WebappAuthenticator {
|
||||
}
|
||||
return this.properties.getProperty(name);
|
||||
}
|
||||
|
||||
private class IssuerAlias {
|
||||
|
||||
private String issuer;
|
||||
private String tenantDomain;
|
||||
private final String DEFAULT_ISSUER = "default";
|
||||
|
||||
public IssuerAlias(String tenantDomain) {
|
||||
this.issuer = DEFAULT_ISSUER;
|
||||
this.tenantDomain = tenantDomain;
|
||||
}
|
||||
|
||||
public IssuerAlias(String issuer, String tenantDomain) {
|
||||
this.issuer = issuer;
|
||||
this.tenantDomain = tenantDomain;
|
||||
}
|
||||
|
||||
@Override
|
||||
public int hashCode() {
|
||||
int result = this.issuer.hashCode();
|
||||
result = 31 * result + ("@" + this.tenantDomain).hashCode();
|
||||
return result;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean equals(Object obj) {
|
||||
return (obj instanceof IssuerAlias) && issuer.equals(
|
||||
((IssuerAlias) obj).issuer) && tenantDomain == ((IssuerAlias) obj).tenantDomain;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -122,6 +122,9 @@
|
||||
<bundleDef>
|
||||
org.wso2.carbon.devicemgt:org.wso2.carbon.device.mgt.common:${carbon.device.mgt.version}
|
||||
</bundleDef>
|
||||
<bundleDef>
|
||||
org.wso2.carbon.devicemgt:org.wso2.carbon.device.mgt.url.printer:${carbon.device.mgt.version}
|
||||
</bundleDef>
|
||||
<!--<bundleDef>-->
|
||||
<!--org.wso2.carbon.commons:org.wso2.carbon.email.verification-->
|
||||
<!--</bundleDef>-->
|
||||
|
||||
@ -17,13 +17,13 @@
|
||||
#
|
||||
|
||||
#issuer of the JWT
|
||||
iss=iot_default
|
||||
iss=wso2.org/products/iot
|
||||
|
||||
TokenEndpoint=https://localhost:${carbon.https.port}/oauth2/token
|
||||
TokenEndpoint=https://${iot.keymanager.host}:${iot.keymanager.https.port}/oauth2/token
|
||||
|
||||
#audience of JWT claim
|
||||
#comma seperated values
|
||||
aud=wso2.org/products/iot
|
||||
aud=devicemgt
|
||||
|
||||
#expiration time of JWT (number of minutes from the current time)
|
||||
exp=1000
|
||||
|
||||
@ -20,9 +20,9 @@
|
||||
<Name>JWT</Name>
|
||||
<ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.JWTAuthenticator</ClassName>
|
||||
<Parameters>
|
||||
<Parameter Name="DefaultPublicKey">true</Parameter>
|
||||
<!--KeyAlias is alias of the certificate that is used to sign the JWT token-->
|
||||
<!-- <Parameter Name="KeyAlias"></Parameter> -->
|
||||
<!--Issuers list and corresponding cert alias-->
|
||||
<Parameter Name="wso2.org/products/am">wso2carbon</Parameter>
|
||||
<Parameter Name="wso2.org/products/iot">wso2carbon</Parameter>
|
||||
</Parameters>
|
||||
</Authenticator>
|
||||
<Authenticator>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user