Merge pull request #12540 from dakshina99/lightweight_apikey

[Improvement] Lightweight apikey
wso2 · Sep 26, 2024 · b0c49f1 · b0c49f1
2 parents 32491bf + 6ab768f
commit b0c49f1
Show file tree

Hide file tree

Showing 11 changed files with 174 additions and 215 deletions.
diff --git a/...ain/java/org/wso2/carbon/apimgt/gateway/handlers/security/apikey/ApiKeyAuthenticator.java b/...ain/java/org/wso2/carbon/apimgt/gateway/handlers/security/apikey/ApiKeyAuthenticator.java
@@ -47,6 +47,7 @@
 import org.wso2.carbon.apimgt.gateway.utils.OpenAPIUtils;
 import org.wso2.carbon.apimgt.impl.APIConstants;
 import org.wso2.carbon.apimgt.impl.APIManagerConfiguration;
+import org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO;
 import org.wso2.carbon.apimgt.impl.dto.ExtendedJWTConfigurationDto;
 import org.wso2.carbon.apimgt.impl.dto.VerbInfoDTO;
 import org.wso2.carbon.apimgt.impl.utils.APIUtil;
@@ -163,12 +164,12 @@ public AuthenticationResponse authenticate(MessageContext synCtx) {
                         tenantDomain, payload);
                 ApiKeyAuthenticatorUtils.validateAPIKeyRestrictions(payload, GatewayUtils.getIp(axis2MessageContext),
                         apiContext, apiVersion, referer);
-                net.minidev.json.JSONObject api = GatewayUtils.validateAPISubscription(apiContext, apiVersion, payload,
+                APIKeyValidationInfoDTO apiKeyValidationInfoDTO = GatewayUtils.validateAPISubscription(apiContext, apiVersion, payload,
                         splitToken[0]);
-                String endUserToken = ApiKeyAuthenticatorUtils.getEndUserToken(api, jwtConfigurationDto, apiKey,
-                        signedJWT, payload, tokenIdentifier, isGatewayTokenCacheEnabled);
+                String endUserToken = ApiKeyAuthenticatorUtils.getEndUserToken(apiKeyValidationInfoDTO, jwtConfigurationDto, apiKey,
+                        signedJWT, payload, tokenIdentifier, apiContext, apiVersion, isGatewayTokenCacheEnabled);
                 AuthenticationContext authenticationContext = GatewayUtils.generateAuthenticationContext(tokenIdentifier,
-                        payload, api, apiLevelPolicy, endUserToken, synCtx);
+                        payload, apiKeyValidationInfoDTO, endUserToken);
                 APISecurityUtils.setAuthenticationContext(synCtx, authenticationContext,
                         jwtGenerationEnabled ? getContextHeader() : null);
                 synCtx.setProperty(APIMgtGatewayConstants.END_USER_NAME, authenticationContext.getUsername());

diff --git a/.../org/wso2/carbon/apimgt/gateway/inbound/websocket/Authentication/ApiKeyAuthenticator.java b/.../org/wso2/carbon/apimgt/gateway/inbound/websocket/Authentication/ApiKeyAuthenticator.java
@@ -37,6 +37,7 @@
 import org.wso2.carbon.apimgt.gateway.utils.ApiKeyAuthenticatorUtils;
 import org.wso2.carbon.apimgt.gateway.utils.GatewayUtils;
 import org.wso2.carbon.apimgt.impl.APIConstants;
+import org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO;
 import org.wso2.carbon.apimgt.impl.dto.ExtendedJWTConfigurationDto;
 
 import java.text.ParseException;
@@ -110,12 +111,12 @@ public InboundProcessorResponseDTO authenticate(InboundMessageContext inboundMes
                     ApiKeyAuthenticatorUtils.validateAPIKeyRestrictions(payload, inboundMessageContext.getUserIP(),
                             apiContext, apiVersion, inboundMessageContext.getRequestHeaders().
                                     get(APIMgtGatewayConstants.REFERER));
-                    net.minidev.json.JSONObject api = GatewayUtils.validateAPISubscription(apiContext, apiVersion,
+                    APIKeyValidationInfoDTO apiKeyValidationInfoDTO = GatewayUtils.validateAPISubscription(apiContext, apiVersion,
                             payload, splitToken[0]);
-                    String endUserToken = ApiKeyAuthenticatorUtils.getEndUserToken(api, jwtConfigurationDto, apiKey,
-                            signedJWT, payload, tokenIdentifier, isGatewayTokenCacheEnabled);
-                    AuthenticationContext authenticationContext = GatewayUtils.generateAuthenticationContext(
-                            tokenIdentifier, payload, api, null, endUserToken, null);
+                    String endUserToken = ApiKeyAuthenticatorUtils.getEndUserToken(apiKeyValidationInfoDTO, jwtConfigurationDto,
+                            apiKey, signedJWT, payload, tokenIdentifier, apiContext, apiVersion, isGatewayTokenCacheEnabled);
+                    AuthenticationContext authenticationContext = GatewayUtils.generateAuthenticationContext(tokenIdentifier,
+                            payload, apiKeyValidationInfoDTO, endUserToken);
                     if (!InboundWebsocketProcessorUtil.validateAuthenticationContext(authenticationContext,
                             inboundMessageContext)) {
                         return InboundWebsocketProcessorUtil.getFrameErrorDTO(
@@ -135,10 +136,6 @@ public InboundProcessorResponseDTO authenticate(InboundMessageContext inboundMes
                 log.error("Invalid Api Key. Signature verification failed.");
                 throw new APISecurityException(APISecurityConstants.API_AUTH_INVALID_CREDENTIALS,
                         APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
-            } catch (ParseException e) {
-                log.error("Error while parsing API Key", e);
-                return InboundWebsocketProcessorUtil.getFrameErrorDTO(APISecurityConstants.API_AUTH_GENERAL_ERROR,
-                        APISecurityConstants.API_AUTH_GENERAL_ERROR_MESSAGE, true);
             } catch (APIManagementException e) {
                 log.error("Error while setting public cert/private key for backend jwt generation", e);
                 return InboundWebsocketProcessorUtil.getFrameErrorDTO(APISecurityConstants.API_AUTH_GENERAL_ERROR,

diff --git a/....gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/ApiKeyAuthenticatorUtils.java b/....gateway/src/main/java/org/wso2/carbon/apimgt/gateway/utils/ApiKeyAuthenticatorUtils.java
@@ -27,6 +27,7 @@
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.synapse.rest.RESTConstants;
 import org.json.JSONObject;
 import org.wso2.carbon.apimgt.api.APIManagementException;
 import org.wso2.carbon.apimgt.common.gateway.dto.JWTInfoDto;
@@ -40,6 +41,7 @@
 import org.wso2.carbon.apimgt.gateway.jwt.RevokedJWTDataHolder;
 import org.wso2.carbon.apimgt.impl.APIConstants;
 import org.wso2.carbon.apimgt.impl.caching.CacheProvider;
+import org.wso2.carbon.apimgt.impl.dto.APIKeyValidationInfoDTO;
 import org.wso2.carbon.apimgt.impl.dto.ExtendedJWTConfigurationDto;
 import org.wso2.carbon.apimgt.impl.jwt.SignedJWTInfo;
 import org.wso2.carbon.apimgt.impl.utils.APIUtil;
@@ -333,27 +335,28 @@ public static void validateAPIKeyRestrictions(JWTClaimsSet payload, String clien
     /**
      * This method is used to get the end user token for the API Key when backend JWT token generation is needed.
      *
-     * @param api                        The API object returned after validating API subscription.
+     * @param apiKeyValidationInfoDTO    The API Key validation info DTO.
      * @param jwtConfigurationDto        The JWT configuration DTO.
      * @param apiKey                     The API Key.
      * @param signedJWT                  The signed JWT.
      * @param payload                    The payload of the API Key.
      * @param tokenIdentifier            The token identifier.
+     * @param apiContext                 The API context.
+     * @param apiVersion                 The API version.
      * @param isGatewayTokenCacheEnabled Whether the gateway token cache is enabled or not.
      * @return The end user token.
      * @throws APIManagementException If an error occurs while getting Public Certificate or Signing Key.
      * @throws APISecurityException   If an error occurs while generating the backend JWT token.
      */
-    public static String getEndUserToken(net.minidev.json.JSONObject api,
+    public static String getEndUserToken(APIKeyValidationInfoDTO apiKeyValidationInfoDTO,
                                          ExtendedJWTConfigurationDto jwtConfigurationDto, String apiKey,
                                          SignedJWT signedJWT, JWTClaimsSet payload, String tokenIdentifier,
-                                         boolean isGatewayTokenCacheEnabled) throws APIManagementException,
-            APISecurityException {
+                                         String apiContext, String apiVersion, boolean isGatewayTokenCacheEnabled
+    ) throws APIManagementException, APISecurityException {
 
         AbstractAPIMgtGatewayJWTGenerator apiMgtGatewayJWTGenerator = null;
         boolean jwtGenerationEnabled = false;
-        int tenantId = APIUtil.getTenantIdFromTenantDomain(api.getAsString(APIConstants.JwtTokenConstants.
-                SUBSCRIBER_TENANT_DOMAIN));
+        int tenantId = APIUtil.getTenantIdFromTenantDomain(apiKeyValidationInfoDTO.getSubscriberTenantDomain());
         if (jwtConfigurationDto != null) {
             apiMgtGatewayJWTGenerator = ServiceReferenceHolder.getInstance().getApiMgtGatewayJWTGenerator()
                     .get(jwtConfigurationDto.getGatewayJWTGeneratorImpl());
@@ -380,9 +383,8 @@ public static String getEndUserToken(net.minidev.json.JSONObject api,
         if (jwtGenerationEnabled) {
             SignedJWTInfo signedJWTInfo = new SignedJWTInfo(apiKey, signedJWT, payload);
             JWTValidationInfo jwtValidationInfo = getJwtValidationInfo(signedJWTInfo);
-            JWTInfoDto jwtInfoDto = GatewayUtils.generateJWTInfoDto(api, jwtValidationInfo,
-                    api.getAsString(APIConstants.JwtTokenConstants.API_CONTEXT),
-                    api.getAsString(APIConstants.JwtTokenConstants.API_VERSION));
+            JWTInfoDto jwtInfoDto = GatewayUtils.generateJWTInfoDto(jwtValidationInfo,
+                    apiKeyValidationInfoDTO, apiContext, apiVersion);
             endUserToken = generateAndRetrieveBackendJWTToken(tokenIdentifier, jwtInfoDto, isGatewayTokenCacheEnabled,
                     apiMgtGatewayJWTGenerator);
         }