All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.wso2.carbon.apimgt.notification.TokenRevocationNotifierImpl Maven / Gradle / Ivy

/*
 *Copyright (c) 2019, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
 *
 *WSO2 Inc. licenses this file to you under the Apache License,
 *Version 2.0 (the "License"); you may not use this file except
 *in compliance with the License.
 *You may obtain a copy of the License at
 *
 *http://www.apache.org/licenses/LICENSE-2.0
 *
 *Unless required by applicable law or agreed to in writing,
 *software distributed under the License is distributed on an
 *"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 *KIND, either express or implied.  See the License for the
 *specific language governing permissions and limitations
 *under the License.
 */

package org.wso2.carbon.apimgt.notification;

import org.apache.axis2.util.URL;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.HttpHeaders;
import org.apache.http.HttpResponse;
import org.apache.http.HttpStatus;
import org.apache.http.NameValuePair;
import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.message.BasicNameValuePair;
import org.wso2.carbon.apimgt.eventing.EventPublisherEvent;
import org.wso2.carbon.apimgt.eventing.EventPublisherType;
import org.wso2.carbon.apimgt.impl.APIConstants;
import org.wso2.carbon.apimgt.impl.token.TokenRevocationNotifier;
import org.wso2.carbon.apimgt.impl.utils.APIUtil;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;

/**
 * Implemented class for TokenRevocationNotifier interface
 * SendMessageOnRealtime() method is implemented
 * SendMessageToPersistentStorage() method is implemented
 */
public class TokenRevocationNotifierImpl implements TokenRevocationNotifier {

    private static final Log log = LogFactory.getLog(TokenRevocationNotifierImpl.class);
    protected static final String DEFAULT_TTL = "3600";
    protected Properties realTimeNotifierProperties;
    protected Properties persistentNotifierProperties;

    /**
     * Method to publish the revoked token on to the realtime message broker
     *
     * @param revokedToken requested revoked token
     * @param properties realtime notifier properties read from the config
     */
    @Override
    public void sendMessageOnRealtime(String revokedToken, Properties properties) {
        //Variables related to Realtime Notifier
        String realtimeNotifierTTL = realTimeNotifierProperties.getProperty("ttl", DEFAULT_TTL);
        long expiryTimeForJWT = Long.parseLong(properties.getProperty("expiryTime"));
        String eventId = properties.getProperty(APIConstants.NotificationEvent.EVENT_ID);
        String tokenType = properties.getProperty(APIConstants.NotificationEvent.TOKEN_TYPE);
        int tenantId = (int) properties.get(APIConstants.NotificationEvent.TENANT_ID);
        Object[] objects =
                new Object[]{eventId, revokedToken, realtimeNotifierTTL, expiryTimeForJWT, tokenType, tenantId};
        EventPublisherEvent tokenRevocationEvent = new EventPublisherEvent(APIConstants.TOKEN_REVOCATION_STREAM_ID,
                                                                           System.currentTimeMillis(), objects);
        APIUtil.publishEvent(EventPublisherType.TOKEN_REVOCATION, tokenRevocationEvent,
                tokenRevocationEvent.toString());
    }

    /**
     * Method to send the revoked token to the persistent storage
     *
     * @param revokedToken token to be revoked
     * @param properties persistent notifier properties read from the config
     */
    @Override
    public void sendMessageToPersistentStorage(String revokedToken, Properties properties) {
        //Variables related to Persistent Notifier
        String defaultPersistentNotifierHostname = "https://localhost:2379/v2/keys/jti/";
        String persistentNotifierHostname = properties
                .getProperty("hostname", defaultPersistentNotifierHostname);
        String persistentNotifierTTL = properties.getProperty("ttl", DEFAULT_TTL);
        String defaultPersistentNotifierUsername = "root";
        String persistentNotifierUsername = properties
                .getProperty("username", defaultPersistentNotifierUsername);
        String defaultPersistentNotifierPassword = "root";
        String persistentNotifierPassword = properties
                .getProperty("password", defaultPersistentNotifierPassword);
        String etcdEndpoint = persistentNotifierHostname + revokedToken;
        URL etcdEndpointURL = new URL(etcdEndpoint);
        String etcdEndpointProtocol = etcdEndpointURL.getProtocol();
        int etcdEndpointPort = etcdEndpointURL.getPort();
        HttpClient etcdEPClient = APIUtil.getHttpClient(etcdEndpointPort, etcdEndpointProtocol);
        HttpPut httpETCDPut = new HttpPut(etcdEndpoint);
        byte[] encodedAuth = Base64.encodeBase64((persistentNotifierUsername + ":" + persistentNotifierPassword).
                getBytes(StandardCharsets.UTF_8));
        String authHeader = "Basic " + new String(encodedAuth, StandardCharsets.UTF_8);
        httpETCDPut.setHeader(HttpHeaders.AUTHORIZATION, authHeader);
        List etcdParams = new ArrayList<>(2);
        etcdParams.add(new BasicNameValuePair("value", "true"));
        etcdParams.add(new BasicNameValuePair("ttl", persistentNotifierTTL));

        //Send the revoked token to the persistent storage Server
        httpETCDPut.setEntity(new UrlEncodedFormEntity(etcdParams, StandardCharsets.UTF_8));
        HttpResponse etcdResponse;
        try {
            etcdResponse = etcdEPClient.execute(httpETCDPut);
            if (etcdResponse.getStatusLine().getStatusCode() == HttpStatus.SC_OK
                    || etcdResponse.getStatusLine().getStatusCode() == HttpStatus.SC_CREATED) {
                if (log.isDebugEnabled()) {
                    log.debug("Successfully submitted the request for revoked token. HTTP status :" + etcdResponse
                            .getStatusLine().getStatusCode());
                }
            } else {
                log.error("Sending revoked token to persistent storage failed. HTTP error code : " + etcdResponse
                        .getStatusLine().getStatusCode());
            }
        } catch (IOException e) {
            log.error("Error while sending revoked token to the persistent storage :", e);
        }
    }

    @Override
    public void init(Properties realTimeNotifierProperties, Properties persistentNotifierProperties) {

        this.realTimeNotifierProperties = realTimeNotifierProperties;
        this.persistentNotifierProperties = persistentNotifierProperties;
    }

}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy