RestAPISecurityUtils.java

/*
 * Copyright (c) 2013, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.wso2.carbon.registry.rest.api.security;

import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.PrivilegedCarbonContext;

public class RestAPISecurityUtils {
	private static Log log = LogFactory.getLog(RestAPISecurityUtils.class);
	
	public static RestAPIAuthContext getAuthContext(PrivilegedCarbonContext context, String JWTToken) {
		RestAPIAuthContext authContext = new RestAPIAuthContext();
		if (context.getUsername() != null && 
				context.getTenantId() != org.wso2.carbon.base.MultitenantConstants.INVALID_TENANT_ID) {
			authContext.setUserName(context.getUsername());
			authContext.setTenantId(context.getTenantId());
			authContext.setAuthorized(true);
			
		} else if (JWTToken != null){
			String jWTTokenString = getTokenStringJWTToken(JWTToken);
			try {
				authContext.setUserName(getUserNameFromJWTTokenString(jWTTokenString));
				authContext.setTenantId(getTenantIdFromJWTTokenString(jWTTokenString));
				authContext.setAuthorized(true);
			} catch (Exception e) {
				log.error("Error retrieving UserName and TenantID" , e);
				authContext.setAuthorized(false);
			}
		} else {
			authContext.setAuthorized(false);
		}
		return authContext;
	}
	
	private static String getTokenStringJWTToken(String JWTToken) {
		String token = JWTToken.substring(JWTToken.indexOf(".") + 1, JWTToken.lastIndexOf("."));
		
		//decode the jwt token and convert it to string
		byte[] jwtBytes = token.getBytes();
		byte[] decodedBytes = Base64.decodeBase64(jwtBytes);

        return new String(decodedBytes);
		
	}
	
	private static String getUserNameFromJWTTokenString(String JWTTokenString) throws Exception{
		String endUserClaimUri = "http://wso2.org/claims/enduser";
		int endUserIndex = JWTTokenString.indexOf(endUserClaimUri);
		JWTTokenString = JWTTokenString.substring(endUserIndex + endUserClaimUri.length() + 1);	
		String endUsername = JWTTokenString.substring(JWTTokenString.indexOf('"')+1); 
		endUsername = endUsername.substring(0, endUsername.indexOf('"'));
		
		return endUsername;
	}
	
	private static int getTenantIdFromJWTTokenString(String JWTTokenString) throws Exception{
		String endUserTenantIdClaimUri = "http://wso2.org/claims/enduserTenantId";
		int endUserIndex = JWTTokenString.indexOf(endUserTenantIdClaimUri);
		JWTTokenString = JWTTokenString.substring(endUserIndex + endUserTenantIdClaimUri.length() + 1);
		String endUserTenantId = JWTTokenString.substring(JWTTokenString.indexOf('"')+1);
        endUserTenantId = endUserTenantId.substring(0, endUserTenantId.indexOf('"'));
		
		return Integer.parseInt(endUserTenantId);
	}
	
}