Skip to content

Commit

Permalink
Add API ID to API key identifier
Browse files Browse the repository at this point in the history
  • Loading branch information
mevan-karu committed Nov 6, 2024
1 parent dff646e commit 04b9f86
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 6 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -109,22 +109,23 @@ protected String retrieveTokenFromRequestCtx(RequestContext requestContext) thro
APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
}
String keyHash = APIKeyUtils.generateAPIKeyHash(apiKey);
Object cachedJWT = CacheProvider.getGatewayAPIKeyJWTCache().getIfPresent(keyHash);
String apiKeyId = keyHash + APIKeyConstants.API_KEY_ID_SEPARATOR + requestContext.getMatchedAPI().getUuid();
Object cachedJWT = CacheProvider.getGatewayAPIKeyJWTCache().getIfPresent(apiKeyId);
if (cachedJWT != null && !APIKeyUtils.isJWTExpired((String) cachedJWT)) {
if (log.isDebugEnabled()) {
log.debug("Token retrieved from the cache. Token: " + FilterUtils.getMaskedToken(keyHash));
}
return (String) cachedJWT;
}
// Exchange the API Key to a JWT token.
Optional<String> jwt = APIKeyUtils.exchangeAPIKeyToJWT(keyHash);
Optional<String> jwt = APIKeyUtils.exchangeAPIKeyToJWT(apiKeyId);
if (jwt.isEmpty()) {
throw new APISecurityException(APIConstants.StatusCodes.UNAUTHENTICATED.getCode(),
APISecurityConstants.API_AUTH_INVALID_CREDENTIALS,
APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
}
// Cache the JWT token.
CacheProvider.getGatewayAPIKeyJWTCache().put(keyHash, jwt.get());
CacheProvider.getGatewayAPIKeyJWTCache().put(apiKeyId, jwt.get());
return jwt.get();
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,8 @@ public class APIKeyConstants {

public static final String API_KEY_JSON_KEY = "key";

public static final String API_KEY_ID_SEPARATOR = "#";

public static final String PAT_EXCHANGE_ENDPOINT = "/internal/pat";
public static final String API_KEY_EXCHANGE_ENDPOINT = "/internal/apiKey/token";
}
Original file line number Diff line number Diff line change
Expand Up @@ -144,10 +144,10 @@ public static Optional<String> exchangePATToJWT(String patHash) {
/**
* Exchange a given API key hash to a JWT token.
*
* @param apiKeyHash API Key Hash
* @param apiKeyId API Key Hash + "#" + API ID.
* @return JWT corresponding to given API Key.
*/
public static Optional<String> exchangeAPIKeyToJWT(String apiKeyHash) {
public static Optional<String> exchangeAPIKeyToJWT(String apiKeyId) {

URL url = null;
try {
Expand All @@ -162,7 +162,7 @@ public static Optional<String> exchangeAPIKeyToJWT(String apiKeyHash) {
// Create a request to exchange API key to JWT.
HttpPost exchangeRequest = new HttpPost(url.toURI());
exchangeRequest.addHeader("Content-Type", ContentType.APPLICATION_JSON.toString());
exchangeRequest.setEntity(new StringEntity(createKeyHashExchangeRequest(apiKeyHash)));
exchangeRequest.setEntity(new StringEntity(createKeyHashExchangeRequest(apiKeyId)));
try (CloseableHttpResponse response = httpClient.execute(exchangeRequest)) {
if (response.getStatusLine().getStatusCode() == 200) {
HttpEntity entity = response.getEntity();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,7 @@ public void retrieveTokenFromRequestCtxTest_invalidKey() {
RequestContext.Builder requestContextBuilder = new RequestContext.Builder("/api-key");
requestContextBuilder.matchedAPI(new APIConfig.Builder("Petstore")
.basePath("/test")
.uuid("6003a3b7-af0f-4fb3-853e-a6562b2345f2")
.apiType("REST")
.build());
Map<String, String> headersMap = new HashMap<>();
Expand Down Expand Up @@ -100,6 +101,7 @@ public void retrieveTokenFromRequestCtxTest_cached_validKey() throws APISecurity
RequestContext.Builder requestContextBuilder = new RequestContext.Builder("/api-key");
requestContextBuilder.matchedAPI(new APIConfig.Builder("Petstore")
.basePath("/test")
.uuid("6003a3b7-af0f-4fb3-853e-a6562b2345f2")
.apiType("REST")
.build());
Map<String, String> headersMap = new HashMap<>();
Expand Down Expand Up @@ -131,6 +133,7 @@ public void retrieveTokenFromRequestCtxTest_validKey() throws APISecurityExcepti
RequestContext.Builder requestContextBuilder = new RequestContext.Builder("/api-key");
requestContextBuilder.matchedAPI(new APIConfig.Builder("Petstore")
.basePath("/test")
.uuid("6003a3b7-af0f-4fb3-853e-a6562b2345f2")
.apiType("REST")
.build());
Map<String, String> headersMap = new HashMap<>();
Expand Down

0 comments on commit 04b9f86

Please sign in to comment.