Change default token type of portal apps to JWT.

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/listeners/GatewayTokenRevocationMessageListener.java

@@ -89,17 +89,30 @@
                     revokedTokenMap.get(APIConstants.NotificationEvent.CONSUMER_KEY) != null &&
                     revokedTokenMap.containsKey(APIConstants.NotificationEvent.REVOCATION_TIME) &&
                     revokedTokenMap.get(APIConstants.NotificationEvent.REVOCATION_TIME) != null) {
-                RevokedJWTDataHolder.getInstance().addRevokedConsumerKeyToMap(
-                        (String) revokedTokenMap.get(APIConstants.NotificationEvent.CONSUMER_KEY),
-                        (long) revokedTokenMap.get(APIConstants.NotificationEvent.REVOCATION_TIME));
+                try {
+                    RevokedJWTDataHolder.getInstance().addRevokedConsumerKeyToMap(
+                            (String) revokedTokenMap.get(APIConstants.NotificationEvent.CONSUMER_KEY),
+                            convertRevokedTime(revokedTokenMap));
+                } catch (NumberFormatException e) {
+                    log.warn("Event dropped due to unsupported value type for "
+                            + APIConstants.NotificationEvent.REVOCATION_TIME + " : "
+                            + revokedTokenMap.get(APIConstants.NotificationEvent.REVOCATION_TIME));
+                }
             }
         } else if (APIConstants.NotificationEvent.SUBJECT_ENTITY_REVOCATION_EVENT.equals(tokenType)) {
             HashMap<String, Object> revokedTokenMap = base64Decode(revokedToken);
             if (revokedTokenMap.get(APIConstants.NotificationEvent.ENTITY_TYPE) != null &&
                     revokedTokenMap.get(APIConstants.NotificationEvent.REVOCATION_TIME) != null &&
                     revokedTokenMap.get(APIConstants.NotificationEvent.ENTITY_ID) != null) {
                 String entityType = (String) revokedTokenMap.get(APIConstants.NotificationEvent.ENTITY_TYPE);
-                long revocationTime = (long) revokedTokenMap.get(APIConstants.NotificationEvent.REVOCATION_TIME);
+                long revocationTime = 0;
+                try {
+                    revocationTime = convertRevokedTime(revokedTokenMap);
+                } catch (NumberFormatException e) {
+                    log.warn("Event dropped due to unsupported value type for "
+                            + APIConstants.NotificationEvent.REVOCATION_TIME + " : "
+                            + revokedTokenMap.get(APIConstants.NotificationEvent.REVOCATION_TIME));
+                }
                 String entityId = (String) revokedTokenMap.get(APIConstants.NotificationEvent.ENTITY_ID);
                 if (APIConstants.NotificationEvent.ENTITY_TYPE_USER_ID.equals(entityType)) {
                     RevokedJWTDataHolder.getInstance().addRevokedSubjectEntityUserToMap(entityId, revocationTime);
@@ -138,4 +151,9 @@
         }
         return new HashMap<>();
     }
+
+    private long convertRevokedTime(HashMap<String, Object> revokedTokenMap) throws NumberFormatException {
+
+        return Long.parseLong((String) revokedTokenMap.get(APIConstants.NotificationEvent.REVOCATION_TIME));
+    }
 }

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/factory/KeyManagerHolder.java

@@ -211,7 +211,7 @@
                         tokenIssuerDto.setJwksConfigurationDTO(jwksConfigurationDTO);
                     } else {
                         X509Certificate x509Certificate =
-                                APIUtil.retrieveCertificateFromContent((String) certificateValue);
+                                APIUtil.retrieveCertificateFromURLEncodedContent((String) certificateValue);
                         if (x509Certificate != null) {
                             tokenIssuerDto.setCertificate(x509Certificate);
                         }

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java

@@ -9229,7 +9229,14 @@
         return content.trim();
     }
 
-    public static X509Certificate retrieveCertificateFromContent(String base64EncodedCertificate)
+    /**
+     * Util method to convert Base64 URL encoded certificate content to X509Certificate instance.
+     *
+     * @param base64EncodedCertificate Base64 URL encoded cert string
+     * @return javax.security.cert.X509Certificate
+     * @throws APIManagementException if an error occurs while retrieving from IDP
+     */
+    public static X509Certificate retrieveCertificateFromURLEncodedContent(String base64EncodedCertificate)
             throws APIManagementException {
 
         if (base64EncodedCertificate != null) {
@@ -9253,6 +9260,30 @@
         return null;
     }
 
+    /**
+     * Util method to convert non URL encoded but base64 encoded certificate content to X509Certificate instance.
+     *
+     * @param base64EncodedCertificate Base64 encoded cert string (not URL encoded)
+     * @return javax.security.cert.X509Certificate
+     * @throws APIManagementException if an error occurs while retrieving from IDP
+     */
+    public static X509Certificate retrieveCertificateFromContent(String base64EncodedCertificate)
+            throws APIManagementException {
+
+        if (base64EncodedCertificate != null) {
+            base64EncodedCertificate = APIUtil.getX509certificateContent(base64EncodedCertificate);
+            byte[] bytes = Base64.decodeBase64(base64EncodedCertificate.getBytes());
+            try (InputStream inputStream = new ByteArrayInputStream(bytes)) {
+                return X509Certificate.getInstance(inputStream);
+            } catch (IOException | javax.security.cert.CertificateException e) {
+                String msg = "Error while converting into X509Certificate";
+                log.error(msg, e);
+                throw new APIManagementException(msg, e);
+            }
+        }
+        return null;
+    }
+
     /**
      * Replace new RESTAPI Role mappings to tenant-conf.
      *

components/apimgt/org.wso2.carbon.apimgt.rest.api.dcr/src/main/java/org/wso2/carbon/apimgt/rest/api/dcr/web/impl/RegistrationServiceImpl.java

@@ -27,16 +27,17 @@
 import org.wso2.carbon.apimgt.api.model.OAuthApplicationInfo;
 import org.wso2.carbon.apimgt.impl.APIConstants;
 import org.wso2.carbon.apimgt.rest.api.common.RestApiCommonUtil;
+import org.wso2.carbon.apimgt.rest.api.common.RestApiConstants;
+import org.wso2.carbon.apimgt.rest.api.common.dto.ErrorDTO;
 import org.wso2.carbon.apimgt.rest.api.dcr.web.RegistrationService;
 import org.wso2.carbon.apimgt.rest.api.dcr.web.dto.FaultResponse;
 import org.wso2.carbon.apimgt.rest.api.dcr.web.dto.RegistrationProfile;
-import org.wso2.carbon.apimgt.rest.api.common.RestApiConstants;
-import org.wso2.carbon.apimgt.rest.api.common.dto.ErrorDTO;
 import org.wso2.carbon.apimgt.rest.api.util.utils.RestApiUtil;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
 import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
 import org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig;
 import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig;
+import org.wso2.carbon.identity.application.common.model.LocalAndOutboundAuthenticationConfig;
 import org.wso2.carbon.identity.application.common.model.Property;
 import org.wso2.carbon.identity.application.common.model.ServiceProvider;
 import org.wso2.carbon.identity.application.common.model.ServiceProviderProperty;
@@ -54,11 +55,6 @@
 import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
 import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
 
-import java.util.ArrayList;
-import java.util.List;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Map;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.DELETE;
 import javax.ws.rs.POST;
@@ -68,6 +64,11 @@
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
 
 import static org.wso2.carbon.apimgt.api.model.ApplicationConstants.OAUTH_CLIENT_GRANT;
 import static org.wso2.carbon.apimgt.api.model.ApplicationConstants.OAUTH_CLIENT_NAME;
@@ -275,10 +276,10 @@
      *
      * @param appRequest OAuthAppRequest object with client's payload content
      * @return created Application
-     * @throws APIKeyMgtException if failed to create the a new application
+     * @throws APIManagementException if failed to create the new application
      */
     private OAuthApplicationInfo createApplication(String applicationName, OAuthAppRequest appRequest,
-            String grantType) throws APIManagementException {
+                                                   String grantType) throws APIManagementException {
         String userName;
         OAuthApplicationInfo applicationInfo = appRequest.getOAuthApplicationInfo();
         String appName = applicationInfo.getClientName();
@@ -325,6 +326,14 @@
             logoutConsentProperty.setValue(APIConstants.APP_SKIP_LOGOUT_CONSENT_VALUE);
             serviceProviderProperties.add(logoutConsentProperty);
 
+            if (APIConstants.JWT.equals(applicationInfo.getTokenType())) {
+                LocalAndOutboundAuthenticationConfig localAndOutboundConfig =
+                        new LocalAndOutboundAuthenticationConfig();
+                localAndOutboundConfig.setSkipConsent(true);
+                localAndOutboundConfig.setSkipLogoutConsent(true);
+                localAndOutboundConfig.setUseTenantDomainInLocalSubjectIdentifier(true);
+                serviceProvider.setLocalAndOutBoundAuthenticationConfig(localAndOutboundConfig);
+            }
             String orgId = null;
             try {
                 orgId = RestApiUtil.getValidatedOrganization(securityContext);