Add API ID to API key identifier

mevan-karu · mevan-karu · commit 04b9f8607ad5 · 2024-11-06T17:26:12.000+05:30
diff --git a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/APIKeyAuthenticator.java b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/APIKeyAuthenticator.java
@@ -109,22 +109,23 @@ protected String retrieveTokenFromRequestCtx(RequestContext requestContext) thro
                     APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
         }
         String keyHash = APIKeyUtils.generateAPIKeyHash(apiKey);
-        Object cachedJWT = CacheProvider.getGatewayAPIKeyJWTCache().getIfPresent(keyHash);
+        String apiKeyId = keyHash + APIKeyConstants.API_KEY_ID_SEPARATOR + requestContext.getMatchedAPI().getUuid();
+        Object cachedJWT = CacheProvider.getGatewayAPIKeyJWTCache().getIfPresent(apiKeyId);
         if (cachedJWT != null && !APIKeyUtils.isJWTExpired((String) cachedJWT)) {
             if (log.isDebugEnabled()) {
                 log.debug("Token retrieved from the cache. Token: " + FilterUtils.getMaskedToken(keyHash));
             }
             return (String) cachedJWT;
         }
         // Exchange the API Key to a JWT token.
-        Optional<String> jwt = APIKeyUtils.exchangeAPIKeyToJWT(keyHash);
+        Optional<String> jwt = APIKeyUtils.exchangeAPIKeyToJWT(apiKeyId);
         if (jwt.isEmpty()) {
             throw new APISecurityException(APIConstants.StatusCodes.UNAUTHENTICATED.getCode(),
                     APISecurityConstants.API_AUTH_INVALID_CREDENTIALS,
                     APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);
         }
         // Cache the JWT token.
-        CacheProvider.getGatewayAPIKeyJWTCache().put(keyHash, jwt.get());
+        CacheProvider.getGatewayAPIKeyJWTCache().put(apiKeyId, jwt.get());
         return jwt.get();
     }
 
diff --git a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/APIKeyConstants.java b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/APIKeyConstants.java
@@ -28,6 +28,8 @@ public class APIKeyConstants {
 
     public static final String API_KEY_JSON_KEY = "key";
 
+    public static final String API_KEY_ID_SEPARATOR = "#";
+
     public static final String PAT_EXCHANGE_ENDPOINT = "/internal/pat";
     public static final String API_KEY_EXCHANGE_ENDPOINT = "/internal/apiKey/token";
 }
diff --git a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/APIKeyUtils.java b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/APIKeyUtils.java
@@ -144,10 +144,10 @@ public static Optional<String> exchangePATToJWT(String patHash) {
     /**
      * Exchange a given API key hash to a JWT token.
      *
-     * @param apiKeyHash    API Key Hash
+     * @param apiKeyId    API Key Hash + "#" + API ID.
      * @return JWT corresponding to given API Key.
      */
-    public static Optional<String> exchangeAPIKeyToJWT(String apiKeyHash) {
+    public static Optional<String> exchangeAPIKeyToJWT(String apiKeyId) {
 
         URL url = null;
         try {
@@ -162,7 +162,7 @@ public static Optional<String> exchangeAPIKeyToJWT(String apiKeyHash) {
             // Create a request to exchange API key to JWT.
             HttpPost exchangeRequest = new HttpPost(url.toURI());
             exchangeRequest.addHeader("Content-Type", ContentType.APPLICATION_JSON.toString());
-            exchangeRequest.setEntity(new StringEntity(createKeyHashExchangeRequest(apiKeyHash)));
+            exchangeRequest.setEntity(new StringEntity(createKeyHashExchangeRequest(apiKeyId)));
             try (CloseableHttpResponse response = httpClient.execute(exchangeRequest)) {
                 if (response.getStatusLine().getStatusCode() == 200) {
                     HttpEntity entity = response.getEntity();
diff --git a/enforcer-parent/enforcer/src/test/java/org/wso2/choreo/connect/enforcer/security/jwt/APIKeyAuthenticatorTest.java b/enforcer-parent/enforcer/src/test/java/org/wso2/choreo/connect/enforcer/security/jwt/APIKeyAuthenticatorTest.java
@@ -70,6 +70,7 @@ public void retrieveTokenFromRequestCtxTest_invalidKey() {
         RequestContext.Builder requestContextBuilder = new RequestContext.Builder("/api-key");
         requestContextBuilder.matchedAPI(new APIConfig.Builder("Petstore")
                 .basePath("/test")
+                .uuid("6003a3b7-af0f-4fb3-853e-a6562b2345f2")
                 .apiType("REST")
                 .build());
         Map<String, String> headersMap = new HashMap<>();
@@ -100,6 +101,7 @@ public void retrieveTokenFromRequestCtxTest_cached_validKey() throws APISecurity
         RequestContext.Builder requestContextBuilder = new RequestContext.Builder("/api-key");
         requestContextBuilder.matchedAPI(new APIConfig.Builder("Petstore")
                 .basePath("/test")
+                .uuid("6003a3b7-af0f-4fb3-853e-a6562b2345f2")
                 .apiType("REST")
                 .build());
         Map<String, String> headersMap = new HashMap<>();
@@ -131,6 +133,7 @@ public void retrieveTokenFromRequestCtxTest_validKey() throws APISecurityExcepti
         RequestContext.Builder requestContextBuilder = new RequestContext.Builder("/api-key");
         requestContextBuilder.matchedAPI(new APIConfig.Builder("Petstore")
                 .basePath("/test")
+                .uuid("6003a3b7-af0f-4fb3-853e-a6562b2345f2")
                 .apiType("REST")
                 .build());
         Map<String, String> headersMap = new HashMap<>();

Original file line number	Diff line number	Diff line change
`@@ -109,22 +109,23 @@ protected String retrieveTokenFromRequestCtx(RequestContext requestContext) thro`
`109`	`109`	`APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);`
`110`	`110`	`}`
`111`	`111`	`String keyHash = APIKeyUtils.generateAPIKeyHash(apiKey);`
`112`		`- Object cachedJWT = CacheProvider.getGatewayAPIKeyJWTCache().getIfPresent(keyHash);`
	`112`	`+ String apiKeyId = keyHash + APIKeyConstants.API_KEY_ID_SEPARATOR + requestContext.getMatchedAPI().getUuid();`
	`113`	`+ Object cachedJWT = CacheProvider.getGatewayAPIKeyJWTCache().getIfPresent(apiKeyId);`
`113`	`114`	`if (cachedJWT != null && !APIKeyUtils.isJWTExpired((String) cachedJWT)) {`
`114`	`115`	`if (log.isDebugEnabled()) {`
`115`	`116`	`log.debug("Token retrieved from the cache. Token: " + FilterUtils.getMaskedToken(keyHash));`
`116`	`117`	`}`
`117`	`118`	`return (String) cachedJWT;`
`118`	`119`	`}`
`119`	`120`	`// Exchange the API Key to a JWT token.`
`120`		`- Optional<String> jwt = APIKeyUtils.exchangeAPIKeyToJWT(keyHash);`
	`121`	`+ Optional<String> jwt = APIKeyUtils.exchangeAPIKeyToJWT(apiKeyId);`
`121`	`122`	`if (jwt.isEmpty()) {`
`122`	`123`	`throw new APISecurityException(APIConstants.StatusCodes.UNAUTHENTICATED.getCode(),`
`123`	`124`	`APISecurityConstants.API_AUTH_INVALID_CREDENTIALS,`
`124`	`125`	`APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE);`
`125`	`126`	`}`
`126`	`127`	`// Cache the JWT token.`
`127`		`- CacheProvider.getGatewayAPIKeyJWTCache().put(keyHash, jwt.get());`
	`128`	`+ CacheProvider.getGatewayAPIKeyJWTCache().put(apiKeyId, jwt.get());`
`128`	`129`	`return jwt.get();`
`129`	`130`	`}`
`130`	`131`
Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,8 @@ public class APIKeyConstants {`
`28`	`28`
`29`	`29`	`public static final String API_KEY_JSON_KEY = "key";`
`30`	`30`
	`31`	`+ public static final String API_KEY_ID_SEPARATOR = "#";`
	`32`	`+`
`31`	`33`	`public static final String PAT_EXCHANGE_ENDPOINT = "/internal/pat";`
`32`	`34`	`public static final String API_KEY_EXCHANGE_ENDPOINT = "/internal/apiKey/token";`
`33`	`35`	`}`