diff --git a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/APIKeyAuthenticator.java b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/APIKeyAuthenticator.java index caf7f8ff89..b30fe55a99 100644 --- a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/APIKeyAuthenticator.java +++ b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/APIKeyAuthenticator.java @@ -109,7 +109,8 @@ protected String retrieveTokenFromRequestCtx(RequestContext requestContext) thro APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE); } String keyHash = APIKeyUtils.generateAPIKeyHash(apiKey); - Object cachedJWT = CacheProvider.getGatewayAPIKeyJWTCache().getIfPresent(keyHash); + String apiKeyId = keyHash + APIKeyConstants.API_KEY_ID_SEPARATOR + requestContext.getMatchedAPI().getUuid(); + Object cachedJWT = CacheProvider.getGatewayAPIKeyJWTCache().getIfPresent(apiKeyId); if (cachedJWT != null && !APIKeyUtils.isJWTExpired((String) cachedJWT)) { if (log.isDebugEnabled()) { log.debug("Token retrieved from the cache. Token: " + FilterUtils.getMaskedToken(keyHash)); @@ -117,14 +118,14 @@ protected String retrieveTokenFromRequestCtx(RequestContext requestContext) thro return (String) cachedJWT; } // Exchange the API Key to a JWT token. - Optional jwt = APIKeyUtils.exchangeAPIKeyToJWT(keyHash); + Optional jwt = APIKeyUtils.exchangeAPIKeyToJWT(apiKeyId); if (jwt.isEmpty()) { throw new APISecurityException(APIConstants.StatusCodes.UNAUTHENTICATED.getCode(), APISecurityConstants.API_AUTH_INVALID_CREDENTIALS, APISecurityConstants.API_AUTH_INVALID_CREDENTIALS_MESSAGE); } // Cache the JWT token. - CacheProvider.getGatewayAPIKeyJWTCache().put(keyHash, jwt.get()); + CacheProvider.getGatewayAPIKeyJWTCache().put(apiKeyId, jwt.get()); return jwt.get(); } diff --git a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/APIKeyConstants.java b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/APIKeyConstants.java index 82fc8613ba..746213361c 100644 --- a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/APIKeyConstants.java +++ b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/APIKeyConstants.java @@ -28,6 +28,8 @@ public class APIKeyConstants { public static final String API_KEY_JSON_KEY = "key"; + public static final String API_KEY_ID_SEPARATOR = "#"; + public static final String PAT_EXCHANGE_ENDPOINT = "/internal/pat"; public static final String API_KEY_EXCHANGE_ENDPOINT = "/internal/apiKey/token"; } diff --git a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/APIKeyUtils.java b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/APIKeyUtils.java index 19351df21a..af8654cb82 100644 --- a/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/APIKeyUtils.java +++ b/enforcer-parent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/security/jwt/APIKeyUtils.java @@ -144,10 +144,10 @@ public static Optional exchangePATToJWT(String patHash) { /** * Exchange a given API key hash to a JWT token. * - * @param apiKeyHash API Key Hash + * @param apiKeyId API Key Hash + "#" + API ID. * @return JWT corresponding to given API Key. */ - public static Optional exchangeAPIKeyToJWT(String apiKeyHash) { + public static Optional exchangeAPIKeyToJWT(String apiKeyId) { URL url = null; try { @@ -162,7 +162,7 @@ public static Optional exchangeAPIKeyToJWT(String apiKeyHash) { // Create a request to exchange API key to JWT. HttpPost exchangeRequest = new HttpPost(url.toURI()); exchangeRequest.addHeader("Content-Type", ContentType.APPLICATION_JSON.toString()); - exchangeRequest.setEntity(new StringEntity(createKeyHashExchangeRequest(apiKeyHash))); + exchangeRequest.setEntity(new StringEntity(createKeyHashExchangeRequest(apiKeyId))); try (CloseableHttpResponse response = httpClient.execute(exchangeRequest)) { if (response.getStatusLine().getStatusCode() == 200) { HttpEntity entity = response.getEntity(); diff --git a/enforcer-parent/enforcer/src/test/java/org/wso2/choreo/connect/enforcer/security/jwt/APIKeyAuthenticatorTest.java b/enforcer-parent/enforcer/src/test/java/org/wso2/choreo/connect/enforcer/security/jwt/APIKeyAuthenticatorTest.java index 47371e7fd2..aa524e915a 100644 --- a/enforcer-parent/enforcer/src/test/java/org/wso2/choreo/connect/enforcer/security/jwt/APIKeyAuthenticatorTest.java +++ b/enforcer-parent/enforcer/src/test/java/org/wso2/choreo/connect/enforcer/security/jwt/APIKeyAuthenticatorTest.java @@ -70,6 +70,7 @@ public void retrieveTokenFromRequestCtxTest_invalidKey() { RequestContext.Builder requestContextBuilder = new RequestContext.Builder("/api-key"); requestContextBuilder.matchedAPI(new APIConfig.Builder("Petstore") .basePath("/test") + .uuid("6003a3b7-af0f-4fb3-853e-a6562b2345f2") .apiType("REST") .build()); Map headersMap = new HashMap<>(); @@ -100,6 +101,7 @@ public void retrieveTokenFromRequestCtxTest_cached_validKey() throws APISecurity RequestContext.Builder requestContextBuilder = new RequestContext.Builder("/api-key"); requestContextBuilder.matchedAPI(new APIConfig.Builder("Petstore") .basePath("/test") + .uuid("6003a3b7-af0f-4fb3-853e-a6562b2345f2") .apiType("REST") .build()); Map headersMap = new HashMap<>(); @@ -131,6 +133,7 @@ public void retrieveTokenFromRequestCtxTest_validKey() throws APISecurityExcepti RequestContext.Builder requestContextBuilder = new RequestContext.Builder("/api-key"); requestContextBuilder.matchedAPI(new APIConfig.Builder("Petstore") .basePath("/test") + .uuid("6003a3b7-af0f-4fb3-853e-a6562b2345f2") .apiType("REST") .build()); Map headersMap = new HashMap<>();