From d1cfc17981df0549f0c2af063580d72db8dcb403 Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Thu, 31 Aug 2023 11:53:21 +0530 Subject: [PATCH 01/34] Added the DAO layer for Managing KeyManagerPermissions --- .../carbon/apimgt/impl/dao/ApiMgtDAO.java | 123 +++++++++++++++++- .../impl/dao/constants/SQLConstants.java | 37 ++++++ .../impl/dto/KeyManagerPermissionDTO.java | 63 +++++++++ 3 files changed, 217 insertions(+), 6 deletions(-) create mode 100644 components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/KeyManagerPermissionDTO.java diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java index fad6dfd9d0d2..78e0b33d58e3 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java @@ -107,12 +107,7 @@ import org.wso2.carbon.apimgt.impl.alertmgt.AlertMgtConstants; import org.wso2.carbon.apimgt.impl.dao.constants.SQLConstants; import org.wso2.carbon.apimgt.impl.dao.constants.SQLConstants.ThrottleSQLConstants; -import org.wso2.carbon.apimgt.impl.dto.APIInfoDTO; -import org.wso2.carbon.apimgt.impl.dto.APIKeyInfoDTO; -import org.wso2.carbon.apimgt.impl.dto.APISubscriptionInfoDTO; -import org.wso2.carbon.apimgt.impl.dto.ApplicationRegistrationWorkflowDTO; -import org.wso2.carbon.apimgt.impl.dto.TierPermissionDTO; -import org.wso2.carbon.apimgt.impl.dto.WorkflowDTO; +import org.wso2.carbon.apimgt.impl.dto.*; import org.wso2.carbon.apimgt.impl.factory.KeyManagerHolder; import org.wso2.carbon.apimgt.impl.factory.SQLConstantManagerFactory; import org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder; @@ -9296,6 +9291,122 @@ public void deleteKeyManagerConfigurationById(String id, String organization) th } + public KeyManagerPermissionDTO getKeyManagerPermission(String keyManagerUUID, String role) throws APIManagementException { + + Connection conn = null; + PreparedStatement ps = null; + ResultSet resultSet = null; + + KeyManagerPermissionDTO keyManagerPermission = null; + try { + String getKeyManagerPermissionQuery = SQLConstants.KeyManagerPermissionsSqlConstants.GET_KEY_MANAGER_PERMISSION_SQL; + conn = APIMgtDBUtil.getConnection(); + ps = conn.prepareStatement(getKeyManagerPermissionQuery); + + ps.setString(1, keyManagerUUID); + ps.setString(2, role); + + resultSet = ps.executeQuery(); + keyManagerPermission = new KeyManagerPermissionDTO(); + keyManagerPermission.setKeyManagerUUID(keyManagerUUID); + keyManagerPermission.setRole(role); + if(resultSet.next()){ + keyManagerPermission.setPermissionType(resultSet.getString("PERMISSIONS_TYPE")); + keyManagerPermission.setKeyManagerPermissionID(resultSet.getInt("KEY_MANAGER_PERMISSION_ID")); + } else { + keyManagerPermission.setPermissionType("Public"); + } + } catch (SQLException e) { + handleException("Failed to get Key Manager permission information for Key Manager " + keyManagerUUID + + "for the role " + role, e); + } finally { + APIMgtDBUtil.closeAllConnections(ps, conn, resultSet); + } + return keyManagerPermission; + } + + public void updateKeyManagerPermission(String keyManagerUUID, String role, String permissionType) + throws APIManagementException { + + Connection conn = null; + PreparedStatement ps = null; + PreparedStatement insertOrUpdatePS = null; + ResultSet resultSet = null; + int keyManagerPermissionId = -1; + + try { + conn = APIMgtDBUtil.getConnection(); + conn.setAutoCommit(false); + + String getKeyManagerPermissionQuery = SQLConstants.KeyManagerPermissionsSqlConstants.GET_KEY_MANAGER_PERMISSION_ID_SQL; + ps = conn.prepareStatement(getKeyManagerPermissionQuery); + ps.setString(1, keyManagerUUID); + ps.setString(2, role); + resultSet = ps.executeQuery(); + if (resultSet.next()) { + keyManagerPermissionId = resultSet.getInt("KEY_MANAGER_PERMISSION_ID"); + } + + if (keyManagerPermissionId == -1) { + String query = SQLConstants.KeyManagerPermissionsSqlConstants.ADD_KEY_MANAGER_PERMISSION_SQL; + insertOrUpdatePS = conn.prepareStatement(query); + insertOrUpdatePS.setString(1, keyManagerUUID); + insertOrUpdatePS.setString(2, permissionType); + insertOrUpdatePS.setString(3, role); + insertOrUpdatePS.execute(); + } else { + String query = SQLConstants.KeyManagerPermissionsSqlConstants.UPDATE_KEY_MANAGER_PERMISSION_SQL; + insertOrUpdatePS = conn.prepareStatement(query); + insertOrUpdatePS.setString(1, keyManagerUUID); + insertOrUpdatePS.setString(2, permissionType); + insertOrUpdatePS.setString(3, role); + insertOrUpdatePS.setInt(4, keyManagerPermissionId); + insertOrUpdatePS.executeUpdate(); + } + conn.commit(); + } catch (SQLException e) { + handleException("Error in updating tier permissions: " + e.getMessage(), e); + } finally { + APIMgtDBUtil.closeAllConnections(ps, conn, resultSet); + APIMgtDBUtil.closeAllConnections(insertOrUpdatePS, null, null); + } + } + + public void deleteKeyManagerPermission(String keyManagerUUID, String role) throws APIManagementException { + int keyManagerPermissionId = -1; + try (Connection connection = APIMgtDBUtil.getConnection(); + PreparedStatement ps = connection.prepareStatement(SQLConstants.KeyManagerPermissionsSqlConstants.GET_KEY_MANAGER_PERMISSION_ID_SQL)) { + ps.setString(1, keyManagerUUID); + ps.setString(2, role); + try (ResultSet resultSet = ps.executeQuery()) { + if (resultSet.next()) { + keyManagerPermissionId = resultSet.getInt("KEY_MANAGER_PERMISSION_ID"); + } + } + if (keyManagerPermissionId != -1) { + try (PreparedStatement preparedStatement = connection.prepareStatement(SQLConstants + .KeyManagerPermissionsSqlConstants.DELETE_KEY_MANAGER_PERMISSION_SQL)) { + preparedStatement.setInt(1, keyManagerPermissionId); + preparedStatement.setString(2, role); + preparedStatement.executeUpdate(); + } + } + } catch (SQLException e) { + handleException("Error in deleting key manager permissions: " + e.getMessage(), e); + } + } + + public void deleteAllKeyManagerPermission(String keyManagerUUID) throws APIManagementException { + try (Connection connection = APIMgtDBUtil.getConnection(); + PreparedStatement preparedStatement = connection.prepareStatement(SQLConstants + .KeyManagerPermissionsSqlConstants.DELETE_ALL_KEY_MANAGER_PERMISSION_SQL)) { + preparedStatement.setString(1, keyManagerUUID); + preparedStatement.executeUpdate(); + } catch (SQLException e) { + handleException("Error in deleting key manager permissions: " + e.getMessage(), e); + } + } + public List getKeyManagerConfigurations() throws APIManagementException { List keyManagerConfigurationDTOS = new ArrayList<>(); diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java index 95cd95758985..36d642934ee8 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java @@ -3601,6 +3601,43 @@ public static class KeyManagerSqlConstants { "DELETE FROM AM_KEY_MANAGER WHERE UUID = ? AND ORGANIZATION = ?"; } + /** + * Static class to hold database queries related to AM_KEY_MANAGER_PERMISSIONS table + */ + public static class KeyManagerPermissionsSqlConstants { + + public static final String GET_KEY_MANAGER_PERMISSION_ID_SQL = + " SELECT KEY_MANAGER_PERMISSION_ID " + + " FROM AM_KEY_MANAGER_PERMISSIONS " + + " WHERE KEY_MANAGER_UUID = ? AND " + "ROLE = ?"; + + public static final String ADD_KEY_MANAGER_PERMISSION_SQL = + " INSERT INTO" + + " AM_KEY_MANAGER_PERMISSIONS (KEY_MANAGER_UUID, PERMISSIONS_TYPE, ROLE)" + + " VALUES(?, ?, ?)"; + + public static final String UPDATE_KEY_MANAGER_PERMISSION_SQL = + " UPDATE" + + " AM_KEY_MANAGER_PERMISSIONS " + + " SET " + + " KEY_MANAGER_UUID = ?, " + + " PERMISSIONS_TYPE = ?," + + " ROLE = ? " + + " WHERE " + + " KEY_MANAGER_PERMISSIONS_ID = ? "; + + public static final String DELETE_KEY_MANAGER_PERMISSION_SQL = "DELETE FROM AM_KEY_MANAGER_PERMISSIONS WHERE " + + "KEY_MANAGER_PERMISSION_ID = ?"; + + public static final String DELETE_ALL_KEY_MANAGER_PERMISSION_SQL = "DELETE FROM AM_KEY_MANAGER_PERMISSIONS WHERE " + + "KEY_MANAGER_UUID = ?"; + + public static final String GET_KEY_MANAGER_PERMISSION_SQL = + " SELECT KEY_MANAGER_PERMISSION_ID, PERMISSIONS_TYPE" + + " FROM AM_KEY_MANAGER_PERMISSIONS " + + " WHERE KEY_MANAGER_UUID = ? AND ROLE = ?"; + } + /** * Static class to hold database queries related to AM_TENANT_THEMES table */ diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/KeyManagerPermissionDTO.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/KeyManagerPermissionDTO.java new file mode 100644 index 000000000000..a147870ea2ce --- /dev/null +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/KeyManagerPermissionDTO.java @@ -0,0 +1,63 @@ +/* + * Copyright (c) 2005-2023, WSO2 LLC. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.wso2.carbon.apimgt.impl.dto; + +import java.io.Serializable; + +public class KeyManagerPermissionDTO implements Serializable { + + private static final long serialVersionUID = 1L; + + private int keyManagerPermissionID; + private String keyManagerUUID; + private String permissionType; + private String role; + + public int getKeyManagerPermissionID () { + return keyManagerPermissionID; + } + + public void setKeyManagerPermissionID (int keyManagerPermissionID) { + this.keyManagerPermissionID = keyManagerPermissionID; + } + + public String getKeyManagerUUID () { + return keyManagerUUID; + } + + public void setKeyManagerUUID (String keyManagerUUID) { + this.keyManagerUUID = keyManagerUUID; + } + + public String getPermissionType () { + return permissionType; + } + + public void setPermissionType (String permissionType) { + this.permissionType = permissionType; + } + + public String getRole () { + return role; + } + + public void setRole (String role) { + this.role = role; + } +} From ca79bbc6492f76c7d1a196c6e1f4044bbcc05f47 Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Tue, 5 Sep 2023 15:40:47 +0530 Subject: [PATCH 02/34] Adds KeyManagerPermissionDTO --- .../KeyManagerPermissionConfigurationDTO.java | 54 +++++++ .../impl/dto/KeyManagerPermissionDTO.java | 63 -------- .../admin/v1/dto/KeyManagerPermissionDTO.java | 141 ++++++++++++++++++ 3 files changed, 195 insertions(+), 63 deletions(-) create mode 100644 components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerPermissionConfigurationDTO.java delete mode 100644 components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/KeyManagerPermissionDTO.java create mode 100644 components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/KeyManagerPermissionDTO.java diff --git a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerPermissionConfigurationDTO.java b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerPermissionConfigurationDTO.java new file mode 100644 index 000000000000..2369f3e01024 --- /dev/null +++ b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerPermissionConfigurationDTO.java @@ -0,0 +1,54 @@ +package org.wso2.carbon.apimgt.api.dto; + + +import java.io.Serializable; + +public class KeyManagerPermissionConfigurationDTO implements Serializable { + + private Integer keyManagerPermissionID = null; + private String keyManagerUUID = null; + private String permissionType = null; + private String role = null; + + public KeyManagerPermissionConfigurationDTO () { + } + + public KeyManagerPermissionConfigurationDTO (Integer keyManagerPermissionID, String keyManagerUUID, String permissionType, String role) { + this.keyManagerPermissionID = keyManagerPermissionID; + this.keyManagerUUID = keyManagerUUID; + this.permissionType = permissionType; + this.role = role; + } + + public Integer getKeyManagerPermissionID () { + return keyManagerPermissionID; + } + + public void setKeyManagerPermissionID (Integer keyManagerPermissionID) { + this.keyManagerPermissionID = keyManagerPermissionID; + } + + public String getKeyManagerUUID () { + return keyManagerUUID; + } + + public void setKeyManagerUUID (String keyManagerUUID) { + this.keyManagerUUID = keyManagerUUID; + } + + public String getPermissionType () { + return permissionType; + } + + public void setPermissionType (String permissionType) { + this.permissionType = permissionType; + } + + public String getRole () { + return role; + } + + public void setRole (String role) { + this.role = role; + } +} diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/KeyManagerPermissionDTO.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/KeyManagerPermissionDTO.java deleted file mode 100644 index a147870ea2ce..000000000000 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dto/KeyManagerPermissionDTO.java +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright (c) 2005-2023, WSO2 LLC. (http://www.wso2.org) All Rights Reserved. - * - * WSO2 LLC. licenses this file to you under the Apache License, - * Version 2.0 (the "License"); you may not use this file except - * in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.wso2.carbon.apimgt.impl.dto; - -import java.io.Serializable; - -public class KeyManagerPermissionDTO implements Serializable { - - private static final long serialVersionUID = 1L; - - private int keyManagerPermissionID; - private String keyManagerUUID; - private String permissionType; - private String role; - - public int getKeyManagerPermissionID () { - return keyManagerPermissionID; - } - - public void setKeyManagerPermissionID (int keyManagerPermissionID) { - this.keyManagerPermissionID = keyManagerPermissionID; - } - - public String getKeyManagerUUID () { - return keyManagerUUID; - } - - public void setKeyManagerUUID (String keyManagerUUID) { - this.keyManagerUUID = keyManagerUUID; - } - - public String getPermissionType () { - return permissionType; - } - - public void setPermissionType (String permissionType) { - this.permissionType = permissionType; - } - - public String getRole () { - return role; - } - - public void setRole (String role) { - this.role = role; - } -} diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/KeyManagerPermissionDTO.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/KeyManagerPermissionDTO.java new file mode 100644 index 000000000000..934bef2ba040 --- /dev/null +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/KeyManagerPermissionDTO.java @@ -0,0 +1,141 @@ +package org.wso2.carbon.apimgt.rest.api.admin.v1.dto; + +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonCreator; +import io.swagger.annotations.ApiModel; +import io.swagger.annotations.ApiModelProperty; +import javax.validation.constraints.*; + + +import io.swagger.annotations.*; +import java.util.Objects; + +import javax.xml.bind.annotation.*; +import org.wso2.carbon.apimgt.rest.api.common.annotations.Scope; +import com.fasterxml.jackson.annotation.JsonCreator; + +import javax.validation.Valid; + + + +public class KeyManagerPermissionDTO { + + private Integer keyManagerPermissionID = null; + private String keyManagerUUID = null; + private String permissionType = null; + private String role = null; + + /** + **/ + public KeyManagerPermissionDTO keyManagerPermissionID(Integer keyManagerPermissionID) { + this.keyManagerPermissionID = keyManagerPermissionID; + return this; + } + + + @ApiModelProperty(value = "") + @JsonProperty("keyManagerPermissionID") + public Integer getKeyManagerPermissionID() { + return keyManagerPermissionID; + } + public void setKeyManagerPermissionID(Integer keyManagerPermissionID) { + this.keyManagerPermissionID = keyManagerPermissionID; + } + + /** + **/ + public KeyManagerPermissionDTO keyManagerUUID(String keyManagerUUID) { + this.keyManagerUUID = keyManagerUUID; + return this; + } + + + @ApiModelProperty(value = "") + @JsonProperty("keyManagerUUID") + public String getKeyManagerUUID() { + return keyManagerUUID; + } + public void setKeyManagerUUID(String keyManagerUUID) { + this.keyManagerUUID = keyManagerUUID; + } + + /** + **/ + public KeyManagerPermissionDTO permissionType(String permissionType) { + this.permissionType = permissionType; + return this; + } + + + @ApiModelProperty(value = "") + @JsonProperty("permissionType") + public String getPermissionType() { + return permissionType; + } + public void setPermissionType(String permissionType) { + this.permissionType = permissionType; + } + + /** + **/ + public KeyManagerPermissionDTO role(String role) { + this.role = role; + return this; + } + + + @ApiModelProperty(value = "") + @JsonProperty("role") + public String getRole() { + return role; + } + public void setRole(String role) { + this.role = role; + } + + + @Override + public boolean equals(java.lang.Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + KeyManagerPermissionDTO keyManagerPermission = (KeyManagerPermissionDTO) o; + return Objects.equals(keyManagerPermissionID, keyManagerPermission.keyManagerPermissionID) && + Objects.equals(keyManagerUUID, keyManagerPermission.keyManagerUUID) && + Objects.equals(permissionType, keyManagerPermission.permissionType) && + Objects.equals(role, keyManagerPermission.role); + } + + @Override + public int hashCode() { + return Objects.hash(keyManagerPermissionID, keyManagerUUID, permissionType, role); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("class KeyManagerPermissionDTO {\n"); + + sb.append(" keyManagerPermissionID: ").append(toIndentedString(keyManagerPermissionID)).append("\n"); + sb.append(" keyManagerUUID: ").append(toIndentedString(keyManagerUUID)).append("\n"); + sb.append(" permissionType: ").append(toIndentedString(permissionType)).append("\n"); + sb.append(" role: ").append(toIndentedString(role)).append("\n"); + sb.append("}"); + return sb.toString(); + } + + /** + * Convert the given object to string with each line indented by 4 spaces + * (except the first line). + */ + private String toIndentedString(java.lang.Object o) { + if (o == null) { + return "null"; + } + return o.toString().replace("\n", "\n "); + } +} + From 7ed5efd3522747c3880a2f92be2c1065076b3302 Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Tue, 5 Sep 2023 15:41:49 +0530 Subject: [PATCH 03/34] Changes in DB layer for KeyManagerPermissions --- .../org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java index 78e0b33d58e3..8ab05bcbcc3b 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java @@ -33,12 +33,7 @@ import org.wso2.carbon.apimgt.api.ExceptionCodes; import org.wso2.carbon.apimgt.api.SubscriptionAlreadyExistingException; import org.wso2.carbon.apimgt.api.SubscriptionBlockedException; -import org.wso2.carbon.apimgt.api.dto.ClientCertificateDTO; -import org.wso2.carbon.apimgt.api.dto.ClonePolicyMetadataDTO; -import org.wso2.carbon.apimgt.api.dto.ConditionDTO; -import org.wso2.carbon.apimgt.api.dto.ConditionGroupDTO; -import org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO; -import org.wso2.carbon.apimgt.api.dto.UserApplicationAPIUsage; +import org.wso2.carbon.apimgt.api.dto.*; import org.wso2.carbon.apimgt.api.model.API; import org.wso2.carbon.apimgt.api.model.APICategory; import org.wso2.carbon.apimgt.api.model.APIIdentifier; @@ -108,6 +103,7 @@ import org.wso2.carbon.apimgt.impl.dao.constants.SQLConstants; import org.wso2.carbon.apimgt.impl.dao.constants.SQLConstants.ThrottleSQLConstants; import org.wso2.carbon.apimgt.impl.dto.*; +import org.wso2.carbon.apimgt.impl.dto.WorkflowDTO; import org.wso2.carbon.apimgt.impl.factory.KeyManagerHolder; import org.wso2.carbon.apimgt.impl.factory.SQLConstantManagerFactory; import org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder; @@ -9291,13 +9287,13 @@ public void deleteKeyManagerConfigurationById(String id, String organization) th } - public KeyManagerPermissionDTO getKeyManagerPermission(String keyManagerUUID, String role) throws APIManagementException { + public KeyManagerPermissionConfigurationDTO getKeyManagerPermission(String keyManagerUUID, String role) throws APIManagementException { Connection conn = null; PreparedStatement ps = null; ResultSet resultSet = null; - KeyManagerPermissionDTO keyManagerPermission = null; + KeyManagerPermissionConfigurationDTO keyManagerPermission = null; try { String getKeyManagerPermissionQuery = SQLConstants.KeyManagerPermissionsSqlConstants.GET_KEY_MANAGER_PERMISSION_SQL; conn = APIMgtDBUtil.getConnection(); @@ -9307,7 +9303,7 @@ public KeyManagerPermissionDTO getKeyManagerPermission(String keyManagerUUID, St ps.setString(2, role); resultSet = ps.executeQuery(); - keyManagerPermission = new KeyManagerPermissionDTO(); + keyManagerPermission = new KeyManagerPermissionConfigurationDTO(); keyManagerPermission.setKeyManagerUUID(keyManagerUUID); keyManagerPermission.setRole(role); if(resultSet.next()){ From 9a74cdb7a1926eb6ca7fcdc4482cfe7fe2e84c45 Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Tue, 26 Sep 2023 08:36:32 +0530 Subject: [PATCH 04/34] Adding the dao calls for key manager permissions --- .../org/wso2/carbon/apimgt/api/APIAdmin.java | 54 +++++++++++++++ .../wso2/carbon/apimgt/impl/APIAdminImpl.java | 67 +++++++++++++++++++ .../wso2/carbon/apimgt/impl/APIConstants.java | 3 + 3 files changed, 124 insertions(+) diff --git a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIAdmin.java b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIAdmin.java index f64f7aedc561..17da4c724bdd 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIAdmin.java +++ b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIAdmin.java @@ -18,6 +18,7 @@ package org.wso2.carbon.apimgt.api; import org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO; +import org.wso2.carbon.apimgt.api.dto.KeyManagerPermissionConfigurationDTO; import org.wso2.carbon.apimgt.api.model.APICategory; import org.wso2.carbon.apimgt.api.model.Application; import org.wso2.carbon.apimgt.api.model.ApplicationInfo; @@ -332,6 +333,59 @@ KeyManagerConfigurationDTO addKeyManagerConfiguration(KeyManagerConfigurationDTO KeyManagerConfigurationDTO updateKeyManagerConfiguration(KeyManagerConfigurationDTO keyManagerConfigurationDTO) throws APIManagementException; + /** + * This method used to get key manager permissions with key manager id and role + * @param id uuid of key manager + * @param role role of the user + * @return key manager permissions + * @throws APIManagementException + */ + KeyManagerPermissionConfigurationDTO getKeyManagerPermissionForRole(String id, String role) throws APIManagementException; + + /** + * This method used to get key manager permissions with key manager id and role + * @param id uuid of key manager + * @return key manager permissions + * @throws APIManagementException + */ + List getKeyManagerPermissions(String id) throws APIManagementException; + + /** + * This method used to create key Manager + * @param id uuid of key manager + * @param permissions key manager permission data + * @return created key manager permissions + * @throws APIManagementException + */ + List addKeyManagerPermissions(String id, List permissions) + throws APIManagementException; + + /** + * This method used to update key Manager + * @param permissions key manager permission data + * @return updated key manager permissions + * @throws APIManagementException + */ + List updateKeyManagerPermissions(List permissions) + throws APIManagementException; + + /** + * This method used to delete key manager permission by role + * @param id uuid of key manager + * @param role role of the user + * @throws APIManagementException + */ + void deleteKeyManagerPermissionByRole(String id, String role) + throws APIManagementException; + + /** + * This method used to delete key manager permissions + * @param id uuid of key manager + * @throws APIManagementException + */ + void deleteKeyManagerPermissionsByUUID(String id) + throws APIManagementException; + /** * hTis method used to delete IDP mapped with key manager * @param organization organization requested diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIAdminImpl.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIAdminImpl.java index a36e9b7e21a1..4904b8e4d708 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIAdminImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIAdminImpl.java @@ -39,6 +39,7 @@ import org.wso2.carbon.apimgt.api.APIMgtResourceNotFoundException; import org.wso2.carbon.apimgt.api.ExceptionCodes; import org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO; +import org.wso2.carbon.apimgt.api.dto.KeyManagerPermissionConfigurationDTO; import org.wso2.carbon.apimgt.api.model.APICategory; import org.wso2.carbon.apimgt.api.model.Application; import org.wso2.carbon.apimgt.api.model.ApplicationInfo; @@ -746,6 +747,72 @@ public KeyManagerConfigurationDTO updateKeyManagerConfiguration( return keyManagerConfigurationDTO; } + @Override + public KeyManagerPermissionConfigurationDTO getKeyManagerPermissionForRole (String id, String role) throws APIManagementException { + KeyManagerPermissionConfigurationDTO keyManagerPermissionConfigurationDTO = null; + try { + keyManagerPermissionConfigurationDTO = apiMgtDAO.getKeyManagerPermission(id, role); + } catch (Exception e) { + throw new APIManagementException("Key Manager Permissions deletion failed " + e.getMessage()); + } + return keyManagerPermissionConfigurationDTO; + } + + @Override + public List getKeyManagerPermissions (String id) throws APIManagementException { + List keyManagerPermissionConfigurationDTOs = new ArrayList<>();; + try { + keyManagerPermissionConfigurationDTOs = apiMgtDAO.getKeyManagerPermissions(id); + } catch (Exception e) { + throw new APIManagementException("Key Manager Permissions retrieval failed " + e.getMessage()); + } + return keyManagerPermissionConfigurationDTOs; + } + + @Override + public List addKeyManagerPermissions (String id, List permissions) throws APIManagementException { + try{ + for (KeyManagerPermissionConfigurationDTO permission : permissions) { + apiMgtDAO.updateKeyManagerPermission(id, + permission.getRole(), permission.getPermissionType()); + } + } catch (Exception e) { + throw new APIManagementException("Key Manager Permission creation failed " + e.getMessage()); + } + return permissions; + } + + @Override + public List updateKeyManagerPermissions (List permissions) throws APIManagementException { + try{ + for (KeyManagerPermissionConfigurationDTO permission : permissions) { + apiMgtDAO.updateKeyManagerPermission(permission.getKeyManagerUUID(), + permission.getRole(), permission.getPermissionType()); + } + } catch (Exception e) { + throw new APIManagementException("Key Manager Permission updation failed " + e.getMessage()); + } + return permissions; + } + + @Override + public void deleteKeyManagerPermissionByRole (String id, String role) throws APIManagementException { + try { + apiMgtDAO.deleteKeyManagerPermission(id, role); + } catch (Exception e) { + throw new APIManagementException("Key Manager Permissions deletion failed " + e.getMessage()); + } + } + + @Override + public void deleteKeyManagerPermissionsByUUID (String id) throws APIManagementException { + try { + apiMgtDAO.deleteAllKeyManagerPermission(id); + } catch (Exception e) { + throw new APIManagementException("Key Manager Permissions deletion failed " + e.getMessage()); + } + } + private IdentityProvider updatedIDP(IdentityProvider retrievedIDP, KeyManagerConfigurationDTO keyManagerConfigurationDTO) { diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java index 102f2ee7d780..50cf0a1ad54d 100755 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java @@ -2582,6 +2582,9 @@ public static class KeyManager { public static final String PKCE_MANDATORY = "pkceMandatory"; public static final String PKCE_SUPPORT_PLAIN = "pkceSupportPlain"; public static final String BYPASS_CLIENT_CREDENTIALS = "bypassClientCredentials"; + public static final String PERMISSIONS = "permissions"; + public static final String ROLES = "roles"; + public static final String PERMISSION_TYPE = "permissionType"; public static class KeyManagerEvent { From 65dfb4898f8f234215634e43edb6a4284d95515e Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Tue, 26 Sep 2023 08:38:04 +0530 Subject: [PATCH 05/34] Adds consumer layer implementation with dao --- .../wso2/carbon/apimgt/api/APIConsumer.java | 20 +++++ .../carbon/apimgt/impl/APIConsumerImpl.java | 77 +++++++++++++++++-- 2 files changed, 90 insertions(+), 7 deletions(-) diff --git a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIConsumer.java b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIConsumer.java index 6bfd81acb978..0e770a49740e 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIConsumer.java +++ b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIConsumer.java @@ -21,6 +21,7 @@ import org.json.simple.JSONArray; import org.json.simple.JSONObject; +import org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO; import org.wso2.carbon.apimgt.api.model.API; import org.wso2.carbon.apimgt.api.model.APIIdentifier; import org.wso2.carbon.apimgt.api.model.APIKey; @@ -797,4 +798,23 @@ Set getPaginatedSubscribedAPIsByApplication(Application applicati * @throws APIManagementException if failed to retrieve policy. */ Tier getThrottlePolicyByName(String name, int policyType, String organization) throws APIManagementException; + + /** + * This method used to retrieve key manager configurations for tenant + * @param organization organization of the key manager + * @param username username of the logged in user + * @return KeyManagerConfigurationDTO list + * @throws APIManagementException if error occurred + */ + List getKeyManagerConfigurationsByOrganization(String organization, String username) throws APIManagementException; + + /** + * This method used to retrieve key manager configurations for tenant + * @param uuid uuid of the key manager + * @param user username of the logged in user + * @return boolean + * @throws APIManagementException if error occurred + */ + boolean isKeyManagerAllowedForUser(String uuid, String username) throws APIManagementException; + } diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java index 003d672a1f6d..7f7a5da668b0 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java @@ -31,14 +31,9 @@ import org.json.simple.parser.JSONParser; import org.json.simple.parser.ParseException; import org.wso2.carbon.CarbonConstants; -import org.wso2.carbon.apimgt.api.APIConsumer; -import org.wso2.carbon.apimgt.api.APIDefinition; -import org.wso2.carbon.apimgt.api.APIManagementException; -import org.wso2.carbon.apimgt.api.APIMgtAuthorizationFailedException; -import org.wso2.carbon.apimgt.api.APIMgtResourceNotFoundException; -import org.wso2.carbon.apimgt.api.ExceptionCodes; -import org.wso2.carbon.apimgt.api.WorkflowResponse; +import org.wso2.carbon.apimgt.api.*; import org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO; +import org.wso2.carbon.apimgt.api.dto.KeyManagerPermissionConfigurationDTO; import org.wso2.carbon.apimgt.api.model.API; import org.wso2.carbon.apimgt.api.model.APIIdentifier; import org.wso2.carbon.apimgt.api.model.APIKey; @@ -99,6 +94,7 @@ import org.wso2.carbon.apimgt.impl.recommendationmgt.RecommendationEnvironment; import org.wso2.carbon.apimgt.impl.recommendationmgt.RecommenderDetailsExtractor; import org.wso2.carbon.apimgt.impl.recommendationmgt.RecommenderEventPublisher; +import org.wso2.carbon.apimgt.impl.service.APIKeyMgtRemoteUserStoreMgtService; import org.wso2.carbon.apimgt.impl.token.ApiKeyGenerator; import org.wso2.carbon.apimgt.impl.utils.APIAPIProductNameComparator; import org.wso2.carbon.apimgt.impl.utils.APIMWSDLReader; @@ -4229,4 +4225,71 @@ private void checkSubscriptionAllowed(ApiTypeWrapper apiTypeWrapper) apiTypeWrapper.getTier(), username)); } } + + /** + * This method used to retrieve key manager configurations for tenant + * @param organization organization of the key manager + * @return KeyManagerConfigurationDTO list + * @throws APIManagementException if error occurred + */ + public List getKeyManagerConfigurationsByOrganization(String organization, String username) throws APIManagementException{ + APIAdmin apiAdmin = new APIAdminImpl(); + List keyManagerConfigurations = + apiAdmin.getKeyManagerConfigurationsByOrganization(organization); + APIKeyMgtRemoteUserStoreMgtService apiKeyMgtRemoteUserStoreMgtService = new APIKeyMgtRemoteUserStoreMgtService(); + String[] userRoles = apiKeyMgtRemoteUserStoreMgtService.getUserRoles(username); + System.out.println(Arrays.toString(userRoles)); + List permittedKeyManagerConfigurations = new ArrayList<>(); + if(keyManagerConfigurations.size() > 0) { + for (KeyManagerConfigurationDTO keyManagerConfiguration : keyManagerConfigurations) { + List permissions= + apiAdmin.getKeyManagerPermissions(keyManagerConfiguration.getUuid()); + if (permissions != null && permissions.size() > 0) { + String permissionType = permissions.get(0).getPermissionType(); + String[] permissionRoles = permissions + .stream() + .map(permission -> permission.getRole()) + .toArray(String[]::new); + if (permissionType.equals("ALLOW") && hasIntersection(userRoles,permissionRoles)) { + permittedKeyManagerConfigurations.add(keyManagerConfiguration); + } else if (permissionType.equals("DENY") && !(hasIntersection(userRoles,permissionRoles))){ + permittedKeyManagerConfigurations.add(keyManagerConfiguration); + } + } else { + permittedKeyManagerConfigurations.add(keyManagerConfiguration); + } + } + } + return permittedKeyManagerConfigurations; + } + public boolean isKeyManagerAllowedForUser(String uuid, String username) throws APIManagementException { + APIAdmin apiAdmin = new APIAdminImpl(); + List permissions= apiAdmin.getKeyManagerPermissions(uuid); + APIKeyMgtRemoteUserStoreMgtService apiKeyMgtRemoteUserStoreMgtService = new APIKeyMgtRemoteUserStoreMgtService(); + String[] userRoles = apiKeyMgtRemoteUserStoreMgtService.getUserRoles(username); + if (permissions != null && permissions.size() > 0) { + String permissionType = permissions.get(0).getPermissionType(); + String[] permissionRoles = permissions + .stream() + .map(permission -> permission.getRole()) + .toArray(String[]::new); + if (permissionType.equals("ALLOW") && hasIntersection(userRoles,permissionRoles)) { + return true; + } else if (permissionType.equals("DENY") && !(hasIntersection(userRoles,permissionRoles))){ + return true; + } + } + return false; + } + + public static boolean hasIntersection(String[] arr1, String[] arr2) { + for (String element : arr1) { + for (String element2 : arr2) { + if (element.equals(element2)) { + return true; + } + } + } + return false; + } } From 876c4a2b99679bfec852d7a3eb977f08982a1637 Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Tue, 26 Sep 2023 08:41:25 +0530 Subject: [PATCH 06/34] Adds DTO in admin and publiser portals --- .../api/dto/KeyManagerConfigurationDTO.java | 10 ++ .../rest/api/admin/v1/dto/KeyManagerDTO.java | 24 ++- .../admin/v1/dto/KeyManagerPermissionDTO.java | 141 ------------------ .../v1/dto/KeyManagerPermissionsDTO.java | 103 +++++++++++++ .../utils/mappings/KeyManagerMappingUtil.java | 47 +++++- .../publisher/v1/dto/KeyManagerInfoDTO.java | 23 ++- .../mappings/KeyManagerMappingUtil.java | 7 + 7 files changed, 204 insertions(+), 151 deletions(-) delete mode 100644 components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/KeyManagerPermissionDTO.java create mode 100644 components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/KeyManagerPermissionsDTO.java diff --git a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerConfigurationDTO.java b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerConfigurationDTO.java index bd89222a329e..9118c3efc351 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerConfigurationDTO.java +++ b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerConfigurationDTO.java @@ -20,6 +20,7 @@ import java.io.Serializable; import java.util.HashMap; +import java.util.List; import java.util.Map; /** @@ -42,6 +43,7 @@ public class KeyManagerConfigurationDTO implements Serializable { private String tokenType; private String externalReferenceId = null; private String alias = null; + private List permissions = null; public KeyManagerConfigurationDTO() { @@ -184,4 +186,12 @@ public void setEndpoints(Map endpoints) { this.endpoints = endpoints; } + + public List getPermissions () { + return permissions; + } + + public void setPermissions (List permissions) { + this.permissions = permissions; + } } diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/KeyManagerDTO.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/KeyManagerDTO.java index ac7af65f8c74..b9e426b5ba6c 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/KeyManagerDTO.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/KeyManagerDTO.java @@ -9,6 +9,7 @@ import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.ClaimMappingEntryDTO; import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerCertificatesDTO; import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerEndpointDTO; +import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerPermissionsDTO; import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.TokenValidationDTO; import javax.validation.constraints.*; @@ -58,6 +59,7 @@ public class KeyManagerDTO { private List tokenValidation = new ArrayList(); private Boolean enabled = null; private Object additionalProperties = null; + private KeyManagerPermissionsDTO permissions = null; @XmlType(name="TokenTypeEnum") @XmlEnum(String.class) @@ -646,6 +648,24 @@ public void setAdditionalProperties(Object additionalProperties) { this.additionalProperties = additionalProperties; } + /** + **/ + public KeyManagerDTO permissions(KeyManagerPermissionsDTO permissions) { + this.permissions = permissions; + return this; + } + + + @ApiModelProperty(value = "") + @Valid + @JsonProperty("permissions") + public KeyManagerPermissionsDTO getPermissions() { + return permissions; + } + public void setPermissions(KeyManagerPermissionsDTO permissions) { + this.permissions = permissions; + } + /** * The type of the tokens to be used (exchanged or without exchanged). Accepted values are EXCHANGED, DIRECT and BOTH. **/ @@ -706,12 +726,13 @@ public boolean equals(java.lang.Object o) { Objects.equals(tokenValidation, keyManager.tokenValidation) && Objects.equals(enabled, keyManager.enabled) && Objects.equals(additionalProperties, keyManager.additionalProperties) && + Objects.equals(permissions, keyManager.permissions) && Objects.equals(tokenType, keyManager.tokenType); } @Override public int hashCode() { - return Objects.hash(id, name, displayName, type, description, wellKnownEndpoint, introspectionEndpoint, clientRegistrationEndpoint, tokenEndpoint, displayTokenEndpoint, revokeEndpoint, displayRevokeEndpoint, userInfoEndpoint, authorizeEndpoint, endpoints, certificates, issuer, alias, scopeManagementEndpoint, availableGrantTypes, enableTokenGeneration, enableTokenEncryption, enableTokenHashing, enableMapOAuthConsumerApps, enableOAuthAppCreation, enableSelfValidationJWT, claimMapping, consumerKeyClaim, scopesClaim, tokenValidation, enabled, additionalProperties, tokenType); + return Objects.hash(id, name, displayName, type, description, wellKnownEndpoint, introspectionEndpoint, clientRegistrationEndpoint, tokenEndpoint, displayTokenEndpoint, revokeEndpoint, displayRevokeEndpoint, userInfoEndpoint, authorizeEndpoint, endpoints, certificates, issuer, alias, scopeManagementEndpoint, availableGrantTypes, enableTokenGeneration, enableTokenEncryption, enableTokenHashing, enableMapOAuthConsumerApps, enableOAuthAppCreation, enableSelfValidationJWT, claimMapping, consumerKeyClaim, scopesClaim, tokenValidation, enabled, additionalProperties, permissions, tokenType); } @Override @@ -751,6 +772,7 @@ public String toString() { sb.append(" tokenValidation: ").append(toIndentedString(tokenValidation)).append("\n"); sb.append(" enabled: ").append(toIndentedString(enabled)).append("\n"); sb.append(" additionalProperties: ").append(toIndentedString(additionalProperties)).append("\n"); + sb.append(" permissions: ").append(toIndentedString(permissions)).append("\n"); sb.append(" tokenType: ").append(toIndentedString(tokenType)).append("\n"); sb.append("}"); return sb.toString(); diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/KeyManagerPermissionDTO.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/KeyManagerPermissionDTO.java deleted file mode 100644 index 934bef2ba040..000000000000 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/KeyManagerPermissionDTO.java +++ /dev/null @@ -1,141 +0,0 @@ -package org.wso2.carbon.apimgt.rest.api.admin.v1.dto; - -import com.fasterxml.jackson.annotation.JsonProperty; -import com.fasterxml.jackson.annotation.JsonCreator; -import io.swagger.annotations.ApiModel; -import io.swagger.annotations.ApiModelProperty; -import javax.validation.constraints.*; - - -import io.swagger.annotations.*; -import java.util.Objects; - -import javax.xml.bind.annotation.*; -import org.wso2.carbon.apimgt.rest.api.common.annotations.Scope; -import com.fasterxml.jackson.annotation.JsonCreator; - -import javax.validation.Valid; - - - -public class KeyManagerPermissionDTO { - - private Integer keyManagerPermissionID = null; - private String keyManagerUUID = null; - private String permissionType = null; - private String role = null; - - /** - **/ - public KeyManagerPermissionDTO keyManagerPermissionID(Integer keyManagerPermissionID) { - this.keyManagerPermissionID = keyManagerPermissionID; - return this; - } - - - @ApiModelProperty(value = "") - @JsonProperty("keyManagerPermissionID") - public Integer getKeyManagerPermissionID() { - return keyManagerPermissionID; - } - public void setKeyManagerPermissionID(Integer keyManagerPermissionID) { - this.keyManagerPermissionID = keyManagerPermissionID; - } - - /** - **/ - public KeyManagerPermissionDTO keyManagerUUID(String keyManagerUUID) { - this.keyManagerUUID = keyManagerUUID; - return this; - } - - - @ApiModelProperty(value = "") - @JsonProperty("keyManagerUUID") - public String getKeyManagerUUID() { - return keyManagerUUID; - } - public void setKeyManagerUUID(String keyManagerUUID) { - this.keyManagerUUID = keyManagerUUID; - } - - /** - **/ - public KeyManagerPermissionDTO permissionType(String permissionType) { - this.permissionType = permissionType; - return this; - } - - - @ApiModelProperty(value = "") - @JsonProperty("permissionType") - public String getPermissionType() { - return permissionType; - } - public void setPermissionType(String permissionType) { - this.permissionType = permissionType; - } - - /** - **/ - public KeyManagerPermissionDTO role(String role) { - this.role = role; - return this; - } - - - @ApiModelProperty(value = "") - @JsonProperty("role") - public String getRole() { - return role; - } - public void setRole(String role) { - this.role = role; - } - - - @Override - public boolean equals(java.lang.Object o) { - if (this == o) { - return true; - } - if (o == null || getClass() != o.getClass()) { - return false; - } - KeyManagerPermissionDTO keyManagerPermission = (KeyManagerPermissionDTO) o; - return Objects.equals(keyManagerPermissionID, keyManagerPermission.keyManagerPermissionID) && - Objects.equals(keyManagerUUID, keyManagerPermission.keyManagerUUID) && - Objects.equals(permissionType, keyManagerPermission.permissionType) && - Objects.equals(role, keyManagerPermission.role); - } - - @Override - public int hashCode() { - return Objects.hash(keyManagerPermissionID, keyManagerUUID, permissionType, role); - } - - @Override - public String toString() { - StringBuilder sb = new StringBuilder(); - sb.append("class KeyManagerPermissionDTO {\n"); - - sb.append(" keyManagerPermissionID: ").append(toIndentedString(keyManagerPermissionID)).append("\n"); - sb.append(" keyManagerUUID: ").append(toIndentedString(keyManagerUUID)).append("\n"); - sb.append(" permissionType: ").append(toIndentedString(permissionType)).append("\n"); - sb.append(" role: ").append(toIndentedString(role)).append("\n"); - sb.append("}"); - return sb.toString(); - } - - /** - * Convert the given object to string with each line indented by 4 spaces - * (except the first line). - */ - private String toIndentedString(java.lang.Object o) { - if (o == null) { - return "null"; - } - return o.toString().replace("\n", "\n "); - } -} - diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/KeyManagerPermissionsDTO.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/KeyManagerPermissionsDTO.java new file mode 100644 index 000000000000..4c45209c713e --- /dev/null +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/KeyManagerPermissionsDTO.java @@ -0,0 +1,103 @@ +package org.wso2.carbon.apimgt.rest.api.admin.v1.dto; + +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.annotation.JsonCreator; +import io.swagger.annotations.ApiModel; +import io.swagger.annotations.ApiModelProperty; +import java.util.ArrayList; +import java.util.List; +import javax.validation.constraints.*; + + +import io.swagger.annotations.*; +import java.util.Objects; + +import javax.xml.bind.annotation.*; +import org.wso2.carbon.apimgt.rest.api.common.annotations.Scope; +import com.fasterxml.jackson.annotation.JsonCreator; + +import javax.validation.Valid; + + + +public class KeyManagerPermissionsDTO { + + private String permissionType = null; + private List roles = new ArrayList(); + + /** + **/ + public KeyManagerPermissionsDTO permissionType(String permissionType) { + this.permissionType = permissionType; + return this; + } + + + @ApiModelProperty(value = "") + @JsonProperty("permissionType") + public String getPermissionType() { + return permissionType; + } + public void setPermissionType(String permissionType) { + this.permissionType = permissionType; + } + + /** + **/ + public KeyManagerPermissionsDTO roles(List roles) { + this.roles = roles; + return this; + } + + + @ApiModelProperty(value = "") + @JsonProperty("roles") + public List getRoles() { + return roles; + } + public void setRoles(List roles) { + this.roles = roles; + } + + + @Override + public boolean equals(java.lang.Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + KeyManagerPermissionsDTO keyManagerPermissions = (KeyManagerPermissionsDTO) o; + return Objects.equals(permissionType, keyManagerPermissions.permissionType) && + Objects.equals(roles, keyManagerPermissions.roles); + } + + @Override + public int hashCode() { + return Objects.hash(permissionType, roles); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("class KeyManagerPermissionsDTO {\n"); + + sb.append(" permissionType: ").append(toIndentedString(permissionType)).append("\n"); + sb.append(" roles: ").append(toIndentedString(roles)).append("\n"); + sb.append("}"); + return sb.toString(); + } + + /** + * Convert the given object to string with each line indented by 4 spaces + * (except the first line). + */ + private String toIndentedString(java.lang.Object o) { + if (o == null) { + return "null"; + } + return o.toString().replace("\n", "\n "); + } +} + diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/KeyManagerMappingUtil.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/KeyManagerMappingUtil.java index 3f0ee80453e0..a78c89604df0 100755 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/KeyManagerMappingUtil.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/KeyManagerMappingUtil.java @@ -8,22 +8,17 @@ import com.google.gson.JsonPrimitive; import org.apache.commons.lang.StringUtils; import org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO; +import org.wso2.carbon.apimgt.api.dto.KeyManagerPermissionConfigurationDTO; import org.wso2.carbon.apimgt.impl.APIConstants; import org.wso2.carbon.apimgt.impl.kmclient.model.OpenIdConnectConfiguration; -import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.ClaimMappingEntryDTO; -import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerCertificatesDTO; -import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerDTO; -import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerEndpointDTO; -import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerInfoDTO; -import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerListDTO; -import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerWellKnownResponseDTO; -import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.TokenValidationDTO; +import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.*; import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.stream.Collectors; public class KeyManagerMappingUtil { @@ -65,6 +60,11 @@ public static KeyManagerDTO toKeyManagerDTO(KeyManagerConfigurationDTO keyManage keyManagerDTO.setTokenType(KeyManagerDTO.TokenTypeEnum.valueOf(keyManagerConfigurationDTO.getTokenType())); keyManagerDTO.setAlias(keyManagerConfigurationDTO.getAlias()); keyManagerDTO.setTokenType(KeyManagerDTO.TokenTypeEnum.fromValue(keyManagerConfigurationDTO.getTokenType())); + List permissions = keyManagerConfigurationDTO.getPermissions(); + if(permissions != null && permissions.size() > 0){ + keyManagerDTO.setPermissions(createKeyManagerPermissionDTO(permissions)); + } + JsonObject jsonObject = fromConfigurationMapToJson(keyManagerConfigurationDTO.getAdditionalProperties()); JsonElement clientRegistrationElement = jsonObject.get(APIConstants.KeyManager.CLIENT_REGISTRATION_ENDPOINT); @@ -194,6 +194,8 @@ public static KeyManagerDTO toKeyManagerDTO(KeyManagerConfigurationDTO keyManage jsonObject.remove(APIConstants.KeyManager.CONSUMER_KEY_CLAIM); } keyManagerDTO.setAdditionalProperties(new Gson().fromJson(jsonObject, Map.class)); + + return keyManagerDTO; } @@ -210,6 +212,15 @@ public static KeyManagerConfigurationDTO toKeyManagerConfigurationDTO(String ten keyManagerConfigurationDTO.setOrganization(tenantDomain); keyManagerConfigurationDTO.setTokenType(keyManagerDTO.getTokenType().toString()); keyManagerConfigurationDTO.setAlias(keyManagerDTO.getAlias()); + KeyManagerPermissionsDTO permissions = keyManagerDTO.getPermissions(); + if(permissions != null) { + String permissionType = permissions.getPermissionType(); + List permissionsConfiguration = permissions.getRoles().stream() + .map(role -> createKeyManagerPermissionConfigurationDTO(keyManagerDTO.getId(), permissionType, role)) + .collect(Collectors.toList()); + keyManagerConfigurationDTO.setPermissions(permissionsConfiguration); + } + Map additionalProperties = new HashMap(); if (keyManagerDTO.getAdditionalProperties() != null && keyManagerDTO.getAdditionalProperties() instanceof Map) { additionalProperties.putAll((Map) keyManagerDTO.getAdditionalProperties()); @@ -317,6 +328,26 @@ public static KeyManagerConfigurationDTO toKeyManagerConfigurationDTO(String ten return keyManagerConfigurationDTO; } + public static KeyManagerPermissionConfigurationDTO createKeyManagerPermissionConfigurationDTO(String keyManagerID, String permissionType, String role) { + KeyManagerPermissionConfigurationDTO permissionConfigurationDTO = new KeyManagerPermissionConfigurationDTO(); + permissionConfigurationDTO.setKeyManagerUUID(keyManagerID); + permissionConfigurationDTO.setPermissionType(permissionType); + permissionConfigurationDTO.setRole(role); + return permissionConfigurationDTO; + } + + public static KeyManagerPermissionsDTO createKeyManagerPermissionDTO(List permissionsConfigurationDTO) { + KeyManagerPermissionsDTO permissionsDTO = new KeyManagerPermissionsDTO(); + if(permissionsConfigurationDTO != null && permissionsConfigurationDTO.size() > 0) { + permissionsDTO.setPermissionType(permissionsConfigurationDTO.get(0).getPermissionType()); + List roles = new ArrayList(); + for (KeyManagerPermissionConfigurationDTO permission : permissionsConfigurationDTO) { + roles.add(permission.getRole()); + } + permissionsDTO.setRoles(roles); + } + return permissionsDTO; + } public static JsonObject fromConfigurationMapToJson(Map configuration) { diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/KeyManagerInfoDTO.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/KeyManagerInfoDTO.java index e27354c39cb9..dab2e74def13 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/KeyManagerInfoDTO.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/KeyManagerInfoDTO.java @@ -28,6 +28,7 @@ public class KeyManagerInfoDTO { private String type = null; private String description = null; private Boolean enabled = null; + private Boolean isRoleRestricted = null; private List additionalProperties = new ArrayList(); /** @@ -135,6 +136,24 @@ public void setEnabled(Boolean enabled) { this.enabled = enabled; } + /** + * Is this Key Manager role-restricted + **/ + public KeyManagerInfoDTO isRoleRestricted(Boolean isRoleRestricted) { + this.isRoleRestricted = isRoleRestricted; + return this; + } + + + @ApiModelProperty(value = "Is this Key Manager role-restricted ") + @JsonProperty("isRoleRestricted") + public Boolean isIsRoleRestricted() { + return isRoleRestricted; + } + public void setIsRoleRestricted(Boolean isRoleRestricted) { + this.isRoleRestricted = isRoleRestricted; + } + /** **/ public KeyManagerInfoDTO additionalProperties(List additionalProperties) { @@ -168,12 +187,13 @@ public boolean equals(java.lang.Object o) { Objects.equals(type, keyManagerInfo.type) && Objects.equals(description, keyManagerInfo.description) && Objects.equals(enabled, keyManagerInfo.enabled) && + Objects.equals(isRoleRestricted, keyManagerInfo.isRoleRestricted) && Objects.equals(additionalProperties, keyManagerInfo.additionalProperties); } @Override public int hashCode() { - return Objects.hash(id, name, displayName, type, description, enabled, additionalProperties); + return Objects.hash(id, name, displayName, type, description, enabled, isRoleRestricted, additionalProperties); } @Override @@ -187,6 +207,7 @@ public String toString() { sb.append(" type: ").append(toIndentedString(type)).append("\n"); sb.append(" description: ").append(toIndentedString(description)).append("\n"); sb.append(" enabled: ").append(toIndentedString(enabled)).append("\n"); + sb.append(" isRoleRestricted: ").append(toIndentedString(isRoleRestricted)).append("\n"); sb.append(" additionalProperties: ").append(toIndentedString(additionalProperties)).append("\n"); sb.append("}"); return sb.toString(); diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/KeyManagerMappingUtil.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/KeyManagerMappingUtil.java index 32381c20eeaf..20ca0a4a3c2c 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/KeyManagerMappingUtil.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/KeyManagerMappingUtil.java @@ -18,6 +18,7 @@ package org.wso2.carbon.apimgt.rest.api.publisher.v1.common.mappings; import org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO; +import org.wso2.carbon.apimgt.api.dto.KeyManagerPermissionConfigurationDTO; import org.wso2.carbon.apimgt.rest.api.publisher.v1.dto.KeyManagerInfoDTO; import org.wso2.carbon.apimgt.rest.api.publisher.v1.dto.KeyManagerListDTO; @@ -51,6 +52,12 @@ private static KeyManagerInfoDTO fromKeyManagerConfigurationDtoToKeyManagerInfoD keyManagerInfoDTO.setId(configurationDto.getUuid()); keyManagerInfoDTO.setEnabled(configurationDto.isEnabled()); keyManagerInfoDTO.setType(configurationDto.getType()); + List permissions = configurationDto.getPermissions(); + if (permissions != null && permissions.size() > 0 && !(permissions.get(0).getPermissionType().equals("NONE"))) { + keyManagerInfoDTO.setIsRoleRestricted(true); + } else { + keyManagerInfoDTO.setIsRoleRestricted(false); + } return keyManagerInfoDTO; } } From 8b03d089377b98ddee01425e9b4a3acac3081626 Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Tue, 26 Sep 2023 08:42:05 +0530 Subject: [PATCH 07/34] Adds database layer --- .../carbon/apimgt/impl/dao/ApiMgtDAO.java | 33 ++++++++++++++++++- .../impl/dao/constants/SQLConstants.java | 7 +++- 2 files changed, 38 insertions(+), 2 deletions(-) diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java index cce38fa755a3..cbd787b6845a 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java @@ -9055,6 +9055,7 @@ public List getKeyManagerConfigurationsByOrganizatio } catch (IOException e) { log.error("Error while converting configurations in " + uuid, e); } + keyManagerConfigurationDTO.setPermissions(this.getKeyManagerPermissions(keyManagerConfigurationDTO.getUuid())); keyManagerConfigurationDTOS.add(keyManagerConfigurationDTO); } } @@ -9359,6 +9360,36 @@ public KeyManagerPermissionConfigurationDTO getKeyManagerPermission(String keyMa return keyManagerPermission; } + public List getKeyManagerPermissions(String keyManagerUUID) throws APIManagementException { + + Connection conn = null; + PreparedStatement ps = null; + ResultSet resultSet = null; + + List keyManagerPermissions = new ArrayList<>(); + try { + String getKeyManagerPermissionQuery = SQLConstants.KeyManagerPermissionsSqlConstants.GET_KEY_MANAGER_PERMISSIONS_SQL; + conn = APIMgtDBUtil.getConnection(); + ps = conn.prepareStatement(getKeyManagerPermissionQuery); + + ps.setString(1, keyManagerUUID); + + resultSet = ps.executeQuery(); + if(resultSet.next()){ + KeyManagerPermissionConfigurationDTO keyManagerPermission = new KeyManagerPermissionConfigurationDTO(); + keyManagerPermission.setKeyManagerUUID(keyManagerUUID); + keyManagerPermission.setRole(resultSet.getString("ROLE")); + keyManagerPermission.setPermissionType(resultSet.getString("PERMISSIONS_TYPE")); + keyManagerPermission.setKeyManagerPermissionID(resultSet.getInt("KEY_MANAGER_PERMISSION_ID")); + keyManagerPermissions.add(keyManagerPermission); + } + } catch (SQLException e) { + handleException("Failed to get Key Manager permission information for Key Manager " + keyManagerUUID , e); + } finally { + APIMgtDBUtil.closeAllConnections(ps, conn, resultSet); + } + return keyManagerPermissions; + } public void updateKeyManagerPermission(String keyManagerUUID, String role, String permissionType) throws APIManagementException { @@ -9399,7 +9430,7 @@ public void updateKeyManagerPermission(String keyManagerUUID, String role, Strin } conn.commit(); } catch (SQLException e) { - handleException("Error in updating tier permissions: " + e.getMessage(), e); + handleException("Error in updating key manager permissions: " + e.getMessage(), e); } finally { APIMgtDBUtil.closeAllConnections(ps, conn, resultSet); APIMgtDBUtil.closeAllConnections(insertOrUpdatePS, null, null); diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java index ce1488a66094..505f9714d10f 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java @@ -3627,7 +3627,7 @@ public static class KeyManagerPermissionsSqlConstants { " PERMISSIONS_TYPE = ?," + " ROLE = ? " + " WHERE " + - " KEY_MANAGER_PERMISSIONS_ID = ? "; + " KEY_MANAGER_PERMISSION_ID = ? "; public static final String DELETE_KEY_MANAGER_PERMISSION_SQL = "DELETE FROM AM_KEY_MANAGER_PERMISSIONS WHERE " + "KEY_MANAGER_PERMISSION_ID = ?"; @@ -3639,6 +3639,11 @@ public static class KeyManagerPermissionsSqlConstants { " SELECT KEY_MANAGER_PERMISSION_ID, PERMISSIONS_TYPE" + " FROM AM_KEY_MANAGER_PERMISSIONS " + " WHERE KEY_MANAGER_UUID = ? AND ROLE = ?"; + + public static final String GET_KEY_MANAGER_PERMISSIONS_SQL = + "SELECT KEY_MANAGER_PERMISSION_ID, PERMISSIONS_TYPE, ROLE" + + " FROM AM_KEY_MANAGER_PERMISSIONS " + + " WHERE KEY_MANAGER_UUID = ?"; } /** From f6c5ea390b6e27e57c9cae5cbc63926e284af31c Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Tue, 26 Sep 2023 08:42:58 +0530 Subject: [PATCH 08/34] Adds api service layer --- .../v1/impl/KeyManagersApiServiceImpl.java | 18 +++++++++++- .../v1/impl/ApplicationsApiServiceImpl.java | 4 +++ .../v1/impl/KeyManagersApiServiceImpl.java | 29 ++++++++++++++++--- 3 files changed, 46 insertions(+), 5 deletions(-) diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/KeyManagersApiServiceImpl.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/KeyManagersApiServiceImpl.java index 7cad4646d2ed..2ee84a03b939 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/KeyManagersApiServiceImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/KeyManagersApiServiceImpl.java @@ -13,6 +13,7 @@ import org.wso2.carbon.apimgt.api.APIManagementException; import org.wso2.carbon.apimgt.api.ExceptionCodes; import org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO; +import org.wso2.carbon.apimgt.api.dto.KeyManagerPermissionConfigurationDTO; import org.wso2.carbon.apimgt.impl.APIAdminImpl; import org.wso2.carbon.apimgt.impl.APIConstants; import org.wso2.carbon.apimgt.impl.kmclient.ApacheFeignHttpClient; @@ -23,6 +24,7 @@ import org.wso2.carbon.apimgt.rest.api.admin.v1.KeyManagersApiService; import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerDTO; import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerListDTO; +import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerPermissionsDTO; import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerWellKnownResponseDTO; import org.wso2.carbon.apimgt.rest.api.admin.v1.utils.mappings.KeyManagerMappingUtil; import org.wso2.carbon.apimgt.rest.api.common.RestApiCommonUtil; @@ -82,8 +84,8 @@ public Response keyManagersKeyManagerIdDelete(String keyManagerId, MessageContex KeyManagerConfigurationDTO keyManagerConfigurationDTO = apiAdmin.getKeyManagerConfigurationById(organization, keyManagerId); if (keyManagerConfigurationDTO != null) { + apiAdmin.deleteKeyManagerPermissionsByUUID(keyManagerId); apiAdmin.deleteKeyManagerConfigurationById(organization, keyManagerConfigurationDTO); - APIUtil.logAuditMessage(APIConstants.AuditLogConstants.KEY_MANAGER, new Gson().toJson(keyManagerConfigurationDTO), APIConstants.AuditLogConstants.DELETED, RestApiCommonUtil.getLoggedInUsername()); @@ -100,6 +102,12 @@ public Response keyManagersKeyManagerIdGet(String keyManagerId, MessageContext m APIAdmin apiAdmin = new APIAdminImpl(); KeyManagerConfigurationDTO keyManagerConfigurationDTO = apiAdmin.getKeyManagerConfigurationById(organization, keyManagerId); + if (!(keyManagerConfigurationDTO.getName().equals("Resident Key Manager") && organization.equals("carbon.super"))) { + List permissions = apiAdmin.getKeyManagerPermissions(keyManagerId); + if (permissions.size() > 0) { + keyManagerConfigurationDTO.setPermissions(permissions); + } + } if (keyManagerConfigurationDTO != null) { KeyManagerDTO keyManagerDTO = KeyManagerMappingUtil.toKeyManagerDTO(keyManagerConfigurationDTO); return Response.ok(keyManagerDTO).build(); @@ -113,6 +121,7 @@ public Response keyManagersKeyManagerIdPut(String keyManagerId, KeyManagerDTO bo String organization = RestApiUtil.getOrganization(messageContext); APIAdmin apiAdmin = new APIAdminImpl(); try { + body.setId(keyManagerId); KeyManagerConfigurationDTO keyManagerConfigurationDTO = KeyManagerMappingUtil.toKeyManagerConfigurationDTO(organization, body); keyManagerConfigurationDTO.setUuid(keyManagerId); @@ -127,6 +136,10 @@ public Response keyManagersKeyManagerIdPut(String keyManagerId, KeyManagerDTO bo } KeyManagerConfigurationDTO retrievedKeyManagerConfigurationDTO = apiAdmin.updateKeyManagerConfiguration(keyManagerConfigurationDTO); + if (!(keyManagerConfigurationDTO.getName().equals("Resident Key Manager") && organization.equals("carbon.super"))) { + apiAdmin.deleteKeyManagerPermissionsByUUID(keyManagerId); + apiAdmin.updateKeyManagerPermissions(keyManagerConfigurationDTO.getPermissions()); + } APIUtil.logAuditMessage(APIConstants.AuditLogConstants.KEY_MANAGER, new Gson().toJson(keyManagerConfigurationDTO), APIConstants.AuditLogConstants.UPDATED, RestApiCommonUtil.getLoggedInUsername()); @@ -149,6 +162,9 @@ public Response keyManagersPost(KeyManagerDTO body, MessageContext messageContex KeyManagerMappingUtil.toKeyManagerConfigurationDTO(organization, body); KeyManagerConfigurationDTO createdKeyManagerConfiguration = apiAdmin.addKeyManagerConfiguration(keyManagerConfigurationDTO); + if (!(keyManagerConfigurationDTO.getName().equals("Resident Key Manager") && organization.equals("carbon.super"))) { + apiAdmin.addKeyManagerPermissions(createdKeyManagerConfiguration.getUuid(), keyManagerConfigurationDTO.getPermissions()); + } APIUtil.logAuditMessage(APIConstants.AuditLogConstants.KEY_MANAGER, new Gson().toJson(keyManagerConfigurationDTO), APIConstants.AuditLogConstants.CREATED, RestApiCommonUtil.getLoggedInUsername()); diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/ApplicationsApiServiceImpl.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/ApplicationsApiServiceImpl.java index 89805c4f4ba3..4440a64c5350 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/ApplicationsApiServiceImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/ApplicationsApiServiceImpl.java @@ -47,6 +47,7 @@ import org.wso2.carbon.apimgt.api.model.Scope; import org.wso2.carbon.apimgt.api.model.Subscriber; import org.wso2.carbon.apimgt.impl.APIConstants; +import org.wso2.carbon.apimgt.impl.APIConsumerImpl; import org.wso2.carbon.apimgt.impl.APIManagerFactory; import org.wso2.carbon.apimgt.impl.dao.ApiMgtDAO; import org.wso2.carbon.apimgt.impl.importexport.APIImportExportException; @@ -739,6 +740,9 @@ public Response applicationsApplicationIdGenerateKeysPost(String applicationId, String username = RestApiCommonUtil.getLoggedInUsername(); try { APIConsumer apiConsumer = APIManagerFactory.getInstance().getAPIConsumer(username); + if (!(apiConsumer.isKeyManagerAllowedForUser(body.getKeyManager(), username))) { + return Response.status(403, "Key Manager is Restricted for this user").build(); + } Application application = apiConsumer.getApplicationByUUID(applicationId); if (application != null) { if (RestAPIStoreUtils.isUserOwnerOfApplication(application)) { diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/KeyManagersApiServiceImpl.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/KeyManagersApiServiceImpl.java index 3a4761c2d1ea..363fa53f3480 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/KeyManagersApiServiceImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/KeyManagersApiServiceImpl.java @@ -4,17 +4,34 @@ import org.apache.commons.logging.LogFactory; import org.apache.cxf.jaxrs.ext.MessageContext; import org.wso2.carbon.apimgt.api.APIAdmin; +import org.wso2.carbon.apimgt.api.APIConsumer; import org.wso2.carbon.apimgt.api.APIManagementException; import org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO; +import org.wso2.carbon.apimgt.api.dto.KeyManagerPermissionConfigurationDTO; import org.wso2.carbon.apimgt.impl.APIAdminImpl; import org.wso2.carbon.apimgt.impl.APIConstants; +import org.wso2.carbon.apimgt.impl.APIConsumerImpl; +import org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder; import org.wso2.carbon.apimgt.impl.utils.APIUtil; import org.wso2.carbon.apimgt.rest.api.common.RestApiCommonUtil; import org.wso2.carbon.apimgt.rest.api.store.v1.KeyManagersApiService; import org.wso2.carbon.apimgt.rest.api.store.v1.mappings.KeyManagerMappingUtil; import org.wso2.carbon.apimgt.rest.api.util.utils.RestApiUtil; +import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser; +import org.wso2.carbon.identity.core.util.IdentityTenantUtil; +import org.wso2.carbon.identity.oauth.OAuthUtil; +import org.wso2.carbon.user.api.UserStoreException; +import org.wso2.carbon.user.api.UserStoreManager; +import org.wso2.carbon.user.core.service.RealmService; +import org.wso2.carbon.user.core.util.UserCoreUtil; +import org.wso2.carbon.utils.multitenancy.MultitenantUtils; +import org.wso2.carbon.identity.oauth2.validators.OAuth2TokenValidationMessageContext; +import org.wso2.carbon.apimgt.impl.service.APIKeyMgtRemoteUserStoreMgtService; +import java.util.ArrayList; +import java.util.Arrays; import java.util.List; +import java.util.stream.Collectors; import javax.ws.rs.core.Response; @@ -25,15 +42,19 @@ public class KeyManagersApiServiceImpl implements KeyManagersApiService { public Response keyManagersGet(String xWSO2Tenant, MessageContext messageContext) { String organization = RestApiUtil.getOrganization(messageContext); - APIAdmin apiAdmin = new APIAdminImpl(); try { - List keyManagerConfigurations = - apiAdmin.getKeyManagerConfigurationsByOrganization(organization); - return Response.ok(KeyManagerMappingUtil.toKeyManagerListDto(keyManagerConfigurations)).build(); + APIConsumer apiConsumer = new APIConsumerImpl(); + String username = RestApiCommonUtil.getLoggedInUsername(); + List permittedKeyManagerConfigurations = + apiConsumer.getKeyManagerConfigurationsByOrganization(organization, username); + return Response.ok(KeyManagerMappingUtil.toKeyManagerListDto(permittedKeyManagerConfigurations)).build(); } catch (APIManagementException e) { RestApiUtil.handleInternalServerError( "Error while retrieving keyManager Details for organization " + organization, log); } return null; } + + + } From 12c3ac1818c8a0f9ba45fd1bb99da6752b175510 Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Tue, 26 Sep 2023 08:43:28 +0530 Subject: [PATCH 09/34] Adds api schema changes --- .../src/main/resources/admin-api.yaml | 9 +++++++++ .../src/main/resources/publisher-api.yaml | 4 ++++ 2 files changed, 13 insertions(+) diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml index a3cffc42f5c1..4c3219bff756 100755 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml @@ -4491,6 +4491,15 @@ components: self_validate_jwt: true Username: admin Password: admin + permissions: + type: object + properties: + permissionType: + type: string + roles: + type: array + items: + type: string tokenType: type: string description: The type of the tokens to be used (exchanged or without exchanged). diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml index eba45bd78a92..b21997504044 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml @@ -11686,6 +11686,10 @@ components: enabled: type: boolean example: true + isRoleRestricted: + type: boolean + description: | + Is this Key Manager role-restricted additionalProperties: type: array items: From 92ae80956e0c205cc9a9e6653f55d79e72df50d4 Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Tue, 26 Sep 2023 12:11:26 +0530 Subject: [PATCH 10/34] Removes import all --- .../org/wso2/carbon/apimgt/impl/APIConsumerImpl.java | 9 ++++++++- .../admin/v1/utils/mappings/KeyManagerMappingUtil.java | 10 +++++++++- .../api/store/v1/impl/KeyManagersApiServiceImpl.java | 3 --- 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java index 7f7a5da668b0..3ae42b30ab5a 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java @@ -31,7 +31,14 @@ import org.json.simple.parser.JSONParser; import org.json.simple.parser.ParseException; import org.wso2.carbon.CarbonConstants; -import org.wso2.carbon.apimgt.api.*; +import org.wso2.carbon.apimgt.api.APIConsumer; +import org.wso2.carbon.apimgt.api.APIAdmin; +import org.wso2.carbon.apimgt.api.APIDefinition; +import org.wso2.carbon.apimgt.api.APIManagementException; +import org.wso2.carbon.apimgt.api.APIMgtAuthorizationFailedException; +import org.wso2.carbon.apimgt.api.APIMgtResourceNotFoundException; +import org.wso2.carbon.apimgt.api.ExceptionCodes; +import org.wso2.carbon.apimgt.api.WorkflowResponse; import org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO; import org.wso2.carbon.apimgt.api.dto.KeyManagerPermissionConfigurationDTO; import org.wso2.carbon.apimgt.api.model.API; diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/KeyManagerMappingUtil.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/KeyManagerMappingUtil.java index a78c89604df0..7a6c7f69b5be 100755 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/KeyManagerMappingUtil.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/KeyManagerMappingUtil.java @@ -11,7 +11,15 @@ import org.wso2.carbon.apimgt.api.dto.KeyManagerPermissionConfigurationDTO; import org.wso2.carbon.apimgt.impl.APIConstants; import org.wso2.carbon.apimgt.impl.kmclient.model.OpenIdConnectConfiguration; -import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.*; +import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.ClaimMappingEntryDTO; +import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerCertificatesDTO; +import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerDTO; +import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerEndpointDTO; +import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerPermissionsDTO; +import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerInfoDTO; +import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerListDTO; +import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerWellKnownResponseDTO; +import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.TokenValidationDTO; import java.util.ArrayList; import java.util.Arrays; diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/KeyManagersApiServiceImpl.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/KeyManagersApiServiceImpl.java index 363fa53f3480..fcc8bfc7b4bf 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/KeyManagersApiServiceImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/KeyManagersApiServiceImpl.java @@ -54,7 +54,4 @@ public Response keyManagersGet(String xWSO2Tenant, MessageContext messageContext } return null; } - - - } From d697fd0cacda9049c85f4295bc165d3854a8e243 Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Mon, 2 Oct 2023 09:41:14 +0530 Subject: [PATCH 11/34] Remove publisher portal role restriction warning --- .../v1/common/mappings/KeyManagerMappingUtil.java | 7 ------- .../src/main/resources/publisher-api.yaml | 4 ---- 2 files changed, 11 deletions(-) diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/KeyManagerMappingUtil.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/KeyManagerMappingUtil.java index 20ca0a4a3c2c..32381c20eeaf 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/KeyManagerMappingUtil.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/KeyManagerMappingUtil.java @@ -18,7 +18,6 @@ package org.wso2.carbon.apimgt.rest.api.publisher.v1.common.mappings; import org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO; -import org.wso2.carbon.apimgt.api.dto.KeyManagerPermissionConfigurationDTO; import org.wso2.carbon.apimgt.rest.api.publisher.v1.dto.KeyManagerInfoDTO; import org.wso2.carbon.apimgt.rest.api.publisher.v1.dto.KeyManagerListDTO; @@ -52,12 +51,6 @@ private static KeyManagerInfoDTO fromKeyManagerConfigurationDtoToKeyManagerInfoD keyManagerInfoDTO.setId(configurationDto.getUuid()); keyManagerInfoDTO.setEnabled(configurationDto.isEnabled()); keyManagerInfoDTO.setType(configurationDto.getType()); - List permissions = configurationDto.getPermissions(); - if (permissions != null && permissions.size() > 0 && !(permissions.get(0).getPermissionType().equals("NONE"))) { - keyManagerInfoDTO.setIsRoleRestricted(true); - } else { - keyManagerInfoDTO.setIsRoleRestricted(false); - } return keyManagerInfoDTO; } } diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml index b21997504044..eba45bd78a92 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1/src/main/resources/publisher-api.yaml @@ -11686,10 +11686,6 @@ components: enabled: type: boolean example: true - isRoleRestricted: - type: boolean - description: | - Is this Key Manager role-restricted additionalProperties: type: array items: From ffb742c04e3e8e65ff5b502e436490aa80302bdb Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Mon, 2 Oct 2023 10:01:11 +0530 Subject: [PATCH 12/34] Remove generated KeyManagerInfoDTO changes --- .../publisher/v1/dto/KeyManagerInfoDTO.java | 23 +------------------ 1 file changed, 1 insertion(+), 22 deletions(-) diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/KeyManagerInfoDTO.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/KeyManagerInfoDTO.java index dab2e74def13..e27354c39cb9 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/KeyManagerInfoDTO.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/dto/KeyManagerInfoDTO.java @@ -28,7 +28,6 @@ public class KeyManagerInfoDTO { private String type = null; private String description = null; private Boolean enabled = null; - private Boolean isRoleRestricted = null; private List additionalProperties = new ArrayList(); /** @@ -136,24 +135,6 @@ public void setEnabled(Boolean enabled) { this.enabled = enabled; } - /** - * Is this Key Manager role-restricted - **/ - public KeyManagerInfoDTO isRoleRestricted(Boolean isRoleRestricted) { - this.isRoleRestricted = isRoleRestricted; - return this; - } - - - @ApiModelProperty(value = "Is this Key Manager role-restricted ") - @JsonProperty("isRoleRestricted") - public Boolean isIsRoleRestricted() { - return isRoleRestricted; - } - public void setIsRoleRestricted(Boolean isRoleRestricted) { - this.isRoleRestricted = isRoleRestricted; - } - /** **/ public KeyManagerInfoDTO additionalProperties(List additionalProperties) { @@ -187,13 +168,12 @@ public boolean equals(java.lang.Object o) { Objects.equals(type, keyManagerInfo.type) && Objects.equals(description, keyManagerInfo.description) && Objects.equals(enabled, keyManagerInfo.enabled) && - Objects.equals(isRoleRestricted, keyManagerInfo.isRoleRestricted) && Objects.equals(additionalProperties, keyManagerInfo.additionalProperties); } @Override public int hashCode() { - return Objects.hash(id, name, displayName, type, description, enabled, isRoleRestricted, additionalProperties); + return Objects.hash(id, name, displayName, type, description, enabled, additionalProperties); } @Override @@ -207,7 +187,6 @@ public String toString() { sb.append(" type: ").append(toIndentedString(type)).append("\n"); sb.append(" description: ").append(toIndentedString(description)).append("\n"); sb.append(" enabled: ").append(toIndentedString(enabled)).append("\n"); - sb.append(" isRoleRestricted: ").append(toIndentedString(isRoleRestricted)).append("\n"); sb.append(" additionalProperties: ").append(toIndentedString(additionalProperties)).append("\n"); sb.append("}"); return sb.toString(); From 7bca24f50e731f58980029e61610191ac56e2303 Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Mon, 2 Oct 2023 10:20:03 +0530 Subject: [PATCH 13/34] Changes KeyManagerPermissionConfigurationDTO schema by reducing redundancy of permissionType --- .../KeyManagerPermissionConfigurationDTO.java | 36 +++++-------------- 1 file changed, 9 insertions(+), 27 deletions(-) diff --git a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerPermissionConfigurationDTO.java b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerPermissionConfigurationDTO.java index 2369f3e01024..c0a12fa7c149 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerPermissionConfigurationDTO.java +++ b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerPermissionConfigurationDTO.java @@ -2,38 +2,20 @@ import java.io.Serializable; +import java.util.ArrayList; +import java.util.List; public class KeyManagerPermissionConfigurationDTO implements Serializable { - private Integer keyManagerPermissionID = null; - private String keyManagerUUID = null; private String permissionType = null; - private String role = null; + private List roles = new ArrayList(); public KeyManagerPermissionConfigurationDTO () { } - public KeyManagerPermissionConfigurationDTO (Integer keyManagerPermissionID, String keyManagerUUID, String permissionType, String role) { - this.keyManagerPermissionID = keyManagerPermissionID; - this.keyManagerUUID = keyManagerUUID; + public KeyManagerPermissionConfigurationDTO(String permissionType, List roles) { this.permissionType = permissionType; - this.role = role; - } - - public Integer getKeyManagerPermissionID () { - return keyManagerPermissionID; - } - - public void setKeyManagerPermissionID (Integer keyManagerPermissionID) { - this.keyManagerPermissionID = keyManagerPermissionID; - } - - public String getKeyManagerUUID () { - return keyManagerUUID; - } - - public void setKeyManagerUUID (String keyManagerUUID) { - this.keyManagerUUID = keyManagerUUID; + this.roles = roles; } public String getPermissionType () { @@ -44,11 +26,11 @@ public void setPermissionType (String permissionType) { this.permissionType = permissionType; } - public String getRole () { - return role; + public List getRoles() { + return roles; } - public void setRole (String role) { - this.role = role; + public void setRoles(List roles) { + this.roles = roles; } } From a46dd0a63705ffb56695a5c20a8ac7c5ee050b63 Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Mon, 2 Oct 2023 11:16:54 +0530 Subject: [PATCH 14/34] Changes KeyManagerPermissionConfigurationDTO by removing permissionType redundancy --- .../api/dto/KeyManagerConfigurationDTO.java | 7 ++-- .../utils/mappings/KeyManagerMappingUtil.java | 41 ++++--------------- 2 files changed, 12 insertions(+), 36 deletions(-) diff --git a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerConfigurationDTO.java b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerConfigurationDTO.java index 9118c3efc351..0795a469a66d 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerConfigurationDTO.java +++ b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerConfigurationDTO.java @@ -20,7 +20,6 @@ import java.io.Serializable; import java.util.HashMap; -import java.util.List; import java.util.Map; /** @@ -43,7 +42,7 @@ public class KeyManagerConfigurationDTO implements Serializable { private String tokenType; private String externalReferenceId = null; private String alias = null; - private List permissions = null; + private KeyManagerPermissionConfigurationDTO permissions = null; public KeyManagerConfigurationDTO() { @@ -187,11 +186,11 @@ public void setEndpoints(Map endpoints) { this.endpoints = endpoints; } - public List getPermissions () { + public KeyManagerPermissionConfigurationDTO getPermissions () { return permissions; } - public void setPermissions (List permissions) { + public void setPermissions (KeyManagerPermissionConfigurationDTO permissions) { this.permissions = permissions; } } diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/KeyManagerMappingUtil.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/KeyManagerMappingUtil.java index 7a6c7f69b5be..3a7c3665378f 100755 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/KeyManagerMappingUtil.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/KeyManagerMappingUtil.java @@ -26,7 +26,6 @@ import java.util.HashMap; import java.util.List; import java.util.Map; -import java.util.stream.Collectors; public class KeyManagerMappingUtil { @@ -68,9 +67,12 @@ public static KeyManagerDTO toKeyManagerDTO(KeyManagerConfigurationDTO keyManage keyManagerDTO.setTokenType(KeyManagerDTO.TokenTypeEnum.valueOf(keyManagerConfigurationDTO.getTokenType())); keyManagerDTO.setAlias(keyManagerConfigurationDTO.getAlias()); keyManagerDTO.setTokenType(KeyManagerDTO.TokenTypeEnum.fromValue(keyManagerConfigurationDTO.getTokenType())); - List permissions = keyManagerConfigurationDTO.getPermissions(); - if(permissions != null && permissions.size() > 0){ - keyManagerDTO.setPermissions(createKeyManagerPermissionDTO(permissions)); + KeyManagerPermissionConfigurationDTO permissions = keyManagerConfigurationDTO.getPermissions(); + if(permissions != null){ + KeyManagerPermissionsDTO keyManagerPermissionsDTO = new KeyManagerPermissionsDTO(); + keyManagerPermissionsDTO.setPermissionType(permissions.getPermissionType()); + keyManagerPermissionsDTO.setRoles(permissions.getRoles()); + keyManagerDTO.setPermissions(keyManagerPermissionsDTO); } JsonObject jsonObject = fromConfigurationMapToJson(keyManagerConfigurationDTO.getAdditionalProperties()); @@ -202,8 +204,6 @@ public static KeyManagerDTO toKeyManagerDTO(KeyManagerConfigurationDTO keyManage jsonObject.remove(APIConstants.KeyManager.CONSUMER_KEY_CLAIM); } keyManagerDTO.setAdditionalProperties(new Gson().fromJson(jsonObject, Map.class)); - - return keyManagerDTO; } @@ -222,13 +222,11 @@ public static KeyManagerConfigurationDTO toKeyManagerConfigurationDTO(String ten keyManagerConfigurationDTO.setAlias(keyManagerDTO.getAlias()); KeyManagerPermissionsDTO permissions = keyManagerDTO.getPermissions(); if(permissions != null) { - String permissionType = permissions.getPermissionType(); - List permissionsConfiguration = permissions.getRoles().stream() - .map(role -> createKeyManagerPermissionConfigurationDTO(keyManagerDTO.getId(), permissionType, role)) - .collect(Collectors.toList()); + KeyManagerPermissionConfigurationDTO permissionsConfiguration = new KeyManagerPermissionConfigurationDTO(); + permissionsConfiguration.setPermissionType(permissions.getPermissionType()); + permissionsConfiguration.setRoles(permissions.getRoles()); keyManagerConfigurationDTO.setPermissions(permissionsConfiguration); } - Map additionalProperties = new HashMap(); if (keyManagerDTO.getAdditionalProperties() != null && keyManagerDTO.getAdditionalProperties() instanceof Map) { additionalProperties.putAll((Map) keyManagerDTO.getAdditionalProperties()); @@ -336,27 +334,6 @@ public static KeyManagerConfigurationDTO toKeyManagerConfigurationDTO(String ten return keyManagerConfigurationDTO; } - public static KeyManagerPermissionConfigurationDTO createKeyManagerPermissionConfigurationDTO(String keyManagerID, String permissionType, String role) { - KeyManagerPermissionConfigurationDTO permissionConfigurationDTO = new KeyManagerPermissionConfigurationDTO(); - permissionConfigurationDTO.setKeyManagerUUID(keyManagerID); - permissionConfigurationDTO.setPermissionType(permissionType); - permissionConfigurationDTO.setRole(role); - return permissionConfigurationDTO; - } - - public static KeyManagerPermissionsDTO createKeyManagerPermissionDTO(List permissionsConfigurationDTO) { - KeyManagerPermissionsDTO permissionsDTO = new KeyManagerPermissionsDTO(); - if(permissionsConfigurationDTO != null && permissionsConfigurationDTO.size() > 0) { - permissionsDTO.setPermissionType(permissionsConfigurationDTO.get(0).getPermissionType()); - List roles = new ArrayList(); - for (KeyManagerPermissionConfigurationDTO permission : permissionsConfigurationDTO) { - roles.add(permission.getRole()); - } - permissionsDTO.setRoles(roles); - } - return permissionsDTO; - } - public static JsonObject fromConfigurationMapToJson(Map configuration) { JsonObject jsonObject = (JsonObject) new JsonParser().parse(new Gson().toJson(configuration)); From fbe9f344bfae33fcce2a446592eff0a66ca6b6d0 Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Tue, 3 Oct 2023 11:29:54 +0530 Subject: [PATCH 15/34] Changes KeyManagerPermissions CRUD logic to DAO level --- .../org/wso2/carbon/apimgt/api/APIAdmin.java | 47 +--- .../wso2/carbon/apimgt/impl/APIAdminImpl.java | 64 +----- .../carbon/apimgt/impl/APIConsumerImpl.java | 21 +- .../carbon/apimgt/impl/dao/ApiMgtDAO.java | 211 ++++++------------ .../impl/dao/constants/SQLConstants.java | 3 - .../v1/dto/KeyManagerPermissionsDTO.java | 42 +++- .../v1/impl/KeyManagersApiServiceImpl.java | 15 -- .../utils/mappings/KeyManagerMappingUtil.java | 5 +- .../src/main/resources/admin-api.yaml | 7 + 9 files changed, 133 insertions(+), 282 deletions(-) diff --git a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIAdmin.java b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIAdmin.java index 17da4c724bdd..fe9c2f55107c 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIAdmin.java +++ b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIAdmin.java @@ -336,55 +336,10 @@ KeyManagerConfigurationDTO updateKeyManagerConfiguration(KeyManagerConfiguration /** * This method used to get key manager permissions with key manager id and role * @param id uuid of key manager - * @param role role of the user * @return key manager permissions * @throws APIManagementException */ - KeyManagerPermissionConfigurationDTO getKeyManagerPermissionForRole(String id, String role) throws APIManagementException; - - /** - * This method used to get key manager permissions with key manager id and role - * @param id uuid of key manager - * @return key manager permissions - * @throws APIManagementException - */ - List getKeyManagerPermissions(String id) throws APIManagementException; - - /** - * This method used to create key Manager - * @param id uuid of key manager - * @param permissions key manager permission data - * @return created key manager permissions - * @throws APIManagementException - */ - List addKeyManagerPermissions(String id, List permissions) - throws APIManagementException; - - /** - * This method used to update key Manager - * @param permissions key manager permission data - * @return updated key manager permissions - * @throws APIManagementException - */ - List updateKeyManagerPermissions(List permissions) - throws APIManagementException; - - /** - * This method used to delete key manager permission by role - * @param id uuid of key manager - * @param role role of the user - * @throws APIManagementException - */ - void deleteKeyManagerPermissionByRole(String id, String role) - throws APIManagementException; - - /** - * This method used to delete key manager permissions - * @param id uuid of key manager - * @throws APIManagementException - */ - void deleteKeyManagerPermissionsByUUID(String id) - throws APIManagementException; + KeyManagerPermissionConfigurationDTO getKeyManagerPermissions(String id) throws APIManagementException; /** * hTis method used to delete IDP mapped with key manager diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIAdminImpl.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIAdminImpl.java index 4904b8e4d708..d2b25cd34d7e 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIAdminImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIAdminImpl.java @@ -746,71 +746,15 @@ public KeyManagerConfigurationDTO updateKeyManagerConfiguration( .notify(decryptedKeyManagerConfiguration, APIConstants.KeyManager.KeyManagerEvent.ACTION_UPDATE); return keyManagerConfigurationDTO; } - @Override - public KeyManagerPermissionConfigurationDTO getKeyManagerPermissionForRole (String id, String role) throws APIManagementException { - KeyManagerPermissionConfigurationDTO keyManagerPermissionConfigurationDTO = null; + public KeyManagerPermissionConfigurationDTO getKeyManagerPermissions (String id) throws APIManagementException { + KeyManagerPermissionConfigurationDTO keyManagerPermissionConfigurationDTO; try { - keyManagerPermissionConfigurationDTO = apiMgtDAO.getKeyManagerPermission(id, role); - } catch (Exception e) { - throw new APIManagementException("Key Manager Permissions deletion failed " + e.getMessage()); - } - return keyManagerPermissionConfigurationDTO; - } - - @Override - public List getKeyManagerPermissions (String id) throws APIManagementException { - List keyManagerPermissionConfigurationDTOs = new ArrayList<>();; - try { - keyManagerPermissionConfigurationDTOs = apiMgtDAO.getKeyManagerPermissions(id); + keyManagerPermissionConfigurationDTO = apiMgtDAO.getKeyManagerPermissions(id); } catch (Exception e) { throw new APIManagementException("Key Manager Permissions retrieval failed " + e.getMessage()); } - return keyManagerPermissionConfigurationDTOs; - } - - @Override - public List addKeyManagerPermissions (String id, List permissions) throws APIManagementException { - try{ - for (KeyManagerPermissionConfigurationDTO permission : permissions) { - apiMgtDAO.updateKeyManagerPermission(id, - permission.getRole(), permission.getPermissionType()); - } - } catch (Exception e) { - throw new APIManagementException("Key Manager Permission creation failed " + e.getMessage()); - } - return permissions; - } - - @Override - public List updateKeyManagerPermissions (List permissions) throws APIManagementException { - try{ - for (KeyManagerPermissionConfigurationDTO permission : permissions) { - apiMgtDAO.updateKeyManagerPermission(permission.getKeyManagerUUID(), - permission.getRole(), permission.getPermissionType()); - } - } catch (Exception e) { - throw new APIManagementException("Key Manager Permission updation failed " + e.getMessage()); - } - return permissions; - } - - @Override - public void deleteKeyManagerPermissionByRole (String id, String role) throws APIManagementException { - try { - apiMgtDAO.deleteKeyManagerPermission(id, role); - } catch (Exception e) { - throw new APIManagementException("Key Manager Permissions deletion failed " + e.getMessage()); - } - } - - @Override - public void deleteKeyManagerPermissionsByUUID (String id) throws APIManagementException { - try { - apiMgtDAO.deleteAllKeyManagerPermission(id); - } catch (Exception e) { - throw new APIManagementException("Key Manager Permissions deletion failed " + e.getMessage()); - } + return keyManagerPermissionConfigurationDTO; } private IdentityProvider updatedIDP(IdentityProvider retrievedIDP, diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java index 3ae42b30ab5a..aaf615fd6617 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java @@ -4244,18 +4244,16 @@ public List getKeyManagerConfigurationsByOrganizatio List keyManagerConfigurations = apiAdmin.getKeyManagerConfigurationsByOrganization(organization); APIKeyMgtRemoteUserStoreMgtService apiKeyMgtRemoteUserStoreMgtService = new APIKeyMgtRemoteUserStoreMgtService(); - String[] userRoles = apiKeyMgtRemoteUserStoreMgtService.getUserRoles(username); - System.out.println(Arrays.toString(userRoles)); List permittedKeyManagerConfigurations = new ArrayList<>(); if(keyManagerConfigurations.size() > 0) { + String[] userRoles = apiKeyMgtRemoteUserStoreMgtService.getUserRoles(username); for (KeyManagerConfigurationDTO keyManagerConfiguration : keyManagerConfigurations) { - List permissions= + KeyManagerPermissionConfigurationDTO permissions = apiAdmin.getKeyManagerPermissions(keyManagerConfiguration.getUuid()); - if (permissions != null && permissions.size() > 0) { - String permissionType = permissions.get(0).getPermissionType(); - String[] permissionRoles = permissions + String permissionType = permissions.getPermissionType(); + if (permissions != null && !permissionType.equals("PUBLIC")) { + String[] permissionRoles = permissions.getRoles() .stream() - .map(permission -> permission.getRole()) .toArray(String[]::new); if (permissionType.equals("ALLOW") && hasIntersection(userRoles,permissionRoles)) { permittedKeyManagerConfigurations.add(keyManagerConfiguration); @@ -4271,14 +4269,13 @@ public List getKeyManagerConfigurationsByOrganizatio } public boolean isKeyManagerAllowedForUser(String uuid, String username) throws APIManagementException { APIAdmin apiAdmin = new APIAdminImpl(); - List permissions= apiAdmin.getKeyManagerPermissions(uuid); + KeyManagerPermissionConfigurationDTO permissions= apiAdmin.getKeyManagerPermissions(uuid); APIKeyMgtRemoteUserStoreMgtService apiKeyMgtRemoteUserStoreMgtService = new APIKeyMgtRemoteUserStoreMgtService(); String[] userRoles = apiKeyMgtRemoteUserStoreMgtService.getUserRoles(username); - if (permissions != null && permissions.size() > 0) { - String permissionType = permissions.get(0).getPermissionType(); - String[] permissionRoles = permissions + String permissionType = permissions.getPermissionType(); + if (permissions != null && !permissionType.equals("PUBLIC")) { + String[] permissionRoles = permissions.getRoles() .stream() - .map(permission -> permission.getRole()) .toArray(String[]::new); if (permissionType.equals("ALLOW") && hasIntersection(userRoles,permissionRoles)) { return true; diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java index cbd787b6845a..234abbfca262 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java @@ -33,7 +33,13 @@ import org.wso2.carbon.apimgt.api.ExceptionCodes; import org.wso2.carbon.apimgt.api.SubscriptionAlreadyExistingException; import org.wso2.carbon.apimgt.api.SubscriptionBlockedException; -import org.wso2.carbon.apimgt.api.dto.*; +import org.wso2.carbon.apimgt.api.dto.ClientCertificateDTO; +import org.wso2.carbon.apimgt.api.dto.ClonePolicyMetadataDTO; +import org.wso2.carbon.apimgt.api.dto.ConditionDTO; +import org.wso2.carbon.apimgt.api.dto.ConditionGroupDTO; +import org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO; +import org.wso2.carbon.apimgt.api.dto.KeyManagerPermissionConfigurationDTO; +import org.wso2.carbon.apimgt.api.dto.UserApplicationAPIUsage; import org.wso2.carbon.apimgt.api.model.API; import org.wso2.carbon.apimgt.api.model.APICategory; import org.wso2.carbon.apimgt.api.model.APIIdentifier; @@ -102,7 +108,11 @@ import org.wso2.carbon.apimgt.impl.alertmgt.AlertMgtConstants; import org.wso2.carbon.apimgt.impl.dao.constants.SQLConstants; import org.wso2.carbon.apimgt.impl.dao.constants.SQLConstants.ThrottleSQLConstants; -import org.wso2.carbon.apimgt.impl.dto.*; +import org.wso2.carbon.apimgt.impl.dto.APIInfoDTO; +import org.wso2.carbon.apimgt.impl.dto.APIKeyInfoDTO; +import org.wso2.carbon.apimgt.impl.dto.APISubscriptionInfoDTO; +import org.wso2.carbon.apimgt.impl.dto.ApplicationRegistrationWorkflowDTO; +import org.wso2.carbon.apimgt.impl.dto.TierPermissionDTO; import org.wso2.carbon.apimgt.impl.dto.WorkflowDTO; import org.wso2.carbon.apimgt.impl.factory.KeyManagerHolder; import org.wso2.carbon.apimgt.impl.factory.SQLConstantManagerFactory; @@ -9055,7 +9065,7 @@ public List getKeyManagerConfigurationsByOrganizatio } catch (IOException e) { log.error("Error while converting configurations in " + uuid, e); } - keyManagerConfigurationDTO.setPermissions(this.getKeyManagerPermissions(keyManagerConfigurationDTO.getUuid())); + keyManagerConfigurationDTO.setPermissions(getKeyManagerPermissions(keyManagerConfigurationDTO.getUuid())); keyManagerConfigurationDTOS.add(keyManagerConfigurationDTO); } } @@ -9093,6 +9103,7 @@ public KeyManagerConfigurationDTO getKeyManagerConfigurationByID(String organiza Map map = new Gson().fromJson(configurationContent, Map.class); keyManagerConfigurationDTO.setAdditionalProperties(map); } + keyManagerConfigurationDTO.setPermissions(getKeyManagerPermissions(keyManagerConfigurationDTO.getUuid())); return keyManagerConfigurationDTO; } } @@ -9182,7 +9193,7 @@ public KeyManagerConfigurationDTO getKeyManagerConfigurationByUUID(String uuid) } private KeyManagerConfigurationDTO getKeyManagerConfigurationByUUID(Connection connection, String uuid) - throws SQLException, IOException { + throws SQLException, IOException, APIManagementException { final String query = "SELECT * FROM AM_KEY_MANAGER WHERE UUID = ?"; try (PreparedStatement preparedStatement = connection.prepareStatement(query)) { @@ -9204,6 +9215,7 @@ private KeyManagerConfigurationDTO getKeyManagerConfigurationByUUID(Connection c Map map = new Gson().fromJson(configurationContent, Map.class); keyManagerConfigurationDTO.setAdditionalProperties(map); } + keyManagerConfigurationDTO.setPermissions(getKeyManagerPermissions(uuid)); return keyManagerConfigurationDTO; } } @@ -9230,6 +9242,17 @@ public void addKeyManagerConfiguration(KeyManagerConfigurationDTO keyManagerConf preparedStatement.setString(9, keyManagerConfigurationDTO.getTokenType()); preparedStatement.setString(10, keyManagerConfigurationDTO.getExternalReferenceId()); preparedStatement.executeUpdate(); + try (PreparedStatement addPermissionStatement = conn + .prepareStatement(SQLConstants.KeyManagerPermissionsSqlConstants.ADD_KEY_MANAGER_PERMISSION_SQL)) { + for (String role : keyManagerConfigurationDTO.getPermissions().getRoles()) { + addPermissionStatement.setString(1, keyManagerConfigurationDTO.getUuid()); + addPermissionStatement.setString(2, keyManagerConfigurationDTO + .getPermissions().getPermissionType()); + addPermissionStatement.setString(3, role); + addPermissionStatement.addBatch(); + } + addPermissionStatement.executeBatch(); + } conn.commit(); } catch (SQLException e) { conn.rollback(); @@ -9292,6 +9315,22 @@ public void updateKeyManagerConfiguration(KeyManagerConfigurationDTO keyManagerC preparedStatement.setString(9, keyManagerConfigurationDTO.getExternalReferenceId()); preparedStatement.setString(10, keyManagerConfigurationDTO.getUuid()); preparedStatement.executeUpdate(); + try (PreparedStatement deletePermissionsStatement = conn + .prepareStatement(SQLConstants.KeyManagerPermissionsSqlConstants.DELETE_ALL_KEY_MANAGER_PERMISSION_SQL)) { + deletePermissionsStatement.setString(1, keyManagerConfigurationDTO.getUuid()); + deletePermissionsStatement.executeUpdate(); + } + try (PreparedStatement addPermissionStatement = conn + .prepareStatement(SQLConstants.KeyManagerPermissionsSqlConstants.ADD_KEY_MANAGER_PERMISSION_SQL)) { + for (String role : keyManagerConfigurationDTO.getPermissions().getRoles()) { + addPermissionStatement.setString(1, keyManagerConfigurationDTO.getUuid()); + addPermissionStatement.setString(2, keyManagerConfigurationDTO + .getPermissions().getPermissionType()); + addPermissionStatement.setString(3, role); + addPermissionStatement.addBatch(); + } + addPermissionStatement.executeBatch(); + } conn.commit(); } catch (SQLException e) { conn.rollback(); @@ -9313,6 +9352,11 @@ public void deleteKeyManagerConfigurationById(String id, String organization) th preparedStatement.setString(1, id); preparedStatement.setString(2, organization); preparedStatement.execute(); + try (PreparedStatement deletePermissionsStatement = conn + .prepareStatement(SQLConstants.KeyManagerPermissionsSqlConstants.DELETE_ALL_KEY_MANAGER_PERMISSION_SQL)) { + deletePermissionsStatement.setString(1, id); + deletePermissionsStatement.executeUpdate(); + } conn.commit(); } catch (SQLException e) { conn.rollback(); @@ -9326,152 +9370,43 @@ public void deleteKeyManagerConfigurationById(String id, String organization) th } - public KeyManagerPermissionConfigurationDTO getKeyManagerPermission(String keyManagerUUID, String role) throws APIManagementException { - - Connection conn = null; - PreparedStatement ps = null; - ResultSet resultSet = null; - - KeyManagerPermissionConfigurationDTO keyManagerPermission = null; - try { - String getKeyManagerPermissionQuery = SQLConstants.KeyManagerPermissionsSqlConstants.GET_KEY_MANAGER_PERMISSION_SQL; - conn = APIMgtDBUtil.getConnection(); - ps = conn.prepareStatement(getKeyManagerPermissionQuery); - - ps.setString(1, keyManagerUUID); - ps.setString(2, role); - - resultSet = ps.executeQuery(); - keyManagerPermission = new KeyManagerPermissionConfigurationDTO(); - keyManagerPermission.setKeyManagerUUID(keyManagerUUID); - keyManagerPermission.setRole(role); - if(resultSet.next()){ - keyManagerPermission.setPermissionType(resultSet.getString("PERMISSIONS_TYPE")); - keyManagerPermission.setKeyManagerPermissionID(resultSet.getInt("KEY_MANAGER_PERMISSION_ID")); - } else { - keyManagerPermission.setPermissionType("Public"); - } - } catch (SQLException e) { - handleException("Failed to get Key Manager permission information for Key Manager " + keyManagerUUID + - "for the role " + role, e); - } finally { - APIMgtDBUtil.closeAllConnections(ps, conn, resultSet); - } - return keyManagerPermission; - } - - public List getKeyManagerPermissions(String keyManagerUUID) throws APIManagementException { - - Connection conn = null; - PreparedStatement ps = null; - ResultSet resultSet = null; - - List keyManagerPermissions = new ArrayList<>(); - try { - String getKeyManagerPermissionQuery = SQLConstants.KeyManagerPermissionsSqlConstants.GET_KEY_MANAGER_PERMISSIONS_SQL; - conn = APIMgtDBUtil.getConnection(); - ps = conn.prepareStatement(getKeyManagerPermissionQuery); - - ps.setString(1, keyManagerUUID); - - resultSet = ps.executeQuery(); - if(resultSet.next()){ - KeyManagerPermissionConfigurationDTO keyManagerPermission = new KeyManagerPermissionConfigurationDTO(); - keyManagerPermission.setKeyManagerUUID(keyManagerUUID); - keyManagerPermission.setRole(resultSet.getString("ROLE")); - keyManagerPermission.setPermissionType(resultSet.getString("PERMISSIONS_TYPE")); - keyManagerPermission.setKeyManagerPermissionID(resultSet.getInt("KEY_MANAGER_PERMISSION_ID")); - keyManagerPermissions.add(keyManagerPermission); - } - } catch (SQLException e) { - handleException("Failed to get Key Manager permission information for Key Manager " + keyManagerUUID , e); - } finally { - APIMgtDBUtil.closeAllConnections(ps, conn, resultSet); - } - return keyManagerPermissions; - } - public void updateKeyManagerPermission(String keyManagerUUID, String role, String permissionType) - throws APIManagementException { + public KeyManagerPermissionConfigurationDTO getKeyManagerPermissions(String keyManagerUUID) throws APIManagementException { Connection conn = null; PreparedStatement ps = null; - PreparedStatement insertOrUpdatePS = null; ResultSet resultSet = null; - int keyManagerPermissionId = -1; + KeyManagerPermissionConfigurationDTO keyManagerPermissions = new KeyManagerPermissionConfigurationDTO(); try { - conn = APIMgtDBUtil.getConnection(); - conn.setAutoCommit(false); - - String getKeyManagerPermissionQuery = SQLConstants.KeyManagerPermissionsSqlConstants.GET_KEY_MANAGER_PERMISSION_ID_SQL; - ps = conn.prepareStatement(getKeyManagerPermissionQuery); - ps.setString(1, keyManagerUUID); - ps.setString(2, role); - resultSet = ps.executeQuery(); - if (resultSet.next()) { - keyManagerPermissionId = resultSet.getInt("KEY_MANAGER_PERMISSION_ID"); - } - - if (keyManagerPermissionId == -1) { - String query = SQLConstants.KeyManagerPermissionsSqlConstants.ADD_KEY_MANAGER_PERMISSION_SQL; - insertOrUpdatePS = conn.prepareStatement(query); - insertOrUpdatePS.setString(1, keyManagerUUID); - insertOrUpdatePS.setString(2, permissionType); - insertOrUpdatePS.setString(3, role); - insertOrUpdatePS.execute(); - } else { - String query = SQLConstants.KeyManagerPermissionsSqlConstants.UPDATE_KEY_MANAGER_PERMISSION_SQL; - insertOrUpdatePS = conn.prepareStatement(query); - insertOrUpdatePS.setString(1, keyManagerUUID); - insertOrUpdatePS.setString(2, permissionType); - insertOrUpdatePS.setString(3, role); - insertOrUpdatePS.setInt(4, keyManagerPermissionId); - insertOrUpdatePS.executeUpdate(); - } - conn.commit(); - } catch (SQLException e) { - handleException("Error in updating key manager permissions: " + e.getMessage(), e); - } finally { - APIMgtDBUtil.closeAllConnections(ps, conn, resultSet); - APIMgtDBUtil.closeAllConnections(insertOrUpdatePS, null, null); - } - } - - public void deleteKeyManagerPermission(String keyManagerUUID, String role) throws APIManagementException { - int keyManagerPermissionId = -1; - try (Connection connection = APIMgtDBUtil.getConnection(); - PreparedStatement ps = connection.prepareStatement(SQLConstants.KeyManagerPermissionsSqlConstants.GET_KEY_MANAGER_PERMISSION_ID_SQL)) { - ps.setString(1, keyManagerUUID); - ps.setString(2, role); - try (ResultSet resultSet = ps.executeQuery()) { + try { + String getKeyManagerPermissionQuery = SQLConstants.KeyManagerPermissionsSqlConstants.GET_KEY_MANAGER_PERMISSIONS_SQL; + conn = APIMgtDBUtil.getConnection(); + conn.setAutoCommit(false); + ps = conn.prepareStatement(getKeyManagerPermissionQuery); + ps.setString(1, keyManagerUUID); + resultSet = ps.executeQuery(); + ArrayList roles = new ArrayList<>(); if (resultSet.next()) { - keyManagerPermissionId = resultSet.getInt("KEY_MANAGER_PERMISSION_ID"); + roles.add(resultSet.getString("ROLE")); } - } - if (keyManagerPermissionId != -1) { - try (PreparedStatement preparedStatement = connection.prepareStatement(SQLConstants - .KeyManagerPermissionsSqlConstants.DELETE_KEY_MANAGER_PERMISSION_SQL)) { - preparedStatement.setInt(1, keyManagerPermissionId); - preparedStatement.setString(2, role); - preparedStatement.executeUpdate(); + if (roles.size() > 0) { + keyManagerPermissions.setPermissionType(resultSet.getString("PERMISSIONS_TYPE")); + } else { + keyManagerPermissions.setPermissionType("PUBLIC"); } + keyManagerPermissions.setRoles(roles); + conn.commit(); + } catch (SQLException e) { + conn.rollback(); + handleException("Failed to get Key Manager permission information for Key Manager " + keyManagerUUID, e); + } finally { + APIMgtDBUtil.closeAllConnections(ps, conn, resultSet); } - } catch (SQLException e) { - handleException("Error in deleting key manager permissions: " + e.getMessage(), e); - } - } - - public void deleteAllKeyManagerPermission(String keyManagerUUID) throws APIManagementException { - try (Connection connection = APIMgtDBUtil.getConnection(); - PreparedStatement preparedStatement = connection.prepareStatement(SQLConstants - .KeyManagerPermissionsSqlConstants.DELETE_ALL_KEY_MANAGER_PERMISSION_SQL)) { - preparedStatement.setString(1, keyManagerUUID); - preparedStatement.executeUpdate(); - } catch (SQLException e) { - handleException("Error in deleting key manager permissions: " + e.getMessage(), e); + } catch (Exception e) { + handleException("This try block should be removed" + keyManagerUUID, e); } + return keyManagerPermissions; } - public List getKeyManagerConfigurations() throws APIManagementException { List keyManagerConfigurationDTOS = new ArrayList<>(); diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java index 505f9714d10f..437203dca979 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java @@ -3629,9 +3629,6 @@ public static class KeyManagerPermissionsSqlConstants { " WHERE " + " KEY_MANAGER_PERMISSION_ID = ? "; - public static final String DELETE_KEY_MANAGER_PERMISSION_SQL = "DELETE FROM AM_KEY_MANAGER_PERMISSIONS WHERE " + - "KEY_MANAGER_PERMISSION_ID = ?"; - public static final String DELETE_ALL_KEY_MANAGER_PERMISSION_SQL = "DELETE FROM AM_KEY_MANAGER_PERMISSIONS WHERE " + "KEY_MANAGER_UUID = ?"; diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/KeyManagerPermissionsDTO.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/KeyManagerPermissionsDTO.java index 4c45209c713e..3dfccaf16102 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/KeyManagerPermissionsDTO.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/KeyManagerPermissionsDTO.java @@ -22,23 +22,55 @@ public class KeyManagerPermissionsDTO { - private String permissionType = null; + + @XmlType(name="PermissionTypeEnum") + @XmlEnum(String.class) + public enum PermissionTypeEnum { + PUBLIC("PUBLIC"), + ALLOW("ALLOW"), + DENY("DENY"); + private String value; + + PermissionTypeEnum (String v) { + value = v; + } + + public String value() { + return value; + } + + @Override + public String toString() { + return String.valueOf(value); + } + + @JsonCreator + public static PermissionTypeEnum fromValue(String v) { + for (PermissionTypeEnum b : PermissionTypeEnum.values()) { + if (String.valueOf(b.value).equals(v)) { + return b; + } + } +return null; + } + } + private PermissionTypeEnum permissionType = PermissionTypeEnum.PUBLIC; private List roles = new ArrayList(); /** **/ - public KeyManagerPermissionsDTO permissionType(String permissionType) { + public KeyManagerPermissionsDTO permissionType(PermissionTypeEnum permissionType) { this.permissionType = permissionType; return this; } - @ApiModelProperty(value = "") + @ApiModelProperty(example = "ALLOW", value = "") @JsonProperty("permissionType") - public String getPermissionType() { + public PermissionTypeEnum getPermissionType() { return permissionType; } - public void setPermissionType(String permissionType) { + public void setPermissionType(PermissionTypeEnum permissionType) { this.permissionType = permissionType; } diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/KeyManagersApiServiceImpl.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/KeyManagersApiServiceImpl.java index 2ee84a03b939..6eca0e539ff9 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/KeyManagersApiServiceImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/KeyManagersApiServiceImpl.java @@ -84,7 +84,6 @@ public Response keyManagersKeyManagerIdDelete(String keyManagerId, MessageContex KeyManagerConfigurationDTO keyManagerConfigurationDTO = apiAdmin.getKeyManagerConfigurationById(organization, keyManagerId); if (keyManagerConfigurationDTO != null) { - apiAdmin.deleteKeyManagerPermissionsByUUID(keyManagerId); apiAdmin.deleteKeyManagerConfigurationById(organization, keyManagerConfigurationDTO); APIUtil.logAuditMessage(APIConstants.AuditLogConstants.KEY_MANAGER, new Gson().toJson(keyManagerConfigurationDTO), APIConstants.AuditLogConstants.DELETED, @@ -102,12 +101,6 @@ public Response keyManagersKeyManagerIdGet(String keyManagerId, MessageContext m APIAdmin apiAdmin = new APIAdminImpl(); KeyManagerConfigurationDTO keyManagerConfigurationDTO = apiAdmin.getKeyManagerConfigurationById(organization, keyManagerId); - if (!(keyManagerConfigurationDTO.getName().equals("Resident Key Manager") && organization.equals("carbon.super"))) { - List permissions = apiAdmin.getKeyManagerPermissions(keyManagerId); - if (permissions.size() > 0) { - keyManagerConfigurationDTO.setPermissions(permissions); - } - } if (keyManagerConfigurationDTO != null) { KeyManagerDTO keyManagerDTO = KeyManagerMappingUtil.toKeyManagerDTO(keyManagerConfigurationDTO); return Response.ok(keyManagerDTO).build(); @@ -121,7 +114,6 @@ public Response keyManagersKeyManagerIdPut(String keyManagerId, KeyManagerDTO bo String organization = RestApiUtil.getOrganization(messageContext); APIAdmin apiAdmin = new APIAdminImpl(); try { - body.setId(keyManagerId); KeyManagerConfigurationDTO keyManagerConfigurationDTO = KeyManagerMappingUtil.toKeyManagerConfigurationDTO(organization, body); keyManagerConfigurationDTO.setUuid(keyManagerId); @@ -136,10 +128,6 @@ public Response keyManagersKeyManagerIdPut(String keyManagerId, KeyManagerDTO bo } KeyManagerConfigurationDTO retrievedKeyManagerConfigurationDTO = apiAdmin.updateKeyManagerConfiguration(keyManagerConfigurationDTO); - if (!(keyManagerConfigurationDTO.getName().equals("Resident Key Manager") && organization.equals("carbon.super"))) { - apiAdmin.deleteKeyManagerPermissionsByUUID(keyManagerId); - apiAdmin.updateKeyManagerPermissions(keyManagerConfigurationDTO.getPermissions()); - } APIUtil.logAuditMessage(APIConstants.AuditLogConstants.KEY_MANAGER, new Gson().toJson(keyManagerConfigurationDTO), APIConstants.AuditLogConstants.UPDATED, RestApiCommonUtil.getLoggedInUsername()); @@ -162,9 +150,6 @@ public Response keyManagersPost(KeyManagerDTO body, MessageContext messageContex KeyManagerMappingUtil.toKeyManagerConfigurationDTO(organization, body); KeyManagerConfigurationDTO createdKeyManagerConfiguration = apiAdmin.addKeyManagerConfiguration(keyManagerConfigurationDTO); - if (!(keyManagerConfigurationDTO.getName().equals("Resident Key Manager") && organization.equals("carbon.super"))) { - apiAdmin.addKeyManagerPermissions(createdKeyManagerConfiguration.getUuid(), keyManagerConfigurationDTO.getPermissions()); - } APIUtil.logAuditMessage(APIConstants.AuditLogConstants.KEY_MANAGER, new Gson().toJson(keyManagerConfigurationDTO), APIConstants.AuditLogConstants.CREATED, RestApiCommonUtil.getLoggedInUsername()); diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/KeyManagerMappingUtil.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/KeyManagerMappingUtil.java index 3a7c3665378f..2149a2a1c9c4 100755 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/KeyManagerMappingUtil.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/KeyManagerMappingUtil.java @@ -70,11 +70,10 @@ public static KeyManagerDTO toKeyManagerDTO(KeyManagerConfigurationDTO keyManage KeyManagerPermissionConfigurationDTO permissions = keyManagerConfigurationDTO.getPermissions(); if(permissions != null){ KeyManagerPermissionsDTO keyManagerPermissionsDTO = new KeyManagerPermissionsDTO(); - keyManagerPermissionsDTO.setPermissionType(permissions.getPermissionType()); + keyManagerPermissionsDTO.setPermissionType(KeyManagerPermissionsDTO.PermissionTypeEnum.fromValue(permissions.getPermissionType())); keyManagerPermissionsDTO.setRoles(permissions.getRoles()); keyManagerDTO.setPermissions(keyManagerPermissionsDTO); } - JsonObject jsonObject = fromConfigurationMapToJson(keyManagerConfigurationDTO.getAdditionalProperties()); JsonElement clientRegistrationElement = jsonObject.get(APIConstants.KeyManager.CLIENT_REGISTRATION_ENDPOINT); @@ -223,7 +222,7 @@ public static KeyManagerConfigurationDTO toKeyManagerConfigurationDTO(String ten KeyManagerPermissionsDTO permissions = keyManagerDTO.getPermissions(); if(permissions != null) { KeyManagerPermissionConfigurationDTO permissionsConfiguration = new KeyManagerPermissionConfigurationDTO(); - permissionsConfiguration.setPermissionType(permissions.getPermissionType()); + permissionsConfiguration.setPermissionType(permissions.getPermissionType().toString()); permissionsConfiguration.setRoles(permissions.getRoles()); keyManagerConfigurationDTO.setPermissions(permissionsConfiguration); } diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml index 4c3219bff756..c36cb162e2d3 100755 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/resources/admin-api.yaml @@ -4496,10 +4496,17 @@ components: properties: permissionType: type: string + example: ALLOW + default: PUBLIC + enum: + - PUBLIC + - ALLOW + - DENY roles: type: array items: type: string + example: Internal/subscriber tokenType: type: string description: The type of the tokens to be used (exchanged or without exchanged). From 702e01ba26dea204e78aece7dfbc9d7a11595a8a Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Tue, 3 Oct 2023 12:08:30 +0530 Subject: [PATCH 16/34] Refactor isKeyManagerAllowedForUser method to be reused --- .../carbon/apimgt/impl/APIConsumerImpl.java | 34 ++++++------------- 1 file changed, 11 insertions(+), 23 deletions(-) diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java index aaf615fd6617..953d15cdb6ec 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java @@ -134,9 +134,12 @@ import org.wso2.carbon.apimgt.persistence.exceptions.OASPersistenceException; import org.wso2.carbon.apimgt.persistence.mapper.APIMapper; import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser; +import org.wso2.carbon.identity.core.util.IdentityTenantUtil; import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.api.UserStoreManager; import org.wso2.carbon.user.core.service.RealmService; +import org.wso2.carbon.user.core.util.UserCoreUtil; import org.wso2.carbon.user.mgt.UserAdmin; import org.wso2.carbon.user.mgt.common.UserAdminException; import org.wso2.carbon.utils.multitenancy.MultitenantConstants; @@ -4243,24 +4246,10 @@ public List getKeyManagerConfigurationsByOrganizatio APIAdmin apiAdmin = new APIAdminImpl(); List keyManagerConfigurations = apiAdmin.getKeyManagerConfigurationsByOrganization(organization); - APIKeyMgtRemoteUserStoreMgtService apiKeyMgtRemoteUserStoreMgtService = new APIKeyMgtRemoteUserStoreMgtService(); List permittedKeyManagerConfigurations = new ArrayList<>(); - if(keyManagerConfigurations.size() > 0) { - String[] userRoles = apiKeyMgtRemoteUserStoreMgtService.getUserRoles(username); + if (keyManagerConfigurations.size() > 0) { for (KeyManagerConfigurationDTO keyManagerConfiguration : keyManagerConfigurations) { - KeyManagerPermissionConfigurationDTO permissions = - apiAdmin.getKeyManagerPermissions(keyManagerConfiguration.getUuid()); - String permissionType = permissions.getPermissionType(); - if (permissions != null && !permissionType.equals("PUBLIC")) { - String[] permissionRoles = permissions.getRoles() - .stream() - .toArray(String[]::new); - if (permissionType.equals("ALLOW") && hasIntersection(userRoles,permissionRoles)) { - permittedKeyManagerConfigurations.add(keyManagerConfiguration); - } else if (permissionType.equals("DENY") && !(hasIntersection(userRoles,permissionRoles))){ - permittedKeyManagerConfigurations.add(keyManagerConfiguration); - } - } else { + if (isKeyManagerAllowedForUser(keyManagerConfiguration.getUuid(), username)) { permittedKeyManagerConfigurations.add(keyManagerConfiguration); } } @@ -4269,21 +4258,20 @@ public List getKeyManagerConfigurationsByOrganizatio } public boolean isKeyManagerAllowedForUser(String uuid, String username) throws APIManagementException { APIAdmin apiAdmin = new APIAdminImpl(); - KeyManagerPermissionConfigurationDTO permissions= apiAdmin.getKeyManagerPermissions(uuid); - APIKeyMgtRemoteUserStoreMgtService apiKeyMgtRemoteUserStoreMgtService = new APIKeyMgtRemoteUserStoreMgtService(); - String[] userRoles = apiKeyMgtRemoteUserStoreMgtService.getUserRoles(username); + KeyManagerPermissionConfigurationDTO permissions = apiAdmin.getKeyManagerPermissions(uuid); String permissionType = permissions.getPermissionType(); if (permissions != null && !permissionType.equals("PUBLIC")) { String[] permissionRoles = permissions.getRoles() .stream() .toArray(String[]::new); - if (permissionType.equals("ALLOW") && hasIntersection(userRoles,permissionRoles)) { - return true; - } else if (permissionType.equals("DENY") && !(hasIntersection(userRoles,permissionRoles))){ + String[] userRoles = APIUtil.getListOfRoles(username); + boolean roleIsRestricted = hasIntersection(userRoles,permissionRoles); + if ("ALLOW".equals(permissionType) && roleIsRestricted + || "DENY".equals(permissionType) && !roleIsRestricted) { return true; } } - return false; + return true; } public static boolean hasIntersection(String[] arr1, String[] arr2) { From 7ee04c37e41e450bae3114a044c672ec7fc1caa2 Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Wed, 4 Oct 2023 10:02:28 +0530 Subject: [PATCH 17/34] Add role validation in rest api level --- .../api/dto/KeyManagerConfigurationDTO.java | 1 + .../carbon/apimgt/impl/APIConsumerImpl.java | 6 ++-- .../v1/impl/KeyManagersApiServiceImpl.java | 28 +++++++++++++++++++ .../v1/impl/KeyManagersApiServiceImpl.java | 19 ------------- 4 files changed, 32 insertions(+), 22 deletions(-) diff --git a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerConfigurationDTO.java b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerConfigurationDTO.java index 0795a469a66d..d820689a94ec 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerConfigurationDTO.java +++ b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerConfigurationDTO.java @@ -61,6 +61,7 @@ public KeyManagerConfigurationDTO(KeyManagerConfigurationDTO keyManagerConfigura this.tokenType = keyManagerConfigurationDTO.getTokenType(); this.externalReferenceId = keyManagerConfigurationDTO.getExternalReferenceId(); this.endpoints = keyManagerConfigurationDTO.getEndpoints(); + this.permissions = keyManagerConfigurationDTO.getPermissions(); } public String getName() { diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java index 953d15cdb6ec..4dde76c78810 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java @@ -4266,9 +4266,9 @@ public boolean isKeyManagerAllowedForUser(String uuid, String username) throws A .toArray(String[]::new); String[] userRoles = APIUtil.getListOfRoles(username); boolean roleIsRestricted = hasIntersection(userRoles,permissionRoles); - if ("ALLOW".equals(permissionType) && roleIsRestricted - || "DENY".equals(permissionType) && !roleIsRestricted) { - return true; + if (("ALLOW".equals(permissionType) && !roleIsRestricted) + || ("DENY".equals(permissionType) && roleIsRestricted)) { + return false; } } return true; diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/KeyManagersApiServiceImpl.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/KeyManagersApiServiceImpl.java index 6eca0e539ff9..01f374376395 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/KeyManagersApiServiceImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/KeyManagersApiServiceImpl.java @@ -116,6 +116,16 @@ public Response keyManagersKeyManagerIdPut(String keyManagerId, KeyManagerDTO bo try { KeyManagerConfigurationDTO keyManagerConfigurationDTO = KeyManagerMappingUtil.toKeyManagerConfigurationDTO(organization, body); + KeyManagerPermissionConfigurationDTO keyManagerPermissionConfigurationDTO = + keyManagerConfigurationDTO.getPermissions(); + if (keyManagerPermissionConfigurationDTO != null && keyManagerPermissionConfigurationDTO.getRoles() != null) { + String username = RestApiCommonUtil.getLoggedInUsername(); + for (String role: keyManagerPermissionConfigurationDTO.getRoles()) { + if (!APIUtil.isRoleNameExist(username, role)) { + throw new IllegalArgumentException("Invalid user roles found in visibleRoles list"); + } + } + } keyManagerConfigurationDTO.setUuid(keyManagerId); KeyManagerConfigurationDTO oldKeyManagerConfigurationDTO = apiAdmin.getKeyManagerConfigurationById(organization, keyManagerId); @@ -138,6 +148,10 @@ public Response keyManagersKeyManagerIdPut(String keyManagerId, KeyManagerDTO bo "Error while Retrieving Key Manager configuration for " + keyManagerId + " in organization " + organization; throw new APIManagementException(error, e, ExceptionCodes.INTERNAL_ERROR); + } catch (IllegalArgumentException e) { + String error = "Error while Storing key manager permission roles with name " + + body.getName() + " in tenant " + organization; + throw new APIManagementException(error, e, ExceptionCodes.ROLE_DOES_NOT_EXIST); } } @@ -148,6 +162,16 @@ public Response keyManagersPost(KeyManagerDTO body, MessageContext messageContex try { KeyManagerConfigurationDTO keyManagerConfigurationDTO = KeyManagerMappingUtil.toKeyManagerConfigurationDTO(organization, body); + KeyManagerPermissionConfigurationDTO keyManagerPermissionConfigurationDTO = + keyManagerConfigurationDTO.getPermissions(); + if (keyManagerPermissionConfigurationDTO != null && keyManagerPermissionConfigurationDTO.getRoles() != null) { + String username = RestApiCommonUtil.getLoggedInUsername(); + for (String role: keyManagerPermissionConfigurationDTO.getRoles()) { + if (!APIUtil.isRoleNameExist(username, role)) { + throw new IllegalArgumentException("Invalid user roles found in visibleRoles list"); + } + } + } KeyManagerConfigurationDTO createdKeyManagerConfiguration = apiAdmin.addKeyManagerConfiguration(keyManagerConfigurationDTO); APIUtil.logAuditMessage(APIConstants.AuditLogConstants.KEY_MANAGER, @@ -159,6 +183,10 @@ public Response keyManagersPost(KeyManagerDTO body, MessageContext messageContex } catch (URISyntaxException e) { String error = "Error while Creating Key Manager configuration in organization " + organization; throw new APIManagementException(error, e, ExceptionCodes.INTERNAL_ERROR); + } catch (IllegalArgumentException e) { + String error = "Error while Storing key manager permission roles with name " + + body.getName() + " in tenant " + organization; + throw new APIManagementException(error, e, ExceptionCodes.ROLE_DOES_NOT_EXIST); } } } diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/KeyManagersApiServiceImpl.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/KeyManagersApiServiceImpl.java index fcc8bfc7b4bf..97c5cf20a053 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/KeyManagersApiServiceImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/KeyManagersApiServiceImpl.java @@ -3,35 +3,16 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.cxf.jaxrs.ext.MessageContext; -import org.wso2.carbon.apimgt.api.APIAdmin; import org.wso2.carbon.apimgt.api.APIConsumer; import org.wso2.carbon.apimgt.api.APIManagementException; import org.wso2.carbon.apimgt.api.dto.KeyManagerConfigurationDTO; -import org.wso2.carbon.apimgt.api.dto.KeyManagerPermissionConfigurationDTO; -import org.wso2.carbon.apimgt.impl.APIAdminImpl; -import org.wso2.carbon.apimgt.impl.APIConstants; import org.wso2.carbon.apimgt.impl.APIConsumerImpl; -import org.wso2.carbon.apimgt.impl.internal.ServiceReferenceHolder; -import org.wso2.carbon.apimgt.impl.utils.APIUtil; import org.wso2.carbon.apimgt.rest.api.common.RestApiCommonUtil; import org.wso2.carbon.apimgt.rest.api.store.v1.KeyManagersApiService; import org.wso2.carbon.apimgt.rest.api.store.v1.mappings.KeyManagerMappingUtil; import org.wso2.carbon.apimgt.rest.api.util.utils.RestApiUtil; -import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser; -import org.wso2.carbon.identity.core.util.IdentityTenantUtil; -import org.wso2.carbon.identity.oauth.OAuthUtil; -import org.wso2.carbon.user.api.UserStoreException; -import org.wso2.carbon.user.api.UserStoreManager; -import org.wso2.carbon.user.core.service.RealmService; -import org.wso2.carbon.user.core.util.UserCoreUtil; -import org.wso2.carbon.utils.multitenancy.MultitenantUtils; -import org.wso2.carbon.identity.oauth2.validators.OAuth2TokenValidationMessageContext; -import org.wso2.carbon.apimgt.impl.service.APIKeyMgtRemoteUserStoreMgtService; -import java.util.ArrayList; -import java.util.Arrays; import java.util.List; -import java.util.stream.Collectors; import javax.ws.rs.core.Response; From dc288f92010cadfc5af98b6ffb083008cfa1ff07 Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Wed, 4 Oct 2023 10:04:14 +0530 Subject: [PATCH 18/34] Removes unused DAO methods --- .../carbon/apimgt/impl/dao/ApiMgtDAO.java | 20 +++++++++-------- .../impl/dao/constants/SQLConstants.java | 22 +------------------ 2 files changed, 12 insertions(+), 30 deletions(-) diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java index 234abbfca262..fc8aa355512a 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java @@ -9242,16 +9242,18 @@ public void addKeyManagerConfiguration(KeyManagerConfigurationDTO keyManagerConf preparedStatement.setString(9, keyManagerConfigurationDTO.getTokenType()); preparedStatement.setString(10, keyManagerConfigurationDTO.getExternalReferenceId()); preparedStatement.executeUpdate(); - try (PreparedStatement addPermissionStatement = conn - .prepareStatement(SQLConstants.KeyManagerPermissionsSqlConstants.ADD_KEY_MANAGER_PERMISSION_SQL)) { - for (String role : keyManagerConfigurationDTO.getPermissions().getRoles()) { - addPermissionStatement.setString(1, keyManagerConfigurationDTO.getUuid()); - addPermissionStatement.setString(2, keyManagerConfigurationDTO - .getPermissions().getPermissionType()); - addPermissionStatement.setString(3, role); - addPermissionStatement.addBatch(); + if (keyManagerConfigurationDTO.getPermissions() != null) { + try (PreparedStatement addPermissionStatement = conn + .prepareStatement(SQLConstants.KeyManagerPermissionsSqlConstants.ADD_KEY_MANAGER_PERMISSION_SQL)) { + for (String role : keyManagerConfigurationDTO.getPermissions().getRoles()) { + addPermissionStatement.setString(1, keyManagerConfigurationDTO.getUuid()); + addPermissionStatement.setString(2, keyManagerConfigurationDTO + .getPermissions().getPermissionType()); + addPermissionStatement.setString(3, role); + addPermissionStatement.addBatch(); + } + addPermissionStatement.executeBatch(); } - addPermissionStatement.executeBatch(); } conn.commit(); } catch (SQLException e) { diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java index 437203dca979..0e0bc6a451a6 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java @@ -3609,36 +3609,16 @@ public static class KeyManagerSqlConstants { */ public static class KeyManagerPermissionsSqlConstants { - public static final String GET_KEY_MANAGER_PERMISSION_ID_SQL = - " SELECT KEY_MANAGER_PERMISSION_ID " + - " FROM AM_KEY_MANAGER_PERMISSIONS " + - " WHERE KEY_MANAGER_UUID = ? AND " + "ROLE = ?"; - public static final String ADD_KEY_MANAGER_PERMISSION_SQL = " INSERT INTO" + " AM_KEY_MANAGER_PERMISSIONS (KEY_MANAGER_UUID, PERMISSIONS_TYPE, ROLE)" + " VALUES(?, ?, ?)"; - public static final String UPDATE_KEY_MANAGER_PERMISSION_SQL = - " UPDATE" + - " AM_KEY_MANAGER_PERMISSIONS " + - " SET " + - " KEY_MANAGER_UUID = ?, " + - " PERMISSIONS_TYPE = ?," + - " ROLE = ? " + - " WHERE " + - " KEY_MANAGER_PERMISSION_ID = ? "; - public static final String DELETE_ALL_KEY_MANAGER_PERMISSION_SQL = "DELETE FROM AM_KEY_MANAGER_PERMISSIONS WHERE " + "KEY_MANAGER_UUID = ?"; - public static final String GET_KEY_MANAGER_PERMISSION_SQL = - " SELECT KEY_MANAGER_PERMISSION_ID, PERMISSIONS_TYPE" + - " FROM AM_KEY_MANAGER_PERMISSIONS " + - " WHERE KEY_MANAGER_UUID = ? AND ROLE = ?"; - public static final String GET_KEY_MANAGER_PERMISSIONS_SQL = - "SELECT KEY_MANAGER_PERMISSION_ID, PERMISSIONS_TYPE, ROLE" + + "SELECT PERMISSIONS_TYPE, ROLE" + " FROM AM_KEY_MANAGER_PERMISSIONS " + " WHERE KEY_MANAGER_UUID = ?"; } From 31c26207a2a68b9e5364c02ebcc2e27ff6c588b4 Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Wed, 4 Oct 2023 12:06:20 +0530 Subject: [PATCH 19/34] Changes to adhere to wso2 checkstyle --- .../wso2/carbon/apimgt/api/APIConsumer.java | 8 +-- .../api/dto/KeyManagerConfigurationDTO.java | 8 +-- .../KeyManagerPermissionConfigurationDTO.java | 7 +++ .../wso2/carbon/apimgt/impl/APIAdminImpl.java | 7 +-- .../carbon/apimgt/impl/APIConsumerImpl.java | 27 ++++++---- .../carbon/apimgt/impl/dao/ApiMgtDAO.java | 53 +++++++++---------- .../impl/dao/constants/SQLConstants.java | 4 +- .../v1/impl/KeyManagersApiServiceImpl.java | 46 ++++++++-------- .../utils/mappings/KeyManagerMappingUtil.java | 5 +- 9 files changed, 94 insertions(+), 71 deletions(-) diff --git a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIConsumer.java b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIConsumer.java index 0e770a49740e..43555fde07ee 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIConsumer.java +++ b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIConsumer.java @@ -809,12 +809,12 @@ Set getPaginatedSubscribedAPIsByApplication(Application applicati List getKeyManagerConfigurationsByOrganization(String organization, String username) throws APIManagementException; /** - * This method used to retrieve key manager configurations for tenant - * @param uuid uuid of the key manager - * @param user username of the logged in user + * This method used to check if key manager configuration is allowed for user + * @param keyManagerId uuid of the key manager + * @param username username of the logged in user * @return boolean * @throws APIManagementException if error occurred */ - boolean isKeyManagerAllowedForUser(String uuid, String username) throws APIManagementException; + boolean isKeyManagerAllowedForUser(String keyManagerId, String username) throws APIManagementException; } diff --git a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerConfigurationDTO.java b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerConfigurationDTO.java index d820689a94ec..f989bba03edd 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerConfigurationDTO.java +++ b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerConfigurationDTO.java @@ -42,10 +42,9 @@ public class KeyManagerConfigurationDTO implements Serializable { private String tokenType; private String externalReferenceId = null; private String alias = null; - private KeyManagerPermissionConfigurationDTO permissions = null; + private KeyManagerPermissionConfigurationDTO permissions = new KeyManagerPermissionConfigurationDTO(); public KeyManagerConfigurationDTO() { - } public KeyManagerConfigurationDTO(KeyManagerConfigurationDTO keyManagerConfigurationDTO) { @@ -61,7 +60,7 @@ public KeyManagerConfigurationDTO(KeyManagerConfigurationDTO keyManagerConfigura this.tokenType = keyManagerConfigurationDTO.getTokenType(); this.externalReferenceId = keyManagerConfigurationDTO.getExternalReferenceId(); this.endpoints = keyManagerConfigurationDTO.getEndpoints(); - this.permissions = keyManagerConfigurationDTO.getPermissions(); + this.setPermissions(keyManagerConfigurationDTO.getPermissions()); } public String getName() { @@ -192,6 +191,9 @@ public KeyManagerPermissionConfigurationDTO getPermissions () { } public void setPermissions (KeyManagerPermissionConfigurationDTO permissions) { + if (permissions == null) { + permissions = new KeyManagerPermissionConfigurationDTO(); + } this.permissions = permissions; } } diff --git a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerPermissionConfigurationDTO.java b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerPermissionConfigurationDTO.java index c0a12fa7c149..81d62a154888 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerPermissionConfigurationDTO.java +++ b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerPermissionConfigurationDTO.java @@ -5,12 +5,16 @@ import java.util.ArrayList; import java.util.List; +/** + *KeyManagerPermissionConfiguration model + */ public class KeyManagerPermissionConfigurationDTO implements Serializable { private String permissionType = null; private List roles = new ArrayList(); public KeyManagerPermissionConfigurationDTO () { + this.setPermissionType("PUBLIC"); } public KeyManagerPermissionConfigurationDTO(String permissionType, List roles) { @@ -31,6 +35,9 @@ public List getRoles() { } public void setRoles(List roles) { + if (roles == null) { + roles = new ArrayList(); + } this.roles = roles; } } diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIAdminImpl.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIAdminImpl.java index d2b25cd34d7e..ac0adcb5ac7b 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIAdminImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIAdminImpl.java @@ -747,12 +747,13 @@ public KeyManagerConfigurationDTO updateKeyManagerConfiguration( return keyManagerConfigurationDTO; } @Override - public KeyManagerPermissionConfigurationDTO getKeyManagerPermissions (String id) throws APIManagementException { + public KeyManagerPermissionConfigurationDTO getKeyManagerPermissions(String id) throws APIManagementException { + KeyManagerPermissionConfigurationDTO keyManagerPermissionConfigurationDTO; try { keyManagerPermissionConfigurationDTO = apiMgtDAO.getKeyManagerPermissions(id); - } catch (Exception e) { - throw new APIManagementException("Key Manager Permissions retrieval failed " + e.getMessage()); + } catch (APIManagementException e) { + throw new APIManagementException("Key Manager Permissions retrieval failed for Key Manager id " + id); } return keyManagerPermissionConfigurationDTO; } diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java index 4dde76c78810..14d78ea6703a 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java @@ -101,7 +101,6 @@ import org.wso2.carbon.apimgt.impl.recommendationmgt.RecommendationEnvironment; import org.wso2.carbon.apimgt.impl.recommendationmgt.RecommenderDetailsExtractor; import org.wso2.carbon.apimgt.impl.recommendationmgt.RecommenderEventPublisher; -import org.wso2.carbon.apimgt.impl.service.APIKeyMgtRemoteUserStoreMgtService; import org.wso2.carbon.apimgt.impl.token.ApiKeyGenerator; import org.wso2.carbon.apimgt.impl.utils.APIAPIProductNameComparator; import org.wso2.carbon.apimgt.impl.utils.APIMWSDLReader; @@ -134,12 +133,9 @@ import org.wso2.carbon.apimgt.persistence.exceptions.OASPersistenceException; import org.wso2.carbon.apimgt.persistence.mapper.APIMapper; import org.wso2.carbon.context.PrivilegedCarbonContext; -import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser; -import org.wso2.carbon.identity.core.util.IdentityTenantUtil; import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.api.UserStoreManager; import org.wso2.carbon.user.core.service.RealmService; -import org.wso2.carbon.user.core.util.UserCoreUtil; import org.wso2.carbon.user.mgt.UserAdmin; import org.wso2.carbon.user.mgt.common.UserAdminException; import org.wso2.carbon.utils.multitenancy.MultitenantConstants; @@ -4237,12 +4233,15 @@ private void checkSubscriptionAllowed(ApiTypeWrapper apiTypeWrapper) } /** - * This method used to retrieve key manager configurations for tenant + * This method is used to retrieve key manager configurations for tenant * @param organization organization of the key manager * @return KeyManagerConfigurationDTO list * @throws APIManagementException if error occurred */ - public List getKeyManagerConfigurationsByOrganization(String organization, String username) throws APIManagementException{ + @Override + public List getKeyManagerConfigurationsByOrganization( + String organization, String username) throws APIManagementException { + APIAdmin apiAdmin = new APIAdminImpl(); List keyManagerConfigurations = apiAdmin.getKeyManagerConfigurationsByOrganization(organization); @@ -4256,16 +4255,26 @@ public List getKeyManagerConfigurationsByOrganizatio } return permittedKeyManagerConfigurations; } - public boolean isKeyManagerAllowedForUser(String uuid, String username) throws APIManagementException { + + /** + * This method is used to check if key manager configuration is allowed for user + * @param keyManagerId uuid of the key manager + * @param username username of the logged in user + * @return boolean + * @throws APIManagementException if error occurred + */ + @Override + public boolean isKeyManagerAllowedForUser(String keyManagerId, String username) throws APIManagementException { + APIAdmin apiAdmin = new APIAdminImpl(); - KeyManagerPermissionConfigurationDTO permissions = apiAdmin.getKeyManagerPermissions(uuid); + KeyManagerPermissionConfigurationDTO permissions = apiAdmin.getKeyManagerPermissions(keyManagerId); String permissionType = permissions.getPermissionType(); if (permissions != null && !permissionType.equals("PUBLIC")) { String[] permissionRoles = permissions.getRoles() .stream() .toArray(String[]::new); String[] userRoles = APIUtil.getListOfRoles(username); - boolean roleIsRestricted = hasIntersection(userRoles,permissionRoles); + boolean roleIsRestricted = hasIntersection(userRoles, permissionRoles); if (("ALLOW".equals(permissionType) && !roleIsRestricted) || ("DENY".equals(permissionType) && roleIsRestricted)) { return false; diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java index fc8aa355512a..1861ec67968d 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java @@ -9242,13 +9242,13 @@ public void addKeyManagerConfiguration(KeyManagerConfigurationDTO keyManagerConf preparedStatement.setString(9, keyManagerConfigurationDTO.getTokenType()); preparedStatement.setString(10, keyManagerConfigurationDTO.getExternalReferenceId()); preparedStatement.executeUpdate(); - if (keyManagerConfigurationDTO.getPermissions() != null) { + KeyManagerPermissionConfigurationDTO permissionDTO = keyManagerConfigurationDTO.getPermissions(); + if (permissionDTO != null && permissionDTO.getPermissionType() != "PUBLIC") { try (PreparedStatement addPermissionStatement = conn .prepareStatement(SQLConstants.KeyManagerPermissionsSqlConstants.ADD_KEY_MANAGER_PERMISSION_SQL)) { for (String role : keyManagerConfigurationDTO.getPermissions().getRoles()) { addPermissionStatement.setString(1, keyManagerConfigurationDTO.getUuid()); - addPermissionStatement.setString(2, keyManagerConfigurationDTO - .getPermissions().getPermissionType()); + addPermissionStatement.setString(2, permissionDTO.getPermissionType()); addPermissionStatement.setString(3, role); addPermissionStatement.addBatch(); } @@ -9317,21 +9317,23 @@ public void updateKeyManagerConfiguration(KeyManagerConfigurationDTO keyManagerC preparedStatement.setString(9, keyManagerConfigurationDTO.getExternalReferenceId()); preparedStatement.setString(10, keyManagerConfigurationDTO.getUuid()); preparedStatement.executeUpdate(); - try (PreparedStatement deletePermissionsStatement = conn - .prepareStatement(SQLConstants.KeyManagerPermissionsSqlConstants.DELETE_ALL_KEY_MANAGER_PERMISSION_SQL)) { + try (PreparedStatement deletePermissionsStatement = conn.prepareStatement(SQLConstants + .KeyManagerPermissionsSqlConstants.DELETE_ALL_KEY_MANAGER_PERMISSION_SQL)) { deletePermissionsStatement.setString(1, keyManagerConfigurationDTO.getUuid()); deletePermissionsStatement.executeUpdate(); } - try (PreparedStatement addPermissionStatement = conn - .prepareStatement(SQLConstants.KeyManagerPermissionsSqlConstants.ADD_KEY_MANAGER_PERMISSION_SQL)) { - for (String role : keyManagerConfigurationDTO.getPermissions().getRoles()) { - addPermissionStatement.setString(1, keyManagerConfigurationDTO.getUuid()); - addPermissionStatement.setString(2, keyManagerConfigurationDTO - .getPermissions().getPermissionType()); - addPermissionStatement.setString(3, role); - addPermissionStatement.addBatch(); + KeyManagerPermissionConfigurationDTO permissionDTO = keyManagerConfigurationDTO.getPermissions(); + if (permissionDTO != null && permissionDTO.getPermissionType() != "PUBLIC") { + try (PreparedStatement addPermissionStatement = conn.prepareStatement(SQLConstants + .KeyManagerPermissionsSqlConstants.ADD_KEY_MANAGER_PERMISSION_SQL)) { + for (String role : permissionDTO.getRoles()) { + addPermissionStatement.setString(1, keyManagerConfigurationDTO.getUuid()); + addPermissionStatement.setString(2, permissionDTO.getPermissionType()); + addPermissionStatement.setString(3, role); + addPermissionStatement.addBatch(); + } + addPermissionStatement.executeBatch(); } - addPermissionStatement.executeBatch(); } conn.commit(); } catch (SQLException e) { @@ -9374,19 +9376,17 @@ public void deleteKeyManagerConfigurationById(String id, String organization) th public KeyManagerPermissionConfigurationDTO getKeyManagerPermissions(String keyManagerUUID) throws APIManagementException { - Connection conn = null; - PreparedStatement ps = null; - ResultSet resultSet = null; - - KeyManagerPermissionConfigurationDTO keyManagerPermissions = new KeyManagerPermissionConfigurationDTO(); - try { + KeyManagerPermissionConfigurationDTO keyManagerPermissions = + new KeyManagerPermissionConfigurationDTO(); + try (Connection conn = APIMgtDBUtil.getConnection()) { + conn.setAutoCommit(false); + keyManagerPermissions = new KeyManagerPermissionConfigurationDTO(); try { String getKeyManagerPermissionQuery = SQLConstants.KeyManagerPermissionsSqlConstants.GET_KEY_MANAGER_PERMISSIONS_SQL; - conn = APIMgtDBUtil.getConnection(); conn.setAutoCommit(false); - ps = conn.prepareStatement(getKeyManagerPermissionQuery); + PreparedStatement ps = conn.prepareStatement(getKeyManagerPermissionQuery); ps.setString(1, keyManagerUUID); - resultSet = ps.executeQuery(); + ResultSet resultSet = ps.executeQuery(); ArrayList roles = new ArrayList<>(); if (resultSet.next()) { roles.add(resultSet.getString("ROLE")); @@ -9401,11 +9401,10 @@ public KeyManagerPermissionConfigurationDTO getKeyManagerPermissions(String keyM } catch (SQLException e) { conn.rollback(); handleException("Failed to get Key Manager permission information for Key Manager " + keyManagerUUID, e); - } finally { - APIMgtDBUtil.closeAllConnections(ps, conn, resultSet); } - } catch (Exception e) { - handleException("This try block should be removed" + keyManagerUUID, e); + } catch (SQLException e) { + throw new APIManagementException( + "Error while retrieving key manager permissions with id " + keyManagerUUID, e); } return keyManagerPermissions; } diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java index 0e0bc6a451a6..3ed10ceb00d2 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/constants/SQLConstants.java @@ -3614,8 +3614,8 @@ public static class KeyManagerPermissionsSqlConstants { " AM_KEY_MANAGER_PERMISSIONS (KEY_MANAGER_UUID, PERMISSIONS_TYPE, ROLE)" + " VALUES(?, ?, ?)"; - public static final String DELETE_ALL_KEY_MANAGER_PERMISSION_SQL = "DELETE FROM AM_KEY_MANAGER_PERMISSIONS WHERE " + - "KEY_MANAGER_UUID = ?"; + public static final String DELETE_ALL_KEY_MANAGER_PERMISSION_SQL = "DELETE FROM AM_KEY_MANAGER_PERMISSIONS" + + " WHERE KEY_MANAGER_UUID = ?"; public static final String GET_KEY_MANAGER_PERMISSIONS_SQL = "SELECT PERMISSIONS_TYPE, ROLE" + diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/KeyManagersApiServiceImpl.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/KeyManagersApiServiceImpl.java index 01f374376395..d680a656824e 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/KeyManagersApiServiceImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/KeyManagersApiServiceImpl.java @@ -24,7 +24,6 @@ import org.wso2.carbon.apimgt.rest.api.admin.v1.KeyManagersApiService; import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerDTO; import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerListDTO; -import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerPermissionsDTO; import org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerWellKnownResponseDTO; import org.wso2.carbon.apimgt.rest.api.admin.v1.utils.mappings.KeyManagerMappingUtil; import org.wso2.carbon.apimgt.rest.api.common.RestApiCommonUtil; @@ -33,6 +32,7 @@ import java.net.URI; import java.net.URISyntaxException; +import java.util.Arrays; import java.util.List; import javax.ws.rs.core.Response; @@ -118,14 +118,7 @@ public Response keyManagersKeyManagerIdPut(String keyManagerId, KeyManagerDTO bo KeyManagerMappingUtil.toKeyManagerConfigurationDTO(organization, body); KeyManagerPermissionConfigurationDTO keyManagerPermissionConfigurationDTO = keyManagerConfigurationDTO.getPermissions(); - if (keyManagerPermissionConfigurationDTO != null && keyManagerPermissionConfigurationDTO.getRoles() != null) { - String username = RestApiCommonUtil.getLoggedInUsername(); - for (String role: keyManagerPermissionConfigurationDTO.getRoles()) { - if (!APIUtil.isRoleNameExist(username, role)) { - throw new IllegalArgumentException("Invalid user roles found in visibleRoles list"); - } - } - } + this.validatePermissions(keyManagerPermissionConfigurationDTO); keyManagerConfigurationDTO.setUuid(keyManagerId); KeyManagerConfigurationDTO oldKeyManagerConfigurationDTO = apiAdmin.getKeyManagerConfigurationById(organization, keyManagerId); @@ -145,11 +138,11 @@ public Response keyManagersKeyManagerIdPut(String keyManagerId, KeyManagerDTO bo } } catch (APIManagementException e) { String error = - "Error while Retrieving Key Manager configuration for " + keyManagerId + " in organization " + + "Error while updating Key Manager configuration for " + keyManagerId + " in organization " + organization; throw new APIManagementException(error, e, ExceptionCodes.INTERNAL_ERROR); } catch (IllegalArgumentException e) { - String error = "Error while Storing key manager permission roles with name " + String error = "Error while storing key manager permissions with name " + body.getName() + " in tenant " + organization; throw new APIManagementException(error, e, ExceptionCodes.ROLE_DOES_NOT_EXIST); } @@ -164,14 +157,7 @@ public Response keyManagersPost(KeyManagerDTO body, MessageContext messageContex KeyManagerMappingUtil.toKeyManagerConfigurationDTO(organization, body); KeyManagerPermissionConfigurationDTO keyManagerPermissionConfigurationDTO = keyManagerConfigurationDTO.getPermissions(); - if (keyManagerPermissionConfigurationDTO != null && keyManagerPermissionConfigurationDTO.getRoles() != null) { - String username = RestApiCommonUtil.getLoggedInUsername(); - for (String role: keyManagerPermissionConfigurationDTO.getRoles()) { - if (!APIUtil.isRoleNameExist(username, role)) { - throw new IllegalArgumentException("Invalid user roles found in visibleRoles list"); - } - } - } + this.validatePermissions(keyManagerPermissionConfigurationDTO); KeyManagerConfigurationDTO createdKeyManagerConfiguration = apiAdmin.addKeyManagerConfiguration(keyManagerConfigurationDTO); APIUtil.logAuditMessage(APIConstants.AuditLogConstants.KEY_MANAGER, @@ -181,12 +167,30 @@ public Response keyManagersPost(KeyManagerDTO body, MessageContext messageContex return Response.created(location) .entity(KeyManagerMappingUtil.toKeyManagerDTO(createdKeyManagerConfiguration)).build(); } catch (URISyntaxException e) { - String error = "Error while Creating Key Manager configuration in organization " + organization; + String error = "Error while creating Key Manager configuration in organization " + organization; throw new APIManagementException(error, e, ExceptionCodes.INTERNAL_ERROR); } catch (IllegalArgumentException e) { - String error = "Error while Storing key manager permission roles with name " + String error = "Error while storing Key Manager permission roles with name " + body.getName() + " in tenant " + organization; throw new APIManagementException(error, e, ExceptionCodes.ROLE_DOES_NOT_EXIST); } } + + public void validatePermissions (KeyManagerPermissionConfigurationDTO permissionDTO) + throws IllegalArgumentException, APIManagementException{ + if (permissionDTO != null && permissionDTO.getRoles() != null) { + String username = RestApiCommonUtil.getLoggedInUsername(); + String[] allowedPermissionTypes = {"PUBLIC", "ALLOW", "DENY"}; + String permissionType = permissionDTO.getPermissionType(); + if (!Arrays.stream(allowedPermissionTypes).anyMatch(permissionType::equals)) { + throw new APIManagementException("Invalid permission type"); + } + for (String role : permissionDTO.getRoles()) { + if (!APIUtil.isRoleNameExist(username, role)) { + throw new IllegalArgumentException("Invalid user roles found in visibleRoles list"); + } + } + } + } + } diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/KeyManagerMappingUtil.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/KeyManagerMappingUtil.java index 2149a2a1c9c4..d6d66303c712 100755 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/KeyManagerMappingUtil.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/KeyManagerMappingUtil.java @@ -68,9 +68,10 @@ public static KeyManagerDTO toKeyManagerDTO(KeyManagerConfigurationDTO keyManage keyManagerDTO.setAlias(keyManagerConfigurationDTO.getAlias()); keyManagerDTO.setTokenType(KeyManagerDTO.TokenTypeEnum.fromValue(keyManagerConfigurationDTO.getTokenType())); KeyManagerPermissionConfigurationDTO permissions = keyManagerConfigurationDTO.getPermissions(); - if(permissions != null){ + if (permissions != null) { KeyManagerPermissionsDTO keyManagerPermissionsDTO = new KeyManagerPermissionsDTO(); - keyManagerPermissionsDTO.setPermissionType(KeyManagerPermissionsDTO.PermissionTypeEnum.fromValue(permissions.getPermissionType())); + keyManagerPermissionsDTO.setPermissionType(KeyManagerPermissionsDTO.PermissionTypeEnum + .fromValue(permissions.getPermissionType())); keyManagerPermissionsDTO.setRoles(permissions.getRoles()); keyManagerDTO.setPermissions(keyManagerPermissionsDTO); } From 1ab19fc82cc8f1aa33da03bd1fcf56bfe9ee610c Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Thu, 5 Oct 2023 11:12:40 +0530 Subject: [PATCH 20/34] Adding error code for restricted key manager access --- .../java/org/wso2/carbon/apimgt/api/ExceptionCodes.java | 1 + .../api/admin/v1/utils/mappings/KeyManagerMappingUtil.java | 4 +++- .../rest/api/store/v1/impl/ApplicationsApiServiceImpl.java | 6 ++++-- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/ExceptionCodes.java b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/ExceptionCodes.java index a387f492fc3e..5d663b7a1e35 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/ExceptionCodes.java +++ b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/ExceptionCodes.java @@ -541,6 +541,7 @@ public enum ExceptionCodes implements ErrorHandler { "Revision deployment request conflicted with the current deployment state of the revision %s. Please try again later", false), INVALID_API_ID(902006, "Invalid API ID", 404, "The provided API ID is not found %s", false), INVALID_ENDPOINT_CONFIG(902012, "Endpoint config value(s) is(are) not valid", 400, "Endpoint config value(s) is(are) not valid"), + KEY_MANAGER_RESTRICTED_FOR_USER(902013, "Unauthorized Access to Key Manager", 403, "Key Manager is Restricted for this user"), ARTIFACT_SYNC_HTTP_REQUEST_FAILED(903009, "Error while retrieving from remote endpoint", 500, "Error while executing HTTP request to retrieve from remote endpoint"); private final long errorCode; diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/KeyManagerMappingUtil.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/KeyManagerMappingUtil.java index d6d66303c712..c4ab71b5cadb 100755 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/KeyManagerMappingUtil.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/KeyManagerMappingUtil.java @@ -221,11 +221,13 @@ public static KeyManagerConfigurationDTO toKeyManagerConfigurationDTO(String ten keyManagerConfigurationDTO.setTokenType(keyManagerDTO.getTokenType().toString()); keyManagerConfigurationDTO.setAlias(keyManagerDTO.getAlias()); KeyManagerPermissionsDTO permissions = keyManagerDTO.getPermissions(); - if(permissions != null) { + if(permissions != null && permissions.getPermissionType() != null) { KeyManagerPermissionConfigurationDTO permissionsConfiguration = new KeyManagerPermissionConfigurationDTO(); permissionsConfiguration.setPermissionType(permissions.getPermissionType().toString()); permissionsConfiguration.setRoles(permissions.getRoles()); keyManagerConfigurationDTO.setPermissions(permissionsConfiguration); + } else { + keyManagerConfigurationDTO.setPermissions(new KeyManagerPermissionConfigurationDTO()); } Map additionalProperties = new HashMap(); if (keyManagerDTO.getAdditionalProperties() != null && keyManagerDTO.getAdditionalProperties() instanceof Map) { diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/ApplicationsApiServiceImpl.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/ApplicationsApiServiceImpl.java index 4440a64c5350..ea8e6d9c0083 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/ApplicationsApiServiceImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/ApplicationsApiServiceImpl.java @@ -37,6 +37,7 @@ import org.wso2.carbon.apimgt.api.APIConsumer; import org.wso2.carbon.apimgt.api.APIManagementException; import org.wso2.carbon.apimgt.api.EmptyCallbackURLForCodeGrantsException; +import org.wso2.carbon.apimgt.api.ErrorItem; import org.wso2.carbon.apimgt.api.ExceptionCodes; import org.wso2.carbon.apimgt.api.model.APIIdentifier; import org.wso2.carbon.apimgt.api.model.APIKey; @@ -47,7 +48,6 @@ import org.wso2.carbon.apimgt.api.model.Scope; import org.wso2.carbon.apimgt.api.model.Subscriber; import org.wso2.carbon.apimgt.impl.APIConstants; -import org.wso2.carbon.apimgt.impl.APIConsumerImpl; import org.wso2.carbon.apimgt.impl.APIManagerFactory; import org.wso2.carbon.apimgt.impl.dao.ApiMgtDAO; import org.wso2.carbon.apimgt.impl.importexport.APIImportExportException; @@ -99,6 +99,7 @@ import java.util.List; import java.util.Map; import java.util.Set; +import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; public class ApplicationsApiServiceImpl implements ApplicationsApiService { @@ -741,7 +742,8 @@ public Response applicationsApplicationIdGenerateKeysPost(String applicationId, try { APIConsumer apiConsumer = APIManagerFactory.getInstance().getAPIConsumer(username); if (!(apiConsumer.isKeyManagerAllowedForUser(body.getKeyManager(), username))) { - return Response.status(403, "Key Manager is Restricted for this user").build(); + throw new APIManagementException("Key Manager is permission restricted", + ExceptionCodes.KEY_MANAGER_RESTRICTED_FOR_USER); } Application application = apiConsumer.getApplicationByUUID(applicationId); if (application != null) { From ed65537c66d8537a5ed15560d45b3f27d0477c4d Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Thu, 5 Oct 2023 11:58:32 +0530 Subject: [PATCH 21/34] Changes in DB scripts --- .../main/resources/multi-dc/OGG/oracle/apimgt/tables.sql | 8 ++++++++ .../resources/multi-dc/SQLServer/mssql/apimgt/tables.sql | 9 +++++++++ .../src/main/resources/sql/db2.sql | 9 +++++++++ .../src/main/resources/sql/h2.sql | 8 ++++++++ .../src/main/resources/sql/mssql.sql | 9 +++++++++ .../src/main/resources/sql/mysql.sql | 8 ++++++++ .../src/main/resources/sql/mysql_cluster.sql | 8 ++++++++ .../src/main/resources/sql/oracle.sql | 9 +++++++++ .../src/main/resources/sql/oracle_rac.sql | 9 +++++++++ 9 files changed, 77 insertions(+) diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/OGG/oracle/apimgt/tables.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/OGG/oracle/apimgt/tables.sql index 74ed07148881..171927287de9 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/OGG/oracle/apimgt/tables.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/OGG/oracle/apimgt/tables.sql @@ -2110,6 +2110,14 @@ CREATE TABLE AM_KEY_MANAGER ( UNIQUE (NAME,ORGANIZATION) ) / +CREATE TABLE AM_KEY_MANAGER_PERMISSIONS ( + KEY_MANAGER_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (KEY_MANAGER_UUID, ROLE), + FOREIGN KEY (KEY_MANAGER_UUID) REFERENCES AM_KEY_MANAGER(UUID) ON DELETE CASCADE +) + / -- AM_GW_PUBLISHED_API_DETAILS & AM_GW_API_ARTIFACTS are independent tables for Artifact synchronizer feature which -- -- should not have any referential integrity constraints with other tables in AM database-- diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/SQLServer/mssql/apimgt/tables.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/SQLServer/mssql/apimgt/tables.sql index 981b446749f7..227734021423 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/SQLServer/mssql/apimgt/tables.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/multi-dc/SQLServer/mssql/apimgt/tables.sql @@ -2232,6 +2232,15 @@ CREATE TABLE AM_KEY_MANAGER ( UNIQUE (NAME,ORGANIZATION) ); +IF NOT EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[AM_KEY_MANAGER_PERMISSIONS]') AND TYPE IN (N'U')) +CREATE TABLE AM_KEY_MANAGER_PERMISSIONS ( + KEY_MANAGER_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (KEY_MANAGER_UUID, ROLE), + FOREIGN KEY (KEY_MANAGER_UUID) REFERENCES AM_KEY_MANAGER(UUID) ON DELETE CASCADE +); + IF NOT EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[AM_GW_PUBLISHED_API_DETAILS]') AND TYPE IN (N'U')) CREATE TABLE AM_GW_PUBLISHED_API_DETAILS ( API_ID varchar(255) NOT NULL, diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql index 147b5d683e66..216844581ba2 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/db2.sql @@ -2840,6 +2840,15 @@ CREATE TABLE AM_KEY_MANAGER ( ) / +CREATE TABLE AM_KEY_MANAGER_PERMISSIONS ( + KEY_MANAGER_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (KEY_MANAGER_UUID, ROLE), + FOREIGN KEY (KEY_MANAGER_UUID) REFERENCES AM_KEY_MANAGER(UUID) ON DELETE CASCADE +) + / + CREATE TABLE AM_API_CATEGORIES ( UUID VARCHAR(50) NOT NULL, NAME VARCHAR(255) NOT NULL, diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql index 07fcc4669ad9..b26ff42a9347 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/h2.sql @@ -2079,6 +2079,14 @@ CREATE TABLE IF NOT EXISTS AM_KEY_MANAGER ( UNIQUE (NAME,ORGANIZATION) ); +CREATE TABLE IF NOT EXISTS AM_KEY_MANAGER_PERMISSIONS ( + KEY_MANAGER_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (KEY_MANAGER_UUID, ROLE), + FOREIGN KEY (KEY_MANAGER_UUID) REFERENCES AM_KEY_MANAGER(UUID) ON DELETE CASCADE +); + -- AM_GW_PUBLISHED_API_DETAILS & AM_GW_API_ARTIFACTS are independent tables for Artifact synchronizer feature which -- -- should not have any referential integrity constraints with other tables in AM database-- CREATE TABLE IF NOT EXISTS AM_GW_PUBLISHED_API_DETAILS ( diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql index 27deaa03fed0..c5e415b218cd 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mssql.sql @@ -2313,6 +2313,15 @@ CREATE TABLE AM_KEY_MANAGER ( UNIQUE (NAME,ORGANIZATION) ); +IF NOT EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[AM_KEY_MANAGER_PERMISSIONS]') AND TYPE IN (N'U')) +CREATE TABLE AM_KEY_MANAGER_PERMISSIONS ( + KEY_MANAGER_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (KEY_MANAGER_UUID, ROLE), + FOREIGN KEY (KEY_MANAGER_UUID) REFERENCES AM_KEY_MANAGER(UUID) ON DELETE CASCADE +); + IF NOT EXISTS (SELECT * FROM SYS.OBJECTS WHERE OBJECT_ID = OBJECT_ID(N'[DBO].[AM_GW_PUBLISHED_API_DETAILS]') AND TYPE IN (N'U')) CREATE TABLE AM_GW_PUBLISHED_API_DETAILS ( API_ID varchar(255) NOT NULL, diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql index 1fbcd296b19b..51a0a4517f38 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql.sql @@ -2112,6 +2112,14 @@ CREATE TABLE IF NOT EXISTS AM_KEY_MANAGER ( UNIQUE (NAME,ORGANIZATION) ); +CREATE TABLE IF NOT EXISTS AM_KEY_MANAGER_PERMISSIONS ( + KEY_MANAGER_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (KEY_MANAGER_UUID, ROLE), + FOREIGN KEY (KEY_MANAGER_UUID) REFERENCES AM_KEY_MANAGER(UUID) ON DELETE CASCADE +); + -- AM_GW_PUBLISHED_API_DETAILS & AM_GW_API_ARTIFACTS are independent tables for Artifact synchronizer feature which -- -- should not have any referential integrity constraints with other tables in AM database-- CREATE TABLE IF NOT EXISTS AM_GW_PUBLISHED_API_DETAILS ( diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql index 2ee6bba5af8a..56c2c04cf621 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/mysql_cluster.sql @@ -2195,6 +2195,14 @@ CREATE TABLE IF NOT EXISTS AM_KEY_MANAGER ( UNIQUE (NAME,ORGANIZATION) )ENGINE=NDB; +CREATE TABLE IF NOT EXISTS AM_KEY_MANAGER_PERMISSIONS ( + KEY_MANAGER_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (KEY_MANAGER_UUID, ROLE), + FOREIGN KEY (KEY_MANAGER_UUID) REFERENCES AM_KEY_MANAGER(UUID) ON DELETE CASCADE +) ENGINE=NDB; + -- BotDATA Email table -- CREATE TABLE IF NOT EXISTS AM_NOTIFICATION_SUBSCRIBER ( UUID VARCHAR(255), diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql index 856a9b5419a1..489d65de6b15 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle.sql @@ -3320,6 +3320,15 @@ CREATE TABLE AM_KEY_MANAGER ( ) / +CREATE TABLE AM_KEY_MANAGER_PERMISSIONS ( + KEY_MANAGER_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (KEY_MANAGER_UUID, ROLE), + FOREIGN KEY (KEY_MANAGER_UUID) REFERENCES AM_KEY_MANAGER(UUID) ON DELETE CASCADE +) + / + -- AM_GW_PUBLISHED_API_DETAILS & AM_GW_API_ARTIFACTS are independent tables for Artifact synchronizer feature which -- -- should not have any referential integrity constraints with other tables in AM database-- diff --git a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql index 38e5d7faa04d..56bb2e961855 100644 --- a/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql +++ b/features/apimgt/org.wso2.carbon.apimgt.core.feature/src/main/resources/sql/oracle_rac.sql @@ -3293,6 +3293,15 @@ CREATE TABLE AM_KEY_MANAGER ( ) / +CREATE TABLE AM_KEY_MANAGER_PERMISSIONS ( + KEY_MANAGER_UUID VARCHAR(50) NOT NULL, + PERMISSIONS_TYPE VARCHAR(50) NOT NULL, + ROLE VARCHAR(255), + PRIMARY KEY (KEY_MANAGER_UUID, ROLE), + FOREIGN KEY (KEY_MANAGER_UUID) REFERENCES AM_KEY_MANAGER(UUID) ON DELETE CASCADE +) + / + -- AM_GW_PUBLISHED_API_DETAILS & AM_GW_API_ARTIFACTS are independent tables for Artifact synchronizer feature which -- -- should not have any referential integrity constraints with other tables in AM database-- CREATE TABLE AM_GW_PUBLISHED_API_DETAILS ( From 561d53ffe03e311b0e2135657784e1f38bd682d0 Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Mon, 16 Oct 2023 12:35:54 +0530 Subject: [PATCH 22/34] Fix retrieving multiple permissions --- .../java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java index 1861ec67968d..90e0a38bddd3 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java @@ -9388,13 +9388,10 @@ public KeyManagerPermissionConfigurationDTO getKeyManagerPermissions(String keyM ps.setString(1, keyManagerUUID); ResultSet resultSet = ps.executeQuery(); ArrayList roles = new ArrayList<>(); - if (resultSet.next()) { + keyManagerPermissions.setPermissionType("PUBLIC"); + while (resultSet.next()) { roles.add(resultSet.getString("ROLE")); - } - if (roles.size() > 0) { keyManagerPermissions.setPermissionType(resultSet.getString("PERMISSIONS_TYPE")); - } else { - keyManagerPermissions.setPermissionType("PUBLIC"); } keyManagerPermissions.setRoles(roles); conn.commit(); From 9fa329b8bad5464855ca86932a00cba4a93028ab Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Fri, 20 Oct 2023 10:19:02 +0530 Subject: [PATCH 23/34] Add keymanager permission checks for updating oauth keys and keytype --- .../wso2/carbon/apimgt/api/APIConsumer.java | 10 +++++++++ .../carbon/apimgt/impl/APIConsumerImpl.java | 22 +++++++++++++++++++ .../carbon/apimgt/impl/dao/ApiMgtDAO.java | 3 ++- .../v1/impl/ApplicationsApiServiceImpl.java | 9 ++++++++ 4 files changed, 43 insertions(+), 1 deletion(-) diff --git a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIConsumer.java b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIConsumer.java index 43555fde07ee..cf1158282c33 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIConsumer.java +++ b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIConsumer.java @@ -817,4 +817,14 @@ Set getPaginatedSubscribedAPIsByApplication(Application applicati */ boolean isKeyManagerAllowedForUser(String keyManagerId, String username) throws APIManagementException; + /** + * This method used to check if key manager configuration by name is allowed for user + * @param keyManagerName name of the key manager + * @param organization organization of the logged in user + * @param username username of the logged in user + * @return boolean + * @throws APIManagementException if error occurred + */ + boolean isKeyManagerByNameAllowedForUser(String keyManagerName, String organization, String username) throws APIManagementException; + } diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java index 14d78ea6703a..e0a4ed38541c 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java @@ -4283,6 +4283,28 @@ public boolean isKeyManagerAllowedForUser(String keyManagerId, String username) return true; } + @Override + public boolean isKeyManagerByNameAllowedForUser(String keyManagerName, String organization, String username) + throws APIManagementException { + APIAdmin apiAdmin = new APIAdminImpl(); + KeyManagerConfigurationDTO keyManagerConfiguration = apiAdmin + .getKeyManagerConfigurationByName(organization, keyManagerName); + KeyManagerPermissionConfigurationDTO permissions = keyManagerConfiguration.getPermissions(); + String permissionType = permissions.getPermissionType(); + if (permissions != null && !permissionType.equals("PUBLIC")) { + String[] permissionRoles = permissions.getRoles() + .stream() + .toArray(String[]::new); + String[] userRoles = APIUtil.getListOfRoles(username); + boolean roleIsRestricted = hasIntersection(userRoles, permissionRoles); + if (("ALLOW".equals(permissionType) && !roleIsRestricted) + || ("DENY".equals(permissionType) && roleIsRestricted)) { + return false; + } + } + return true; + } + public static boolean hasIntersection(String[] arr1, String[] arr2) { for (String element : arr1) { for (String element2 : arr2) { diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java index 90e0a38bddd3..0bdff24135b8 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java @@ -9150,7 +9150,7 @@ public KeyManagerConfigurationDTO getKeyManagerConfigurationByName(String organi private KeyManagerConfigurationDTO getKeyManagerConfigurationByName(Connection connection, String organization, String name) - throws SQLException, IOException { + throws SQLException, IOException, APIManagementException { final String query = "SELECT * FROM AM_KEY_MANAGER WHERE NAME = ? AND ORGANIZATION = ?"; try (PreparedStatement preparedStatement = connection.prepareStatement(query)) { @@ -9174,6 +9174,7 @@ private KeyManagerConfigurationDTO getKeyManagerConfigurationByName(Connection c Map map = new Gson().fromJson(configurationContent, Map.class); keyManagerConfigurationDTO.setAdditionalProperties(map); } + keyManagerConfigurationDTO.setPermissions(getKeyManagerPermissions(uuid)); return keyManagerConfigurationDTO; } } diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/ApplicationsApiServiceImpl.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/ApplicationsApiServiceImpl.java index ea8e6d9c0083..2a8fb667b78b 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/ApplicationsApiServiceImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/ApplicationsApiServiceImpl.java @@ -1027,6 +1027,10 @@ public Response applicationsApplicationIdKeysKeyTypePut(String applicationId, St try { APIConsumer apiConsumer = APIManagerFactory.getInstance().getAPIConsumer(username); Application application = apiConsumer.getApplicationByUUID(applicationId); + if (!(apiConsumer.isKeyManagerAllowedForUser(body.getKeyManager(), username))) { + throw new APIManagementException("Key Manager is permission restricted", + ExceptionCodes.KEY_MANAGER_RESTRICTED_FOR_USER); + } if (application != null) { if (RestAPIStoreUtils.isUserOwnerOfApplication(application)) { String grantTypes = StringUtils.join(body.getSupportedGrantTypes(), ','); @@ -1283,6 +1287,11 @@ public Response applicationsApplicationIdOauthKeysKeyMappingIdPut(String applica String username = RestApiCommonUtil.getLoggedInUsername(); APIConsumer apiConsumer = APIManagerFactory.getInstance().getAPIConsumer(username); Application application = apiConsumer.getApplicationByUUID(applicationId); + if (!(apiConsumer.isKeyManagerByNameAllowedForUser(body.getKeyManager(), + MultitenantUtils.getTenantDomain(username), username))) { + throw new APIManagementException("Key Manager is permission restricted", + ExceptionCodes.KEY_MANAGER_RESTRICTED_FOR_USER); + } if (application != null) { ApplicationKeyDTO appKey = getApplicationKeyByAppIDAndKeyMapping(applicationId, keyMappingId); if (RestAPIStoreUtils.isUserOwnerOfApplication(application) && appKey != null) { From 879bd66f7626453dc54d13c1a2dc0483ae16ea0e Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Fri, 20 Oct 2023 10:25:40 +0530 Subject: [PATCH 24/34] Add keymanagerpermissions when fetched by organization --- .../src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java | 1 + 1 file changed, 1 insertion(+) diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java index 0bdff24135b8..43f7fd78fda5 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java @@ -9432,6 +9432,7 @@ public List getKeyManagerConfigurations() throws API } catch (IOException e) { log.error("Error while converting configurations in " + uuid, e); } + keyManagerConfigurationDTO.setPermissions(getKeyManagerPermissions(uuid)); keyManagerConfigurationDTOS.add(keyManagerConfigurationDTO); } } From f8d34ac89ee230101a1931b3ae21605c482db5a3 Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Fri, 20 Oct 2023 15:19:27 +0530 Subject: [PATCH 25/34] KeyManager Restriction in KeyType call --- .../rest/api/store/v1/impl/ApplicationsApiServiceImpl.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/ApplicationsApiServiceImpl.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/ApplicationsApiServiceImpl.java index 2a8fb667b78b..6771e0ecb807 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/ApplicationsApiServiceImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/ApplicationsApiServiceImpl.java @@ -1026,11 +1026,12 @@ public Response applicationsApplicationIdKeysKeyTypePut(String applicationId, St String username = RestApiCommonUtil.getLoggedInUsername(); try { APIConsumer apiConsumer = APIManagerFactory.getInstance().getAPIConsumer(username); - Application application = apiConsumer.getApplicationByUUID(applicationId); - if (!(apiConsumer.isKeyManagerAllowedForUser(body.getKeyManager(), username))) { + if (!(apiConsumer.isKeyManagerByNameAllowedForUser(body.getKeyManager(), + MultitenantUtils.getTenantDomain(username), username))) { throw new APIManagementException("Key Manager is permission restricted", ExceptionCodes.KEY_MANAGER_RESTRICTED_FOR_USER); } + Application application = apiConsumer.getApplicationByUUID(applicationId); if (application != null) { if (RestAPIStoreUtils.isUserOwnerOfApplication(application)) { String grantTypes = StringUtils.join(body.getSupportedGrantTypes(), ','); From f75015bd921e530bd2f718acaba7b165d992e54a Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Fri, 20 Oct 2023 15:48:43 +0530 Subject: [PATCH 26/34] Remove key manager restrictions in applicationsApplicationIdKeysKeyTypePut --- .../rest/api/store/v1/impl/ApplicationsApiServiceImpl.java | 5 ----- 1 file changed, 5 deletions(-) diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/ApplicationsApiServiceImpl.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/ApplicationsApiServiceImpl.java index 6771e0ecb807..8f977dd41431 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/ApplicationsApiServiceImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/ApplicationsApiServiceImpl.java @@ -1026,11 +1026,6 @@ public Response applicationsApplicationIdKeysKeyTypePut(String applicationId, St String username = RestApiCommonUtil.getLoggedInUsername(); try { APIConsumer apiConsumer = APIManagerFactory.getInstance().getAPIConsumer(username); - if (!(apiConsumer.isKeyManagerByNameAllowedForUser(body.getKeyManager(), - MultitenantUtils.getTenantDomain(username), username))) { - throw new APIManagementException("Key Manager is permission restricted", - ExceptionCodes.KEY_MANAGER_RESTRICTED_FOR_USER); - } Application application = apiConsumer.getApplicationByUUID(applicationId); if (application != null) { if (RestAPIStoreUtils.isUserOwnerOfApplication(application)) { From dfa2ad9120e0a0a1e5dbd56453330263e9118638 Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Fri, 20 Oct 2023 15:50:01 +0530 Subject: [PATCH 27/34] Remove unused imports --- .../rest/api/store/v1/impl/ApplicationsApiServiceImpl.java | 2 -- 1 file changed, 2 deletions(-) diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/ApplicationsApiServiceImpl.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/ApplicationsApiServiceImpl.java index 8f977dd41431..3cd31baf7ab3 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/ApplicationsApiServiceImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.store.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/store/v1/impl/ApplicationsApiServiceImpl.java @@ -37,7 +37,6 @@ import org.wso2.carbon.apimgt.api.APIConsumer; import org.wso2.carbon.apimgt.api.APIManagementException; import org.wso2.carbon.apimgt.api.EmptyCallbackURLForCodeGrantsException; -import org.wso2.carbon.apimgt.api.ErrorItem; import org.wso2.carbon.apimgt.api.ExceptionCodes; import org.wso2.carbon.apimgt.api.model.APIIdentifier; import org.wso2.carbon.apimgt.api.model.APIKey; @@ -99,7 +98,6 @@ import java.util.List; import java.util.Map; import java.util.Set; -import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; public class ApplicationsApiServiceImpl implements ApplicationsApiService { From cfc856942d5dcfb5dcdcc9eb904b5de6a6cdb495 Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Tue, 19 Dec 2023 14:38:23 +0530 Subject: [PATCH 28/34] Optimise has Intersection method --- .../dto/KeyManagerPermissionConfigurationDTO.java | 2 +- .../wso2/carbon/apimgt/impl/APIConsumerImpl.java | 14 ++++++++++---- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerPermissionConfigurationDTO.java b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerPermissionConfigurationDTO.java index 81d62a154888..0bfbf6ef716d 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerPermissionConfigurationDTO.java +++ b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerPermissionConfigurationDTO.java @@ -36,7 +36,7 @@ public List getRoles() { public void setRoles(List roles) { if (roles == null) { - roles = new ArrayList(); + return; } this.roles = roles; } diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java index 1d3f692846e8..a149bc2ff15f 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java @@ -4240,6 +4240,7 @@ private void checkSubscriptionAllowed(ApiTypeWrapper apiTypeWrapper) /** * This method is used to retrieve key manager configurations for tenant * @param organization organization of the key manager + * @param username username of the logged-in user * @return KeyManagerConfigurationDTO list * @throws APIManagementException if error occurred */ @@ -4311,13 +4312,18 @@ public boolean isKeyManagerByNameAllowedForUser(String keyManagerName, String or } public static boolean hasIntersection(String[] arr1, String[] arr2) { + Set set = new HashSet<>(); + for (String element : arr1) { - for (String element2 : arr2) { - if (element.equals(element2)) { - return true; - } + set.add(element); + } + + for (String element : arr2) { + if (set.contains(element)) { + return true; } } + return false; } } From f3c1bd0509cf7ce03759bdb6c142ada52acb33c2 Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Tue, 19 Dec 2023 14:44:24 +0530 Subject: [PATCH 29/34] Adds a constant for Public permission --- .../java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java index 963c7d20dab7..c1c616576398 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java @@ -172,6 +172,7 @@ public class ApiMgtDAO { private final Object scopeMutex = new Object(); private boolean forceCaseInsensitiveComparisons = false; private boolean multiGroupAppSharingEnabled = false; + private String KeyManagerAccessPublic = "PUBLIC"; String migrationEnabled = System.getProperty(APIConstants.MIGRATE); private ApiMgtDAO() { @@ -9293,7 +9294,7 @@ public void addKeyManagerConfiguration(KeyManagerConfigurationDTO keyManagerConf preparedStatement.setString(10, keyManagerConfigurationDTO.getExternalReferenceId()); preparedStatement.executeUpdate(); KeyManagerPermissionConfigurationDTO permissionDTO = keyManagerConfigurationDTO.getPermissions(); - if (permissionDTO != null && permissionDTO.getPermissionType() != "PUBLIC") { + if (permissionDTO != null && permissionDTO.getPermissionType() != KeyManagerAccessPublic) { try (PreparedStatement addPermissionStatement = conn .prepareStatement(SQLConstants.KeyManagerPermissionsSqlConstants.ADD_KEY_MANAGER_PERMISSION_SQL)) { for (String role : keyManagerConfigurationDTO.getPermissions().getRoles()) { @@ -9373,7 +9374,7 @@ public void updateKeyManagerConfiguration(KeyManagerConfigurationDTO keyManagerC deletePermissionsStatement.executeUpdate(); } KeyManagerPermissionConfigurationDTO permissionDTO = keyManagerConfigurationDTO.getPermissions(); - if (permissionDTO != null && permissionDTO.getPermissionType() != "PUBLIC") { + if (permissionDTO != null && permissionDTO.getPermissionType() != KeyManagerAccessPublic) { try (PreparedStatement addPermissionStatement = conn.prepareStatement(SQLConstants .KeyManagerPermissionsSqlConstants.ADD_KEY_MANAGER_PERMISSION_SQL)) { for (String role : permissionDTO.getRoles()) { @@ -9438,7 +9439,7 @@ public KeyManagerPermissionConfigurationDTO getKeyManagerPermissions(String keyM ps.setString(1, keyManagerUUID); ResultSet resultSet = ps.executeQuery(); ArrayList roles = new ArrayList<>(); - keyManagerPermissions.setPermissionType("PUBLIC"); + keyManagerPermissions.setPermissionType(KeyManagerAccessPublic); while (resultSet.next()) { roles.add(resultSet.getString("ROLE")); keyManagerPermissions.setPermissionType(resultSet.getString("PERMISSIONS_TYPE")); From b1f1bcef30dd134cd6c4c26aa35347fab855e066 Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Tue, 19 Dec 2023 14:47:56 +0530 Subject: [PATCH 30/34] Fixes an indentation --- .../apimgt/rest/api/admin/v1/dto/KeyManagerPermissionsDTO.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/KeyManagerPermissionsDTO.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/KeyManagerPermissionsDTO.java index 3dfccaf16102..c6a4adc3bbd6 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/KeyManagerPermissionsDTO.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/gen/java/org/wso2/carbon/apimgt/rest/api/admin/v1/dto/KeyManagerPermissionsDTO.java @@ -51,7 +51,7 @@ public static PermissionTypeEnum fromValue(String v) { return b; } } -return null; + return null; } } private PermissionTypeEnum permissionType = PermissionTypeEnum.PUBLIC; From cbd1b21887c0e7fdaa052228e946a40ee82f4a15 Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Fri, 22 Dec 2023 14:20:26 +0530 Subject: [PATCH 31/34] Adds comments in APIConsumerImpl --- .../wso2/carbon/apimgt/impl/APIConsumerImpl.java | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java index a149bc2ff15f..76e198160a71 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java @@ -4266,7 +4266,7 @@ public List getKeyManagerConfigurationsByOrganizatio * This method is used to check if key manager configuration is allowed for user * @param keyManagerId uuid of the key manager * @param username username of the logged in user - * @return boolean + * @return boolean returns if the key manager is allowed for the logged in user * @throws APIManagementException if error occurred */ @Override @@ -4289,6 +4289,15 @@ public boolean isKeyManagerAllowedForUser(String keyManagerId, String username) return true; } + + /** + * This method is used to check if key manager configuration is allowed for user + * @param keyManagerName name of the key manager + * @param organization organization of the logged in user + * @param username username of the logged in user + * @return boolean returns if the key manager is allowed for the logged in user + * @throws APIManagementException if error occurred + */ @Override public boolean isKeyManagerByNameAllowedForUser(String keyManagerName, String organization, String username) throws APIManagementException { @@ -4297,12 +4306,15 @@ public boolean isKeyManagerByNameAllowedForUser(String keyManagerName, String or .getKeyManagerConfigurationByName(organization, keyManagerName); KeyManagerPermissionConfigurationDTO permissions = keyManagerConfiguration.getPermissions(); String permissionType = permissions.getPermissionType(); + //Checks if the keymanager is permission restricted and if the user is in the restricted list if (permissions != null && !permissionType.equals("PUBLIC")) { String[] permissionRoles = permissions.getRoles() .stream() .toArray(String[]::new); String[] userRoles = APIUtil.getListOfRoles(username); + //list of common roles the user has and the restricted list boolean roleIsRestricted = hasIntersection(userRoles, permissionRoles); + //Checks if the user is allowed to access the key manager if (("ALLOW".equals(permissionType) && !roleIsRestricted) || ("DENY".equals(permissionType) && roleIsRestricted)) { return false; From 094e53270f25762671efb82901d371e8a56b8ff0 Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Fri, 5 Jan 2024 16:19:49 +0530 Subject: [PATCH 32/34] Adds license header and formatting --- .../wso2/carbon/apimgt/api/APIConsumer.java | 6 ++++-- .../KeyManagerPermissionConfigurationDTO.java | 18 ++++++++++++++++++ 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIConsumer.java b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIConsumer.java index cf1158282c33..b6fcef707870 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIConsumer.java +++ b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIConsumer.java @@ -806,7 +806,8 @@ Set getPaginatedSubscribedAPIsByApplication(Application applicati * @return KeyManagerConfigurationDTO list * @throws APIManagementException if error occurred */ - List getKeyManagerConfigurationsByOrganization(String organization, String username) throws APIManagementException; + List getKeyManagerConfigurationsByOrganization(String organization, String username) + throws APIManagementException; /** * This method used to check if key manager configuration is allowed for user @@ -825,6 +826,7 @@ Set getPaginatedSubscribedAPIsByApplication(Application applicati * @return boolean * @throws APIManagementException if error occurred */ - boolean isKeyManagerByNameAllowedForUser(String keyManagerName, String organization, String username) throws APIManagementException; + boolean isKeyManagerByNameAllowedForUser(String keyManagerName, String organization, String username) + throws APIManagementException; } diff --git a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerPermissionConfigurationDTO.java b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerPermissionConfigurationDTO.java index 0bfbf6ef716d..f927a93f4e85 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerPermissionConfigurationDTO.java +++ b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerPermissionConfigurationDTO.java @@ -1,3 +1,21 @@ +/* + * Copyright (c) 2024, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + package org.wso2.carbon.apimgt.api.dto; From 1d58204afd0d2b23f33e003063649b697cf2e32a Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Mon, 8 Jan 2024 10:35:32 +0530 Subject: [PATCH 33/34] Formatting Issues --- .../org/wso2/carbon/apimgt/impl/APIAdminImpl.java | 2 +- .../wso2/carbon/apimgt/impl/APIConsumerImpl.java | 15 +++++++++------ .../wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java | 9 ++++++--- .../admin/v1/impl/KeyManagersApiServiceImpl.java | 5 +++-- .../v1/utils/mappings/KeyManagerMappingUtil.java | 2 +- 5 files changed, 20 insertions(+), 13 deletions(-) diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIAdminImpl.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIAdminImpl.java index ac0adcb5ac7b..1242cbd4f2ff 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIAdminImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIAdminImpl.java @@ -753,7 +753,7 @@ public KeyManagerPermissionConfigurationDTO getKeyManagerPermissions(String id) try { keyManagerPermissionConfigurationDTO = apiMgtDAO.getKeyManagerPermissions(id); } catch (APIManagementException e) { - throw new APIManagementException("Key Manager Permissions retrieval failed for Key Manager id " + id); + throw new APIManagementException("Key Manager Permissions retrieval failed for Key Manager id " + id, e); } return keyManagerPermissionConfigurationDTO; } diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java index 76e198160a71..cafc8d0a091f 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConsumerImpl.java @@ -190,6 +190,9 @@ public class APIConsumerImpl extends AbstractAPIManager implements APIConsumer { public static final String API_NAME = "apiName"; public static final String API_VERSION = "apiVersion"; public static final String API_PROVIDER = "apiProvider"; + private static final String PERMISSION_ALLOW = "ALLOW"; + private static final String PERMISSION_DENY = "DENY"; + private static final String PERMISSION_NOT_RESTRICTED = "PUBLIC"; private static final String PRESERVED_CASE_SENSITIVE_VARIABLE = "preservedCaseSensitive"; private static final String GET_SUB_WORKFLOW_REF_FAILED = "Failed to get external workflow reference for subscription "; @@ -4275,14 +4278,14 @@ public boolean isKeyManagerAllowedForUser(String keyManagerId, String username) APIAdmin apiAdmin = new APIAdminImpl(); KeyManagerPermissionConfigurationDTO permissions = apiAdmin.getKeyManagerPermissions(keyManagerId); String permissionType = permissions.getPermissionType(); - if (permissions != null && !permissionType.equals("PUBLIC")) { + if (permissions != null && !permissionType.equals(PERMISSION_NOT_RESTRICTED)) { String[] permissionRoles = permissions.getRoles() .stream() .toArray(String[]::new); String[] userRoles = APIUtil.getListOfRoles(username); boolean roleIsRestricted = hasIntersection(userRoles, permissionRoles); - if (("ALLOW".equals(permissionType) && !roleIsRestricted) - || ("DENY".equals(permissionType) && roleIsRestricted)) { + if ((PERMISSION_ALLOW.equals(permissionType) && !roleIsRestricted) + || (PERMISSION_DENY.equals(permissionType) && roleIsRestricted)) { return false; } } @@ -4307,7 +4310,7 @@ public boolean isKeyManagerByNameAllowedForUser(String keyManagerName, String or KeyManagerPermissionConfigurationDTO permissions = keyManagerConfiguration.getPermissions(); String permissionType = permissions.getPermissionType(); //Checks if the keymanager is permission restricted and if the user is in the restricted list - if (permissions != null && !permissionType.equals("PUBLIC")) { + if (permissions != null && !permissionType.equals(PERMISSION_NOT_RESTRICTED)) { String[] permissionRoles = permissions.getRoles() .stream() .toArray(String[]::new); @@ -4315,8 +4318,8 @@ public boolean isKeyManagerByNameAllowedForUser(String keyManagerName, String or //list of common roles the user has and the restricted list boolean roleIsRestricted = hasIntersection(userRoles, permissionRoles); //Checks if the user is allowed to access the key manager - if (("ALLOW".equals(permissionType) && !roleIsRestricted) - || ("DENY".equals(permissionType) && roleIsRestricted)) { + if ((PERMISSION_ALLOW.equals(permissionType) && !roleIsRestricted) + || (PERMISSION_DENY.equals(permissionType) && roleIsRestricted)) { return false; } } diff --git a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java index c1c616576398..049aea67870f 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java +++ b/components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java @@ -9296,7 +9296,8 @@ public void addKeyManagerConfiguration(KeyManagerConfigurationDTO keyManagerConf KeyManagerPermissionConfigurationDTO permissionDTO = keyManagerConfigurationDTO.getPermissions(); if (permissionDTO != null && permissionDTO.getPermissionType() != KeyManagerAccessPublic) { try (PreparedStatement addPermissionStatement = conn - .prepareStatement(SQLConstants.KeyManagerPermissionsSqlConstants.ADD_KEY_MANAGER_PERMISSION_SQL)) { + .prepareStatement(SQLConstants.KeyManagerPermissionsSqlConstants + .ADD_KEY_MANAGER_PERMISSION_SQL)) { for (String role : keyManagerConfigurationDTO.getPermissions().getRoles()) { addPermissionStatement.setString(1, keyManagerConfigurationDTO.getUuid()); addPermissionStatement.setString(2, permissionDTO.getPermissionType()); @@ -9425,7 +9426,8 @@ public void deleteKeyManagerConfigurationById(String id, String organization) th } - public KeyManagerPermissionConfigurationDTO getKeyManagerPermissions(String keyManagerUUID) throws APIManagementException { + public KeyManagerPermissionConfigurationDTO getKeyManagerPermissions(String keyManagerUUID) + throws APIManagementException { KeyManagerPermissionConfigurationDTO keyManagerPermissions = new KeyManagerPermissionConfigurationDTO(); @@ -9433,7 +9435,8 @@ public KeyManagerPermissionConfigurationDTO getKeyManagerPermissions(String keyM conn.setAutoCommit(false); keyManagerPermissions = new KeyManagerPermissionConfigurationDTO(); try { - String getKeyManagerPermissionQuery = SQLConstants.KeyManagerPermissionsSqlConstants.GET_KEY_MANAGER_PERMISSIONS_SQL; + String getKeyManagerPermissionQuery = SQLConstants + .KeyManagerPermissionsSqlConstants.GET_KEY_MANAGER_PERMISSIONS_SQL; conn.setAutoCommit(false); PreparedStatement ps = conn.prepareStatement(getKeyManagerPermissionQuery); ps.setString(1, keyManagerUUID); diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/KeyManagersApiServiceImpl.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/KeyManagersApiServiceImpl.java index d680a656824e..6aa7b984708c 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/KeyManagersApiServiceImpl.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/impl/KeyManagersApiServiceImpl.java @@ -176,8 +176,9 @@ public Response keyManagersPost(KeyManagerDTO body, MessageContext messageContex } } - public void validatePermissions (KeyManagerPermissionConfigurationDTO permissionDTO) - throws IllegalArgumentException, APIManagementException{ + public void validatePermissions(KeyManagerPermissionConfigurationDTO permissionDTO) + throws IllegalArgumentException, APIManagementException { + if (permissionDTO != null && permissionDTO.getRoles() != null) { String username = RestApiCommonUtil.getLoggedInUsername(); String[] allowedPermissionTypes = {"PUBLIC", "ALLOW", "DENY"}; diff --git a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/KeyManagerMappingUtil.java b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/KeyManagerMappingUtil.java index c4ab71b5cadb..ac8aaf81badc 100755 --- a/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/KeyManagerMappingUtil.java +++ b/components/apimgt/org.wso2.carbon.apimgt.rest.api.admin.v1/src/main/java/org/wso2/carbon/apimgt/rest/api/admin/v1/utils/mappings/KeyManagerMappingUtil.java @@ -221,7 +221,7 @@ public static KeyManagerConfigurationDTO toKeyManagerConfigurationDTO(String ten keyManagerConfigurationDTO.setTokenType(keyManagerDTO.getTokenType().toString()); keyManagerConfigurationDTO.setAlias(keyManagerDTO.getAlias()); KeyManagerPermissionsDTO permissions = keyManagerDTO.getPermissions(); - if(permissions != null && permissions.getPermissionType() != null) { + if (permissions != null && permissions.getPermissionType() != null) { KeyManagerPermissionConfigurationDTO permissionsConfiguration = new KeyManagerPermissionConfigurationDTO(); permissionsConfiguration.setPermissionType(permissions.getPermissionType().toString()); permissionsConfiguration.setRoles(permissions.getRoles()); From 91ce624c03154e32b40bdf124081c33f597ef16a Mon Sep 17 00:00:00 2001 From: Kannan Kirishikesan Date: Mon, 8 Jan 2024 11:08:53 +0530 Subject: [PATCH 34/34] Changes License header --- .../apimgt/api/dto/KeyManagerPermissionConfigurationDTO.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerPermissionConfigurationDTO.java b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerPermissionConfigurationDTO.java index f927a93f4e85..59a9a13ea7bc 100644 --- a/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerPermissionConfigurationDTO.java +++ b/components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/dto/KeyManagerPermissionConfigurationDTO.java @@ -1,7 +1,7 @@ /* - * Copyright (c) 2024, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.org) All Rights Reserved. * - * WSO2 Inc. licenses this file to you under the Apache License, + * WSO2 LLC. licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except * in compliance with the License. * You may obtain a copy of the License at