use of org.wso2.carbon.apimgt.api.model.EndpointSecurity in project carbon-apimgt by wso2.
the class APIProviderImpl method updateEndpointSecurity.
private void updateEndpointSecurity(API oldApi, API api) throws APIManagementException {
try {
if (api.isEndpointSecured() && StringUtils.isBlank(api.getEndpointUTPassword()) && !StringUtils.isBlank(oldApi.getEndpointUTPassword())) {
if (log.isDebugEnabled()) {
log.debug("Given endpoint security password is empty");
}
api.setEndpointUTUsername(oldApi.getEndpointUTUsername());
api.setEndpointUTPassword(oldApi.getEndpointUTPassword());
if (log.isDebugEnabled()) {
log.debug("Using the previous username and password for endpoint security");
}
} else {
String endpointConfig = api.getEndpointConfig();
String oldEndpointConfig = oldApi.getEndpointConfig();
if (StringUtils.isNotEmpty(endpointConfig) && StringUtils.isNotEmpty(oldEndpointConfig)) {
JSONObject endpointConfigJson = (JSONObject) new JSONParser().parse(endpointConfig);
JSONObject oldEndpointConfigJson = (JSONObject) new JSONParser().parse(oldEndpointConfig);
if ((endpointConfigJson.get(APIConstants.ENDPOINT_SECURITY) != null) && (oldEndpointConfigJson.get(APIConstants.ENDPOINT_SECURITY) != null)) {
JSONObject endpointSecurityJson = (JSONObject) endpointConfigJson.get(APIConstants.ENDPOINT_SECURITY);
JSONObject oldEndpointSecurityJson = (JSONObject) oldEndpointConfigJson.get(APIConstants.ENDPOINT_SECURITY);
if (endpointSecurityJson.get(APIConstants.ENDPOINT_SECURITY_PRODUCTION) != null) {
if (oldEndpointSecurityJson.get(APIConstants.ENDPOINT_SECURITY_PRODUCTION) != null) {
EndpointSecurity endpointSecurity = new ObjectMapper().convertValue(endpointSecurityJson.get(APIConstants.ENDPOINT_SECURITY_PRODUCTION), EndpointSecurity.class);
EndpointSecurity oldEndpointSecurity = new ObjectMapper().convertValue(oldEndpointSecurityJson.get(APIConstants.ENDPOINT_SECURITY_PRODUCTION), EndpointSecurity.class);
if (endpointSecurity.isEnabled() && oldEndpointSecurity.isEnabled() && StringUtils.isBlank(endpointSecurity.getPassword())) {
endpointSecurity.setUsername(oldEndpointSecurity.getUsername());
endpointSecurity.setPassword(oldEndpointSecurity.getPassword());
if (endpointSecurity.getType().equals(APIConstants.ENDPOINT_SECURITY_TYPE_OAUTH)) {
endpointSecurity.setUniqueIdentifier(oldEndpointSecurity.getUniqueIdentifier());
endpointSecurity.setGrantType(oldEndpointSecurity.getGrantType());
endpointSecurity.setTokenUrl(oldEndpointSecurity.getTokenUrl());
endpointSecurity.setClientId(oldEndpointSecurity.getClientId());
endpointSecurity.setClientSecret(oldEndpointSecurity.getClientSecret());
endpointSecurity.setCustomParameters(oldEndpointSecurity.getCustomParameters());
}
}
endpointSecurityJson.replace(APIConstants.ENDPOINT_SECURITY_PRODUCTION, new JSONParser().parse(new ObjectMapper().writeValueAsString(endpointSecurity)));
}
}
if (endpointSecurityJson.get(APIConstants.ENDPOINT_SECURITY_SANDBOX) != null) {
if (oldEndpointSecurityJson.get(APIConstants.ENDPOINT_SECURITY_SANDBOX) != null) {
EndpointSecurity endpointSecurity = new ObjectMapper().convertValue(endpointSecurityJson.get(APIConstants.ENDPOINT_SECURITY_SANDBOX), EndpointSecurity.class);
EndpointSecurity oldEndpointSecurity = new ObjectMapper().convertValue(oldEndpointSecurityJson.get(APIConstants.ENDPOINT_SECURITY_SANDBOX), EndpointSecurity.class);
if (endpointSecurity.isEnabled() && oldEndpointSecurity.isEnabled() && StringUtils.isBlank(endpointSecurity.getPassword())) {
endpointSecurity.setUsername(oldEndpointSecurity.getUsername());
endpointSecurity.setPassword(oldEndpointSecurity.getPassword());
if (endpointSecurity.getType().equals(APIConstants.ENDPOINT_SECURITY_TYPE_OAUTH)) {
endpointSecurity.setUniqueIdentifier(oldEndpointSecurity.getUniqueIdentifier());
endpointSecurity.setGrantType(oldEndpointSecurity.getGrantType());
endpointSecurity.setTokenUrl(oldEndpointSecurity.getTokenUrl());
endpointSecurity.setClientId(oldEndpointSecurity.getClientId());
endpointSecurity.setClientSecret(oldEndpointSecurity.getClientSecret());
endpointSecurity.setCustomParameters(oldEndpointSecurity.getCustomParameters());
}
}
endpointSecurityJson.replace(APIConstants.ENDPOINT_SECURITY_SANDBOX, new JSONParser().parse(new ObjectMapper().writeValueAsString(endpointSecurity)));
}
endpointConfigJson.replace(APIConstants.ENDPOINT_SECURITY, endpointSecurityJson);
}
}
api.setEndpointConfig(endpointConfigJson.toJSONString());
}
}
} catch (ParseException | JsonProcessingException e) {
throw new APIManagementException("Error while processing endpoint security for API " + api.getId().toString(), e);
}
}
use of org.wso2.carbon.apimgt.api.model.EndpointSecurity in project carbon-apimgt by wso2.
the class APIUtil method setEndpointSecurityForAPIProduct.
public static Map<String, EndpointSecurity> setEndpointSecurityForAPIProduct(API api) throws APIManagementException {
Map<String, EndpointSecurity> endpointSecurityMap = new HashMap<>();
try {
endpointSecurityMap.put(APIConstants.ENDPOINT_SECURITY_PRODUCTION, new EndpointSecurity());
endpointSecurityMap.put(APIConstants.ENDPOINT_SECURITY_SANDBOX, new EndpointSecurity());
if (api.isEndpointSecured() && !api.isAdvertiseOnly()) {
EndpointSecurity productionEndpointSecurity = new EndpointSecurity();
productionEndpointSecurity.setEnabled(true);
productionEndpointSecurity.setUsername(api.getEndpointUTUsername());
productionEndpointSecurity.setPassword(api.getEndpointUTPassword());
if (api.isEndpointAuthDigest()) {
productionEndpointSecurity.setType(APIConstants.ENDPOINT_SECURITY_TYPE_DIGEST.toUpperCase());
} else {
productionEndpointSecurity.setType(APIConstants.ENDPOINT_SECURITY_TYPE_BASIC.toUpperCase());
}
endpointSecurityMap.replace(APIConstants.ENDPOINT_SECURITY_PRODUCTION, productionEndpointSecurity);
endpointSecurityMap.replace(APIConstants.ENDPOINT_SECURITY_SANDBOX, productionEndpointSecurity);
} else if (!api.isAdvertiseOnly()) {
String endpointConfig = api.getEndpointConfig();
if (endpointConfig != null) {
JSONObject endpointConfigJson = (JSONObject) new JSONParser().parse(endpointConfig);
if (endpointConfigJson.get(APIConstants.ENDPOINT_SECURITY) != null) {
JSONObject endpointSecurity = (JSONObject) endpointConfigJson.get(APIConstants.ENDPOINT_SECURITY);
if (endpointSecurity.get(APIConstants.ENDPOINT_SECURITY_PRODUCTION) != null) {
JSONObject productionEndpointSecurity = (JSONObject) endpointSecurity.get(APIConstants.ENDPOINT_SECURITY_PRODUCTION);
endpointSecurityMap.replace(APIConstants.ENDPOINT_SECURITY_PRODUCTION, new ObjectMapper().convertValue(productionEndpointSecurity, EndpointSecurity.class));
}
if (endpointSecurity.get(APIConstants.ENDPOINT_SECURITY_SANDBOX) != null) {
JSONObject sandboxEndpointSecurity = (JSONObject) endpointSecurity.get(APIConstants.ENDPOINT_SECURITY_SANDBOX);
endpointSecurityMap.replace(APIConstants.ENDPOINT_SECURITY_SANDBOX, new ObjectMapper().convertValue(sandboxEndpointSecurity, EndpointSecurity.class));
}
}
}
}
return endpointSecurityMap;
} catch (ParseException e) {
throw new APIManagementException("Error while parsing Endpoint Config json", e);
}
}
use of org.wso2.carbon.apimgt.api.model.EndpointSecurity in project carbon-apimgt by wso2.
the class TemplateBuilderUtil method addCredentialsToList.
private static void addCredentialsToList(String prefix, API api, GatewayAPIDTO gatewayAPIDTO, org.json.JSONObject endpointSecurity, String type) {
if (APIConstants.ENDPOINT_SECURITY_TYPE_OAUTH.equalsIgnoreCase((String) endpointSecurity.get(APIConstants.ENDPOINT_SECURITY_TYPE))) {
CredentialDto clientSecretDto = new CredentialDto();
if (StringUtils.isNotEmpty(prefix)) {
clientSecretDto.setAlias(prefix.concat("--").concat(GatewayUtils.retrieveOauthClientSecretAlias(api.getId().getApiName(), api.getId().getVersion(), type)));
} else {
clientSecretDto.setAlias(GatewayUtils.retrieveOauthClientSecretAlias(api.getId().getApiName(), api.getId().getVersion(), type));
}
clientSecretDto.setPassword((String) endpointSecurity.get(APIConstants.ENDPOINT_SECURITY_CLIENT_SECRET));
gatewayAPIDTO.setCredentialsToBeAdd(addCredentialsToList(clientSecretDto, gatewayAPIDTO.getCredentialsToBeAdd()));
if (endpointSecurity.has(APIConstants.ENDPOINT_SECURITY_PASSWORD)) {
CredentialDto passwordDto = new CredentialDto();
if (StringUtils.isNotEmpty(prefix)) {
passwordDto.setAlias(prefix.concat("--").concat(GatewayUtils.retrieveOAuthPasswordAlias(api.getId().getApiName(), api.getId().getVersion(), type)));
} else {
passwordDto.setAlias(GatewayUtils.retrieveOAuthPasswordAlias(api.getId().getApiName(), api.getId().getVersion(), type));
}
passwordDto.setPassword((String) endpointSecurity.get(APIConstants.ENDPOINT_SECURITY_PASSWORD));
gatewayAPIDTO.setCredentialsToBeAdd(addCredentialsToList(passwordDto, gatewayAPIDTO.getCredentialsToBeAdd()));
}
} else if (APIConstants.ENDPOINT_SECURITY_TYPE_BASIC.equalsIgnoreCase((String) endpointSecurity.get(APIConstants.ENDPOINT_SECURITY_TYPE))) {
CredentialDto credentialDto = new CredentialDto();
if (StringUtils.isNotEmpty(prefix)) {
credentialDto.setAlias(prefix.concat("--").concat(GatewayUtils.retrieveBasicAuthAlias(api.getId().getApiName(), api.getId().getVersion(), type)));
} else {
credentialDto.setAlias(GatewayUtils.retrieveBasicAuthAlias(api.getId().getApiName(), api.getId().getVersion(), type));
}
credentialDto.setPassword((String) endpointSecurity.get(APIConstants.ENDPOINT_SECURITY_PASSWORD));
gatewayAPIDTO.setCredentialsToBeAdd(addCredentialsToList(credentialDto, gatewayAPIDTO.getCredentialsToBeAdd()));
}
}
use of org.wso2.carbon.apimgt.api.model.EndpointSecurity in project carbon-apimgt by wso2.
the class PublisherCommonUtils method encryptEndpointSecurityOAuthCredentials.
/**
* This method will encrypt the OAuth 2.0 API Key and API Secret
*
* @param endpointConfig endpoint configuration of API
* @param cryptoUtil cryptography util
* @param oldProductionApiSecret existing production API secret
* @param oldSandboxApiSecret existing sandbox API secret
* @param apidto API DTO
* @throws CryptoException if an error occurs while encrypting and base64 encode
* @throws APIManagementException if an error occurs due to a problem in the endpointConfig payload
*/
public static void encryptEndpointSecurityOAuthCredentials(Map endpointConfig, CryptoUtil cryptoUtil, String oldProductionApiSecret, String oldSandboxApiSecret, APIDTO apidto) throws CryptoException, APIManagementException {
// OAuth 2.0 backend protection: API Key and API Secret encryption
String customParametersString;
if (endpointConfig != null) {
if ((endpointConfig.get(APIConstants.ENDPOINT_SECURITY) != null)) {
Map endpointSecurity = (Map) endpointConfig.get(APIConstants.ENDPOINT_SECURITY);
if (endpointSecurity.get(APIConstants.OAuthConstants.ENDPOINT_SECURITY_PRODUCTION) != null) {
Map endpointSecurityProduction = (Map) endpointSecurity.get(APIConstants.OAuthConstants.ENDPOINT_SECURITY_PRODUCTION);
String productionEndpointType = (String) endpointSecurityProduction.get(APIConstants.OAuthConstants.ENDPOINT_SECURITY_TYPE);
// Change default value of customParameters JSONObject to String
if (!(endpointSecurityProduction.get(APIConstants.OAuthConstants.OAUTH_CUSTOM_PARAMETERS) instanceof String)) {
LinkedHashMap<String, String> customParametersHashMap = (LinkedHashMap<String, String>) endpointSecurityProduction.get(APIConstants.OAuthConstants.OAUTH_CUSTOM_PARAMETERS);
customParametersString = JSONObject.toJSONString(customParametersHashMap);
} else if (endpointSecurityProduction.get(APIConstants.OAuthConstants.OAUTH_CUSTOM_PARAMETERS) != null) {
customParametersString = (String) endpointSecurityProduction.get(APIConstants.OAuthConstants.OAUTH_CUSTOM_PARAMETERS);
} else {
customParametersString = "{}";
}
endpointSecurityProduction.put(APIConstants.OAuthConstants.OAUTH_CUSTOM_PARAMETERS, customParametersString);
if (APIConstants.OAuthConstants.OAUTH.equals(productionEndpointType)) {
if (endpointSecurityProduction.get(APIConstants.OAuthConstants.OAUTH_CLIENT_SECRET) != null && StringUtils.isNotBlank(endpointSecurityProduction.get(APIConstants.OAuthConstants.OAUTH_CLIENT_SECRET).toString())) {
String apiSecret = endpointSecurityProduction.get(APIConstants.OAuthConstants.OAUTH_CLIENT_SECRET).toString();
String encryptedApiSecret = cryptoUtil.encryptAndBase64Encode(apiSecret.getBytes());
endpointSecurityProduction.put(APIConstants.OAuthConstants.OAUTH_CLIENT_SECRET, encryptedApiSecret);
} else if (StringUtils.isNotBlank(oldProductionApiSecret)) {
endpointSecurityProduction.put(APIConstants.OAuthConstants.OAUTH_CLIENT_SECRET, oldProductionApiSecret);
} else {
String errorMessage = "Client secret is not provided for production endpoint security";
throw new APIManagementException(ExceptionCodes.from(ExceptionCodes.INVALID_ENDPOINT_CREDENTIALS, errorMessage));
}
}
endpointSecurity.put(APIConstants.OAuthConstants.ENDPOINT_SECURITY_PRODUCTION, endpointSecurityProduction);
endpointConfig.put(APIConstants.ENDPOINT_SECURITY, endpointSecurity);
apidto.setEndpointConfig(endpointConfig);
}
if (endpointSecurity.get(APIConstants.OAuthConstants.ENDPOINT_SECURITY_SANDBOX) != null) {
Map endpointSecuritySandbox = (Map) endpointSecurity.get(APIConstants.OAuthConstants.ENDPOINT_SECURITY_SANDBOX);
String sandboxEndpointType = (String) endpointSecuritySandbox.get(APIConstants.OAuthConstants.ENDPOINT_SECURITY_TYPE);
// Change default value of customParameters JSONObject to String
if (!(endpointSecuritySandbox.get(APIConstants.OAuthConstants.OAUTH_CUSTOM_PARAMETERS) instanceof String)) {
Map<String, String> customParametersHashMap = (Map<String, String>) endpointSecuritySandbox.get(APIConstants.OAuthConstants.OAUTH_CUSTOM_PARAMETERS);
customParametersString = JSONObject.toJSONString(customParametersHashMap);
} else if (endpointSecuritySandbox.get(APIConstants.OAuthConstants.OAUTH_CUSTOM_PARAMETERS) != null) {
customParametersString = (String) endpointSecuritySandbox.get(APIConstants.OAuthConstants.OAUTH_CUSTOM_PARAMETERS);
} else {
customParametersString = "{}";
}
endpointSecuritySandbox.put(APIConstants.OAuthConstants.OAUTH_CUSTOM_PARAMETERS, customParametersString);
if (APIConstants.OAuthConstants.OAUTH.equals(sandboxEndpointType)) {
if (endpointSecuritySandbox.get(APIConstants.OAuthConstants.OAUTH_CLIENT_SECRET) != null && StringUtils.isNotBlank(endpointSecuritySandbox.get(APIConstants.OAuthConstants.OAUTH_CLIENT_SECRET).toString())) {
String apiSecret = endpointSecuritySandbox.get(APIConstants.OAuthConstants.OAUTH_CLIENT_SECRET).toString();
String encryptedApiSecret = cryptoUtil.encryptAndBase64Encode(apiSecret.getBytes());
endpointSecuritySandbox.put(APIConstants.OAuthConstants.OAUTH_CLIENT_SECRET, encryptedApiSecret);
} else if (StringUtils.isNotBlank(oldSandboxApiSecret)) {
endpointSecuritySandbox.put(APIConstants.OAuthConstants.OAUTH_CLIENT_SECRET, oldSandboxApiSecret);
} else {
String errorMessage = "Client secret is not provided for sandbox endpoint security";
throw new APIManagementException(ExceptionCodes.from(ExceptionCodes.INVALID_ENDPOINT_CREDENTIALS, errorMessage));
}
}
endpointSecurity.put(APIConstants.OAuthConstants.ENDPOINT_SECURITY_SANDBOX, endpointSecuritySandbox);
endpointConfig.put(APIConstants.ENDPOINT_SECURITY, endpointSecurity);
apidto.setEndpointConfig(endpointConfig);
}
}
}
}
use of org.wso2.carbon.apimgt.api.model.EndpointSecurity in project carbon-apimgt by wso2.
the class SecurityConfigContextTest method testSecurityConfigContextForAPIProduct.
@Test
public void testSecurityConfigContextForAPIProduct() throws Exception {
APIProduct apiProduct = new APIProduct(new APIProductIdentifier("admin", "TestProduct", "1.0.0"));
apiProduct.setUuid(UUID.randomUUID().toString());
String apiid = UUID.randomUUID().toString();
List<APIProductResource> apiProductResourceList = new ArrayList<>();
APIProductResource apiProductResource = new APIProductResource();
apiProductResource.setApiIdentifier(new APIIdentifier("admin_api1_v1"));
apiProductResource.setApiId(apiid);
Map<String, EndpointSecurity> endpointSecurityMap = new HashMap<>();
EndpointSecurity endpointSecurity = new EndpointSecurity();
endpointSecurity.setType("BASIC");
endpointSecurity.setUsername("admin");
endpointSecurity.setPassword("admin123");
endpointSecurity.setEnabled(true);
endpointSecurityMap.put("production", endpointSecurity);
apiProductResource.setApiId(apiid);
apiProductResource.setEndpointSecurityMap(endpointSecurityMap);
apiProductResourceList.add(apiProductResource);
apiProduct.setProductResources(apiProductResourceList);
ConfigContext configcontext = new APIConfigContext(apiProduct);
Mockito.when(apiManagerConfiguration.getFirstProperty(APIConstants.API_SECUREVAULT_ENABLE)).thenReturn("true");
Map<String, APIDTO> apidtoMap = new HashMap<>();
apidtoMap.put(apiid, new APIDTO().name("api1").version("v1").provider("admin"));
SecurityConfigContext securityConfigContext = new SecurityConfigContextWrapper(configcontext, apiProduct, apiManagerConfiguration, apidtoMap);
securityConfigContext.validate();
VelocityContext velocityContext = securityConfigContext.getContext();
Assert.assertNotNull(velocityContext.get("endpoint_security"));
Map<String, Map<String, EndpointSecurityModel>> endpointSecurityModelMap = (Map<String, Map<String, EndpointSecurityModel>>) velocityContext.get("endpoint_security");
Map<String, EndpointSecurityModel> endpointSecurityModelMap1 = endpointSecurityModelMap.get(apiProductResource.getApiId());
EndpointSecurityModel production = endpointSecurityModelMap1.get("production");
Assert.assertTrue("Property enabled cannot be false.", production.isEnabled());
Assert.assertTrue("Property type cannot be other.", production.getType().equalsIgnoreCase("basic"));
Assert.assertTrue("Property username does not match.", "admin".equals(production.getUsername()));
Assert.assertTrue("Property base64value does not match. ", new String(Base64.encodeBase64("admin:admin123".getBytes())).equalsIgnoreCase(production.getBase64EncodedPassword()));
Assert.assertTrue("Property securevault_alias does not match.", "TestProduct--v1.0.0--api1--vv1--production".equalsIgnoreCase(production.getAlias()));
Assert.assertTrue("Property isSecureVaultEnabled cannot be false. ", velocityContext.get("isSecureVaultEnabled").equals(true));
}
Aggregations