Search in sources :

Example 96 with Property

use of org.wso2.carbon.governance.custom.lifecycles.checklist.util.Property in project carbon-apimgt by wso2.

the class XMLSchemaValidator method configureSchemaProperties.

/**
 * This method binds the properties of the json validator sequence with the XMLConfig object.
 *
 * @param messageContext This message context contains the request message properties of the relevant
 *                       API which was enabled the XML_Validator message mediation in flow.
 * @return XMLConfig contains the xml schema properties need to be validated.
 */
XMLConfig configureSchemaProperties(MessageContext messageContext) {
    Object messageProperty;
    boolean dtdEnabled = false;
    boolean externalEntitiesEnabled = false;
    int maxXMLDepth = 0;
    int elementCount = 0;
    int attributeLength = 0;
    int attributeCount = 0;
    int entityExpansionLimit = 0;
    int childrenPerElement = 0;
    messageProperty = messageContext.getProperty(ThreatProtectorConstants.DTD_ENABLED);
    if (messageProperty != null) {
        dtdEnabled = Boolean.valueOf(messageProperty.toString());
    } else {
        String message = "XML schema dtdEnabled property value is missing.";
        ThreatExceptionHandler.handleException(messageContext, message);
    }
    messageProperty = messageContext.getProperty(ThreatProtectorConstants.EXTERNAL_ENTITIES_ENABLED);
    if (messageProperty != null) {
        externalEntitiesEnabled = Boolean.valueOf(messageProperty.toString());
    } else {
        String message = "XML schema externalEntitiesEnabled property value is missing.";
        ThreatExceptionHandler.handleException(messageContext, message);
    }
    messageProperty = messageContext.getProperty(ThreatProtectorConstants.MAX_ELEMENT_COUNT);
    if (messageProperty != null) {
        elementCount = Integer.parseInt(messageProperty.toString());
    } else {
        String message = "XML schema elementCount property value is missing.";
        ThreatExceptionHandler.handleException(messageContext, message);
    }
    messageProperty = messageContext.getProperty(ThreatProtectorConstants.MAX_ATTRIBUTE_LENGTH);
    if (messageProperty != null) {
        attributeLength = Integer.parseInt(messageProperty.toString());
    } else {
        String message = "XML schema maxAttributeLength property value is missing.";
        ThreatExceptionHandler.handleException(messageContext, message);
    }
    messageProperty = messageContext.getProperty(ThreatProtectorConstants.MAX_XML_DEPTH);
    if (messageProperty != null) {
        maxXMLDepth = Integer.parseInt(messageProperty.toString());
    } else {
        String message = "XML schema xmlDepth property value is missing.";
        ThreatExceptionHandler.handleException(messageContext, message);
    }
    messageProperty = messageContext.getProperty(ThreatProtectorConstants.MAX_ATTRIBUTE_COUNT);
    if (messageProperty != null) {
        attributeCount = Integer.parseInt(messageProperty.toString());
    } else {
        String message = "XML schema attributeCount property value is missing.";
        ThreatExceptionHandler.handleException(messageContext, message);
    }
    messageProperty = messageContext.getProperty(ThreatProtectorConstants.ENTITY_EXPANSION_LIMIT);
    if (messageProperty != null) {
        entityExpansionLimit = Integer.parseInt(messageProperty.toString());
    } else {
        String message = "XML schema entityExpansionLimit property value is missing.";
        ThreatExceptionHandler.handleException(messageContext, message);
    }
    messageProperty = messageContext.getProperty(ThreatProtectorConstants.CHILDREN_PER_ELEMENT);
    if (messageProperty == null) {
        String message = "XML schema childrenElement property value is missing.";
        ThreatExceptionHandler.handleException(messageContext, message);
    } else {
        childrenPerElement = Integer.parseInt(messageProperty.toString());
    }
    if (log.isDebugEnabled()) {
        log.debug(("DTD enable:" + dtdEnabled) + ", " + "External entities: " + externalEntitiesEnabled + ", " + "Element Count:" + elementCount + ", " + "Max AttributeLength:" + attributeLength + ", " + "Max xml Depth:" + maxXMLDepth + ", " + "Attribute count:" + attributeCount + ", " + "Entity Expansion Limit" + attributeCount + ". " + "childrenElement:" + attributeCount);
    }
    XMLConfig xmlConfig = new XMLConfig();
    xmlConfig.setDtdEnabled(dtdEnabled);
    xmlConfig.setExternalEntitiesEnabled(externalEntitiesEnabled);
    xmlConfig.setMaxDepth(maxXMLDepth);
    xmlConfig.setMaxElementCount(elementCount);
    xmlConfig.setMaxAttributeCount(attributeCount);
    xmlConfig.setMaxAttributeLength(attributeLength);
    xmlConfig.setEntityExpansionLimit(entityExpansionLimit);
    xmlConfig.setMaxChildrenPerElement(childrenPerElement);
    return xmlConfig;
}
Also used : XMLConfig(org.wso2.carbon.apimgt.gateway.threatprotection.configuration.XMLConfig)

Example 97 with Property

use of org.wso2.carbon.governance.custom.lifecycles.checklist.util.Property in project carbon-apimgt by wso2.

the class PublisherCommonUtils method validateAdditionalProperties.

/**
 * To validate the additional properties.
 * Validation will be done for the keys of additional properties. Property keys should not contain spaces in it
 * and property keys should not conflict with reserved key words.
 *
 * @param additionalProperties Map<String, String>  properties to validate
 * @return error message if there is an validation error with additional properties.
 */
public static String validateAdditionalProperties(List<APIInfoAdditionalPropertiesDTO> additionalProperties) {
    if (additionalProperties != null) {
        for (APIInfoAdditionalPropertiesDTO property : additionalProperties) {
            String propertyKey = property.getName();
            String propertyValue = property.getValue();
            if (propertyKey.contains(" ")) {
                return "Property names should not contain space character. Property '" + propertyKey + "' " + "contains space in it.";
            }
            if (Arrays.asList(APIConstants.API_SEARCH_PREFIXES).contains(propertyKey.toLowerCase())) {
                return "Property '" + propertyKey + "' conflicts with the reserved keywords. Reserved keywords " + "are [" + Arrays.toString(APIConstants.API_SEARCH_PREFIXES) + "]";
            }
            // restricting them to be within 80 and 900.
            if (propertyKey.length() > 80) {
                return "Property name can have maximum of 80 characters. Property '" + propertyKey + "' + contains " + propertyKey.length() + "characters";
            }
            if (propertyValue.length() > 900) {
                return "Property value can have maximum of 900 characters. Property '" + propertyKey + "' + " + "contains a value with " + propertyValue.length() + "characters";
            }
        }
    }
    return "";
}
Also used : APIInfoAdditionalPropertiesDTO(org.wso2.carbon.apimgt.rest.api.publisher.v1.dto.APIInfoAdditionalPropertiesDTO)

Example 98 with Property

use of org.wso2.carbon.governance.custom.lifecycles.checklist.util.Property in project carbon-apimgt by wso2.

the class SecurityConfigContextTest method testSecurityConfigContextOauth.

@Test
public void testSecurityConfigContextOauth() throws Exception {
    String json = "{\"endpoint_security\":{\n" + "  \"production\":{\n" + "    \"enabled\":true,\n" + "    \"type\":\"oauth\",\n" + "    \"clientId\":\"123-456\",\n" + "    \"clientSecret\":\"admin\",\n" + "    \"grantType\":\"client_credentials\"\n" + "  },\n" + "  \"sandbox\":{\n" + "    \"enabled\":true,\n" + "    \"type\":\"oauth\",\n" + "    \"clientId\":\"123-4567\",\n" + "    \"clientSecret\":\"admin\",\n" + "    \"grantType\":\"client_credentials\"\n" + "  }\n" + "  }\n" + "}";
    API api = new API(new APIIdentifier("admin", "TestAPI", "1.0.0"));
    api.setUuid(UUID.randomUUID().toString());
    api.setStatus(APIConstants.CREATED);
    api.setContextTemplate("/");
    api.setTransports(Constants.TRANSPORT_HTTP);
    api.setEndpointConfig(json);
    ConfigContext configcontext = new APIConfigContext(api);
    Mockito.when(apiManagerConfiguration.getFirstProperty(APIConstants.API_SECUREVAULT_ENABLE)).thenReturn("true");
    SecurityConfigContext securityConfigContext = new SecurityConfigContextWrapper(configcontext, api, apiManagerConfiguration);
    securityConfigContext.validate();
    VelocityContext velocityContext = securityConfigContext.getContext();
    Assert.assertNotNull(velocityContext.get("endpoint_security"));
    Map<String, EndpointSecurityModel> endpointSecurityModelMap = (Map<String, EndpointSecurityModel>) velocityContext.get("endpoint_security");
    EndpointSecurityModel production = endpointSecurityModelMap.get("production");
    Assert.assertTrue("Property enabled cannot be false.", production.isEnabled());
    Assert.assertTrue("Property type cannot be other.", production.getType().equalsIgnoreCase("oauth"));
    Assert.assertTrue("Property clientid does not match.", "123-456".equals(production.getClientId()));
    Assert.assertEquals(production.getClientSecretAlias(), "TestAPI--v1.0.0--oauth--clientSecret--production");
    EndpointSecurityModel sandbox = endpointSecurityModelMap.get("sandbox");
    Assert.assertTrue("Property enabled cannot be false.", sandbox.isEnabled());
    Assert.assertTrue("Property type cannot be other.", sandbox.getType().equalsIgnoreCase("oauth"));
    Assert.assertTrue("Property username does not match.", "123-4567".equals(sandbox.getClientId()));
    Assert.assertEquals(sandbox.getClientSecretAlias(), "TestAPI--v1.0.0--oauth--clientSecret--sandbox");
    Assert.assertTrue("Property isSecureVaultEnabled cannot be false. ", velocityContext.get("isSecureVaultEnabled").equals(true));
}
Also used : SecurityConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.SecurityConfigContext) VelocityContext(org.apache.velocity.VelocityContext) EndpointSecurityModel(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.EndpointSecurityModel) API(org.wso2.carbon.apimgt.api.model.API) APIIdentifier(org.wso2.carbon.apimgt.api.model.APIIdentifier) HashMap(java.util.HashMap) Map(java.util.Map) APIConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.APIConfigContext) ConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.ConfigContext) SecurityConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.SecurityConfigContext) APIConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.APIConfigContext) Test(org.junit.Test)

Example 99 with Property

use of org.wso2.carbon.governance.custom.lifecycles.checklist.util.Property in project carbon-apimgt by wso2.

the class SecurityConfigContextTest method testSecurityConfigContextPerEndpointSandbox.

@Test
public void testSecurityConfigContextPerEndpointSandbox() throws Exception {
    String json = "{\"endpoint_security\":{\n" + "  \"sandbox\":{\n" + "    \"enabled\":true,\n" + "    \"type\":\"DIGEST\",\n" + "    \"username\":\"admin\",\n" + "    \"password\":\"admin123#QA\"\n" + "  }\n" + "  }\n" + "}";
    API api = new API(new APIIdentifier("admin", "TestAPI", "1.0.0"));
    api.setStatus(APIConstants.CREATED);
    api.setContextTemplate("/");
    api.setTransports(Constants.TRANSPORT_HTTP);
    api.setEndpointConfig(json);
    ConfigContext configcontext = new APIConfigContext(api);
    Mockito.when(apiManagerConfiguration.getFirstProperty(APIConstants.API_SECUREVAULT_ENABLE)).thenReturn("true");
    SecurityConfigContext securityConfigContext = new SecurityConfigContextWrapper(configcontext, api, apiManagerConfiguration);
    securityConfigContext.validate();
    VelocityContext velocityContext = securityConfigContext.getContext();
    Assert.assertNotNull(velocityContext.get("endpoint_security"));
    Map<String, EndpointSecurityModel> endpointSecurityModelMap = (Map<String, EndpointSecurityModel>) velocityContext.get("endpoint_security");
    EndpointSecurityModel sandbox = endpointSecurityModelMap.get("sandbox");
    Assert.assertTrue("Property enabled cannot be false.", sandbox.isEnabled());
    Assert.assertTrue("Property type cannot be other.", sandbox.getType().equalsIgnoreCase("digest"));
    Assert.assertTrue("Property username does not match.", "admin".equals(sandbox.getUsername()));
    Assert.assertTrue("Property base64value does not match. ", new String(Base64.encodeBase64("admin:admin123#QA".getBytes())).equalsIgnoreCase(sandbox.getBase64EncodedPassword()));
    Assert.assertTrue("Property securevault_alias does not match.", "TestAPI--v1.0.0--sandbox".equalsIgnoreCase(sandbox.getAlias()));
    Assert.assertTrue("Property isSecureVaultEnabled cannot be false. ", velocityContext.get("isSecureVaultEnabled").equals(true));
    EndpointSecurityModel production = endpointSecurityModelMap.get("production");
    Assert.assertFalse("Property enabled cannot be true.", production.isEnabled());
}
Also used : SecurityConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.SecurityConfigContext) VelocityContext(org.apache.velocity.VelocityContext) EndpointSecurityModel(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.EndpointSecurityModel) API(org.wso2.carbon.apimgt.api.model.API) APIIdentifier(org.wso2.carbon.apimgt.api.model.APIIdentifier) HashMap(java.util.HashMap) Map(java.util.Map) APIConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.APIConfigContext) ConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.ConfigContext) SecurityConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.SecurityConfigContext) APIConfigContext(org.wso2.carbon.apimgt.rest.api.publisher.v1.common.template.APIConfigContext) Test(org.junit.Test)

Example 100 with Property

use of org.wso2.carbon.governance.custom.lifecycles.checklist.util.Property in project carbon-apimgt by wso2.

the class ThrottleHandlerTest method testHandleRequestForGraphQLSubscriptions.

/**
 * This method will test request flow when "isGraphqlSubscriptionRequest" property is set in axis2 message context
 * when incoming transport is websocket. This occurs during Graphql Subscription request flow.
 */
@Test
public void testHandleRequestForGraphQLSubscriptions() {
    ThrottleHandler throttleHandler = new ThrottlingHandlerWrapper(timer, new ThrottleDataHolder(), throttleEvaluator, accessInformation);
    Axis2MessageContext messageContext = Mockito.mock(Axis2MessageContext.class);
    org.apache.axis2.context.MessageContext axis2MessageContext = Mockito.mock(org.apache.axis2.context.MessageContext.class);
    Mockito.when(messageContext.getAxis2MessageContext()).thenReturn(axis2MessageContext);
    Mockito.when(axis2MessageContext.getIncomingTransportName()).thenReturn("ws");
    Mockito.when(messageContext.getProperty(APIConstants.GRAPHQL_SUBSCRIPTION_REQUEST)).thenReturn(true);
    Assert.assertTrue(throttleHandler.handleRequest(messageContext));
    Mockito.when(axis2MessageContext.getIncomingTransportName()).thenReturn("wss");
    Assert.assertTrue(throttleHandler.handleRequest(messageContext));
    // clean up message context
    Mockito.when(messageContext.getProperty(APIConstants.GRAPHQL_SUBSCRIPTION_REQUEST)).thenReturn(false);
    Mockito.when(axis2MessageContext.getIncomingTransportName()).thenReturn("http");
}
Also used : ThrottleDataHolder(org.wso2.carbon.apimgt.gateway.throttling.ThrottleDataHolder) Axis2MessageContext(org.apache.synapse.core.axis2.Axis2MessageContext) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) Test(org.junit.Test)

Aggregations

HashMap (java.util.HashMap)42 ArrayList (java.util.ArrayList)32 APIManagementException (org.wso2.carbon.apimgt.api.APIManagementException)32 Resource (org.wso2.carbon.registry.core.Resource)23 Map (java.util.Map)21 Test (org.junit.Test)21 RegistryException (org.wso2.carbon.registry.core.exceptions.RegistryException)21 DataResponse (org.wso2.carbon.bpmn.rest.model.common.DataResponse)17 API (org.wso2.carbon.apimgt.api.model.API)16 UserStoreException (org.wso2.carbon.user.api.UserStoreException)16 Path (javax.ws.rs.Path)14 Produces (javax.ws.rs.Produces)14 JSONObject (org.json.simple.JSONObject)14 APIIdentifier (org.wso2.carbon.apimgt.api.model.APIIdentifier)14 List (java.util.List)13 IOException (java.io.IOException)11 QName (javax.xml.namespace.QName)11 APIProductResource (org.wso2.carbon.apimgt.api.model.APIProductResource)11 Properties (java.util.Properties)10 GovernanceException (org.wso2.carbon.governance.api.exception.GovernanceException)10