Move IdPSecretsProcessor class to the org.wso2.carbon.idp.mgt component

Thisara-Welmilla · Nov 4, 2024 · 82bc9cc · 82bc9cc
1 parent c54d4bd
commit 82bc9cc
Show file tree

Hide file tree

Showing 8 changed files with 142 additions and 92 deletions.
diff --git a/components/action-mgt/org.wso2.carbon.identity.action.management/pom.xml b/components/action-mgt/org.wso2.carbon.identity.action.management/pom.xml
@@ -55,6 +55,10 @@
             <groupId>org.mockito</groupId>
             <artifactId>mockito-core</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.wso2.carbon.identity.framework</groupId>
+            <artifactId>org.wso2.carbon.identity.central.log.mgt</artifactId>
+        </dependency>
         <dependency>
             <groupId>com.h2database</groupId>
             <artifactId>h2</artifactId>

diff --git a/...t/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/dao/IdPManagementDAO.java b/...t/org.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/dao/IdPManagementDAO.java
@@ -123,16 +123,11 @@
 public class IdPManagementDAO {
 
     private static final Log log = LogFactory.getLog(IdPManagementDAO.class);
-    private SecretsProcessor<IdentityProvider> idpSecretsProcessorService;
+    private final IdPSecretsProcessor idpSecretsProcessorService = new IdPSecretsProcessor();;
 
     private static final String OPENID_IDP_ENTITY_ID = "IdPEntityId";
     private static final String ENABLE_SMS_OTP_IF_RECOVERY_NOTIFICATION_ENABLED
             = "OnDemandConfig.OnInitialUse.EnableSMSOTPPasswordRecoveryIfConnectorEnabled";
-
-    public IdPManagementDAO() {
-
-        idpSecretsProcessorService = new IdPSecretsProcessor();
-    }
 
     /**
      * @param dbConnection
@@ -3181,14 +3176,8 @@ private IdentityProvider getIDP(Connection dbConnection, String idPName, int idp
                         dbConnection, idPName, federatedIdp, tenantId));
 
                 // Retrieve encrypted secrets from DB, decrypt and set to the federated authenticator configs.
-                if (idpSecretsProcessorService == null) {
-                    throw new IdentityProviderManagementException(
-                            "Error while retrieving secrets of identity provider: " + idPName + " in tenant: " +
-                                    tenantDomain + ". IdPSecretsProcessorService is not available.");
-                }
                 if (federatedIdp.getFederatedAuthenticatorConfigs().length > 0) {
-                    federatedIdp = idpSecretsProcessorService.
-                            decryptAssociatedSecrets(federatedIdp);
+                    federatedIdp = idpSecretsProcessorService.decryptAssociatedSecrets(federatedIdp);
                 }
 
                 if (defaultAuthenticatorName != null && federatedIdp.getFederatedAuthenticatorConfigs() != null) {
@@ -3909,14 +3898,7 @@ public String addIdPWithResourceId(IdentityProvider identityProvider, int tenant
 
             // Add federated authenticator secret properties to IDN_SECRET table.
             identityProvider.setId(createdIDP.getId());
-            if (idpSecretsProcessorService != null) {
-                identityProvider = idpSecretsProcessorService.
-                        encryptAssociatedSecrets(identityProvider);
-            } else {
-                throw new IdentityProviderManagementException("An error occurred while storing encrypted IDP secrets of " +
-                        "Identity provider : " + identityProvider.getIdentityProviderName() + " in tenant : "
-                        + IdentityTenantUtil.getTenantDomain(tenantId) + ". IdPSecretsProcessorService is not available.");
-            }
+            identityProvider = idpSecretsProcessorService.encryptAssociatedSecrets(identityProvider);
 
             // add federated authenticators.
             addFederatedAuthenticatorConfigs(identityProvider.getFederatedAuthenticatorConfigs(),
@@ -4252,14 +4234,7 @@ public void updateIdPWithResourceId(String resourceId, IdentityProvider
 
                 // Update secrets in IDN_SECRET table.
                 newIdentityProvider.setId(Integer.toString(idpId));
-                if (idpSecretsProcessorService != null) {
-                    newIdentityProvider = idpSecretsProcessorService.
-                            encryptAssociatedSecrets(newIdentityProvider);
-                } else {
-                    throw new IdentityProviderManagementException("An error occurred while updating the secrets of the " +
-                            "identity provider : " + currentIdentityProvider.getIdentityProviderName() + " in tenant : " +
-                            IdentityTenantUtil.getTenantDomain(tenantId) + ". The IdPSecretsProcessorService is not available.");
-                }
+                newIdentityProvider = idpSecretsProcessorService.encryptAssociatedSecrets(newIdentityProvider);
 
                 // update federated authenticators.
                 updateFederatedAuthenticatorConfigs(
@@ -4440,12 +4415,7 @@ public void deleteIdPByResourceId(String resourceId, int tenantId, String tenant
             idPName = identityProvider.getIdentityProviderName();
             deleteIdP(dbConnection, tenantId, null, resourceId);
             // Delete IdP related secrets from the IDN_SECRET table.
-            if (idpSecretsProcessorService != null) {
-                idpSecretsProcessorService.deleteAssociatedSecrets(identityProvider);
-            } else {
-                throw new IdentityProviderManagementException("Error while deleting IDP secrets of Identity provider : " +
-                        idPName + " in tenant : " + tenantDomain + ". IdPSecretsProcessorService is not available.");
-            }
+            idpSecretsProcessorService.deleteAssociatedSecrets(identityProvider);
             IdentityDatabaseUtil.commitTransaction(dbConnection);
         } catch (SQLException e) {
             IdentityDatabaseUtil.rollbackTransaction(dbConnection);

diff --git a/...g.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/util/IdPSecretsProcessor.java b/...g.wso2.carbon.idp.mgt/src/main/java/org/wso2/carbon/idp/mgt/util/IdPSecretsProcessor.java
@@ -39,14 +39,9 @@
  */
 public class IdPSecretsProcessor implements SecretsProcessor<IdentityProvider> {
 
-    private final SecretManager secretManager;
-    private final SecretResolveManager secretResolveManager;
     private final Gson gson;
 
     public IdPSecretsProcessor() {
-
-        this.secretManager = IdpMgtServiceComponentHolder.getInstance().getSecretManager();
-        this.secretResolveManager = IdpMgtServiceComponentHolder.getInstance().getSecretResolveManager();
         this.gson = new Gson();
     }
 
@@ -60,9 +55,11 @@ public IdentityProvider decryptAssociatedSecrets(IdentityProvider identityProvid
                     continue;
                 }
                 String secretName = buildSecretName(clonedIdP.getId(), fedAuthConfig.getName(), prop.getName());
-                if (secretManager.isSecretExist(IDN_SECRET_TYPE_IDP_SECRETS, secretName)) {
+                if (IdpMgtServiceComponentHolder.getInstance().getSecretManager()
+                        .isSecretExist(IDN_SECRET_TYPE_IDP_SECRETS, secretName)) {
                     ResolvedSecret resolvedSecret =
-                            secretResolveManager.getResolvedSecret(IDN_SECRET_TYPE_IDP_SECRETS, secretName);
+                            IdpMgtServiceComponentHolder.getInstance().getSecretResolveManager()
+                                    .getResolvedSecret(IDN_SECRET_TYPE_IDP_SECRETS, secretName);
                     // Replace secret reference with decrypted original secret.
                     prop.setValue(resolvedSecret.getResolvedSecretValue());
                 }
@@ -82,7 +79,8 @@ public IdentityProvider encryptAssociatedSecrets(IdentityProvider identityProvid
                     continue;
                 }
                 String secretName = buildSecretName(clonedIdP.getId(), fedAuthConfig.getName(), prop.getName());
-                if (secretManager.isSecretExist(IDN_SECRET_TYPE_IDP_SECRETS, secretName)) {
+                if (IdpMgtServiceComponentHolder.getInstance().getSecretManager()
+                        .isSecretExist(IDN_SECRET_TYPE_IDP_SECRETS, secretName)) {
                     // Update existing secret property.
                     updateExistingSecretProperty(secretName, prop);
                     prop.setValue(buildSecretReference(secretName));
@@ -109,8 +107,10 @@ public void deleteAssociatedSecrets(IdentityProvider identityProvider) throws Se
                     continue;
                 }
                 String secretName = buildSecretName(identityProvider.getId(), fedAuthConfig.getName(), prop.getName());
-                if (secretManager.isSecretExist(IDN_SECRET_TYPE_IDP_SECRETS, secretName)) {
-                    secretManager.deleteSecret(IDN_SECRET_TYPE_IDP_SECRETS, secretName);
+                if (IdpMgtServiceComponentHolder.getInstance().getSecretManager()
+                        .isSecretExist(IDN_SECRET_TYPE_IDP_SECRETS, secretName)) {
+                    IdpMgtServiceComponentHolder.getInstance().getSecretManager()
+                            .deleteSecret(IDN_SECRET_TYPE_IDP_SECRETS, secretName);
                 }
             }
         }
@@ -123,7 +123,8 @@ private String buildSecretName(String idpId, String fedAuthName, String propName
 
     private String buildSecretReference(String secretName) throws SecretManagementException {
 
-        SecretType secretType = secretManager.getSecretType(IDN_SECRET_TYPE_IDP_SECRETS);
+        SecretType secretType = IdpMgtServiceComponentHolder.getInstance().getSecretManager()
+                .getSecretType(IDN_SECRET_TYPE_IDP_SECRETS);
         return secretType.getId() + ":" + secretName;
     }
 
@@ -132,14 +133,17 @@ private void addNewIdpSecretProperty(String secretName, Property property) throw
         Secret secret = new Secret();
         secret.setSecretName(secretName);
         secret.setSecretValue(property.getValue());
-        secretManager.addSecret(IDN_SECRET_TYPE_IDP_SECRETS, secret);
+        IdpMgtServiceComponentHolder.getInstance().getSecretManager()
+                .addSecret(IDN_SECRET_TYPE_IDP_SECRETS, secret);
     }
 
     private void updateExistingSecretProperty(String secretName, Property property) throws SecretManagementException {
 
-        ResolvedSecret resolvedSecret = secretResolveManager.getResolvedSecret(IDN_SECRET_TYPE_IDP_SECRETS, secretName);
+        ResolvedSecret resolvedSecret = IdpMgtServiceComponentHolder.getInstance().getSecretResolveManager()
+                .getResolvedSecret(IDN_SECRET_TYPE_IDP_SECRETS, secretName);
         if (!resolvedSecret.getResolvedSecretValue().equals(property.getValue())) {
-            secretManager.updateSecretValue(IDN_SECRET_TYPE_IDP_SECRETS, secretName, property.getValue());
+            IdpMgtServiceComponentHolder.getInstance().getSecretManager()
+                    .updateSecretValue(IDN_SECRET_TYPE_IDP_SECRETS, secretName, property.getValue());
         }
     }
 }
diff --git a/....idp.mgt/src/test/java/org/wso2/carbon/idp/mgt/IdentityProviderManagementServiceTest.java b/....idp.mgt/src/test/java/org/wso2/carbon/idp/mgt/IdentityProviderManagementServiceTest.java
@@ -18,11 +18,15 @@
 
 package org.wso2.carbon.idp.mgt;
 
+import org.mockito.MockedStatic;
 import org.testng.Assert;
+import org.testng.annotations.AfterClass;
 import org.testng.annotations.AfterMethod;
+import org.testng.annotations.BeforeClass;
 import org.testng.annotations.BeforeMethod;
 import org.testng.annotations.DataProvider;
 import org.testng.annotations.Test;
+import org.wso2.carbon.core.util.CryptoUtil;
 import org.wso2.carbon.identity.application.common.ApplicationAuthenticatorService;
 import org.wso2.carbon.identity.application.common.ProvisioningConnectorService;
 import org.wso2.carbon.identity.application.common.model.Claim;
@@ -48,8 +52,8 @@
 import org.wso2.carbon.identity.common.testng.WithRealmService;
 import org.wso2.carbon.identity.common.testng.WithRegistry;
 import org.wso2.carbon.identity.core.util.IdentityDatabaseUtil;
-import org.wso2.carbon.identity.secret.mgt.core.SecretManager;
-import org.wso2.carbon.identity.secret.mgt.core.SecretResolveManager;
+import org.wso2.carbon.identity.secret.mgt.core.SecretManagerImpl;
+import org.wso2.carbon.identity.secret.mgt.core.model.SecretType;
 import org.wso2.carbon.idp.mgt.internal.IdpMgtServiceComponentHolder;
 import org.wso2.carbon.idp.mgt.util.IdPManagementConstants;
 import org.wso2.carbon.idp.mgt.util.MetadataConverter;
@@ -66,8 +70,8 @@
 
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyString;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
+import static org.mockito.Mockito.*;
+import static org.mockito.Mockito.mockStatic;
 import static org.testng.Assert.assertNull;
 import static org.testng.Assert.assertThrows;
 import static org.wso2.carbon.base.MultitenantConstants.SUPER_TENANT_ID;
@@ -87,6 +91,27 @@ public class IdentityProviderManagementServiceTest {
 
     MetadataConverter mockMetadataConverter;
     private IdentityProviderManagementService identityProviderManagementService;
+    private MockedStatic<CryptoUtil> cryptoUtil;
+
+    @BeforeClass
+    public void setUpClass() throws Exception {
+
+        SecretManagerImpl secretManager = mock(SecretManagerImpl.class);
+        SecretType secretType = mock(SecretType.class);
+        IdpMgtServiceComponentHolder.getInstance().setSecretManager(secretManager);
+        when(secretType.getId()).thenReturn("secretId");
+        doReturn(secretType).when(secretManager).getSecretType(any());
+        when(secretManager.isSecretExist(anyString(), anyString())).thenReturn(false);
+
+        cryptoUtil = mockStatic(CryptoUtil.class);
+        CryptoUtil mockCryptoUtil = mock(CryptoUtil.class);
+        cryptoUtil.when(CryptoUtil::getDefaultCryptoUtil).thenReturn(mockCryptoUtil);
+    }
+
+    @AfterClass
+    public void tearDownClass() {
+        cryptoUtil.close();
+    }
 
     @BeforeMethod
     public void setUp() throws Exception {
@@ -95,11 +120,6 @@ public void setUp() throws Exception {
         identityProviderManagementService = new IdentityProviderManagementService();
         List<MetadataConverter> metadataConverterList = Arrays.asList(mockMetadataConverter);
         IdpMgtServiceComponentHolder.getInstance().setMetadataConverters(metadataConverterList);
-
-        SecretManager secretManager = mock(SecretManager.class);
-        SecretResolveManager secretResolveManager = mock(SecretResolveManager.class);
-        IdpMgtServiceComponentHolder.getInstance().setSecretManager(secretManager);
-        IdpMgtServiceComponentHolder.getInstance().setSecretResolveManager(secretResolveManager);
     }
 
     @AfterMethod

diff --git a/...o2.carbon.idp.mgt/src/test/java/org/wso2/carbon/idp/mgt/dao/CacheBackedIdPMgtDAOTest.java b/...o2.carbon.idp.mgt/src/test/java/org/wso2/carbon/idp/mgt/dao/CacheBackedIdPMgtDAOTest.java
@@ -60,7 +60,9 @@
 import org.wso2.carbon.idp.mgt.internal.IdpMgtServiceComponentHolder;
 import org.wso2.carbon.idp.mgt.model.ConnectedAppsResult;
 import org.wso2.carbon.idp.mgt.util.IdPManagementConstants;
+import org.wso2.carbon.idp.mgt.util.IdPSecretsProcessor;
 
+import java.lang.reflect.Field;
 import java.nio.file.Paths;
 import java.sql.Connection;
 import java.sql.PreparedStatement;
@@ -72,8 +74,7 @@
 import java.util.List;
 import java.util.Map;
 
-import static org.mockito.ArgumentMatchers.anyBoolean;
-import static org.mockito.ArgumentMatchers.anyInt;
+import static org.mockito.ArgumentMatchers.*;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.mockStatic;
 import static org.mockito.Mockito.when;
@@ -148,7 +149,17 @@ private static Connection getConnection(String database) throws SQLException {
     @BeforeMethod
     public void setup() throws Exception {
 
+        IdPSecretsProcessor idpSecretsProcessor = mock(IdPSecretsProcessor.class);
+        when(idpSecretsProcessor.decryptAssociatedSecrets(any())).thenAnswer(
+                invocation -> invocation.getArguments()[0]);
+        when(idpSecretsProcessor.encryptAssociatedSecrets(any())).thenAnswer(
+                invocation -> invocation.getArguments()[0]);
         idPManagementDAO = new IdPManagementDAO();
+
+        Field idpSecretsProcessorField = IdPManagementDAO.class.getDeclaredField("idpSecretsProcessorService");
+        idpSecretsProcessorField.setAccessible(true);
+        idpSecretsProcessorField.set(idPManagementDAO, idpSecretsProcessor);
+
         cacheBackedIdPMgtDAO = new CacheBackedIdPMgtDAO(idPManagementDAO);
         initiateH2Database(DB_NAME, getFilePath("h2.sql"));
 
@@ -158,11 +169,6 @@ public void setup() throws Exception {
         IdpMgtServiceComponentHolder mockIdpMgtServiceComponentHolder = mock(IdpMgtServiceComponentHolder.class);
         idpMgtServiceComponentHolder.when(
                 IdpMgtServiceComponentHolder::getInstance).thenReturn(mockIdpMgtServiceComponentHolder);
-
-        SecretManager secretManager = mock(SecretManager.class);
-        SecretResolveManager secretResolveManager = mock(SecretResolveManager.class);
-        when(mockIdpMgtServiceComponentHolder.getSecretManager()).thenReturn(secretManager);
-        when(mockIdpMgtServiceComponentHolder.getSecretResolveManager()).thenReturn(secretResolveManager);
     }
 
     @AfterMethod