wso2 · AnuGayan · Mar 25, 2024 · Mar 14, 2024 · Mar 21, 2024 · Mar 22, 2024
@@ -276,10 +276,12 @@ void updateMonetizationUsagePublishInfo(MonetizationUsagePublishInfo monetizatio
     /**
      * This method used to retrieve key manager configurations for tenant
      * @param organization organization of the key manager
+     * @param checkUsages whether to check usages
      * @return KeyManagerConfigurationDTO list
      * @throws APIManagementException if error occurred
      */
-    List<KeyManagerConfigurationDTO> getKeyManagerConfigurationsByOrganization(String organization) throws APIManagementException;
+    List<KeyManagerConfigurationDTO> getKeyManagerConfigurationsByOrganization(String organization,
+            boolean checkUsages) throws APIManagementException;
 
     /**
      * This method returns all the key managers registered in all the tenants
@@ -515,6 +517,15 @@ Map<String, Object> searchPaginatedApis(String searchQuery, String organization,
      */
     List<KeyManagerConfigurationDTO> getGlobalKeyManagerConfigurations() throws APIManagementException;
 
+    /**
+     * This method used to retrieve global key manager configurations with usage check
+     * @param organization organization
+     * @return KeyManagerConfigurationDTO list
+     * @throws APIManagementException if error occurred
+     */
+    List<KeyManagerConfigurationDTO> getGlobalKeyManagerConfigurations(String organization)
+            throws APIManagementException;
+
     /**
      * This method used to retrieve global key manager with Id
      * @param id uuid of key manager

@@ -33,6 +33,7 @@
 import org.wso2.carbon.apimgt.api.model.Application;
 import org.wso2.carbon.apimgt.api.model.Comment;
 import org.wso2.carbon.apimgt.api.model.Identifier;
+import org.wso2.carbon.apimgt.api.model.KeyManagerApplicationInfo;
 import org.wso2.carbon.apimgt.api.model.Monetization;
 import org.wso2.carbon.apimgt.api.model.OAuthApplicationInfo;
 import org.wso2.carbon.apimgt.api.model.ResourceFile;
@@ -851,4 +852,12 @@ List<KeyManagerConfigurationDTO> getKeyManagerConfigurationsByOrganization(Strin
     boolean isKeyManagerByNameAllowedForUser(String keyManagerName, String organization, String username)
             throws APIManagementException;
 
+    /**
+     * Remove application keys.
+     * @param application   application
+     * @param keyMappingId  key mapping id
+     * @param xWSO2Tenant   tenant domain
+     * @throws APIManagementException
+     */
+    boolean removalKeys(Application application, String keyMappingId, String xWSO2Tenant) throws APIManagementException;
 }
@@ -549,6 +549,8 @@ public enum ExceptionCodes implements ErrorHandler {
     // Admin portal get apis and api provider change related errors
     CHANGE_API_PROVIDER_FAILED(903011, "Error while changing the API provider", 500, "Error while changing the API provider in the registry or DB"),
     GET_SEARCH_APIS_IN_ADMIN_FAILED(903012, "Error while getting the apis", 500, "Error while getting/searching the apis from registry"),
+    KEY_MANAGER_DELETE_FAILED(902015, "Key Manager Delete error", 412,"Error while deleting the Key Manager. %s", false),
+    KEYS_DELETE_FAILED(902014, "Key Delete error", 412,"Error while deleting Keys. %s", false),
 
     // AI service invocation related exceptions
     AI_SERVICE_INVALID_RESPONSE(903100, "Invalid response from AI service", 500, "Error while invoking AI service. %s", false),

@@ -43,6 +43,7 @@ public class KeyManagerConfigurationDTO implements Serializable {
     private String externalReferenceId = null;
     private String alias = null;
     private KeyManagerPermissionConfigurationDTO permissions = new KeyManagerPermissionConfigurationDTO();
+    private Boolean isUsed = null;
 
     public KeyManagerConfigurationDTO() {
     }
@@ -196,4 +197,14 @@ public void setPermissions (KeyManagerPermissionConfigurationDTO permissions) {
         }
         this.permissions = permissions;
     }
+
+    public Boolean getIsUsed() {
+
+        return this.isUsed;
+    }
+
+    public void setUsed(Boolean isUsed) {
+
+        this.isUsed = isUsed;
+    }
 }
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com) All Rights Reserved.
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.wso2.carbon.apimgt.api.model;
+
+public class KeyManagerApplicationInfo {
+    String keyManagerName;
+    String consumerKey;
+    String mode;
+
+    public String getKeyManagerName() {
+        return keyManagerName;
+    }
+
+    public void setKeyManagerName(String keyManagerName) {
+        this.keyManagerName = keyManagerName;
+    }
+
+    public String getConsumerKey() {
+        return consumerKey;
+    }
+
+    public void setConsumerKey(String consumerKey) {
+        this.consumerKey = consumerKey;
+    }
+
+    public String getMode() {
+        return mode;
+    }
+
+    public void setMode(String mode) {
+        this.mode = mode;
+    }
+}
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.com) All Rights Reserved.
+ *
+ * WSO2 LLC. licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.wso2.carbon.apimgt.api.model;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class KeyManagerApplicationUsages {
+
+    int applicationCount;
+    List<ApplicationInfoKeyManager> applications = new ArrayList<>();
+
+    public int getApplicationCount() {
+        return applicationCount;
+    }
+
+    public void setApplicationCount(int applicationCount) {
+        this.applicationCount = applicationCount;
+    }
+
+    public List<ApplicationInfoKeyManager> getApplications() { return applications; }
+
+    public void setApplications(List<ApplicationInfoKeyManager> applications) {this.applications = applications; }
+}
@@ -87,7 +87,7 @@ public LinkedHashMap<String, String> purge(String organization) {
                         isKeyManagerOrganizationExist = organizationPurgeDAO.keyManagerOrganizationExist(organization);
                         break;
                     case APIConstants.OrganizationDeletion.KM_RETRIEVER:
-                        keyManagerList = apiAdmin.getKeyManagerConfigurationsByOrganization(organization);
+                        keyManagerList = apiAdmin.getKeyManagerConfigurationsByOrganization(organization, false);
                         break;
                     case APIConstants.OrganizationDeletion.IDP_DATA_REMOVER:
                         deleteIdpList(organization, keyManagerList);

@@ -74,7 +74,7 @@ public class IdpKmPurgeTest {
         List<KeyManagerConfigurationDTO> keyManagerList = new ArrayList<>();
         keyManagerList.add(kmConfig);
 
-        Mockito.doReturn(keyManagerList).when(amAdmin).getKeyManagerConfigurationsByOrganization("testOrg");
+        Mockito.doReturn(keyManagerList).when(amAdmin).getKeyManagerConfigurationsByOrganization("testOrg", false);
         Mockito.doNothing().when(organizationPurgeDAO).deleteKeyManagerConfigurationList(keyManagerList, "testOrg");
         Mockito.doReturn(true).when(organizationPurgeDAO).keyManagerOrganizationExist(Mockito.anyString());
         Mockito.doNothing().when(amAdmin).deleteIdentityProvider("testOrg", kmConfig);

@@ -27,7 +27,6 @@
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.apache.solr.client.solrj.util.ClientUtils;
 import org.everit.json.schema.Schema;
 import org.everit.json.schema.ValidationException;
 import org.json.JSONException;
@@ -44,14 +43,12 @@
 import org.wso2.carbon.apimgt.api.dto.KeyManagerPermissionConfigurationDTO;
 import org.wso2.carbon.apimgt.api.model.APICategory;
 import org.wso2.carbon.apimgt.api.model.APIIdentifier;
-import org.wso2.carbon.apimgt.api.model.APIProduct;
-import org.wso2.carbon.apimgt.api.model.APIProductIdentifier;
 import org.wso2.carbon.apimgt.api.model.Application;
 import org.wso2.carbon.apimgt.api.model.ApplicationInfo;
+import org.wso2.carbon.apimgt.api.model.ApplicationInfoKeyManager;
 import org.wso2.carbon.apimgt.api.model.ConfigurationDto;
-import org.wso2.carbon.apimgt.api.model.Documentation;
-import org.wso2.carbon.apimgt.api.model.DocumentationType;
 import org.wso2.carbon.apimgt.api.model.Environment;
+import org.wso2.carbon.apimgt.api.model.KeyManagerApplicationUsages;
 import org.wso2.carbon.apimgt.api.model.KeyManagerConfiguration;
 import org.wso2.carbon.apimgt.api.model.KeyManagerConnectorConfiguration;
 import org.wso2.carbon.apimgt.api.model.Monetization;
@@ -73,24 +70,13 @@
 import org.wso2.carbon.apimgt.impl.monetization.DefaultMonetizationImpl;
 import org.wso2.carbon.apimgt.impl.service.KeyMgtRegistrationService;
 import org.wso2.carbon.apimgt.impl.utils.APINameComparator;
-import org.wso2.carbon.apimgt.impl.utils.APIProductNameComparator;
 import org.wso2.carbon.apimgt.impl.utils.APIUtil;
 import org.wso2.carbon.apimgt.impl.utils.ContentSearchResultNameComparator;
 import org.wso2.carbon.apimgt.persistence.APIPersistence;
-import org.wso2.carbon.apimgt.persistence.dto.AdminApiInfo;
 import org.wso2.carbon.apimgt.persistence.dto.AdminApiSearchContent;
 import org.wso2.carbon.apimgt.persistence.dto.AdminContentSearchResult;
-import org.wso2.carbon.apimgt.persistence.dto.DocumentSearchContent;
-import org.wso2.carbon.apimgt.persistence.dto.Organization;
-import org.wso2.carbon.apimgt.persistence.dto.PublisherAPIInfo;
-import org.wso2.carbon.apimgt.persistence.dto.PublisherAPISearchResult;
-import org.wso2.carbon.apimgt.persistence.dto.PublisherContentSearchResult;
-import org.wso2.carbon.apimgt.persistence.dto.PublisherSearchContent;
 import org.wso2.carbon.apimgt.persistence.dto.SearchContent;
-import org.wso2.carbon.apimgt.persistence.dto.UserContext;
 import org.wso2.carbon.apimgt.persistence.exceptions.APIPersistenceException;
-import org.wso2.carbon.apimgt.persistence.mapper.APIMapper;
-import org.wso2.carbon.apimgt.persistence.utils.RegistrySearchUtil;
 import org.wso2.carbon.context.CarbonContext;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
 import org.wso2.carbon.core.util.CryptoException;
@@ -117,10 +103,8 @@
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Iterator;
-import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Map;
-import java.util.Set;
 import java.util.SortedSet;
 import java.util.TimeZone;
 import java.util.TreeSet;
@@ -136,6 +120,7 @@
 import javax.xml.transform.dom.DOMSource;
 import javax.xml.transform.stream.StreamResult;
 
+import static org.wso2.carbon.apimgt.impl.utils.APIUtil.getPaginatedApplicationList;
 
 /**
  * This class provides the core API admin functionality.
@@ -390,8 +375,8 @@
     }
 
     @Override
-    public List<KeyManagerConfigurationDTO> getKeyManagerConfigurationsByOrganization(String organization)
-            throws APIManagementException {
+    public List<KeyManagerConfigurationDTO> getKeyManagerConfigurationsByOrganization(String organization,
+            boolean checkUsages) throws APIManagementException {
 
         // For Choreo scenario (Choreo organization uses the same super tenant Resident Key Manager
         // Hence no need to register the default key manager per organization)
@@ -443,6 +428,10 @@
         }
 
         setIdentityProviderRelatedInformation(keyManagerConfigurationsByTenant, organization);
+        if (checkUsages) {
+            setKeyManagerUsageRelatedInformation(keyManagerConfigurationsByTenant, organization);
+        }
+
         return keyManagerConfigurationsByTenant;
     }
 
@@ -472,6 +461,29 @@
 
     }
 
+    private void setKeyManagerUsageRelatedInformation(
+            List<KeyManagerConfigurationDTO> keyManagerConfigurationsByOrganization, String organization)
+            throws APIManagementException {
+
+        for (KeyManagerConfigurationDTO keyManagerConfigurationDTO : keyManagerConfigurationsByOrganization) {
+
+            KeyManagerApplicationUsages appUsages = getApplicationsOfKeyManager(keyManagerConfigurationDTO.getUuid(), 0,
+                    Integer.MAX_VALUE);
+            if (appUsages.getApplicationCount() > 0) {
+                keyManagerConfigurationDTO.setUsed(true);
+                continue;
+            }
+
+            AdminContentSearchResult apiUsages = getAPIUsagesByKeyManagerNameAndOrganization(organization,
+                    keyManagerConfigurationDTO.getName(), 0, Integer.MAX_VALUE);
+            if (apiUsages.getApiCount() > 0) {
+                keyManagerConfigurationDTO.setUsed(true);
+                continue;
+            }
+            keyManagerConfigurationDTO.setUsed(false);
+        }
+    }
+
     private void setAliasForTokenExchangeKeyManagers(List<KeyManagerConfigurationDTO> keyManagerConfigurationsByTenant,
                                                      String tenantDomain) throws APIManagementException {
         for (KeyManagerConfigurationDTO keyManagerConfigurationDTO : keyManagerConfigurationsByTenant) {
@@ -643,6 +655,29 @@
         return keyManagerConfigurationDTO;
     }
 
+    public AdminContentSearchResult getAPIUsagesByKeyManagerNameAndOrganization(String org, String keyManagerName,
+            int offset, int limit) throws APIManagementException {
+
+        APIPersistence apiPersistenceInstance = PersistenceFactory.getAPIPersistenceInstance();
+        String searchQuery = APIConstants.API_USAGE_BY_KEY_MANAGER_QUERY.replace("$1", keyManagerName);
+        try {
+            return apiPersistenceInstance.searchContentForAdmin(org, searchQuery, offset, limit, limit);
+        } catch (APIPersistenceException e) {
+            throw new APIManagementException("Error while finding the key manager ", e);
+        }
+    }
+
+    public KeyManagerApplicationUsages getApplicationsOfKeyManager(String keyManagerId, int offset, int limit)
+            throws APIManagementException {
+
+        KeyManagerApplicationUsages keyManagerApplicationUsages = new KeyManagerApplicationUsages();
+        ApiMgtDAO apiMgtDAO = ApiMgtDAO.getInstance();
+        List<ApplicationInfoKeyManager> applications = apiMgtDAO.getAllApplicationsOfKeyManager(keyManagerId);
+        keyManagerApplicationUsages.setApplicationCount(applications.size());
+        keyManagerApplicationUsages.setApplications(getPaginatedApplicationList(applications, offset, limit));
+        return keyManagerApplicationUsages;
+    }
+
     private void validateKeyManagerEndpointConfiguration(KeyManagerConfigurationDTO keyManagerConfigurationDTO)
             throws APIManagementException {
         if (!APIConstants.KeyManager.DEFAULT_KEY_MANAGER.equals(keyManagerConfigurationDTO.getName())) {
@@ -926,14 +961,24 @@
     public void deleteKeyManagerConfigurationById(String organization, KeyManagerConfigurationDTO kmConfig)
             throws APIManagementException {
         if (kmConfig != null) {
-            if (!APIConstants.KeyManager.DEFAULT_KEY_MANAGER.equals(kmConfig.getName())) {
-                deleteIdentityProvider(organization, kmConfig);
-                apiMgtDAO.deleteKeyManagerConfigurationById(kmConfig.getUuid(), organization);
-                new KeyMgtNotificationSender()
-                        .notify(kmConfig, APIConstants.KeyManager.KeyManagerEvent.ACTION_DELETE);
+            AdminContentSearchResult apiUsage = getAPIUsagesByKeyManagerNameAndOrganization(organization,
+                    kmConfig.getName(), 0, Integer.MAX_VALUE);
+            KeyManagerApplicationUsages appUsages = getApplicationsOfKeyManager(kmConfig.getUuid(), 0,
+                    Integer.MAX_VALUE);
+            if (apiUsage != null && apiUsage.getApiCount() == 0 && appUsages != null
+                    && appUsages.getApplicationCount() == 0) {
+                if (!APIConstants.KeyManager.DEFAULT_KEY_MANAGER.equals(kmConfig.getName())) {
+                    deleteIdentityProvider(organization, kmConfig);
+                    apiMgtDAO.deleteKeyManagerConfigurationById(kmConfig.getUuid(), organization);
+                    new KeyMgtNotificationSender()
+                            .notify(kmConfig, APIConstants.KeyManager.KeyManagerEvent.ACTION_DELETE);
+                } else {
+                    throw new APIManagementException(APIConstants.KeyManager.DEFAULT_KEY_MANAGER + " couldn't delete",
+                            ExceptionCodes.KEY_MANAGER_DELETE_FAILED);
+                }
             } else {
-                throw new APIManagementException(APIConstants.KeyManager.DEFAULT_KEY_MANAGER + " couldn't delete",
-                        ExceptionCodes.INTERNAL_ERROR);
+                throw new APIManagementException("Key Manager is already used by an API or an Application.",
+                        ExceptionCodes.KEY_MANAGER_DELETE_FAILED);
             }
         }
     }
@@ -1704,4 +1749,15 @@
         }
         return keyManagerConfigurations;
     }
+
+    public List<KeyManagerConfigurationDTO> getGlobalKeyManagerConfigurations(String organization)
+            throws APIManagementException {
+        List<KeyManagerConfigurationDTO> keyManagerConfigurations = apiMgtDAO.getKeyManagerConfigurationsByOrganization(
+                APIConstants.GLOBAL_KEY_MANAGER_TENANT_DOMAIN);
+        for (KeyManagerConfigurationDTO keyManagerConfigurationDTO : keyManagerConfigurations) {
+            decryptKeyManagerConfigurationValues(keyManagerConfigurationDTO);
+        }
+        setKeyManagerUsageRelatedInformation(keyManagerConfigurations, organization);
+        return keyManagerConfigurations;
+    }
 }
@@ -2360,6 +2360,8 @@ public enum APITransportType {
     public static final String API_SUBSCRIPTION_TYPE = "API";
     public static final String TYPE = "type";
     public static final String TYPE_SEARCH_TYPE_KEY = "type=";
+    public static final String API_USAGE_BY_KEY_MANAGER_QUERY = "overview_keyManagers:\\*\"$1\"\\* " +
+            " AND mediaType:application\\/vnd.wso2\\-api\\+xml";
 
     public static class OASResourceAuthTypes {