From 0aa7f05442b8fc8caada4247d095c32f7367ea01 Mon Sep 17 00:00:00 2001 From: Thisal Tennakoon Date: Sun, 26 Mar 2023 20:49:27 +0530 Subject: [PATCH 01/22] Integration test for the fix unable to add API specific policy using YAML format via Publisher REST API --- .../OperationPolicyTestCase.java | 64 +++++++++++++++++++ ...gPolicyForYAMLPolicyDefinitionTesting.yaml | 13 ++++ ...gPolicyForYAMLPolicyDefinitionTesting.yaml | 13 ++++ 3 files changed, 90 insertions(+) create mode 100644 modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/operationPolicy/customAPISpecificLogPolicyForYAMLPolicyDefinitionTesting.yaml create mode 100644 modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/operationPolicy/customCommonLogPolicyForYAMLPolicyDefinitionTesting.yaml diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/operationPolicy/OperationPolicyTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/operationPolicy/OperationPolicyTestCase.java index e48e7e3c06..27c8603abf 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/operationPolicy/OperationPolicyTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/operationPolicy/OperationPolicyTestCase.java @@ -608,6 +608,70 @@ public void testAPIInvocationAfterAddingNewMultipleOperationPolicies() throws Ex assertEquals(invokeAPIResponse.getHeaders("TestHeader")[0].getValue(), "TestValue"); } + @Test(groups = {"wso2.am"}, description = "Add API specific operation policy using YAML Policy Definition", + dependsOnMethods = "testAPIInvocationAfterAddingNewMultipleOperationPolicies") + public void testAddAPISpecificOperationPolicyYAML() throws Exception { + + HttpResponse addPolicyResponse = + addPolicy(apiId, "customAPISpecificLogPolicyForYAMLPolicyDefinitionTesting.yaml", + "customAPISpecificLogPolicy.j2"); + assertNotNull(addPolicyResponse, "Error adding operation policy customAPISpecificLogPolicyYAML"); + assertEquals(addPolicyResponse.getResponseCode(), 201, "Response code mismatched"); + + OperationPolicyDataDTO policyDTO = + new Gson().fromJson(addPolicyResponse.getData(), OperationPolicyDataDTO.class); + String newPolicyId = policyDTO.getId(); + assertNotNull(newPolicyId, "Policy Id is null"); + + Map apiSpecificPolicyMap = restAPIPublisher.getAllAPISpecificOperationPolicies(apiId); + Assert.assertNotNull(apiSpecificPolicyMap.get("customAPISpecificLogPolicyYAML"), + "Unable to find the newly added API specific policy"); + policyMap.put("customAPISpecificLogPolicyYAML", newPolicyId); + } + + @Test(groups = {"wso2.am"}, description = "Delete API specific operation policy created using YAML Policy Definition", + dependsOnMethods = "testAddAPISpecificOperationPolicyYAML") + public void testDeleteAPISpecificOperationPolicyYAML() throws Exception { + + int responseCode = deleteOperationPolicy(policyMap.get("customAPISpecificLogPolicyYAML"), apiId); + assertEquals(responseCode, 200); + Map updatedAPISpecificPolicyMap = restAPIPublisher.getAllAPISpecificOperationPolicies(apiId); + Assert.assertNull(updatedAPISpecificPolicyMap.get("customAPISpecificLogPolicyYAML")); + policyMap.remove("customAPISpecificLogPolicyYAML"); + } + + @Test(groups = {"wso2.am"}, description = "Add common operation policy using YAML specification file", + dependsOnMethods = "testDeleteAPISpecificOperationPolicyYAML") + public void testAddNewCommonOperationPolicyYAML() throws Exception { + + HttpResponse addPolicyResponse = addPolicy(null, + "customCommonLogPolicyForYAMLPolicyDefinitionTesting.yaml", "customCommonLogPolicy.j2"); + + assertNotNull(addPolicyResponse, "Error adding operation policy customCommonLogPolicy"); + assertEquals(addPolicyResponse.getResponseCode(), 201, "Response code mismatched"); + + OperationPolicyDataDTO policyDTO = + new Gson().fromJson(addPolicyResponse.getData(), OperationPolicyDataDTO.class); + String newPolicyId = policyDTO.getId(); + assertNotNull(newPolicyId, "Policy Id is null"); + + Map updatedCommonPolicyMap = restAPIPublisher.getAllCommonOperationPolicies(); + Assert.assertNotNull(updatedCommonPolicyMap.get("customCommonLogPolicyYAML"), + "Unable to find the newly added common policy"); + policyMap.put("customCommonLogPolicyYAML", newPolicyId); + } + + @Test(groups = {"wso2.am"}, description = "Delete common operation policy created using YAML specification file", + dependsOnMethods = "testAddNewCommonOperationPolicyYAML") + public void testDeleteCommonOperationPolicyYAML() throws Exception { + + int responseCode = deleteOperationPolicy(policyMap.get("customCommonLogPolicyYAML"), null); + assertEquals(responseCode, 200); + Map updatedCommonPolicyMap = restAPIPublisher.getAllCommonOperationPolicies(); + Assert.assertNull(updatedCommonPolicyMap.get("customCommonLogPolicyYAML")); + policyMap.remove("customCommonLogPolicyYAML"); + } + @AfterClass(alwaysRun = true) public void cleanUpArtifacts() throws Exception { diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/operationPolicy/customAPISpecificLogPolicyForYAMLPolicyDefinitionTesting.yaml b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/operationPolicy/customAPISpecificLogPolicyForYAMLPolicyDefinitionTesting.yaml new file mode 100644 index 0000000000..44a7f5911c --- /dev/null +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/operationPolicy/customAPISpecificLogPolicyForYAMLPolicyDefinitionTesting.yaml @@ -0,0 +1,13 @@ +category: Mediation +name: customAPISpecificLogPolicyYAML +version: v1 +displayName: Custom Common Log Policy +description: Using this policy, you can add a custom log message +applicableFlows: + - request + - response + - fault +supportedGateways: + - Synapse +supportedApiTypes: + - HTTP \ No newline at end of file diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/operationPolicy/customCommonLogPolicyForYAMLPolicyDefinitionTesting.yaml b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/operationPolicy/customCommonLogPolicyForYAMLPolicyDefinitionTesting.yaml new file mode 100644 index 0000000000..4191210acd --- /dev/null +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/operationPolicy/customCommonLogPolicyForYAMLPolicyDefinitionTesting.yaml @@ -0,0 +1,13 @@ +category: Mediation +name: customCommonLogPolicyYAML +version: v1 +displayName: Custom Common Log Policy +description: Using this policy, you can add a custom log message +applicableFlows: + - request + - response + - fault +supportedGateways: + - Synapse +supportedApiTypes: + - HTTP \ No newline at end of file From c7c62fdb6c1243917fd5d75d96c515c15082105d Mon Sep 17 00:00:00 2001 From: shnrndk Date: Mon, 4 Dec 2023 12:42:38 +0530 Subject: [PATCH 02/22] add update provider rest api --- .../admin/src/main/resources/admin-api.yaml | 193 ++++++++++++++++++ 1 file changed, 193 insertions(+) diff --git a/modules/integration/tests-common/clients/admin/src/main/resources/admin-api.yaml b/modules/integration/tests-common/clients/admin/src/main/resources/admin-api.yaml index 69131316c6..d6de60e3aa 100644 --- a/modules/integration/tests-common/clients/admin/src/main/resources/admin-api.yaml +++ b/modules/integration/tests-common/clients/admin/src/main/resources/admin-api.yaml @@ -4267,6 +4267,43 @@ paths: source: 'curl -k -X POST -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -F "type=WSO2-IS" "https://127.0.0.1:9443/api/am/admin/v4/key-managers/discover"' + ###################################################### + # API Provider Resource + ###################################################### + /apis/{apiId}/provider/{providerName}: + put: + tags: + - Api Provider Change + summary: Update the api provider + description: | + Update the api provider + parameters: + - $ref: '#/components/parameters/providerName' + - $ref: '#/components/parameters/apiId' + operationId: providerProviderNameApisApiIdPut + responses: + 200: + description: | + OK. + Api Provider updated. + headers: + Content-Type: + description: | + The content type of the body. + schema: + type: string + 400: + $ref: '#/components/responses/BadRequest' + 404: + $ref: '#/components/responses/NotFound' + security: + - OAuth2Security: + - apim:admin + - apim:api_provider_change + x-code-samples: + - lang: Curl + source: 'curl -k -X PUT -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" + -H "Content-Type: application/json" "https://127.0.0.1:9443/api/am/admin/v4/provider/admin/apis/33662a62-8db1-4d75-af08-afd63c6bd0b4"' components: schemas: Error: @@ -5937,6 +5974,145 @@ components: - Internal/subscriber items: type: string + APIList: + title: API List + type: object + properties: + count: + type: integer + description: | + Number of APIs returned. + example: 1 + list: + type: array + items: + $ref: '#/components/schemas/APIInfomation' + pagination: + $ref: '#/components/schemas/PaginationApis' + APIInfomation: + title: API Info object with basic API details. + type: object + properties: + id: + type: string + example: 01234567-0123-0123-0123-012345678901 + name: + type: string + example: CalculatorAPI + description: + type: string + example: A calculator API that supports basic operations + context: + type: string + example: CalculatorAPI + additionalProperties: + type: array + items: + type: object + properties: + name: + type: string + value: + type: string + display: + type: boolean + description: Map of custom properties of API + additionalPropertiesMap: + type: object + additionalProperties: + type: object + properties: + name: + type: string + value: + type: string + display: + type: boolean + default: false + version: + type: string + example: 1.0.0 + provider: + type: string + description: | + If the provider value is not given, the user invoking the API will be used as the provider. + example: admin + type: + type: string + example: HTTP + audience: + type: string + description: The audience of the API. Accepted values are PUBLIC, SINGLE + example: PUBLIC + enum: + - PUBLIC + - SINGLE + lifeCycleStatus: + type: string + example: CREATED + workflowStatus: + type: string + example: APPROVED + hasThumbnail: + type: boolean + example: true + securityScheme: + type: array + items: + type: string + createdTime: + type: string + example: 2021-02-11 09:57:25 + updatedTime: + type: string + example: 2021-02-11 09:57:25 + updatedBy: + type: string + example: wso2.system.user + gatewayVendor: + type: string + example: wso2 + advertiseOnly: + type: boolean + example: true + monetizedInfo: + type: boolean + example: true + businessOwner: + type: string + example: Business Owner + businessOwnerEmail: + type: string + example: businessowner@abc.com + TechnicalOwner: + type: string + example: Technical Owner + TechnicalOwnerEmail: + type: string + example: technicalowner@abc.com + PaginationApis: + title: Pagination + type: object + properties: + offset: + type: integer + example: 0 + limit: + type: integer + example: 1 + total: + type: integer + example: 10 + next: + type: string + description: | + Link to the next subset of resources qualified. + Empty if no more resources are to be returned. + previous: + type: string + description: | + Link to the previous subset of resources qualified. + Empty if current subset is the first subset returned. responses: BadRequest: description: Bad Request. Invalid request or validation error. @@ -6232,6 +6408,22 @@ components: required: true schema: type: string + providerName: + name: providerName + in: path + description: | + Provider Name + required: true + schema: + type: string + apiId: + name: apiId + in: path + description: | + API Id + required: true + schema: + type: string securitySchemes: OAuth2Security: type: oauth2 @@ -6269,3 +6461,4 @@ components: apim:admin_alert_manage: Manage admin alerts apim:api_workflow_view: Retrive workflow requests apim:scope_manage: Manage system scopes + apim:api_provider_change: Retrieve and manage applications \ No newline at end of file From bafe7a7ca0b0af6d595c3a5284d7fa6af7b0e657 Mon Sep 17 00:00:00 2001 From: shnrndk Date: Mon, 4 Dec 2023 14:24:32 +0530 Subject: [PATCH 03/22] Change Api Provider Test Case Added --- .../admin/ChangeApiProviderTestCase.java | 155 ++++++++++++++++++ .../src/test/resources/testng.xml | 1 + 2 files changed, 156 insertions(+) create mode 100644 modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/admin/ChangeApiProviderTestCase.java diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/admin/ChangeApiProviderTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/admin/ChangeApiProviderTestCase.java new file mode 100644 index 0000000000..84f7c6f8da --- /dev/null +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/admin/ChangeApiProviderTestCase.java @@ -0,0 +1,155 @@ +package org.wso2.am.integration.tests.admin; + +import jdk.internal.joptsimple.internal.Strings; +import org.apache.http.HttpHeaders; +import org.apache.http.HttpStatus; +import org.junit.Assert; +import org.testng.annotations.AfterClass; +import org.testng.annotations.BeforeClass; +import org.testng.annotations.DataProvider; +import org.testng.annotations.Factory; +import org.testng.annotations.Test; +import org.wso2.am.integration.clients.admin.ApiResponse; +import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationDTO; +import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationKeyDTO; +import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationKeyGenerateRequestDTO; +import org.wso2.am.integration.test.impl.RestAPIAdminImpl; +import org.wso2.am.integration.test.impl.RestAPIStoreImpl; +import org.wso2.am.integration.test.utils.base.APIMIntegrationBaseTest; +import org.wso2.am.integration.test.utils.base.APIMIntegrationConstants; +import org.wso2.am.integration.test.utils.bean.APILifeCycleAction; +import org.wso2.am.integration.test.utils.bean.APIRequest; +import org.wso2.carbon.automation.engine.context.TestUserMode; +import org.wso2.carbon.automation.test.utils.http.client.HttpRequestUtil; +import org.wso2.carbon.automation.test.utils.http.client.HttpResponse; +import org.wso2.carbon.integration.common.admin.client.UserManagementClient; + +import java.io.File; +import java.net.URL; +import java.util.ArrayList; +import java.util.HashMap; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; + +import static org.testng.Assert.assertEquals; +import static org.wso2.am.integration.test.utils.base.APIMIntegrationConstants.SUPER_TENANT_DOMAIN; + +public class ChangeApiProviderTestCase extends APIMIntegrationBaseTest { + + private String publisherURLHttp; + private RestAPIAdminImpl restAPIAdminClient; + private String BEARER = "Bearer "; + private String APIName = "NewApiForProviderChange"; + private String APIContext = "NewApiForProviderChange"; + private String tags = "youtube, token, media"; + private String apiEndPointUrl; + private String description = "This is test API create by API manager integration test"; + private String APIVersion = "1.0.0"; + private String apiID; + private String newUser = "peter123"; + private String newUserPass = "test123"; + private String[] subscriberRole = {APIMIntegrationConstants.APIM_INTERNAL_ROLE.CREATOR}; + private String APPLICATION_NAME = "testApplicationForProviderChange"; + private String applicationId; + private String TIER_GOLD = "Gold"; + private String API_ENDPOINT_POSTFIX_URL = "jaxrs_basic/services/customers/customerservice/"; + private String API_ENDPOINT_METHOD = "customers/123"; + private int HTTP_RESPONSE_CODE_OK = Response.Status.OK.getStatusCode(); + private String RESPONSE_CODE_MISMATCH_ERROR_MESSAGE = "Response code mismatch"; + private String TENANT_ADMIN = "admin"; + private String TENANT_ADMIN_PWD = "admin123"; + private String TENANT_DOMAIN = "tenant.com"; + + @Factory(dataProvider = "userModeDataProvider") + public ChangeApiProviderTestCase(TestUserMode userMode) { + + this.userMode = userMode; + } + + @DataProvider + public static Object[][] userModeDataProvider() { + + return new Object[][]{new Object[]{TestUserMode.SUPER_TENANT_ADMIN}, + new Object[]{TestUserMode.TENANT_ADMIN},}; + } + + @BeforeClass(alwaysRun = true) + public void setEnvironment() throws Exception { + + super.init(userMode); + publisherURLHttp = getPublisherURLHttp(); + userManagementClient = new UserManagementClient(keyManagerContext.getContextUrls().getBackEndUrl(), + createSession(keyManagerContext)); + userManagementClient.addUser(newUser, newUserPass, subscriberRole, newUser); + restAPIStore = + new RestAPIStoreImpl(storeContext.getContextTenant().getContextUser().getUserNameWithoutDomain(), + storeContext.getContextTenant().getContextUser().getPassword(), + storeContext.getContextTenant().getDomain(), storeURLHttps); + apiEndPointUrl = backEndServerUrl.getWebAppURLHttp() + API_ENDPOINT_POSTFIX_URL; + restAPIAdminClient = new RestAPIAdminImpl(TENANT_ADMIN, TENANT_ADMIN_PWD, TENANT_DOMAIN, publisherURLHttps); + } + + @Test(groups = {"wso2.am"}, description = "Calling API with invalid token") + public void ChangeApiProvider() throws Exception { + String providerName = user.getUserName(); + APIRequest apiRequest = new APIRequest(APIName, APIContext, new URL(apiEndPointUrl)); + apiRequest.setTags(tags); + apiRequest.setProvider(providerName); + apiRequest.setDescription(description); + apiRequest.setVersion(APIVersion); + apiRequest.setResourceMethod("GET"); + + //add test api + HttpResponse serviceResponse = restAPIPublisher.addAPI(apiRequest); + assertEquals(serviceResponse.getResponseCode(), Response.Status.CREATED.getStatusCode(), + "Response Code miss matched when creating the API"); + apiID = serviceResponse.getData(); + + // Create Revision and Deploy to Gateway + createAPIRevisionAndDeployUsingRest(apiID, restAPIPublisher); + + //publish the api + restAPIPublisher.changeAPILifeCycleStatus(apiID, APILifeCycleAction.PUBLISH.getAction(), null); + + HttpResponse applicationResponse = restAPIStore.createApplication(APPLICATION_NAME, Strings.EMPTY, + APIMIntegrationConstants.APPLICATION_TIER.UNLIMITED, + ApplicationDTO.TokenTypeEnum.JWT); + + applicationId = applicationResponse.getData(); + + restAPIStore.subscribeToAPI(apiID, applicationId, TIER_GOLD); + ArrayList grantTypes = new ArrayList<>(); + grantTypes.add(APIMIntegrationConstants.GRANT_TYPE.CLIENT_CREDENTIAL); + ApplicationKeyDTO applicationKeyDTO = restAPIStore.generateKeys(applicationId, + APIMIntegrationConstants.DEFAULT_TOKEN_VALIDITY_TIME, + null, + ApplicationKeyGenerateRequestDTO.KeyTypeEnum.PRODUCTION, + null, grantTypes); + Assert.assertNotNull(applicationKeyDTO.getToken()); + String accessToken = applicationKeyDTO.getToken().getAccessToken(); + + HashMap requestHeaders = new HashMap<>(); + requestHeaders.put(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON); + requestHeaders.put(HttpHeaders.AUTHORIZATION, BEARER + accessToken); + HttpResponse apiInvokeResponse = HttpRequestUtil.doGet( + getAPIInvocationURLHttps(APIContext.replace(File.separator, Strings.EMPTY), APIVersion) + + File.separator + API_ENDPOINT_METHOD, requestHeaders); + assertEquals(apiInvokeResponse.getResponseCode(), HTTP_RESPONSE_CODE_OK, RESPONSE_CODE_MISMATCH_ERROR_MESSAGE); + + //Update provider of the api + ApiResponse changeProviderResponse = restAPIAdminClient.changeApiProvider(newUser, apiID); + Assert.assertEquals(changeProviderResponse.getStatusCode(), HttpStatus.SC_OK); + + apiInvokeResponse = HttpRequestUtil.doGet( + getAPIInvocationURLHttps(APIContext.replace(File.separator, Strings.EMPTY), APIVersion) + + File.separator + API_ENDPOINT_METHOD, requestHeaders); + assertEquals(apiInvokeResponse.getResponseCode(), HTTP_RESPONSE_CODE_OK, RESPONSE_CODE_MISMATCH_ERROR_MESSAGE); + } + + @AfterClass(alwaysRun = true) + public void destroy() throws Exception { + undeployAndDeleteAPIRevisionsUsingRest(apiID, restAPIPublisher); + restAPIPublisher.deleteAPI(apiID); + super.cleanUp(); + } +} diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml b/modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml index b2d080143b..a76cc6a335 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/testng.xml @@ -256,6 +256,7 @@ + From 4f2b43421d30fb7127a952d257776c4d325ef286 Mon Sep 17 00:00:00 2001 From: shnrndk Date: Tue, 19 Dec 2023 14:43:01 +0530 Subject: [PATCH 04/22] Revert "add update provider rest api" This reverts commit c7c62fdb6c1243917fd5d75d96c515c15082105d. --- .../admin/src/main/resources/admin-api.yaml | 193 ------------------ 1 file changed, 193 deletions(-) diff --git a/modules/integration/tests-common/clients/admin/src/main/resources/admin-api.yaml b/modules/integration/tests-common/clients/admin/src/main/resources/admin-api.yaml index d6de60e3aa..69131316c6 100644 --- a/modules/integration/tests-common/clients/admin/src/main/resources/admin-api.yaml +++ b/modules/integration/tests-common/clients/admin/src/main/resources/admin-api.yaml @@ -4267,43 +4267,6 @@ paths: source: 'curl -k -X POST -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -F "type=WSO2-IS" "https://127.0.0.1:9443/api/am/admin/v4/key-managers/discover"' - ###################################################### - # API Provider Resource - ###################################################### - /apis/{apiId}/provider/{providerName}: - put: - tags: - - Api Provider Change - summary: Update the api provider - description: | - Update the api provider - parameters: - - $ref: '#/components/parameters/providerName' - - $ref: '#/components/parameters/apiId' - operationId: providerProviderNameApisApiIdPut - responses: - 200: - description: | - OK. - Api Provider updated. - headers: - Content-Type: - description: | - The content type of the body. - schema: - type: string - 400: - $ref: '#/components/responses/BadRequest' - 404: - $ref: '#/components/responses/NotFound' - security: - - OAuth2Security: - - apim:admin - - apim:api_provider_change - x-code-samples: - - lang: Curl - source: 'curl -k -X PUT -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" - -H "Content-Type: application/json" "https://127.0.0.1:9443/api/am/admin/v4/provider/admin/apis/33662a62-8db1-4d75-af08-afd63c6bd0b4"' components: schemas: Error: @@ -5974,145 +5937,6 @@ components: - Internal/subscriber items: type: string - APIList: - title: API List - type: object - properties: - count: - type: integer - description: | - Number of APIs returned. - example: 1 - list: - type: array - items: - $ref: '#/components/schemas/APIInfomation' - pagination: - $ref: '#/components/schemas/PaginationApis' - APIInfomation: - title: API Info object with basic API details. - type: object - properties: - id: - type: string - example: 01234567-0123-0123-0123-012345678901 - name: - type: string - example: CalculatorAPI - description: - type: string - example: A calculator API that supports basic operations - context: - type: string - example: CalculatorAPI - additionalProperties: - type: array - items: - type: object - properties: - name: - type: string - value: - type: string - display: - type: boolean - description: Map of custom properties of API - additionalPropertiesMap: - type: object - additionalProperties: - type: object - properties: - name: - type: string - value: - type: string - display: - type: boolean - default: false - version: - type: string - example: 1.0.0 - provider: - type: string - description: | - If the provider value is not given, the user invoking the API will be used as the provider. - example: admin - type: - type: string - example: HTTP - audience: - type: string - description: The audience of the API. Accepted values are PUBLIC, SINGLE - example: PUBLIC - enum: - - PUBLIC - - SINGLE - lifeCycleStatus: - type: string - example: CREATED - workflowStatus: - type: string - example: APPROVED - hasThumbnail: - type: boolean - example: true - securityScheme: - type: array - items: - type: string - createdTime: - type: string - example: 2021-02-11 09:57:25 - updatedTime: - type: string - example: 2021-02-11 09:57:25 - updatedBy: - type: string - example: wso2.system.user - gatewayVendor: - type: string - example: wso2 - advertiseOnly: - type: boolean - example: true - monetizedInfo: - type: boolean - example: true - businessOwner: - type: string - example: Business Owner - businessOwnerEmail: - type: string - example: businessowner@abc.com - TechnicalOwner: - type: string - example: Technical Owner - TechnicalOwnerEmail: - type: string - example: technicalowner@abc.com - PaginationApis: - title: Pagination - type: object - properties: - offset: - type: integer - example: 0 - limit: - type: integer - example: 1 - total: - type: integer - example: 10 - next: - type: string - description: | - Link to the next subset of resources qualified. - Empty if no more resources are to be returned. - previous: - type: string - description: | - Link to the previous subset of resources qualified. - Empty if current subset is the first subset returned. responses: BadRequest: description: Bad Request. Invalid request or validation error. @@ -6408,22 +6232,6 @@ components: required: true schema: type: string - providerName: - name: providerName - in: path - description: | - Provider Name - required: true - schema: - type: string - apiId: - name: apiId - in: path - description: | - API Id - required: true - schema: - type: string securitySchemes: OAuth2Security: type: oauth2 @@ -6461,4 +6269,3 @@ components: apim:admin_alert_manage: Manage admin alerts apim:api_workflow_view: Retrive workflow requests apim:scope_manage: Manage system scopes - apim:api_provider_change: Retrieve and manage applications \ No newline at end of file From f87841ebbadc81068abf83dbb2d3e8540371496c Mon Sep 17 00:00:00 2001 From: shnrndk Date: Thu, 21 Dec 2023 09:24:47 +0530 Subject: [PATCH 05/22] Change Api Provider Test Case Bugs fix --- .../admin/src/main/resources/admin-api.yaml | 158 ++++++++++++++++++ .../clients/publisher/api/v1/dto/APIDTO.java | 31 +++- .../test/impl/RestAPIAdminImpl.java | 6 + .../admin/ChangeApiProviderTestCase.java | 3 +- 4 files changed, 196 insertions(+), 2 deletions(-) diff --git a/modules/integration/tests-common/clients/admin/src/main/resources/admin-api.yaml b/modules/integration/tests-common/clients/admin/src/main/resources/admin-api.yaml index 69131316c6..fc0572c316 100644 --- a/modules/integration/tests-common/clients/admin/src/main/resources/admin-api.yaml +++ b/modules/integration/tests-common/clients/admin/src/main/resources/admin-api.yaml @@ -4266,7 +4266,106 @@ paths: - lang: Shell source: 'curl -k -X POST -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" -F "type=WSO2-IS" "https://127.0.0.1:9443/api/am/admin/v4/key-managers/discover"' + ###################################################### + # The "API Collection" resource APIs + ###################################################### + /apis: + get: + tags: + - APIs + summary: | + Retrieve/Search APIs + description: | + This operation provides you a list of available APIs qualifying under a given search condition. + Each retrieved API is represented with a minimal amount of attributes. If you want to get complete details of an API, you need to use **Get details of an API** operation. + parameters: + - $ref: '#/components/parameters/limit' + - $ref: '#/components/parameters/offset' + - name: query + in: query + description: | + **Search and get all apis in admin portal**. + You can search by proving a keyword. + schema: + type: string + - $ref: '#/components/parameters/If-None-Match' + responses: + 200: + description: | + OK. + List of qualifying APIs is returned. + headers: + ETag: + description: | + Entity Tag of the response resource. Used by caches, or in conditional requests (Will be supported in future). + schema: + type: string + Content-Type: + description: The content type of the body. + schema: + type: string + content: + application/json: + schema: + $ref: '#/components/schemas/SearchResultList' + 304: + description: | + Not Modified. + Empty body because the client has already the latest version of the requested resource (Will be supported in future). + content: { } + 406: + $ref: '#/components/responses/NotAcceptable' + security: + - OAuth2Security: + - apim:admin + - apim:api_provider_change + x-code-samples: + - lang: Curl + source: 'curl -k -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" + "https://127.0.0.1:9443/api/am/publisher/v4/apis"' + operationId: getAllAPIs + ###################################################### + # Change Api Provider + ###################################################### + /apis/{apiId}/change-provider: + post: + tags: + - Api Provider Change + summary: Update the api provider + description: | + Update the api provider + operationId: providerNamePost + parameters: + - name: provider + in: query + required: true + schema: + type: string + - $ref: '#/components/parameters/apiId' + responses: + 200: + description: | + OK. + Api Provider updated. + headers: + Content-Type: + description: | + The content type of the body. + schema: + type: string + 400: + $ref: '#/components/responses/BadRequest' + 404: + $ref: '#/components/responses/NotFound' + security: + - OAuth2Security: + - apim:admin + - apim:api_provider_change + x-code-samples: + - lang: Curl + source: 'curl -k -X PUT -H "Authorization: Bearer ae4eae22-3f65-387b-a171-d37eaa366fa8" + -H "Content-Type: application/json" "https://127.0.0.1:9443/api/am/admin/v4/provider/admin/apis/33662a62-8db1-4d75-af08-afd63c6bd0b4"' components: schemas: Error: @@ -5937,6 +6036,57 @@ components: - Internal/subscriber items: type: string + SearchResultList: + title: Unified Search Result List + type: object + properties: + apis: + type: array + items: + $ref: '#/components/schemas/ApiResult' + count: + type: integer + description: | + Number of results returned. + example: 1 + pagination: + $ref: '#/components/schemas/Pagination' + ApiResult: + type: object + properties: + provider: + type: string + name: + type: string + version: + type: string + id: + type: string + Pagination: + title: Pagination + type: object + properties: + offset: + type: integer + example: 0 + limit: + type: integer + example: 1 + total: + type: integer + example: 10 + next: + type: string + description: | + Link to the next subset of resources qualified. + Empty if no more resources are to be returned. + example: "" + previous: + type: string + description: | + Link to the previous subset of resources qualified. + Empty if current subset is the first subset returned. + example: "" responses: BadRequest: description: Bad Request. Invalid request or validation error. @@ -6232,6 +6382,14 @@ components: required: true schema: type: string + apiId: + name: apiId + in: path + description: | + **API ID** consisting of the **UUID** of the API. + required: true + schema: + type: string securitySchemes: OAuth2Security: type: oauth2 diff --git a/modules/integration/tests-common/clients/publisher/src/gen/java/org/wso2/am/integration/clients/publisher/api/v1/dto/APIDTO.java b/modules/integration/tests-common/clients/publisher/src/gen/java/org/wso2/am/integration/clients/publisher/api/v1/dto/APIDTO.java index be8c66c016..2ccfa175ca 100644 --- a/modules/integration/tests-common/clients/publisher/src/gen/java/org/wso2/am/integration/clients/publisher/api/v1/dto/APIDTO.java +++ b/modules/integration/tests-common/clients/publisher/src/gen/java/org/wso2/am/integration/clients/publisher/api/v1/dto/APIDTO.java @@ -256,6 +256,10 @@ public AudienceEnum read(final JsonReader jsonReader) throws IOException { @SerializedName(SERIALIZED_NAME_AUTHORIZATION_HEADER) private String authorizationHeader; + public static final String SERIALIZED_NAME_API_KEY_HEADER = "apiKeyHeader"; + @SerializedName(SERIALIZED_NAME_API_KEY_HEADER) + private String apiKeyHeader; + public static final String SERIALIZED_NAME_SECURITY_SCHEME = "securityScheme"; @SerializedName(SERIALIZED_NAME_SECURITY_SCHEME) private List securityScheme = null; @@ -1151,6 +1155,29 @@ public void setAuthorizationHeader(String authorizationHeader) { } + public APIDTO apiKeyHeader(String apiKeyHeader) { + + this.apiKeyHeader = apiKeyHeader; + return this; + } + + /** + * Name of the API key header used for invoking the API. If it is not set, default value `apiKey` will be used. + * @return apiKeyHeader + **/ + @javax.annotation.Nullable + @ApiModelProperty(example = "apiKey", value = "Name of the API key header used for invoking the API. If it is not set, default value `apiKey` will be used. ") + + public String getApiKeyHeader() { + return apiKeyHeader; + } + + + public void setApiKeyHeader(String apiKeyHeader) { + this.apiKeyHeader = apiKeyHeader; + } + + public APIDTO securityScheme(List securityScheme) { this.securityScheme = securityScheme; @@ -1921,6 +1948,7 @@ public boolean equals(Object o) { Objects.equals(this.policies, API.policies) && Objects.equals(this.apiThrottlingPolicy, API.apiThrottlingPolicy) && Objects.equals(this.authorizationHeader, API.authorizationHeader) && + Objects.equals(this.apiKeyHeader, API.apiKeyHeader) && Objects.equals(this.securityScheme, API.securityScheme) && Objects.equals(this.maxTps, API.maxTps) && Objects.equals(this.visibility, API.visibility) && @@ -1957,7 +1985,7 @@ public boolean equals(Object o) { @Override public int hashCode() { - return Objects.hash(id, name, description, context, version, provider, lifeCycleStatus, wsdlInfo, wsdlUrl, responseCachingEnabled, cacheTimeout, hasThumbnail, isDefaultVersion, isRevision, revisionedApiId, revisionId, enableSchemaValidation, enableSubscriberVerification, type, audience, transport, tags, policies, apiThrottlingPolicy, authorizationHeader, securityScheme, maxTps, visibility, visibleRoles, visibleTenants, mediationPolicies, apiPolicies, subscriptionAvailability, subscriptionAvailableTenants, additionalProperties, additionalPropertiesMap, monetization, accessControl, accessControlRoles, businessInformation, corsConfiguration, websubSubscriptionConfiguration, workflowStatus, createdTime, lastUpdatedTimestamp, lastUpdatedTime, endpointConfig, endpointImplementationType, scopes, operations, threatProtectionPolicies, categories, keyManagers, serviceInfo, advertiseInfo, gatewayVendor, asyncTransportProtocols); + return Objects.hash(id, name, description, context, version, provider, lifeCycleStatus, wsdlInfo, wsdlUrl, responseCachingEnabled, cacheTimeout, hasThumbnail, isDefaultVersion, isRevision, revisionedApiId, revisionId, enableSchemaValidation, enableSubscriberVerification, type, audience, transport, tags, policies, apiThrottlingPolicy, authorizationHeader, apiKeyHeader, securityScheme, maxTps, visibility, visibleRoles, visibleTenants, mediationPolicies, apiPolicies, subscriptionAvailability, subscriptionAvailableTenants, additionalProperties, additionalPropertiesMap, monetization, accessControl, accessControlRoles, businessInformation, corsConfiguration, websubSubscriptionConfiguration, workflowStatus, createdTime, lastUpdatedTimestamp, lastUpdatedTime, endpointConfig, endpointImplementationType, scopes, operations, threatProtectionPolicies, categories, keyManagers, serviceInfo, advertiseInfo, gatewayVendor, asyncTransportProtocols); } @@ -1990,6 +2018,7 @@ public String toString() { sb.append(" policies: ").append(toIndentedString(policies)).append("\n"); sb.append(" apiThrottlingPolicy: ").append(toIndentedString(apiThrottlingPolicy)).append("\n"); sb.append(" authorizationHeader: ").append(toIndentedString(authorizationHeader)).append("\n"); + sb.append(" apiKeyHeader: ").append(toIndentedString(apiKeyHeader)).append("\n"); sb.append(" securityScheme: ").append(toIndentedString(securityScheme)).append("\n"); sb.append(" maxTps: ").append(toIndentedString(maxTps)).append("\n"); sb.append(" visibility: ").append(toIndentedString(visibility)).append("\n"); diff --git a/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/impl/RestAPIAdminImpl.java b/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/impl/RestAPIAdminImpl.java index 044a41881f..c9779084bb 100644 --- a/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/impl/RestAPIAdminImpl.java +++ b/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/impl/RestAPIAdminImpl.java @@ -57,6 +57,7 @@ public class RestAPIAdminImpl { private ThrottlingPolicySearchApi throttlingPolicySearchApi = new ThrottlingPolicySearchApi(); private SystemScopesApi systemScopesApi = new SystemScopesApi(); private ApplicationApi applicationApi = new ApplicationApi(); + private ApiProviderChangeApi apiProviderChangeApi = new ApiProviderChangeApi(); private LabelApi labelApi = new LabelApi(); private LabelCollectionApi labelCollectionApi = new LabelCollectionApi(); private EnvironmentApi environmentApi = new EnvironmentApi(); @@ -150,6 +151,7 @@ public RestAPIAdminImpl(String username, String password, String tenantDomain, S systemScopesApi.setApiClient(apiAdminClient); tenantConfigApi.setApiClient(apiAdminClient); tenantConfigSchemaApi.setApiClient(apiAdminClient); + apiProviderChangeApi.setApiClient(apiAdminClient); this.tenantDomain = tenantDomain; } @@ -698,6 +700,10 @@ public ApiResponse changeApplicationOwner(String newOwner, String applicat return applicationApi.applicationsApplicationIdChangeOwnerPostWithHttpInfo(newOwner, applicationId); } + public ApiResponse changeApiProvider(String newProvider, String apiId) throws ApiException { + return apiProviderChangeApi.providerNamePostWithHttpInfo(newProvider, apiId); + } + public HttpResponse getWorkflowByExternalWorkflowReference(String externalWorkflowRef) throws ApiException { WorkflowInfoDTO workflowInfodto = null; HttpResponse response = null; diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/admin/ChangeApiProviderTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/admin/ChangeApiProviderTestCase.java index 84f7c6f8da..7bf8e8fefc 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/admin/ChangeApiProviderTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/admin/ChangeApiProviderTestCase.java @@ -86,7 +86,6 @@ public void setEnvironment() throws Exception { storeContext.getContextTenant().getContextUser().getPassword(), storeContext.getContextTenant().getDomain(), storeURLHttps); apiEndPointUrl = backEndServerUrl.getWebAppURLHttp() + API_ENDPOINT_POSTFIX_URL; - restAPIAdminClient = new RestAPIAdminImpl(TENANT_ADMIN, TENANT_ADMIN_PWD, TENANT_DOMAIN, publisherURLHttps); } @Test(groups = {"wso2.am"}, description = "Calling API with invalid token") @@ -137,6 +136,7 @@ public void ChangeApiProvider() throws Exception { assertEquals(apiInvokeResponse.getResponseCode(), HTTP_RESPONSE_CODE_OK, RESPONSE_CODE_MISMATCH_ERROR_MESSAGE); //Update provider of the api + restAPIAdminClient = new RestAPIAdminImpl(TENANT_ADMIN, TENANT_ADMIN_PWD, TENANT_DOMAIN, publisherURLHttps); ApiResponse changeProviderResponse = restAPIAdminClient.changeApiProvider(newUser, apiID); Assert.assertEquals(changeProviderResponse.getStatusCode(), HttpStatus.SC_OK); @@ -149,6 +149,7 @@ public void ChangeApiProvider() throws Exception { @AfterClass(alwaysRun = true) public void destroy() throws Exception { undeployAndDeleteAPIRevisionsUsingRest(apiID, restAPIPublisher); + restAPIStore.deleteApplication(applicationId); restAPIPublisher.deleteAPI(apiID); super.cleanUp(); } From 048ba0c6a300f47f7458d157c23ce175a5489f57 Mon Sep 17 00:00:00 2001 From: shnrndk Date: Thu, 21 Dec 2023 11:37:19 +0530 Subject: [PATCH 06/22] new scopes added --- .../artifacts/AM/configFiles/common/tenant-conf.json | 12 ++++++++++++ .../linterCustomRulesTest/tenant-conf.json | 12 ++++++++++++ .../AM/configFiles/monetization/tenant-conf.json | 12 ++++++++++++ .../AM/configFiles/notification/tenant-conf.json | 12 ++++++++++++ .../AM/configFiles/tenantConf/tenant-conf.json | 12 ++++++++++++ 5 files changed, 60 insertions(+) diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/common/tenant-conf.json b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/common/tenant-conf.json index d3b51d1d8a..ff2f47135f 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/common/tenant-conf.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/common/tenant-conf.json @@ -356,6 +356,18 @@ { "Name": "apim:admin_tier_view", "Roles": "admin" + }, + { + "Name": "apim:gateway_policy_manage", + "Roles": "admin" + }, + { + "Name": "apim:gateway_policy_view", + "Roles": "admin,Internal/creator,Internal/publisher,Internal/observer" + }, + { + "Name": "apim:api_provider_change", + "Roles": "admin" } ] }, diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/linterCustomRulesTest/tenant-conf.json b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/linterCustomRulesTest/tenant-conf.json index cdfd74e214..f7e162679f 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/linterCustomRulesTest/tenant-conf.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/linterCustomRulesTest/tenant-conf.json @@ -372,6 +372,18 @@ { "Name": "apim:admin_tier_view", "Roles": "admin" + }, + { + "Name": "apim:gateway_policy_manage", + "Roles": "admin" + }, + { + "Name": "apim:gateway_policy_view", + "Roles": "admin,Internal/creator,Internal/publisher,Internal/observer" + }, + { + "Name": "apim:api_provider_change", + "Roles": "admin" } ] }, diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/monetization/tenant-conf.json b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/monetization/tenant-conf.json index baf97cec81..0eced40453 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/monetization/tenant-conf.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/monetization/tenant-conf.json @@ -356,6 +356,18 @@ { "Name": "apim:admin_tier_view", "Roles": "admin" + }, + { + "Name": "apim:gateway_policy_manage", + "Roles": "admin" + }, + { + "Name": "apim:gateway_policy_view", + "Roles": "admin,Internal/creator,Internal/publisher,Internal/observer" + }, + { + "Name": "apim:api_provider_change", + "Roles": "admin" } ] }, diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/notification/tenant-conf.json b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/notification/tenant-conf.json index f94a83790c..fa2f1375ae 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/notification/tenant-conf.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/notification/tenant-conf.json @@ -356,6 +356,18 @@ { "Name": "apim:admin_tier_view", "Roles": "admin" + }, + { + "Name": "apim:gateway_policy_manage", + "Roles": "admin" + }, + { + "Name": "apim:gateway_policy_view", + "Roles": "admin,Internal/creator,Internal/publisher,Internal/observer" + }, + { + "Name": "apim:api_provider_change", + "Roles": "admin" } ] }, diff --git a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/tenantConf/tenant-conf.json b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/tenantConf/tenant-conf.json index 205ff6e62b..e097660fae 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/tenantConf/tenant-conf.json +++ b/modules/integration/tests-integration/tests-backend/src/test/resources/artifacts/AM/configFiles/tenantConf/tenant-conf.json @@ -356,6 +356,18 @@ { "Name": "apim:admin_tier_view", "Roles": "admin" + }, + { + "Name": "apim:gateway_policy_manage", + "Roles": "admin" + }, + { + "Name": "apim:gateway_policy_view", + "Roles": "admin,Internal/creator,Internal/publisher,Internal/observer" + }, + { + "Name": "apim:api_provider_change", + "Roles": "admin" } ] }, From e04d8e0ca98d8b3190cb3c8dd743a56f80bd7e5c Mon Sep 17 00:00:00 2001 From: HeshanSudarshana Date: Fri, 21 Apr 2023 00:27:36 +0530 Subject: [PATCH 07/22] Add fips scripts to the pack --- .../product/src/main/assembly/bin.xml | 14 + .../product/src/main/startup-scripts/fips.bat | 515 ++++++++++++++++++ .../product/src/main/startup-scripts/fips.sh | 468 ++++++++++++++++ 3 files changed, 997 insertions(+) create mode 100644 modules/distribution/product/src/main/startup-scripts/fips.bat create mode 100644 modules/distribution/product/src/main/startup-scripts/fips.sh diff --git a/modules/distribution/product/src/main/assembly/bin.xml b/modules/distribution/product/src/main/assembly/bin.xml index 4b501ecf3f..2df75d517f 100644 --- a/modules/distribution/product/src/main/assembly/bin.xml +++ b/modules/distribution/product/src/main/assembly/bin.xml @@ -1249,6 +1249,20 @@ 644 + + src/main/startup-scripts/fips.sh + wso2am-${pom.version}/bin/ + true + 755 + + + + src/main/startup-scripts/fips.bat + wso2am-${pom.version}/bin/ + true + 755 + + src/main/startup-scripts/profileSetup.sh wso2am-${pom.version}/bin/ diff --git a/modules/distribution/product/src/main/startup-scripts/fips.bat b/modules/distribution/product/src/main/startup-scripts/fips.bat new file mode 100644 index 0000000000..242abe0e15 --- /dev/null +++ b/modules/distribution/product/src/main/startup-scripts/fips.bat @@ -0,0 +1,515 @@ +@echo off +rem ---------------------------------------------------------------------------- +rem Copyright (c) 2023, WSO2 LLC. (http://www.wso2.com). +rem +rem WSO2 LLC. licenses this file to you under the Apache License, +rem Version 2.0 (the "License"); you may not use this file except +rem in compliance with the License. +rem You may obtain a copy of the License at +rem +rem http://www.apache.org/licenses/LICENSE-2.0 +rem +rem Unless required by applicable law or agreed to in writing, +rem software distributed under the License is distributed on an +rem "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +rem KIND, either express or implied. See the License for the +rem specific language governing permissions and limitations +rem under the License. + +set BC_FIPS_VERSION=1.0.2.3 +set BCPKIX_FIPS_VERSION=1.0.7 +set BCPROV_JDK15ON_VERSION=1.70.0.wso2v1 +set BCPKIX_JDK15ON_VERSION=1.70.0.wso2v1 + +set EXPECTED_BCPROV_CHECKSUM=261f41c52b6a664a5e9011ba829e78eb314c0ed8 +set EXPECTED_BCPKIX_CHECKSUM=17db4aba24861e306427bdeff03b1c2fac57760f +set EXPECTED_BC_FIPS_CHECKSUM=da62b32cb72591f5b4d322e6ab0ce7de3247b534 +set EXPECTED_BCPKIX_FIPS_CHECKSUM=fe07959721cfa2156be9722ba20fdfee2b5441b0 + + +rem ----- Only set CARBON_HOME if not already set ---------------------------- +:checkServer +rem %~sdp0 is expanded pathname of the current script under NT with spaces in the path removed +if "%CARBON_HOME%"=="" set CARBON_HOME=%~sdp0.. +SET curDrive=%cd:~0,1% +SET wsasDrive=%CARBON_HOME:~0,1% +if not "%curDrive%" == "%wsasDrive%" %wsasDrive%: + +rem find CARBON_HOME if it does not exist due to either an invalid value passed +rem by the user or the %0 problem on Windows 9x +if not exist "%CARBON_HOME%\bin\version.txt" goto noServerHome + +set ARGUEMENT=%1 +set api_publisher_bundles_info=%CARBON_HOME%\repository\components\api-publisher-deprecated\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info +set api_devportal_bundles_info=%CARBON_HOME%\repository\components\api-devportal-deprecated\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info +set api_key_manager_bundles_info=%CARBON_HOME%\repository\components\api-key-manager-deprecated\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info +set default_bundles_info=%CARBON_HOME%\repository\components\default\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info +set control_plane_bundles_info=%CARBON_HOME%\repository\components\control-plane\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info +set traffic_manager_bundles_info=%CARBON_HOME%\repository\components\traffic-manager\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info +set gateway_worker_bundles_info=%CARBON_HOME%\repository\components\gateway-worker\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info + +set bcprov_text=bcprov-jdk15on,%BCPROV_JDK15ON_VERSION%,../plugins/bcprov-jdk15on_%BCPROV_JDK15ON_VERSION%.jar,4,true +set bcpkix_text=bcpkix-jdk15on,%BCPKIX_JDK15ON_VERSION%,../plugins/bcpkix-jdk15on_%BCPKIX_JDK15ON_VERSION%.jar,4,true +set "homeDir=%userprofile%" +set server_restart_required=false + +rem commandline arguement 'DISABLE' or 'disable' is passed +if "%ARGUEMENT%"=="DISABLE" goto disableFipsMode +if "%ARGUEMENT%"=="disable" goto disableFipsMode +if "%ARGUEMENT%"=="VERIFY" goto verifyFipsMode +if "%ARGUEMENT%"=="verify" goto verifyFipsMode +rem no commandline arguements are passed +goto enableFipsMode + +:disableFipsMode +if exist "%CARBON_HOME%\repository\components\lib\bc-fips*.jar" ( + set server_restart_required=true + echo Remove existing bc-fips jar from lib folder. + DEL /F "%CARBON_HOME%\repository\components\lib\bc-fips*.jar" + echo Successfully removed bc-fips__%BC_FIPS_VERSION%.jar from components\lib. +) +if exist "%CARBON_HOME%\repository\components\lib\bcpkix-fips*.jar" ( + set server_restart_required=true + echo Remove existing bcpkix-fips jar from lib folder. + DEL /F "%CARBON_HOME%\repository\components\lib\bcpkix-fips*.jar" + echo Successfully removed bcpkix-fips_%BC_FIPS_VERSION%.jar from components\lib. +) +if exist "%CARBON_HOME%\repository\components\dropins\bc_fips*.jar" ( + set server_restart_required=true + echo Remove existing bc-fips jar from dropins folder. + DEL /F "%CARBON_HOME%\repository\components\dropins\bc_fips*.jar" + echo Successfully removed bc_fips_%BC_FIPS_VERSION%.jar from components\dropins. +) +if exist "%CARBON_HOME%\repository\components\dropins\bcpkix_fips*.jar" ( + set server_restart_required=true + echo Remove existing bcpkix_fips jar from dropins folder. + DEL /F "%CARBON_HOME%\repository\components\dropins\bcpkix_fips*.jar" + echo Successfully removed bcpkix-fips_%BCPKIX_FIPS_VERSION%.jar from components\dropins. +) +if not exist "%CARBON_HOME%\repository\components\plugins\bcprov-jdk15on*.jar" ( + set server_restart_required=true + if exist "%homeDir%\.wso2-bc\backup\bcprov-jdk15on_%BCPROV_JDK15ON_VERSION%.jar" ( + move "%homeDir%\.wso2-bc\backup\bcprov-jdk15on_%BCPROV_JDK15ON_VERSION%.jar" "%CARBON_HOME%\repository\components\plugins" + echo Moved bcprov-jdk15on_%BCPROV_JDK15ON_VERSION%.jar from %homeDir%\.wso2-bc\backup to components/plugins. + ) else ( + echo Downloading required bcprov-jdk15on jar : bcprov-jdk15on-%BCPROV_JDK15ON_VERSION% + curl https://maven.wso2.org/nexus/content/repositories/releases/org/wso2/orbit/org/bouncycastle/bcprov-jdk15on/%BCPROV_JDK15ON_VERSION%/bcprov-jdk15on-%BCPROV_JDK15ON_VERSION%.jar -o %CARBON_HOME%/repository/components/plugins/bcprov-jdk15on_%BCPROV_JDK15ON_VERSION%.jar + FOR /F "tokens=*" %%G IN ('certutil -hashfile "%CARBON_HOME%/repository/components/plugins/bcprov-jdk15on_%BCPROV_JDK15ON_VERSION%.jar" SHA1 ^| FIND /V ":"') DO SET "ACTUAL_CHECKSUM_BCPROVE=%%G" + if "%ACTUAL_CHECKSUM_BCPROVE%"=="%EXPECTED_BCPROV_CHECKSUM%" ( + echo Checksum verified: The downloaded bcprov-jdk15on-%BCPROV_JDK15ON_VERSION%.jar is valid. + ) else ( + echo Checksum verification failed: The downloaded bcprov-jdk15on-%BCPROV_JDK15ON_VERSION%.jar may be corrupted. + ) + ) +) +if not exist "%CARBON_HOME%\repository\components\plugins\bcpkix-jdk15on*.jar" ( + set server_restart_required=true + if exist "%homeDir%\.wso2-bc\backup\bcpkix-jdk15on_%BCPKIX_JDK15ON_VERSION%.jar" ( + move "%homeDir%\.wso2-bc\backup\bcpkix-jdk15on_%BCPKIX_JDK15ON_VERSION%.jar" "%CARBON_HOME%\repository\components\plugins" + echo Moved bcpkix-jdk15on_%BCPKIX_JDK15ON_VERSION%.jar from %homeDir%\.wso2-bc\backup to components/plugins. + ) else ( + echo Downloading required bcpkix-jdk15on jar : bcpkix-jdk15on-%BCPKIX_JDK15ON_VERSION% + curl https://maven.wso2.org/nexus/content/repositories/releases/org/wso2/orbit/org/bouncycastle/bcpkix-jdk15on/%BCPKIX_JDK15ON_VERSION%/bcpkix-jdk15on-%BCPKIX_JDK15ON_VERSION%.jar -o %CARBON_HOME%/repository/components/plugins/bcpkix-jdk15on_%BCPKIX_JDK15ON_VERSION%.jar + FOR /F "tokens=*" %%G IN ('certutil -hashfile "%CARBON_HOME%/repository/components/plugins/bcpkix-jdk15on_%BCPKIX_JDK15ON_VERSION%.jar" SHA1 ^| FIND /V ":"') DO SET "ACTUAL_CHECKSUM_BCPKIX=%%G" + if "%ACTUAL_CHECKSUM_BCPKIX%"=="%EXPECTED_BCPKIX_CHECKSUM%" ( + echo Checksum verified: The downloaded bcpkix-jdk15on-%BCPKIX_JDK15ON_VERSION%.jar is valid. + ) else ( + echo Checksum verification failed: The downloaded bcpkix-jdk15on-%BCPKIX_JDK15ON_VERSION%.jar may be corrupted. + ) + ) +) +findstr /c:%bcprov_text% %api_publisher_bundles_info% > nul +if %errorlevel%==1 ( + set server_restart_required=true + echo %bcprov_text% >> %api_publisher_bundles_info% +) +findstr /c:%bcpkix_text% %api_publisher_bundles_info% > nul +if %errorlevel%==1 ( + set server_restart_required=true + echo %bcpkix_text% >> %api_publisher_bundles_info% +) +findstr /c:%bcprov_text% %api_devportal_bundles_info% > nul +if %errorlevel%==1 ( + set server_restart_required=true + echo %bcprov_text% >> %api_devportal_bundles_info% +) +findstr /c:%bcpkix_text% %api_devportal_bundles_info% > nul +if %errorlevel%==1 ( + set server_restart_required=true + echo %bcpkix_text% >> %api_devportal_bundles_info% +) +findstr /c:%bcprov_text% %api_key_manager_bundles_info% > nul +if %errorlevel%==1 ( + set server_restart_required=true + echo %bcprov_text% >> %api_key_manager_bundles_info% +) +findstr /c:%bcpkix_text% %api_key_manager_bundles_info% > nul +if %errorlevel%==1 ( + set server_restart_required=true + echo %bcpkix_text% >> %api_key_manager_bundles_info% +) +findstr /c:%bcprov_text% %default_bundles_info% > nul +if %errorlevel%==1 ( + set server_restart_required=true + echo %bcprov_text% >> %default_bundles_info% +) +findstr /c:%bcpkix_text% %default_bundles_info% > nul +if %errorlevel%==1 ( + set server_restart_required=true + echo %bcpkix_text% >> %default_bundles_info% +) +findstr /c:%bcprov_text% %control_plane_bundles_info% > nul +if %errorlevel%==1 ( + set server_restart_required=true + echo %bcprov_text% >> %control_plane_bundles_info% +) +findstr /c:%bcpkix_text% %control_plane_bundles_info% > nul +if %errorlevel%==1 ( + set server_restart_required=true + echo %bcpkix_text% >> %control_plane_bundles_info% +) +findstr /c:%bcprov_text% %traffic_manager_bundles_info% > nul +if %errorlevel%==1 ( + set server_restart_required=true + echo %bcprov_text% >> %traffic_manager_bundles_info% +) +findstr /c:%bcpkix_text% %traffic_manager_bundles_info% > nul +if %errorlevel%==1 ( + set server_restart_required=true + echo %bcpkix_text% >> %traffic_manager_bundles_info% +) +findstr /c:%bcprov_text% %gateway_worker_bundles_info% > nul +if %errorlevel%==1 ( + set server_restart_required=true + echo %bcprov_text% >> %gateway_worker_bundles_info% +) +findstr /c:%bcpkix_text% %gateway_worker_bundles_info% > nul +if %errorlevel%==1 ( + set server_restart_required=true + echo %bcpkix_text% >> %gateway_worker_bundles_info% +) + +goto printRestartMsg + +: enableFipsMode +set arg1= +set arg2= +:parse_args +if "%~1" == "" goto :done_args +if /I "%~1" == "-f" set "arg1=%~2" & shift +if /I "%~1" == "-m" set "arg2=%~2" & shift +shift +goto :parse_args +:done_args + +if not exist "%homeDir%\.wso2-bc" ( + mkdir "%homeDir%\.wso2-bc" +) +if not exist "%homeDir%\.wso2-bc\backup" ( + mkdir "%homeDir%\.wso2-bc\backup" +) +if exist "%CARBON_HOME%\repository\components\plugins\bcprov-jdk15on*" ( + set server_restart_required=true + echo Remove existing bcprov-jdk15on jar from plugins folder. + for /f "delims=" %%a in ('dir /b /s "%CARBON_HOME%\repository\components\plugins\bcprov-jdk15on_*.jar"') do ( + set bcprov_location=%%a + goto check_bcprov_location + ) + :check_bcprov_location + move "%bcprov_location%" "%homeDir%\.wso2-bc\backup" + echo Successfully removed bcprov-jdk15on_%BCPROV_JDK15ON_VERSION%.jar from components\plugins. +) +if exist "%CARBON_HOME%\repository\components\plugins\bcpkix-jdk15on*" ( + set server_restart_required=true + echo Remove existing bcpkix-jdk15on jar from plugins folder. + for /f "delims=" %%a in ('dir /b /s "%CARBON_HOME%\repository\components\plugins\bcpkix-jdk15on_*.jar"') do ( + set bcpkix_location=%%a + goto check_bcpkix_location + + ) + :check_bcpkix_location + move "%bcpkix_location%" "%homeDir%\.wso2-bc\backup" + echo Successfully removed bcpkix-jdk15on_%BCPKIX_JDK15ON_VERSION%.jar Removed from components\plugins. +) +if exist "%CARBON_HOME%\repository\components\lib\bc-fips*.jar" ( + for /f "delims=" %%a in ('dir /b /s "%CARBON_HOME%\repository\components\lib\bc-fips*.jar"') do ( + set bcfips_location=%%a + goto check_bcfips_location + ) + :check_bcfips_location + for %%f in ("%bcfips_location%") do set "bcfips_location=%%~nxf" + if not "%bcfips_location%"=="bc-fips-%BC_FIPS_VERSION%.jar" ( + set sever_restart_required=true + echo There is an update for bc-fips. Therefore Remove existing bc-fips jar from lib folder. + del /q "%CARBON_HOME%\repository\components\lib\bc-fips*.jar" 2> nul + echo Successfully removed bc-fips_%BC_FIPS_VERSION%.jar from components/lib. + if exist "%CARBON_HOME%\repository\components\dropins\bc_fips*.jar" ( + set sever_restart_required=true + echo Remove existing bc-fips jar from dropins folder. + del /q "%CARBON_HOME%\repository\components\dropins\bc_fips*.jar" 2> nul + echo Successfully removed bc-fips_%BC_FIPS_VERSION%.jar from components/dropins. + ) + ) +) + +if exist "%CARBON_HOME%\repository\components\lib\bcpkix-fips*.jar" ( + for /f "delims=" %%a in ('dir /b /s "%CARBON_HOME%\repository\components\lib\bcpkix-fips*.jar"') do ( + set bcpkixfips_location=%%a + goto check_bcpkixfips_location + ) + :check_bcpkixfips_location + for %%f in ("%bcpkixfips_location%") do set "bcpkixfips_location=%%~nxf" + if not "%bcpkixfips_location%"=="bcpkix-fips-%BCPKIX_FIPS_VERSION%.jar" ( + set sever_restart_required=true + echo There is an update for bcpkix-fips. Therefore Remove existing bcpkix-fips jar from lib folder. + del /q "%CARBON_HOME%\repository\components\lib\bcpkix-fips*.jar" 2> nul + echo Successfully removed bcpkix-fips_%BCPKIX_FIPS_VERSION%.jar from components/lib. + if exist "%CARBON_HOME%\repository\components\dropins\bcpkix_fips*.jar" ( + set sever_restart_required=true + echo Remove existing bcpkix-fips jar from dropins folder. + del /q "%CARBON_HOME%\repository\components\dropins\bcpkix_fips*.jar" 2> nul + echo Successfully removed bcpkix-fips_%BCPKIX_FIPS_VERSION%.jar from components/dropins. + ) + ) +) + +if not exist "%CARBON_HOME%\repository\components\lib\bc-fips*.jar" ( + set server_restart_required=true + if not "%arg1%"=="" ( + if not exist "%arg1%\bc-fips-%BC_FIPS_VERSION%.jar" ( + echo Can not be found requried bc-fips-%BC_FIPS_VERSION%.jar in given file path : "%arg1%". + ) else ( + copy "%arg1%\bc-fips-%BC_FIPS_VERSION%.jar" "%CARBON_HOME%\repository\components\lib\" + if %errorlevel% equ 0 ( + echo bc-fips JAR file copied successfully. + ) else ( + echo Error copying bc-fips JAR file. + ) + ) + ) + if not "%arg2%"=="" if "%arg1%"=="" ( + echo Downloading required bc-fips jar : bc-fips-%BC_FIPS_VERSION% + curl %arg2%/org/bouncycastle/bc-fips/%BC_FIPS_VERSION%/bc-fips-%BC_FIPS_VERSION%.jar -o %CARBON_HOME%/repository/components/lib/bc-fips-%BC_FIPS_VERSION%.jar + FOR /F "tokens=*" %%G IN ('certutil -hashfile "%CARBON_HOME%\repository\components\lib\bc-fips-%BC_FIPS_VERSION%.jar" SHA1 ^| FIND /V ":"') DO SET "ACTUAL_CHECKSUM_BC_FIPS=%%G" + if "%ACTUAL_CHECKSUM_BC_FIPS%"=="%EXPECTED_BC_FIPS_CHECKSUM%" ( + echo Checksum verified: The downloaded bc-fips-%BC_FIPS_VERSION%.jar is valid. + ) else ( + echo Checksum verification failed: The downloaded bc-fips-%BC_FIPS_VERSION%.jar may be corrupted. + ) + ) + if "%arg1%"=="" if "%arg2%"=="" ( + echo Downloading required bc-fips jar : bc-fips-%BC_FIPS_VERSION% + curl https://repo1.maven.org/maven2/org/bouncycastle/bc-fips/%BC_FIPS_VERSION%/bc-fips-%BC_FIPS_VERSION%.jar -o %CARBON_HOME%/repository/components/lib/bc-fips-%BC_FIPS_VERSION%.jar + FOR /F "tokens=*" %%G IN ('certutil -hashfile "%CARBON_HOME%\repository\components\lib\bc-fips-%BC_FIPS_VERSION%.jar" SHA1 ^| FIND /V ":"') DO SET "ACTUAL_CHECKSUM_BC_FIPS=%%G" + if "%ACTUAL_CHECKSUM_BC_FIPS%"=="%EXPECTED_BC_FIPS_CHECKSUM%" ( + echo Checksum verified: The downloaded bc-fips-%BC_FIPS_VERSION%.jar is valid. + ) else ( + echo Checksum verification failed: The downloaded bc-fips-%BC_FIPS_VERSION%.jar may be corrupted. + ) + ) +) + +if not exist "%CARBON_HOME%\repository\components\lib\bcpkix-fips*.jar" ( + set server_restart_required=true + if not "%arg1%"=="" ( + if not exist "%arg1%\bcpkix-fips-%BCPKIX_FIPS_VERSION%.jar" ( + echo Can not be found requried bcpkix-fips-%BCPKIX_FIPS_VERSION%.jar in given file path : "%arg1%". + ) else ( + copy "%arg1%\bcpkix-fips-%BCPKIX_FIPS_VERSION%.jar" "%CARBON_HOME%\repository\components\lib\" + if %errorlevel% equ 0 ( + echo bcpkix-fips JAR file copied successfully. + ) else ( + echo Error copying bcpkix-fips JAR file. + ) + ) + ) + if not "%arg2%"=="" if "%arg1%"=="" ( + echo Downloading required bcpkix-fips jar : bcpkix-fips-%BCPKIX_FIPS_VERSION% + curl %arg2%/org/bouncycastle/bcpkix-fips/%BCPKIX_FIPS_VERSION%/bcpkix-fips-%BCPKIX_FIPS_VERSION%.jar -o %CARBON_HOME%/repository/components/lib/bcpkix-fips-%BCPKIX_FIPS_VERSION%.jar + FOR /F "tokens=*" %%G IN ('certutil -hashfile "%CARBON_HOME%\repository\components\lib\bcpkix-fips-%BCPKIX_FIPS_VERSION%.jar" SHA1 ^| FIND /V ":"') DO SET "ACTUAL_CHECKSUM_BCPKIX_FIPS=%%G" + if "%ACTUAL_CHECKSUM_BCPKIX_FIPS%"=="%EXPECTED_BCPKIX_FIPS_CHECKSUM%" ( + echo Checksum verified: The downloaded bcpkix-%BCPKIX_FIPS_VERSION%.jar is valid. + ) else ( + echo Checksum verification failed: The downloaded bcpkix-%BCPKIX_FIPS_VERSION%.jar may be corrupted. + ) + ) + if "%arg1%"=="" if "%arg2%"=="" ( + echo Downloading required bcpkix-fips jar : bcpkix-fips-%BCPKIX_FIPS_VERSION% + curl https://repo1.maven.org/maven2/org/bouncycastle/bcpkix-fips/%BCPKIX_FIPS_VERSION%/bcpkix-fips-%BCPKIX_FIPS_VERSION%.jar -o %CARBON_HOME%/repository/components/lib/bcpkix-fips-%BCPKIX_FIPS_VERSION%.jar + FOR /F "tokens=*" %%G IN ('certutil -hashfile "%CARBON_HOME%\repository\components\lib\bcpkix-fips-%BCPKIX_FIPS_VERSION%.jar" SHA1 ^| FIND /V ":"') DO SET "ACTUAL_CHECKSUM_BCPKIX_FIPS=%%G" + if "%ACTUAL_CHECKSUM_BCPKIX_FIPS%"=="%EXPECTED_BCPKIX_FIPS_CHECKSUM%" ( + echo Checksum verified: The downloaded bcpkix-fips-%BCPKIX_FIPS_VERSION%.jar is valid. + ) else ( + echo Checksum verification failed: The downloaded bcpkix-fips-%BCPKIX_FIPS_VERSION%.jar may be corrupted. + ) + ) +) + +set api_publisher_temp_file=%CARBON_HOME%\repository\components\api-publisher-deprecated\configuration\org.eclipse.equinox.simpleconfigurator\api_publisher_temp.info +findstr /v /c:%bcprov_text% /c:%bcpkix_text% %api_publisher_bundles_info% > !api_publisher_temp_file! +move /y !api_publisher_temp_file! %api_publisher_bundles_info% > nul + +set api_devportal_temp_file=%CARBON_HOME%\repository\components\api-devportal-deprecated\configuration\org.eclipse.equinox.simpleconfigurator\api_devportal_temp.info +findstr /v /c:%bcprov_text% /c:%bcpkix_text% %api_devportal_bundles_info% > !api_devportal_temp_file! +move /y !api_devportal_temp_file! %api_devportal_bundles_info% > nul + +set api_key_manager_temp_file=%CARBON_HOME%\repository\components\api-key-manager-deprecated\configuration\org.eclipse.equinox.simpleconfigurator\api_key_manager_temp.info +findstr /v /c:%bcprov_text% /c:%bcpkix_text% %api_key_manager_bundles_info% > !api_key_manager_temp_file! +move /y !api_key_manager_temp_file! %api_key_manager_bundles_info% > nul + +set default_temp_file=%CARBON_HOME%\repository\components\default\configuration\org.eclipse.equinox.simpleconfigurator\default_temp.info +findstr /v /c:%bcprov_text% /c:%bcpkix_text% %default_bundles_info% > !default_temp_file! +move /y !default_temp_file! %default_bundles_info% > nul + +set control_plane_temp_file=%CARBON_HOME%\repository\components\control-plane\configuration\org.eclipse.equinox.simpleconfigurator\control_plane_temp.info +findstr /v /c:%bcprov_text% /c:%bcpkix_text% %control_plane_bundles_info% > !control_plane_temp_file! +move /y !control_plane_temp_file! %control_plane_bundles_info% > nul + +set traffic_manager_temp_file=%CARBON_HOME%\repository\components\traffic-manager\configuration\org.eclipse.equinox.simpleconfigurator\traffic_manager_temp.info +findstr /v /c:%bcprov_text% /c:%bcpkix_text% %traffic_manager_bundles_info% > !traffic_manager_temp_file! +move /y !traffic_manager_temp_file! %traffic_manager_bundles_info% > nul + +set gateway_worker_temp_file=%CARBON_HOME%\repository\components\gateway-worker\configuration\org.eclipse.equinox.simpleconfigurator\gateway_worker_temp.info +findstr /v /c:%bcprov_text% /c:%bcpkix_text% %gateway_worker_bundles_info% > !gateway_worker_temp_file! +move /y !gateway_worker_temp_file! %gateway_worker_bundles_info% > nul + +goto printRestartMsg + +:verifyFipsMode +set verify=true +if exist "%CARBON_HOME%\repository\components\plugins\bcprov-jdk15on*.jar" ( + set location= + for /f "delims=" %%i in ('dir /b /s "%CARBON_HOME%\repository\components\plugins\bcprov-jdk15on*.jar" ^| findstr /i /c:".jar"') do ( + set "location=%%i" + goto :verifyBcFipsLocation + ) + :verifyBcFipsLocation + if not "%location%"=="" ( + set verify=false + echo Found bcprov-jdk15on_%BCPROV_JDK15ON_VERSION%.jar in plugins folder. This jar should be removed. + ) +) +if exist "%CARBON_HOME%\repository\components\plugins\bcpkix-jdk15on*.jar" ( + set location= + for /f "delims=" %%i in ('dir /b /s "%CARBON_HOME%\repository\components\plugins\bcpkix-jdk15on*.jar" ^| findstr /i /c:".jar"') do ( + set "location=%%i" + goto :verifyBcPkixFipsLocation + ) + :verifyBcPkixFipsLocation + if not "%location%"=="" ( + set verify=false + echo Found bcpkix-jdk15on_%BCPKIX_JDK15ON_VERSION%.jar in plugins folder. This jar should be removed. + ) +) +if exist "%CARBON_HOME%\repository\components\lib\bc-fips*.jar" ( + if not exist "%CARBON_HOME%\repository\components\lib\bc-fips-%BC_FIPS_VERSION%.jar" ( + set verify=false + echo There is an update for bc-fips. Run the script again to get updates. + ) +) else ( + set verify=false + echo can not be found bc-fips_%BC_FIPS_VERSION%.jar in components/lib folder. This jar should be added. +) + +if exist "%CARBON_HOME%\repository\components\lib\bcpkix-fips*.jar" ( + if not exist "%CARBON_HOME%\repository\components\lib\bcpkix-fips-%BCPKIX_FIPS_VERSION%.jar" ( + set verify=false + echo There is an update for bcpkix-fips. Run the script again to get updates. + ) +) else ( + set verify=false + echo can not be found bc-fips_%BC_FIPS_VERSION%.jar in components/lib folder. This jar should be added. +) + +findstr /i /c:"%bcprov_text%" "%api_publisher_bundles_info%" > nul +if %errorlevel%==0 ( + set verify=false + echo Found text "%bcprov_text%" in api-publisher bundles.info. This should be removed. +) + +findstr /i /c:"%bcpkix_text%" "%api_publisher_bundles_info%" > nul +if %errorlevel%==0 ( + set verify=false + echo Found text "%bcpkix_text%" in api-publisher bundles.info. This should be removed. +) + +findstr /i /c:"%bcprov_text%" "%api_devportal_bundles_info%" > nul +if %errorlevel%==0 ( + set verify=false + echo Found text "%bcprov_text%" in api-devportal bundles.info. This should be removed. +) + +findstr /i /c:"%bcpkix_text%" "%api_devportal_bundles_info%" > nul +if %errorlevel%==0 ( + set verify=false + echo Found text "%bcpkix_text%" in api-devportal bundles.info. This should be removed. +) + +findstr /i /c:"%bcprov_text%" "%api_key_manager_bundles_info%" > nul +if %errorlevel%==0 ( + set verify=false + echo Found text "%bcprov_text%" in api-key-manager bundles.info. This should be removed. +) + +findstr /i /c:"%bcpkix_text%" "%api_key_manager_bundles_info%" > nul +if %errorlevel%==0 ( + set verify=false + echo Found text "%bcpkix_text%" in api-key-manager bundles.info. This should be removed. +) + +findstr /i /c:"%bcprov_text%" "%default_bundles_info%" > nul +if %errorlevel%==0 ( + set verify=false + echo Found text "%bcprov_text%" in default bundles.info. This should be removed. +) + +findstr /i /c:"%bcpkix_text%" "%default_bundles_info%" > nul +if %errorlevel%==0 ( + set verify=false + echo Found text "%bcpkix_text%" in default bundles.info. This should be removed. +) + +findstr /i /c:"%bcprov_text%" "%traffic_manager_bundles_info%" > nul +if %errorlevel%==0 ( + set verify=false + echo Found text "%bcprov_text%" in traffic-manager bundles.info. This should be removed. +) + +findstr /i /c:"%bcpkix_text%" "%traffic_manager_bundles_info%" > nul +if %errorlevel%==0 ( + set verify=false + echo Found text "%bcpkix_text%" in traffic-manager bundles.info. This should be removed. +) + +findstr /i /c:"%bcprov_text%" "%gateway_worker_bundles_info%" > nul +if %errorlevel%==0 ( + set verify=false + echo Found text "%bcprov_text%" in gateway-worker bundles.info. This should be removed. +) + +findstr /i /c:"%bcpkix_text%" "%gateway_worker_bundles_info%" > nul +if %errorlevel%==0 ( + set verify=false + echo Found text "%bcpkix_text%" in gateway-worker bundles.info. This should be removed. +) + +if "%verify%"=="true" ( + echo Verified : Product is FIPS compliant. +) else ( + echo Verification failed : Product is not FIPS compliant. +) +goto end + +:printRestartMsg +if "%server_restart_required%"=="true" ( + echo Please restart the server. +) + +goto end + +:noServerHome +echo CARBON_HOME is set incorrectly or CARBON could not be located. Please set CARBON_HOME. +goto end + +:end +endlocal \ No newline at end of file diff --git a/modules/distribution/product/src/main/startup-scripts/fips.sh b/modules/distribution/product/src/main/startup-scripts/fips.sh new file mode 100644 index 0000000000..3078b65fcf --- /dev/null +++ b/modules/distribution/product/src/main/startup-scripts/fips.sh @@ -0,0 +1,468 @@ +#! /bin/bash +# ---------------------------------------------------------------------------- +# Copyright 2023 WSO2, LLC. http://www.wso2.org +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +BC_FIPS_VERSION=1.0.2.3; +BCPKIX_FIPS_VERSION=1.0.7; +BCPROV_JDK15ON_VERSION=1.70.0.wso2v1; +BCPKIX_JDK15ON_VERSION=1.70.0.wso2v1; + +EXPECTED_BCPROV_CHECKSUM="261f41c52b6a664a5e9011ba829e78eb314c0ed8" +EXPECTED_BCPKIX_CHECKSUM="17db4aba24861e306427bdeff03b1c2fac57760f" +EXPECTED_BC_FIPS_CHECKSUM="da62b32cb72591f5b4d322e6ab0ce7de3247b534" +EXPECTED_BCPKIX_FIPS_CHECKSUM="fe07959721cfa2156be9722ba20fdfee2b5441b0" + +# Get standard environment variables +PRGDIR=`dirname "$PRG"` + +# Only set CARBON_HOME if not already set +[ -z "$CARBON_HOME" ] && CARBON_HOME=`cd "$PRGDIR/.." ; pwd` + +ARGUMENT=$1; +api_publisher_bundles_info="$CARBON_HOME/repository/components/api-publisher-deprecated/configuration/org.eclipse.equinox.simpleconfigurator/bundles.info"; +api_devportal_bundles_info="$CARBON_HOME/repository/components/api-devportal-deprecated/configuration/org.eclipse.equinox.simpleconfigurator/bundles.info"; +api_key_manager_bundles_info="$CARBON_HOME/repository/components/api-key-manager-deprecated/configuration/org.eclipse.equinox.simpleconfigurator/bundles.info"; +default_bundles_info="$CARBON_HOME/repository/components/default/configuration/org.eclipse.equinox.simpleconfigurator/bundles.info"; +control_plane_bundles_info="$CARBON_HOME/repository/components/control-plane/configuration/org.eclipse.equinox.simpleconfigurator/bundles.info"; +traffic_manager_bundles_info="$CARBON_HOME/repository/components/traffic-manager/configuration/org.eclipse.equinox.simpleconfigurator/bundles.info"; +gateway_worker_bundles_info="$CARBON_HOME/repository/components/gateway-worker/configuration/org.eclipse.equinox.simpleconfigurator/bundles.info"; + +bcprov_text="bcprov-jdk15on,$BCPROV_JDK15ON_VERSION,../plugins/bcprov-jdk15on_$BCPROV_JDK15ON_VERSION.jar,4,true"; +bcpkix_text="bcpkix-jdk15on,$BCPKIX_JDK15ON_VERSION,../plugins/bcpkix-jdk15on_$BCPKIX_JDK15ON_VERSION.jar,4,true"; +homeDir="$HOME" +sever_restart_required=false + +if [ "$ARGUMENT" = "DISABLE" ] || [ "$ARGUMENT" = "disable" ]; then + if [ -f $CARBON_HOME/repository/components/lib/bc-fips*.jar ]; then + sever_restart_required=true + echo "Remove existing bc-fips jar from lib folder." + rm rm $CARBON_HOME/repository/components/lib/bc-fips*.jar 2> /dev/null + echo "Successfully removed bc-fips_$BC_FIPS_VERSION.jar Removed from component/lib." + fi + if [ -f $CARBON_HOME/repository/components/lib/bcpkix-fips*.jar ]; then + sever_restart_required=true + echo "Remove existing bcpkix-fips jar from lib folder." + rm rm $CARBON_HOME/repository/components/lib/bcpkix-fips*.jar 2> /dev/null + echo "Successfully removed bcpkix-fips_$BCPKIX_JDK15ON_VERSION.jar from component/lib." + fi + if [ -f $CARBON_HOME/repository/components/dropins/bc_fips*.jar ]; then + sever_restart_required=true + echo "Remove existing bc-fips jar from dropins folder." + rm rm $CARBON_HOME/repository/components/dropins/bc_fips*.jar 2> /dev/null + echo "Successfully removed bc-fips_$BC_FIPS_VERSION.jar from component/dropins." + fi + if [ -f $CARBON_HOME/repository/components/dropins/bcpkix_fips*.jar ]; then + sever_restart_required=true + echo "Remove existing bcpkix_fips jar from dropins folder." + rm rm $CARBON_HOME/repository/components/dropins/bcpkix_fips*.jar 2> /dev/null + echo "Successfully removed bcpkix_fips_$BCPKIX_JDK15ON_VERSION.jar from component/dropins." + fi + if [ ! -e $CARBON_HOME/repository/components/plugins/bcprov-jdk15on*.jar ]; then + sever_restart_required=true + if [ -f "$homeDir/.wso2-bc/backup/bcprov-jdk15on_$BCPROV_JDK15ON_VERSION.jar" ]; then + mv "$homeDir/.wso2-bc/backup/bcprov-jdk15on_$BCPROV_JDK15ON_VERSION.jar" "$CARBON_HOME/repository/components/plugins" + echo "Moved bcprov-jdk15on_$BCPROV_JDK15ON_VERSION.jar from $homeDir/.wso2-bc/backup to components/plugins" + else + echo "Downloading required bcprov-jdk15on jar : bcprov-jdk15on-$BCPROV_JDK15ON_VERSION" + curl https://maven.wso2.org/nexus/content/repositories/releases/org/wso2/orbit/org/bouncycastle/bcprov-jdk15on/$BCPROV_JDK15ON_VERSION/bcprov-jdk15on-$BCPROV_JDK15ON_VERSION.jar -o $CARBON_HOME/repository/components/plugins/bcprov-jdk15on_$BCPROV_JDK15ON_VERSION.jar + ACTUAL_CHECKSUM=$(sha1sum $CARBON_HOME/repository/components/plugins/bcprov-jdk15on*.jar | cut -d' ' -f1) + if [ "$EXPECTED_BCPROV_CHECKSUM" = "$ACTUAL_CHECKSUM" ]; then + echo "Checksum verified: The downloaded bcprov-jdk15on-$BCPROV_JDK15ON_VERSION.jar is valid." + else + echo "Checksum verification failed: The downloaded bcprov-jdk15on-$BCPROV_JDK15ON_VERSION.jar may be corrupted." + fi + fi + fi + if [ ! -e $CARBON_HOME/repository/components/plugins/bcpkix-jdk15on*.jar ]; then + sever_restart_required=true + if [ -f "$homeDir/.wso2-bc/backup/bcpkix-jdk15on_$BCPKIX_JDK15ON_VERSION.jar" ]; then + mv "$homeDir/.wso2-bc/backup/bcpkix-jdk15on_$BCPKIX_JDK15ON_VERSION.jar" "$CARBON_HOME/repository/components/plugins" + echo "Moved bcpkix-jdk15on_$BCPKIX_JDK15ON_VERSION.jar from $homeDir/.wso2-bc/backup to components/plugins" + + else + echo "Downloading required bcpkix-jdk15on jar : bcpkix-jdk15on-$BCPKIX_JDK15ON_VERSION" + curl https://maven.wso2.org/nexus/content/repositories/releases/org/wso2/orbit/org/bouncycastle/bcpkix-jdk15on/$BCPKIX_JDK15ON_VERSION/bcpkix-jdk15on-$BCPKIX_JDK15ON_VERSION.jar -o $CARBON_HOME/repository/components/plugins/bcpkix-jdk15on_$BCPKIX_JDK15ON_VERSION.jar + ACTUAL_CHECKSUM=$(sha1sum $CARBON_HOME/repository/components/plugins/bcpkix-jdk15on*.jar | cut -d' ' -f1) + if [ "$EXPECTED_BCPKIX_CHECKSUM" = "$ACTUAL_CHECKSUM" ]; then + echo "Checksum verified: The downloaded bcpkix-jdk15on-$BCPKIX_JDK15ON_VERSION.jar is valid." + else + echo "Checksum verification failed: The downloaded bcpkix-jdk15on-$BCPKIX_JDK15ON_VERSION.jar may be corrupted." + fi + fi + fi + + if ! grep -q "$bcprov_text" "$api_publisher_bundles_info" ; then + echo $bcprov_text >> $api_publisher_bundles_info; + sever_restart_required=true + fi + if ! grep -q "$bcpkix_text" "$api_publisher_bundles_info" ; then + echo $bcpkix_text >> $api_publisher_bundles_info; + sever_restart_required=true + fi + + if ! grep -q "$bcprov_text" "$api_devportal_bundles_info" ; then + echo $bcprov_text >> $api_devportal_bundles_info; + sever_restart_required=true + fi + if ! grep -q "$bcpkix_text" "$api_devportal_bundles_info" ; then + echo $bcpkix_text >> $api_devportal_bundles_info; + sever_restart_required=true + fi + + if ! grep -q "$bcprov_text" "$api_key_manager_bundles_info" ; then + echo $bcprov_text >> $api_key_manager_bundles_info; + sever_restart_required=true + fi + if ! grep -q "$bcpkix_text" "$api_key_manager_bundles_info" ; then + echo $bcpkix_text >> $api_key_manager_bundles_info; + sever_restart_required=true + fi + + if ! grep -q "$bcprov_text" "$default_bundles_info" ; then + echo $bcprov_text >> $default_bundles_info; + sever_restart_required=true + fi + if ! grep -q "$bcpkix_text" "$default_bundles_info" ; then + echo $bcpkix_text >> $default_bundles_info; + sever_restart_required=true + fi + + if ! grep -q "$bcprov_text" "$control_plane_bundles_info" ; then + echo $bcprov_text >> $control_plane_bundles_info; + sever_restart_required=true + fi + if ! grep -q "$bcpkix_text" "$control_plane_bundles_info" ; then + echo $bcpkix_text >> $control_plane_bundles_info; + sever_restart_required=true + fi + + if ! grep -q "$bcprov_text" "$traffic_manager_bundles_info" ; then + echo $bcprov_text >> $traffic_manager_bundles_info; + sever_restart_required=true + fi + if ! grep -q "$bcpkix_text" "$traffic_manager_bundles_info" ; then + echo $bcpkix_text >> $traffic_manager_bundles_info; + sever_restart_required=true + fi + + if ! grep -q "$bcprov_text" "$gateway_worker_bundles_info" ; then + echo $bcprov_text >> $gateway_worker_bundles_info; + sever_restart_required=true + fi + if ! grep -q "$bcpkix_text" "$gateway_worker_bundles_info" ; then + echo $bcpkix_text >> $gateway_worker_bundles_info; + sever_restart_required=true + fi + +elif [ "$ARGUMENT" = "VERIFY" ] || [ "$ARGUMENT" = "verify" ]; then + verify=true; + if [ -f $CARBON_HOME/repository/components/plugins/bcprov-jdk15on*.jar ]; then + location=$(find "$CARBON_HOME/repository/components/plugins/" -type f -name "bcprov-jdk15on*.jar" | head -1) + verify=false + echo "Found bcprov-jdk15on_$BCPROV_JDK15ON_VERSION.jar in plugins folder. This jar should be removed." + fi + if [ -f $CARBON_HOME/repository/components/plugins/bcprov-jdk15on*.jar ]; then + location=$(find "$CARBON_HOME/repository/components/plugins/" -type f -name "bcpkix-jdk15on*.jar" | head -1) + verify=false + echo "Found bcpkix-jdk15on_$BCPKIX_JDK15ON_VERSION.jar in plugins folder. This jar should be removed." + fi + if [ -f $CARBON_HOME/repository/components/lib/bc-fips*.jar ]; then + if [ ! -f $CARBON_HOME/repository/components/lib/bc-fips-$BC_FIPS_VERSION.jar ]; then + verify=false + echo "There is an update for bc-fips. Run the script again to get updates." + fi + else + verify=false + echo "bc-fips_$BC_FIPS_VERSION.jar can not be found in components/lib folder. This jar should be added." + fi + if [ -f $CARBON_HOME/repository/components/lib/bcpkix-fips*.jar ]; then + if [ ! -f $CARBON_HOME/repository/components/lib/bcpkix-fips-$BCPKIX_FIPS_VERSION.jar ]; then + verify=false + echo "There is an update for bcpkix-fips. Run the script again to get updates." + + fi + else + verify=false + echo "bcpkix-fips_$BCPKIX_FIPS_VERSION.jar can not be found in components/lib folder. This jar should be added." + + fi + + if grep -q "$bcprov_text" "$api_publisher_bundles_info" ; then + verify=false + echo "Found $bcprov_text in api-publisher bundles.info. This should be removed"; + fi + if grep -q "$bcpkix_text" "$api_publisher_bundles_info" ; then + verify=false + echo "Found $bcpkix_text in api-publisher bundles.info. This should be removed"; + fi + if grep -q "$bcprov_text" "$api_devportal_bundles_info" ; then + verify=false + echo "Found $bcprov_text in api-devportal bundles.info. This should be removed"; + fi + if grep -q "$bcpkix_text" "$api_devportal_bundles_info" ; then + verify=false + echo "Found $bcpkix_text in api-devportal bundles.info. This should be removed"; + fi + if grep -q "$bcprov_text" "$api_key_manager_bundles_info" ; then + verify=false + echo "Found $bcprov_text in api-key-manager bundles.info. This should be removed"; + fi + if grep -q "$bcpkix_text" "$api_key_manager_bundles_info" ; then + verify=false + echo "Found $bcpkix_text in api-key-manager bundles.info. This should be removed"; + fi + if grep -q "$bcprov_text" "$default_bundles_info" ; then + verify=false + echo "Found $bcprov_text in default bundles.info. This should be removed"; + fi + if grep -q "$bcpkix_text" "$default_bundles_info" ; then + verify=false + echo "Found $bcpkix_text in default bundles.info. This should be removed"; + fi + if grep -q "$bcprov_text" "$control_plane_bundles_info" ; then + verify=false + echo "Found $bcprov_text in control-plane bundles.info. This should be removed"; + fi + if grep -q "$bcpkix_text" "$control_plane_bundles_info" ; then + verify=false + echo "Found $bcpkix_text in control-plane bundles.info. This should be removed"; + fi + if grep -q "$bcprov_text" "$traffic_manager_bundles_info" ; then + verify=false + echo "Found $bcprov_text in traffic-manager bundles.info. This should be removed"; + fi + if grep -q "$bcpkix_text" "$traffic_manager_bundles_info" ; then + verify=false + echo "Found $bcpkix_text in traffic-manager bundles.info. This should be removed"; + fi + if grep -q "$bcprov_text" "$gateway_worker_bundles_info" ; then + verify=false + echo "Found $bcprov_text in gateway-worker bundles.info. This should be removed"; + fi + if grep -q "$bcpkix_text" "$gateway_worker_bundles_info" ; then + verify=false + echo "Found $bcpkix_text in gateway-worker bundles.info. This should be removed"; + fi + + if [ $verify = true ]; then + echo "Verified : Product is FIPS compliant." + else echo "Verification failed : Product is not FIPS compliant." + fi + +else +while getopts "f:m:" opt; do + case $opt in + f) + arg1=$OPTARG + ;; + m) + arg2=$OPTARG + ;; + \?) + echo "Invalid option: -$OPTARG" >&2 + exit 1 + ;; + esac + done + echo "arg1: $arg1" + echo "arg2: $arg2" + + + if [ ! -d "$homeDir/.wso2-bc" ]; then + mkdir "$homeDir/.wso2-bc" + fi + if [ ! -d "$homeDir/.wso2-bc/backup" ]; then + mkdir "$homeDir/.wso2-bc/backup" + fi + if [ -f $CARBON_HOME/repository/components/plugins/bcprov-jdk15on*.jar ]; then + sever_restart_required=true + location=$(find "$CARBON_HOME/repository/components/plugins/" -type f -name "bcprov-jdk15on*.jar" | head -1) + echo "Remove existing bcpkix-jdk15on jar from plugins folder." + mv "$location" "$homeDir/.wso2-bc/backup" + echo "Successfully removed bcprov-jdk15on_$BCPROV_JDK15ON_VERSION.jar from component/plugins." + fi + if [ -f $CARBON_HOME/repository/components/plugins/bcpkix-jdk15on*.jar ]; then + sever_restart_required=true + echo "Remove existing bcpkix-jdk15on jar from plugins folder." + location=$(find "$CARBON_HOME/repository/components/plugins/" -type f -name "bcpkix-jdk15on*.jar" | head -1) + mv "$location" "$homeDir/.wso2-bc/backup" + echo "Successfully removed bcpkix-jdk15on_$BCPKIX_JDK15ON_VERSION.jar from component/plugins." + fi + + if grep -q "$bcprov_text" "$api_publisher_bundles_info" ; then + sever_restart_required=true + sed -i '/bcprov-jdk15on/d' $api_publisher_bundles_info + fi + if grep -q "$bcpkix_text" "$api_publisher_bundles_info" ; then + sever_restart_required=true + sed -i '/bcpkix-jdk15on/d' $api_publisher_bundles_info + fi + if grep -q "$bcprov_text" "$api_devportal_bundles_info" ; then + sever_restart_required=true + sed -i '/bcprov-jdk15on/d' $api_devportal_bundles_info + fi + if grep -q "$bcpkix_text" "$api_devportal_bundles_info" ; then + sever_restart_required=true + sed -i '/bcpkix-jdk15on/d' $api_devportal_bundles_info + fi + if grep -q "$bcprov_text" "$api_key_manager_bundles_info" ; then + sever_restart_required=true + sed -i '/bcprov-jdk15on/d' $api_key_manager_bundles_info + fi + if grep -q "$bcpkix_text" "$api_key_manager_bundles_info" ; then + sever_restart_required=true + sed -i '/bcpkix-jdk15on/d' $api_key_manager_bundles_info + fi + if grep -q "$bcprov_text" "$default_bundles_info" ; then + sever_restart_required=true + sed -i '/bcprov-jdk15on/d' $default_bundles_info + fi + if grep -q "$bcpkix_text" "$default_bundles_info" ; then + sever_restart_required=true + sed -i '/bcpkix-jdk15on/d' $default_bundles_info + fi + if grep -q "$bcprov_text" "$control_plane_bundles_info" ; then + sever_restart_required=true + sed -i '/bcprov-jdk15on/d' $control_plane_bundles_info + fi + if grep -q "$bcpkix_text" "$control_plane_bundles_info" ; then + sever_restart_required=true + sed -i '/bcpkix-jdk15on/d' $control_plane_bundles_info + fi + if grep -q "$bcprov_text" "$traffic_manager_bundles_info" ; then + sever_restart_required=true + sed -i '/bcprov-jdk15on/d' $traffic_manager_bundles_info + fi + if grep -q "$bcpkix_text" "$traffic_manager_bundles_info" ; then + sever_restart_required=true + sed -i '/bcpkix-jdk15on/d' $traffic_manager_bundles_info + fi + if grep -q "$bcprov_text" "$gateway_worker_bundles_info" ; then + sever_restart_required=true + sed -i '/bcprov-jdk15on/d' $gateway_worker_bundles_info + fi + if grep -q "$bcpkix_text" "$gateway_worker_bundles_info" ; then + sever_restart_required=true + sed -i '/bcpkix-jdk15on/d' $gateway_worker_bundles_info + fi + + if [ -e $CARBON_HOME/repository/components/lib/bc-fips*.jar ]; then + location=$(find "$CARBON_HOME/repository/components/lib/" -type f -name "bc-fips*.jar" | head -1) + if [ ! $location = "$CARBON_HOME/repository/components/lib/bc-fips-$BC_FIPS_VERSION.jar" ]; then + sever_restart_required=true + echo "There is an update for bc-fips. Therefore Remove existing bc-fips jar from lib folder." + rm rm $CARBON_HOME/repository/components/lib/bc-fips*.jar 2> /dev/null + echo "Successfully removed bc-fips_$BC_FIPS_VERSION.jar from component/lib." + if [ -f $CARBON_HOME/repository/components/dropins/bc_fips*.jar ]; then + sever_restart_required=true + echo "Remove existing bc-fips jar from dropins folder." + rm rm $CARBON_HOME/repository/components/dropins/bc_fips*.jar 2> /dev/null + echo "Successfully removed bc-fips_$BC_FIPS_VERSION.jar from component/dropins." + fi + fi + fi + + if [ ! -e $CARBON_HOME/repository/components/lib/bc-fips*.jar ]; then + sever_restart_required=true + if [ -z "$arg1" ] && [ -z "$arg2" ]; then + echo "both empty" + echo "Downloading required bc-fips jar : bc-fips-$BC_FIPS_VERSION" + curl https://repo1.maven.org/maven2/org/bouncycastle/bc-fips/$BC_FIPS_VERSION/bc-fips-$BC_FIPS_VERSION.jar -o $CARBON_HOME/repository/components/lib/bc-fips-$BC_FIPS_VERSION.jar + ACTUAL_CHECKSUM=$(sha1sum $CARBON_HOME/repository/components/lib/bc-fips*.jar | cut -d' ' -f1) + if [ "$EXPECTED_BC_FIPS_CHECKSUM" = "$ACTUAL_CHECKSUM" ]; then + echo "Checksum verified: The downloaded bc-fips-$BC_FIPS_VERSION.jar is valid." + else + echo "Checksum verification failed: The downloaded bc-fips-$BC_FIPS_VERSION.jar may be corrupted." + fi + elif [ ! -z "$arg1" ] && [ -z "$arg2" ]; then + echo "2 empty" + if [ ! -e $arg1/bcpkix-fips-$BCPKIX_FIPS_VERSION.jar ]; then + echo "Can not be found required bc-fips-$BC_FIPS_VERSION.jar in given file path : $arg1." + else + cp "$arg1/bc-fips-$BC_FIPS_VERSION.jar" "$CARBON_HOME/repository/components/lib" + if [ $? -eq 0 ]; then + echo "bc-fips JAR files copied successfully." + else + echo "Error copying bc-fips JAR file." + fi + fi + else + echo "1 empty" + echo "Downloading required bc-fips jar : bc-fips-$BC_FIPS_VERSION" + curl $arg2/org/bouncycastle/bc-fips/$BC_FIPS_VERSION/bc-fips-$BC_FIPS_VERSION.jar -o $CARBON_HOME/repository/components/lib/bc-fips-$BC_FIPS_VERSION.jar + ACTUAL_CHECKSUM=$(sha1sum $CARBON_HOME/repository/components/lib/bc-fips*.jar | cut -d' ' -f1) + if [ "$EXPECTED_BC_FIPS_CHECKSUM" = "$ACTUAL_CHECKSUM" ]; then + echo "Checksum verified: The downloaded bc-fips-$BC_FIPS_VERSION.jar is valid." + else + echo "Checksum verification failed: The downloaded bc-fips-$BC_FIPS_VERSION.jar may be corrupted." + fi + fi + fi + + if [ -e $CARBON_HOME/repository/components/lib/bcpkix-fips*.jar ]; then + location=$(find "$CARBON_HOME/repository/components/lib/" -type f -name "bcpkix-fips*.jar" | head -1) + if [ ! $location = "$CARBON_HOME/repository/components/lib/bcpkix-fips-$BCPKIX_FIPS_VERSION.jar" ]; then + sever_restart_required=true + echo "There is an update for bcpkix-fips. Therefore Remove existing bcpkix-fips jar from lib folder." + rm rm $CARBON_HOME/repository/components/lib/bcpkix-fips*.jar 2> /dev/null + echo "Successfully removed bcpkix-fips_$BCPKIX_FIPS_VERSION.jar Removed from component/lib." + if [ -f $CARBON_HOME/repository/components/dropins/bcpkix-fips*.jar ]; then + echo "Remove existing bcpkix-fips jar from dropins folder." + rm rm $CARBON_HOME/repository/components/dropins/bcpkix_fips*.jar 2> /dev/null + echo "Successfully removed bcpkix-fips_$BCPKIX_FIPS_VERSION.jar from component/dropins." + fi + fi + fi + + if [ ! -e $CARBON_HOME/repository/components/lib/bcpkix-fips*.jar ]; then + sever_restart_required=true + if [ -z "$arg1" ] && [ -z "$arg2" ]; then + echo "Downloading required bcpkix-fips jar : bcpkix-fips-$BCPKIX_FIPS_VERSION" + curl https://repo1.maven.org/maven2/org/bouncycastle/bcpkix-fips/$BCPKIX_FIPS_VERSION/bcpkix-fips-$BCPKIX_FIPS_VERSION.jar -o $CARBON_HOME/repository/components/lib/bcpkix-fips-$BCPKIX_FIPS_VERSION.jar + ACTUAL_CHECKSUM=$(sha1sum $CARBON_HOME/repository/components/lib/bcpkix-fips*.jar | cut -d' ' -f1) + if [ "$EXPECTED_BCPKIX_FIPS_CHECKSUM" = "$ACTUAL_CHECKSUM" ]; then + echo "Checksum verified: The downloaded bcpkix-fips-$BCPKIX_FIPS_VERSION.jar is valid." + else + echo "Checksum verification failed: The downloaded bcpkix-fips-$BCPKIX_FIPS_VERSION.jar may be corrupted." + fi + elif [ ! -z "$arg1" ] && [ -z "$arg2" ]; then + echo "2 empty" + if [ ! -e $arg1/bcpkix-fips-$BCPKIX_FIPS_VERSION.jar ]; then + echo "Can not be found required bcpkix-fips-$BCPKIX_FIPS_VERSION.jar in given file path : $arg1." + else + cp "$arg1/bcpkix-fips-$BCPKIX_FIPS_VERSION.jar" "$CARBON_HOME/repository/components/lib" + if [ $? -eq 0 ]; then + echo "bcpkix-fips JAR files copied successfully." + else + echo "Error copying bcpkix-fips JAR file." + fi + fi + else + echo "1 empty" + echo "Downloading required bcpkix-fips jar : bcpkix-fips-$BCPKIX_FIPS_VERSION" + curl $arg2/org/bouncycastle/bcpkix-fips/$BCPKIX_FIPS_VERSION/bcpkix-fips-$BCPKIX_FIPS_VERSION.jar -o $CARBON_HOME/repository/components/lib/bcpkix-fips-$BCPKIX_FIPS_VERSION.jar + ACTUAL_CHECKSUM=$(sha1sucam $CARBON_HOME/repository/components/lib/bc-fips*.jar | cut -d' ' -f1) + if [ "$EXPECTED_BC_FIPS_CHECKSUM" = "$ACTUAL_CHECKSUM" ]; then + echo "Checksum verified: The downloaded bc-fips-$BC_FIPS_VERSION.jar is valid." + else + echo "Checksum verification failed: The downloaded bc-fips-$BC_FIPS_VERSION.jar may be corrupted." + fi + fi + fi +fi + +if [ "$sever_restart_required" = true ] ; then + echo "Please restart the server." +fi \ No newline at end of file From fb5bba0ec6dd9d5e1bca89014afaa0d58f818092 Mon Sep 17 00:00:00 2001 From: HeshanSudarshana Date: Mon, 19 Jun 2023 10:56:28 +0530 Subject: [PATCH 08/22] Update FIPS scripts --- .../product/src/main/startup-scripts/fips.bat | 229 ++++----- .../product/src/main/startup-scripts/fips.sh | 439 +++++++++--------- 2 files changed, 338 insertions(+), 330 deletions(-) diff --git a/modules/distribution/product/src/main/startup-scripts/fips.bat b/modules/distribution/product/src/main/startup-scripts/fips.bat index 242abe0e15..31081d9ce3 100644 --- a/modules/distribution/product/src/main/startup-scripts/fips.bat +++ b/modules/distribution/product/src/main/startup-scripts/fips.bat @@ -18,11 +18,7 @@ rem under the License. set BC_FIPS_VERSION=1.0.2.3 set BCPKIX_FIPS_VERSION=1.0.7 -set BCPROV_JDK15ON_VERSION=1.70.0.wso2v1 -set BCPKIX_JDK15ON_VERSION=1.70.0.wso2v1 -set EXPECTED_BCPROV_CHECKSUM=261f41c52b6a664a5e9011ba829e78eb314c0ed8 -set EXPECTED_BCPKIX_CHECKSUM=17db4aba24861e306427bdeff03b1c2fac57760f set EXPECTED_BC_FIPS_CHECKSUM=da62b32cb72591f5b4d322e6ab0ce7de3247b534 set EXPECTED_BCPKIX_FIPS_CHECKSUM=fe07959721cfa2156be9722ba20fdfee2b5441b0 @@ -48,8 +44,6 @@ set control_plane_bundles_info=%CARBON_HOME%\repository\components\control-plane set traffic_manager_bundles_info=%CARBON_HOME%\repository\components\traffic-manager\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info set gateway_worker_bundles_info=%CARBON_HOME%\repository\components\gateway-worker\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info -set bcprov_text=bcprov-jdk15on,%BCPROV_JDK15ON_VERSION%,../plugins/bcprov-jdk15on_%BCPROV_JDK15ON_VERSION%.jar,4,true -set bcpkix_text=bcpkix-jdk15on,%BCPKIX_JDK15ON_VERSION%,../plugins/bcpkix-jdk15on_%BCPKIX_JDK15ON_VERSION%.jar,4,true set "homeDir=%userprofile%" set server_restart_required=false @@ -64,60 +58,64 @@ goto enableFipsMode :disableFipsMode if exist "%CARBON_HOME%\repository\components\lib\bc-fips*.jar" ( set server_restart_required=true - echo Remove existing bc-fips jar from lib folder. + echo Removing existing bc-fips jar from lib folder. DEL /F "%CARBON_HOME%\repository\components\lib\bc-fips*.jar" - echo Successfully removed bc-fips__%BC_FIPS_VERSION%.jar from components\lib. + echo Successfully removed bc-fips_%BC_FIPS_VERSION%.jar from components\lib. ) if exist "%CARBON_HOME%\repository\components\lib\bcpkix-fips*.jar" ( set server_restart_required=true - echo Remove existing bcpkix-fips jar from lib folder. + echo Removing existing bcpkix-fips jar from lib folder. DEL /F "%CARBON_HOME%\repository\components\lib\bcpkix-fips*.jar" - echo Successfully removed bcpkix-fips_%BC_FIPS_VERSION%.jar from components\lib. + echo Successfully removed bcpkix-fips_%BCPKIX_FIPS_VERSION%.jar from components\lib. ) if exist "%CARBON_HOME%\repository\components\dropins\bc_fips*.jar" ( set server_restart_required=true - echo Remove existing bc-fips jar from dropins folder. + echo Removing existing bc-fips jar from dropins folder. DEL /F "%CARBON_HOME%\repository\components\dropins\bc_fips*.jar" echo Successfully removed bc_fips_%BC_FIPS_VERSION%.jar from components\dropins. ) if exist "%CARBON_HOME%\repository\components\dropins\bcpkix_fips*.jar" ( set server_restart_required=true - echo Remove existing bcpkix_fips jar from dropins folder. + echo Removing existing bcpkix_fips jar from dropins folder. DEL /F "%CARBON_HOME%\repository\components\dropins\bcpkix_fips*.jar" echo Successfully removed bcpkix-fips_%BCPKIX_FIPS_VERSION%.jar from components\dropins. ) if not exist "%CARBON_HOME%\repository\components\plugins\bcprov-jdk15on*.jar" ( set server_restart_required=true - if exist "%homeDir%\.wso2-bc\backup\bcprov-jdk15on_%BCPROV_JDK15ON_VERSION%.jar" ( - move "%homeDir%\.wso2-bc\backup\bcprov-jdk15on_%BCPROV_JDK15ON_VERSION%.jar" "%CARBON_HOME%\repository\components\plugins" - echo Moved bcprov-jdk15on_%BCPROV_JDK15ON_VERSION%.jar from %homeDir%\.wso2-bc\backup to components/plugins. - ) else ( - echo Downloading required bcprov-jdk15on jar : bcprov-jdk15on-%BCPROV_JDK15ON_VERSION% - curl https://maven.wso2.org/nexus/content/repositories/releases/org/wso2/orbit/org/bouncycastle/bcprov-jdk15on/%BCPROV_JDK15ON_VERSION%/bcprov-jdk15on-%BCPROV_JDK15ON_VERSION%.jar -o %CARBON_HOME%/repository/components/plugins/bcprov-jdk15on_%BCPROV_JDK15ON_VERSION%.jar - FOR /F "tokens=*" %%G IN ('certutil -hashfile "%CARBON_HOME%/repository/components/plugins/bcprov-jdk15on_%BCPROV_JDK15ON_VERSION%.jar" SHA1 ^| FIND /V ":"') DO SET "ACTUAL_CHECKSUM_BCPROVE=%%G" - if "%ACTUAL_CHECKSUM_BCPROVE%"=="%EXPECTED_BCPROV_CHECKSUM%" ( - echo Checksum verified: The downloaded bcprov-jdk15on-%BCPROV_JDK15ON_VERSION%.jar is valid. - ) else ( - echo Checksum verification failed: The downloaded bcprov-jdk15on-%BCPROV_JDK15ON_VERSION%.jar may be corrupted. - ) + if exist "%homeDir%\.wso2-bc\backup\bcprov-jdk15on*.jar" ( + for /r %homeDir%\.wso2-bc\backup\ %%G in (bcprov-jdk15on*.jar) do ( + set bcprov_location=%%G + set file_name=%%~nG + goto checkbcprovVersion ) + :checkbcprovVersion + for /f "tokens=2 delims=_" %%v in ("%bcprov_file_name%") do set "bcprov_version=%%v" + goto bbb + + :bbb + move "%bcprov_location%" "%CARBON_HOME%\repository\components\plugins" + echo Moved %bcprov_file_name% from %homeDir%\.wso2-bc\backup to components/plugins. + ) else ( echo "Required bcprov-jdk15on jar is not available in %homeDir%/.wso2-bc/backup. Download the jar from maven central repository." ) ) if not exist "%CARBON_HOME%\repository\components\plugins\bcpkix-jdk15on*.jar" ( set server_restart_required=true - if exist "%homeDir%\.wso2-bc\backup\bcpkix-jdk15on_%BCPKIX_JDK15ON_VERSION%.jar" ( - move "%homeDir%\.wso2-bc\backup\bcpkix-jdk15on_%BCPKIX_JDK15ON_VERSION%.jar" "%CARBON_HOME%\repository\components\plugins" - echo Moved bcpkix-jdk15on_%BCPKIX_JDK15ON_VERSION%.jar from %homeDir%\.wso2-bc\backup to components/plugins. - ) else ( - echo Downloading required bcpkix-jdk15on jar : bcpkix-jdk15on-%BCPKIX_JDK15ON_VERSION% - curl https://maven.wso2.org/nexus/content/repositories/releases/org/wso2/orbit/org/bouncycastle/bcpkix-jdk15on/%BCPKIX_JDK15ON_VERSION%/bcpkix-jdk15on-%BCPKIX_JDK15ON_VERSION%.jar -o %CARBON_HOME%/repository/components/plugins/bcpkix-jdk15on_%BCPKIX_JDK15ON_VERSION%.jar - FOR /F "tokens=*" %%G IN ('certutil -hashfile "%CARBON_HOME%/repository/components/plugins/bcpkix-jdk15on_%BCPKIX_JDK15ON_VERSION%.jar" SHA1 ^| FIND /V ":"') DO SET "ACTUAL_CHECKSUM_BCPKIX=%%G" - if "%ACTUAL_CHECKSUM_BCPKIX%"=="%EXPECTED_BCPKIX_CHECKSUM%" ( - echo Checksum verified: The downloaded bcpkix-jdk15on-%BCPKIX_JDK15ON_VERSION%.jar is valid. - ) else ( - echo Checksum verification failed: The downloaded bcpkix-jdk15on-%BCPKIX_JDK15ON_VERSION%.jar may be corrupted. + if exist "%homeDir%\.wso2-bc\backup\bcpkix-jdk15on*.jar" ( + for /r %homeDir%\.wso2-bc\backup\ %%G in (bcpkix-jdk15on*.jar) do ( + set bcpkix_location=%%G + set bcpkix_file_name=%%~nG + set verify=false + goto foundBcPkix1 ) - ) + :foundBcPkix1 + for /f "tokens=2 delims=_" %%v in ("%bcpkix_file_name%") do set "bcpkix_version=%%v" + goto bbb + + :bbb + move "%bcpkix_location%" "%CARBON_HOME%\repository\components\plugins" + echo Moved %bcpkix_file_name% from %homeDir%\.wso2-bc\backup to components/plugins. + ) else ( echo "Required bcpkix-jdk15on jar is not available in %homeDir%/.wso2-bc/backup. Download the jar from maven central repository." ) ) + findstr /c:%bcprov_text% %api_publisher_bundles_info% > nul if %errorlevel%==1 ( set server_restart_required=true @@ -191,7 +189,7 @@ if %errorlevel%==1 ( goto printRestartMsg -: enableFipsMode +:enableFipsMode set arg1= set arg2= :parse_args @@ -208,29 +206,47 @@ if not exist "%homeDir%\.wso2-bc" ( if not exist "%homeDir%\.wso2-bc\backup" ( mkdir "%homeDir%\.wso2-bc\backup" ) -if exist "%CARBON_HOME%\repository\components\plugins\bcprov-jdk15on*" ( - set server_restart_required=true - echo Remove existing bcprov-jdk15on jar from plugins folder. - for /f "delims=" %%a in ('dir /b /s "%CARBON_HOME%\repository\components\plugins\bcprov-jdk15on_*.jar"') do ( - set bcprov_location=%%a - goto check_bcprov_location - ) - :check_bcprov_location - move "%bcprov_location%" "%homeDir%\.wso2-bc\backup" - echo Successfully removed bcprov-jdk15on_%BCPROV_JDK15ON_VERSION%.jar from components\plugins. -) -if exist "%CARBON_HOME%\repository\components\plugins\bcpkix-jdk15on*" ( - set server_restart_required=true - echo Remove existing bcpkix-jdk15on jar from plugins folder. - for /f "delims=" %%a in ('dir /b /s "%CARBON_HOME%\repository\components\plugins\bcpkix-jdk15on_*.jar"') do ( - set bcpkix_location=%%a - goto check_bcpkix_location - ) - :check_bcpkix_location - move "%bcpkix_location%" "%homeDir%\.wso2-bc\backup" - echo Successfully removed bcpkix-jdk15on_%BCPKIX_JDK15ON_VERSION%.jar Removed from components\plugins. +if exist %CARBON_HOME%\repository\components\plugins\bcprov-jdk15on*.jar ( + set server_restart_required=true + for /r %CARBON_HOME%\repository\components\plugins\ %%G in (bcprov-jdk15on*.jar) do ( + set bcprov_location=%%G + set bcprov_file_name=%%~nG + goto checkBcVersion + ) + :checkBcVersion + for /f "tokens=2 delims=_" %%v in ("%bcprov_file_name%") do set "bcprov_version=%%v" + goto removeBcProv + + :removeBcProv + echo Removing existing bcprov-jdk15on jar from plugins folder. + if exist "%homeDir%\.wso2-bc\backup\bcprov-jdk15on*.jar" ( + DEL /F "%homeDir%\.wso2-bc\backup\bcprov-jdk15on*.jar" + ) + move "%bcprov_location%" "%homeDir%\.wso2-bc\backup" + echo Successfully removed %bcprov_file_name% from components\plugins. +) + +if exist %CARBON_HOME%\repository\components\plugins\bcpkix-jdk15on*.jar ( + set server_restart_required=true + for /r %CARBON_HOME%\repository\components\plugins\ %%G in (bcpkix-jdk15on*.jar) do ( + set bcpkix_location=%%G + set bcpkix_file_name=%%~nG + goto checkBcpkixVersion + ) + :checkBcpkixVersion + for /f "tokens=2 delims=_" %%v in ("%bcpkix_file_name%") do set "bcpkix_version=%%v" + goto removeBcPkix + + :removeBcPkix + echo Removing existing bcpkix-jdk15on jar from plugins folder. + if exist "%homeDir%\.wso2-bc\backup\bcpkix-jdk15on*.jar" ( + DEL /F "%homeDir%\.wso2-bc\backup\bcpkix-jdk15on*.jar" + ) + move "%bcpkix_location%" "%homeDir%\.wso2-bc\backup" + echo Successfully removed %bcpkix_file_name% from components\plugins. ) + if exist "%CARBON_HOME%\repository\components\lib\bc-fips*.jar" ( for /f "delims=" %%a in ('dir /b /s "%CARBON_HOME%\repository\components\lib\bc-fips*.jar"') do ( set bcfips_location=%%a @@ -245,7 +261,7 @@ if exist "%CARBON_HOME%\repository\components\lib\bc-fips*.jar" ( echo Successfully removed bc-fips_%BC_FIPS_VERSION%.jar from components/lib. if exist "%CARBON_HOME%\repository\components\dropins\bc_fips*.jar" ( set sever_restart_required=true - echo Remove existing bc-fips jar from dropins folder. + echo Removing existing bc-fips jar from dropins folder. del /q "%CARBON_HOME%\repository\components\dropins\bc_fips*.jar" 2> nul echo Successfully removed bc-fips_%BC_FIPS_VERSION%.jar from components/dropins. ) @@ -266,7 +282,7 @@ if exist "%CARBON_HOME%\repository\components\lib\bcpkix-fips*.jar" ( echo Successfully removed bcpkix-fips_%BCPKIX_FIPS_VERSION%.jar from components/lib. if exist "%CARBON_HOME%\repository\components\dropins\bcpkix_fips*.jar" ( set sever_restart_required=true - echo Remove existing bcpkix-fips jar from dropins folder. + echo Removing existing bcpkix-fips jar from dropins folder. del /q "%CARBON_HOME%\repository\components\dropins\bcpkix_fips*.jar" 2> nul echo Successfully removed bcpkix-fips_%BCPKIX_FIPS_VERSION%.jar from components/dropins. ) @@ -345,6 +361,9 @@ if not exist "%CARBON_HOME%\repository\components\lib\bcpkix-fips*.jar" ( ) ) +set bcprov_text=bcprov-jdk15on,%bcprov_version%,../plugins/bcprov-jdk15on_%bcprov_version%.jar,4,true +set bcpkix_text=bcpkix-jdk15on,%bcpkix_version%,../plugins/bcpkix-jdk15on_%bcpkix_version%.jar,4,true + set api_publisher_temp_file=%CARBON_HOME%\repository\components\api-publisher-deprecated\configuration\org.eclipse.equinox.simpleconfigurator\api_publisher_temp.info findstr /v /c:%bcprov_text% /c:%bcpkix_text% %api_publisher_bundles_info% > !api_publisher_temp_file! move /y !api_publisher_temp_file! %api_publisher_bundles_info% > nul @@ -377,30 +396,28 @@ goto printRestartMsg :verifyFipsMode set verify=true -if exist "%CARBON_HOME%\repository\components\plugins\bcprov-jdk15on*.jar" ( - set location= - for /f "delims=" %%i in ('dir /b /s "%CARBON_HOME%\repository\components\plugins\bcprov-jdk15on*.jar" ^| findstr /i /c:".jar"') do ( - set "location=%%i" - goto :verifyBcFipsLocation - ) - :verifyBcFipsLocation - if not "%location%"=="" ( - set verify=false - echo Found bcprov-jdk15on_%BCPROV_JDK15ON_VERSION%.jar in plugins folder. This jar should be removed. - ) +if exist %CARBON_HOME%\repository\components\plugins\bcprov-jdk15on*.jar ( + for /r %CARBON_HOME%\repository\components\plugins\ %%G in (bcprov-jdk15on*.jar) do ( + set bc_location=%%G + set file_name=%%~nG + set verify=false + goto foundBcProv + ) + :foundBcProv + echo Found %file_name% in plugins folder. This jar should be removed. ) -if exist "%CARBON_HOME%\repository\components\plugins\bcpkix-jdk15on*.jar" ( - set location= - for /f "delims=" %%i in ('dir /b /s "%CARBON_HOME%\repository\components\plugins\bcpkix-jdk15on*.jar" ^| findstr /i /c:".jar"') do ( - set "location=%%i" - goto :verifyBcPkixFipsLocation - ) - :verifyBcPkixFipsLocation - if not "%location%"=="" ( - set verify=false - echo Found bcpkix-jdk15on_%BCPKIX_JDK15ON_VERSION%.jar in plugins folder. This jar should be removed. - ) + +if exist %CARBON_HOME%\repository\components\plugins\bcpkix-jdk15on*.jar ( + for /r %CARBON_HOME%\repository\components\plugins\ %%G in (bcpkix-jdk15on*.jar) do ( + set bcpkix_location=%%G + set file_name=%%~nG + set verify=false + goto foundBcPkix + ) + :foundBcPkix + echo Found %file_name% in plugins folder. This jar should be removed. ) + if exist "%CARBON_HOME%\repository\components\lib\bc-fips*.jar" ( if not exist "%CARBON_HOME%\repository\components\lib\bc-fips-%BC_FIPS_VERSION%.jar" ( set verify=false @@ -421,76 +438,76 @@ if exist "%CARBON_HOME%\repository\components\lib\bcpkix-fips*.jar" ( echo can not be found bc-fips_%BC_FIPS_VERSION%.jar in components/lib folder. This jar should be added. ) -findstr /i /c:"%bcprov_text%" "%api_publisher_bundles_info%" > nul +findstr /i /c:"bcprov-jdk15on" "%api_publisher_bundles_info%" > nul if %errorlevel%==0 ( set verify=false - echo Found text "%bcprov_text%" in api-publisher bundles.info. This should be removed. + echo Found bcprov-jdk15on entry in api-publisher bundles.info. This should be removed. ) -findstr /i /c:"%bcpkix_text%" "%api_publisher_bundles_info%" > nul +findstr /i /c:"bcpkix-jdk15on" "%api_publisher_bundles_info%" > nul if %errorlevel%==0 ( set verify=false - echo Found text "%bcpkix_text%" in api-publisher bundles.info. This should be removed. + echo Found bcpkix-jdk15on entry in api-publisher bundles.info. This should be removed. ) -findstr /i /c:"%bcprov_text%" "%api_devportal_bundles_info%" > nul +findstr /i /c:"bcprov-jdk15on" "%api_devportal_bundles_info%" > nul if %errorlevel%==0 ( set verify=false - echo Found text "%bcprov_text%" in api-devportal bundles.info. This should be removed. + echo Found bcprov-jdk15on entry in api-devportal bundles.info. This should be removed. ) -findstr /i /c:"%bcpkix_text%" "%api_devportal_bundles_info%" > nul +findstr /i /c:"bcpkix-jdk15on" "%api_devportal_bundles_info%" > nul if %errorlevel%==0 ( set verify=false - echo Found text "%bcpkix_text%" in api-devportal bundles.info. This should be removed. + echo Found bcpkix-jdk15on entry in api-devportal bundles.info. This should be removed. ) -findstr /i /c:"%bcprov_text%" "%api_key_manager_bundles_info%" > nul +findstr /i /c:"bcprov-jdk15on" "%api_key_manager_bundles_info%" > nul if %errorlevel%==0 ( set verify=false - echo Found text "%bcprov_text%" in api-key-manager bundles.info. This should be removed. + echo Found bcprov-jdk15on entry in api-key-manager bundles.info. This should be removed. ) -findstr /i /c:"%bcpkix_text%" "%api_key_manager_bundles_info%" > nul +findstr /i /c:"bcpkix-jdk15on" "%api_key_manager_bundles_info%" > nul if %errorlevel%==0 ( set verify=false - echo Found text "%bcpkix_text%" in api-key-manager bundles.info. This should be removed. + echo Found bcpkix-jdk15on entry in api-key-manager bundles.info. This should be removed. ) -findstr /i /c:"%bcprov_text%" "%default_bundles_info%" > nul +findstr /i /c:"bcprov-jdk15on" "%default_bundles_info%" > nul if %errorlevel%==0 ( set verify=false - echo Found text "%bcprov_text%" in default bundles.info. This should be removed. + echo Found bcprov-jdk15on entry in default bundles.info. This should be removed. ) -findstr /i /c:"%bcpkix_text%" "%default_bundles_info%" > nul +findstr /i /c:"bcpkix-jdk15on" "%default_bundles_info%" > nul if %errorlevel%==0 ( set verify=false - echo Found text "%bcpkix_text%" in default bundles.info. This should be removed. + echo Found bcpkix-jdk15on entry in default bundles.info. This should be removed. ) -findstr /i /c:"%bcprov_text%" "%traffic_manager_bundles_info%" > nul +findstr /i /c:"bcprov-jdk15on" "%traffic_manager_bundles_info%" > nul if %errorlevel%==0 ( set verify=false - echo Found text "%bcprov_text%" in traffic-manager bundles.info. This should be removed. + echo Found bcprov-jdk15on entry in traffic-manager bundles.info. This should be removed. ) -findstr /i /c:"%bcpkix_text%" "%traffic_manager_bundles_info%" > nul +findstr /i /c:"bcpkix-jdk15on" "%traffic_manager_bundles_info%" > nul if %errorlevel%==0 ( set verify=false - echo Found text "%bcpkix_text%" in traffic-manager bundles.info. This should be removed. + echo Found bcpkix-jdk15on entry in traffic-manager bundles.info. This should be removed. ) -findstr /i /c:"%bcprov_text%" "%gateway_worker_bundles_info%" > nul +findstr /i /c:"bcprov-jdk15on" "%gateway_worker_bundles_info%" > nul if %errorlevel%==0 ( set verify=false - echo Found text "%bcprov_text%" in gateway-worker bundles.info. This should be removed. + echo Found bcprov-jdk15on entry in gateway-worker bundles.info. This should be removed. ) -findstr /i /c:"%bcpkix_text%" "%gateway_worker_bundles_info%" > nul +findstr /i /c:"bcpkix-jdk15on" "%gateway_worker_bundles_info%" > nul if %errorlevel%==0 ( set verify=false - echo Found text "%bcpkix_text%" in gateway-worker bundles.info. This should be removed. + echo Found bcpkix-jdk15on entry in gateway-worker bundles.info. This should be removed. ) if "%verify%"=="true" ( diff --git a/modules/distribution/product/src/main/startup-scripts/fips.sh b/modules/distribution/product/src/main/startup-scripts/fips.sh index 3078b65fcf..79213f18f4 100644 --- a/modules/distribution/product/src/main/startup-scripts/fips.sh +++ b/modules/distribution/product/src/main/startup-scripts/fips.sh @@ -16,11 +16,7 @@ BC_FIPS_VERSION=1.0.2.3; BCPKIX_FIPS_VERSION=1.0.7; -BCPROV_JDK15ON_VERSION=1.70.0.wso2v1; -BCPKIX_JDK15ON_VERSION=1.70.0.wso2v1; -EXPECTED_BCPROV_CHECKSUM="261f41c52b6a664a5e9011ba829e78eb314c0ed8" -EXPECTED_BCPKIX_CHECKSUM="17db4aba24861e306427bdeff03b1c2fac57760f" EXPECTED_BC_FIPS_CHECKSUM="da62b32cb72591f5b4d322e6ab0ce7de3247b534" EXPECTED_BCPKIX_FIPS_CHECKSUM="fe07959721cfa2156be9722ba20fdfee2b5441b0" @@ -39,80 +35,74 @@ control_plane_bundles_info="$CARBON_HOME/repository/components/control-plane/con traffic_manager_bundles_info="$CARBON_HOME/repository/components/traffic-manager/configuration/org.eclipse.equinox.simpleconfigurator/bundles.info"; gateway_worker_bundles_info="$CARBON_HOME/repository/components/gateway-worker/configuration/org.eclipse.equinox.simpleconfigurator/bundles.info"; -bcprov_text="bcprov-jdk15on,$BCPROV_JDK15ON_VERSION,../plugins/bcprov-jdk15on_$BCPROV_JDK15ON_VERSION.jar,4,true"; -bcpkix_text="bcpkix-jdk15on,$BCPKIX_JDK15ON_VERSION,../plugins/bcpkix-jdk15on_$BCPKIX_JDK15ON_VERSION.jar,4,true"; homeDir="$HOME" sever_restart_required=false if [ "$ARGUMENT" = "DISABLE" ] || [ "$ARGUMENT" = "disable" ]; then - if [ -f $CARBON_HOME/repository/components/lib/bc-fips*.jar ]; then - sever_restart_required=true - echo "Remove existing bc-fips jar from lib folder." - rm rm $CARBON_HOME/repository/components/lib/bc-fips*.jar 2> /dev/null - echo "Successfully removed bc-fips_$BC_FIPS_VERSION.jar Removed from component/lib." - fi - if [ -f $CARBON_HOME/repository/components/lib/bcpkix-fips*.jar ]; then - sever_restart_required=true - echo "Remove existing bcpkix-fips jar from lib folder." - rm rm $CARBON_HOME/repository/components/lib/bcpkix-fips*.jar 2> /dev/null - echo "Successfully removed bcpkix-fips_$BCPKIX_JDK15ON_VERSION.jar from component/lib." - fi - if [ -f $CARBON_HOME/repository/components/dropins/bc_fips*.jar ]; then - sever_restart_required=true - echo "Remove existing bc-fips jar from dropins folder." - rm rm $CARBON_HOME/repository/components/dropins/bc_fips*.jar 2> /dev/null - echo "Successfully removed bc-fips_$BC_FIPS_VERSION.jar from component/dropins." - fi - if [ -f $CARBON_HOME/repository/components/dropins/bcpkix_fips*.jar ]; then - sever_restart_required=true - echo "Remove existing bcpkix_fips jar from dropins folder." - rm rm $CARBON_HOME/repository/components/dropins/bcpkix_fips*.jar 2> /dev/null - echo "Successfully removed bcpkix_fips_$BCPKIX_JDK15ON_VERSION.jar from component/dropins." - fi - if [ ! -e $CARBON_HOME/repository/components/plugins/bcprov-jdk15on*.jar ]; then - sever_restart_required=true - if [ -f "$homeDir/.wso2-bc/backup/bcprov-jdk15on_$BCPROV_JDK15ON_VERSION.jar" ]; then - mv "$homeDir/.wso2-bc/backup/bcprov-jdk15on_$BCPROV_JDK15ON_VERSION.jar" "$CARBON_HOME/repository/components/plugins" - echo "Moved bcprov-jdk15on_$BCPROV_JDK15ON_VERSION.jar from $homeDir/.wso2-bc/backup to components/plugins" - else - echo "Downloading required bcprov-jdk15on jar : bcprov-jdk15on-$BCPROV_JDK15ON_VERSION" - curl https://maven.wso2.org/nexus/content/repositories/releases/org/wso2/orbit/org/bouncycastle/bcprov-jdk15on/$BCPROV_JDK15ON_VERSION/bcprov-jdk15on-$BCPROV_JDK15ON_VERSION.jar -o $CARBON_HOME/repository/components/plugins/bcprov-jdk15on_$BCPROV_JDK15ON_VERSION.jar - ACTUAL_CHECKSUM=$(sha1sum $CARBON_HOME/repository/components/plugins/bcprov-jdk15on*.jar | cut -d' ' -f1) - if [ "$EXPECTED_BCPROV_CHECKSUM" = "$ACTUAL_CHECKSUM" ]; then - echo "Checksum verified: The downloaded bcprov-jdk15on-$BCPROV_JDK15ON_VERSION.jar is valid." - else - echo "Checksum verification failed: The downloaded bcprov-jdk15on-$BCPROV_JDK15ON_VERSION.jar may be corrupted." - fi - fi - fi - if [ ! -e $CARBON_HOME/repository/components/plugins/bcpkix-jdk15on*.jar ]; then - sever_restart_required=true - if [ -f "$homeDir/.wso2-bc/backup/bcpkix-jdk15on_$BCPKIX_JDK15ON_VERSION.jar" ]; then - mv "$homeDir/.wso2-bc/backup/bcpkix-jdk15on_$BCPKIX_JDK15ON_VERSION.jar" "$CARBON_HOME/repository/components/plugins" - echo "Moved bcpkix-jdk15on_$BCPKIX_JDK15ON_VERSION.jar from $homeDir/.wso2-bc/backup to components/plugins" + if [ -f $CARBON_HOME/repository/components/lib/bc-fips*.jar ]; then + sever_restart_required=true + echo "Removing existing bc-fips jar from lib folder." + rm rm $CARBON_HOME/repository/components/lib/bc-fips*.jar 2> /dev/null + echo "Successfully removed bc-fips_$BC_FIPS_VERSION.jar from component/lib." + fi + if [ -f $CARBON_HOME/repository/components/lib/bcpkix-fips*.jar ]; then + sever_restart_required=true + echo "Removing existing bcpkix-fips jar from lib folder." + rm rm $CARBON_HOME/repository/components/lib/bcpkix-fips*.jar 2> /dev/null + echo "Successfully removed bcpkix-fips_$BCPKIX_JDK15ON_VERSION.jar from component/lib." + fi + if [ -f $CARBON_HOME/repository/components/dropins/bc_fips*.jar ]; then + sever_restart_required=true + echo "Removing existing bc-fips jar from dropins folder." + rm rm $CARBON_HOME/repository/components/dropins/bc_fips*.jar 2> /dev/null + echo "Successfully removed bc-fips_$BC_FIPS_VERSION.jar from component/dropins." + fi + if [ -f $CARBON_HOME/repository/components/dropins/bcpkix_fips*.jar ]; then + sever_restart_required=true + echo "Removing existing bcpkix_fips jar from dropins folder." + rm rm $CARBON_HOME/repository/components/dropins/bcpkix_fips*.jar 2> /dev/null + echo "Successfully removed bcpkix_fips_$BCPKIX_JDK15ON_VERSION.jar from component/dropins." + fi + if [ ! -e $CARBON_HOME/repository/components/plugins/bcprov-jdk15on*.jar ]; then + sever_restart_required=true + if [ -e $homeDir/.wso2-bc/backup/bcprov-jdk15on*.jar ]; then + location=$(find "$homeDir/.wso2-bc/backup/" -type f -name "bcprov-jdk15on*.jar" | head -1) + bcprov_file_name=$(basename "$location") + bcprov_version=${bcprov_file_name#*_} + bcprov_version=${bcprov_version%.jar} + mv "$location" "$CARBON_HOME/repository/components/plugins" + echo "Moved $bcprov_file_name from $homeDir/.wso2-bc/backup to components/plugins." + else + echo "Required bcprov-jdk15on jar is not available in $homeDir/.wso2-bc/backup. Download the jar from maven central repository." + fi + fi + if [ ! -e $CARBON_HOME/repository/components/plugins/bcpkix-jdk15on*.jar ]; then + sever_restart_required=true + if [ -e $homeDir/.wso2-bc/backup/bcpkix-jdk15on*.jar ]; then + location=$(find "$homeDir/.wso2-bc/backup/" -type f -name "bcpkix-jdk15on*.jar" | head -1) + bcpkix_file_name=$(basename "$location") + bcpkix_version=${bcpkix_file_name#*_} + bcpkix_version=${bcpkix_version%.jar} + mv "$location" "$CARBON_HOME/repository/components/plugins" + echo "Moved $bcpkix_file_name from $homeDir/.wso2-bc/backup to components/plugins." + else + echo "Required bcpkix-jdk15on jar is not available in $homeDir/.wso2-bc/backup. Download the jar from maven central repository." + fi + fi - else - echo "Downloading required bcpkix-jdk15on jar : bcpkix-jdk15on-$BCPKIX_JDK15ON_VERSION" - curl https://maven.wso2.org/nexus/content/repositories/releases/org/wso2/orbit/org/bouncycastle/bcpkix-jdk15on/$BCPKIX_JDK15ON_VERSION/bcpkix-jdk15on-$BCPKIX_JDK15ON_VERSION.jar -o $CARBON_HOME/repository/components/plugins/bcpkix-jdk15on_$BCPKIX_JDK15ON_VERSION.jar - ACTUAL_CHECKSUM=$(sha1sum $CARBON_HOME/repository/components/plugins/bcpkix-jdk15on*.jar | cut -d' ' -f1) - if [ "$EXPECTED_BCPKIX_CHECKSUM" = "$ACTUAL_CHECKSUM" ]; then - echo "Checksum verified: The downloaded bcpkix-jdk15on-$BCPKIX_JDK15ON_VERSION.jar is valid." - else - echo "Checksum verification failed: The downloaded bcpkix-jdk15on-$BCPKIX_JDK15ON_VERSION.jar may be corrupted." - fi - fi - fi + bcprov_text="bcprov-jdk15on,$bcprov_version,../plugins/$bcprov_file_name,4,true"; + bcpkix_text="bcpkix-jdk15on,$bcpkix_version,../plugins/$bcpkix_file_name,4,true"; - if ! grep -q "$bcprov_text" "$api_publisher_bundles_info" ; then - echo $bcprov_text >> $api_publisher_bundles_info; - sever_restart_required=true - fi - if ! grep -q "$bcpkix_text" "$api_publisher_bundles_info" ; then - echo $bcpkix_text >> $api_publisher_bundles_info; - sever_restart_required=true - fi + if ! grep -q "$bcprov_text" "$api_publisher_bundles_info" ; then + echo $bcprov_text >> $api_publisher_bundles_info; + sever_restart_required=true + fi + if ! grep -q "$bcpkix_text" "$api_publisher_bundles_info" ; then + echo $bcpkix_text >> $api_publisher_bundles_info; + sever_restart_required=true + fi - if ! grep -q "$bcprov_text" "$api_devportal_bundles_info" ; then + if ! grep -q "$bcprov_text" "$api_devportal_bundles_info" ; then echo $bcprov_text >> $api_devportal_bundles_info; sever_restart_required=true fi @@ -170,16 +160,18 @@ elif [ "$ARGUMENT" = "VERIFY" ] || [ "$ARGUMENT" = "verify" ]; then verify=true; if [ -f $CARBON_HOME/repository/components/plugins/bcprov-jdk15on*.jar ]; then location=$(find "$CARBON_HOME/repository/components/plugins/" -type f -name "bcprov-jdk15on*.jar" | head -1) + file_name=$(basename "$location") verify=false - echo "Found bcprov-jdk15on_$BCPROV_JDK15ON_VERSION.jar in plugins folder. This jar should be removed." + echo "Found $file_name in plugins folder. This jar should be removed." fi if [ -f $CARBON_HOME/repository/components/plugins/bcprov-jdk15on*.jar ]; then location=$(find "$CARBON_HOME/repository/components/plugins/" -type f -name "bcpkix-jdk15on*.jar" | head -1) + file_name=$(basename "$location") verify=false - echo "Found bcpkix-jdk15on_$BCPKIX_JDK15ON_VERSION.jar in plugins folder. This jar should be removed." + echo "Found $file_name in plugins folder. This jar should be removed." fi if [ -f $CARBON_HOME/repository/components/lib/bc-fips*.jar ]; then - if [ ! -f $CARBON_HOME/repository/components/lib/bc-fips-$BC_FIPS_VERSION.jar ]; then + if [ ! -f $CARBON_HOME/repository/components/lib/bc-fips-$BC_FIPS_VERSION.jar ]; then verify=false echo "There is an update for bc-fips. Run the script again to get updates." fi @@ -188,72 +180,71 @@ elif [ "$ARGUMENT" = "VERIFY" ] || [ "$ARGUMENT" = "verify" ]; then echo "bc-fips_$BC_FIPS_VERSION.jar can not be found in components/lib folder. This jar should be added." fi if [ -f $CARBON_HOME/repository/components/lib/bcpkix-fips*.jar ]; then - if [ ! -f $CARBON_HOME/repository/components/lib/bcpkix-fips-$BCPKIX_FIPS_VERSION.jar ]; then - verify=false - echo "There is an update for bcpkix-fips. Run the script again to get updates." + if [ ! -f $CARBON_HOME/repository/components/lib/bcpkix-fips-$BCPKIX_FIPS_VERSION.jar ]; then + verify=false + echo "There is an update for bcpkix-fips. Run the script again to get updates." fi else verify=false echo "bcpkix-fips_$BCPKIX_FIPS_VERSION.jar can not be found in components/lib folder. This jar should be added." - fi - if grep -q "$bcprov_text" "$api_publisher_bundles_info" ; then + if grep -q "bcprov-jdk15on" "$api_publisher_bundles_info" ; then verify=false - echo "Found $bcprov_text in api-publisher bundles.info. This should be removed"; + echo "Found bcprov-jdk15on entry in api-publisher bundles.info. This should be removed."; fi - if grep -q "$bcpkix_text" "$api_publisher_bundles_info" ; then + if grep -q "bcpkix-jdk15on" "$api_publisher_bundles_info" ; then verify=false - echo "Found $bcpkix_text in api-publisher bundles.info. This should be removed"; + echo "Found bcpkix-jdk15on entry in api-publisher bundles.info. This should be removed."; fi - if grep -q "$bcprov_text" "$api_devportal_bundles_info" ; then + if grep -q "bcprov-jdk15on" "$api_devportal_bundles_info" ; then verify=false - echo "Found $bcprov_text in api-devportal bundles.info. This should be removed"; + echo "Found bcprov-jdk15on entry in api-devportal bundles.info. This should be removed."; fi - if grep -q "$bcpkix_text" "$api_devportal_bundles_info" ; then + if grep -q "bcpkix-jdk15on" "$api_devportal_bundles_info" ; then verify=false - echo "Found $bcpkix_text in api-devportal bundles.info. This should be removed"; + echo "Found bcpkix-jdk15on entry in api-devportal bundles.info. This should be removed."; fi - if grep -q "$bcprov_text" "$api_key_manager_bundles_info" ; then + if grep -q "bcprov-jdk15on" "$api_key_manager_bundles_info" ; then verify=false - echo "Found $bcprov_text in api-key-manager bundles.info. This should be removed"; + echo "Found bcprov-jdk15on entry in api-key-manager bundles.info. This should be removed."; fi - if grep -q "$bcpkix_text" "$api_key_manager_bundles_info" ; then + if grep -q "bcpkix-jdk15on" "$api_key_manager_bundles_info" ; then verify=false - echo "Found $bcpkix_text in api-key-manager bundles.info. This should be removed"; + echo "Found bcpkix-jdk15on entry in api-key-manager bundles.info. This should be removed."; fi - if grep -q "$bcprov_text" "$default_bundles_info" ; then + if grep -q "bcprov-jdk15on" "$default_bundles_info" ; then verify=false - echo "Found $bcprov_text in default bundles.info. This should be removed"; + echo "Found bcprov-jdk15on entry in default bundles.info. This should be removed."; fi - if grep -q "$bcpkix_text" "$default_bundles_info" ; then + if grep -q "bcpkix-jdk15on" "$default_bundles_info" ; then verify=false - echo "Found $bcpkix_text in default bundles.info. This should be removed"; + echo "Found bcpkix-jdk15on entry in default bundles.info. This should be removed."; fi - if grep -q "$bcprov_text" "$control_plane_bundles_info" ; then + if grep -q "bcprov-jdk15on" "$control_plane_bundles_info" ; then verify=false - echo "Found $bcprov_text in control-plane bundles.info. This should be removed"; + echo "Found bcprov-jdk15on entry in control-plane bundles.info. This should be removed."; fi - if grep -q "$bcpkix_text" "$control_plane_bundles_info" ; then + if grep -q "bcpkix-jdk15on" "$control_plane_bundles_info" ; then verify=false - echo "Found $bcpkix_text in control-plane bundles.info. This should be removed"; + echo "Found bcpkix-jdk15on entry in control-plane bundles.info. This should be removed."; fi - if grep -q "$bcprov_text" "$traffic_manager_bundles_info" ; then + if grep -q "bcprov-jdk15on" "$traffic_manager_bundles_info" ; then verify=false - echo "Found $bcprov_text in traffic-manager bundles.info. This should be removed"; + echo "Found bcprov-jdk15on entry in traffic-manager bundles.info. This should be removed."; fi - if grep -q "$bcpkix_text" "$traffic_manager_bundles_info" ; then + if grep -q "bcpkix-jdk15on" "$traffic_manager_bundles_info" ; then verify=false - echo "Found $bcpkix_text in traffic-manager bundles.info. This should be removed"; + echo "Found bcpkix-jdk15on entry in traffic-manager bundles.info. This should be removed."; fi - if grep -q "$bcprov_text" "$gateway_worker_bundles_info" ; then + if grep -q "bcprov-jdk15on" "$gateway_worker_bundles_info" ; then verify=false - echo "Found $bcprov_text in gateway-worker bundles.info. This should be removed"; + echo "Found bcprov-jdk15on entry in gateway-worker bundles.info. This should be removed."; fi - if grep -q "$bcpkix_text" "$gateway_worker_bundles_info" ; then + if grep -q "bcpkix-jdk15on" "$gateway_worker_bundles_info" ; then verify=false - echo "Found $bcpkix_text in gateway-worker bundles.info. This should be removed"; + echo "Found bcpkix-jdk15on entry in gateway-worker bundles.info. This should be removed."; fi if [ $verify = true ]; then @@ -262,23 +253,20 @@ elif [ "$ARGUMENT" = "VERIFY" ] || [ "$ARGUMENT" = "verify" ]; then fi else -while getopts "f:m:" opt; do - case $opt in - f) - arg1=$OPTARG - ;; - m) - arg2=$OPTARG - ;; - \?) - echo "Invalid option: -$OPTARG" >&2 - exit 1 - ;; - esac - done - echo "arg1: $arg1" - echo "arg2: $arg2" - + while getopts "f:m:" opt; do + case $opt in + f) + arg1=$OPTARG + ;; + m) + arg2=$OPTARG + ;; + \?) + echo "Invalid option: -$OPTARG" >&2 + exit 1 + ;; + esac + done if [ ! -d "$homeDir/.wso2-bc" ]; then mkdir "$homeDir/.wso2-bc" @@ -289,177 +277,180 @@ while getopts "f:m:" opt; do if [ -f $CARBON_HOME/repository/components/plugins/bcprov-jdk15on*.jar ]; then sever_restart_required=true location=$(find "$CARBON_HOME/repository/components/plugins/" -type f -name "bcprov-jdk15on*.jar" | head -1) - echo "Remove existing bcpkix-jdk15on jar from plugins folder." + echo "Removing existing bcpkix-jdk15on jar from plugins folder." + if [ -f $homeDir/.wso2-bc/backup/bcprov-jdk15on*.jar ]; then + rm $homeDir/.wso2-bc/backup/bcprov-jdk15on*.jar + fi mv "$location" "$homeDir/.wso2-bc/backup" - echo "Successfully removed bcprov-jdk15on_$BCPROV_JDK15ON_VERSION.jar from component/plugins." + bcprov_file_name=$(basename "$location") + echo "Successfully removed $bcprov_file_name from component/plugins." fi if [ -f $CARBON_HOME/repository/components/plugins/bcpkix-jdk15on*.jar ]; then sever_restart_required=true - echo "Remove existing bcpkix-jdk15on jar from plugins folder." - location=$(find "$CARBON_HOME/repository/components/plugins/" -type f -name "bcpkix-jdk15on*.jar" | head -1) - mv "$location" "$homeDir/.wso2-bc/backup" - echo "Successfully removed bcpkix-jdk15on_$BCPKIX_JDK15ON_VERSION.jar from component/plugins." + echo "Removing existing bcpkix-jdk15on jar from plugins folder." + location=$(find "$CARBON_HOME/repository/components/plugins/" -type f -name "bcpkix-jdk15on*.jar" | head -1) + if [ -f $homeDir/.wso2-bc/backup/bcpkix-jdk15on*.jar ]; then + rm $homeDir/.wso2-bc/backup/bcpkix-jdk15on*.jar + fi + mv "$location" "$homeDir/.wso2-bc/backup" + bcpkix_file_name=$(basename "$location") + echo "Successfully removed $bcpkix_file_name from component/plugins." fi - if grep -q "$bcprov_text" "$api_publisher_bundles_info" ; then + if grep -q "bcprov-jdk15on" "$api_publisher_bundles_info" ; then sever_restart_required=true sed -i '/bcprov-jdk15on/d' $api_publisher_bundles_info fi - if grep -q "$bcpkix_text" "$api_publisher_bundles_info" ; then + if grep -q "bcpkix-jdk15on" "$api_publisher_bundles_info" ; then sever_restart_required=true sed -i '/bcpkix-jdk15on/d' $api_publisher_bundles_info fi - if grep -q "$bcprov_text" "$api_devportal_bundles_info" ; then + if grep -q "bcprov-jdk15on" "$api_devportal_bundles_info" ; then sever_restart_required=true sed -i '/bcprov-jdk15on/d' $api_devportal_bundles_info fi - if grep -q "$bcpkix_text" "$api_devportal_bundles_info" ; then + if grep -q "bcpkix-jdk15on" "$api_devportal_bundles_info" ; then sever_restart_required=true sed -i '/bcpkix-jdk15on/d' $api_devportal_bundles_info fi - if grep -q "$bcprov_text" "$api_key_manager_bundles_info" ; then + if grep -q "bcprov-jdk15on" "$api_key_manager_bundles_info" ; then sever_restart_required=true sed -i '/bcprov-jdk15on/d' $api_key_manager_bundles_info fi - if grep -q "$bcpkix_text" "$api_key_manager_bundles_info" ; then + if grep -q "bcpkix-jdk15on" "$api_key_manager_bundles_info" ; then sever_restart_required=true sed -i '/bcpkix-jdk15on/d' $api_key_manager_bundles_info fi - if grep -q "$bcprov_text" "$default_bundles_info" ; then + if grep -q "bcprov-jdk15on" "$default_bundles_info" ; then sever_restart_required=true sed -i '/bcprov-jdk15on/d' $default_bundles_info fi - if grep -q "$bcpkix_text" "$default_bundles_info" ; then + if grep -q "bcpkix-jdk15on" "$default_bundles_info" ; then sever_restart_required=true sed -i '/bcpkix-jdk15on/d' $default_bundles_info fi - if grep -q "$bcprov_text" "$control_plane_bundles_info" ; then + if grep -q "bcprov-jdk15on" "$control_plane_bundles_info" ; then sever_restart_required=true sed -i '/bcprov-jdk15on/d' $control_plane_bundles_info fi - if grep -q "$bcpkix_text" "$control_plane_bundles_info" ; then + if grep -q "bcpkix-jdk15on" "$control_plane_bundles_info" ; then sever_restart_required=true sed -i '/bcpkix-jdk15on/d' $control_plane_bundles_info fi - if grep -q "$bcprov_text" "$traffic_manager_bundles_info" ; then + if grep -q "bcprov-jdk15on" "$traffic_manager_bundles_info" ; then sever_restart_required=true sed -i '/bcprov-jdk15on/d' $traffic_manager_bundles_info fi - if grep -q "$bcpkix_text" "$traffic_manager_bundles_info" ; then + if grep -q "bcpkix-jdk15on" "$traffic_manager_bundles_info" ; then sever_restart_required=true sed -i '/bcpkix-jdk15on/d' $traffic_manager_bundles_info fi - if grep -q "$bcprov_text" "$gateway_worker_bundles_info" ; then + if grep -q "bcprov-jdk15on" "$gateway_worker_bundles_info" ; then sever_restart_required=true sed -i '/bcprov-jdk15on/d' $gateway_worker_bundles_info fi - if grep -q "$bcpkix_text" "$gateway_worker_bundles_info" ; then + if grep -q "bcpkix-jdk15on" "$gateway_worker_bundles_info" ; then sever_restart_required=true sed -i '/bcpkix-jdk15on/d' $gateway_worker_bundles_info fi if [ -e $CARBON_HOME/repository/components/lib/bc-fips*.jar ]; then - location=$(find "$CARBON_HOME/repository/components/lib/" -type f -name "bc-fips*.jar" | head -1) + location=$(find "$CARBON_HOME/repository/components/lib/" -type f -name "bc-fips*.jar" | head -1) if [ ! $location = "$CARBON_HOME/repository/components/lib/bc-fips-$BC_FIPS_VERSION.jar" ]; then - sever_restart_required=true - echo "There is an update for bc-fips. Therefore Remove existing bc-fips jar from lib folder." - rm rm $CARBON_HOME/repository/components/lib/bc-fips*.jar 2> /dev/null - echo "Successfully removed bc-fips_$BC_FIPS_VERSION.jar from component/lib." - if [ -f $CARBON_HOME/repository/components/dropins/bc_fips*.jar ]; then - sever_restart_required=true - echo "Remove existing bc-fips jar from dropins folder." - rm rm $CARBON_HOME/repository/components/dropins/bc_fips*.jar 2> /dev/null - echo "Successfully removed bc-fips_$BC_FIPS_VERSION.jar from component/dropins." - fi + sever_restart_required=true + echo "There is an update for bc-fips. Therefore Remove existing bc-fips jar from lib folder." + rm rm $CARBON_HOME/repository/components/lib/bc-fips*.jar 2> /dev/null + echo "Successfully removed bc-fips_$BC_FIPS_VERSION.jar from component/lib." + if [ -f $CARBON_HOME/repository/components/dropins/bc_fips*.jar ]; then + sever_restart_required=true + echo "Removing existing bc-fips jar from dropins folder." + rm rm $CARBON_HOME/repository/components/dropins/bc_fips*.jar 2> /dev/null + echo "Successfully removed bc-fips_$BC_FIPS_VERSION.jar from component/dropins." + fi fi fi if [ ! -e $CARBON_HOME/repository/components/lib/bc-fips*.jar ]; then sever_restart_required=true if [ -z "$arg1" ] && [ -z "$arg2" ]; then - echo "both empty" - echo "Downloading required bc-fips jar : bc-fips-$BC_FIPS_VERSION" - curl https://repo1.maven.org/maven2/org/bouncycastle/bc-fips/$BC_FIPS_VERSION/bc-fips-$BC_FIPS_VERSION.jar -o $CARBON_HOME/repository/components/lib/bc-fips-$BC_FIPS_VERSION.jar - ACTUAL_CHECKSUM=$(sha1sum $CARBON_HOME/repository/components/lib/bc-fips*.jar | cut -d' ' -f1) - if [ "$EXPECTED_BC_FIPS_CHECKSUM" = "$ACTUAL_CHECKSUM" ]; then - echo "Checksum verified: The downloaded bc-fips-$BC_FIPS_VERSION.jar is valid." - else - echo "Checksum verification failed: The downloaded bc-fips-$BC_FIPS_VERSION.jar may be corrupted." - fi - elif [ ! -z "$arg1" ] && [ -z "$arg2" ]; then - echo "2 empty" - if [ ! -e $arg1/bcpkix-fips-$BCPKIX_FIPS_VERSION.jar ]; then - echo "Can not be found required bc-fips-$BC_FIPS_VERSION.jar in given file path : $arg1." - else - cp "$arg1/bc-fips-$BC_FIPS_VERSION.jar" "$CARBON_HOME/repository/components/lib" - if [ $? -eq 0 ]; then - echo "bc-fips JAR files copied successfully." - else - echo "Error copying bc-fips JAR file." - fi - fi + echo "Downloading required bc-fips jar : bc-fips-$BC_FIPS_VERSION" + curl https://repo1.maven.org/maven2/org/bouncycastle/bc-fips/$BC_FIPS_VERSION/bc-fips-$BC_FIPS_VERSION.jar -o $CARBON_HOME/repository/components/lib/bc-fips-$BC_FIPS_VERSION.jar + ACTUAL_CHECKSUM=$(sha1sum $CARBON_HOME/repository/components/lib/bc-fips*.jar | cut -d' ' -f1) + if [ "$EXPECTED_BC_FIPS_CHECKSUM" = "$ACTUAL_CHECKSUM" ]; then + echo "Checksum verified: The downloaded bc-fips-$BC_FIPS_VERSION.jar is valid." + else + echo "Checksum verification failed: The downloaded bc-fips-$BC_FIPS_VERSION.jar may be corrupted." + fi + elif [ ! -z "$arg1" ] && [ -z "$arg2" ]; then + if [ ! -e $arg1/bcpkix-fips-$BCPKIX_FIPS_VERSION.jar ]; then + echo "Can not be found required bc-fips-$BC_FIPS_VERSION.jar in given file path : $arg1." + else + cp "$arg1/bc-fips-$BC_FIPS_VERSION.jar" "$CARBON_HOME/repository/components/lib" + if [ $? -eq 0 ]; then + echo "bc-fips JAR files copied successfully." + else + echo "Error copying bc-fips JAR file." + fi + fi else - echo "1 empty" - echo "Downloading required bc-fips jar : bc-fips-$BC_FIPS_VERSION" - curl $arg2/org/bouncycastle/bc-fips/$BC_FIPS_VERSION/bc-fips-$BC_FIPS_VERSION.jar -o $CARBON_HOME/repository/components/lib/bc-fips-$BC_FIPS_VERSION.jar - ACTUAL_CHECKSUM=$(sha1sum $CARBON_HOME/repository/components/lib/bc-fips*.jar | cut -d' ' -f1) - if [ "$EXPECTED_BC_FIPS_CHECKSUM" = "$ACTUAL_CHECKSUM" ]; then - echo "Checksum verified: The downloaded bc-fips-$BC_FIPS_VERSION.jar is valid." - else - echo "Checksum verification failed: The downloaded bc-fips-$BC_FIPS_VERSION.jar may be corrupted." - fi - fi + echo "Downloading required bc-fips jar : bc-fips-$BC_FIPS_VERSION" + curl $arg2/org/bouncycastle/bc-fips/$BC_FIPS_VERSION/bc-fips-$BC_FIPS_VERSION.jar -o $CARBON_HOME/repository/components/lib/bc-fips-$BC_FIPS_VERSION.jar + ACTUAL_CHECKSUM=$(sha1sum $CARBON_HOME/repository/components/lib/bc-fips*.jar | cut -d' ' -f1) + if [ "$EXPECTED_BC_FIPS_CHECKSUM" = "$ACTUAL_CHECKSUM" ]; then + echo "Checksum verified: The downloaded bc-fips-$BC_FIPS_VERSION.jar is valid." + else + echo "Checksum verification failed: The downloaded bc-fips-$BC_FIPS_VERSION.jar may be corrupted." + fi + fi fi if [ -e $CARBON_HOME/repository/components/lib/bcpkix-fips*.jar ]; then location=$(find "$CARBON_HOME/repository/components/lib/" -type f -name "bcpkix-fips*.jar" | head -1) if [ ! $location = "$CARBON_HOME/repository/components/lib/bcpkix-fips-$BCPKIX_FIPS_VERSION.jar" ]; then - sever_restart_required=true - echo "There is an update for bcpkix-fips. Therefore Remove existing bcpkix-fips jar from lib folder." - rm rm $CARBON_HOME/repository/components/lib/bcpkix-fips*.jar 2> /dev/null - echo "Successfully removed bcpkix-fips_$BCPKIX_FIPS_VERSION.jar Removed from component/lib." - if [ -f $CARBON_HOME/repository/components/dropins/bcpkix-fips*.jar ]; then - echo "Remove existing bcpkix-fips jar from dropins folder." - rm rm $CARBON_HOME/repository/components/dropins/bcpkix_fips*.jar 2> /dev/null - echo "Successfully removed bcpkix-fips_$BCPKIX_FIPS_VERSION.jar from component/dropins." - fi + sever_restart_required=true + echo "There is an update for bcpkix-fips. Therefore Remove existing bcpkix-fips jar from lib folder." + rm rm $CARBON_HOME/repository/components/lib/bcpkix-fips*.jar 2> /dev/null + echo "Successfully removed bcpkix-fips_$BCPKIX_FIPS_VERSION.jar from component/lib." + if [ -f $CARBON_HOME/repository/components/dropins/bcpkix-fips*.jar ]; then + echo "Removing existing bcpkix-fips jar from dropins folder." + rm rm $CARBON_HOME/repository/components/dropins/bcpkix_fips*.jar 2> /dev/null + echo "Successfully removed bcpkix-fips_$BCPKIX_FIPS_VERSION.jar from component/dropins." + fi fi fi if [ ! -e $CARBON_HOME/repository/components/lib/bcpkix-fips*.jar ]; then - sever_restart_required=true - if [ -z "$arg1" ] && [ -z "$arg2" ]; then - echo "Downloading required bcpkix-fips jar : bcpkix-fips-$BCPKIX_FIPS_VERSION" - curl https://repo1.maven.org/maven2/org/bouncycastle/bcpkix-fips/$BCPKIX_FIPS_VERSION/bcpkix-fips-$BCPKIX_FIPS_VERSION.jar -o $CARBON_HOME/repository/components/lib/bcpkix-fips-$BCPKIX_FIPS_VERSION.jar - ACTUAL_CHECKSUM=$(sha1sum $CARBON_HOME/repository/components/lib/bcpkix-fips*.jar | cut -d' ' -f1) - if [ "$EXPECTED_BCPKIX_FIPS_CHECKSUM" = "$ACTUAL_CHECKSUM" ]; then - echo "Checksum verified: The downloaded bcpkix-fips-$BCPKIX_FIPS_VERSION.jar is valid." - else - echo "Checksum verification failed: The downloaded bcpkix-fips-$BCPKIX_FIPS_VERSION.jar may be corrupted." - fi - elif [ ! -z "$arg1" ] && [ -z "$arg2" ]; then - echo "2 empty" - if [ ! -e $arg1/bcpkix-fips-$BCPKIX_FIPS_VERSION.jar ]; then - echo "Can not be found required bcpkix-fips-$BCPKIX_FIPS_VERSION.jar in given file path : $arg1." - else - cp "$arg1/bcpkix-fips-$BCPKIX_FIPS_VERSION.jar" "$CARBON_HOME/repository/components/lib" - if [ $? -eq 0 ]; then - echo "bcpkix-fips JAR files copied successfully." - else - echo "Error copying bcpkix-fips JAR file." - fi - fi + sever_restart_required=true + if [ -z "$arg1" ] && [ -z "$arg2" ]; then + echo "Downloading required bcpkix-fips jar : bcpkix-fips-$BCPKIX_FIPS_VERSION" + curl https://repo1.maven.org/maven2/org/bouncycastle/bcpkix-fips/$BCPKIX_FIPS_VERSION/bcpkix-fips-$BCPKIX_FIPS_VERSION.jar -o $CARBON_HOME/repository/components/lib/bcpkix-fips-$BCPKIX_FIPS_VERSION.jar + ACTUAL_CHECKSUM=$(sha1sum $CARBON_HOME/repository/components/lib/bcpkix-fips*.jar | cut -d' ' -f1) + if [ "$EXPECTED_BCPKIX_FIPS_CHECKSUM" = "$ACTUAL_CHECKSUM" ]; then + echo "Checksum verified: The downloaded bcpkix-fips-$BCPKIX_FIPS_VERSION.jar is valid." + else + echo "Checksum verification failed: The downloaded bcpkix-fips-$BCPKIX_FIPS_VERSION.jar may be corrupted." + fi + elif [ ! -z "$arg1" ] && [ -z "$arg2" ]; then + if [ ! -e $arg1/bcpkix-fips-$BCPKIX_FIPS_VERSION.jar ]; then + echo "Can not be found required bcpkix-fips-$BCPKIX_FIPS_VERSION.jar in given file path : $arg1." + else + cp "$arg1/bcpkix-fips-$BCPKIX_FIPS_VERSION.jar" "$CARBON_HOME/repository/components/lib" + if [ $? -eq 0 ]; then + echo "bcpkix-fips JAR files copied successfully." + else + echo "Error copying bcpkix-fips JAR file." + fi + fi else - echo "1 empty" echo "Downloading required bcpkix-fips jar : bcpkix-fips-$BCPKIX_FIPS_VERSION" - curl $arg2/org/bouncycastle/bcpkix-fips/$BCPKIX_FIPS_VERSION/bcpkix-fips-$BCPKIX_FIPS_VERSION.jar -o $CARBON_HOME/repository/components/lib/bcpkix-fips-$BCPKIX_FIPS_VERSION.jar + curl $arg2/org/bouncycastle/bcpkix-fips/$BCPKIX_FIPS_VERSION/bcpkix-fips-$BCPKIX_FIPS_VERSION.jar -o $CARBON_HOME/repository/components/lib/bcpkix-fips-$BCPKIX_FIPS_VERSION.jar ACTUAL_CHECKSUM=$(sha1sucam $CARBON_HOME/repository/components/lib/bc-fips*.jar | cut -d' ' -f1) - if [ "$EXPECTED_BC_FIPS_CHECKSUM" = "$ACTUAL_CHECKSUM" ]; then - echo "Checksum verified: The downloaded bc-fips-$BC_FIPS_VERSION.jar is valid." - else - echo "Checksum verification failed: The downloaded bc-fips-$BC_FIPS_VERSION.jar may be corrupted." - fi - fi + if [ "$EXPECTED_BC_FIPS_CHECKSUM" = "$ACTUAL_CHECKSUM" ]; then + echo "Checksum verified: The downloaded bc-fips-$BC_FIPS_VERSION.jar is valid." + else + echo "Checksum verification failed: The downloaded bc-fips-$BC_FIPS_VERSION.jar may be corrupted." + fi + fi fi fi From 84c42b3fdc1193c9dbd4ae72b9616e2b90eff8a7 Mon Sep 17 00:00:00 2001 From: HeshanSudarshana Date: Mon, 10 Jul 2023 16:01:54 +0530 Subject: [PATCH 09/22] Add changes to fips.sh script to support macOS --- .../product/src/main/startup-scripts/fips.sh | 34 +++++++++---------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/modules/distribution/product/src/main/startup-scripts/fips.sh b/modules/distribution/product/src/main/startup-scripts/fips.sh index 79213f18f4..aa660c79b6 100644 --- a/modules/distribution/product/src/main/startup-scripts/fips.sh +++ b/modules/distribution/product/src/main/startup-scripts/fips.sh @@ -299,59 +299,59 @@ else if grep -q "bcprov-jdk15on" "$api_publisher_bundles_info" ; then sever_restart_required=true - sed -i '/bcprov-jdk15on/d' $api_publisher_bundles_info + sed -i'' -e '/bcprov-jdk15on/d' $api_publisher_bundles_info fi if grep -q "bcpkix-jdk15on" "$api_publisher_bundles_info" ; then sever_restart_required=true - sed -i '/bcpkix-jdk15on/d' $api_publisher_bundles_info + sed -i'' -e '/bcpkix-jdk15on/d' $api_publisher_bundles_info fi if grep -q "bcprov-jdk15on" "$api_devportal_bundles_info" ; then sever_restart_required=true - sed -i '/bcprov-jdk15on/d' $api_devportal_bundles_info + sed -i'' -e '/bcprov-jdk15on/d' $api_devportal_bundles_info fi if grep -q "bcpkix-jdk15on" "$api_devportal_bundles_info" ; then sever_restart_required=true - sed -i '/bcpkix-jdk15on/d' $api_devportal_bundles_info + sed -i'' -e '/bcpkix-jdk15on/d' $api_devportal_bundles_info fi if grep -q "bcprov-jdk15on" "$api_key_manager_bundles_info" ; then sever_restart_required=true - sed -i '/bcprov-jdk15on/d' $api_key_manager_bundles_info + sed -i'' -e '/bcprov-jdk15on/d' $api_key_manager_bundles_info fi if grep -q "bcpkix-jdk15on" "$api_key_manager_bundles_info" ; then sever_restart_required=true - sed -i '/bcpkix-jdk15on/d' $api_key_manager_bundles_info + sed -i'' -e '/bcpkix-jdk15on/d' $api_key_manager_bundles_info fi if grep -q "bcprov-jdk15on" "$default_bundles_info" ; then sever_restart_required=true - sed -i '/bcprov-jdk15on/d' $default_bundles_info + sed -i'' -e '/bcprov-jdk15on/d' $default_bundles_info fi if grep -q "bcpkix-jdk15on" "$default_bundles_info" ; then sever_restart_required=true - sed -i '/bcpkix-jdk15on/d' $default_bundles_info + sed -i'' -e '/bcpkix-jdk15on/d' $default_bundles_info fi if grep -q "bcprov-jdk15on" "$control_plane_bundles_info" ; then sever_restart_required=true - sed -i '/bcprov-jdk15on/d' $control_plane_bundles_info + sed -i'' -e '/bcprov-jdk15on/d' $control_plane_bundles_info fi if grep -q "bcpkix-jdk15on" "$control_plane_bundles_info" ; then sever_restart_required=true - sed -i '/bcpkix-jdk15on/d' $control_plane_bundles_info + sed -i'' -e '/bcpkix-jdk15on/d' $control_plane_bundles_info fi if grep -q "bcprov-jdk15on" "$traffic_manager_bundles_info" ; then sever_restart_required=true - sed -i '/bcprov-jdk15on/d' $traffic_manager_bundles_info + sed -i'' -e '/bcprov-jdk15on/d' $traffic_manager_bundles_info fi if grep -q "bcpkix-jdk15on" "$traffic_manager_bundles_info" ; then sever_restart_required=true - sed -i '/bcpkix-jdk15on/d' $traffic_manager_bundles_info + sed -i'' -e '/bcpkix-jdk15on/d' $traffic_manager_bundles_info fi if grep -q "bcprov-jdk15on" "$gateway_worker_bundles_info" ; then sever_restart_required=true - sed -i '/bcprov-jdk15on/d' $gateway_worker_bundles_info + sed -i'' -e '/bcprov-jdk15on/d' $gateway_worker_bundles_info fi if grep -q "bcpkix-jdk15on" "$gateway_worker_bundles_info" ; then sever_restart_required=true - sed -i '/bcpkix-jdk15on/d' $gateway_worker_bundles_info + sed -i'' -e '/bcpkix-jdk15on/d' $gateway_worker_bundles_info fi if [ -e $CARBON_HOME/repository/components/lib/bc-fips*.jar ]; then @@ -375,7 +375,7 @@ else if [ -z "$arg1" ] && [ -z "$arg2" ]; then echo "Downloading required bc-fips jar : bc-fips-$BC_FIPS_VERSION" curl https://repo1.maven.org/maven2/org/bouncycastle/bc-fips/$BC_FIPS_VERSION/bc-fips-$BC_FIPS_VERSION.jar -o $CARBON_HOME/repository/components/lib/bc-fips-$BC_FIPS_VERSION.jar - ACTUAL_CHECKSUM=$(sha1sum $CARBON_HOME/repository/components/lib/bc-fips*.jar | cut -d' ' -f1) + ACTUAL_CHECKSUM=$(shasum $CARBON_HOME/repository/components/lib/bc-fips*.jar | cut -d' ' -f1) if [ "$EXPECTED_BC_FIPS_CHECKSUM" = "$ACTUAL_CHECKSUM" ]; then echo "Checksum verified: The downloaded bc-fips-$BC_FIPS_VERSION.jar is valid." else @@ -395,7 +395,7 @@ else else echo "Downloading required bc-fips jar : bc-fips-$BC_FIPS_VERSION" curl $arg2/org/bouncycastle/bc-fips/$BC_FIPS_VERSION/bc-fips-$BC_FIPS_VERSION.jar -o $CARBON_HOME/repository/components/lib/bc-fips-$BC_FIPS_VERSION.jar - ACTUAL_CHECKSUM=$(sha1sum $CARBON_HOME/repository/components/lib/bc-fips*.jar | cut -d' ' -f1) + ACTUAL_CHECKSUM=$(shasum $CARBON_HOME/repository/components/lib/bc-fips*.jar | cut -d' ' -f1) if [ "$EXPECTED_BC_FIPS_CHECKSUM" = "$ACTUAL_CHECKSUM" ]; then echo "Checksum verified: The downloaded bc-fips-$BC_FIPS_VERSION.jar is valid." else @@ -424,7 +424,7 @@ else if [ -z "$arg1" ] && [ -z "$arg2" ]; then echo "Downloading required bcpkix-fips jar : bcpkix-fips-$BCPKIX_FIPS_VERSION" curl https://repo1.maven.org/maven2/org/bouncycastle/bcpkix-fips/$BCPKIX_FIPS_VERSION/bcpkix-fips-$BCPKIX_FIPS_VERSION.jar -o $CARBON_HOME/repository/components/lib/bcpkix-fips-$BCPKIX_FIPS_VERSION.jar - ACTUAL_CHECKSUM=$(sha1sum $CARBON_HOME/repository/components/lib/bcpkix-fips*.jar | cut -d' ' -f1) + ACTUAL_CHECKSUM=$(shasum $CARBON_HOME/repository/components/lib/bcpkix-fips*.jar | cut -d' ' -f1) if [ "$EXPECTED_BCPKIX_FIPS_CHECKSUM" = "$ACTUAL_CHECKSUM" ]; then echo "Checksum verified: The downloaded bcpkix-fips-$BCPKIX_FIPS_VERSION.jar is valid." else From 44f40226149144a47b7b32e7d93574abb19d8594 Mon Sep 17 00:00:00 2001 From: HeshanSudarshana Date: Mon, 24 Apr 2023 10:11:13 +0530 Subject: [PATCH 10/22] Update subscription policy test case to support NDB cluster --- ...MGetAllSubscriptionThrottlingPolicies.java | 100 ++++++++++-------- 1 file changed, 56 insertions(+), 44 deletions(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/publisher/APIMGetAllSubscriptionThrottlingPolicies.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/publisher/APIMGetAllSubscriptionThrottlingPolicies.java index 22467c6995..f5795bfb92 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/publisher/APIMGetAllSubscriptionThrottlingPolicies.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/publisher/APIMGetAllSubscriptionThrottlingPolicies.java @@ -29,6 +29,7 @@ import org.wso2.am.integration.test.utils.base.APIMIntegrationBaseTest; import org.wso2.carbon.automation.engine.context.TestUserMode; +import java.util.List; import static org.testng.Assert.assertEquals; import static org.testng.Assert.assertNotNull; @@ -61,69 +62,80 @@ public void testGetAllSubscriptionThrottlingPoliciesByQuotaType() throws Excepti assertNotNull(subscriptionPolicyList, "There are no subscription policies available"); assertNotNull(subscriptionPolicyList.getCount(), "Subscription policy count should be available"); assertEquals(subscriptionPolicyList.getCount().intValue(), 8, "There must be only 8 policies by default"); + assertNotNull(subscriptionPolicyList.getList(), "Subscription policy list should be available"); - SubscriptionPolicyDTO tierAsyncBronze = subscriptionPolicyList.getList().get(2); - assertEquals(tierAsyncBronze.getDescription(), "Allows 5000 events per day", - "Invalid description of the tier Async Bronze"); + SubscriptionPolicyDTO tierAsyncBronze = getSubscriptionPolicy("AsyncBronze", + subscriptionPolicyList.getList()); + assertNotNull(tierAsyncBronze, "Tier AsyncBronze is not available"); assertEquals(tierAsyncBronze.getDisplayName(), "AsyncBronze", - "Invalid display name of the tier Async Bronze"); - assertEquals(tierAsyncBronze.getPolicyName(), "AsyncBronze", - "Invalid name of the tier Async Bronze"); + "Invalid display name of the tier AsyncBronze"); + assertEquals(tierAsyncBronze.getDescription(), "Allows 5000 events per day", + "Invalid description of the tier AsyncBronze"); - SubscriptionPolicyDTO tierAsyncGold = subscriptionPolicyList.getList().get(0); - assertEquals(tierAsyncGold.getDescription(), "Allows 50000 events per day", - "Invalid description of the tier Async Gold"); + SubscriptionPolicyDTO tierAsyncGold = getSubscriptionPolicy("AsyncGold", + subscriptionPolicyList.getList()); + assertNotNull(tierAsyncGold, "Tier AsyncGold is not available"); assertEquals(tierAsyncGold.getDisplayName(), "AsyncGold", - "Invalid display name of the tier Async Gold"); - assertEquals(tierAsyncGold.getPolicyName(), "AsyncGold", - "Invalid name of the tier Async Gold"); + "Invalid display name of the tier AsyncGold"); + assertEquals(tierAsyncGold.getDescription(), "Allows 50000 events per day", + "Invalid description of the tier AsyncGold"); - SubscriptionPolicyDTO tierAsyncSilver = subscriptionPolicyList.getList().get(1); - assertEquals(tierAsyncSilver.getDescription(), "Allows 25000 events per day", - "Invalid description of the tier Async Silver"); + SubscriptionPolicyDTO tierAsyncSilver = getSubscriptionPolicy("AsyncSilver", + subscriptionPolicyList.getList()); + assertNotNull(tierAsyncSilver, "Tier AsyncSilver is not available"); assertEquals(tierAsyncSilver.getDisplayName(), "AsyncSilver", - "Invalid display name of the tier Async Silver"); - assertEquals(tierAsyncSilver.getPolicyName(), "AsyncSilver", - "Invalid name of the tier Async Silver"); + "Invalid display name of the tier AsyncSilver"); + assertEquals(tierAsyncSilver.getDescription(), "Allows 25000 events per day", + "Invalid description of the tier AsyncSilver"); - SubscriptionPolicyDTO tierAsyncUnlimited = subscriptionPolicyList.getList().get(3); - assertEquals(tierAsyncUnlimited.getDescription(), "Allows unlimited events", - "Invalid description of the tier Async Unlimited"); + SubscriptionPolicyDTO tierAsyncUnlimited = getSubscriptionPolicy("AsyncUnlimited", + subscriptionPolicyList.getList()); + assertNotNull(tierAsyncUnlimited, "Tier AsyncUnlimited is not available"); assertEquals(tierAsyncUnlimited.getDisplayName(), "AsyncUnlimited", - "Invalid display name of the tier Async Unlimited"); - assertEquals(tierAsyncUnlimited.getPolicyName(), "AsyncUnlimited", - "Invalid name of the tier Async Unlimited"); + "Invalid display name of the tier AsyncUnlimited"); + assertEquals(tierAsyncUnlimited.getDescription(), "Allows unlimited events", + "Invalid description of the tier AsyncUnlimited"); - SubscriptionPolicyDTO tierAsyncWHBronze = subscriptionPolicyList.getList().get(6); - assertEquals(tierAsyncWHBronze.getDescription(), "Allows 1000 events per month and 500 active " + - "subscriptions", "Invalid description of the tier AsyncWHBronze"); + SubscriptionPolicyDTO tierAsyncWHBronze = getSubscriptionPolicy("AsyncWHBronze", + subscriptionPolicyList.getList()); + assertNotNull(tierAsyncWHBronze, "Tier AsyncWHBronze is not available"); assertEquals(tierAsyncWHBronze.getDisplayName(), "AsyncWHBronze", "Invalid display name of the tier AsyncWHBronze"); - assertEquals(tierAsyncWHBronze.getPolicyName(), "AsyncWHBronze", - "Invalid name of the tier AsyncWHBronze"); + assertEquals(tierAsyncWHBronze.getDescription(), "Allows 1000 events per month and 500 active " + + "subscriptions", "Invalid description of the tier AsyncWHBronze"); - SubscriptionPolicyDTO tierAsyncWHGold = subscriptionPolicyList.getList().get(4); - assertEquals(tierAsyncWHGold.getDescription(), "Allows 10000 events per month and 1000 active" + - " subscriptions", "Invalid description of the tier AsyncWHGold"); + SubscriptionPolicyDTO tierAsyncWHGold = getSubscriptionPolicy("AsyncWHGold", + subscriptionPolicyList.getList()); + assertNotNull(tierAsyncWHGold, "Tier AsyncWHGold is not available"); assertEquals(tierAsyncWHGold.getDisplayName(), "AsyncWHGold", "Invalid display name of the tier AsyncWHGold"); - assertEquals(tierAsyncWHGold.getPolicyName(), "AsyncWHGold", - "Invalid name of the tier AsyncWHGold"); + assertEquals(tierAsyncWHGold.getDescription(), "Allows 10000 events per month and 1000 active " + + "subscriptions", "Invalid description of the tier AsyncWHGold"); - SubscriptionPolicyDTO tierAsyncWHSilver = subscriptionPolicyList.getList().get(5); - assertEquals(tierAsyncWHSilver.getDescription(), "Allows 5000 events per month and 500 active " + - "subscriptions", "Invalid description of the tier AsyncWHSilver"); + SubscriptionPolicyDTO tierAsyncWHSilver = getSubscriptionPolicy("AsyncWHSilver", + subscriptionPolicyList.getList()); + assertNotNull(tierAsyncWHSilver, "Tier AsyncWHSilver is not available"); assertEquals(tierAsyncWHSilver.getDisplayName(), "AsyncWHSilver", "Invalid display name of the tier AsyncWHSilver"); - assertEquals(tierAsyncWHSilver.getPolicyName(), "AsyncWHSilver", - "Invalid name of the tier AsyncWHSilver"); + assertEquals(tierAsyncWHSilver.getDescription(), "Allows 5000 events per month and 500 active " + + "subscriptions", "Invalid description of the tier AsyncWHSilver"); - SubscriptionPolicyDTO tierAsyncWHUnlimited = subscriptionPolicyList.getList().get(7); + SubscriptionPolicyDTO tierAsyncWHUnlimited = getSubscriptionPolicy("AsyncWHUnlimited", + subscriptionPolicyList.getList()); + assertNotNull(tierAsyncWHUnlimited, "Tier AsyncWHUnlimited is not available"); + assertEquals(tierAsyncWHUnlimited.getDisplayName(), "AsyncWHUnlimited", + "Invalid display name of the tier AsyncWHUnlimited"); assertEquals(tierAsyncWHUnlimited.getDescription(), "Allows unlimited events and unlimited active " + "subscriptions", "Invalid description of the tier AsyncWHUnlimited"); - assertEquals(tierAsyncWHUnlimited.getDisplayName(), "AsyncWHUnlimited", - "Invalid display name of the tier Bronze"); - assertEquals(tierAsyncWHUnlimited.getPolicyName(), "AsyncWHUnlimited", - "Invalid name of the tier AsyncWHUnlimited"); + + } + + public SubscriptionPolicyDTO getSubscriptionPolicy(String policyName, List subscriptionPolicyDTOList) { + for (SubscriptionPolicyDTO subscriptionPolicyDTO: subscriptionPolicyDTOList) { + if (subscriptionPolicyDTO.getPolicyName().equals(policyName)) { + return subscriptionPolicyDTO; + } + } + return null; } } From 64eba389ef197bd3805754cd3b2461a5cf7b984f Mon Sep 17 00:00:00 2001 From: HeshanSudarshana Date: Thu, 18 May 2023 12:37:39 +0530 Subject: [PATCH 11/22] Refactor APIMGetAllSubscriptionThrottlingPolicies file --- .../publisher/APIMGetAllSubscriptionThrottlingPolicies.java | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/publisher/APIMGetAllSubscriptionThrottlingPolicies.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/publisher/APIMGetAllSubscriptionThrottlingPolicies.java index f5795bfb92..ab63d440bf 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/publisher/APIMGetAllSubscriptionThrottlingPolicies.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/publisher/APIMGetAllSubscriptionThrottlingPolicies.java @@ -20,6 +20,8 @@ package org.wso2.am.integration.tests.publisher; +import java.util.List; + import org.testng.annotations.BeforeClass; import org.testng.annotations.DataProvider; import org.testng.annotations.Factory; @@ -29,8 +31,6 @@ import org.wso2.am.integration.test.utils.base.APIMIntegrationBaseTest; import org.wso2.carbon.automation.engine.context.TestUserMode; -import java.util.List; - import static org.testng.Assert.assertEquals; import static org.testng.Assert.assertNotNull; import static org.wso2.carbon.apimgt.api.model.policy.PolicyConstants.EVENT_COUNT_TYPE; @@ -127,7 +127,6 @@ public void testGetAllSubscriptionThrottlingPoliciesByQuotaType() throws Excepti "Invalid display name of the tier AsyncWHUnlimited"); assertEquals(tierAsyncWHUnlimited.getDescription(), "Allows unlimited events and unlimited active " + "subscriptions", "Invalid description of the tier AsyncWHUnlimited"); - } public SubscriptionPolicyDTO getSubscriptionPolicy(String policyName, List subscriptionPolicyDTOList) { From 1c41c57577f33fceaac25408d42a688a5317e111 Mon Sep 17 00:00:00 2001 From: CrowleyRajapakse Date: Tue, 30 Jan 2024 20:22:32 +0530 Subject: [PATCH 12/22] adding gatewayType config and REST API changes --- .../product/src/main/conf/deployment.toml | 1 + .../deployment-templates/control-plane.toml | 1 + .../.openapi-generator/admin-api.yaml.sha256 | 2 +- .../clients/admin/api/openapi.yaml | 60 +++++++++++++++++++ .../clients/admin/api/dto/EnvironmentDTO.java | 31 +++++++++- .../clients/admin/api/dto/SettingsDTO.java | 31 +++++++++- .../admin/src/main/resources/admin-api.yaml | 8 +++ .../publisher-api.yaml.sha256 | 2 +- .../clients/publisher/api/openapi.yaml | 18 ++++++ .../clients/publisher/docs/APIDTO.md | 1 + .../clients/publisher/docs/SettingsDTO.md | 1 + .../clients/publisher/api/v1/dto/APIDTO.java | 31 +++++++++- .../publisher/api/v1/dto/SettingsDTO.java | 31 +++++++++- .../src/main/resources/publisher-api.yaml | 14 +++++ .../am/integration/test/impl/DtoFactory.java | 5 +- .../test/impl/RestAPIPublisherImpl.java | 3 + .../test/utils/bean/APIRequest.java | 9 +++ .../tests/api/APICreationTestCase.java | 48 +++++++++++++++ .../restapi/admin/EnvironmentTestCase.java | 44 +++++++++++--- pom.xml | 2 +- 20 files changed, 325 insertions(+), 18 deletions(-) diff --git a/modules/distribution/product/src/main/conf/deployment.toml b/modules/distribution/product/src/main/conf/deployment.toml index 303b25af79..f8f02848bb 100755 --- a/modules/distribution/product/src/main/conf/deployment.toml +++ b/modules/distribution/product/src/main/conf/deployment.toml @@ -52,6 +52,7 @@ key_password = "wso2carbon" [[apim.gateway.environment]] name = "Default" type = "hybrid" +gateway_type = "Regular" provider = "wso2" display_in_api_console = true description = "This is a hybrid gateway that handles both production and sandbox token traffic." diff --git a/modules/distribution/product/src/main/resources/conf/deployment-templates/control-plane.toml b/modules/distribution/product/src/main/resources/conf/deployment-templates/control-plane.toml index ad324ae07a..f7b9025c99 100755 --- a/modules/distribution/product/src/main/resources/conf/deployment-templates/control-plane.toml +++ b/modules/distribution/product/src/main/resources/conf/deployment-templates/control-plane.toml @@ -49,6 +49,7 @@ key_password = "wso2carbon" [[apim.gateway.environment]] name = "Default" type = "hybrid" +gateway_type = "Regular" provider = "wso2" display_in_api_console = true description = "This is a hybrid gateway that handles both production and sandbox token traffic." diff --git a/modules/integration/tests-common/clients/admin/.openapi-generator/admin-api.yaml.sha256 b/modules/integration/tests-common/clients/admin/.openapi-generator/admin-api.yaml.sha256 index 26c6a59b60..ed2bd5a963 100644 --- a/modules/integration/tests-common/clients/admin/.openapi-generator/admin-api.yaml.sha256 +++ b/modules/integration/tests-common/clients/admin/.openapi-generator/admin-api.yaml.sha256 @@ -1 +1 @@ -913b0f99d03f27dee037609be7975aca8be768047cea3b7c8598dd11a5a89a6a \ No newline at end of file +79b51370beba8f507666fe239fea0c86a211fc9f1f8dbf97264d13f09f0c147a \ No newline at end of file diff --git a/modules/integration/tests-common/clients/admin/api/openapi.yaml b/modules/integration/tests-common/clients/admin/api/openapi.yaml index c763656859..954e4215ec 100644 --- a/modules/integration/tests-common/clients/admin/api/openapi.yaml +++ b/modules/integration/tests-common/clients/admin/api/openapi.yaml @@ -7962,6 +7962,18 @@ components: - type title: Throttle Limit type: object + BurstLimit: + properties: + rateLimitCount: + description: Burst control request count + example: 10 + type: integer + rateLimitTimeUnit: + description: Burst control time unit + example: min + type: string + title: Burst Limit object + type: object MonetizationInfo: properties: monetizationPlan: @@ -8346,6 +8358,7 @@ components: endpointURI: default - protocol: default endpointURI: default + gatewayType: Regular isReadOnly: false provider: wso2 displayName: US Region @@ -8393,6 +8406,10 @@ components: provider: example: wso2 type: string + gatewayType: + default: Regular + example: Regular + type: string isReadOnly: example: false readOnly: true @@ -8424,6 +8441,7 @@ components: endpointURI: default - protocol: default endpointURI: default + gatewayType: Regular isReadOnly: false provider: wso2 displayName: US Region @@ -8453,6 +8471,7 @@ components: endpointURI: default - protocol: default endpointURI: default + gatewayType: Regular isReadOnly: false provider: wso2 displayName: US Region @@ -8786,6 +8805,9 @@ components: mask: true defaultScopesClaim: scope type: default + gatewayTypes: + - gatewayTypes + - gatewayTypes scopes: - scopes - scopes @@ -8794,6 +8816,10 @@ components: items: type: string type: array + gatewayTypes: + items: + type: string + type: array keyManagerConfiguration: items: $ref: '#/components/schemas/Settings_keyManagerConfiguration' @@ -8884,6 +8910,11 @@ components: tokenEndpoint: https://localhost:9444/oauth2/token consumerKeyClaim: azp scopesClaim: scp + permissions: + permissionType: ALLOW + roles: + - Internal/subscriber + - Internal/subscriber alias: https://localhost:9443/oauth2/token id: 01234567-0123-0123-0123-012345678901 userInfoEndpoint: https://localhost:9444/oauth2/userinfo?schema=openid @@ -8946,6 +8977,11 @@ components: tokenEndpoint: https://localhost:9444/oauth2/token consumerKeyClaim: azp scopesClaim: scp + permissions: + permissionType: ALLOW + roles: + - Internal/subscriber + - Internal/subscriber alias: https://localhost:9443/oauth2/token id: 01234567-0123-0123-0123-012345678901 userInfoEndpoint: https://localhost:9444/oauth2/userinfo?schema=openid @@ -9104,6 +9140,8 @@ components: Password: admin properties: {} type: object + permissions: + $ref: '#/components/schemas/KeyManager_permissions' tokenType: default: DIRECT description: The type of the tokens to be used (exchanged or without exchanged). @@ -9628,6 +9666,8 @@ components: properties: defaultLimit: $ref: '#/components/schemas/ThrottleLimit' + burstLimit: + $ref: '#/components/schemas/BurstLimit' required: - defaultLimit SubscriptionThrottlePolicy_allOf: @@ -9783,6 +9823,26 @@ components: type: string value: type: string + KeyManager_permissions: + example: + permissionType: ALLOW + roles: + - Internal/subscriber + - Internal/subscriber + properties: + permissionType: + default: PUBLIC + enum: + - PUBLIC + - ALLOW + - DENY + example: ALLOW + type: string + roles: + items: + example: Internal/subscriber + type: string + type: array securitySchemes: OAuth2Security: flows: diff --git a/modules/integration/tests-common/clients/admin/src/gen/java/org/wso2/am/integration/clients/admin/api/dto/EnvironmentDTO.java b/modules/integration/tests-common/clients/admin/src/gen/java/org/wso2/am/integration/clients/admin/api/dto/EnvironmentDTO.java index cbdf0e0c78..63557a7f42 100644 --- a/modules/integration/tests-common/clients/admin/src/gen/java/org/wso2/am/integration/clients/admin/api/dto/EnvironmentDTO.java +++ b/modules/integration/tests-common/clients/admin/src/gen/java/org/wso2/am/integration/clients/admin/api/dto/EnvironmentDTO.java @@ -54,6 +54,10 @@ public class EnvironmentDTO { @SerializedName(SERIALIZED_NAME_PROVIDER) private String provider; + public static final String SERIALIZED_NAME_GATEWAY_TYPE = "gatewayType"; + @SerializedName(SERIALIZED_NAME_GATEWAY_TYPE) + private String gatewayType = "Regular"; + public static final String SERIALIZED_NAME_IS_READ_ONLY = "isReadOnly"; @SerializedName(SERIALIZED_NAME_IS_READ_ONLY) private Boolean isReadOnly; @@ -185,6 +189,29 @@ public void setProvider(String provider) { } + public EnvironmentDTO gatewayType(String gatewayType) { + + this.gatewayType = gatewayType; + return this; + } + + /** + * Get gatewayType + * @return gatewayType + **/ + @javax.annotation.Nullable + @ApiModelProperty(example = "Regular", value = "") + + public String getGatewayType() { + return gatewayType; + } + + + public void setGatewayType(String gatewayType) { + this.gatewayType = gatewayType; + } + + public EnvironmentDTO isReadOnly(Boolean isReadOnly) { this.isReadOnly = isReadOnly; @@ -290,6 +317,7 @@ public boolean equals(Object o) { Objects.equals(this.displayName, environment.displayName) && Objects.equals(this.description, environment.description) && Objects.equals(this.provider, environment.provider) && + Objects.equals(this.gatewayType, environment.gatewayType) && Objects.equals(this.isReadOnly, environment.isReadOnly) && Objects.equals(this.vhosts, environment.vhosts) && Objects.equals(this.endpointURIs, environment.endpointURIs) && @@ -298,7 +326,7 @@ public boolean equals(Object o) { @Override public int hashCode() { - return Objects.hash(id, name, displayName, description, provider, isReadOnly, vhosts, endpointURIs, additionalProperties); + return Objects.hash(id, name, displayName, description, provider, gatewayType, isReadOnly, vhosts, endpointURIs, additionalProperties); } @@ -311,6 +339,7 @@ public String toString() { sb.append(" displayName: ").append(toIndentedString(displayName)).append("\n"); sb.append(" description: ").append(toIndentedString(description)).append("\n"); sb.append(" provider: ").append(toIndentedString(provider)).append("\n"); + sb.append(" gatewayType: ").append(toIndentedString(gatewayType)).append("\n"); sb.append(" isReadOnly: ").append(toIndentedString(isReadOnly)).append("\n"); sb.append(" vhosts: ").append(toIndentedString(vhosts)).append("\n"); sb.append(" endpointURIs: ").append(toIndentedString(endpointURIs)).append("\n"); diff --git a/modules/integration/tests-common/clients/admin/src/gen/java/org/wso2/am/integration/clients/admin/api/dto/SettingsDTO.java b/modules/integration/tests-common/clients/admin/src/gen/java/org/wso2/am/integration/clients/admin/api/dto/SettingsDTO.java index 0c7fb404f5..2f28a6bd70 100644 --- a/modules/integration/tests-common/clients/admin/src/gen/java/org/wso2/am/integration/clients/admin/api/dto/SettingsDTO.java +++ b/modules/integration/tests-common/clients/admin/src/gen/java/org/wso2/am/integration/clients/admin/api/dto/SettingsDTO.java @@ -36,6 +36,10 @@ public class SettingsDTO { @SerializedName(SERIALIZED_NAME_SCOPES) private List scopes = null; + public static final String SERIALIZED_NAME_GATEWAY_TYPES = "gatewayTypes"; + @SerializedName(SERIALIZED_NAME_GATEWAY_TYPES) + private List gatewayTypes = null; + public static final String SERIALIZED_NAME_KEY_MANAGER_CONFIGURATION = "keyManagerConfiguration"; @SerializedName(SERIALIZED_NAME_KEY_MANAGER_CONFIGURATION) private List keyManagerConfiguration = null; @@ -68,6 +72,29 @@ public void setScopes(List scopes) { } + public SettingsDTO gatewayTypes(List gatewayTypes) { + + this.gatewayTypes = gatewayTypes; + return this; + } + + /** + * Get gatewayTypes + * @return gatewayTypes + **/ + @javax.annotation.Nullable + @ApiModelProperty(value = "") + + public List getGatewayTypes() { + return gatewayTypes; + } + + + public void setGatewayTypes(List gatewayTypes) { + this.gatewayTypes = gatewayTypes; + } + + public SettingsDTO keyManagerConfiguration(List keyManagerConfiguration) { this.keyManagerConfiguration = keyManagerConfiguration; @@ -124,13 +151,14 @@ public boolean equals(Object o) { } SettingsDTO settings = (SettingsDTO) o; return Objects.equals(this.scopes, settings.scopes) && + Objects.equals(this.gatewayTypes, settings.gatewayTypes) && Objects.equals(this.keyManagerConfiguration, settings.keyManagerConfiguration) && Objects.equals(this.analyticsEnabled, settings.analyticsEnabled); } @Override public int hashCode() { - return Objects.hash(scopes, keyManagerConfiguration, analyticsEnabled); + return Objects.hash(scopes, gatewayTypes, keyManagerConfiguration, analyticsEnabled); } @@ -139,6 +167,7 @@ public String toString() { StringBuilder sb = new StringBuilder(); sb.append("class SettingsDTO {\n"); sb.append(" scopes: ").append(toIndentedString(scopes)).append("\n"); + sb.append(" gatewayTypes: ").append(toIndentedString(gatewayTypes)).append("\n"); sb.append(" keyManagerConfiguration: ").append(toIndentedString(keyManagerConfiguration)).append("\n"); sb.append(" analyticsEnabled: ").append(toIndentedString(analyticsEnabled)).append("\n"); sb.append("}"); diff --git a/modules/integration/tests-common/clients/admin/src/main/resources/admin-api.yaml b/modules/integration/tests-common/clients/admin/src/main/resources/admin-api.yaml index 4cab2802f0..77ea2604cd 100644 --- a/modules/integration/tests-common/clients/admin/src/main/resources/admin-api.yaml +++ b/modules/integration/tests-common/clients/admin/src/main/resources/admin-api.yaml @@ -5153,6 +5153,10 @@ components: provider: type: string example: wso2 + gatewayType: + type: string + example: Regular + default: Regular isReadOnly: type: boolean readOnly: true @@ -5384,6 +5388,10 @@ components: type: array items: type: string + gatewayTypes: + type: array + items: + type: string keyManagerConfiguration: type: array items: diff --git a/modules/integration/tests-common/clients/publisher/.openapi-generator/publisher-api.yaml.sha256 b/modules/integration/tests-common/clients/publisher/.openapi-generator/publisher-api.yaml.sha256 index c1342177fa..0e346abaa5 100644 --- a/modules/integration/tests-common/clients/publisher/.openapi-generator/publisher-api.yaml.sha256 +++ b/modules/integration/tests-common/clients/publisher/.openapi-generator/publisher-api.yaml.sha256 @@ -1 +1 @@ -391b6c495dd81ff0bce5c843cc2eee5079b934390ab6a51a0241e883cb34d575 \ No newline at end of file +51e2f49c8ea45de5a84d917d28a455ab2094d705fe7c9a8f4a6aaa1fdfc80b7f \ No newline at end of file diff --git a/modules/integration/tests-common/clients/publisher/api/openapi.yaml b/modules/integration/tests-common/clients/publisher/api/openapi.yaml index 57e97008bd..ac93a19ed6 100644 --- a/modules/integration/tests-common/clients/publisher/api/openapi.yaml +++ b/modules/integration/tests-common/clients/publisher/api/openapi.yaml @@ -16718,6 +16718,7 @@ components: responseCachingEnabled: true type: HTTP enableSchemaValidation: false + gatewayType: wso2/synapse context: pizza createdTime: createdTime id: 01234567-0123-0123-0123-012345678901 @@ -17314,6 +17315,13 @@ components: example: wso2 title: field to identify gateway vendor type: string + gatewayType: + default: wso2/synapse + description: The gateway type selected for the API policies. Accepts one + of the following. wso2/synapse, wso2/apk. + example: wso2/synapse + title: Field to identify gateway type. + type: string asyncTransportProtocols: description: | Supported transports for the async API (http and/or https). @@ -20421,6 +20429,9 @@ components: websubHttpsPort: 8021 httpsPort: 443 crossTenantSubscriptionEnabled: false + gatewayTypes: + - Regular + - APK defaultSubscriptionPolicy: defaultSubscriptionPolicy securityAuditProperties: '{}' scopes: @@ -20439,6 +20450,13 @@ components: items: $ref: '#/components/schemas/Environment' type: array + gatewayTypes: + example: + - Regular + - APK + items: + type: string + type: array scopes: example: - apim:api_create diff --git a/modules/integration/tests-common/clients/publisher/docs/APIDTO.md b/modules/integration/tests-common/clients/publisher/docs/APIDTO.md index a3a8119b18..076922e1ee 100644 --- a/modules/integration/tests-common/clients/publisher/docs/APIDTO.md +++ b/modules/integration/tests-common/clients/publisher/docs/APIDTO.md @@ -63,6 +63,7 @@ Name | Type | Description | Notes **serviceInfo** | [**APIServiceInfoDTO**](APIServiceInfoDTO.md) | | [optional] **advertiseInfo** | [**AdvertiseInfoDTO**](AdvertiseInfoDTO.md) | | [optional] **gatewayVendor** | **String** | | [optional] +**gatewayType** | **String** | The gateway type selected for the API policies. Accepts one of the following. wso2/synapse, wso2/apk. | [optional] **asyncTransportProtocols** | **List<String>** | Supported transports for the async API (http and/or https). | [optional] diff --git a/modules/integration/tests-common/clients/publisher/docs/SettingsDTO.md b/modules/integration/tests-common/clients/publisher/docs/SettingsDTO.md index a8fd7d8d63..e032466235 100644 --- a/modules/integration/tests-common/clients/publisher/docs/SettingsDTO.md +++ b/modules/integration/tests-common/clients/publisher/docs/SettingsDTO.md @@ -8,6 +8,7 @@ Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- **devportalUrl** | **String** | The Developer Portal URL | [optional] **environment** | [**List<EnvironmentDTO>**](EnvironmentDTO.md) | | [optional] +**gatewayTypes** | **List<String>** | | [optional] **scopes** | **List<String>** | | [optional] **monetizationAttributes** | [**List<MonetizationAttributeDTO>**](MonetizationAttributeDTO.md) | | [optional] **securityAuditProperties** | [**Object**](.md) | | [optional] diff --git a/modules/integration/tests-common/clients/publisher/src/gen/java/org/wso2/am/integration/clients/publisher/api/v1/dto/APIDTO.java b/modules/integration/tests-common/clients/publisher/src/gen/java/org/wso2/am/integration/clients/publisher/api/v1/dto/APIDTO.java index 2ccfa175ca..6047437d7f 100644 --- a/modules/integration/tests-common/clients/publisher/src/gen/java/org/wso2/am/integration/clients/publisher/api/v1/dto/APIDTO.java +++ b/modules/integration/tests-common/clients/publisher/src/gen/java/org/wso2/am/integration/clients/publisher/api/v1/dto/APIDTO.java @@ -578,6 +578,10 @@ public EndpointImplementationTypeEnum read(final JsonReader jsonReader) throws I @SerializedName(SERIALIZED_NAME_GATEWAY_VENDOR) private String gatewayVendor; + public static final String SERIALIZED_NAME_GATEWAY_TYPE = "gatewayType"; + @SerializedName(SERIALIZED_NAME_GATEWAY_TYPE) + private String gatewayType = "wso2/synapse"; + public static final String SERIALIZED_NAME_ASYNC_TRANSPORT_PROTOCOLS = "asyncTransportProtocols"; @SerializedName(SERIALIZED_NAME_ASYNC_TRANSPORT_PROTOCOLS) private List asyncTransportProtocols = null; @@ -1891,6 +1895,29 @@ public void setGatewayVendor(String gatewayVendor) { } + public APIDTO gatewayType(String gatewayType) { + + this.gatewayType = gatewayType; + return this; + } + + /** + * The gateway type selected for the API policies. Accepts one of the following. wso2/synapse, wso2/apk. + * @return gatewayType + **/ + @javax.annotation.Nullable + @ApiModelProperty(example = "wso2/synapse", value = "The gateway type selected for the API policies. Accepts one of the following. wso2/synapse, wso2/apk.") + + public String getGatewayType() { + return gatewayType; + } + + + public void setGatewayType(String gatewayType) { + this.gatewayType = gatewayType; + } + + public APIDTO asyncTransportProtocols(List asyncTransportProtocols) { this.asyncTransportProtocols = asyncTransportProtocols; @@ -1980,12 +2007,13 @@ public boolean equals(Object o) { Objects.equals(this.serviceInfo, API.serviceInfo) && Objects.equals(this.advertiseInfo, API.advertiseInfo) && Objects.equals(this.gatewayVendor, API.gatewayVendor) && + Objects.equals(this.gatewayType, API.gatewayType) && Objects.equals(this.asyncTransportProtocols, API.asyncTransportProtocols); } @Override public int hashCode() { - return Objects.hash(id, name, description, context, version, provider, lifeCycleStatus, wsdlInfo, wsdlUrl, responseCachingEnabled, cacheTimeout, hasThumbnail, isDefaultVersion, isRevision, revisionedApiId, revisionId, enableSchemaValidation, enableSubscriberVerification, type, audience, transport, tags, policies, apiThrottlingPolicy, authorizationHeader, apiKeyHeader, securityScheme, maxTps, visibility, visibleRoles, visibleTenants, mediationPolicies, apiPolicies, subscriptionAvailability, subscriptionAvailableTenants, additionalProperties, additionalPropertiesMap, monetization, accessControl, accessControlRoles, businessInformation, corsConfiguration, websubSubscriptionConfiguration, workflowStatus, createdTime, lastUpdatedTimestamp, lastUpdatedTime, endpointConfig, endpointImplementationType, scopes, operations, threatProtectionPolicies, categories, keyManagers, serviceInfo, advertiseInfo, gatewayVendor, asyncTransportProtocols); + return Objects.hash(id, name, description, context, version, provider, lifeCycleStatus, wsdlInfo, wsdlUrl, responseCachingEnabled, cacheTimeout, hasThumbnail, isDefaultVersion, isRevision, revisionedApiId, revisionId, enableSchemaValidation, enableSubscriberVerification, type, audience, transport, tags, policies, apiThrottlingPolicy, authorizationHeader, apiKeyHeader, securityScheme, maxTps, visibility, visibleRoles, visibleTenants, mediationPolicies, apiPolicies, subscriptionAvailability, subscriptionAvailableTenants, additionalProperties, additionalPropertiesMap, monetization, accessControl, accessControlRoles, businessInformation, corsConfiguration, websubSubscriptionConfiguration, workflowStatus, createdTime, lastUpdatedTimestamp, lastUpdatedTime, endpointConfig, endpointImplementationType, scopes, operations, threatProtectionPolicies, categories, keyManagers, serviceInfo, advertiseInfo, gatewayVendor, gatewayType, asyncTransportProtocols); } @@ -2050,6 +2078,7 @@ public String toString() { sb.append(" serviceInfo: ").append(toIndentedString(serviceInfo)).append("\n"); sb.append(" advertiseInfo: ").append(toIndentedString(advertiseInfo)).append("\n"); sb.append(" gatewayVendor: ").append(toIndentedString(gatewayVendor)).append("\n"); + sb.append(" gatewayType: ").append(toIndentedString(gatewayType)).append("\n"); sb.append(" asyncTransportProtocols: ").append(toIndentedString(asyncTransportProtocols)).append("\n"); sb.append("}"); return sb.toString(); diff --git a/modules/integration/tests-common/clients/publisher/src/gen/java/org/wso2/am/integration/clients/publisher/api/v1/dto/SettingsDTO.java b/modules/integration/tests-common/clients/publisher/src/gen/java/org/wso2/am/integration/clients/publisher/api/v1/dto/SettingsDTO.java index 13feeaebb1..3837f03ef4 100644 --- a/modules/integration/tests-common/clients/publisher/src/gen/java/org/wso2/am/integration/clients/publisher/api/v1/dto/SettingsDTO.java +++ b/modules/integration/tests-common/clients/publisher/src/gen/java/org/wso2/am/integration/clients/publisher/api/v1/dto/SettingsDTO.java @@ -41,6 +41,10 @@ public class SettingsDTO { @SerializedName(SERIALIZED_NAME_ENVIRONMENT) private List environment = null; + public static final String SERIALIZED_NAME_GATEWAY_TYPES = "gatewayTypes"; + @SerializedName(SERIALIZED_NAME_GATEWAY_TYPES) + private List gatewayTypes = null; + public static final String SERIALIZED_NAME_SCOPES = "scopes"; @SerializedName(SERIALIZED_NAME_SCOPES) private List scopes = null; @@ -124,6 +128,29 @@ public void setEnvironment(List environment) { } + public SettingsDTO gatewayTypes(List gatewayTypes) { + + this.gatewayTypes = gatewayTypes; + return this; + } + + /** + * Get gatewayTypes + * @return gatewayTypes + **/ + @javax.annotation.Nullable + @ApiModelProperty(example = "[\"Regular\",\"APK\"]", value = "") + + public List getGatewayTypes() { + return gatewayTypes; + } + + + public void setGatewayTypes(List gatewayTypes) { + this.gatewayTypes = gatewayTypes; + } + + public SettingsDTO scopes(List scopes) { this.scopes = scopes; @@ -342,6 +369,7 @@ public boolean equals(Object o) { SettingsDTO settings = (SettingsDTO) o; return Objects.equals(this.devportalUrl, settings.devportalUrl) && Objects.equals(this.environment, settings.environment) && + Objects.equals(this.gatewayTypes, settings.gatewayTypes) && Objects.equals(this.scopes, settings.scopes) && Objects.equals(this.monetizationAttributes, settings.monetizationAttributes) && Objects.equals(this.securityAuditProperties, settings.securityAuditProperties) && @@ -355,7 +383,7 @@ public boolean equals(Object o) { @Override public int hashCode() { - return Objects.hash(devportalUrl, environment, scopes, monetizationAttributes, securityAuditProperties, externalStoresEnabled, docVisibilityEnabled, crossTenantSubscriptionEnabled, defaultAdvancePolicy, defaultSubscriptionPolicy, authorizationHeader); + return Objects.hash(devportalUrl, environment, gatewayTypes, scopes, monetizationAttributes, securityAuditProperties, externalStoresEnabled, docVisibilityEnabled, crossTenantSubscriptionEnabled, defaultAdvancePolicy, defaultSubscriptionPolicy, authorizationHeader); } @@ -365,6 +393,7 @@ public String toString() { sb.append("class SettingsDTO {\n"); sb.append(" devportalUrl: ").append(toIndentedString(devportalUrl)).append("\n"); sb.append(" environment: ").append(toIndentedString(environment)).append("\n"); + sb.append(" gatewayTypes: ").append(toIndentedString(gatewayTypes)).append("\n"); sb.append(" scopes: ").append(toIndentedString(scopes)).append("\n"); sb.append(" monetizationAttributes: ").append(toIndentedString(monetizationAttributes)).append("\n"); sb.append(" securityAuditProperties: ").append(toIndentedString(securityAuditProperties)).append("\n"); diff --git a/modules/integration/tests-common/clients/publisher/src/main/resources/publisher-api.yaml b/modules/integration/tests-common/clients/publisher/src/main/resources/publisher-api.yaml index e1fde0a44c..783da3744e 100644 --- a/modules/integration/tests-common/clients/publisher/src/main/resources/publisher-api.yaml +++ b/modules/integration/tests-common/clients/publisher/src/main/resources/publisher-api.yaml @@ -9386,6 +9386,13 @@ components: type: string example: wso2 + gatewayType: + title: Field to identify gateway type. + type: string + description: The gateway type selected for the API policies. Accepts one of the + following. wso2/synapse, wso2/apk. + example: wso2/synapse + default: wso2/synapse asyncTransportProtocols: type: array description: | @@ -11762,6 +11769,13 @@ components: type: array items: $ref: '#/components/schemas/Environment' + gatewayTypes: + type: array + example: + - Regular + - APK + items: + type: string scopes: type: array example: diff --git a/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/impl/DtoFactory.java b/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/impl/DtoFactory.java index 9f34f434e1..71685be9ee 100644 --- a/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/impl/DtoFactory.java +++ b/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/impl/DtoFactory.java @@ -435,14 +435,15 @@ public static LabelDTO createLabelDTO(String name, String description, List vhosts) { + provider, boolean isReadOnly, List vhosts, String gatewayType) { return new EnvironmentDTO() .name(name) .displayName(displayName) .description(description) .provider(provider) .isReadOnly(isReadOnly) - .vhosts(vhosts); + .vhosts(vhosts) + .gatewayType(gatewayType); } /** diff --git a/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/impl/RestAPIPublisherImpl.java b/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/impl/RestAPIPublisherImpl.java index 3627d8926b..f5cff0eb03 100644 --- a/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/impl/RestAPIPublisherImpl.java +++ b/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/impl/RestAPIPublisherImpl.java @@ -336,6 +336,9 @@ public APIDTO addAPI(APIRequest apiRequest, String osVersion) throws ApiExceptio body.setTransport(transports); body.isDefaultVersion(false); body.setCacheTimeout(100); + if (apiRequest.getGatewayType() != null) { + body.setGatewayType(apiRequest.getGatewayType()); + } if (apiRequest.getOperationsDTOS() != null) { body.setOperations(apiRequest.getOperationsDTOS()); } else { diff --git a/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/utils/bean/APIRequest.java b/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/utils/bean/APIRequest.java index 3655e27c28..a9b82ea73b 100644 --- a/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/utils/bean/APIRequest.java +++ b/modules/integration/tests-common/integration-test-utils/src/main/java/org/wso2/am/integration/test/utils/bean/APIRequest.java @@ -84,6 +84,15 @@ public class APIRequest extends AbstractRequest { private List apiCategories; private List keyManagers; private String subscriptionAvailability; + private String gatewayType; + + public String getGatewayType() { + return gatewayType; + } + + public void setGatewayType(String gatewayType) { + this.gatewayType = gatewayType; + } public List getVisibleTenants() { diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/APICreationTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/APICreationTestCase.java index 1a5fc0e4ab..ea416f595e 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/APICreationTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/api/APICreationTestCase.java @@ -18,6 +18,8 @@ package org.wso2.am.integration.tests.api; +import org.codehaus.plexus.util.StringUtils; +import org.json.JSONObject; import org.testng.Assert; import org.testng.annotations.AfterClass; import org.testng.annotations.BeforeClass; @@ -35,10 +37,14 @@ import java.util.Arrays; import java.util.List; +import static org.testng.Assert.assertTrue; + public class APICreationTestCase extends APIManagerLifecycleBaseTest { private final String API_END_POINT_POSTFIX_URL = "jaxrs_basic/services/customers/customerservice/"; private String apiEndpointUrl; private String apiId; + private String apiIdAPK; + private String apiIdSynapse; @Factory(dataProvider = "userModeDataProvider") public APICreationTestCase(TestUserMode userMode) { @@ -84,6 +90,48 @@ public void testCreateAndDeployApiWithMutualSSLEnabled() throws Exception { Assert.assertNotNull(revisionUUID); } + @Test(groups = {"wso2.am"}, description = "Test deployment of API with Mutual SSL enabled") + public void testCreateAndDeployApiWithGatewayType() throws Exception { + // Create API with gateway type APK + APIRequest apiRequest; + apiRequest = new APIRequest("APKGatewayAPI1", "apkgateway", new URL(apiEndpointUrl)); + apiRequest.setVersion(API_VERSION_1_0_0); + apiRequest.setTier(APIMIntegrationConstants.API_TIER.UNLIMITED); + apiRequest.setProvider(user.getUserName()); + apiRequest.setGatewayType("wso2/apk"); + HttpResponse apiResponse = restAPIPublisher.addAPI(apiRequest); + apiIdAPK = apiResponse.getData(); + String revisionUUID = createAPIRevisionAndDeployUsingRest(apiIdAPK, restAPIPublisher); + Assert.assertNotNull(revisionUUID); + + // Verify the API in API Publisher + HttpResponse apiDto = restAPIPublisher.getAPI(apiIdAPK); + assertTrue(StringUtils.isNotEmpty(apiDto.getData()), + "Added Api is not available in APi Publisher. API ID " + apiId); + JSONObject apiResponseData = new JSONObject(apiDto.getData()); + String addedGatewayType = apiResponseData.getString("gatewayType"); + Assert.assertEquals(addedGatewayType, "wso2/apk", "Gateway type is not set as expected"); + + // Create API with gateway type Synapse + apiRequest = new APIRequest("SynapseGatewayAPI1", "synapsegateway", new URL(apiEndpointUrl)); + apiRequest.setVersion(API_VERSION_1_0_0); + apiRequest.setTier(APIMIntegrationConstants.API_TIER.UNLIMITED); + apiRequest.setProvider(user.getUserName()); + apiRequest.setGatewayType("wso2/synapse"); + apiResponse = restAPIPublisher.addAPI(apiRequest); + apiIdSynapse = apiResponse.getData(); + revisionUUID = createAPIRevisionAndDeployUsingRest(apiIdSynapse, restAPIPublisher); + Assert.assertNotNull(revisionUUID); + + // Verify the API in API Publisher + apiDto = restAPIPublisher.getAPI(apiIdSynapse); + assertTrue(StringUtils.isNotEmpty(apiDto.getData()), + "Added Api is not available in APi Publisher. API ID " + apiId); + apiResponseData = new JSONObject(apiDto.getData()); + addedGatewayType = apiResponseData.getString("gatewayType"); + Assert.assertEquals(addedGatewayType, "wso2/synapse", "Gateway type is not set as expected"); + } + @AfterClass(alwaysRun = true) public void cleanUpArtifacts() throws Exception { diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/restapi/admin/EnvironmentTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/restapi/admin/EnvironmentTestCase.java index c9769b94e9..a6a8eea37f 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/restapi/admin/EnvironmentTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/restapi/admin/EnvironmentTestCase.java @@ -100,7 +100,7 @@ public void testAddGatewayEnvironmentWithoutVHost() throws Exception { String provider = Constants.WSO2_GATEWAY_ENVIRONMENT; List vHostDTOList = new ArrayList<>(); environmentDTO = DtoFactory.createEnvironmentDTO(name, displayName, description, provider, - false, vHostDTOList); + false, vHostDTOList, null); //Add the environment try { @@ -123,7 +123,7 @@ public void testAddingGatewayEnvironmentNameWithSpecialCharacters() throws Excep vHostDTOList.add(DtoFactory.createVhostDTO("foods.com", "zfoods", 8280, 8243, 9099, 8099)); environmentDTO = DtoFactory.createEnvironmentDTO(name, displayName, description, provider, - false, vHostDTOList); + false, vHostDTOList, null); //Add the environment try { restAPIAdmin.addEnvironment(environmentDTO); @@ -144,7 +144,7 @@ public void testAddingGatewayEnvironmentWithoutDisplayName() throws Exception { vHostDTOList.add(DtoFactory.createVhostDTO("foods.com", "zfoods", 8280, 8243, 9099, 8099)); environmentDTO = DtoFactory.createEnvironmentDTO(name, displayName, description, provider, - false, vHostDTOList); + false, vHostDTOList, null); //Able to add the environment successfully ApiResponse addedEnvironments = restAPIAdmin.addEnvironment(environmentDTO); @@ -155,8 +155,34 @@ public void testAddingGatewayEnvironmentWithoutDisplayName() throws Exception { Assert.assertNotNull(environmentId, "The environment ID cannot be null or empty"); } - @Test(groups = {"wso2.am"}, description = "Test adding gateway environment with multiple Vhosts with same hostname", + @Test(groups = {"wso2.am"}, description = "Test adding gateway environment with Gateway Type configured", dependsOnMethods = "testAddingGatewayEnvironmentWithoutDisplayName") + public void testAddingGatewayEnvironmentWithGatewayType() throws Exception { + //Create the environment DTO + String name = "asia-region-gateway-type"; + String displayName = "Asia Region"; + String description = "Gateway environment deployed in Asia region"; + String provider = Constants.WSO2_GATEWAY_ENVIRONMENT; + String gatewayType = "APK"; + List vHostDTOList = new ArrayList<>(); + vHostDTOList.add(DtoFactory.createVhostDTO("foods.com", "zfoods", + 8280, 8243, null, null)); + environmentDTO = DtoFactory.createEnvironmentDTO(name, displayName, description, provider, + false, vHostDTOList, gatewayType); + //Able to add the environment successfully + ApiResponse addedEnvironments = restAPIAdmin.addEnvironment(environmentDTO); + + //Assert the status code and environment ID + Assert.assertEquals(addedEnvironments.getStatusCode(), HttpStatus.SC_CREATED); + EnvironmentDTO addedEnvironmentDTO = addedEnvironments.getData(); + String environmentId = addedEnvironmentDTO.getId(); + Assert.assertNotNull(environmentId, "The environment ID cannot be null or empty"); + String addedGatewayType = addedEnvironmentDTO.getGatewayType(); + Assert.assertEquals(addedGatewayType, gatewayType, "The added gateway type is not matching with the expected"); + } + + @Test(groups = {"wso2.am"}, description = "Test adding gateway environment with multiple Vhosts with same hostname", + dependsOnMethods = "testAddingGatewayEnvironmentWithGatewayType") public void testAddingGatewayEnvironmentWithMultipleVhostsWithSameHostName() throws Exception { //Create the environment DTO String name = "asia-region"; @@ -169,7 +195,7 @@ public void testAddingGatewayEnvironmentWithMultipleVhostsWithSameHostName() thr vHostDTOList.add(DtoFactory.createVhostDTO("foods.com", "zfoods", 8280, 8243, 9099, 8099)); environmentDTO = DtoFactory.createEnvironmentDTO(name, displayName, description, provider, - false, vHostDTOList); + false, vHostDTOList, null); //Add the environment try { restAPIAdmin.addEnvironment(environmentDTO); @@ -190,7 +216,7 @@ public void testAddingGatewayEnvironmentWithVhostsHavingSpecialCharacters() thro vHostDTOList.add(DtoFactory.createVhostDTO("foods.com#$%?", "zfoods", 8280, 8243, 9099, 8099)); environmentDTO = DtoFactory.createEnvironmentDTO(name, displayName, description, provider, - false, vHostDTOList); + false, vHostDTOList, null); //Add the environment try { restAPIAdmin.addEnvironment(environmentDTO); @@ -211,7 +237,7 @@ public void testAddGatewayEnvironmentSingleVHost() throws Exception { vHostDTOList.add(DtoFactory.createVhostDTO("foods.com", "zfoods", 8280, 8243, 9099, 8099)); environmentDTO = DtoFactory.createEnvironmentDTO(name, displayName, description, provider, - false, vHostDTOList); + false, vHostDTOList, null); //Add the environment ApiResponse addedEnvironments = restAPIAdmin.addEnvironment(environmentDTO); @@ -250,7 +276,7 @@ public void testAddGatewayEnvironmentMultipleVHosts() throws Exception { List vHostDTOList = new ArrayList<>(); vHostDTOList.add(DtoFactory.createVhostDTO("us.mg.wso2.com", "", 80, 443, 9099, 8099)); vHostDTOList.add(DtoFactory.createVhostDTO("foods.com", "zfoods", 8280, 8243, 9099, 8099)); - environmentDTO = DtoFactory.createEnvironmentDTO(name, displayName, description, provider, false, vHostDTOList); + environmentDTO = DtoFactory.createEnvironmentDTO(name, displayName, description, provider, false, vHostDTOList, null); //Add the environment ApiResponse addedEnvironments = restAPIAdmin.addEnvironment(environmentDTO); @@ -454,7 +480,7 @@ private EnvironmentDTO getConfiguredGatewayEnvironment() { "This is a hybrid gateway that handles both production and sandbox token traffic.", Constants.WSO2_GATEWAY_ENVIRONMENT, true, - Collections.singletonList(vhostDTO) + Collections.singletonList(vhostDTO), "Regular" ); configuredEnv.setId(Constants.GATEWAY_ENVIRONMENT); return configuredEnv; diff --git a/pom.xml b/pom.xml index 4d4d653d24..a10d810cca 100644 --- a/pom.xml +++ b/pom.xml @@ -1281,7 +1281,7 @@ - 9.29.10 + 9.29.15 [9.0.0, 10.0.0) From 87e2582d81e4b6859e942a41495578f81955f1ea Mon Sep 17 00:00:00 2001 From: Sahan Randika Date: Fri, 26 Jan 2024 09:42:11 +0530 Subject: [PATCH 13/22] fix test failures --- .../tests/admin/ChangeApiProviderTestCase.java | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/admin/ChangeApiProviderTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/admin/ChangeApiProviderTestCase.java index 7bf8e8fefc..79f7867432 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/admin/ChangeApiProviderTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/admin/ChangeApiProviderTestCase.java @@ -47,6 +47,7 @@ public class ChangeApiProviderTestCase extends APIMIntegrationBaseTest { private String APIVersion = "1.0.0"; private String apiID; private String newUser = "peter123"; + private String firstUserName = "admin"; private String newUserPass = "test123"; private String[] subscriberRole = {APIMIntegrationConstants.APIM_INTERNAL_ROLE.CREATOR}; private String APPLICATION_NAME = "testApplicationForProviderChange"; @@ -56,9 +57,6 @@ public class ChangeApiProviderTestCase extends APIMIntegrationBaseTest { private String API_ENDPOINT_METHOD = "customers/123"; private int HTTP_RESPONSE_CODE_OK = Response.Status.OK.getStatusCode(); private String RESPONSE_CODE_MISMATCH_ERROR_MESSAGE = "Response code mismatch"; - private String TENANT_ADMIN = "admin"; - private String TENANT_ADMIN_PWD = "admin123"; - private String TENANT_DOMAIN = "tenant.com"; @Factory(dataProvider = "userModeDataProvider") public ChangeApiProviderTestCase(TestUserMode userMode) { @@ -97,7 +95,6 @@ public void ChangeApiProvider() throws Exception { apiRequest.setDescription(description); apiRequest.setVersion(APIVersion); apiRequest.setResourceMethod("GET"); - //add test api HttpResponse serviceResponse = restAPIPublisher.addAPI(apiRequest); assertEquals(serviceResponse.getResponseCode(), Response.Status.CREATED.getStatusCode(), @@ -136,10 +133,12 @@ public void ChangeApiProvider() throws Exception { assertEquals(apiInvokeResponse.getResponseCode(), HTTP_RESPONSE_CODE_OK, RESPONSE_CODE_MISMATCH_ERROR_MESSAGE); //Update provider of the api - restAPIAdminClient = new RestAPIAdminImpl(TENANT_ADMIN, TENANT_ADMIN_PWD, TENANT_DOMAIN, publisherURLHttps); - ApiResponse changeProviderResponse = restAPIAdminClient.changeApiProvider(newUser, apiID); - Assert.assertEquals(changeProviderResponse.getStatusCode(), HttpStatus.SC_OK); - + restAPIAdminClient = new RestAPIAdminImpl(firstUserName, firstUserName, "carbon.super", + adminURLHttps); + if(user.getUserName().equals(firstUserName)){ + ApiResponse changeProviderResponse = restAPIAdminClient.changeApiProvider(newUser, apiID); + Assert.assertEquals(changeProviderResponse.getStatusCode(), HttpStatus.SC_OK); + } apiInvokeResponse = HttpRequestUtil.doGet( getAPIInvocationURLHttps(APIContext.replace(File.separator, Strings.EMPTY), APIVersion) + File.separator + API_ENDPOINT_METHOD, requestHeaders); @@ -151,6 +150,7 @@ public void destroy() throws Exception { undeployAndDeleteAPIRevisionsUsingRest(apiID, restAPIPublisher); restAPIStore.deleteApplication(applicationId); restAPIPublisher.deleteAPI(apiID); + userManagementClient.deleteUser(newUser); super.cleanUp(); } } From db41bd77187a0b389dbb9a035a1e9f2eeb006ca7 Mon Sep 17 00:00:00 2001 From: Sahan Randika Date: Wed, 7 Feb 2024 12:02:40 +0530 Subject: [PATCH 14/22] add licence header --- .../tests/admin/ChangeApiProviderTestCase.java | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/admin/ChangeApiProviderTestCase.java b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/admin/ChangeApiProviderTestCase.java index 79f7867432..e227b3dc22 100644 --- a/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/admin/ChangeApiProviderTestCase.java +++ b/modules/integration/tests-integration/tests-backend/src/test/java/org/wso2/am/integration/tests/admin/ChangeApiProviderTestCase.java @@ -1,3 +1,21 @@ +/* + * Copyright (c) 2024, WSO2 LLC. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 LLC. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + package org.wso2.am.integration.tests.admin; import jdk.internal.joptsimple.internal.Strings; From fc69fd89dfa8ab05c2aaa0990c2dae2691060a87 Mon Sep 17 00:00:00 2001 From: Krishanx92 Date: Thu, 8 Feb 2024 11:00:28 +0530 Subject: [PATCH 15/22] Update UI version --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index a10d810cca..b14bdc3aef 100644 --- a/pom.xml +++ b/pom.xml @@ -1277,7 +1277,7 @@ 5.3.5 - 9.0.494 + 9.0.500 From 763ad1f9fd7b1007a18776a8d199d957d818dd08 Mon Sep 17 00:00:00 2001 From: Sahan Randika Date: Thu, 8 Feb 2024 11:32:22 +0530 Subject: [PATCH 16/22] bump carbon version --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index a10d810cca..9b6cf22634 100644 --- a/pom.xml +++ b/pom.xml @@ -1281,7 +1281,7 @@ - 9.29.15 + 9.29.21 [9.0.0, 10.0.0) From 9f092e48a38bfc231dad6cfbf68651c4bfd2a5d7 Mon Sep 17 00:00:00 2001 From: Sahan Randika Date: Fri, 9 Feb 2024 16:42:19 +0530 Subject: [PATCH 17/22] bump carbon version --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 8e10ba5d93..2d7156ebfa 100644 --- a/pom.xml +++ b/pom.xml @@ -1281,7 +1281,7 @@ - 9.29.21 + 9.29.24 [9.0.0, 10.0.0) From e2e2bb4c5d66fb1673e666faa58555963ba3299a Mon Sep 17 00:00:00 2001 From: dushani Date: Mon, 12 Feb 2024 15:41:47 +0530 Subject: [PATCH 18/22] update wso2is connector version --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 2d7156ebfa..811a1d63fd 100644 --- a/pom.xml +++ b/pom.xml @@ -1470,7 +1470,7 @@ 1.6.3.wso2v3 - 1.6.8 + 1.7.1 3.2.0 1.0.6 2.1.0 From b68f97a1aa25edbb5f046801c73c41591a4e067c Mon Sep 17 00:00:00 2001 From: akila94 Date: Mon, 12 Feb 2024 10:24:06 +0530 Subject: [PATCH 19/22] Add jwt claim based access validator policy templates --- .../jwtClaimBasedAccessValidator_v1.j2 | 4 ++ .../jwtClaimBasedAccessValidator_v1.json | 52 +++++++++++++++++++ 2 files changed, 56 insertions(+) create mode 100644 modules/distribution/resources/operation_policies/definitions/jwtClaimBasedAccessValidator_v1.j2 create mode 100644 modules/distribution/resources/operation_policies/specifications/jwtClaimBasedAccessValidator_v1.json diff --git a/modules/distribution/resources/operation_policies/definitions/jwtClaimBasedAccessValidator_v1.j2 b/modules/distribution/resources/operation_policies/definitions/jwtClaimBasedAccessValidator_v1.j2 new file mode 100644 index 0000000000..b6ceb17e78 --- /dev/null +++ b/modules/distribution/resources/operation_policies/definitions/jwtClaimBasedAccessValidator_v1.j2 @@ -0,0 +1,4 @@ + + + + diff --git a/modules/distribution/resources/operation_policies/specifications/jwtClaimBasedAccessValidator_v1.json b/modules/distribution/resources/operation_policies/specifications/jwtClaimBasedAccessValidator_v1.json new file mode 100644 index 0000000000..810209fdcf --- /dev/null +++ b/modules/distribution/resources/operation_policies/specifications/jwtClaimBasedAccessValidator_v1.json @@ -0,0 +1,52 @@ +{ + "category": "Mediation", + "name": "jwtClaimBasedAccessValidator", + "version": "v1", + "displayName": "JWT claim based access grant validator", + "description": "This policy validates configured claim name and value in this policy with the claim name and value sent in the JWT access token to grant access to the API resource.", + "applicableFlows": [ + "request" + ], + "supportedGateways": [ + "Synapse" + ], + "supportedApiTypes": [ + "HTTP" + ], + "policyAttributes": [ + { + "name": "grantVerificationClaim", + "displayName": "Access grant claim name", + "description": "This should be the name the custom claim which is expected in the JWT access token", + "validationRegex": "^[a-zA-Z_]+$", + "type": "String", + "defaultValue": "aut", + "required": true + }, + { + "name": "grantVerificationClaimValue", + "displayName": "Access grant claim value", + "description": "This should be the alue of a custom claim which is expected in the JWT access token", + "type": "String", + "defaultValue": "APPLICATION", + "required": true + }, + { + "name": "shouldAllowValidation", + "displayName": "Allow claim based access grant validation", + "description": "If ticked, the claim based access grant validation will be performed.", + "type": "Boolean", + "defaultValue": "true", + "required": false + }, + { + "name": "claimBasedAccessGrantValidator", + "displayName": "JWT claim based access grant validation mediator", + "description": "Fully qualified class name for the validation implementation", + "validationRegex": "^([a-zA-Z_$][a-zA-Z\\d_$.]*)$", + "type": "String", + "defaultValue": "org.wso2.carbon.apimgt.gateway.mediators.ClaimBasedResourceAccessValidationMediator", + "required": true + } + ] + } \ No newline at end of file From ceb361661d7eef8a886b8f7a1b74a0a8ecac9116 Mon Sep 17 00:00:00 2001 From: akila94 Date: Mon, 12 Feb 2024 11:26:22 +0530 Subject: [PATCH 20/22] Add EOF line --- .../specifications/jwtClaimBasedAccessValidator_v1.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/distribution/resources/operation_policies/specifications/jwtClaimBasedAccessValidator_v1.json b/modules/distribution/resources/operation_policies/specifications/jwtClaimBasedAccessValidator_v1.json index 810209fdcf..5753f992b5 100644 --- a/modules/distribution/resources/operation_policies/specifications/jwtClaimBasedAccessValidator_v1.json +++ b/modules/distribution/resources/operation_policies/specifications/jwtClaimBasedAccessValidator_v1.json @@ -49,4 +49,4 @@ "required": true } ] - } \ No newline at end of file + } From 8e5018c260ffed1c86f1f907a20eb5c2ddce5d1d Mon Sep 17 00:00:00 2001 From: akila94 Date: Mon, 12 Feb 2024 12:30:57 +0530 Subject: [PATCH 21/22] Fix typo --- .../specifications/jwtClaimBasedAccessValidator_v1.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/distribution/resources/operation_policies/specifications/jwtClaimBasedAccessValidator_v1.json b/modules/distribution/resources/operation_policies/specifications/jwtClaimBasedAccessValidator_v1.json index 5753f992b5..fd1e17fda8 100644 --- a/modules/distribution/resources/operation_policies/specifications/jwtClaimBasedAccessValidator_v1.json +++ b/modules/distribution/resources/operation_policies/specifications/jwtClaimBasedAccessValidator_v1.json @@ -26,7 +26,7 @@ { "name": "grantVerificationClaimValue", "displayName": "Access grant claim value", - "description": "This should be the alue of a custom claim which is expected in the JWT access token", + "description": "This should be the value of a custom claim which is expected in the JWT access token", "type": "String", "defaultValue": "APPLICATION", "required": true From e6259323e26e9b53308458e493b2555c71593998 Mon Sep 17 00:00:00 2001 From: akila94 Date: Tue, 13 Feb 2024 15:37:28 +0530 Subject: [PATCH 22/22] Refactor templates --- .../jwtClaimBasedAccessValidator_v1.j2 | 10 +++-- .../jwtClaimBasedAccessValidator_v1.json | 37 +++++++++---------- 2 files changed, 24 insertions(+), 23 deletions(-) diff --git a/modules/distribution/resources/operation_policies/definitions/jwtClaimBasedAccessValidator_v1.j2 b/modules/distribution/resources/operation_policies/definitions/jwtClaimBasedAccessValidator_v1.j2 index b6ceb17e78..aadb3a1a48 100644 --- a/modules/distribution/resources/operation_policies/definitions/jwtClaimBasedAccessValidator_v1.j2 +++ b/modules/distribution/resources/operation_policies/definitions/jwtClaimBasedAccessValidator_v1.j2 @@ -1,4 +1,6 @@ - - - - + + + + + + diff --git a/modules/distribution/resources/operation_policies/specifications/jwtClaimBasedAccessValidator_v1.json b/modules/distribution/resources/operation_policies/specifications/jwtClaimBasedAccessValidator_v1.json index fd1e17fda8..f7a82112eb 100644 --- a/modules/distribution/resources/operation_policies/specifications/jwtClaimBasedAccessValidator_v1.json +++ b/modules/distribution/resources/operation_policies/specifications/jwtClaimBasedAccessValidator_v1.json @@ -2,7 +2,7 @@ "category": "Mediation", "name": "jwtClaimBasedAccessValidator", "version": "v1", - "displayName": "JWT claim based access grant validator", + "displayName": "JWT claim based access validator", "description": "This policy validates configured claim name and value in this policy with the claim name and value sent in the JWT access token to grant access to the API resource.", "applicableFlows": [ "request" @@ -15,38 +15,37 @@ ], "policyAttributes": [ { - "name": "grantVerificationClaim", - "displayName": "Access grant claim name", - "description": "This should be the name the custom claim which is expected in the JWT access token", + "name": "accessVerificationClaim", + "displayName": "Access verification claim name", + "description": "This should be the name the custom claim which is expected in the JWT access token.", "validationRegex": "^[a-zA-Z_]+$", "type": "String", "defaultValue": "aut", "required": true }, { - "name": "grantVerificationClaimValue", - "displayName": "Access grant claim value", - "description": "This should be the value of a custom claim which is expected in the JWT access token", + "name": "accessVerificationClaimValue", + "displayName": "Access verification claim value", + "description": "This should be the value of a custom claim which is expected in the JWT access token.", "type": "String", "defaultValue": "APPLICATION", "required": true }, { - "name": "shouldAllowValidation", - "displayName": "Allow claim based access grant validation", - "description": "If ticked, the claim based access grant validation will be performed.", - "type": "Boolean", - "defaultValue": "true", + "name": "accessVerificationClaimValueRegex", + "displayName": "Access verification claim value regex", + "description": "If a regex is provided, the claim values will be matched using this regex. Otherwise they will be checked for equality.", + "type": "String", + "defaultValue": "", "required": false }, { - "name": "claimBasedAccessGrantValidator", - "displayName": "JWT claim based access grant validation mediator", - "description": "Fully qualified class name for the validation implementation", - "validationRegex": "^([a-zA-Z_$][a-zA-Z\\d_$.]*)$", - "type": "String", - "defaultValue": "org.wso2.carbon.apimgt.gateway.mediators.ClaimBasedResourceAccessValidationMediator", - "required": true + "name": "shouldAllowValidation", + "displayName": "Allow flow when claims are not matching", + "description": "Tick this to allow the flow when the claims are not matching. Keeping this un-ticked will allow the flow only when the claims are matched.", + "type": "Boolean", + "defaultValue": "false", + "required": false } ] }