wso2 · Kirishikesan · Jan 26, 2024 · Jan 22, 2024 · Jan 22, 2024 · Jan 23, 2024
@@ -27,6 +27,7 @@
 import java.util.List;
 import org.wso2.am.integration.clients.admin.api.dto.ClaimMappingEntryDTO;
 import org.wso2.am.integration.clients.admin.api.dto.KeyManagerCertificatesDTO;
+import org.wso2.am.integration.clients.admin.api.dto.KeyManagerPermissionsDTO;
 import org.wso2.am.integration.clients.admin.api.dto.TokenValidationDTO;
 import com.fasterxml.jackson.annotation.JsonCreator;
 /**
@@ -158,6 +159,10 @@ public class KeyManagerDTO {
         @SerializedName(SERIALIZED_NAME_ADDITIONAL_PROPERTIES)
             private Object additionalProperties;
 
+        public static final String SERIALIZED_NAME_PERMISSIONS = "permissions";
+        @SerializedName(SERIALIZED_NAME_PERMISSIONS)
+            private KeyManagerPermissionsDTO permissions;
+
             /**
 * The type of the tokens to be used (exchanged or without exchanged). Accepted values are EXCHANGED and DIRECT.
 */
@@ -923,6 +928,29 @@ public void setAdditionalProperties(Object additionalProperties) {
     }
 
 
+        public KeyManagerDTO permissions(KeyManagerPermissionsDTO permissions) {
+
+        this.permissions = permissions;
+        return this;
+        }
+
+    /**
+        * Get permissions
+    * @return permissions
+    **/
+        @javax.annotation.Nullable
+      @ApiModelProperty(value = "")
+
+    public KeyManagerPermissionsDTO getPermissions() {
+        return permissions;
+    }
+
+
+    public void setPermissions(KeyManagerPermissionsDTO permissions) {
+        this.permissions = permissions;
+    }
+
+
         public KeyManagerDTO tokenType(TokenTypeEnum tokenType) {
 
         this.tokenType = tokenType;
@@ -986,12 +1014,13 @@ public boolean equals(Object o) {
             Objects.equals(this.tokenValidation, keyManager.tokenValidation) &&
             Objects.equals(this.enabled, keyManager.enabled) &&
             Objects.equals(this.additionalProperties, keyManager.additionalProperties) &&
+            Objects.equals(this.permissions, keyManager.permissions) &&
             Objects.equals(this.tokenType, keyManager.tokenType);
     }
 
     @Override
     public int hashCode() {
-        return Objects.hash(id, name, displayName, type, description, wellKnownEndpoint, introspectionEndpoint, clientRegistrationEndpoint, tokenEndpoint, displayTokenEndpoint, revokeEndpoint, displayRevokeEndpoint, userInfoEndpoint, authorizeEndpoint, certificates, issuer, alias, scopeManagementEndpoint, availableGrantTypes, enableTokenGeneration, enableTokenEncryption, enableTokenHashing, enableMapOAuthConsumerApps, enableOAuthAppCreation, enableSelfValidationJWT, claimMapping, consumerKeyClaim, scopesClaim, tokenValidation, enabled, additionalProperties, tokenType);
+        return Objects.hash(id, name, displayName, type, description, wellKnownEndpoint, introspectionEndpoint, clientRegistrationEndpoint, tokenEndpoint, displayTokenEndpoint, revokeEndpoint, displayRevokeEndpoint, userInfoEndpoint, authorizeEndpoint, certificates, issuer, alias, scopeManagementEndpoint, availableGrantTypes, enableTokenGeneration, enableTokenEncryption, enableTokenHashing, enableMapOAuthConsumerApps, enableOAuthAppCreation, enableSelfValidationJWT, claimMapping, consumerKeyClaim, scopesClaim, tokenValidation, enabled, additionalProperties, permissions, tokenType);
     }
 
 
@@ -1030,6 +1059,7 @@ public String toString() {
     sb.append("    tokenValidation: ").append(toIndentedString(tokenValidation)).append("\n");
     sb.append("    enabled: ").append(toIndentedString(enabled)).append("\n");
     sb.append("    additionalProperties: ").append(toIndentedString(additionalProperties)).append("\n");
+    sb.append("    permissions: ").append(toIndentedString(permissions)).append("\n");
     sb.append("    tokenType: ").append(toIndentedString(tokenType)).append("\n");
 sb.append("}");
 return sb.toString();

@@ -5595,6 +5595,22 @@ components:
             self_validate_jwt: true
             Username: admin
             Password: admin
+        permissions:
+          type: object
+          properties:
+            permissionType:
+              type: string
+              example: ALLOW
+              default: PUBLIC
+              enum:
+                - PUBLIC
+                - ALLOW
+                - DENY
+            roles:
+              type: array
+              items:
+                type: string
+                example: Internal/subscriber
         tokenType:
           type: string
           description: The type of the tokens to be used (exchanged or without exchanged).

@@ -25,24 +25,62 @@
 import org.testng.annotations.DataProvider;
 import org.testng.annotations.Factory;
 import org.testng.annotations.Test;
+import static org.testng.Assert.assertEquals;
 import org.wso2.am.integration.clients.admin.ApiException;
 import org.wso2.am.integration.clients.admin.ApiResponse;
 import org.wso2.am.integration.clients.admin.api.dto.KeyManagerCertificatesDTO;
 import org.wso2.am.integration.clients.admin.api.dto.KeyManagerDTO;
+import org.wso2.am.integration.clients.admin.api.dto.KeyManagerPermissionsDTO;
+import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationDTO;
+import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationKeyDTO;
+import org.wso2.am.integration.clients.store.api.v1.dto.ApplicationKeyGenerateRequestDTO;
+import org.wso2.am.integration.clients.store.api.v1.dto.SubscriptionDTO;
 import org.wso2.am.integration.test.helpers.AdminApiTestHelper;
 import org.wso2.am.integration.test.impl.DtoFactory;
+import org.wso2.am.integration.test.impl.RestAPIStoreImpl;
 import org.wso2.am.integration.test.utils.base.APIMIntegrationBaseTest;
+import org.wso2.am.integration.test.utils.base.APIMIntegrationConstants;
+import org.wso2.am.integration.test.utils.bean.APICreationRequestBean;
+import org.wso2.am.integration.test.utils.bean.APILifeCycleAction;
+import org.wso2.am.integration.test.utils.bean.APIRequest;
+import org.wso2.am.integration.test.utils.clients.APIPublisherRestClient;
+import org.wso2.am.integration.test.utils.clients.APIStoreRestClient;
+import org.wso2.carbon.apimgt.api.model.APIIdentifier;
 import org.wso2.carbon.automation.engine.context.TestUserMode;
+import org.wso2.carbon.automation.test.utils.http.client.HttpResponse;
 
+import java.net.URL;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 import java.util.UUID;
+import java.util.ArrayList;
 
 public class KeyManagersTestCase extends APIMIntegrationBaseTest {
     private AdminApiTestHelper adminApiTestHelper;
     private KeyManagerDTO keyManagerDTO;
+    private final String API_VERSION_1_0_0 = "1.0.0";
+    private final String USER_TEST = "test";
+    private final String USER_TEST_PASSWORD = "test123";
+    private String apiEndPointUrl;
+    private APIPublisherRestClient apiPublisher;
+    private APIStoreRestClient apiStore;
+    private APIIdentifier apiIdentifier;
+    private String API_NAME = "DummyApi";
+    private String apiId;
+    private String appId;
+    private String applicationId;
+    private String API_SUBSCRIBER = "APISubscriberRole";
+    private String apiCreatorStoreDomain;
+    private RestAPIStoreImpl restAPIStoreClient1;
+    private String[] API_SUBSCRIBER_PERMISSIONS = {
+            "/permission/admin/login",
+            "/permission/admin/manage/api/create",
+            "/permission/admin/manage/api/subscriber"
+    };
+    String[] ROLE_LIST = { "Internal/publisher", "Internal/subscriber", "Internal/everyone"};
+    private APICreationRequestBean apiCreationRequestBean;
 
     @Factory(dataProvider = "userModeDataProvider")
     public KeyManagersTestCase(TestUserMode userMode) {
@@ -59,6 +97,10 @@ public static Object[][] userModeDataProvider() {
     public void setEnvironment() throws Exception {
         super.init(userMode);
         adminApiTestHelper = new AdminApiTestHelper();
+        apiPublisher = new APIPublisherRestClient(getPublisherURLHttp());
+        apiStore = new APIStoreRestClient(getStoreURLHttp());
+        apiEndPointUrl = backEndServerUrl.getWebAppURLHttp() + "jaxrs_basic/services/customers/customerservice/";
+        apiIdentifier = new APIIdentifier(USER_TEST, API_NAME, API_VERSION_1_0_0);
     }
 
     //1. Auth0 Key Manager
@@ -1104,8 +1146,93 @@ public void testAddKeyManagerWithExistingKeyManagerName() throws ApiException {
         }
     }
 
+    @Test(groups = {"wso2.am"}, description = "Test key manager permissions with WSO2IS with permissions"
+            ,dependsOnMethods = "testDeleteKeyManagerWithAuth0")
+    public void testKeyManagerPermissions() throws Exception {
+
+        userManagementClient.addUser(USER_TEST, USER_TEST_PASSWORD, ROLE_LIST, USER_TEST);
+        userManagementClient.addRole(API_SUBSCRIBER, new String[]{ USER_TEST }, API_SUBSCRIBER_PERMISSIONS);
+        String providerName = user.getUserName();
+
+        APIRequest apiRequest;
+        apiRequest = new APIRequest("KMPermissionTestAPI", "KMPermissionTest", new URL(apiEndPointUrl));
+        apiRequest.setVersion(API_VERSION_1_0_0);
+        apiRequest.setProvider(providerName);
+        apiRequest.setTier(APIMIntegrationConstants.API_TIER.GOLD);
+
+        //add KMPermissionTestAPI api
+        HttpResponse serviceResponse = restAPIPublisher.addAPI(apiRequest);
+        apiId = serviceResponse.getData();
+
+        //publish KMPermissionTestAPI api
+        restAPIPublisher.changeAPILifeCycleStatus(apiId, APILifeCycleAction.PUBLISH.getAction(), null);
+
+        String name = "Wso2ISKeyManagerWithPermission";
+        String type = "WSO2-IS";
+        String displayName = "Test Key Manager Permissions WSO2IS";
+        String introspectionEndpoint = "https://localhost:9444/oauth2/introspect";
+        String clientRegistrationEndpoint = "https://localhost:9444/keymanager-operations/dcr/register";
+        String scopeManagementEndpoint = "https://wso2is.com:9444/api/identity/oauth2/v1.0/scopes";
+        String tokenEndpoint = "https://wso2is.com:9444/oauth2/token";
+        String revokeEndpoint = "https://wso2is.com:9444/oauth2/revoke";
+        String consumerKeyClaim = "azp";
+        String scopesClaim = "scope";
+        List<String> availableGrantTypes = Collections.emptyList();
+        JsonObject jsonObject = new JsonObject();
+        jsonObject.addProperty("Username", "admin");
+        jsonObject.addProperty("Password", "admin");
+        jsonObject.addProperty("self_validate_jwt", true);
+        Object additionalProperties = new Gson().fromJson(jsonObject, Map.class);
+        List<String> rolesList = new ArrayList<>();
+        rolesList.add(API_SUBSCRIBER);
+        KeyManagerPermissionsDTO keyManagerPermissionsDTO = new KeyManagerPermissionsDTO();
+        keyManagerPermissionsDTO.setPermissionType(KeyManagerPermissionsDTO.PermissionTypeEnum.DENY);
+        keyManagerPermissionsDTO.setRoles(rolesList);
+        keyManagerDTO = DtoFactory.createKeyManagerDTO(name, null, type, displayName, introspectionEndpoint,
+                null, clientRegistrationEndpoint, tokenEndpoint, revokeEndpoint, null, null,
+                scopeManagementEndpoint, consumerKeyClaim, scopesClaim, availableGrantTypes, additionalProperties,
+                null);
+        keyManagerDTO.setPermissions(keyManagerPermissionsDTO);
+
+        //Add the WSO2 IS key manager
+        ApiResponse<KeyManagerDTO> addedKeyManagers = restAPIAdmin.addKeyManager(keyManagerDTO);
+        Assert.assertEquals(addedKeyManagers.getStatusCode(), HttpStatus.SC_CREATED);
+        KeyManagerDTO addedKeyManagerDTO = addedKeyManagers.getData();
+        String keyManagerId = addedKeyManagerDTO.getId();
+
+        //Assert the status code and key manager ID
+        Assert.assertNotNull(keyManagerId, "The Key Manager ID cannot be null or empty");
+        keyManagerDTO.setId(keyManagerId);
+        //Verify the created key manager DTO
+        adminApiTestHelper.verifyKeyManagerDTO(keyManagerDTO, addedKeyManagerDTO);
+        restAPIStore = new RestAPIStoreImpl(USER_TEST, USER_TEST_PASSWORD,
+                this.storeContext.getContextTenant().getDomain(), this.storeURLHttps);
+        HttpResponse applicationResponse = restAPIStore.createApplication("KMPermissionApplication7",
+                "KMPermissionTestApp", APIMIntegrationConstants.APPLICATION_TIER.UNLIMITED,
+                ApplicationDTO.TokenTypeEnum.OAUTH);
+        assertEquals(applicationResponse.getResponseCode(), org.apache.commons.httpclient.HttpStatus.SC_OK, "Response code is not as expected");
+        appId = applicationResponse.getData();
+
+        SubscriptionDTO subscriptionDto = restAPIStore.subscribeToAPI(apiId, appId, APIMIntegrationConstants.API_TIER.GOLD);
+
+        org.wso2.am.integration.clients.store.api.ApiResponse<ApplicationKeyDTO> generateKeyResponse;
+        ArrayList<String> grantTypes = new ArrayList<>();
+        grantTypes.add(APIMIntegrationConstants.GRANT_TYPE.CLIENT_CREDENTIAL);
+
+        try {
+            generateKeyResponse = restAPIStore.generateKeysWithApiResponse(appId, "3600", null,
+                    ApplicationKeyGenerateRequestDTO.KeyTypeEnum.PRODUCTION, null,
+                    grantTypes, null, keyManagerId);
+        } catch (org.wso2.am.integration.clients.store.api.ApiException e) {
+            Assert.assertEquals(e.getCode(), HttpStatus.SC_FORBIDDEN);
+        }
+        restAPIAdmin.deleteKeyManager(keyManagerId);
+    }
+
     @AfterClass(alwaysRun = true)
     public void destroy() throws Exception {
+        userManagementClient.deleteUser(USER_TEST);
+        userManagementClient.deleteRole(API_SUBSCRIBER);
         super.cleanUp();
     }
 }