Skip to content

Commit

Permalink
Merge pull request #3432 from VirajSalaka/jwks-client
Browse files Browse the repository at this point in the history 
Bug fix: IDP environments are not processed upon KeyManager XDS update
  • Loading branch information
@VirajSalaka
VirajSalaka authored Sep 5, 2023
2 parents fd2ed55 + de89eb3 commit 31491ce
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 28 deletions.
47 changes: 20 additions & 27 deletions ...rent/enforcer/src/main/java/org/wso2/choreo/connect/enforcer/keymgt/KeyManagerHolder.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -155,35 +155,28 @@ private void addKMTokenIssuers(String keyManagerName, String organization, Map<S
}
}
}
if (configuration.containsKey(APIConstants.KeyManager.ADDITIONAL_PROPERTIES)) {
Object additionalProperties = configuration.get(APIConstants.KeyManager.ADDITIONAL_PROPERTIES);
if (additionalProperties instanceof JSONObject) {
Gson gson = new Gson();
Map<String, Object> additionalPropertiesMap = gson.fromJson(additionalProperties.toString(),
Map.class);
if (additionalPropertiesMap != null &&
additionalPropertiesMap.containsKey(APIConstants.KeyManager.ENVIRONMENTS)) {
Object environmentsObject =
additionalPropertiesMap.get(APIConstants.KeyManager.ENVIRONMENTS);

if (configuration.containsKey(APIConstants.KeyManager.ENVIRONMENTS)) {
Object environmentsObject =
configuration.get(APIConstants.KeyManager.ENVIRONMENTS);
// If environments field is available no values are assigned means that IDP is not allowed
// for any environment.
if (environmentsObject instanceof JSONArray) {
IDPEnvironmentDTO[] environments = null;
try {
Gson gson = new Gson();
environments = gson.fromJson(environmentsObject.toString(),
IDPEnvironmentDTO[].class);
} catch (JsonSyntaxException e) {
logger.error("Error while parsing environments for issuer " + issuer +
". Error cause: " + e.getMessage());
}
if (environments != null) {
Set<String> allowedAPIMEnvironments = new HashSet<>();
// If environments field is available no values are assigned means that IDP is not allowed
// for any environment.
if (environmentsObject instanceof JSONArray) {
IDPEnvironmentDTO[] environments = null;
try {
environments = gson.fromJson(environmentsObject.toString(),
IDPEnvironmentDTO[].class);
} catch (JsonSyntaxException e) {
logger.error("Error while parsing environments for issuer " + issuer +
". Error cause: " + e.getMessage());
}
if (environments != null) {
for (IDPEnvironmentDTO environment : environments) {
allowedAPIMEnvironments.addAll(Arrays.asList(environment.getApim()));
}
tokenIssuerDto.setEnvironments(allowedAPIMEnvironments);
}
for (IDPEnvironmentDTO environment : environments) {
allowedAPIMEnvironments.addAll(Arrays.asList(environment.getApim()));
}
tokenIssuerDto.setEnvironments(allowedAPIMEnvironments);
}
}
}
Expand Down
23 changes: 22 additions & 1 deletion .../enforcer/src/test/java/org/wso2/choreo/connect/enforcer/keymgt/KeyManagerHolderTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@

package org.wso2.choreo.connect.enforcer.keymgt;

import org.checkerframework.checker.units.qual.A;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
Expand Down Expand Up @@ -56,7 +57,19 @@ public void testPopulateKMIssuerConfiguration() {
"\"client_registration_endpoint\":" +
"\"https://dev.api.asgardeo.io/t/malinthaa/api/server/v1\"," +
"\"consumer_key_claim\":\"azp\",\"certificate_type\":\"JWKS\"," +
"\"token_endpoint\":\"https://dev.api.asgardeo.io/t/malinthaa/oauth2/token\"}";
"\"token_endpoint\":\"https://dev.api.asgardeo.io/t/malinthaa/oauth2/token\", " +
"\"environments\":[{" +
" \"choreo\": \"Production\",\n" +
" \"apim\": [\n" +
" \"Production and Sandbox\",\n" +
" \"sandbox-prod\",\n" +
" \"Prod-Internal\",\n" +
" \"production-us-east-azure\",\n" +
" \"production-sandbox-us-east-azure\",\n" +
" \"production-internal-us-east-azure\"\n" +
" ]" +
" }]" +
"}";

KeyManagerConfig keyManagerConfig = KeyManagerConfig.newBuilder().setName("Asgardeo").setType("DIRECT")
.setEnabled(true).setTenantDomain("carbon.super").setConfiguration(asgardeoConfiguration)
Expand Down Expand Up @@ -99,6 +112,14 @@ public void testPopulateKMIssuerConfiguration() {
Assert.assertEquals("https://dev.api.asgardeo.io/t/malinthaa/oauth2/jwks",
asgardeoIssuer.getJwksConfigurationDTO().getUrl());
Assert.assertTrue(asgardeoIssuer.getJwksConfigurationDTO().isEnabled());
Assert.assertFalse(asgardeoIssuer.getEnvironments().isEmpty());
Assert.assertEquals(6, asgardeoIssuer.getEnvironments().size());
Assert.assertTrue(asgardeoIssuer.getEnvironments().contains("Production and Sandbox"));
Assert.assertTrue(asgardeoIssuer.getEnvironments().contains("sandbox-prod"));
Assert.assertTrue(asgardeoIssuer.getEnvironments().contains("Prod-Internal"));
Assert.assertTrue(asgardeoIssuer.getEnvironments().contains("production-us-east-azure"));
Assert.assertTrue(asgardeoIssuer.getEnvironments().contains("production-sandbox-us-east-azure"));
Assert.assertTrue(asgardeoIssuer.getEnvironments().contains("production-internal-us-east-azure"));

Assert.assertNotNull("Token issuer map does not contain keyManager under carbon.super",
KeyManagerHolder.getInstance().getTokenIssuerMap().get("carbon.super"));
Expand Down

0 comments on commit 31491ce

Please sign in to comment.