Skip to content

Commit

Permalink
Fixed Missing certificate error when sending the HEAD request
Browse files Browse the repository at this point in the history
  • Loading branch information
@thisaltennakoon
thisaltennakoon committed Jan 20, 2025
1 parent f6a7785 commit 63c5c94
Show file tree
Hide file tree
Showing 7 changed files with 184 additions and 36 deletions.
5 changes: 3 additions & 2 deletions ...rg.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIProviderImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4046,10 +4046,11 @@ public int addCertificate(String userName, String certificate, String alias, Str
int tenantId = ServiceReferenceHolder.getInstance().getRealmService().getTenantManager()
.getTenantId(tenantDomain);
responseCode = certificateManager
.addCertificateToParentNode(certificate, alias, endpoint, tenantId);
.addCertificate(certificate, alias, endpoint, tenantId);
CertificateEvent certificateEvent = new CertificateEvent(UUID.randomUUID().toString(),
System.currentTimeMillis(),APIConstants.EventType.ENDPOINT_CERTIFICATE_ADD.toString(),
tenantDomain,alias,endpoint);
certificateEvent.setTenantId(tenantId);
APIUtil.sendNotification(certificateEvent, APIConstants.NotifierType.CERTIFICATE.name());
} catch (UserStoreException e) {
handleException("Error while reading tenant information", e);
Expand Down Expand Up @@ -4080,7 +4081,7 @@ public int deleteCertificate(String userName, String alias, String endpoint) thr
try {
int tenantId = ServiceReferenceHolder.getInstance().getRealmService().getTenantManager()
.getTenantId(tenantDomain);
responseCode = certificateManager.deleteCertificateFromParentNode(alias, endpoint, tenantId);
responseCode = certificateManager.deleteCertificate(alias, endpoint, tenantId);
CertificateEvent certificateEvent = new CertificateEvent(UUID.randomUUID().toString(),
System.currentTimeMillis(), APIConstants.EventType.ENDPOINT_CERTIFICATE_REMOVE.toString(),
tenantDomain, alias, endpoint);
Expand Down
4 changes: 2 additions & 2 deletions ...mgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/certificatemgt/CertificateManager.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ public interface CertificateManager {
* CERTIFICATE_EXPIRED : If the certificate is expired.
* CERTIFICATE_FOR_ENDPOINT_EXISTS : If the endpoint exists in the database.
*/
ResponseCode addCertificateToParentNode(String certificate, String alias, String endpoint, int tenantId);
ResponseCode addCertificate(String certificate, String alias, String endpoint, int tenantId);

/**
* Method to delete certificate from publisher trust store.
Expand All @@ -57,7 +57,7 @@ public interface CertificateManager {
* INTERNAL_SERVER_ERROR: If any internal error occurred
* CERTIFICATE_NOT_FOUND : If Certificate is not found in the trust store.
*/
ResponseCode deleteCertificateFromParentNode(String alias, String endpoint, int tenantId);
ResponseCode deleteCertificate(String alias, String endpoint, int tenantId);

/**
* Method to add the certificate to gateway nodes.
Expand Down
68 changes: 47 additions & 21 deletions ...impl/src/main/java/org/wso2/carbon/apimgt/impl/certificatemgt/CertificateManagerImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,38 +78,55 @@ private CertificateManagerImpl() {
}

@Override
public ResponseCode addCertificateToParentNode(String certificate, String alias, String endpoint, int tenantId) {
public ResponseCode addCertificate(String certificate, String alias, String endpoint, int tenantId) {

try {
if (certificateMgtDAO.addCertificate(certificate, alias, endpoint, tenantId)) {
ResponseCode responseCode = certificateMgtUtils.addCertificateToTrustStore(certificate, alias);
if (responseCode.getResponseCode() ==
ResponseCode.INTERNAL_SERVER_ERROR.getResponseCode()) {
log.error("Error adding the certificate to Publisher Trust Store. Rolling back...");
certificateMgtDAO.deleteCertificate(alias, endpoint, tenantId);
} else if (responseCode.getResponseCode() == ResponseCode.ALIAS_EXISTS_IN_TRUST_STORE
.getResponseCode()) {
log.error("Could not add Certificate to Trust Store. Certificate Exists. Rolling back...");
certificateMgtDAO.deleteCertificate(alias, endpoint, tenantId);
} else if (responseCode.getResponseCode() == ResponseCode.CERTIFICATE_EXPIRED.getResponseCode()) {
log.error("Could not add Certificate. Certificate has already expired.");
certificateMgtDAO.deleteCertificate(alias, endpoint, tenantId);
if (StringUtils.isNotEmpty(certificate)) {
if (certificateMgtDAO.addCertificate(certificate, alias, endpoint, tenantId)) {
ResponseCode responseCode = certificateMgtUtils.addCertificateToTrustStore(certificate, alias);
if (responseCode.getResponseCode() ==
ResponseCode.INTERNAL_SERVER_ERROR.getResponseCode()) {
log.error("Error adding the certificate to Publisher Trust Store. Rolling back...");
certificateMgtDAO.deleteCertificate(alias, endpoint, tenantId);
} else if (responseCode.getResponseCode() == ResponseCode.ALIAS_EXISTS_IN_TRUST_STORE
.getResponseCode()) {
log.error("Could not add Certificate to Trust Store. Certificate Exists. Rolling back...");
certificateMgtDAO.deleteCertificate(alias, endpoint, tenantId);
} else if (responseCode.getResponseCode() == ResponseCode.CERTIFICATE_EXPIRED.getResponseCode()) {
log.error("Could not add Certificate. Certificate has already expired.");
certificateMgtDAO.deleteCertificate(alias, endpoint, tenantId);
} else {
log.info("Certificate is successfully added to the Publisher client Trust Store with Alias '"
+ alias + "'");
}
return responseCode;
} else {
log.info("Certificate is successfully added to the Publisher client Trust Store with Alias '"
log.error("Error persisting the certificate meta data in db. Certificate could not be added to " +
"publisher Trust Store.");
return ResponseCode.INTERNAL_SERVER_ERROR;
}
} else if (StringUtils.isEmpty(certificate) && certificateMgtDAO.isCertificateExist(alias, tenantId)) {
// Get the certificate from the database
CertificateMetadataDTO certificateMetadataDTO = certificateMgtDAO.getCertificate(alias, endpoint, tenantId);
ResponseCode responseCode = certificateMgtUtils.addCertificateToTrustStore(certificateMetadataDTO.getCertificate(),
certificateMetadataDTO.getAlias());
if (responseCode == ResponseCode.INTERNAL_SERVER_ERROR) {
log.error("Error adding the certificate to Publisher trust store.");
} else if (responseCode == ResponseCode.CERTIFICATE_EXPIRED) {
log.error("Unable to add the certificate because it has already expired.");
} else if (responseCode == ResponseCode.SUCCESS) {
log.info("The certificate has been successfully added to the Publisher Client trust store with the alias '"
+ alias + "'");
}
return responseCode;
} else {
log.error("Error persisting the certificate meta data in db. Certificate could not be added to " +
"publisher Trust Store.");
return ResponseCode.INTERNAL_SERVER_ERROR;
}
} catch (CertificateManagementException e) {
log.error("Error when persisting/ deleting certificate metadata. ", e);
return ResponseCode.INTERNAL_SERVER_ERROR;
} catch (CertificateAliasExistsException e) {
return ResponseCode.ALIAS_EXISTS_IN_TRUST_STORE;
}
return null;
}

@Override
Expand Down Expand Up @@ -137,7 +154,7 @@ public ResponseCode addClientCertificate(Identifier apiIdentifier, String certif
}

@Override
public ResponseCode deleteCertificateFromParentNode(String alias, String endpoint, int tenantId) {
public ResponseCode deleteCertificate(String alias, String endpoint, int tenantId) {

try {
List<CertificateMetadataDTO> certificateMetadataDTOList =
Expand All @@ -164,14 +181,23 @@ public ResponseCode deleteCertificateFromParentNode(String alias, String endpoin
".");
return ResponseCode.INTERNAL_SERVER_ERROR;
}
} else {
// When certificate is not exist in the database but exist in the trust store
ResponseCode responseCode = certificateMgtUtils.removeCertificateFromTrustStore(alias);
if (responseCode == ResponseCode.INTERNAL_SERVER_ERROR) {
log.error("Error removing the Certificate from the trust store.");
} else if (responseCode == ResponseCode.SUCCESS) {
log.info("The certificate has been successfully removed from the Publisher trust store with alias '"
+ alias + "'");
}
return responseCode;
}
} catch (CertificateManagementException e) {
log.error("Error persisting/ deleting certificate metadata. ", e);
return ResponseCode.INTERNAL_SERVER_ERROR;
} catch (CertificateAliasExistsException e) {
return ResponseCode.ALIAS_EXISTS_IN_TRUST_STORE;
}
return ResponseCode.CERTIFICATE_NOT_FOUND;
}

@Override
Expand Down
9 changes: 9 additions & 0 deletions ...2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/CertificateMgtDAO.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -224,6 +224,15 @@ public boolean addCertificate(String certificate, String alias, String endpoint,
return result;
}

public boolean isCertificateExist(String alias, int tenantId) throws CertificateManagementException {
try (Connection connection = APIMgtDBUtil.getConnection()) {
return isCertificateExist(connection, alias, tenantId);
} catch (SQLException e) {
handleException("Error while retrieving connection or checking whether certificate exist", e);
}
return false;
}

private boolean isCertificateExist(Connection connection, String alias,int tenantId) throws SQLException {
String query = SQLConstants.CertificateConstants.CERTIFICATE_EXIST;
try (PreparedStatement preparedStatement = connection.prepareStatement(query)) {
Expand Down
22 changes: 11 additions & 11 deletions .../src/test/java/org/wso2/carbon/apimgt/impl/certificatemgt/CertificateManagerImplTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ public void testAddToPublisher() throws CertificateAliasExistsException, Certifi
String.class))
.toReturn(ResponseCode.SUCCESS);
ResponseCode result =
certificateManager.addCertificateToParentNode(BASE64_ENCODED_CERT, ALIAS, END_POINT, TENANT_ID);
certificateManager.addCertificate(BASE64_ENCODED_CERT, ALIAS, END_POINT, TENANT_ID);
Assert.assertEquals(ResponseCode.SUCCESS, result);
}

Expand All @@ -125,7 +125,7 @@ public void testAddToPublisherWithInternalServerError() throws CertificateAliasE
PowerMockito.stub(PowerMockito.method(CertificateMgtUtils.class, "addCertificateToTrustStore", String.class,
String.class))
.toReturn(ResponseCode.INTERNAL_SERVER_ERROR);
ResponseCode responseCode = certificateManager.addCertificateToParentNode(BASE64_ENCODED_CERT, ALIAS,
ResponseCode responseCode = certificateManager.addCertificate(BASE64_ENCODED_CERT, ALIAS,
END_POINT, TENANT_ID);
Assert.assertEquals(ResponseCode.INTERNAL_SERVER_ERROR, responseCode);
}
Expand All @@ -140,7 +140,7 @@ public void testAddToPublisherWithExpiredCertificate()
PowerMockito.stub(PowerMockito.method(CertificateMgtUtils.class, "addCertificateToTrustStore",String.class,
String.class))
.toReturn(ResponseCode.CERTIFICATE_EXPIRED);
ResponseCode responseCode = certificateManager.addCertificateToParentNode(BASE64_ENCODED_CERT, ALIAS,
ResponseCode responseCode = certificateManager.addCertificate(BASE64_ENCODED_CERT, ALIAS,
END_POINT, TENANT_ID);
Assert.assertEquals(ResponseCode.CERTIFICATE_EXPIRED, responseCode);
}
Expand All @@ -153,7 +153,7 @@ public void testAddToPublisherWithExistingAlias()
PowerMockito.stub(PowerMockito
.method(CertificateMgtUtils.class, "addCertificateToTrustStore", String.class, String.class))
.toReturn(ResponseCode.ALIAS_EXISTS_IN_TRUST_STORE);
ResponseCode responseCode = certificateManager.addCertificateToParentNode(BASE64_ENCODED_CERT, ALIAS,
ResponseCode responseCode = certificateManager.addCertificate(BASE64_ENCODED_CERT, ALIAS,
END_POINT, TENANT_ID);
Assert.assertEquals(ResponseCode.ALIAS_EXISTS_IN_TRUST_STORE, responseCode);
}
Expand All @@ -162,7 +162,7 @@ public void testAddToPublisherWithExistingAlias()
public void testAddToPublisherWhenDBError() {

PowerMockito.stub(PowerMockito.method(CertificateMgtDAO.class, "addCertificate")).toReturn(false);
ResponseCode responseCode = certificateManager.addCertificateToParentNode(BASE64_ENCODED_CERT, ALIAS,
ResponseCode responseCode = certificateManager.addCertificate(BASE64_ENCODED_CERT, ALIAS,
END_POINT, TENANT_ID);
Assert.assertEquals(ResponseCode.INTERNAL_SERVER_ERROR, responseCode);
}
Expand All @@ -173,7 +173,7 @@ public void testAddToPublisherWithExistingAliasInDB()

Mockito.when(certificateMgtDAO.addCertificate(BASE64_ENCODED_CERT, ALIAS, END_POINT, TENANT_ID))
.thenThrow(CertificateAliasExistsException.class);
ResponseCode responseCode = certificateManager.addCertificateToParentNode(BASE64_ENCODED_CERT, ALIAS,
ResponseCode responseCode = certificateManager.addCertificate(BASE64_ENCODED_CERT, ALIAS,
END_POINT, TENANT_ID);
Assert.assertEquals(ResponseCode.ALIAS_EXISTS_IN_TRUST_STORE, responseCode);
}
Expand All @@ -190,7 +190,7 @@ public void testRemoveFromPublisher() throws CertificateManagementException {
certificateMetadataDTO.setEndpoint(END_POINT);
certificateMetadataDTOList.add(certificateMetadataDTO);
Mockito.when(certificateMgtDAO.getCertificates(ALIAS, null, TENANT_ID)).thenReturn(certificateMetadataDTOList);
ResponseCode responseCode = certificateManager.deleteCertificateFromParentNode(ALIAS, END_POINT, TENANT_ID);
ResponseCode responseCode = certificateManager.deleteCertificate(ALIAS, END_POINT, TENANT_ID);
Assert.assertEquals(ResponseCode.SUCCESS, responseCode);
}

Expand All @@ -206,7 +206,7 @@ public void testRemoveFromPublisherInternalServerError() throws CertificateManag
certificateMetadataDTO.setEndpoint(END_POINT);
certificateMetadataDTOList.add(certificateMetadataDTO);
Mockito.when(certificateMgtDAO.getCertificates(ALIAS, null, TENANT_ID)).thenReturn(certificateMetadataDTOList);
ResponseCode responseCode = certificateManager.deleteCertificateFromParentNode(ALIAS, END_POINT, TENANT_ID);
ResponseCode responseCode = certificateManager.deleteCertificate(ALIAS, END_POINT, TENANT_ID);
Assert.assertEquals(ResponseCode.INTERNAL_SERVER_ERROR, responseCode);
}

Expand All @@ -221,7 +221,7 @@ public void testRemoveFromPublisherCertificateNotFound() {
} catch (CertificateManagementException | CertificateAliasExistsException e) {
e.printStackTrace();
}
ResponseCode responseCode = certificateManager.deleteCertificateFromParentNode(ALIAS, END_POINT, TENANT_ID);
ResponseCode responseCode = certificateManager.deleteCertificate(ALIAS, END_POINT, TENANT_ID);
Assert.assertEquals(ResponseCode.CERTIFICATE_NOT_FOUND, responseCode);
}

Expand Down Expand Up @@ -250,7 +250,7 @@ public void testRemoveFromPublisherCertificateManagementException() {
e.printStackTrace();
}
ResponseCode responseCode = certificateManager
.deleteCertificateFromParentNode("testRemoveFromPublisherCertificateManagementException",
.deleteCertificate("testRemoveFromPublisherCertificateManagementException",
"testRemoveFromPublisherCertificateManagementException", TENANT_ID);
Assert.assertEquals(ResponseCode.INTERNAL_SERVER_ERROR, responseCode);
}
Expand Down Expand Up @@ -278,7 +278,7 @@ public void testRemoveFromPublisherWithInternalServerErrorWhenDeleting() {
e.printStackTrace();
}
ResponseCode responseCode = certificateManager
.deleteCertificateFromParentNode("testRemoveFromPublisherWithInternalServerErrorWhenDeleting",
.deleteCertificate("testRemoveFromPublisherWithInternalServerErrorWhenDeleting",
"testRemoveFromPublisherWithInternalServerErrorWhenDeleting", TENANT_ID);
Assert.assertEquals(ResponseCode.INTERNAL_SERVER_ERROR, responseCode);
}
Expand Down
Loading

0 comments on commit 63c5c94

Please sign in to comment.