Fixes Issues in encrypting and decrypting secrets in gw configurations

Author: msm1992

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIAdminImpl.java

@@ -161,7 +161,9 @@ public List<Environment> getAllEnvironments(String tenantDomain) throws APIManag
         allEnvs.addAll(dynamicEnvs);
 
         for (Environment env : allEnvs) {
-            decryptGatewayConfigurationValues(env);
+            if (env.getProvider().equalsIgnoreCase(APIConstants.EXTERNAL_GATEWAY_VENDOR)) {
+                maskValues(env);
+            }
         }
         return allEnvs;
     }
@@ -200,7 +202,7 @@ public Environment addEnvironment(String tenantDomain, Environment environment)
         validateForUniqueVhostNames(environment);
         Environment environmentToStore =  new Environment(environment);
         encryptGatewayConfigurationValues(null, environmentToStore);
-        apiMgtDAO.addEnvironment(tenantDomain, environment);
+        apiMgtDAO.addEnvironment(tenantDomain, environmentToStore);
         return environment;
     }
 
@@ -217,6 +219,23 @@ public void deleteEnvironment(String tenantDomain, String uuid) throws APIManage
         apiMgtDAO.deleteEnvironment(uuid);
     }
 
+    public Environment getEnvironmentWithoutPropertyMasking(String tenantDomain, String uuid) throws APIManagementException {
+        // priority for configured environments over dynamic environments
+        // name is the UUID of environments configured in api-manager.xml
+        Environment env = APIUtil.getReadOnlyEnvironments().get(uuid);
+        if (env == null) {
+            env = apiMgtDAO.getEnvironment(tenantDomain, uuid);
+            if (env == null) {
+                String errorMessage = String.format("Failed to retrieve Environment with UUID %s. Environment not found",
+                        uuid);
+                throw new APIMgtResourceNotFoundException(errorMessage, ExceptionCodes.from(
+                        ExceptionCodes.GATEWAY_ENVIRONMENT_NOT_FOUND, String.format("UUID '%s'", uuid))
+                );
+            }
+        }
+        return env;
+    }
+
     @Override
     public boolean hasExistingDeployments(String tenantDomain, String uuid) throws APIManagementException {
         Environment existingEnv = getEnvironment(tenantDomain, uuid);
@@ -228,7 +247,7 @@ public boolean hasExistingDeployments(String tenantDomain, String uuid) throws A
     @Override
     public Environment updateEnvironment(String tenantDomain, Environment environment) throws APIManagementException {
         // check if the VHost exists in the tenant domain with given UUID, throw error if not found
-        Environment existingEnv = getEnvironment(tenantDomain, environment.getUuid());
+        Environment existingEnv = getEnvironmentWithoutPropertyMasking(tenantDomain, environment.getUuid());
         if (existingEnv.isReadOnly()) {
             String errorMessage = String.format("Failed to update Environment with UUID '%s'. Environment is read only",
                     environment.getUuid());
@@ -247,6 +266,7 @@ public Environment updateEnvironment(String tenantDomain, Environment environmen
 
         validateForUniqueVhostNames(environment);
         environment.setId(existingEnv.getId());
+        encryptGatewayConfigurationValues(existingEnv, environment);
         Environment updatedEnvironment = apiMgtDAO.updateEnvironment(environment);
         // If the update is successful without throwing an exception
         // Perform a separate task of updating gateway label names
@@ -849,7 +869,7 @@ private KeyManagerConfigurationDTO decryptKeyManagerConfigurationValues(
         return keyManagerConfigurationDTO;
     }
 
-    private Environment decryptGatewayConfigurationValues(Environment environment)
+    public Environment decryptGatewayConfigurationValues(Environment environment)
             throws APIManagementException {
 
         Map<String, String> additionalProperties = environment.getAdditionalProperties();

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/factory/GatewayHolder.java

@@ -26,6 +26,7 @@
 import org.wso2.carbon.apimgt.api.model.GatewayAgentConfiguration;
 import org.wso2.carbon.apimgt.api.model.GatewayConfiguration;
 import org.wso2.carbon.apimgt.api.model.GatewayDeployer;
+import org.wso2.carbon.apimgt.impl.APIAdminImpl;
 import org.wso2.carbon.apimgt.impl.APIConstants;
 import org.wso2.carbon.apimgt.impl.dto.GatewayDto;
 import org.wso2.carbon.apimgt.impl.dto.OrganizationGatewayDto;
@@ -97,12 +98,19 @@ public static GatewayDeployer getTenantGatewayInstance(String organization, Stri
                 Map<String, Environment> environmentMap = APIUtil.getEnvironments(organization);
                 Environment environment = environmentMap.get(gatewayName);
                 if (environment != null) {
+                    // environment fetched from DB might have encrypted properties, hence need to decrypt before
+                    // initializing the deployer
+                    APIAdminImpl apiAdmin = new APIAdminImpl();
+                    Environment resolvedEnvironment = apiAdmin.getEnvironmentWithoutPropertyMasking(organization,
+                            environment.getUuid());
+                    resolvedEnvironment = apiAdmin.decryptGatewayConfigurationValues(resolvedEnvironment);
+
                     GatewayAgentConfiguration gatewayAgentConfiguration = ServiceReferenceHolder.getInstance().
                             getExternalGatewayConnectorConfiguration(environment.getGatewayType());
                     if (gatewayAgentConfiguration != null) {
                         GatewayDeployer deployer = (GatewayDeployer) Class.forName(gatewayAgentConfiguration.getImplementation())
                                 .getDeclaredConstructor().newInstance();
-                        deployer.init(environment);
+                        deployer.init(resolvedEnvironment);
                         return deployer;
 
                     }