Merge branch 'wso2:master' into master

components/apimgt/org.wso2.carbon.apimgt.api/pom.xml

@@ -11,7 +11,7 @@
     <parent>
         <groupId>org.wso2.carbon.apimgt</groupId>
         <artifactId>apimgt</artifactId>
-        <version>9.29.110-SNAPSHOT</version>
+        <version>9.29.120-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/APIProvider.java

@@ -1680,6 +1680,17 @@ Map<String,Object> searchPaginatedAPIProducts(String searchQuery, String tenantD
      */
     API getAPIbyUUID(String uuid, String organization) throws APIManagementException;
 
+    /**
+     * Get API UUID by the API Identifier.
+     *
+     * @param identifier API Identifier
+     * @param organization identifier of the organization
+     * @return String UUID
+     * @throws APIManagementException if an error occurs
+     */
+    String getUUIDFromIdentifier(APIIdentifier identifier, String organization) throws APIManagementException;
+
+
     /**
      * Returns API Search result based on fqdn of the provided endpoint.
      * Returns empty API Search result if endpoint is invalid.

components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/ExceptionCodes.java

@@ -555,7 +555,8 @@ public enum ExceptionCodes implements ErrorHandler {
     // AI service invocation related exceptions
     AI_SERVICE_INVALID_RESPONSE(903100, "Invalid response from AI service", 500, "Error while invoking AI service. %s", false),
     AI_SERVICE_INVALID_ACCESS_TOKEN(903101, "Invalid access token provided for AI service", 401, "Invalid access token provided for AI service"),
-    AI_SERVICE_QUOTA_EXCEEDED(903102, "Quota exceeded for AI service", 429, "Quota exceeded for AI service");
+    AI_SERVICE_QUOTA_EXCEEDED(903102, "Quota exceeded for AI service", 429, "Quota exceeded for AI service"),
+    DOCUMENT_NAME_ILLEGAL_CHARACTERS(902016, "Document name cannot contain illegal characters", 400, "Document name contains one or more illegal characters");
 
     private final long errorCode;
     private final String errorMessage;

components/apimgt/org.wso2.carbon.apimgt.broker.lifecycle/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>apimgt</artifactId>
         <groupId>org.wso2.carbon.apimgt</groupId>
-        <version>9.29.110-SNAPSHOT</version>
+        <version>9.29.120-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/apimgt/org.wso2.carbon.apimgt.cache.invalidation/pom.xml

@@ -19,7 +19,7 @@
     <parent>
         <artifactId>apimgt</artifactId>
         <groupId>org.wso2.carbon.apimgt</groupId>
-        <version>9.29.110-SNAPSHOT</version>
+        <version>9.29.120-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

components/apimgt/org.wso2.carbon.apimgt.cleanup.service/pom.xml

@@ -19,7 +19,7 @@
     <parent>
         <groupId>org.wso2.carbon.apimgt</groupId>
         <artifactId>apimgt</artifactId>
-        <version>9.29.110-SNAPSHOT</version>
+        <version>9.29.120-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/apimgt/org.wso2.carbon.apimgt.common.analytics/pom.xml

@@ -3,7 +3,7 @@
     <parent>
         <groupId>org.wso2.carbon.apimgt</groupId>
         <artifactId>apimgt</artifactId>
-        <version>9.29.110-SNAPSHOT</version>
+        <version>9.29.120-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>

components/apimgt/org.wso2.carbon.apimgt.common.analytics/src/main/java/org/wso2/carbon/apimgt/common/analytics/Constants.java

@@ -28,4 +28,13 @@ public class Constants {
     public static final String ANONYMOUS_VALUE = "anonymous";
     public static final String UNKNOWN_VALUE = "UNKNOWN";
     public static final int UNKNOWN_INT_VALUE = -1;
+    public static final String IPV4_PROP_TYPE = "IPV4";
+    public static final String IPV6_PROP_TYPE = "IPV6";
+    public static final String EMAIL_PROP_TYPE = "EMAIL";
+    public static final String USERNAME_PROP_TYPE = "USERNAME";
+
+    public static final String IPV4_MASK_VALUE = "***";
+    public static final String IPV6_MASK_VALUE = "**";
+    public static final String EMAIL_MASK_VALUE = "*****";
+    public static final String USERNAME_MASK_VALUE = "*****";
 }

components/apimgt/org.wso2.carbon.apimgt.common.analytics/src/main/java/org/wso2/carbon/apimgt/common/analytics/collectors/AnalyticsDataProvider.java

@@ -73,4 +73,7 @@ public interface AnalyticsDataProvider {
     default Map<String, Object> getProperties() {
         return Collections.EMPTY_MAP;
     }
+
+    Map<String, String> getMaskProperties();
+
 }

components/apimgt/org.wso2.carbon.apimgt.common.analytics/src/main/java/org/wso2/carbon/apimgt/common/analytics/collectors/impl/SuccessRequestDataCollector.java

@@ -32,6 +32,18 @@
 import org.wso2.carbon.apimgt.common.analytics.publishers.dto.Target;
 import org.wso2.carbon.apimgt.common.analytics.publishers.impl.SuccessRequestDataPublisher;
 
+import java.util.Iterator;
+import java.util.Map;
+
+import static org.wso2.carbon.apimgt.common.analytics.Constants.EMAIL_MASK_VALUE;
+import static org.wso2.carbon.apimgt.common.analytics.Constants.EMAIL_PROP_TYPE;
+import static org.wso2.carbon.apimgt.common.analytics.Constants.IPV4_MASK_VALUE;
+import static org.wso2.carbon.apimgt.common.analytics.Constants.IPV4_PROP_TYPE;
+import static org.wso2.carbon.apimgt.common.analytics.Constants.IPV6_MASK_VALUE;
+import static org.wso2.carbon.apimgt.common.analytics.Constants.IPV6_PROP_TYPE;
+import static org.wso2.carbon.apimgt.common.analytics.Constants.USERNAME_MASK_VALUE;
+import static org.wso2.carbon.apimgt.common.analytics.Constants.USERNAME_PROP_TYPE;
+
 /**
  * Success request data collector.
  */
@@ -57,6 +69,22 @@ public void collectData() throws AnalyticsException {
 
         Event event = new Event();
         event.setProperties(provider.getProperties());
+
+        // Masking the configured data
+        Map<String, String> maskData = provider.getMaskProperties();
+        Iterator<Map.Entry<String, String>> iterator = maskData.entrySet().iterator();
+        while (iterator.hasNext()) {
+            Map.Entry<String, String> entry = iterator.next();
+            Map<String, Object> props = event.getProperties();
+            if (props != null) {
+                Object value = props.get(entry.getKey());
+                if (value != null) {
+                    String maskStr = maskAnalyticsData(entry.getValue(), value);
+                    props.replace(entry.getKey(), maskStr);
+                }
+            }
+        }
+
         API api = provider.getApi();
         Operation operation = provider.getOperation();
         Target target = provider.getTarget();
@@ -69,17 +97,37 @@ public void collectData() throws AnalyticsException {
         }
         Latencies latencies = provider.getLatencies();
         MetaInfo metaInfo = provider.getMetaInfo();
+
         String userAgent = provider.getUserAgentHeader();
         String userName = provider.getUserName();
+
+        // Mask UserName if configured
+        if (userName != null) {
+            if (maskData.containsKey("api.ut.userName")) {
+                userName = maskAnalyticsData(maskData.get("api.ut.userName"), userName);
+            } else if (maskData.containsKey("api.ut.userId")) {
+                userName = maskAnalyticsData(maskData.get("api.ut.userId"), userName);
+            }
+        }
+
         String userIp = provider.getEndUserIP();
         if (userName == null) {
             userName = Constants.UNKNOWN_VALUE;
         }
         if (userIp == null) {
             userIp = Constants.UNKNOWN_VALUE;
+        } else {
+            // Mask User IP if configured
+            if (maskData.containsKey("api.analytics.user.ip")) {
+                userIp = maskAnalyticsData(maskData.get("api.analytics.user.ip"), userIp);
+            }
         }
         if (userAgent == null) {
             userAgent = Constants.UNKNOWN_VALUE;
+        } else {
+            if (maskData.containsKey("api.analytics.user.agent")) {
+                userAgent = maskAnalyticsData(maskData.get("api.analytics.user.agent"), userAgent);
+            }
         }
 
         event.setApi(api);
@@ -97,4 +145,33 @@ public void collectData() throws AnalyticsException {
         this.processor.publish(event);
     }
 
+    private String maskAnalyticsData(String type, Object value) {
+        if (value instanceof String) {
+            switch (type) {
+                case IPV4_PROP_TYPE:
+                    String[] octets = value.toString().split("\\.");
+
+                    // Sample output: 192.168.***.98
+                    return octets[0] + "." + octets[1] + "." + IPV4_MASK_VALUE + "." + octets[3];
+                case IPV6_PROP_TYPE:
+                    octets = value.toString().split(":");
+
+                    // Sample output: 2001:0db8:85a3:****:****:****:****:7334
+                    return octets[0] + ":" + octets[1] + ":" + octets[2] + ":" + IPV6_MASK_VALUE + ":" + IPV6_MASK_VALUE
+                            + ":" + IPV6_MASK_VALUE + ":" + IPV6_MASK_VALUE + ":" + octets[7];
+                case EMAIL_PROP_TYPE:
+                    String[] email = value.toString().split("@");
+
+                    // Sample output: *****@gmail.com
+                    return EMAIL_MASK_VALUE + "@" + email[1];
+                case USERNAME_PROP_TYPE:
+                    return USERNAME_MASK_VALUE;
+                default:
+                    // Sample output: ********
+                    return USERNAME_MASK_VALUE;
+            }
+        }
+        return null;
+    }
+
 }

components/apimgt/org.wso2.carbon.apimgt.common.gateway/pom.xml

@@ -3,7 +3,7 @@
     <parent>
         <groupId>org.wso2.carbon.apimgt</groupId>
         <artifactId>apimgt</artifactId>
-        <version>9.29.110-SNAPSHOT</version>
+        <version>9.29.120-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>

components/apimgt/org.wso2.carbon.apimgt.common.jms/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <groupId>org.wso2.carbon.apimgt</groupId>
         <artifactId>apimgt</artifactId>
-        <version>9.29.110-SNAPSHOT</version>
+        <version>9.29.120-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>

components/apimgt/org.wso2.carbon.apimgt.core/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>org.wso2.carbon.apimgt</groupId>
         <artifactId>apimgt</artifactId>
-        <version>9.29.110-SNAPSHOT</version>
+        <version>9.29.120-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/apimgt/org.wso2.carbon.apimgt.devops.impl/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.wso2.carbon.apimgt</groupId>
         <artifactId>apimgt</artifactId>
-        <version>9.29.110-SNAPSHOT</version>
+        <version>9.29.120-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/apimgt/org.wso2.carbon.apimgt.eventing.hub/pom.xml

@@ -20,7 +20,7 @@
     <parent>
         <artifactId>apimgt</artifactId>
         <groupId>org.wso2.carbon.apimgt</groupId>
-        <version>9.29.110-SNAPSHOT</version>
+        <version>9.29.120-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/apimgt/org.wso2.carbon.apimgt.eventing/pom.xml

@@ -20,7 +20,7 @@
     <parent>
         <artifactId>apimgt</artifactId>
         <groupId>org.wso2.carbon.apimgt</groupId>
-        <version>9.29.110-SNAPSHOT</version>
+        <version>9.29.120-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/apimgt/org.wso2.carbon.apimgt.gateway/pom.xml

@@ -19,7 +19,7 @@
     <parent>
         <groupId>org.wso2.carbon.apimgt</groupId>
         <artifactId>apimgt</artifactId>
-        <version>9.29.110-SNAPSHOT</version>
+        <version>9.29.120-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/analytics/SynapseAnalyticsDataProvider.java

@@ -314,6 +314,13 @@ public MetaInfo getMetaInfo() {
         return metaInfo;
     }
 
+    @Override
+    public Map<String, String> getMaskProperties() {
+        Map<String, String> maskProperties = ServiceReferenceHolder.getInstance().getApiManagerConfigurationService()
+                .getAPIAnalyticsConfiguration().getMaskDataProperties();
+        return maskProperties;
+    }
+
     @Override
     public int getProxyResponseCode() {
 

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/streaming/websocket/WebSocketAnalyticsDataProvider.java

@@ -254,6 +254,13 @@ public MetaInfo getMetaInfo() {
         return metaInfo;
     }
 
+    @Override
+    public Map<String, String> getMaskProperties() {
+        Map<String, String> maskProperties = ServiceReferenceHolder.getInstance().getApiManagerConfigurationService()
+                .getAPIAnalyticsConfiguration().getMaskDataProperties();
+        return maskProperties;
+    }
+
     @Override
     public int getProxyResponseCode() {
         if (isSuccessRequest()) {

components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/internal/DataHolder.java

@@ -139,11 +139,8 @@ public void addAPIMetaData(API api) {
             log.debug("Adding meta data of API : " + api.getApiName());
         }
         String context = api.getContext();
-        String defaultContext = context;
-        if (!api.getApiType().equals("APIProduct")) {
-            int index = context.lastIndexOf("/" + api.getApiVersion());
-            defaultContext = context.substring(0, index);
-        }
+        int index = context.lastIndexOf("/" + api.getApiVersion());
+        String defaultContext = context.substring(0, index);
         Map<String, API> apiMap;
         if (tenantAPIMap.containsKey(api.getOrganization())) {
             apiMap = tenantAPIMap.get(api.getOrganization());

components/apimgt/org.wso2.carbon.apimgt.impl/pom.xml

@@ -12,7 +12,7 @@
     <parent>
         <groupId>org.wso2.carbon.apimgt</groupId>
         <artifactId>apimgt</artifactId>
-        <version>9.29.110-SNAPSHOT</version>
+        <version>9.29.120-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/AMDefaultKeyManagerImpl.java

@@ -526,7 +526,7 @@ public AccessTokenInfo getTokenMetaData(String accessToken) throws APIManagement
             IntrospectInfo introspectInfo = introspectionClient.introspect(accessToken);
             tokenInfo.setAccessToken(accessToken);
             boolean isActive = introspectInfo.isActive();
-            if (!isActive) {
+            if (!isActive || APIConstants.REFRESH_TOKEN_TYPE.equalsIgnoreCase(introspectInfo.getTokenType())    ) {
                 tokenInfo.setTokenValid(false);
                 tokenInfo.setErrorcode(APIConstants.KeyValidationStatus.API_AUTH_INVALID_CREDENTIALS);
                 return tokenInfo;

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java

@@ -419,6 +419,7 @@ public final class APIConstants {
     public static final String SUBSCRIPTION_USER_TYPE = "USER_TYPE";
     public static final String ACCESS_TOKEN_USER_TYPE_APPLICATION = "APPLICATION";
     public static final String USER_TYPE_END_USER = "END_USER";
+    public static final String REFRESH_TOKEN_TYPE = "Refresh";
     public static final String FIELD_API_NAME = "API_NAME";
     public static final String FIELD_API_VERSION = "API_VERSION";
     public static final String FIELD_CONSUMER_KEY = "CONSUMER_KEY";
@@ -891,6 +892,8 @@ private Permissions() {
     public static final String API_PUBLISHER_ENABLE_API_DOC_VISIBILITY_LEVELS = API_PUBLISHER
             + "EnableAPIDocVisibilityLevels";
     public static final String API_PUBLISHER_ENABLE_PORTAL_CONFIGURATION_ONLY_MODE = API_PUBLISHER + "EnablePortalConfigurationOnlyMode";
+    public static final String API_PUBLISHER_INTERNAL_KEY_ISSUER = API_PUBLISHER +
+            "InternalKeyIssuer";
     // Configuration that need to enable to add access control to APIs in publisher
     public static final String API_PUBLISHER_ENABLE_ACCESS_CONTROL_LEVELS = API_PUBLISHER
             + "EnableAccessControl";
@@ -2183,6 +2186,7 @@ public static class JwtTokenConstants {
         public static final String CONSUMER_KEY = "consumerKey";
         public static final String AUTHORIZED_PARTY = "azp";
         public static final String KEY_ID = "kid";
+        public static final String AUDIENCE = "aud";
         public static final String JWT_ID = "jti";
         public static final String SUBSCRIPTION_TIER = "subscriptionTier";
         public static final String SUBSCRIBER_TENANT_DOMAIN = "subscriberTenantDomain";

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIManagerAnalyticsConfiguration.java

@@ -57,6 +57,7 @@ public class APIManagerAnalyticsConfiguration {
     private String responseSchemaName;
     private String faultSchemaName;
     private Map<String, String> reporterProperties;
+    private Map<String, String> maskDataProperties;
 
     private APIManagerAnalyticsConfiguration() {
     }
@@ -77,6 +78,7 @@ public void setAPIManagerConfiguration(APIManagerConfiguration config){
             this.responseSchemaName = config.getFirstProperty(APIConstants.API_ANALYTICS_RESPONSE_SCHEMA_NAME);
             this.faultSchemaName = config.getFirstProperty(APIConstants.API_ANALYTICS_FAULT_SCHEMA_NAME);
             this.reporterProperties = config.getAnalyticsProperties();
+            this.maskDataProperties = config.getAnalyticsMaskProperties();
         }
     }
 
@@ -235,6 +237,9 @@ public void setReporterClass(String reporterClass) {
     public Map<String, String> getReporterProperties() {
         return reporterProperties;
     }
+    public Map<String, String> getMaskDataProperties() {
+        return maskDataProperties;
+    }
 
     public void setReporterProperties(Map<String, String> reporterProperties) {
         this.reporterProperties = reporterProperties;