diff --git a/gateway/enforcer/cmd/main.go b/gateway/enforcer/cmd/main.go index 19076b413..df45258c0 100644 --- a/gateway/enforcer/cmd/main.go +++ b/gateway/enforcer/cmd/main.go @@ -4,10 +4,11 @@ import ( "time" "github.com/wso2/apk/gateway/enforcer/internal/config" + "github.com/wso2/apk/gateway/enforcer/internal/datastore" + "github.com/wso2/apk/gateway/enforcer/internal/extproc" "github.com/wso2/apk/gateway/enforcer/internal/grpc" "github.com/wso2/apk/gateway/enforcer/internal/util" "github.com/wso2/apk/gateway/enforcer/internal/xds" - "github.com/wso2/apk/gateway/enforcer/internal/extproc" ) func main() { @@ -27,13 +28,13 @@ func main() { //Create the TLS configuration tlsConfig := util.CreateTLSConfig(clientCert, certPool) - client := grpc.NewEventingGRPCClient(host, port, cfg.XdsMaxRetries, time.Duration(cfg.XdsRetryPeriod)*time.Millisecond, tlsConfig, cfg, nil) + client := grpc.NewEventingGRPCClient(host, port, cfg.XdsMaxRetries, time.Duration(cfg.XdsRetryPeriod)*time.Second, tlsConfig, cfg, datastore.NewDataStore(cfg)) // Start the connection client.InitiateEventingGRPCConnection() // Create the XDS clients - apiStore, _,_ := xds.CreateXDSClients(cfg) - + apiStore, _, _ := xds.CreateXDSClients(cfg) + // Start the external processing server go extproc.StartExternalProcessingServer(cfg, apiStore) diff --git a/gateway/enforcer/internal/datastore/subs_app_datastore.go b/gateway/enforcer/internal/datastore/subs_app_datastore.go index 803cb33ce..b5dc2515f 100644 --- a/gateway/enforcer/internal/datastore/subs_app_datastore.go +++ b/gateway/enforcer/internal/datastore/subs_app_datastore.go @@ -18,10 +18,12 @@ package datastore import ( + "crypto/tls" "encoding/json" "errors" "fmt" "io/ioutil" + "log" "sync" subscription_model "github.com/wso2/apk/common-go-libs/pkg/server/model" @@ -214,7 +216,12 @@ func (ds *SubscriptionApplicationDataStore) LoadStartupData() error { // Get all applications func (ds *SubscriptionApplicationDataStore) getAllApplications() (*subscription_model.ApplicationList, error) { url := fmt.Sprintf("%s/applications", ds.commonControllerRestBaseURL) - resp, err := util.MakeGETRequest(url) + // Get the TLS configuration + tlsConfig, err := GetTLSConfig() + if err != nil { + return nil, fmt.Errorf("failed to get TLS config: %w", err) + } + resp, err := util.MakeGETRequest(url, tlsConfig) if err != nil { return nil, err } @@ -225,13 +232,20 @@ func (ds *SubscriptionApplicationDataStore) getAllApplications() (*subscription_ if err := json.Unmarshal(body, &result); err != nil { return nil, err } + log.Println("Applications: ", result) return &result, nil } // Get all subscriptions func (ds *SubscriptionApplicationDataStore) getAllSubscriptions() (*subscription_model.SubscriptionList, error) { url := fmt.Sprintf("%s/subscriptions", ds.commonControllerRestBaseURL) - resp, err := util.MakeGETRequest(url) + // Get the TLS configuration + tlsConfig, err := GetTLSConfig() + if err != nil { + return nil, fmt.Errorf("failed to get TLS config: %w", err) + } + resp, err := util.MakeGETRequest(url, tlsConfig) + log.Println("Response: ", resp) if err != nil { return nil, err } @@ -242,13 +256,18 @@ func (ds *SubscriptionApplicationDataStore) getAllSubscriptions() (*subscription if err := json.Unmarshal(body, &result); err != nil { return nil, err } + log.Println("Subscription: ", result) return &result, nil } // Get all application mappings func (ds *SubscriptionApplicationDataStore) getAllApplicationMappings() (*subscription_model.ApplicationMappingList, error) { url := fmt.Sprintf("%s/applicationmappings", ds.commonControllerRestBaseURL) - resp, err := util.MakeGETRequest(url) + tlsConfig, err := GetTLSConfig() + if err != nil { + return nil, fmt.Errorf("failed to get TLS config: %w", err) + } + resp, err := util.MakeGETRequest(url, tlsConfig) if err != nil { return nil, err } @@ -265,7 +284,11 @@ func (ds *SubscriptionApplicationDataStore) getAllApplicationMappings() (*subscr // Get all application key mappings func (ds *SubscriptionApplicationDataStore) getAllApplicationKeyMappings() (*subscription_model.ApplicationKeyMappingList, error) { url := fmt.Sprintf("%s/applicationkeymappings", ds.commonControllerRestBaseURL) - resp, err := util.MakeGETRequest(url) + tlsConfig, err := GetTLSConfig() + if err != nil { + return nil, fmt.Errorf("failed to get TLS config: %w", err) + } + resp, err := util.MakeGETRequest(url, tlsConfig) if err != nil { return nil, err } @@ -278,3 +301,24 @@ func (ds *SubscriptionApplicationDataStore) getAllApplicationKeyMappings() (*sub } return &result, nil } + +// GetTLSConfig loads and returns a TLS configuration +func GetTLSConfig() (*tls.Config, error) { + cfg := config.GetConfig() + + // Load the client certificate and private key + clientCert, err := util.LoadCertificates(cfg.EnforcerPublicKeyPath, cfg.EnforcerPrivateKeyPath) + if err != nil { + return nil, fmt.Errorf("failed to load client certificate and private key: %w", err) + } + + // Load the trusted CA certificates + certPool, err := util.LoadCACertificates(cfg.TrustedAdapterCertsPath) + if err != nil { + return nil, fmt.Errorf("failed to load trusted CA certificates: %w", err) + } + + // Create and return the TLS configuration + tlsConfig := util.CreateTLSConfig(clientCert, certPool) + return tlsConfig, nil +} diff --git a/gateway/enforcer/internal/grpc/eventing_grpc_client.go b/gateway/enforcer/internal/grpc/eventing_grpc_client.go index 1ce689754..522e725e3 100644 --- a/gateway/enforcer/internal/grpc/eventing_grpc_client.go +++ b/gateway/enforcer/internal/grpc/eventing_grpc_client.go @@ -104,12 +104,13 @@ func (c *EventingGRPCClient) InitiateEventingGRPCConnection() { return } c.log.Info(fmt.Sprintf("Received config: %v", resp)) + c.HandleNotificationEvent(resp) } }() } -// handleNotificationEvent translates the Java method to Go -func (c *EventingGRPCClient) handleNotificationEvent(event *subscription_proto_model.Event) { +// HandleNotificationEvent translates the Java method to Go +func (c *EventingGRPCClient) HandleNotificationEvent(event *subscription_proto_model.Event) { switch event.Type { case "ALL_EVENTS": log.Println("Received all events from the server") diff --git a/gateway/enforcer/internal/util/http.go b/gateway/enforcer/internal/util/http.go index 4525d545f..d7f252a84 100644 --- a/gateway/enforcer/internal/util/http.go +++ b/gateway/enforcer/internal/util/http.go @@ -18,17 +18,30 @@ package util import ( + "crypto/tls" + "log" "net/http" ) -// MakeGETRequest HTTP client for making GET requests -func MakeGETRequest(url string) (*http.Response, error) { - client := &http.Client{} +// MakeGETRequest HTTP client for making GET requests with custom TLS config +func MakeGETRequest(url string, tlsConfig *tls.Config) (*http.Response, error) { + // Create a custom HTTP client with the provided TLS configuration + tr := &http.Transport{ + TLSClientConfig: tlsConfig, + } + client := &http.Client{Transport: tr} + + // Create the HTTP request req, err := http.NewRequest("GET", url, nil) if err != nil { return nil, err } + + // Set request headers req.Header.Set("Content-Type", "application/json") + log.Println("GET Request: ", req) + + // Execute the request return client.Do(req) }