From b6fc1f6f1f749554bd9ca94594c4f50abd60d013 Mon Sep 17 00:00:00 2001
From: krish <krishan.wijesena@gmail.com>
Date: Mon, 20 Jan 2025 11:45:32 +0530
Subject: [PATCH 1/2] Fix rest API connection CC to enforcer

---
 gateway/enforcer/cmd/main.go                  |  9 ++--
 .../internal/datastore/subs_app_datastore.go  | 52 +++++++++++++++++--
 .../internal/grpc/eventing_grpc_client.go     |  5 +-
 gateway/enforcer/internal/util/http.go        | 29 ++++++++++-
 4 files changed, 83 insertions(+), 12 deletions(-)

diff --git a/gateway/enforcer/cmd/main.go b/gateway/enforcer/cmd/main.go
index 19076b413..df45258c0 100644
--- a/gateway/enforcer/cmd/main.go
+++ b/gateway/enforcer/cmd/main.go
@@ -4,10 +4,11 @@ import (
 	"time"
 
 	"github.com/wso2/apk/gateway/enforcer/internal/config"
+	"github.com/wso2/apk/gateway/enforcer/internal/datastore"
+	"github.com/wso2/apk/gateway/enforcer/internal/extproc"
 	"github.com/wso2/apk/gateway/enforcer/internal/grpc"
 	"github.com/wso2/apk/gateway/enforcer/internal/util"
 	"github.com/wso2/apk/gateway/enforcer/internal/xds"
-	"github.com/wso2/apk/gateway/enforcer/internal/extproc"
 )
 
 func main() {
@@ -27,13 +28,13 @@ func main() {
 
 	//Create the TLS configuration
 	tlsConfig := util.CreateTLSConfig(clientCert, certPool)
-	client := grpc.NewEventingGRPCClient(host, port, cfg.XdsMaxRetries, time.Duration(cfg.XdsRetryPeriod)*time.Millisecond, tlsConfig, cfg, nil)
+	client := grpc.NewEventingGRPCClient(host, port, cfg.XdsMaxRetries, time.Duration(cfg.XdsRetryPeriod)*time.Second, tlsConfig, cfg, datastore.NewDataStore(cfg))
 	// Start the connection
 	client.InitiateEventingGRPCConnection()
 
 	// Create the XDS clients
-	apiStore, _,_ := xds.CreateXDSClients(cfg)
-	
+	apiStore, _, _ := xds.CreateXDSClients(cfg)
+
 	// Start the external processing server
 	go extproc.StartExternalProcessingServer(cfg, apiStore)
 
diff --git a/gateway/enforcer/internal/datastore/subs_app_datastore.go b/gateway/enforcer/internal/datastore/subs_app_datastore.go
index 803cb33ce..b5dc2515f 100644
--- a/gateway/enforcer/internal/datastore/subs_app_datastore.go
+++ b/gateway/enforcer/internal/datastore/subs_app_datastore.go
@@ -18,10 +18,12 @@
 package datastore
 
 import (
+	"crypto/tls"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"io/ioutil"
+	"log"
 	"sync"
 
 	subscription_model "github.com/wso2/apk/common-go-libs/pkg/server/model"
@@ -214,7 +216,12 @@ func (ds *SubscriptionApplicationDataStore) LoadStartupData() error {
 // Get all applications
 func (ds *SubscriptionApplicationDataStore) getAllApplications() (*subscription_model.ApplicationList, error) {
 	url := fmt.Sprintf("%s/applications", ds.commonControllerRestBaseURL)
-	resp, err := util.MakeGETRequest(url)
+	// Get the TLS configuration
+	tlsConfig, err := GetTLSConfig()
+	if err != nil {
+		return nil, fmt.Errorf("failed to get TLS config: %w", err)
+	}
+	resp, err := util.MakeGETRequest(url, tlsConfig)
 	if err != nil {
 		return nil, err
 	}
@@ -225,13 +232,20 @@ func (ds *SubscriptionApplicationDataStore) getAllApplications() (*subscription_
 	if err := json.Unmarshal(body, &result); err != nil {
 		return nil, err
 	}
+	log.Println("Applications: ", result)
 	return &result, nil
 }
 
 // Get all subscriptions
 func (ds *SubscriptionApplicationDataStore) getAllSubscriptions() (*subscription_model.SubscriptionList, error) {
 	url := fmt.Sprintf("%s/subscriptions", ds.commonControllerRestBaseURL)
-	resp, err := util.MakeGETRequest(url)
+	// Get the TLS configuration
+	tlsConfig, err := GetTLSConfig()
+	if err != nil {
+		return nil, fmt.Errorf("failed to get TLS config: %w", err)
+	}
+	resp, err := util.MakeGETRequest(url, tlsConfig)
+	log.Println("Response: ", resp)
 	if err != nil {
 		return nil, err
 	}
@@ -242,13 +256,18 @@ func (ds *SubscriptionApplicationDataStore) getAllSubscriptions() (*subscription
 	if err := json.Unmarshal(body, &result); err != nil {
 		return nil, err
 	}
+	log.Println("Subscription: ", result)
 	return &result, nil
 }
 
 // Get all application mappings
 func (ds *SubscriptionApplicationDataStore) getAllApplicationMappings() (*subscription_model.ApplicationMappingList, error) {
 	url := fmt.Sprintf("%s/applicationmappings", ds.commonControllerRestBaseURL)
-	resp, err := util.MakeGETRequest(url)
+	tlsConfig, err := GetTLSConfig()
+	if err != nil {
+		return nil, fmt.Errorf("failed to get TLS config: %w", err)
+	}
+	resp, err := util.MakeGETRequest(url, tlsConfig)
 	if err != nil {
 		return nil, err
 	}
@@ -265,7 +284,11 @@ func (ds *SubscriptionApplicationDataStore) getAllApplicationMappings() (*subscr
 // Get all application key mappings
 func (ds *SubscriptionApplicationDataStore) getAllApplicationKeyMappings() (*subscription_model.ApplicationKeyMappingList, error) {
 	url := fmt.Sprintf("%s/applicationkeymappings", ds.commonControllerRestBaseURL)
-	resp, err := util.MakeGETRequest(url)
+	tlsConfig, err := GetTLSConfig()
+	if err != nil {
+		return nil, fmt.Errorf("failed to get TLS config: %w", err)
+	}
+	resp, err := util.MakeGETRequest(url, tlsConfig)
 	if err != nil {
 		return nil, err
 	}
@@ -278,3 +301,24 @@ func (ds *SubscriptionApplicationDataStore) getAllApplicationKeyMappings() (*sub
 	}
 	return &result, nil
 }
+
+// GetTLSConfig loads and returns a TLS configuration
+func GetTLSConfig() (*tls.Config, error) {
+	cfg := config.GetConfig()
+
+	// Load the client certificate and private key
+	clientCert, err := util.LoadCertificates(cfg.EnforcerPublicKeyPath, cfg.EnforcerPrivateKeyPath)
+	if err != nil {
+		return nil, fmt.Errorf("failed to load client certificate and private key: %w", err)
+	}
+
+	// Load the trusted CA certificates
+	certPool, err := util.LoadCACertificates(cfg.TrustedAdapterCertsPath)
+	if err != nil {
+		return nil, fmt.Errorf("failed to load trusted CA certificates: %w", err)
+	}
+
+	// Create and return the TLS configuration
+	tlsConfig := util.CreateTLSConfig(clientCert, certPool)
+	return tlsConfig, nil
+}
diff --git a/gateway/enforcer/internal/grpc/eventing_grpc_client.go b/gateway/enforcer/internal/grpc/eventing_grpc_client.go
index 1ce689754..522e725e3 100644
--- a/gateway/enforcer/internal/grpc/eventing_grpc_client.go
+++ b/gateway/enforcer/internal/grpc/eventing_grpc_client.go
@@ -104,12 +104,13 @@ func (c *EventingGRPCClient) InitiateEventingGRPCConnection() {
 				return
 			}
 			c.log.Info(fmt.Sprintf("Received config: %v", resp))
+			c.HandleNotificationEvent(resp)
 		}
 	}()
 }
 
-// handleNotificationEvent translates the Java method to Go
-func (c *EventingGRPCClient) handleNotificationEvent(event *subscription_proto_model.Event) {
+// HandleNotificationEvent translates the Java method to Go
+func (c *EventingGRPCClient) HandleNotificationEvent(event *subscription_proto_model.Event) {
 	switch event.Type {
 	case "ALL_EVENTS":
 		log.Println("Received all events from the server")
diff --git a/gateway/enforcer/internal/util/http.go b/gateway/enforcer/internal/util/http.go
index 4525d545f..e809c10ae 100644
--- a/gateway/enforcer/internal/util/http.go
+++ b/gateway/enforcer/internal/util/http.go
@@ -18,17 +18,42 @@
 package util
 
 import (
+	"crypto/tls"
+	"log"
 	"net/http"
 )
 
 // MakeGETRequest HTTP client for making GET requests
-func MakeGETRequest(url string) (*http.Response, error) {
-	client := &http.Client{}
+// func MakeGETRequest(url string) (*http.Response, error) {
+// 	client := &http.Client{}
+// 	req, err := http.NewRequest("GET", url, nil)
+// 	if err != nil {
+// 		return nil, err
+// 	}
+// 	req.Header.Set("Content-Type", "application/json")
+// 	log.Println("GET Request: ", req)
+// 	return client.Do(req)
+// }
+
+// MakeGETRequest HTTP client for making GET requests with custom TLS config
+func MakeGETRequest(url string, tlsConfig *tls.Config) (*http.Response, error) {
+	// Create a custom HTTP client with the provided TLS configuration
+	tr := &http.Transport{
+		TLSClientConfig: tlsConfig,
+	}
+	client := &http.Client{Transport: tr}
+
+	// Create the HTTP request
 	req, err := http.NewRequest("GET", url, nil)
 	if err != nil {
 		return nil, err
 	}
+
+	// Set request headers
 	req.Header.Set("Content-Type", "application/json")
 
+	log.Println("GET Request: ", req)
+
+	// Execute the request
 	return client.Do(req)
 }

From a497dad07f2327640d094911b99b2e2634a8977c Mon Sep 17 00:00:00 2001
From: krish <krishan.wijesena@gmail.com>
Date: Mon, 20 Jan 2025 11:47:11 +0530
Subject: [PATCH 2/2] Add changes

---
 gateway/enforcer/internal/util/http.go | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/gateway/enforcer/internal/util/http.go b/gateway/enforcer/internal/util/http.go
index e809c10ae..d7f252a84 100644
--- a/gateway/enforcer/internal/util/http.go
+++ b/gateway/enforcer/internal/util/http.go
@@ -23,18 +23,6 @@ import (
 	"net/http"
 )
 
-// MakeGETRequest HTTP client for making GET requests
-// func MakeGETRequest(url string) (*http.Response, error) {
-// 	client := &http.Client{}
-// 	req, err := http.NewRequest("GET", url, nil)
-// 	if err != nil {
-// 		return nil, err
-// 	}
-// 	req.Header.Set("Content-Type", "application/json")
-// 	log.Println("GET Request: ", req)
-// 	return client.Do(req)
-// }
-
 // MakeGETRequest HTTP client for making GET requests with custom TLS config
 func MakeGETRequest(url string, tlsConfig *tls.Config) (*http.Response, error) {
 	// Create a custom HTTP client with the provided TLS configuration