Add secure vault support for OAuth endpoint level proxy password

Author: thisaltennakoon

Diff for: components/apimgt/org.wso2.carbon.apimgt.api/src/main/java/org/wso2/carbon/apimgt/api/model/EndpointSecurity.java

@@ -284,6 +284,7 @@ public static class ProxyConfigs {
         private String proxyProtocol;
         private String proxyUsername;
         private String proxyPassword;
+        private String proxyPasswordAlias;
 
         public boolean isProxyEnabled() {
             return proxyEnabled;
@@ -332,6 +333,14 @@ public String getProxyPassword() {
         public void setProxyPassword(String proxyPassword) {
             this.proxyPassword = proxyPassword;
         }
+        
+        public String getProxyPasswordAlias() {
+            return proxyPasswordAlias;
+        }
+
+        public void setProxyPasswordAlias(String proxyPasswordAlias) {
+            this.proxyPasswordAlias = proxyPasswordAlias;
+        }
     }
 
     @Override

Diff for: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIConstants.java

@@ -1850,6 +1850,7 @@ private ConfigParameters() {
     public static final String ENDPOINT_SECURITY_CLIENT_ID = "clientId";
     public static final String ENDPOINT_SECURITY_CLIENT_SECRET = "clientSecret";
     public static final String ENDPOINT_SECURITY_ENABLED = "enabled";
+    public static final String ENDPOINT_SECURITY_PROXY_PASSWORD = "proxyPassword";
     public static final String CONNECTION_TIMEOUT_CONFIG_TYPE = "connectionTimeoutConfigType";
     public static final String PROXY_CONFIG_TYPE = "proxyConfigType";
     public static final String CONNECTION_TIMEOUT_DURATION = "connectionTimeoutDuration";

Diff for: components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/GatewayUtils.java

@@ -169,6 +169,13 @@ public static String retrieveOAuthPasswordAlias(String name, String version, Str
                 .concat(APIConstants.ENDPOINT_SECURITY_PASSWORD).concat("--").concat(type);
     }
 
+    public static String retrieveOAuthProxyPasswordAlias(String name, String version, String type) {
+
+        return name.concat("--v").concat(version).concat("--")
+                .concat(APIConstants.ENDPOINT_SECURITY_TYPE_OAUTH).concat("--")
+                .concat(APIConstants.ENDPOINT_SECURITY_PROXY_PASSWORD).concat("--").concat(type);
+    }
+
     public static String retrieveBasicAuthAlias(String name, String version, String type) {
 
         return name.concat("--v").concat(version).concat("--").concat(type);

Diff for: components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/TemplateBuilderUtil.java

@@ -1517,6 +1517,25 @@ private static void addCredentialsToList(String prefix, API api, GatewayAPIDTO g
                 gatewayAPIDTO.setCredentialsToBeAdd(addCredentialsToList(passwordDto,
                         gatewayAPIDTO.getCredentialsToBeAdd()));
             }
+            if (endpointSecurity.has(APIConstants.PROXY_CONFIGS)) {
+                org.json.JSONObject proxyConfigs = (org.json.JSONObject) endpointSecurity.get(APIConstants
+                        .PROXY_CONFIGS);
+                if (Boolean.TRUE.equals(proxyConfigs.get(APIConstants.PROXY_ENABLED))) {
+                    String proxyPassword = (String) proxyConfigs.get(APIConstants.ENDPOINT_SECURITY_PROXY_PASSWORD);
+                    CredentialDto proxyPasswordDto = new CredentialDto();
+                    if (StringUtils.isNotEmpty(prefix)) {
+                        proxyPasswordDto.setAlias(prefix.concat("--").concat(GatewayUtils
+                                .retrieveOAuthProxyPasswordAlias(api.getId().getApiName(), api.getId().getVersion(),
+                                        type)));
+                    } else {
+                        proxyPasswordDto.setAlias(GatewayUtils.retrieveOAuthProxyPasswordAlias(api.getId().getApiName(),
+                                api.getId().getVersion(), type));
+                    }
+                    proxyPasswordDto.setPassword(proxyPassword);
+                    gatewayAPIDTO.setCredentialsToBeAdd(addCredentialsToList(proxyPasswordDto,
+                            gatewayAPIDTO.getCredentialsToBeAdd()));
+                }
+            }
         } else if (APIConstants.ENDPOINT_SECURITY_TYPE_BASIC.equalsIgnoreCase((String)
                 endpointSecurity.get(APIConstants.ENDPOINT_SECURITY_TYPE))) {
             CredentialDto credentialDto = new CredentialDto();

Diff for: components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/template/SecurityConfigContext.java

@@ -168,24 +168,28 @@ private EndpointSecurityModel retrieveEndpointSecurityModel(EndpointSecurityMode
             if (APIConstants.ENDPOINT_SECURITY_TYPE_OAUTH
                     .equalsIgnoreCase(endpointSecurityModel.getType())) {
                 if (StringUtils.isNotEmpty(prefix)) {
-                    endpointSecurityModel.setUniqueIdentifier(prefix.concat("--")
-                            .concat(GatewayUtils.retrieveUniqueIdentifier(apiId, type)));
+                    endpointSecurityModel.setUniqueIdentifier(prefix.concat("--").concat(GatewayUtils
+                            .retrieveUniqueIdentifier(apiId, type)));
+                    endpointSecurityModel.setClientSecretAlias(prefix.concat("--").concat(GatewayUtils
+                            .retrieveOauthClientSecretAlias(apiName, version, type)));
+                    endpointSecurityModel.setPasswordAlias(prefix.concat("--").concat(GatewayUtils
+                            .retrieveOAuthPasswordAlias(apiName, version, type)));
+                    if (endpointSecurityModel.getProxyConfigs() != null && endpointSecurityModel.getProxyConfigs()
+                            .isProxyEnabled()) {
+                        endpointSecurityModel.getProxyConfigs().setProxyPasswordAlias(prefix.concat("--")
+                                .concat(GatewayUtils.retrieveOAuthProxyPasswordAlias(apiName, version, type)));
+                    }
                 } else {
                     endpointSecurityModel.setUniqueIdentifier(GatewayUtils.retrieveUniqueIdentifier(apiId, type));
-                }
-                if (StringUtils.isNotEmpty(prefix)) {
-                    endpointSecurityModel.setClientSecretAlias(prefix.concat("--")
-                            .concat(GatewayUtils.retrieveOauthClientSecretAlias(apiName, version, type)));
-                } else {
                     endpointSecurityModel.setClientSecretAlias(GatewayUtils.retrieveOauthClientSecretAlias(apiName,
                             version, type));
-                }
-                if (StringUtils.isNotEmpty(prefix)) {
-                    endpointSecurityModel.setPasswordAlias(prefix.concat("--")
-                            .concat(GatewayUtils.retrieveOAuthPasswordAlias(apiName, version, type)));
-                } else {
-                    endpointSecurityModel.setPasswordAlias(GatewayUtils.retrieveOAuthPasswordAlias(apiName,
-                            version, type));
+                    endpointSecurityModel.setPasswordAlias(GatewayUtils.retrieveOAuthPasswordAlias(apiName, version,
+                            type));
+                    if (endpointSecurityModel.getProxyConfigs() != null && endpointSecurityModel.getProxyConfigs()
+                            .isProxyEnabled()) {
+                        endpointSecurityModel.getProxyConfigs().setProxyPasswordAlias(GatewayUtils
+                                .retrieveOAuthProxyPasswordAlias(apiName, version, type));
+                    }
                 }
             }
             if (StringUtils.isNotBlank(endpointSecurityModel.getUsername())