Merge pull request #12171 from BLasan/fix-mtls-cert-update

Fix: MTLS Certs not getting updated when updating the API
wso2 · Nov 2, 2023 · 120df38 · 120df38
2 parents d65d468 + 06e45e0
commit 120df38
Showing 1 changed file with 14 additions and 7 deletions.
diff --git a/...c/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/ImportUtils.java b/...c/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/ImportUtils.java
@@ -357,7 +357,8 @@ public static API importApi(String extractedFolderPath, APIDTO importedApiDTO, B
                 if (log.isDebugEnabled()) {
                     log.debug("Mutual SSL enabled. Importing client certificates.");
                 }
-                addClientCertificates(extractedFolderPath, apiProvider, new ApiTypeWrapper(importedApi), organization);
+                addClientCertificates(extractedFolderPath, apiProvider, new ApiTypeWrapper(importedApi), organization,
+                        overwrite, tenantId);
             }
 
             // Change API lifecycle if state transition is required
@@ -2164,16 +2165,20 @@ private static void updateAPIWithCertificate(JsonElement certificate, APIProvide
      * @throws APIImportExportException
      */
     private static void addClientCertificates(String pathToArchive, APIProvider apiProvider,
-                                              ApiTypeWrapper apiTypeWrapper, String organization)
+            ApiTypeWrapper apiTypeWrapper, String organization, boolean isOverwrite, int tenantId)
             throws APIManagementException {
 
         try {
-            Identifier apiIdentifier  = apiTypeWrapper.getId();
+            Identifier apiIdentifier = apiTypeWrapper.getId();
             List<ClientCertificateDTO> certificateMetadataDTOS = retrieveClientCertificates(pathToArchive);
             for (ClientCertificateDTO certDTO : certificateMetadataDTOS) {
-                apiProvider.addClientCertificate(APIUtil.replaceEmailDomainBack(apiIdentifier.getProviderName()),
-                        apiTypeWrapper, certDTO.getCertificate(), certDTO.getAlias(), certDTO.getTierName(),
-                        organization);
+                if (ResponseCode.ALIAS_EXISTS_IN_TRUST_STORE.getResponseCode() == (apiProvider.addClientCertificate(
+                        APIUtil.replaceEmailDomainBack(apiIdentifier.getProviderName()), apiTypeWrapper,
+                        certDTO.getCertificate(), certDTO.getAlias(), certDTO.getTierName(), organization))
+                        && isOverwrite) {
+                    apiProvider.updateClientCertificate(certDTO.getCertificate(), certDTO.getAlias(), apiTypeWrapper,
+                            certDTO.getTierName(), tenantId, organization);
+                }
             }
         } catch (APIManagementException e) {
             throw new APIManagementException("Error while importing client certificate", e);
@@ -2461,7 +2466,9 @@ public static APIProduct importApiProduct(String extractedFolderPath, Boolean pr
             if (log.isDebugEnabled()) {
                 log.debug("Mutual SSL enabled. Importing client certificates.");
             }
-            addClientCertificates(extractedFolderPath, apiProvider, apiTypeWrapperWithUpdatedApiProduct, organization);
+            int tenantId = APIUtil.getTenantId(RestApiCommonUtil.getLoggedInUsername());
+            addClientCertificates(extractedFolderPath, apiProvider, apiTypeWrapperWithUpdatedApiProduct, organization,
+                    overwriteAPIProduct, tenantId);
 
             // Change API Product lifecycle if state transition is required
             if (!lifecycleActions.isEmpty()) {