Make sha256 the default hashing algorithm

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIManagerConfiguration.java

@@ -136,7 +136,7 @@ public class APIManagerConfiguration {
  private static Map<String, String> analyticsMaskProps;
  private TokenValidationDto tokenValidationDto = new TokenValidationDto();
  private boolean enableAiConfiguration;
- private String hashingAlgorithm;
+ private String hashingAlgorithm = "sha256";
 
  public Map<String, List<String>> getRestApiJWTAuthAudiences() {
  return restApiJWTAuthAudiences;

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/APIProviderImpl.java

@@ -165,7 +165,6 @@
 import org.wso2.carbon.apimgt.impl.utils.APIStoreNameComparator;
 import org.wso2.carbon.apimgt.impl.utils.APIUtil;
 import org.wso2.carbon.apimgt.impl.utils.APIVersionStringComparator;
-import org.wso2.carbon.apimgt.impl.utils.ContentSearchResultNameComparator;
 import org.wso2.carbon.apimgt.impl.utils.LifeCycleUtils;
 import org.wso2.carbon.apimgt.impl.utils.SimpleContentSearchResultNameComparator;
 import org.wso2.carbon.apimgt.impl.workflow.APIStateWorkflowDTO;
@@ -204,8 +203,6 @@
 import org.wso2.carbon.apimgt.persistence.mapper.DocumentMapper;
 import org.wso2.carbon.context.CarbonContext;
 import org.wso2.carbon.context.PrivilegedCarbonContext;
-import org.wso2.carbon.core.util.CryptoException;
-import org.wso2.carbon.core.util.CryptoUtil;
 import org.wso2.carbon.databridge.commons.Event;
 import org.wso2.carbon.user.api.UserStoreException;
 import org.wso2.carbon.user.api.UserStoreManager;
@@ -224,7 +221,6 @@
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
-import java.util.EnumSet;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Iterator;
@@ -7006,7 +7002,7 @@ public String importOperationPolicy(OperationPolicyData importedPolicyData, Stri
  importedSpec.setName(importedSpec.getName() + "_imported");
  importedSpec.setDisplayName(importedSpec.getDisplayName() + " Imported");
  importedPolicyData.setSpecification(importedSpec);
- importedPolicyData.setMd5Hash(APIUtil.getMd5OfOperationPolicy(importedPolicyData));
+ importedPolicyData.setMd5Hash(APIUtil.getHashOfOperationPolicy(importedPolicyData));
  policyId = addAPISpecificOperationPolicy(importedPolicyData.getApiUUID(), importedPolicyData,
  organization);
  if (log.isDebugEnabled()) {

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/dao/ApiMgtDAO.java

@@ -20653,7 +20653,7 @@ private String restoreOperationPolicyRevision(Connection connection, String apiU
  revisionedPolicy.getSpecification()
  .setDisplayName(revisionedPolicy.getSpecification().getDisplayName()
  + " Restored from revision " + revisionId);
- revisionedPolicy.setMd5Hash(APIUtil.getMd5OfOperationPolicy(revisionedPolicy));
+ revisionedPolicy.setMd5Hash(APIUtil.getHashOfOperationPolicy(revisionedPolicy));
  revisionedPolicy.setRevisionUUID(null);
  restoredPolicyId = addAPISpecificOperationPolicy(connection, revisionedPolicy, apiUUID, null,
  null, null);
@@ -20672,7 +20672,7 @@ private String restoreOperationPolicyRevision(Connection connection, String apiU
  revisionedPolicy.getSpecification()
  .setDisplayName(revisionedPolicy.getSpecification().getDisplayName()
  + " Restored from revision " + revisionId);
- revisionedPolicy.setMd5Hash(APIUtil.getMd5OfOperationPolicy(revisionedPolicy));
+ revisionedPolicy.setMd5Hash(APIUtil.getHashOfOperationPolicy(revisionedPolicy));
  revisionedPolicy.setRevisionUUID(null);
  restoredPolicyId = addAPISpecificOperationPolicy(connection, revisionedPolicy, apiUUID, null,
  null, null);

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/restapi/publisher/OperationPoliciesApiServiceImplUtils.java

@@ -76,15 +76,15 @@ public static void preparePolicyDefinition(OperationPolicyData policyData,
  throws APIManagementException {
  policyDefinition.setContent(definition);
  policyDefinition.setGatewayType(gatewayType);
- policyDefinition.setMd5Hash(APIUtil.getMd5OfOperationPolicyDefinition(policyDefinition));
+ policyDefinition.setMd5Hash(APIUtil.getHashOfOperationPolicyDefinition(policyDefinition));
 
  if (OperationPolicyDefinition.GatewayType.Synapse.equals(gatewayType)) {
  policyData.setSynapsePolicyDefinition(policyDefinition);
  } else if (OperationPolicyDefinition.GatewayType.ChoreoConnect.equals(gatewayType)) {
  policyData.setCcPolicyDefinition(policyDefinition);
  }
 
- policyData.setMd5Hash(APIUtil.getMd5OfOperationPolicy(policyData));
+ policyData.setMd5Hash(APIUtil.getHashOfOperationPolicy(policyData));
  }
 
  /**

components/apimgt/org.wso2.carbon.apimgt.impl/src/main/java/org/wso2/carbon/apimgt/impl/utils/APIUtil.java

@@ -346,7 +346,7 @@ public final class APIUtil {
  private static Schema tenantConfigJsonSchema;
  private static Schema operationPolicySpecSchema;
  private static final String contextRegex = "^[a-zA-Z0-9_${}/.;()-]+$";
- private static String hashingAlgorithm;
+ private static String hashingAlgorithm = "sha256";
 
  private APIUtil() {
 
@@ -10095,7 +10095,7 @@ public static void loadCommonOperationPolicies(String organization) {
  policyData.setCcPolicyDefinition(ccPolicyDefinition);
  }
 
- policyData.setMd5Hash(getMd5OfOperationPolicy(policyData));
+ policyData.setMd5Hash(getHashOfOperationPolicy(policyData));
  apiMgtDAO.addCommonOperationPolicy(policyData);
  log.info("Common operation policy " + policySpec.getName() + "_" + policySpec.getVersion()
  + " was added to the organization " + organization + " successfully");
@@ -10164,7 +10164,7 @@ public static OperationPolicyDefinition getOperationPolicyDefinitionFromFile(Str
  String yamlContent = FileUtils.readFileToString(new File(fileName));
  policyDefinition = new OperationPolicyDefinition();
  policyDefinition.setContent(yamlContent);
- policyDefinition.setMd5Hash(getMd5OfOperationPolicyDefinition(policyDefinition));
+ policyDefinition.setMd5Hash(getHashOfOperationPolicyDefinition(policyDefinition));
  if (StringUtils.equals(APIConstants.CC_POLICY_DEFINITION_EXTENSION, fileExtension)) {
  policyDefinition.setGatewayType(OperationPolicyDefinition.GatewayType.ChoreoConnect);
  }
@@ -10271,13 +10271,13 @@ public static String getPolicyAttributesAsString(OperationPolicySpecification po
  }
 
  /**
- * Return the md5 hash of the provided policy. To generate the md5 hash, policy Specification and the
+ * Return the hash value of the provided policy. To generate the hash, policy Specification and the
  * two definitions are used
  *
  * @param policyData Operation policy data
- * @return md5 hash
+ * @return hash
  */
- public static String getMd5OfOperationPolicy(OperationPolicyData policyData)
+ public static String getHashOfOperationPolicy(OperationPolicyData policyData)
  throws APIManagementException {
 
  String policySpecificationAsString = "";
@@ -10299,22 +10299,22 @@ public static String getMd5OfOperationPolicy(OperationPolicyData policyData)
  }
 
  /**
- * Return the md5 hash of the policy definition string
+ * Return the hash of the policy definition string
  *
  * @param policyDefinition Operation policy definition
- * @return md5 hash of the definition content
+ * @return hash of the definition content
  */
- public static String getMd5OfOperationPolicyDefinition(OperationPolicyDefinition policyDefinition)
+ public static String getHashOfOperationPolicyDefinition(OperationPolicyDefinition policyDefinition)
  throws APIManagementException {
 
- String md5Hash = "";
+ String hash = "";
 
  if (policyDefinition != null) {
  if (policyDefinition.getContent() != null) {
- md5Hash = generateHashValue(policyDefinition.getContent());
+ hash = generateHashValue(policyDefinition.getContent());
  }
  }
- return md5Hash;
+ return hash;
  }
 
  /**
@@ -10393,11 +10393,11 @@ public static OperationPolicyData generateOperationPolicyDataObject(String apiUu
  OperationPolicyDefinition policyDefinition = new OperationPolicyDefinition();
  policyDefinition.setContent(policyDefinitionString);
  policyDefinition.setGatewayType(OperationPolicyDefinition.GatewayType.Synapse);
- policyDefinition.setMd5Hash(APIUtil.getMd5OfOperationPolicyDefinition(policyDefinition));
+ policyDefinition.setMd5Hash(APIUtil.getHashOfOperationPolicyDefinition(policyDefinition));
  policyData.setSynapsePolicyDefinition(policyDefinition);
  }
 
- policyData.setMd5Hash(APIUtil.getMd5OfOperationPolicy(policyData));
+ policyData.setMd5Hash(APIUtil.getHashOfOperationPolicy(policyData));
 
  return policyData;
  }
@@ -10833,11 +10833,11 @@ public static String getAPIMVersion() {
  public static String generateHashValue(byte[] payload) throws APIManagementException {
 
  try {
- MessageDigest md5Digest = MessageDigest.getInstance(hashingAlgorithm);
- byte[] md5Bytes = md5Digest.digest(payload);
+ MessageDigest messageDigest = MessageDigest.getInstance(hashingAlgorithm);
+ byte[] hashByteArray = messageDigest.digest(payload);
  StringBuilder sb = new StringBuilder();
- for (byte md5byte : md5Bytes) {
- sb.append(Integer.toString((md5byte & 0xff) + 0x100, 16).substring(1));
+ for (byte hashByte : hashByteArray) {
+ sb.append(Integer.toString((hashByte & 0xff) + 0x100, 16).substring(1));
  }
  return hashToJson(sb.toString());
  } catch (NoSuchAlgorithmException e) {
@@ -10855,11 +10855,11 @@ public static String generateHashValue(byte[] payload) throws APIManagementExcep
  public static String generateHashValue(String payload) throws APIManagementException {
 
  try {
- MessageDigest md5Digest = MessageDigest.getInstance(hashingAlgorithm);
- byte[] md5Bytes = md5Digest.digest(payload.getBytes());
+ MessageDigest messageDigest = MessageDigest.getInstance(hashingAlgorithm);
+ byte[] hashByteArray = messageDigest.digest(payload.getBytes());
  StringBuilder sb = new StringBuilder();
- for (byte md5byte : md5Bytes) {
- sb.append(Integer.toString((md5byte & 0xff) + 0x100, 16).substring(1));
+ for (byte hashByte : hashByteArray) {
+ sb.append(Integer.toString((hashByte & 0xff) + 0x100, 16).substring(1));
  }
  return hashToJson(sb.toString());
  } catch (NoSuchAlgorithmException e) {
@@ -10880,9 +10880,9 @@ public static boolean verifyHashValues(OperationPolicyData policy1, OperationPol
  if (policy1.getMd5Hash().startsWith("{") == policy2.getMd5Hash().startsWith("{")) {
  return policy1.getMd5Hash().equals(policy2.getMd5Hash());
  } else if (policy1.getMd5Hash().startsWith("{")) {
- return policy1.getMd5Hash().equals(APIUtil.getMd5OfOperationPolicy(policy2));
+ return policy1.getMd5Hash().equals(APIUtil.getHashOfOperationPolicy(policy2));
  } else {
- return policy2.getMd5Hash().equals(APIUtil.getMd5OfOperationPolicy(policy1));
+ return policy2.getMd5Hash().equals(APIUtil.getHashOfOperationPolicy(policy1));
  }
  }
 

components/apimgt/org.wso2.carbon.apimgt.impl/src/test/java/org/wso2/carbon/apimgt/impl/dao/test/APIMgtDAOTest.java

@@ -1528,7 +1528,7 @@ public void testCommonOperationPolicyAddition() throws Exception {
  }
 
  @Test
- public void testAPISpecificOperationPolicyAddition() throws Exception {
+ public void  testAPISpecificOperationPolicyAddition() throws Exception {
 
  String org = "org1";
  String apiUUID = "12345";
@@ -2030,15 +2030,15 @@ private OperationPolicyData getOperationPolicyDataObject(String org, String apiU
  OperationPolicyDefinition synapseDefinition = new OperationPolicyDefinition();
  synapseDefinition.setContent(jsonDef);
  synapseDefinition.setGatewayType(OperationPolicyDefinition.GatewayType.Synapse);
- synapseDefinition.setMd5Hash(APIUtil.getMd5OfOperationPolicyDefinition(synapseDefinition));
+ synapseDefinition.setMd5Hash(APIUtil.getHashOfOperationPolicyDefinition(synapseDefinition));
 
  OperationPolicyData operationPolicyData = new OperationPolicyData();
  operationPolicyData.setSpecification(policySpec);
  operationPolicyData.setSynapsePolicyDefinition(synapseDefinition);
 
  operationPolicyData.setOrganization(org);
  operationPolicyData.setApiUUID(apiUUID);
- operationPolicyData.setMd5Hash(APIUtil.getMd5OfOperationPolicy(operationPolicyData));
+ operationPolicyData.setMd5Hash(APIUtil.getHashOfOperationPolicy(operationPolicyData));
 
  return operationPolicyData;
  }

components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/main/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/ImportUtils.java

@@ -823,7 +823,7 @@ public static List<OperationPolicy> findOrImportPolicy(List<OperationPolicy> pol
  operationPolicyData.setCcPolicyDefinition(ccDefinition);
  }
  operationPolicyData.setMd5Hash(
- APIUtil.getMd5OfOperationPolicy(operationPolicyData));
+ APIUtil.getHashOfOperationPolicy(operationPolicyData));
  policyID = provider.importOperationPolicy(operationPolicyData, tenantDomain);
  importedPolicies.put(policyFileName, policyID);
  policyImported = true;
@@ -1262,7 +1262,7 @@ public static OperationPolicyDataDTO importPolicy(String pathToArchive, String o
  operationPolicyData.setSynapsePolicyDefinition(synapseGatewayDefinition);
  }
 
- operationPolicyData.setMd5Hash(APIUtil.getMd5OfOperationPolicy(operationPolicyData));
+ operationPolicyData.setMd5Hash(APIUtil.getHashOfOperationPolicy(operationPolicyData));
  policyID = apiProvider.addCommonOperationPolicy(operationPolicyData, organization);
  if (log.isDebugEnabled()) {
  log.debug("A common operation policy has been added with name " + policySpecification.getName());

components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher.v1.common/src/test/java/org/wso2/carbon/apimgt/rest/api/publisher/v1/common/mappings/ImportUtilsTest.java

@@ -98,7 +98,7 @@ public void testImportAPIPolicy() throws Exception {
  String md5Hash = RandomStringUtils.randomAlphanumeric(30);
 
  PowerMockito.stub(
- PowerMockito.method(APIUtil.class, "getMd5OfOperationPolicy", OperationPolicyData.class)).
+ PowerMockito.method(APIUtil.class, "getHashOfOperationPolicy", OperationPolicyData.class)).
  toReturn(md5Hash);
 
  String policyId = RandomStringUtils.randomAlphanumeric(10);