Read keystore configuration from the toml file

[GDLMadushanka]

Purpose

Change the priority order of reading keystore configs 1.[keystore.intrnal] in deployment.toml
2.[kesytore.primary] in deployment.toml
3.default.json
4.carbon.xml

Port of #75
Fixes wso2/product-integrator-mi/issues/4942

[coderabbitai]

📝 Walkthrough

Overview

This PR implements a configuration priority order for the Cipher Tool to read keystore configurations from deployment.toml before falling back to other sources. This change ensures the tool can correctly retrieve custom keystore configurations defined in deployment.toml on first startup, without requiring prior server initialization.

Key Changes

Dependency Updates

• Added GSON library dependency for JSON parsing support

Configuration Constants

Expanded Constants.java with new configuration keys for reading keystore settings from deployment.toml and default.json:

• Configuration file references: DEFAULT_JSON_FILE, DEFAULT_JSON_DIR_PATH
• Keystore property maps: PRIMARY_KEYSTORE_PROPERTY_MAP_NAME, INTERNAL_KEYSTORE_PROPERTY_MAP_NAME
• Keystore property keys: KEYSTORE_PRIMARY_FILE_NAME, KEYSTORE_PRIMARY_TYPE, KEYSTORE_PRIMARY_ALIAS, KEYSTORE_INTERNAL_TYPE, KEYSTORE_INTERNAL_ALIAS
• Generic key descriptor fields: KEY_FILE_NAME, KEY_TYPE, KEY_ALIAS

Configuration Resolution Logic

Refactored Utils.java to implement a multi-source configuration resolution strategy with the following priority:

1. deployment.toml - [keystore.internal] section (first priority)
2. deployment.toml - [keystore.primary] section
3. default.json - fallback values
4. carbon.xml - final fallback

New Methods:

• getValueFromConfigs() - Implements the multi-source fallback logic; prioritizes values from deployment.toml, then default.json, with fallback to XML configuration
• getKeystoreFromConfiguration() - Reads keystore maps from deployment.toml sections
• getJSONConfiguration() - Parses default.json into a configuration map
• getDefaultJSONFilePath() - Resolves the path to default.json

Updated Methods:

• resolveKeyStorePath() - Now accepts a defaultMap parameter to resolve $ref{...} indirection references through default.json before handling relative/absolute paths
• setSystemProperties() - Now reads keystore parameters from deployment.toml (internal and primary keystores) and default.json when in WSO2 repository mode, maintaining backward compatibility with standalone properties file mode

Impact

Users can now configure custom keystores in deployment.toml and run the Cipher Tool immediately without requiring a prior server startup, resolving the issue where the tool would incorrectly attempt to read outdated keystore configuration from carbon.xml.

Walkthrough

The cipher tool is updated to read keystore configuration from deployment.toml and default.json rather than carbon.xml. A gson dependency is added to pom.xml to support JSON parsing. Constants.java gains new string constants for the default JSON file path and keystore property map keys. In Utils.java, new helpers (getKeystoreFromConfiguration, getJSONConfiguration, getDefaultJSONFilePath, getValueFromConfigs) are introduced. setSystemProperties() is reworked to read internal and primary keystore maps from deployment.toml, resolve values through default.json, and select the appropriate keystore. resolveKeyStorePath() gains a defaultMap parameter to resolve $ref{...} paths through default.json.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description identifies the purpose and linked issue but lacks critical sections from the template including Goals, Approach, User Stories, Release Notes, Documentation, Testing, Security checks, and Test Environment.	Expand the description to include all required template sections, particularly Goals, Approach, Testing details (unit and integration tests), Security checks, and Test Environment information.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately reflects the main objective of the PR: prioritizing keystore configuration reads from the TOML file, which is the core change across all modified files.
Linked Issues check	✅ Passed	The code changes directly address the linked issue by implementing configuration reading from deployment.toml with correct priority order, adding methods to parse keystore configs from TOML and JSON files, and updating path resolution logic.
Out of Scope Changes check	✅ Passed	All changes are scoped to the stated objective: pom.xml adds required GSON dependency, Constants.java defines keystore/JSON configuration keys, and Utils.java implements the multi-source configuration resolution logic with TOML/JSON support.
Docstring Coverage	✅ Passed	Docstring coverage is 80.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@components/ciphertool/pom.xml`:
- Around line 45-48: The com.google.code.gson:gson dependency is declared twice
in the pom.xml file, once at lines 45-48 and again at lines 53-56. Remove one of
these duplicate dependency blocks entirely to eliminate the redundant
declaration. Keep the first or second occurrence (either is fine), and delete
the other complete dependency section including the opening and closing
dependency tags.

In `@components/ciphertool/src/main/java/org/wso2/ciphertool/utils/Utils.java`:
- Around line 344-345: The system property Constants.KEY_LOCATION_PROPERTY is
being set twice in the code: once at line 345 after calling resolveKeyStorePath,
and again later at line 418 via getConfigFilePath, which overwrites the first
assignment. Remove the System.setProperty call for
Constants.KEY_LOCATION_PROPERTY at line 345 (the one immediately following the
resolveKeyStorePath invocation) to eliminate the redundant assignment and avoid
confusion about which value is actually being used.
- Around line 455-460: In the path resolution logic where
path.startsWith("$ref") is checked, add a null safety check after retrieving the
value from defaultMap.get(reference) before calling toString() on it. If the
reference key does not exist in defaultMap and get() returns null, the current
code will throw a NullPointerException. Store the result of
defaultMap.get(reference) in a variable, check if it is null, and either provide
a meaningful error message or handle the missing reference appropriately instead
of directly calling toString() on a potentially null value.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 3b054017-0d98-40eb-b1c6-db5cdc18461b

📥 Commits

Reviewing files that changed from the base of the PR and between 32741fd and cff5a36.

📒 Files selected for processing (3)

• components/ciphertool/pom.xml
• components/ciphertool/src/main/java/org/wso2/ciphertool/utils/Constants.java
• components/ciphertool/src/main/java/org/wso2/ciphertool/utils/Utils.java

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Duplicate dependency declaration.

The com.google.code.gson:gson dependency is declared twice in this file (also appears at lines 53-56). Remove one of the duplicate entries.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@components/ciphertool/pom.xml` around lines 45 - 48, The
com.google.code.gson:gson dependency is declared twice in the pom.xml file, once
at lines 45-48 and again at lines 53-56. Remove one of these duplicate
dependency blocks entirely to eliminate the redundant declaration. Keep the
first or second occurrence (either is fine), and delete the other complete
dependency section including the opening and closing dependency tags.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Duplicate system property assignment for KEY_LOCATION_PROPERTY.

Constants.KEY_LOCATION_PROPERTY is set at line 345 (resolved path) and again at line 418 (via getConfigFilePath). The second assignment overwrites the first and may produce a different value. Consider removing line 345 to avoid redundant work and potential inconsistency.

Suggested fix

                keyStoreFile = resolveKeyStorePath(keyStoreFile, homeFolder, defaultConfigMap);
-               System.setProperty(Constants.KEY_LOCATION_PROPERTY, keyStoreFile);
                String keyStoreName = ((Utils.isPrimaryKeyStore()) ? Constants.PRIMARY : Constants.INTERNAL);

Also applies to: 417-418

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@components/ciphertool/src/main/java/org/wso2/ciphertool/utils/Utils.java`
around lines 344 - 345, The system property Constants.KEY_LOCATION_PROPERTY is
being set twice in the code: once at line 345 after calling resolveKeyStorePath,
and again later at line 418 via getConfigFilePath, which overwrites the first
assignment. Remove the System.setProperty call for
Constants.KEY_LOCATION_PROPERTY at line 345 (the one immediately following the
resolveKeyStorePath invocation) to eliminate the redundant assignment and avoid
confusion about which value is actually being used.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Potential NullPointerException when resolving $ref{...} path.

If the reference key extracted from $ref{...} does not exist in defaultMap, line 459 will throw NullPointerException. Consider adding a null check or providing a meaningful error message.

Suggested fix

            if (path.startsWith("$ref")) {
                // Read the value between the curly braces as the reference.
                // e.g. $ref{<reference>} -> <reference>
                String reference = path.substring(path.indexOf('{') + 1, path.indexOf('}'));
-               path = defaultMap.get(reference).toString();
+               Object refValue = defaultMap.get(reference);
+               if (refValue == null) {
+                   throw new CipherToolException("Reference key '" + reference + "' not found in default.json");
+               }
+               path = refValue.toString();
            }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@components/ciphertool/src/main/java/org/wso2/ciphertool/utils/Utils.java`
around lines 455 - 460, In the path resolution logic where
path.startsWith("$ref") is checked, add a null safety check after retrieving the
value from defaultMap.get(reference) before calling toString() on it. If the
reference key does not exist in defaultMap and get() returns null, the current
code will throw a NullPointerException. Store the result of
defaultMap.get(reference) in a variable, check if it is null, and either provide
a meaningful error message or handle the missing reference appropriately instead
of directly calling toString() on a potentially null value.