Adding testcases for the api-mgt handler component.

components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/main/java/org/wso2/carbon/apimgt/handlers/APIMCertificateMGTException.java

@@ -26,37 +26,8 @@ public class APIMCertificateMGTException extends Exception{
 
     private static final long serialVersionUID = -37676242646464497L;
 
-    private String errorMessage;
-
-    public String getErrorMessage() {
-        return errorMessage;
-    }
-
-    public void setErrorMessage(String errorMessage) {
-        this.errorMessage = errorMessage;
-    }
-
     public APIMCertificateMGTException(String msg, Exception nestedEx) {
         super(msg, nestedEx);
-        setErrorMessage(msg);
-    }
-
-    public APIMCertificateMGTException(String message, Throwable cause) {
-        super(message, cause);
-        setErrorMessage(message);
-    }
-
-    public APIMCertificateMGTException(String msg) {
-        super(msg);
-        setErrorMessage(msg);
-    }
-
-    public APIMCertificateMGTException() {
-        super();
-    }
-
-    public APIMCertificateMGTException(Throwable cause) {
-        super(cause);
     }
 }
 

components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/main/java/org/wso2/carbon/apimgt/handlers/AuthenticationHandler.java

@@ -19,7 +19,6 @@ package org.wso2.carbon.apimgt.handlers;
 
 import com.google.gson.Gson;
 import org.apache.axis2.context.MessageContext;
-import org.apache.axis2.description.HandlerDescription;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.synapse.core.axis2.Axis2MessageContext;
@@ -51,8 +50,6 @@ import java.util.StringTokenizer;
  */
 public class AuthenticationHandler extends AbstractHandler {
     private static final Log log = LogFactory.getLog(AuthenticationHandler.class);
-    private static HandlerDescription EMPTY_HANDLER_METADATA = new HandlerDescription("API Security Handler");
-    private HandlerDescription handlerDesc;
     private RESTInvoker restInvoker;
 
     private static final String X_JWT_ASSERTION  = "X-JWT-Assertion";
@@ -69,7 +66,6 @@ public class AuthenticationHandler extends AbstractHandler {
     public AuthenticationHandler() {
         log.info("Engaging API Security Handler..........");
         restInvoker = new RESTInvoker();
-        this.handlerDesc = EMPTY_HANDLER_METADATA;
         this.iotServerConfiguration = Utils.initConfig();
     }
 
@@ -94,13 +90,16 @@ public class AuthenticationHandler extends AbstractHandler {
             RESTResponse response;
             if (headers.containsKey(AuthConstants.MDM_SIGNATURE)) {
 
-                String mdmSignature = headers.get(AuthConstants.MDM_SIGNATURE).toString();
+                String mdmSignature = headers.get(AuthConstants.MDM_SIGNATURE);
                 if (log.isDebugEnabled()) {
                     log.debug("Verify Cert:\n" + mdmSignature);
                 }
                 String deviceType = this.getDeviceType(messageContext.getTo().getAddress().trim());
+                if (deviceType == null){
+                    return false;
+                }
                 URI certVerifyUrl = new URI(iotServerConfiguration.getVerificationEndpoint() + deviceType);
-                Map<String, String> certVerifyHeaders = this.setHeaders();
+                Map<String, String> certVerifyHeaders = this.setHeaders(this.restInvoker);
 
                 Certificate certificate = new Certificate();
                 certificate.setPem(mdmSignature);
@@ -125,7 +124,7 @@ public class AuthenticationHandler extends AbstractHandler {
                 }
 
             } else if (headers.containsKey(AuthConstants.PROXY_MUTUAL_AUTH_HEADER)) {
-                String subjectDN = headers.get(AuthConstants.PROXY_MUTUAL_AUTH_HEADER).toString();
+                String subjectDN = headers.get(AuthConstants.PROXY_MUTUAL_AUTH_HEADER);
 
                 if (log.isDebugEnabled()) {
                     log.debug("Verify subject DN: " + subjectDN);
@@ -133,7 +132,7 @@ public class AuthenticationHandler extends AbstractHandler {
 
                 String deviceType = this.getDeviceType(messageContext.getTo().getAddress().trim());
                 URI certVerifyUrl = new URI(iotServerConfiguration.getVerificationEndpoint() + deviceType);
-                Map<String, String> certVerifyHeaders = this.setHeaders();
+                Map<String, String> certVerifyHeaders = this.setHeaders(this.restInvoker);
                 Certificate certificate = new Certificate();
                 certificate.setPem(subjectDN);
                 certificate.setTenantId(tenantId);
@@ -152,9 +151,7 @@ public class AuthenticationHandler extends AbstractHandler {
                 CertificateFactory cf = CertificateFactory.getInstance("X.509");
                 ByteArrayInputStream bais = new ByteArrayInputStream(certs[0].getEncoded());
                 X509Certificate x509 = (X509Certificate) cf.generateCertificate(bais);
-                if (bais != null) {
+                bais.close();
-                    bais.close();
-                }
                 if (x509 != null) {
                     headers.put(AuthConstants.PROXY_MUTUAL_AUTH_HEADER, CertificateGenerator.getCommonName(x509));
                     return true;
@@ -162,13 +159,13 @@ public class AuthenticationHandler extends AbstractHandler {
                     response = null;
                 }
             } else if (headers.containsKey(AuthConstants.ENCODED_PEM)) {
-                String encodedPem = headers.get(AuthConstants.ENCODED_PEM).toString();
+                String encodedPem = headers.get(AuthConstants.ENCODED_PEM);
                 if (log.isDebugEnabled()) {
                     log.debug("Verify Cert:\n" + encodedPem);
                 }
                 String deviceType = this.getDeviceType(messageContext.getTo().getAddress().trim());
                 URI certVerifyUrl = new URI(iotServerConfiguration.getVerificationEndpoint() + deviceType);
-                Map<String, String> certVerifyHeaders = this.setHeaders();
+                Map<String, String> certVerifyHeaders = this.setHeaders(this.restInvoker);
 
                 Certificate certificate = new Certificate();
                 certificate.setPem(encodedPem);
@@ -224,9 +221,9 @@ public class AuthenticationHandler extends AbstractHandler {
         return null;
     }
 
-    private Map<String, String> setHeaders() throws APIMCertificateMGTException {
+    private Map<String, String> setHeaders(RESTInvoker restInvoker) throws APIMCertificateMGTException {
         Map<String, String> map = new HashMap<>();
-        String accessToken = Utils.getAccessToken(iotServerConfiguration);
+        String accessToken = Utils.getAccessToken(iotServerConfiguration, restInvoker);
         map.put(AUTHORIZATION, BEARER + accessToken);
         map.put(CONTENT_TYPE, "application/json");
         return map;

components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/main/java/org/wso2/carbon/apimgt/handlers/invoker/RESTInvoker.java

@@ -34,39 +34,35 @@ import java.io.IOException;
 import java.net.URI;
 import java.nio.charset.StandardCharsets;
 import java.util.Map;
+import java.util.Set;
 
 public class RESTInvoker {
 
     private static final Log log = LogFactory.getLog(RESTInvoker.class);
 
-    private int maxTotalConnections = 100;
-    private int maxTotalConnectionsPerRoute = 100;
-    private int connectionTimeout = 120000;
-    private int socketTimeout = 120000;
-
     private CloseableHttpClient client = null;
-    private PoolingHttpClientConnectionManager connectionManager = null;
 
     public RESTInvoker() {
         configureHttpClient();
     }
 
     private void configureHttpClient() {
-
+        int connectionTimeout = 120000;
+        int socketTimeout = 120000;
+        int maxTotalConnectionsPerRoute = 100;
+        int maxTotalConnections = 100;
         RequestConfig defaultRequestConfig = RequestConfig.custom()
                 .setExpectContinueEnabled(true)
                 .setConnectTimeout(connectionTimeout)
                 .setSocketTimeout(socketTimeout)
                 .build();
-
+        PoolingHttpClientConnectionManager connectionManager = new PoolingHttpClientConnectionManager();
-        connectionManager = new PoolingHttpClientConnectionManager();
         connectionManager.setDefaultMaxPerRoute(maxTotalConnectionsPerRoute);
         connectionManager.setMaxTotal(maxTotalConnections);
         client = HttpClients.custom()
                 .setConnectionManager(connectionManager)
                 .setDefaultRequestConfig(defaultRequestConfig)
                 .build();
-
         if(log.isDebugEnabled()){
             log.debug("REST client initialized with " +
                     "maxTotalConnection = " + maxTotalConnections +
@@ -76,58 +72,6 @@ public class RESTInvoker {
 
     }
 
-    public void closeHttpClient() {
-        IOUtils.closeQuietly(client);
-        IOUtils.closeQuietly(connectionManager);
-    }
-
-    /**
-     * Invokes the http GET method
-     *
-     * @param uri        endpoint/service url
-     * @param requestHeaders header list
-     * @param username   username for authentication
-     * @param password   password for authentication
-     * @return RESTResponse of the GET request (can be the response body or the response status code)
-     * @throws Exception
-     */
-    public RESTResponse invokeGET(URI uri, Map<String, String> requestHeaders, String username, String password) throws IOException {
-
-        HttpGet httpGet = null;
-        CloseableHttpResponse response = null;
-        Header[] headers;
-        int httpStatus;
-        String contentType;
-        String output;
-        try {
-            httpGet = new HttpGet(uri);
-            if (requestHeaders != null && !requestHeaders.isEmpty()) {
-                Object keys[] = requestHeaders.keySet().toArray();
-                for (Object header : keys) {
-                    httpGet.setHeader(header.toString(), requestHeaders.get(header).toString());
-                }
-            }
-            response = sendReceiveRequest(httpGet, username, password);
-            output = IOUtils.toString(response.getEntity().getContent());
-            headers = response.getAllHeaders();
-            httpStatus = response.getStatusLine().getStatusCode();
-            contentType = response.getEntity().getContentType().getValue();
-            if (log.isDebugEnabled()) {
-                log.debug("Invoked GET " + uri.toString() + " - Response message: " + output);
-            }
-            EntityUtils.consume(response.getEntity());
-        } finally {
-            if (response != null) {
-                IOUtils.closeQuietly(response);
-            }
-            if (httpGet != null) {
-                httpGet.releaseConnection();
-            }
-        }
-        return new RESTResponse(contentType, output, headers, httpStatus);
-    }
-
-
     public RESTResponse invokePOST(URI uri, Map<String, String> requestHeaders, String username,
                                    String password, String payload) throws IOException {
 
@@ -141,9 +85,9 @@ public class RESTInvoker {
             httpPost = new HttpPost(uri);
             httpPost.setEntity(new StringEntity(payload));
             if (requestHeaders != null && !requestHeaders.isEmpty()) {
-                Object keys[] = requestHeaders.keySet().toArray();
+                Set<String> keys = requestHeaders.keySet();
-                for (Object header : keys) {
+                for (String header : keys) {
-                    httpPost.setHeader(header.toString(), requestHeaders.get(header).toString());
+                    httpPost.setHeader(header, requestHeaders.get(header));
                 }
             }
             response = sendReceiveRequest(httpPost, username, password);
@@ -167,101 +111,6 @@ public class RESTInvoker {
         return new RESTResponse(contentType, output, headers, httpStatus);
     }
 
-    /**
-     * Invokes the http PUT method
-     *
-     * @param uri        endpoint/service url
-     * @param requestHeaders header list
-     * @param username   username for authentication
-     * @param password   password for authentication
-     * @param payload    payload body passed
-     * @return RESTResponse of the PUT request (can be the response body or the response status code)
-     * @throws Exception
-     */
-    public RESTResponse invokePUT(URI uri, Map<String, String> requestHeaders, String username, String password,
-                                  String payload) throws IOException {
-
-        HttpPut httpPut = null;
-        CloseableHttpResponse response = null;
-        Header[] headers;
-        int httpStatus;
-        String contentType;
-        String output;
-        try {
-            httpPut = new HttpPut(uri);
-            httpPut.setEntity(new StringEntity(payload));
-            if (requestHeaders != null && !requestHeaders.isEmpty()) {
-                Object keys[] = requestHeaders.keySet().toArray();
-                for (Object header : keys) {
-                    httpPut.setHeader(header.toString(), requestHeaders.get(header).toString());
-                }
-            }
-            response = sendReceiveRequest(httpPut, username, password);
-            output = IOUtils.toString(response.getEntity().getContent());
-            headers = response.getAllHeaders();
-            httpStatus = response.getStatusLine().getStatusCode();
-            contentType = response.getEntity().getContentType().getValue();
-            if (log.isDebugEnabled()) {
-                log.debug("Invoked PUT " + uri.toString() + " - Response message: " + output);
-            }
-            EntityUtils.consume(response.getEntity());
-        } finally {
-            if (response != null) {
-                IOUtils.closeQuietly(response);
-            }
-            if (httpPut != null) {
-                httpPut.releaseConnection();
-            }
-        }
-        return new RESTResponse(contentType, output, headers, httpStatus);
-    }
-
-    /**
-     * Invokes the http DELETE method
-     *
-     * @param uri        endpoint/service url
-     * @param requestHeaders header list
-     * @param username   username for authentication
-     * @param password   password for authentication
-     * @return RESTResponse of the DELETE (can be the response status code or the response body)
-     * @throws Exception
-     */
-    public RESTResponse invokeDELETE(URI uri, Map<String, String> requestHeaders, String username, String password) throws IOException {
-
-        HttpDelete httpDelete = null;
-        CloseableHttpResponse response = null;
-        Header[] headers;
-        int httpStatus;
-        String contentType;
-        String output;
-        try {
-            httpDelete = new HttpDelete(uri);
-            if (requestHeaders != null && !requestHeaders.isEmpty()) {
-                Object keys[] = requestHeaders.keySet().toArray();
-                for (Object header : keys) {
-                    httpDelete.setHeader(header.toString(), requestHeaders.get(header).toString());
-                }
-            }
-            response = sendReceiveRequest(httpDelete, username, password);
-            output = IOUtils.toString(response.getEntity().getContent());
-            headers = response.getAllHeaders();
-            httpStatus = response.getStatusLine().getStatusCode();
-            contentType = response.getEntity().getContentType().getValue();
-            if (log.isDebugEnabled()) {
-                log.debug("Invoked DELETE " + uri.toString() + " - Response message: " + output);
-            }
-            EntityUtils.consume(response.getEntity());
-        } finally {
-            if (response != null) {
-                IOUtils.closeQuietly(response);
-            }
-            if (httpDelete != null) {
-                httpDelete.releaseConnection();
-            }
-        }
-        return new RESTResponse(contentType, output, headers, httpStatus);
-    }
-
     private CloseableHttpResponse sendReceiveRequest(HttpRequestBase requestBase, String username, String password)
             throws IOException {
         CloseableHttpResponse response;

components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/main/java/org/wso2/carbon/apimgt/handlers/invoker/RESTResponse.java

@@ -36,7 +36,7 @@ public class RESTResponse {
      * @param headers     from the REST invoke response
      * @param httpStatus  from the REST invoke response
      */
-    public RESTResponse(String contentType, String content, Header[] headers, int httpStatus) {
+    RESTResponse(String contentType, String content, Header[] headers, int httpStatus) {
         this.contentType = contentType;
         this.content = content;
         this.headers = headers;

components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/main/java/org/wso2/carbon/apimgt/handlers/utils/AuthConstants.java

@@ -21,18 +21,6 @@ package org.wso2.carbon.apimgt.handlers.utils;
  * This initializes the constance.
  */
 public class AuthConstants {
-//    public static final String SEC_FAULT = "SECURITY_VALIDATION_FAILURE";
-//    public static final String HTTPS = "https";
-//    public static final String WSSE = "wsse";
-//    public static final String AUTH_CONFIGURATION_FILE_NAME = "api-filter-config.xml";
-//    public static final String API_FILTER_CONFIG_ELEMENT = "apiFilterConfig";
-//    public static final String API_LIST_PROPERTY = "apiList";
-//    public static final String HOST = "host";
-//    public static final String HTTPS_PORT = "httpsPort";
-//    public static final String USERNAME = "username";
-//    public static final String PASSWORD = "password";
-//    public static final String IOS_VERIFY_ENDPOINT = "ios-verify-endpoint";
-//    public static final String ANDROID_VERIFY_ENDPOINT = "android-verify-endpoint";
     public static final String MDM_SIGNATURE = "mdm-signature";
     public static final String PROXY_MUTUAL_AUTH_HEADER = "proxy-mutual-auth-header";
     public static final String MUTUAL_AUTH_HEADER = "mutual-auth-header";

components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/main/java/org/wso2/carbon/apimgt/handlers/utils/Utils.java

@@ -59,14 +59,20 @@ public class Utils {
 
     /**
      * This method initializes the iot-api-config.xml file.
-     * @return
+     * @return IoTServerConfiguration Object based on the configuration file.
      */
     public static IOTServerConfiguration initConfig() {
-        try {
+        return initConfig(CarbonUtils.getCarbonConfigDirPath() + File.separator + IOT_APIS_CONFIG_FILE);
+    }
 
-            String IOTServerAPIConfigurationPath = CarbonUtils.getCarbonConfigDirPath() + File.separator
+    /**
-                    + IOT_APIS_CONFIG_FILE;
+     * This methods initialized the iot-api-config.xml from provided path.
-            File file = new File(IOTServerAPIConfigurationPath);
+     * @param path The actual file path of iot-api-config.xml
+     * @return The instance of the IOTServerConfiguration based on the configuration.
+     */
+    public static IOTServerConfiguration initConfig(String path){
+        try {
+            File file = new File(path);
             Document doc = Utils.convertToDocument(file);
 
             JAXBContext fileContext = JAXBContext.newInstance(IOTServerConfiguration.class);
@@ -91,7 +97,7 @@ public class Utils {
     /**
      * This method gets the values from system variables and sets to xml.
      */
-    public static String replaceProperties(String text) {
+    private static String replaceProperties(String text) {
         String regex = "\\$\\{(.*?)\\}";
         Pattern pattern = Pattern.compile(regex);
         Matcher matchPattern = pattern.matcher(text);
@@ -107,11 +113,12 @@ public class Utils {
 
     /**
      * This class build the iot-api-config.xml file.
-     * @param file
+     *
-     * @return
+     * @param file The file object of iot-api-config.xml.
+     * @return Document instance of the file
      * @throws APIMCertificateMGTException
      */
-    public static Document convertToDocument(File file) throws APIMCertificateMGTException {
+    private static Document convertToDocument(File file) throws APIMCertificateMGTException {
         DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
         factory.setNamespaceAware(true);
         try {
@@ -126,48 +133,45 @@ public class Utils {
 
     /**
      * This class get the access token from the key manager.
-     * @param iotServerConfiguration
+     *
-     * @return
+     * @param iotServerConfiguration Instance of the IoTsererConfiguration.
+     * @return Access token will be returned.
      * @throws APIMCertificateMGTException
      */
-    public static String getAccessToken(IOTServerConfiguration iotServerConfiguration)
+    public static String getAccessToken(IOTServerConfiguration iotServerConfiguration, RESTInvoker restInvoker)
             throws APIMCertificateMGTException {
         try {
             if (clientId == null || clientSecret == null) {
-                getClientSecretes(iotServerConfiguration);
+                getClientSecretes(iotServerConfiguration, restInvoker);
             }
             URI tokenUrl = new URI(iotServerConfiguration.getOauthTokenEndpoint());
             String tokenContent = "grant_type=password&username=" + iotServerConfiguration.getUsername()+ "&password=" +
                     iotServerConfiguration.getPassword() + "&scope=activity-view";
             String tokenBasicAuth = "Basic " + Base64.encode((clientId + ":" + clientSecret).getBytes());
-            Map<String, String> tokenHeaders = new HashMap<String, String>();
+            Map<String, String> tokenHeaders = new HashMap<>();
             tokenHeaders.put("Authorization", tokenBasicAuth);
             tokenHeaders.put("Content-Type", "application/x-www-form-urlencoded");
 
-            RESTInvoker restInvoker = new RESTInvoker();
             RESTResponse response = restInvoker.invokePOST(tokenUrl, tokenHeaders, null, null, tokenContent);
             if(log.isDebugEnabled()) {
                 log.debug("Token response:" + response.getContent());
             }
             JSONObject jsonResponse = new JSONObject(response.getContent());
-            String accessToken = jsonResponse.getString("access_token");
+            return jsonResponse.getString("access_token");
-            return accessToken;
 
-        } catch (URISyntaxException e) {
+        } catch (URISyntaxException | IOException e) {
             throw new APIMCertificateMGTException("Error occurred while trying to call oauth token endpoint", e);
         } catch (JSONException e) {
             throw new APIMCertificateMGTException("Error occurred while converting the json to object", e);
-        } catch (IOException e) {
-            throw new APIMCertificateMGTException("Error occurred while trying to call oauth token endpoint", e);
         }
     }
 
     /**
      * This method register an application to get the client key and secret.
-     * @param iotServerConfiguration
+     * @param iotServerConfiguration Instance of the IoTServerConfiguration.
      * @throws APIMCertificateMGTException
      */
-    private static void getClientSecretes(IOTServerConfiguration iotServerConfiguration)
+    private static void getClientSecretes(IOTServerConfiguration iotServerConfiguration, RESTInvoker restInvoker)
             throws APIMCertificateMGTException {
         try {
             String username = iotServerConfiguration.getUsername();
@@ -180,12 +184,11 @@ public class Utils {
             dcr.setCallbackUrl(AuthConstants.CALLBACK_URL);
             dcr.setIsSaasApp(true);
             String dcrContent = dcr.toJSON();
-            Map<String, String> dcrHeaders = new HashMap<String, String>();
+            Map<String, String> dcrHeaders = new HashMap<>();
             String basicAuth = Base64.encode((username + ":" + password).getBytes());
             dcrHeaders.put(AuthConstants.CONTENT_TYPE_HEADER, AuthConstants.CONTENT_TYPE);
             dcrHeaders.put(AuthConstants.AUTHORIZATION_HEADER, AuthConstants.BASIC_AUTH_PREFIX + basicAuth);
             URI dcrUrl = new URI(iotServerConfiguration.getDynamicClientRegistrationEndpoint());
-            RESTInvoker restInvoker = new RESTInvoker();
             RESTResponse response = restInvoker.invokePOST(dcrUrl, dcrHeaders, null, null, dcrContent);
             if (log.isDebugEnabled()) {
                 log.debug("DCR response :" + response.getContent());

components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/test/java/org/wso2/carbon/apimgt/handlers/AuthenticationHandlerTest.java

@@ -0,0 +1,215 @@
+/*
+*  Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*  WSO2 Inc. licenses this file to you under the Apache License,
+*  Version 2.0 (the "License"); you may not use this file except
+*  in compliance with the License.
+*  You may obtain a copy of the License at
+*
+*    http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied.  See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*
+*/
+package org.wso2.carbon.apimgt.handlers;
+
+import com.google.gson.Gson;
+import junit.framework.Assert;
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMDocument;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.engine.AxisConfiguration;
+import org.apache.commons.io.FileUtils;
+import org.apache.http.ProtocolVersion;
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.entity.BasicHttpEntity;
+import org.apache.http.message.BasicStatusLine;
+import org.apache.synapse.MessageContext;
+import org.apache.synapse.config.SynapseConfigUtils;
+import org.apache.synapse.config.SynapseConfiguration;
+import org.apache.synapse.core.SynapseEnvironment;
+import org.apache.synapse.core.axis2.Axis2MessageContext;
+import org.apache.synapse.core.axis2.Axis2SynapseEnvironment;
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.Test;
+import org.wso2.carbon.apimgt.handlers.beans.ValidationResponce;
+import org.wso2.carbon.apimgt.handlers.invoker.RESTInvoker;
+import org.wso2.carbon.apimgt.handlers.mock.MockClient;
+import org.wso2.carbon.apimgt.handlers.mock.MockHttpResponse;
+import org.wso2.carbon.apimgt.handlers.utils.AuthConstants;
+import org.wso2.carbon.certificate.mgt.core.exception.KeystoreException;
+import org.wso2.carbon.certificate.mgt.core.impl.CertificateGenerator;
+import org.wso2.carbon.certificate.mgt.core.util.CertificateManagementConstants;
+
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.FileReader;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.lang.reflect.Field;
+import java.nio.charset.StandardCharsets;
+import java.security.cert.X509Certificate;
+import java.util.HashMap;
+import java.util.List;
+
+/**
+ * This testcase will focus on covering the methods of {@link AuthenticationHandler}
+ */
+public class AuthenticationHandlerTest extends BaseAPIHandlerTest {
+
+    private AuthenticationHandler handler;
+    private SynapseConfiguration synapseConfiguration;
+    private MockClient mockClient;
+
+    @BeforeClass
+    public void initTest() {
+        TestUtils.setSystemProperties();
+        this.handler = new AuthenticationHandler();
+        this.synapseConfiguration = new SynapseConfiguration();
+    }
+
+    @Test(description = "Handle request with empty transport headers")
+    public void testHandleRequestWithEmptyTransportHeader() throws Exception {
+        boolean response = this.handler.handleRequest(createSynapseMessageContext("<empty/>", this.synapseConfiguration,
+                new HashMap<>(), "https://test.com/testservice"));
+        Assert.assertFalse(response);
+    }
+
+    @Test(description = "Handle request with without device type",
+            dependsOnMethods = "testHandleRequestWithEmptyTransportHeader")
+    public void testHandleRequestWithURISyntaxError() throws Exception {
+        HashMap<String, String> transportHeaders = new HashMap<>();
+        List<X509Certificate> certificates = loadCertificates();
+        transportHeaders.put(AuthConstants.MDM_SIGNATURE, new String(certificates.get(0).getSignature()));
+        boolean response = this.handler.handleRequest(createSynapseMessageContext("<empty/>", this.synapseConfiguration,
+                transportHeaders, "https://test.com/testservice"));
+        Assert.assertFalse(response);
+    }
+
+    @Test(description = "Handle request with device type URI",
+            dependsOnMethods = "testHandleRequestWithURISyntaxError")
+    public void testHandleRequestWithDeviceTypeURI() throws Exception {
+        HashMap<String, String> transportHeaders = new HashMap<>();
+        List<X509Certificate> certificates = loadCertificates();
+        transportHeaders.put(AuthConstants.MDM_SIGNATURE, new String(certificates.get(0).getSignature()));
+        setMockClient();
+        this.mockClient.setResponse(getDCRResponse());
+        this.mockClient.setResponse(getAccessTokenReponse());
+        this.mockClient.setResponse(getValidationResponse());
+        boolean response = this.handler.handleRequest(createSynapseMessageContext("<empty/>", this.synapseConfiguration,
+                transportHeaders, "https://test.com/testservice/api/testdevice"));
+        Assert.assertTrue(response);
+        this.mockClient.reset();
+    }
+
+
+    private static MessageContext createSynapseMessageContext(
+            String payload, SynapseConfiguration config, HashMap<String, String> transportHeaders,
+            String address) throws Exception {
+        org.apache.axis2.context.MessageContext mc =
+                new org.apache.axis2.context.MessageContext();
+        AxisConfiguration axisConfig = config.getAxisConfiguration();
+        if (axisConfig == null) {
+            axisConfig = new AxisConfiguration();
+            config.setAxisConfiguration(axisConfig);
+        }
+        ConfigurationContext cfgCtx = new ConfigurationContext(axisConfig);
+        SynapseEnvironment env = new Axis2SynapseEnvironment(cfgCtx, config);
+        MessageContext synMc = new Axis2MessageContext(mc, config, env);
+        SOAPEnvelope envelope =
+                OMAbstractFactory.getSOAP11Factory().getDefaultEnvelope();
+        OMDocument omDoc =
+                OMAbstractFactory.getSOAP11Factory().createOMDocument();
+        omDoc.addChild(envelope);
+        envelope.getBody().addChild(SynapseConfigUtils.stringToOM(payload));
+        synMc.setEnvelope(envelope);
+        synMc.setTo(new EndpointReference(address));
+        org.apache.axis2.context.MessageContext axis2MessageContext =
+                ((Axis2MessageContext) synMc).getAxis2MessageContext();
+        axis2MessageContext.setProperty(org.apache.axis2.context.MessageContext.TRANSPORT_HEADERS, transportHeaders);
+        return synMc;
+    }
+
+    private List<X509Certificate> loadCertificates() throws IOException, KeystoreException {
+        File caPemFile = new File(TestUtils.getAbsolutePathOfConfig("ca_cert.pem"));
+        File raPemFile = new File(TestUtils.getAbsolutePathOfConfig("ra_cert.pem"));
+        byte[] ca = FileUtils.readFileToByteArray(caPemFile);
+        byte[] ra = FileUtils.readFileToByteArray(raPemFile);
+        List<X509Certificate> rootCertificates = new CertificateGenerator().getRootCertificates(ca, ra);
+        Assert.assertNotNull("Root certificates retrieved", rootCertificates);
+        Assert.assertEquals(rootCertificates.get(0).getType(), CertificateManagementConstants.X_509);
+        Assert.assertEquals(rootCertificates.get(1).getType(), CertificateManagementConstants.X_509);
+        return rootCertificates;
+    }
+
+    private void setMockClient() throws NoSuchFieldException, IllegalAccessException {
+        Field restInvokerField = this.handler.getClass().getDeclaredField("restInvoker");
+        restInvokerField.setAccessible(true);
+        RESTInvoker restInvoker = (RESTInvoker) restInvokerField.get(this.handler);
+        Field clientField = restInvoker.getClass().getDeclaredField("client");
+        clientField.setAccessible(true);
+        this.mockClient = new MockClient();
+        clientField.set(restInvoker, this.mockClient);
+    }
+
+    private CloseableHttpResponse getDCRResponse() throws IOException {
+        CloseableHttpResponse mockDCRResponse = new MockHttpResponse();
+        String dcrResponseFile = TestUtils.getAbsolutePathOfConfig("dcr-response.json");
+        BasicHttpEntity responseEntity = new BasicHttpEntity();
+        responseEntity.setContent(new ByteArrayInputStream(getContent(dcrResponseFile).
+                getBytes(StandardCharsets.UTF_8.name())));
+        responseEntity.setContentType(TestUtils.CONTENT_TYPE);
+        mockDCRResponse.setEntity(responseEntity);
+        mockDCRResponse.setStatusLine(new BasicStatusLine(new ProtocolVersion("http", 1, 0), 200, "OK"));
+        return mockDCRResponse;
+    }
+
+    private CloseableHttpResponse getAccessTokenReponse() throws IOException {
+        CloseableHttpResponse mockDCRResponse = new MockHttpResponse();
+        String dcrResponseFile = TestUtils.getAbsolutePathOfConfig("accesstoken-response.json");
+        BasicHttpEntity responseEntity = new BasicHttpEntity();
+        responseEntity.setContent(new ByteArrayInputStream(getContent(dcrResponseFile).
+                getBytes(StandardCharsets.UTF_8.name())));
+        responseEntity.setContentType(TestUtils.CONTENT_TYPE);
+        mockDCRResponse.setEntity(responseEntity);
+        mockDCRResponse.setStatusLine(new BasicStatusLine(new ProtocolVersion("http", 1, 0), 200, "OK"));
+        return mockDCRResponse;
+    }
+
+    private CloseableHttpResponse getValidationResponse() throws UnsupportedEncodingException {
+        ValidationResponce response = new ValidationResponce();
+        response.setDeviceId("1234");
+        response.setDeviceType("testdevice");
+        response.setJWTToken("1234567788888888");
+        response.setTenantId(-1234);
+        Gson gson = new Gson();
+        String jsonReponse = gson.toJson(response);
+        CloseableHttpResponse mockDCRResponse = new MockHttpResponse();
+        BasicHttpEntity responseEntity = new BasicHttpEntity();
+        responseEntity.setContent(new ByteArrayInputStream(jsonReponse.getBytes(StandardCharsets.UTF_8.name())));
+        responseEntity.setContentType(TestUtils.CONTENT_TYPE);
+        mockDCRResponse.setEntity(responseEntity);
+        mockDCRResponse.setStatusLine(new BasicStatusLine(new ProtocolVersion("http", 1, 0), 200, "OK"));
+        return mockDCRResponse;
+    }
+
+
+    private String getContent(String filePath) throws IOException {
+        FileReader fileReader = new FileReader(filePath);
+        BufferedReader bufferedReader = new BufferedReader(fileReader);
+        String content = "";
+        String line;
+        while ((line = bufferedReader.readLine()) != null) {
+            content += line + "\n";
+        }
+        bufferedReader.close();
+        return content;
+    }
+}

components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/test/java/org/wso2/carbon/apimgt/handlers/BaseAPIHandlerTest.java

@@ -0,0 +1,60 @@
+/*
+*  Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*  WSO2 Inc. licenses this file to you under the Apache License,
+*  Version 2.0 (the "License"); you may not use this file except
+*  in compliance with the License.
+*  You may obtain a copy of the License at
+*
+*    http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied.  See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*
+*/
+package org.wso2.carbon.apimgt.handlers;
+
+import org.testng.annotations.BeforeSuite;
+import org.wso2.carbon.base.MultitenantConstants;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
+
+import java.io.File;
+
+/**
+ * This is the base test case for API Handler tests.
+ */
+public class BaseAPIHandlerTest {
+
+    @BeforeSuite
+    public void init() {
+        setUpCarbonHome();
+    }
+
+    private void setUpCarbonHome() {
+        if (System.getProperty("carbon.home") == null) {
+            File file = new File("src/test/resources/carbon-home");
+            if (file.exists()) {
+                System.setProperty("carbon.home", file.getAbsolutePath());
+            }
+            file = new File("carbon-home");
+            if (file.exists()) {
+                System.setProperty("carbon.home", file.getAbsolutePath());
+            }
+            file = new File("../../resources/carbon-home");
+            if (file.exists()) {
+                System.setProperty("carbon.home", file.getAbsolutePath());
+            }
+            file = new File("../../../resources/carbon-home");
+            if (file.exists()) {
+                System.setProperty("carbon.home", file.getAbsolutePath());
+            }
+        }
+        PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(MultitenantConstants
+                .SUPER_TENANT_DOMAIN_NAME);
+        PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(MultitenantConstants.SUPER_TENANT_ID);
+    }
+
+}

components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/test/java/org/wso2/carbon/apimgt/handlers/IOTServerConfigurationTest.java

@@ -0,0 +1,99 @@
+/*
+*  Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*  WSO2 Inc. licenses this file to you under the Apache License,
+*  Version 2.0 (the "License"); you may not use this file except
+*  in compliance with the License.
+*  You may obtain a copy of the License at
+*
+*    http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied.  See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*
+*/
+package org.wso2.carbon.apimgt.handlers;
+
+import org.testng.Assert;
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.Test;
+import org.wso2.carbon.apimgt.handlers.config.IOTServerConfiguration;
+import org.wso2.carbon.apimgt.handlers.utils.Utils;
+
+import java.io.File;
+
+/**
+ * This class validates the behaviour of {@link IOTServerConfiguration}
+ */
+public class IOTServerConfigurationTest extends BaseAPIHandlerTest {
+    private static final String CONFIG_DIR = "carbon-home" + File.separator + "repository" + File.separator +
+            "conf" + File.separator;
+
+    @BeforeClass
+    public void initTest(){
+        TestUtils.resetSystemProperties();
+    }
+
+    @Test(description = "Validating the IoT Server configuration initialization without system properties")
+    public void initConfigWithoutSystemProps() {
+        IOTServerConfiguration serverConfiguration = Utils.initConfig();
+        Assert.assertTrue(serverConfiguration != null);
+        Assert.assertEquals(serverConfiguration.getHostname(), "https://${iot.core.host}:${iot.core.https.port}/");
+        Assert.assertEquals(serverConfiguration.getVerificationEndpoint(),
+                "https://${iot.core.host}:${iot.core.https.port}/api/certificate-mgt/v1.0/admin/certificates/verify/");
+        Assert.assertEquals(serverConfiguration.getUsername(), "testuser");
+        Assert.assertEquals(serverConfiguration.getPassword(), "testuserpwd");
+        Assert.assertEquals(serverConfiguration.getDynamicClientRegistrationEndpoint(),
+                "https://${iot.keymanager.host}:${iot.keymanager.https.port}/client-registration/v0.11/register");
+        Assert.assertEquals(serverConfiguration.getOauthTokenEndpoint(),
+                "https://${iot.keymanager.host}:${iot.keymanager.https.port}/oauth2/token");
+        Assert.assertEquals(serverConfiguration.getApis().size(), 1);
+        Assert.assertEquals(serverConfiguration.getApis().get(0).getContextPath(), "/services");
+    }
+
+    @Test(description = "Initializing IoT server config with invalid configuration",
+            dependsOnMethods = "initConfigWithoutSystemProps")
+    public void initConfigWithInvalidConfig() {
+        IOTServerConfiguration serverConfig = Utils.initConfig(TestUtils.getAbsolutePathOfConfig(CONFIG_DIR
+                + "iot-api-config-invalid.xml"));
+        Assert.assertEquals(serverConfig, null);
+    }
+
+    @Test(description = "Initializing IoT server config with invalid xml",
+            dependsOnMethods = "initConfigWithInvalidConfig")
+    public void initConfigWithInvalidXMLConfig() {
+        IOTServerConfiguration serverConfig = Utils.initConfig(TestUtils.getAbsolutePathOfConfig(CONFIG_DIR +
+                "iot-api-config-invalid-xml.xml"));
+        Assert.assertEquals(serverConfig, null);
+    }
+
+    @Test(description = "Initializing IoT server config with system configs",
+            dependsOnMethods = "initConfigWithInvalidXMLConfig")
+    public void initConfigWithSystemProps() {
+        TestUtils.setSystemProperties();
+        IOTServerConfiguration serverConfiguration = Utils.initConfig();
+        Assert.assertTrue(serverConfiguration != null);
+        Assert.assertEquals(serverConfiguration.getHostname(), "https://" + TestUtils.IOT_CORE_HOST + ":"
+                + TestUtils.IOT_CORE_HTTPS_PORT
+                + "/");
+        Assert.assertEquals(serverConfiguration.getVerificationEndpoint(),
+                "https://" + TestUtils.IOT_CORE_HOST + ":" + TestUtils.IOT_CORE_HTTPS_PORT +
+                        "/api/certificate-mgt/v1.0/admin/certificates/" +
+                        "verify/");
+        Assert.assertEquals(serverConfiguration.getUsername(), "testuser");
+        Assert.assertEquals(serverConfiguration.getPassword(), "testuserpwd");
+        Assert.assertEquals(serverConfiguration.getDynamicClientRegistrationEndpoint(),
+                "https://" + TestUtils.IOT_KEYMANAGER_HOST + ":" + TestUtils.IOT_KEYMANAGER_PORT
+                        + "/client-registration/v0.11/register");
+        Assert.assertEquals(serverConfiguration.getOauthTokenEndpoint(),
+                "https://" + TestUtils.IOT_KEYMANAGER_HOST + ":" + TestUtils.IOT_KEYMANAGER_PORT
+                        + "/oauth2/token");
+        Assert.assertEquals(serverConfiguration.getApis().size(), 1);
+        Assert.assertEquals(serverConfiguration.getApis().get(0).getContextPath(), "/services");
+    }
+
+
+}

components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/test/java/org/wso2/carbon/apimgt/handlers/TestUtils.java

@@ -0,0 +1,54 @@
+/*
+*  Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*  WSO2 Inc. licenses this file to you under the Apache License,
+*  Version 2.0 (the "License"); you may not use this file except
+*  in compliance with the License.
+*  You may obtain a copy of the License at
+*
+*    http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied.  See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*
+*/
+package org.wso2.carbon.apimgt.handlers;
+
+import org.testng.Assert;
+
+import java.io.File;
+import java.net.URL;
+
+public class TestUtils {
+
+    static final String IOT_CORE_HOST = "iot.core.wso2.com";
+    static final String IOT_CORE_HTTPS_PORT = "9443";
+    static final String IOT_KEYMANAGER_HOST = "iot.keymanager.wso2.com";
+    static final String IOT_KEYMANAGER_PORT = "9443";
+    static final String CONTENT_TYPE = "application/json";
+
+    static String getAbsolutePathOfConfig(String configFilePath) {
+        ClassLoader classLoader = TestUtils.class.getClassLoader();
+        URL invalidConfig = classLoader.getResource(configFilePath);
+        Assert.assertTrue(invalidConfig != null);
+        File file = new File(invalidConfig.getFile());
+        return file.getAbsolutePath();
+    }
+
+    static void setSystemProperties() {
+        System.setProperty("iot.core.host", IOT_CORE_HOST);
+        System.setProperty("iot.core.https.port", IOT_CORE_HTTPS_PORT);
+        System.setProperty("iot.keymanager.host", IOT_KEYMANAGER_HOST);
+        System.setProperty("iot.keymanager.https.port", IOT_KEYMANAGER_PORT);
+    }
+
+    static void resetSystemProperties() {
+        System.clearProperty("iot.core.host");
+        System.clearProperty("iot.core.https.port");
+        System.clearProperty("iot.keymanager.host");
+        System.clearProperty("iot.keymanager.https.port");
+    }
+}

components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/test/java/org/wso2/carbon/apimgt/handlers/mock/MockClient.java

@@ -0,0 +1,65 @@
+/*
+*  Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*  WSO2 Inc. licenses this file to you under the Apache License,
+*  Version 2.0 (the "License"); you may not use this file except
+*  in compliance with the License.
+*  You may obtain a copy of the License at
+*
+*    http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied.  See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*
+*/
+package org.wso2.carbon.apimgt.handlers.mock;
+
+import org.apache.http.HttpHost;
+import org.apache.http.HttpRequest;
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.conn.ClientConnectionManager;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.params.HttpParams;
+import org.apache.http.protocol.HttpContext;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+public class MockClient extends CloseableHttpClient {
+    private List<CloseableHttpResponse> responses = new ArrayList<>();
+    private int responseCount = 0;
+
+    @Override
+    protected CloseableHttpResponse doExecute(HttpHost httpHost, HttpRequest httpRequest, HttpContext httpContext)
+            throws IOException {
+        this.responseCount++;
+        return this.responses.get(this.responseCount - 1);
+    }
+
+    @Override
+    public void close() throws IOException {
+    }
+
+    @Override
+    public HttpParams getParams() {
+        return null;
+    }
+
+    @Override
+    public ClientConnectionManager getConnectionManager() {
+        return null;
+    }
+
+    public void setResponse(CloseableHttpResponse reponse) {
+        this.responses.add(reponse);
+    }
+
+    public void reset() {
+        this.responses.clear();
+        this.responseCount = 0;
+    }
+}

components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/test/java/org/wso2/carbon/apimgt/handlers/mock/MockHttpResponse.java

@@ -0,0 +1,174 @@
+/*
+*  Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+*  WSO2 Inc. licenses this file to you under the Apache License,
+*  Version 2.0 (the "License"); you may not use this file except
+*  in compliance with the License.
+*  You may obtain a copy of the License at
+*
+*    http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing,
+* software distributed under the License is distributed on an
+* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+* KIND, either express or implied.  See the License for the
+* specific language governing permissions and limitations
+* under the License.
+*
+*/
+package org.wso2.carbon.apimgt.handlers.mock;
+
+import org.apache.http.Header;
+import org.apache.http.HeaderIterator;
+import org.apache.http.HttpEntity;
+import org.apache.http.ProtocolVersion;
+import org.apache.http.StatusLine;
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.params.HttpParams;
+
+import java.io.IOException;
+import java.util.Locale;
+
+public class MockHttpResponse implements CloseableHttpResponse {
+    private HttpEntity httpEntity;
+    private StatusLine statusLine;
+
+    @Override
+    public void close() throws IOException {
+
+    }
+
+    @Override
+    public StatusLine getStatusLine() {
+        return this.statusLine;
+    }
+
+    @Override
+    public void setStatusLine(StatusLine statusLine) {
+        this.statusLine = statusLine;
+    }
+
+    @Override
+    public void setStatusLine(ProtocolVersion protocolVersion, int i) {
+
+    }
+
+    @Override
+    public void setStatusLine(ProtocolVersion protocolVersion, int i, String s) {
+
+    }
+
+    @Override
+    public void setStatusCode(int i) throws IllegalStateException {
+
+    }
+
+    @Override
+    public void setReasonPhrase(String s) throws IllegalStateException {
+
+    }
+
+    @Override
+    public HttpEntity getEntity() {
+       return this.httpEntity;
+    }
+
+    @Override
+    public void setEntity(HttpEntity httpEntity) {
+        this.httpEntity = httpEntity;
+    }
+
+    @Override
+    public Locale getLocale() {
+        return null;
+    }
+
+    @Override
+    public void setLocale(Locale locale) {
+
+    }
+
+    @Override
+    public ProtocolVersion getProtocolVersion() {
+        return null;
+    }
+
+    @Override
+    public boolean containsHeader(String s) {
+        return false;
+    }
+
+    @Override
+    public Header[] getHeaders(String s) {
+        return new Header[0];
+    }
+
+    @Override
+    public Header getFirstHeader(String s) {
+        return null;
+    }
+
+    @Override
+    public Header getLastHeader(String s) {
+        return null;
+    }
+
+    @Override
+    public Header[] getAllHeaders() {
+        return new Header[0];
+    }
+
+    @Override
+    public void addHeader(Header header) {
+
+    }
+
+    @Override
+    public void addHeader(String s, String s1) {
+
+    }
+
+    @Override
+    public void setHeader(Header header) {
+
+    }
+
+    @Override
+    public void setHeader(String s, String s1) {
+
+    }
+
+    @Override
+    public void setHeaders(Header[] headers) {
+
+    }
+
+    @Override
+    public void removeHeader(Header header) {
+
+    }
+
+    @Override
+    public void removeHeaders(String s) {
+
+    }
+
+    @Override
+    public HeaderIterator headerIterator() {
+        return null;
+    }
+
+    @Override
+    public HeaderIterator headerIterator(String s) {
+        return null;
+    }
+
+    @Override
+    public HttpParams getParams() {
+        return null;
+    }
+
+    @Override
+    public void setParams(HttpParams httpParams) {
+
+    }
+}

components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/test/resources/accesstoken-response.json

@@ -0,0 +1,7 @@
+{
+  "scope": "API_SUBSCRIBER_SCOPE",
+  "token_type": "Bearer",
+  "expires_in": 3600,
+  "refresh_token": "33c3be152ebf0030b3fb76f2c1f80bf8",
+  "access_token": "292ff0fd256814536baca0926f483c8d"
+}

components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/test/resources/ca_cert.pem

@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF+zCCA+OgAwIBAgIJAJE458QXNuiLMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYD
+VQQGEwJVUzENMAsGA1UECBMEVGVzdDENMAsGA1UEBxMEVGVzdDERMA8GA1UEChMI
+VGVzdCBPcmcxFjAUBgNVBAsTDVRlc3Qgb3JnIHVuaXQxFTATBgNVBAMTDFdTTzIg
+Um9vdCBDQTEcMBoGCSqGSIb3DQEJARYNcm9vdEB3c28yLmNvbTAeFw0xNTAxMjcx
+MjUxMjRaFw0xNzEwMjMxMjUxMjRaMIGLMQswCQYDVQQGEwJVUzENMAsGA1UECBME
+VGVzdDENMAsGA1UEBxMEVGVzdDERMA8GA1UEChMIVGVzdCBPcmcxFjAUBgNVBAsT
+DVRlc3Qgb3JnIHVuaXQxFTATBgNVBAMTDFdTTzIgUm9vdCBDQTEcMBoGCSqGSIb3
+DQEJARYNcm9vdEB3c28yLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBANJ756zjlkNKJf9O80qwFWxlwr4vOa80oaGXaO8Luj8ZNb7zyGATppTmZi2b
+rRVfNPGHhN/0REb5+Gcf0xvk1b5Wp4E+JoDKfZMwOVQsMVmKYHqopgiiE28L/YoN
+d0XmZA0J03nfQ4rzYggwQX7oRsW/AptkdURV4i8xD3SsqDGDZyYxQVDkj55nrweE
+d5FWOnYvvpdbFJ4WanJmGe1WRtLMJ0jFi7tw9Wc7W/5+fvIA9bvHDHoG1VlfyjQU
+SvTLlAN7Ui0ztXTcOZuN3HI0putMQRyaAD7Ljl7E1ROiqMhN/z80Bck8Yi7ELOmq
++cJOir/4CAamj8SugZ0iXo922slrSemWL9tjNT7MFmjFXmgIfVmaJF7OxKyxHhO8
+gJKTlU2KSJJH2CzMwnGdRFrDlsAotVjGLYFWHUN4HW2uA2crEEmk+UduwnVMazqU
+wBFxv+INf0U55bsXTv7C3L06IUaTBvxhxKQmzj9BeQGwWAC2Co4s5riT2ttivSRl
+XijPIEDTfmvE/fjj4KfQQOTY3+EejacMe6gb/qVsCZ1g9Tbk7WLgjYHBuOQSAz3l
+wPPqPY+6CakeL29wWyPg7pGzR6lMcYItUdHJuNsTijs0x6Xi1O5iIuL2o0vl8FRH
++tZFm3ujtCIHprjUgcn6aOR9Ms/NkUJCziKKAb4KoohNFgr/AgMBAAGjYDBeMB0G
+A1UdDgQWBBSDhLDYVCYhJsxvK1ZNV05qGGVajjAfBgNVHSMEGDAWgBSDhLDYVCYh
+JsxvK1ZNV05qGGVajjAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBhjANBgkq
+hkiG9w0BAQUFAAOCAgEAykqOsxHV43Bx24+7DfxLNYyafBayHacQ4uwtldwexyQB
+fIyJKjhzZUSvl37zhFPhJRJHogFIds+FoqaQsF8PvI/YSKs3UYRhje2mJan79lEA
+rCd+3zDGmzQhmutVo7C1bCQuujV8YLIJGvvcnMcHnMLpc5CfjzmI2C6qMZ5XgpHx
+/Mhindllqr0ZVvqRive0A2svW1k47XWB7BIfx/aoZ1viPHDNYVuYZ6j/NAFv8/Fu
+3n/TfYOJ5rz0NPGHYXnmFcgGxtYTu5u6Q9YVdDLZv9lqYbMRSdiQ8SVDzwxft9N5
+g6/VoXLoMpCS7/6jR3J0GbG2r/vr024QMOHDZHQDjkAVUBni6/bRHqj389RnOXhQ
++TSlx/hGgtdTpZRv63PjAqTCdDAhazWAgG/W+dxUhAywiOYHeXincuuDER0ypkfG
+caUvbN9/mWtGJvtW+L9OlTj3LQlXD2ORehz5itS3eV0DVkscCOLzzkVLtIJeew1o
+RmiADNOUe5A6V0cW5HIFi9F7Recqv9lGphwQeq+2cmvUKkSPcx+Z/SHTT/nIOioq
+xxafJhci5dAEsPgtzxnA6QqPQtxOj46aZxQh5+hzZ/1CQq3UThDdQreJL51c+NOS
+ZFQh6YVpJH6ZdSldBJnHjbS7RL/bv2kl1Pmv808T+iG+GpDw2XljwsI6TL8ACok=
+-----END CERTIFICATE-----

components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/test/resources/carbon-home/repository/conf/carbon.xml

@@ -0,0 +1,656 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+
+<!--
+  ~ Copyright 2017 WSO2 Inc. (http://wso2.com)
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<!--
+    This is the main server configuration file
+
+    ${carbon.home} represents the carbon.home system property.
+    Other system properties can be specified in a similar manner.
+-->
+<Server xmlns="http://wso2.org/projects/carbon/carbon.xml">
+
+    <!--
+       Product Name
+    -->
+    <Name>${product.name}</Name>
+
+    <!--
+       machine readable unique key to identify each product
+    -->
+    <ServerKey>${product.key}</ServerKey>
+
+    <!--
+       Product Version
+    -->
+    <Version>${product.version}</Version>
+
+    <!--
+       Host name or IP address of the machine hosting this server
+       e.g. www.wso2.org, 192.168.1.10
+       This is will become part of the End Point Reference of the
+       services deployed on this server instance.
+    -->
+    <!--HostName>www.wso2.org</HostName-->
+
+    <!--
+    Host name to be used for the Carbon management console
+    -->
+    <!--MgtHostName>mgt.wso2.org</MgtHostName-->
+
+    <!--
+        The URL of the back end server. This is where the admin services are hosted and
+        will be used by the clients in the front end server.
+        This is required only for the Front-end server. This is used when seperating BE server from FE server
+       -->
+    <ServerURL>local:/${carbon.context}/services/</ServerURL>
+    <!--
+    <ServerURL>https://${carbon.local.ip}:${carbon.management.port}${carbon.context}/services/</ServerURL>
+    -->
+     <!--
+     The URL of the index page. This is where the user will be redirected after signing in to the
+     carbon server.
+     -->
+    <!-- IndexPageURL>/carbon/admin/index.jsp</IndexPageURL-->
+
+    <!--
+    For cApp deployment, we have to identify the roles that can be acted by the current server.
+    The following property is used for that purpose. Any number of roles can be defined here.
+    Regular expressions can be used in the role.
+    Ex : <Role>.*</Role> means this server can act any role
+    -->
+    <ServerRoles>
+        <Role>${default.server.role}</Role>
+    </ServerRoles>
+
+    <!-- uncommnet this line to subscribe to a bam instance automatically -->
+    <!--<BamServerURL>https://bamhost:bamport/services/</BamServerURL>-->
+
+    <!--
+       The fully qualified name of the server
+    -->
+    <Package>org.wso2.carbon</Package>
+
+    <!--
+       Webapp context root of WSO2 Carbon management console.
+    -->
+    <WebContextRoot>/</WebContextRoot>
+
+    <!--
+    	Proxy context path is a useful parameter to add a proxy path when a Carbon server is fronted by reverse proxy. In addtion
+        to the proxy host and proxy port this parameter allows you add a path component to external URLs. e.g.
+     		URL of the Carbon server -> https://10.100.1.1:9443/carbon
+   		URL of the reverse proxy -> https://prod.abc.com/appserver/carbon
+
+   	appserver - proxy context path. This specially required whenever you are generating URLs to displace in
+   	Carbon UI components.
+    -->
+    <!--
+    	<MgtProxyContextPath></MgtProxyContextPath>
+    	<ProxyContextPath></ProxyContextPath>
+    -->
+
+    <!-- In-order to  get the registry http Port from the back-end when the default http transport is not the same-->
+    <!--RegistryHttpPort>9763</RegistryHttpPort-->
+
+    <!--
+    Number of items to be displayed on a management console page. This is used at the
+    backend server for pagination of various items.
+    -->
+    <ItemsPerPage>15</ItemsPerPage>
+
+    <!-- The endpoint URL of the cloud instance management Web service -->
+    <!--<InstanceMgtWSEndpoint>https://ec2.amazonaws.com/</InstanceMgtWSEndpoint>-->
+
+    <!--
+       Ports used by this server
+    -->
+    <Ports>
+
+        <!-- Ports offset. This entry will set the value of the ports defined below to
+         the define value + Offset.
+         e.g. Offset=2 and HTTPS port=9443 will set the effective HTTPS port to 9445
+         -->
+        <Offset>0</Offset>
+
+        <!-- The JMX Ports -->
+        <JMX>
+            <!--The port RMI registry is exposed-->
+            <RMIRegistryPort>9999</RMIRegistryPort>
+            <!--The port RMI server should be exposed-->
+            <RMIServerPort>11111</RMIServerPort>
+        </JMX>
+
+        <!-- Embedded LDAP server specific ports -->
+        <EmbeddedLDAP>
+            <!-- Port which embedded LDAP server runs -->
+            <LDAPServerPort>10389</LDAPServerPort>
+            <!-- Port which KDC (Kerberos Key Distribution Center) server runs -->
+            <KDCServerPort>8000</KDCServerPort>
+        </EmbeddedLDAP>
+	
+	<!-- 
+             Override datasources JNDIproviderPort defined in bps.xml and datasources.properties files
+	-->
+	<!--<JNDIProviderPort>2199</JNDIProviderPort>-->
+	<!--Override receive port of thrift based entitlement service.-->
+	<ThriftEntitlementReceivePort>10500</ThriftEntitlementReceivePort>
+
+    </Ports>
+
+    <!--
+        JNDI Configuration
+    -->
+    <JNDI>
+        <!-- 
+             The fully qualified name of the default initial context factory
+        -->
+        <DefaultInitialContextFactory>org.wso2.carbon.tomcat.jndi.CarbonJavaURLContextFactory</DefaultInitialContextFactory>
+        <!-- 
+             The restrictions that are done to various JNDI Contexts in a Multi-tenant environment 
+        -->
+        <Restrictions>
+            <!--
+                Contexts that will be available only to the super-tenant
+            -->
+            <!-- <SuperTenantOnly>
+                <UrlContexts>
+                    <UrlContext>
+                        <Scheme>foo</Scheme>
+                    </UrlContext>
+                    <UrlContext>
+                        <Scheme>bar</Scheme>
+                    </UrlContext>
+                </UrlContexts>
+            </SuperTenantOnly> -->
+            <!-- 
+                Contexts that are common to all tenants
+            -->
+            <AllTenants>
+                <UrlContexts>
+                    <UrlContext>
+                        <Scheme>java</Scheme>
+                    </UrlContext>
+                    <!-- <UrlContext>
+                        <Scheme>foo</Scheme>
+                    </UrlContext> -->
+                </UrlContexts>
+            </AllTenants>
+            <!-- 
+                 All other contexts not mentioned above will be available on a per-tenant basis 
+                 (i.e. will not be shared among tenants)
+            -->
+        </Restrictions>
+    </JNDI>
+
+    <!--
+        Property to determine if the server is running an a cloud deployment environment.
+        This property should only be used to determine deployment specific details that are
+        applicable only in a cloud deployment, i.e when the server deployed *-as-a-service.
+    -->
+    <IsCloudDeployment>false</IsCloudDeployment>
+
+    <!--
+	Property to determine whether usage data should be collected for metering purposes
+    -->
+    <EnableMetering>false</EnableMetering>
+
+    <!-- The Max time a thread should take for execution in seconds -->
+    <MaxThreadExecutionTime>600</MaxThreadExecutionTime>
+
+    <!--
+        A flag to enable or disable Ghost Deployer. By default this is set to false. That is
+        because the Ghost Deployer works only with the HTTP/S transports. If you are using
+        other transports, don't enable Ghost Deployer.
+    -->
+    <GhostDeployment>
+        <Enabled>false</Enabled>
+    </GhostDeployment>
+
+
+    <!--
+        Eager loading or lazy loading is a design pattern commonly used in computer programming which
+        will initialize an object upon creation or load on-demand. In carbon, lazy loading is used to
+        load tenant when a request is received only. Similarly Eager loading is used to enable load
+        existing tenants after carbon server starts up. Using this feature, you will be able to include
+        or exclude tenants which are to be loaded when server startup.
+
+        We can enable only one LoadingPolicy at a given time.
+
+        1. Tenant Lazy Loading
+           This is the default behaviour and enabled by default. With this policy, tenants are not loaded at
+           server startup, but loaded based on-demand (i.e when a request is received for a tenant).
+           The default tenant idle time is 30 minutes.
+
+        2. Tenant Eager Loading
+           This is by default not enabled. It can be be enabled by un-commenting the <EagerLoading> section.
+           The eager loading configurations supported are as below. These configurations can be given as the
+           value for <Include> element with eager loading.
+                (i)Load all tenants when server startup             -   *
+                (ii)Load all tenants except foo.com & bar.com       -   *,!foo.com,!bar.com
+                (iii)Load only foo.com &  bar.com to be included    -   foo.com,bar.com
+    -->
+    <Tenant>
+        <LoadingPolicy>
+            <LazyLoading>
+                <IdleTime>30</IdleTime>
+            </LazyLoading>
+            <!-- <EagerLoading>
+                   <Include>*,!foo.com,!bar.com</Include>
+            </EagerLoading>-->
+        </LoadingPolicy>
+    </Tenant>
+
+    <!--
+     Caching related configurations
+    -->
+    <Cache>
+        <!-- Default cache timeout in minutes -->
+        <DefaultCacheTimeout>15</DefaultCacheTimeout>
+    </Cache>
+
+    <!--
+    Axis2 related configurations
+    -->
+    <Axis2Config>
+        <!--
+             Location of the Axis2 Services & Modules repository
+
+             This can be a directory in the local file system, or a URL.
+
+             e.g.
+             1. /home/wso2wsas/repository/ - An absolute path
+             2. repository - In this case, the path is relative to CARBON_HOME
+             3. file:///home/wso2wsas/repository/
+             4. http://wso2wsas/repository/
+        -->
+        <RepositoryLocation>${carbon.home}/repository/deployment/server/</RepositoryLocation>
+
+        <!--
+         Deployment update interval in seconds. This is the interval between repository listener
+         executions. 
+        -->
+        <DeploymentUpdateInterval>15</DeploymentUpdateInterval>
+
+        <!--
+            Location of the main Axis2 configuration descriptor file, a.k.a. axis2.xml file
+
+            This can be a file on the local file system, or a URL
+
+            e.g.
+            1. /home/repository/axis2.xml - An absolute path
+            2. conf/axis2.xml - In this case, the path is relative to CARBON_HOME
+            3. file:///home/carbon/repository/axis2.xml
+            4. http://repository/conf/axis2.xml
+        -->
+        <ConfigurationFile>${carbon.home}/repository/conf/axis2/axis2.xml</ConfigurationFile>
+
+        <!--
+          ServiceGroupContextIdleTime, which will be set in ConfigurationContex
+          for multiple clients which are going to access the same ServiceGroupContext
+          Default Value is 30 Sec.
+        -->
+        <ServiceGroupContextIdleTime>30000</ServiceGroupContextIdleTime>
+
+        <!--
+          This repository location is used to crete the client side configuration
+          context used by the server when calling admin services.
+        -->
+        <ClientRepositoryLocation>${carbon.home}/repository/deployment/client/</ClientRepositoryLocation>
+        <!-- This axis2 xml is used in createing the configuration context by the FE server
+         calling to BE server -->
+        <clientAxis2XmlLocation>${carbon.home}/repository/conf/axis2/axis2_client.xml</clientAxis2XmlLocation>
+        <!-- If this parameter is set, the ?wsdl on an admin service will not give the admin service wsdl. -->
+        <HideAdminServiceWSDLs>true</HideAdminServiceWSDLs>
+	
+	<!--WARNING-Use With Care! Uncommenting bellow parameter would expose all AdminServices in HTTP transport.
+	With HTTP transport your credentials and data routed in public channels are vulnerable for sniffing attacks. 
+	Use bellow parameter ONLY if your communication channels are confirmed to be secured by other means -->
+        <!--HttpAdminServices>*</HttpAdminServices-->
+
+    </Axis2Config>
+
+    <!--
+       The default user roles which will be created when the server
+       is started up for the first time.
+    -->
+    <ServiceUserRoles>
+        <Role>
+            <Name>admin</Name>
+            <Description>Default Administrator Role</Description>
+        </Role>
+        <Role>
+            <Name>user</Name>
+            <Description>Default User Role</Description>
+        </Role>
+    </ServiceUserRoles>
+    
+    <!-- 
+      Enable following config to allow Emails as usernames. 	
+    -->	    	
+    <!--EnableEmailUserName>true</EnableEmailUserName-->	
+
+    <!--
+      Security configurations
+    -->
+    <Security>
+        <!--
+            KeyStore which will be used for encrypting/decrypting passwords
+            and other sensitive information.
+        -->
+        <KeyStore>
+            <!-- Keystore file location-->
+            <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
+            <!-- Keystore type (JKS/PKCS12 etc.)-->
+            <Type>JKS</Type>
+            <!-- Keystore password-->
+            <Password>wso2carbon</Password>
+            <!-- Private Key alias-->
+            <KeyAlias>wso2carbon</KeyAlias>
+            <!-- Private Key password-->
+            <KeyPassword>wso2carbon</KeyPassword>
+        </KeyStore>
+
+        <!--
+            System wide trust-store which is used to maintain the certificates of all
+            the trusted parties.
+        -->
+        <TrustStore>
+            <!-- trust-store file location -->
+            <Location>${carbon.home}/repository/resources/security/client-truststore.jks</Location>
+            <!-- trust-store type (JKS/PKCS12 etc.) -->
+            <Type>JKS</Type>
+            <!-- trust-store password -->
+            <Password>wso2carbon</Password>
+        </TrustStore>
+
+        <!--
+            The Authenticator configuration to be used at the JVM level. We extend the
+            java.net.Authenticator to make it possible to authenticate to given servers and 
+            proxies.
+        -->
+        <NetworkAuthenticatorConfig>
+            <!-- 
+                Below is a sample configuration for a single authenticator. Please note that
+                all child elements are mandatory. Not having some child elements would lead to
+                exceptions at runtime.
+            -->
+            <!-- <Credential> -->
+                <!-- 
+                    the pattern that would match a subset of URLs for which this authenticator
+                    would be used
+                -->
+                <!-- <Pattern>regularExpression</Pattern> -->
+                <!-- 
+                    the type of this authenticator. Allowed values are:
+                    1. server
+                    2. proxy
+                -->
+                <!-- <Type>proxy</Type> -->
+                <!-- the username used to log in to server/proxy -->
+                <!-- <Username>username</Username> -->
+                <!-- the password used to log in to server/proxy -->
+                <!-- <Password>password</Password> -->
+            <!-- </Credential> -->
+        </NetworkAuthenticatorConfig>
+
+        <!--
+         The Tomcat realm to be used for hosted Web applications. Allowed values are;
+         1. UserManager
+         2. Memory
+
+         If this is set to 'UserManager', the realm will pick users & roles from the system's
+         WSO2 User Manager. If it is set to 'memory', the realm will pick users & roles from
+         CARBON_HOME/repository/conf/tomcat/tomcat-users.xml
+        -->
+        <TomcatRealm>UserManager</TomcatRealm>
+
+	<!--Option to disable storing of tokens issued by STS-->
+	<DisableTokenStore>false</DisableTokenStore>
+
+	<!--
+	 Security token store class name. If this is not set, default class will be
+	 org.wso2.carbon.security.util.SecurityTokenStore
+	-->
+	<!--TokenStoreClassName>org.wso2.carbon.identity.sts.store.DBTokenStore</TokenStoreClassName-->
+    </Security>
+
+    <!--
+       The temporary work directory
+    -->
+    <WorkDirectory>${carbon.home}/tmp/work</WorkDirectory>
+
+    <!--
+       House-keeping configuration
+    -->
+    <HouseKeeping>
+
+        <!--
+           true  - Start House-keeping thread on server startup
+           false - Do not start House-keeping thread on server startup.
+                   The user will run it manually as and when he wishes.
+        -->
+        <AutoStart>true</AutoStart>
+
+        <!--
+           The interval in *minutes*, between house-keeping runs
+        -->
+        <Interval>10</Interval>
+
+        <!--
+          The maximum time in *minutes*, temp files are allowed to live
+          in the system. Files/directories which were modified more than
+          "MaxTempFileLifetime" minutes ago will be removed by the
+          house-keeping task
+        -->
+        <MaxTempFileLifetime>30</MaxTempFileLifetime>
+    </HouseKeeping>
+
+    <!--
+       Configuration for handling different types of file upload & other file uploading related
+       config parameters.
+       To map all actions to a particular FileUploadExecutor, use
+       <Action>*</Action>
+    -->
+    <FileUploadConfig>
+        <!--
+           The total file upload size limit in MB
+        -->
+        <TotalFileSizeLimit>100</TotalFileSizeLimit>
+
+        <Mapping>
+            <Actions>
+                <Action>keystore</Action>
+                <Action>certificate</Action>
+                <Action>*</Action>
+            </Actions>
+            <Class>org.wso2.carbon.ui.transports.fileupload.AnyFileUploadExecutor</Class>
+        </Mapping>
+
+        <Mapping>
+            <Actions>
+                <Action>jarZip</Action>
+            </Actions>
+            <Class>org.wso2.carbon.ui.transports.fileupload.JarZipUploadExecutor</Class>
+        </Mapping>
+        <Mapping>
+            <Actions>
+                <Action>dbs</Action>
+            </Actions>
+            <Class>org.wso2.carbon.ui.transports.fileupload.DBSFileUploadExecutor</Class>
+        </Mapping>
+        <Mapping>
+            <Actions>
+                <Action>tools</Action>
+            </Actions>
+            <Class>org.wso2.carbon.ui.transports.fileupload.ToolsFileUploadExecutor</Class>
+        </Mapping>
+        <Mapping>
+            <Actions>
+                <Action>toolsAny</Action>
+            </Actions>
+            <Class>org.wso2.carbon.ui.transports.fileupload.ToolsAnyFileUploadExecutor</Class>
+        </Mapping>
+    </FileUploadConfig>
+
+    <!--
+       Processors which process special HTTP GET requests such as ?wsdl, ?policy etc.
+
+       In order to plug in a processor to handle a special request, simply add an entry to this
+       section.
+
+       The value of the Item element is the first parameter in the query string(e.g. ?wsdl)
+       which needs special processing
+       
+       The value of the Class element is a class which implements
+       org.wso2.carbon.transport.HttpGetRequestProcessor
+    -->
+    <HttpGetRequestProcessors>
+        <Processor>
+            <Item>info</Item>
+            <Class>org.wso2.carbon.core.transports.util.InfoProcessor</Class>
+        </Processor>
+        <Processor>
+            <Item>wsdl</Item>
+            <Class>org.wso2.carbon.core.transports.util.Wsdl11Processor</Class>
+        </Processor>
+        <Processor>
+            <Item>wsdl2</Item>
+            <Class>org.wso2.carbon.core.transports.util.Wsdl20Processor</Class>
+        </Processor>
+        <Processor>
+            <Item>xsd</Item>
+            <Class>org.wso2.carbon.core.transports.util.XsdProcessor</Class>
+        </Processor>
+    </HttpGetRequestProcessors>
+
+    <!-- Deployment Synchronizer Configuration. t Enabled value to true when running with "svn based" dep sync.
+	In master nodes you need to set both AutoCommit and AutoCheckout to true
+	and in  worker nodes set only AutoCheckout to true.
+    -->
+    <DeploymentSynchronizer>
+        <Enabled>false</Enabled>
+        <AutoCommit>false</AutoCommit>
+        <AutoCheckout>true</AutoCheckout>
+        <RepositoryType>svn</RepositoryType>
+        <SvnUrl>http://svnrepo.example.com/repos/</SvnUrl>
+        <SvnUser>username</SvnUser>
+        <SvnPassword>password</SvnPassword>
+        <SvnUrlAppendTenantId>true</SvnUrlAppendTenantId>
+    </DeploymentSynchronizer>
+
+    <!-- Deployment Synchronizer Configuration. Uncomment the following section when running with "registry based" dep sync.
+        In master nodes you need to set both AutoCommit and AutoCheckout to true
+        and in  worker nodes set only AutoCheckout to true.
+    -->
+    <!--<DeploymentSynchronizer>
+        <Enabled>true</Enabled>
+        <AutoCommit>false</AutoCommit>
+        <AutoCheckout>true</AutoCheckout>
+    </DeploymentSynchronizer>-->
+
+    <!-- Mediation persistence configurations. Only valid if mediation features are available i.e. ESB -->
+    <!--<MediationConfig>
+        <LoadFromRegistry>false</LoadFromRegistry>
+        <SaveToFile>false</SaveToFile>
+        <Persistence>enabled</Persistence>
+        <RegistryPersistence>enabled</RegistryPersistence>
+    </MediationConfig>-->
+
+    <!--
+    Server intializing code, specified as implementation classes of org.wso2.carbon.core.ServerInitializer.
+    This code will be run when the Carbon server is initialized
+    -->
+    <ServerInitializers>
+        <!--<Initializer></Initializer>-->
+    </ServerInitializers>
+    
+    <!--
+    Indicates whether the Carbon Servlet is required by the system, and whether it should be
+    registered
+    -->
+    <RequireCarbonServlet>${require.carbon.servlet}</RequireCarbonServlet>
+
+    <!--
+    Carbon H2 OSGI Configuration
+    By default non of the servers start.
+        name="web" - Start the web server with the H2 Console
+        name="webPort" - The port (default: 8082)
+        name="webAllowOthers" - Allow other computers to connect
+        name="webSSL" - Use encrypted (HTTPS) connections
+        name="tcp" - Start the TCP server
+        name="tcpPort" - The port (default: 9092)
+        name="tcpAllowOthers" - Allow other computers to connect
+        name="tcpSSL" - Use encrypted (SSL) connections
+        name="pg" - Start the PG server
+        name="pgPort"  - The port (default: 5435)
+        name="pgAllowOthers"  - Allow other computers to connect
+        name="trace" - Print additional trace information; for all servers
+        name="baseDir" - The base directory for H2 databases; for all servers  
+    -->
+    <!--H2DatabaseConfiguration>
+        <property name="web" />
+        <property name="webPort">8082</property>
+        <property name="webAllowOthers" />
+        <property name="webSSL" />
+        <property name="tcp" />
+        <property name="tcpPort">9092</property>
+        <property name="tcpAllowOthers" />
+        <property name="tcpSSL" />
+        <property name="pg" />
+        <property name="pgPort">5435</property>
+        <property name="pgAllowOthers" />
+        <property name="trace" />
+        <property name="baseDir">${carbon.home}</property>
+    </H2DatabaseConfiguration-->
+    <!--Disabling statistics reporter by default-->
+    <StatisticsReporterDisabled>true</StatisticsReporterDisabled>
+
+    <!-- Enable accessing Admin Console via HTTP -->
+    <!-- EnableHTTPAdminConsole>true</EnableHTTPAdminConsole -->
+
+    <!--
+       Default Feature Repository of WSO2 Carbon.
+    -->
+    <FeatureRepository>
+	    <RepositoryName>default repository</RepositoryName>
+	    <RepositoryURL>${p2.repo.url}</RepositoryURL>
+    </FeatureRepository>
+
+    <!--
+	Configure API Management
+   -->
+   <APIManagement>
+	
+	<!--Uses the embedded API Manager by default. If you want to use an external 
+	API Manager instance to manage APIs, configure below  externalAPIManager-->
+	
+	<Enabled>true</Enabled>
+	
+	<!--Uncomment and configure API Gateway and 
+	Publisher URLs to use external API Manager instance-->
+	
+	<!--ExternalAPIManager>
+
+		<APIGatewayURL>http://localhost:8281</APIGatewayURL>
+		<APIPublisherURL>http://localhost:8281/publisher</APIPublisherURL>
+
+	</ExternalAPIManager-->
+	
+	<LoadAPIContextsInServerStartup>true</LoadAPIContextsInServerStartup>
+   </APIManagement>
+</Server>

components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/test/resources/carbon-home/repository/conf/iot-api-config-invalid-xml.xml

@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+  ~ Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+  ~
+  ~ WSO2 Inc. licenses this file to you under the Apache License,
+  ~ Version 2.0 (the "License"); you may not use this file except
+  ~ in compliance with the License.
+  ~ you may obtain a copy of the License at
+  ~
+  ~   http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+
+<ServerConfig>
+    <!-- IoT server host name, this is referred from APIM gateway to call to IoT server for certificate validation-->
+    <Hostname>https://${iot.core.host}:${iot.core.https.port}/</Hostname>
+
+    <!--End point to verify the certificate-->
+    <VerificationEndpoint>https://${iot.core.host}:${iot.core.https.port}/api/certificate-mgt/v1.0/admin/certificates/verify/</VerificationEndpoint>
+
+    <!--Admin username/password - this is to use for oauth token generation-->
+    <Username>testuser</Username>
+    <Password>testuserpwd</Password>
+
+    <!--Dynamic client registration endpoint-->
+    <DynamicClientRegistrationEndpoint>https://${iot.keymanager.host}:${iot.keymanager.https.port}/client-registration/v0.11/register</DynamicClientRegistrationEndpoint>
+
+    <!--Oauth token endpoint-->
+    <OauthTokenEndpoint>https://${iot.keymanager.host}:${iot.keymanager.https.port}/oauth2/token</OauthTokenEndpoint>
+
+    <APIS>
+        <ContextPath>/services</ContextPath>
+    </APIS>
+</ServerConfig

components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/test/resources/carbon-home/repository/conf/iot-api-config-invalid.xml

@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+  ~ Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+  ~
+  ~ WSO2 Inc. licenses this file to you under the Apache License,
+  ~ Version 2.0 (the "License"); you may not use this file except
+  ~ in compliance with the License.
+  ~ you may obtain a copy of the License at
+  ~
+  ~   http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+
+<ServerConfig>
+    <!-- IoT server host name, this is referred from APIM gateway to call to IoT server for certificate validation-->
+    <Hostname>https://${iot.core.host}:${iot.core.https.port}/</Hostname>
+
+    <!--End point to verify the certificate-->
+    <VerificationEndpoint>https://${iot.core.host}:${iot.core.https.port}/api/certificate-mgt/v1.0/admin/certificates/verify/</VerificationEndpoint>
+
+    <!--Admin username/password - this is to use for oauth token generation-->
+    <Username>testuser</Username>
+    <Password>testuserpwd</Password>
+
+    <!--Dynamic client registration endpoint-->
+    <DynamicClientRegistrationEndpoint>https://${iot.keymanager.host}:${iot.keymanager.https.port}/client-registration/v0.11/register</DynamicClientRegistrationEndpoint>
+
+    <!--Oauth token endpoint-->
+    <OauthTokenEndpoint>https://${iot.keymanager.host}:${iot.keymanager.https.port}/oauth2/token</OauthTokenEndpoint>
+
+    <APIS>
+        <ContextPath>/services</ContextPath>
+    </APIS>
+</ServerConfig>

components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/test/resources/carbon-home/repository/conf/iot-api-config.xml

@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+  ~ Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+  ~
+  ~ WSO2 Inc. licenses this file to you under the Apache License,
+  ~ Version 2.0 (the "License"); you may not use this file except
+  ~ in compliance with the License.
+  ~ you may obtain a copy of the License at
+  ~
+  ~   http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+
+<ServerConfiguration>
+    <!-- IoT server host name, this is referred from APIM gateway to call to IoT server for certificate validation-->
+    <Hostname>https://${iot.core.host}:${iot.core.https.port}/</Hostname>
+
+    <!--End point to verify the certificate-->
+    <VerificationEndpoint>https://${iot.core.host}:${iot.core.https.port}/api/certificate-mgt/v1.0/admin/certificates/verify/</VerificationEndpoint>
+
+    <!--Admin username/password - this is to use for oauth token generation-->
+    <Username>testuser</Username>
+    <Password>testuserpwd</Password>
+
+    <!--Dynamic client registration endpoint-->
+    <DynamicClientRegistrationEndpoint>https://${iot.keymanager.host}:${iot.keymanager.https.port}/client-registration/v0.11/register</DynamicClientRegistrationEndpoint>
+
+    <!--Oauth token endpoint-->
+    <OauthTokenEndpoint>https://${iot.keymanager.host}:${iot.keymanager.https.port}/oauth2/token</OauthTokenEndpoint>
+
+    <APIS>
+        <ContextPath>/services</ContextPath>
+    </APIS>
+</ServerConfiguration>

components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/test/resources/carbon-home/repository/conf/registry.xml

@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+
+<!--
+  ~ Copyright 2017 WSO2 Inc. (http://wso2.com)
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<wso2registry>
+
+    <!--
+    For details on configuring different config & governance registries see;
+    http://wso2.org/library/tutorials/2010/04/sharing-registry-space-across-multiple-product-instances
+    -->
+
+    <currentDBConfig>wso2registry</currentDBConfig>
+    <readOnly>false</readOnly>
+    <enableCache>true</enableCache>
+    <registryRoot>/</registryRoot>
+
+    <dbConfig name="wso2registry">
+        <url>jdbc:h2:./target/databasetest/CARBON_TEST</url>
+        <!--userName>sa</userName>
+        <password>sa</password-->
+        <driverName>org.h2.Driver</driverName>
+        <maxActive>80</maxActive>
+        <maxWait>60000</maxWait>
+        <minIdle>5</minIdle>
+    </dbConfig>
+
+    <versionResourcesOnChange>false</versionResourcesOnChange>
+
+    <!-- NOTE: You can edit the options under "StaticConfiguration" only before the
+     startup. -->
+    <staticConfiguration>
+        <versioningProperties>true</versioningProperties>
+        <versioningComments>true</versioningComments>
+        <versioningTags>true</versioningTags>
+        <versioningRatings>true</versioningRatings>
+    </staticConfiguration>
+</wso2registry>

components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/test/resources/dcr-response.json

@@ -0,0 +1,6 @@
+{
+  "callBackURL": "www.google.lk",
+  "clientName": null,
+  "clientId": "HfEl1jJPdg5tbtrxhAwybN05QGoa",
+  "clientSecret": "l6c0aoLcWR3fwezHhc7XoGOht5Aa"
+}

components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/test/resources/ra_cert.pem

@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFqDCCA5CgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBizELMAkGA1UEBhMCVVMx
+DTALBgNVBAgTBFRlc3QxDTALBgNVBAcTBFRlc3QxETAPBgNVBAoTCFRlc3QgT3Jn
+MRYwFAYDVQQLEw1UZXN0IG9yZyB1bml0MRUwEwYDVQQDEwxXU08yIFJvb3QgQ0Ex
+HDAaBgkqhkiG9w0BCQEWDXJvb3RAd3NvMi5jb20wHhcNMTUwMTI3MTI1MzAxWhcN
+MTcxMDIzMTI1MzAxWjCBgzELMAkGA1UEBhMCVVMxGTAXBgNVBAgTEFRlc3QgUkEg
+UHJvdmluY2UxFTATBgNVBAcTDFRlc3QgUkEgQ2l0eTEUMBIGA1UEChMLVGVzdCBS
+QSBPcmcxGTAXBgNVBAsTEFRlc3QgUkEgb3JnIHVuaXQxETAPBgNVBAMTCFdTTzIg
+UkEgMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtUMgUlYYU3/TPfEe
+zNAvBaiOi/jUjfZ9IbxvMl7obDT17/5vU68TCGkZRjyfYUEiGNBisUEFWjSk/sGL
+/ofYKUAxw33cd456FLMjaJX/4Zk4y8eYB1m1GGlHejoDyjPhq8S6GDmy+PXbJr8n
+lSTROR2mQHkGwYrCreWeU4AYWzdctIFk7U2DKeIvZYSidIIjfSpDXURxrt9LPvig
+fMzr5l/WkZfjvk5S+W7rgMtpllxlEPgyDc07pNAdNSq5FB990oaUsVX8o6l6wdCw
+grYz83edPOKwZa04fsVztz2oF3ZYSGGjD3lwh0KS/jUL+awRyhMx5p/O1hySg6PP
+pJjeqRuobNTuwSAXxp3nsNSY0DkGW04pSxWoDQqhnpaqBbAf71l6ya2e3so1SHm/
+jouWSYTHncq5bmGE4AN7ZGVGZvfx84+UR8fNxJxxLo+DFFE0oJNzpPGNxILpHxgT
+V7IOII6mhfkrQk+AFQiW2Y5FXLVYv8r+SPXW8pYsjaWl971XZeM/HC3L9IZkCrrr
+a0ID5oT6vt+xTmdo4yiBqIP5TBYm+1a9YzMAy7XGtPih9k6cufMLcfzvUZdOXw9x
+3T05nM5ZtcDq0gHvUzQ7sfHTguWVnuHVEdb2ox4x2L5NzEA475fbSdXpMok9z/z7
+Xa71vIZi28InDAFBQehUlJnFtf0CAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNV
+HQ8EBAMCBaAwDQYJKoZIhvcNAQEFBQADggIBAAO0TwnQBMJvL8wbfsnTqAGCCHM4
+x1cpW+KgTmflPEliYGOn/dJYDz/dUowCgoj5mrSxjQ3G1/qL+9Y7E33h0tyw37vH
+YDL1p2Tn+fwmXRHrk+CHoPHNcImEfSIDWbbG7ehBR6erVfbQSZjmj4fwPkItp8rP
+nyUtXHOLpfFYoAxYkNP9+C8vpC9W/H1pj3rzmQFA1z+EZAKVV7vDAxbe6sun84nf
+YAaMSIzHx1B+XLHokgChmnZr3wV7EypBEmmKp4ITvJqK7WsIG9t1M6hI7OTPCURR
+mdy+DJtIoIUbZxHyIyC9nPcVJFkdBusnfXq4uMb0KMaWYCU8ESqZPySukF2qZ5KA
+acB+0ZhY+EGQ6QF/hB6iiUj96BlQ7XAPXFU6xUt6nRjDiJmb3vW1IEv0hpbs7PRl
+UMlbOwQk37rXpFqQc6ZW7lsxI2RmfkD4DOkQIGH3q5foVr+PEp0uSPWrFX62eBet
+1S4c/opVv6BcuUgilYABHTYxb45GfYwJAI9Qw2uQWT8DmhtVbcYu6GLYGlnRyaOC
+EPzc0z0KQTjhsgHWzi60IYBBh+fy+Z7w5X1rTTvhFOoU5J7kedGEqiBatIZmhF5t
+UFbT0u350ET5a0Kg83gu5aLwXdoIP9o7bp3XzLBMVNny2RX3tOHUA2HBe/p0h0OU
+Ggt3G6oD0gBe9pZI
+-----END CERTIFICATE-----

components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/test/resources/testng.xml

@@ -0,0 +1,30 @@
+<!--
+  ~ Copyright (c) 2017, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
+  ~
+  ~ WSO2 Inc. licenses this file to you under the Apache License,
+  ~ Version 2.0 (the "License"); you may not use this file except
+  ~ in compliance with the License.
+  ~ you may obtain a copy of the License at
+  ~
+  ~   http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+
+<!DOCTYPE suite SYSTEM "http://testng.org/testng-1.0.dtd" >
+
+<suite name="DeviceManagementExtensions">
+    <parameter name="useDefaultListeners" value="false"/>
+
+    <test name="API Management Auth Handlers" preserve-order="true">
+        <classes>
+            <!--<class name="org.wso2.carbon.apimgt.handlers.IOTServerConfigurationTest"/>-->
+            <class name="org.wso2.carbon.apimgt.handlers.AuthenticationHandlerTest"/>
+        </classes>
+    </test>
+</suite>

components/device-mgt/org.wso2.carbon.device.mgt.analytics.data.publisher/src/test/java/org/wso2/carbon/device/mgt/analytics/data/publisher/DataPublisherConfigTest.java

@@ -32,7 +32,7 @@ import java.net.URL;
  */
 public class DataPublisherConfigTest extends BaseAnalyticsDataPublisherTest {
 
-    @Test(description = "Validating the behaviour od getInstance of the config before calling the init",
+    @Test(description = "Validating the behaviour of getInstance config before calling the init",
             expectedExceptions = InvalidConfigurationStateException.class)
     public void testGetInstanceWithoutInit() throws NoSuchFieldException, IllegalAccessException {
         Field configField = AnalyticsConfiguration.class.getDeclaredField("config");
@@ -41,7 +41,7 @@ public class DataPublisherConfigTest extends BaseAnalyticsDataPublisherTest {
         AnalyticsConfiguration.getInstance();
     }
 
-    @Test(description = "Validating the behaviour od getInstance of the config before calling the init",
+    @Test(description = "Analytics configuration initialization with invalid config",
             expectedExceptions = DataPublisherConfigurationException.class,
             dependsOnMethods = "testGetInstanceWithoutInit")
     public void testInitWithInvalidConfig() throws DataPublisherConfigurationException {
@@ -55,7 +55,7 @@ public class DataPublisherConfigTest extends BaseAnalyticsDataPublisherTest {
     }
 
 
-    @Test(description = "Validating the behaviour od getInstance of the config before calling the init",
+    @Test(description = "Analytics config initialization with invalid xml",
             expectedExceptions = DataPublisherConfigurationException.class,
             dependsOnMethods = "testInitWithInvalidConfig")
     public void testInitWithInvalidXML() throws DataPublisherConfigurationException {

pom.xml

@@ -1973,6 +1973,9 @@
         <!--apache osgi mock version-->
         <apache.osgi.mock.version>2.3.2</apache.osgi.mock.version>
 
+        <!-- apache http components core -->
+        <apache.http.compnents.core>4.4.3</apache.http.compnents.core>
+
         <!-- api-mgt handler version properties -->
         <org.apache.synapse.version>2.1.7-wso2v7</org.apache.synapse.version>
         <org.apache.ws.security.wso2.version>1.5.11.wso2v15</org.apache.ws.security.wso2.version>