forked from community/device-mgt-core
parent
aeed8b92a1
commit
fd84190342
@ -0,0 +1,152 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!--
|
||||||
|
~ Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
~
|
||||||
|
~ WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
~ Version 2.0 (the "License"); you may not use this file except
|
||||||
|
~ in compliance with the License.
|
||||||
|
~ You may obtain a copy of the License at
|
||||||
|
~
|
||||||
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
~
|
||||||
|
~ Unless required by applicable law or agreed to in writing,
|
||||||
|
~ software distributed under the License is distributed on an
|
||||||
|
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
~ KIND, either express or implied. See the License for the
|
||||||
|
~ specific language governing permissions and limitations
|
||||||
|
~ under the License.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||||
|
<parent>
|
||||||
|
<groupId>org.wso2.carbon.devicemgt</groupId>
|
||||||
|
<artifactId>certificate-mgt</artifactId>
|
||||||
|
<version>0.9.2-SNAPSHOT</version>
|
||||||
|
<relativePath>../pom.xml</relativePath>
|
||||||
|
</parent>
|
||||||
|
|
||||||
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
<groupId>org.wso2.carbon.devicemgt</groupId>
|
||||||
|
<artifactId>org.wso2.carbon.certificate.mgt.core</artifactId>
|
||||||
|
<version>0.9.2-SNAPSHOT</version>
|
||||||
|
<packaging>bundle</packaging>
|
||||||
|
<name>WSO2 Carbon - Certificate Management Core</name>
|
||||||
|
<description>WSO2 Carbon - Certificate Management Core</description>
|
||||||
|
<url>http://wso2.org</url>
|
||||||
|
|
||||||
|
<build>
|
||||||
|
<plugins>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.apache.felix</groupId>
|
||||||
|
<artifactId>maven-scr-plugin</artifactId>
|
||||||
|
</plugin>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.apache.felix</groupId>
|
||||||
|
<artifactId>maven-bundle-plugin</artifactId>
|
||||||
|
<version>1.4.0</version>
|
||||||
|
<extensions>true</extensions>
|
||||||
|
<configuration>
|
||||||
|
<instructions>
|
||||||
|
<Bundle-SymbolicName>${project.artifactId}</Bundle-SymbolicName>
|
||||||
|
<Bundle-Name>${project.artifactId}</Bundle-Name>
|
||||||
|
<Bundle-Version>${carbon.device.mgt.version}</Bundle-Version>
|
||||||
|
<Bundle-Description>Device Management Core Bundle</Bundle-Description>
|
||||||
|
<Private-Package>org.wso2.carbon.certificate.mgt.core.internal</Private-Package>
|
||||||
|
<Import-Package>
|
||||||
|
org.osgi.framework,
|
||||||
|
org.osgi.service.component,
|
||||||
|
org.apache.commons.logging,
|
||||||
|
javax.security.auth.x500,
|
||||||
|
javax.xml.parsers,
|
||||||
|
org.apache.commons.codec.binary,
|
||||||
|
org.bouncycastle.asn1,
|
||||||
|
org.bouncycastle.asn1.x500,
|
||||||
|
org.bouncycastle.asn1.x509,
|
||||||
|
org.bouncycastle.cert,
|
||||||
|
org.bouncycastle.cert.jcajce,
|
||||||
|
org.bouncycastle.cms,
|
||||||
|
org.bouncycastle.jce.provider,
|
||||||
|
org.bouncycastle.operator,
|
||||||
|
org.bouncycastle.operator.jcajce,
|
||||||
|
org.bouncycastle.pkcs,
|
||||||
|
org.bouncycastle.util,
|
||||||
|
org.jscep.message,
|
||||||
|
org.jscep.transaction,
|
||||||
|
org.w3c.dom,
|
||||||
|
org.xml.sax
|
||||||
|
</Import-Package>
|
||||||
|
<Export-Package>
|
||||||
|
!org.wso2.carbon.certificate.mgt.core.internal.*,
|
||||||
|
org.wso2.carbon.certificate.mgt.core.dto.*,
|
||||||
|
org.wso2.carbon.certificate.mgt.core.exception.*,
|
||||||
|
org.wso2.carbon.certificate.mgt.core.impl.*,
|
||||||
|
org.wso2.carbon.certificate.mgt.core.service.*,
|
||||||
|
org.wso2.carbon.certificate.mgt.core.util.*
|
||||||
|
</Export-Package>
|
||||||
|
</instructions>
|
||||||
|
</configuration>
|
||||||
|
</plugin>
|
||||||
|
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
|
<artifactId>maven-surefire-plugin</artifactId>
|
||||||
|
<version>2.18</version>
|
||||||
|
<configuration>
|
||||||
|
<systemPropertyVariables>
|
||||||
|
<log4j.configuration>file:src/test/resources/log4j.properties</log4j.configuration>
|
||||||
|
</systemPropertyVariables>
|
||||||
|
<suiteXmlFiles>
|
||||||
|
<suiteXmlFile>src/test/resources/testng.xml</suiteXmlFile>
|
||||||
|
</suiteXmlFiles>
|
||||||
|
</configuration>
|
||||||
|
</plugin>
|
||||||
|
|
||||||
|
</plugins>
|
||||||
|
</build>
|
||||||
|
|
||||||
|
<dependencies>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.eclipse.osgi</groupId>
|
||||||
|
<artifactId>org.eclipse.osgi</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.eclipse.osgi</groupId>
|
||||||
|
<artifactId>org.eclipse.osgi.services</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.testng</groupId>
|
||||||
|
<artifactId>testng</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.wso2.carbon</groupId>
|
||||||
|
<artifactId>org.wso2.carbon.logging</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.bouncycastle.wso2</groupId>
|
||||||
|
<artifactId>bcprov-jdk15on</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.bouncycastle.wso2</groupId>
|
||||||
|
<artifactId>bcpkix-jdk15on</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.bouncycastle.wso2</groupId>
|
||||||
|
<artifactId>bcmail-jdk15on</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>com.google.code.jscep.wso2</groupId>
|
||||||
|
<artifactId>jscep</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>commons-codec.wso2</groupId>
|
||||||
|
<artifactId>commons-codec</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>commons-io.wso2</groupId>
|
||||||
|
<artifactId>commons-io</artifactId>
|
||||||
|
</dependency>
|
||||||
|
</dependencies>
|
||||||
|
|
||||||
|
</project>
|
||||||
|
|
@ -0,0 +1,26 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
package org.wso2.carbon.certificate.mgt.core.dto;
|
||||||
|
|
||||||
|
public enum CAStatus {
|
||||||
|
|
||||||
|
CA_CERT_FAILED,
|
||||||
|
CA_CERT_RECEIVED,
|
||||||
|
CA_RA_CERT_RECEIVED
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,41 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
package org.wso2.carbon.certificate.mgt.core.dto;
|
||||||
|
|
||||||
|
public class SCEPResponse {
|
||||||
|
|
||||||
|
private byte[] encodedResponse;
|
||||||
|
private CAStatus resultCriteria;
|
||||||
|
|
||||||
|
public byte[] getEncodedResponse() {
|
||||||
|
return encodedResponse;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setEncodedResponse(byte[] encodedResponse) {
|
||||||
|
this.encodedResponse = encodedResponse;
|
||||||
|
}
|
||||||
|
|
||||||
|
public CAStatus getResultCriteria() {
|
||||||
|
return resultCriteria;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setResultCriteria(CAStatus resultCriteria) {
|
||||||
|
this.resultCriteria = resultCriteria;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,55 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
package org.wso2.carbon.certificate.mgt.core.exception;
|
||||||
|
|
||||||
|
public class KeystoreException extends Exception {
|
||||||
|
|
||||||
|
private static final long serialVersionUID = -8935640983869122660L;
|
||||||
|
private String errorMessage;
|
||||||
|
|
||||||
|
public String getErrorMessage() {
|
||||||
|
return errorMessage;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setErrorMessage(String errorMessage) {
|
||||||
|
this.errorMessage = errorMessage;
|
||||||
|
}
|
||||||
|
|
||||||
|
public KeystoreException(String msg, Exception nestedEx) {
|
||||||
|
super(msg, nestedEx);
|
||||||
|
setErrorMessage(msg);
|
||||||
|
}
|
||||||
|
|
||||||
|
public KeystoreException(String message, Throwable cause) {
|
||||||
|
super(message, cause);
|
||||||
|
setErrorMessage(message);
|
||||||
|
}
|
||||||
|
|
||||||
|
public KeystoreException(String msg) {
|
||||||
|
super(msg);
|
||||||
|
setErrorMessage(msg);
|
||||||
|
}
|
||||||
|
|
||||||
|
public KeystoreException() {
|
||||||
|
super();
|
||||||
|
}
|
||||||
|
|
||||||
|
public KeystoreException(Throwable cause) {
|
||||||
|
super(cause);
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,452 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
package org.wso2.carbon.certificate.mgt.core.impl;
|
||||||
|
|
||||||
|
import org.apache.commons.codec.binary.Base64;
|
||||||
|
import org.apache.commons.logging.Log;
|
||||||
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
import org.bouncycastle.asn1.x500.X500Name;
|
||||||
|
import org.bouncycastle.asn1.x509.KeyUsage;
|
||||||
|
import org.bouncycastle.asn1.x509.X509Extension;
|
||||||
|
import org.bouncycastle.cert.CertIOException;
|
||||||
|
import org.bouncycastle.cert.X509CertificateHolder;
|
||||||
|
import org.bouncycastle.cert.X509v3CertificateBuilder;
|
||||||
|
import org.bouncycastle.cert.jcajce.JcaCertStore;
|
||||||
|
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
|
||||||
|
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
|
||||||
|
import org.bouncycastle.cms.CMSAbsentContent;
|
||||||
|
import org.bouncycastle.cms.CMSException;
|
||||||
|
import org.bouncycastle.cms.CMSSignedData;
|
||||||
|
import org.bouncycastle.cms.CMSSignedDataGenerator;
|
||||||
|
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
||||||
|
import org.bouncycastle.operator.ContentSigner;
|
||||||
|
import org.bouncycastle.operator.OperatorCreationException;
|
||||||
|
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
|
||||||
|
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
|
||||||
|
import org.bouncycastle.util.Store;
|
||||||
|
import org.jscep.message.CertRep;
|
||||||
|
import org.jscep.message.MessageDecodingException;
|
||||||
|
import org.jscep.message.MessageEncodingException;
|
||||||
|
import org.jscep.message.PkcsPkiEnvelopeDecoder;
|
||||||
|
import org.jscep.message.PkcsPkiEnvelopeEncoder;
|
||||||
|
import org.jscep.message.PkiMessage;
|
||||||
|
import org.jscep.message.PkiMessageDecoder;
|
||||||
|
import org.jscep.message.PkiMessageEncoder;
|
||||||
|
import org.jscep.transaction.FailInfo;
|
||||||
|
import org.jscep.transaction.Nonce;
|
||||||
|
import org.jscep.transaction.TransactionId;
|
||||||
|
import org.wso2.carbon.certificate.mgt.core.dto.CAStatus;
|
||||||
|
import org.wso2.carbon.certificate.mgt.core.dto.SCEPResponse;
|
||||||
|
import org.wso2.carbon.certificate.mgt.core.util.ConfigurationUtil;
|
||||||
|
import org.wso2.carbon.certificate.mgt.core.exception.KeystoreException;
|
||||||
|
import org.wso2.carbon.certificate.mgt.core.util.CommonUtil;
|
||||||
|
|
||||||
|
import javax.security.auth.x500.X500Principal;
|
||||||
|
import java.io.ByteArrayInputStream;
|
||||||
|
import java.io.DataInputStream;
|
||||||
|
import java.io.File;
|
||||||
|
import java.io.FileInputStream;
|
||||||
|
import java.io.FileNotFoundException;
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.io.InputStream;
|
||||||
|
import java.math.BigInteger;
|
||||||
|
import java.security.InvalidKeyException;
|
||||||
|
import java.security.KeyFactory;
|
||||||
|
import java.security.KeyPair;
|
||||||
|
import java.security.KeyPairGenerator;
|
||||||
|
import java.security.NoSuchAlgorithmException;
|
||||||
|
import java.security.NoSuchProviderException;
|
||||||
|
import java.security.PrivateKey;
|
||||||
|
import java.security.SecureRandom;
|
||||||
|
import java.security.Security;
|
||||||
|
import java.security.SignatureException;
|
||||||
|
import java.security.cert.CertificateEncodingException;
|
||||||
|
import java.security.cert.CertificateException;
|
||||||
|
import java.security.cert.CertificateExpiredException;
|
||||||
|
import java.security.cert.CertificateFactory;
|
||||||
|
import java.security.cert.CertificateNotYetValidException;
|
||||||
|
import java.security.cert.X509Certificate;
|
||||||
|
import java.security.spec.InvalidKeySpecException;
|
||||||
|
import java.security.spec.PKCS8EncodedKeySpec;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.Collection;
|
||||||
|
import java.util.Date;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
public class CertificateGenerator {
|
||||||
|
|
||||||
|
private static final Log log = LogFactory.getLog(CertificateGenerator.class);
|
||||||
|
|
||||||
|
public List<X509Certificate> getRootCertificates(byte[] ca, byte[] ra) throws KeystoreException {
|
||||||
|
|
||||||
|
if (ca == null) {
|
||||||
|
throw new KeystoreException("CA certificate is mandatory");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (ra == null) {
|
||||||
|
throw new KeystoreException("RA certificate is mandatory");
|
||||||
|
}
|
||||||
|
|
||||||
|
List<X509Certificate> certificateList = new ArrayList<X509Certificate>();
|
||||||
|
InputStream caInputStream = null;
|
||||||
|
InputStream raInputStream = null;
|
||||||
|
|
||||||
|
try {
|
||||||
|
CertificateFactory certificateFactory = CertificateFactory.getInstance(ConfigurationUtil.X_509);
|
||||||
|
caInputStream = new ByteArrayInputStream(ca);
|
||||||
|
raInputStream = new ByteArrayInputStream(ra);
|
||||||
|
|
||||||
|
X509Certificate caCert = (X509Certificate) certificateFactory.generateCertificate(caInputStream);
|
||||||
|
X509Certificate raCert = (X509Certificate) certificateFactory.generateCertificate(raInputStream);
|
||||||
|
|
||||||
|
certificateList.add(caCert);
|
||||||
|
certificateList.add(raCert);
|
||||||
|
} catch (CertificateException e) {
|
||||||
|
String errorMsg = "Error occurred while fetching root certificates";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
} finally {
|
||||||
|
if (caInputStream != null) {
|
||||||
|
try {
|
||||||
|
caInputStream.close();
|
||||||
|
} catch (IOException e) {
|
||||||
|
log.error("Error occurred when closing CA input stream");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (raInputStream != null) {
|
||||||
|
try {
|
||||||
|
raInputStream.close();
|
||||||
|
} catch (IOException e) {
|
||||||
|
log.error("Error occurred when closing RA input stream");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return certificateList;
|
||||||
|
}
|
||||||
|
|
||||||
|
public X509Certificate generateX509Certificate() throws KeystoreException {
|
||||||
|
|
||||||
|
CommonUtil commonUtil = new CommonUtil();
|
||||||
|
Date validityBeginDate = commonUtil.getValidityStartDate();
|
||||||
|
Date validityEndDate = commonUtil.getValidityEndDate();
|
||||||
|
|
||||||
|
Security.addProvider(new BouncyCastleProvider());
|
||||||
|
|
||||||
|
try {
|
||||||
|
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(
|
||||||
|
ConfigurationUtil.RSA, ConfigurationUtil.PROVIDER);
|
||||||
|
keyPairGenerator.initialize(ConfigurationUtil.RSA_KEY_LENGTH, new SecureRandom());
|
||||||
|
KeyPair pair = keyPairGenerator.generateKeyPair();
|
||||||
|
X500Principal principal = new X500Principal(ConfigurationUtil.DEFAULT_PRINCIPAL);
|
||||||
|
BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
|
||||||
|
|
||||||
|
X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(
|
||||||
|
principal, serial, validityBeginDate, validityEndDate,
|
||||||
|
principal, pair.getPublic());
|
||||||
|
ContentSigner contentSigner = new JcaContentSignerBuilder(ConfigurationUtil.SHA256_RSA)
|
||||||
|
.setProvider(ConfigurationUtil.PROVIDER).build(
|
||||||
|
pair.getPrivate());
|
||||||
|
X509Certificate certificate = new JcaX509CertificateConverter()
|
||||||
|
.setProvider(ConfigurationUtil.PROVIDER).getCertificate(
|
||||||
|
certificateBuilder.build(contentSigner));
|
||||||
|
|
||||||
|
// cert.checkValidity();
|
||||||
|
|
||||||
|
certificate.verify(certificate.getPublicKey());
|
||||||
|
|
||||||
|
return certificate;
|
||||||
|
} catch (NoSuchAlgorithmException e) {
|
||||||
|
String errorMsg = "No such algorithm found when generating certificate";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
} catch (NoSuchProviderException e) {
|
||||||
|
String errorMsg = "No such provider found when generating certificate";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
} catch (OperatorCreationException e) {
|
||||||
|
String errorMsg = "Issue in operator creation when generating certificate";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
} catch (CertificateExpiredException e) {
|
||||||
|
String errorMsg = "Certificate expired after generating certificate";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
} catch (CertificateNotYetValidException e) {
|
||||||
|
String errorMsg = "Certificate not yet valid when generating certificate";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
} catch (CertificateException e) {
|
||||||
|
String errorMsg = "Certificate issue occurred when generating certificate";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
} catch (InvalidKeyException e) {
|
||||||
|
String errorMsg = "Invalid key used when generating certificate";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
} catch (SignatureException e) {
|
||||||
|
String errorMsg = "Signature related issue occurred when generating certificate";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public byte[] getPKIMessage(InputStream inputStream) throws KeystoreException {
|
||||||
|
|
||||||
|
try {
|
||||||
|
CMSSignedData signedData = new CMSSignedData(inputStream);
|
||||||
|
Store reqStore = signedData.getCertificates();
|
||||||
|
@SuppressWarnings("unchecked")
|
||||||
|
Collection<X509CertificateHolder> reqCerts = reqStore.getMatches(null);
|
||||||
|
|
||||||
|
KeyStoreReader keyStoreReader = new KeyStoreReader();
|
||||||
|
PrivateKey privateKeyRA = keyStoreReader.getRAPrivateKey();
|
||||||
|
PrivateKey privateKeyCA = keyStoreReader.getCAPrivateKey();
|
||||||
|
X509Certificate certRA = (X509Certificate) keyStoreReader.getRACertificate();
|
||||||
|
X509Certificate certCA = (X509Certificate) keyStoreReader.getCACertificate();
|
||||||
|
|
||||||
|
CertificateFactory certificateFactory = CertificateFactory.getInstance(ConfigurationUtil.X_509);
|
||||||
|
X509CertificateHolder holder = reqCerts.iterator().next();
|
||||||
|
ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(holder.getEncoded());
|
||||||
|
X509Certificate reqCert = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
|
||||||
|
|
||||||
|
PkcsPkiEnvelopeDecoder envelopeDecoder = new PkcsPkiEnvelopeDecoder(certRA, privateKeyRA);
|
||||||
|
PkiMessageDecoder messageDecoder = new PkiMessageDecoder(reqCert, envelopeDecoder);
|
||||||
|
PkiMessage<?> pkiMessage = messageDecoder.decode(signedData);
|
||||||
|
Object msgData = pkiMessage.getMessageData();
|
||||||
|
|
||||||
|
Nonce senderNonce = Nonce.nextNonce();
|
||||||
|
TransactionId transId = pkiMessage.getTransactionId();
|
||||||
|
Nonce recipientNonce = pkiMessage.getSenderNonce();
|
||||||
|
CertRep certRep;
|
||||||
|
|
||||||
|
PKCS10CertificationRequest certRequest = (PKCS10CertificationRequest) msgData;
|
||||||
|
X509Certificate generatedCert = generateCertificateFromCSR(
|
||||||
|
privateKeyCA, certRequest, certCA.getIssuerX500Principal().getName());
|
||||||
|
|
||||||
|
List<X509Certificate> issued = new ArrayList<X509Certificate>();
|
||||||
|
issued.add(generatedCert);
|
||||||
|
|
||||||
|
if (issued.size() == 0) {
|
||||||
|
certRep = new CertRep(transId, senderNonce, recipientNonce, FailInfo.badCertId);
|
||||||
|
} else {
|
||||||
|
CMSSignedData messageData = getMessageData(issued);
|
||||||
|
certRep = new CertRep(transId, senderNonce, recipientNonce, messageData);
|
||||||
|
}
|
||||||
|
|
||||||
|
PkcsPkiEnvelopeEncoder envEncoder = new PkcsPkiEnvelopeEncoder(reqCert, ConfigurationUtil.DES_EDE);
|
||||||
|
PkiMessageEncoder encoder = new PkiMessageEncoder(privateKeyRA, certRA, envEncoder);
|
||||||
|
CMSSignedData cmsSignedData = encoder.encode(certRep);
|
||||||
|
|
||||||
|
return cmsSignedData.getEncoded();
|
||||||
|
|
||||||
|
} catch (CertificateException e) {
|
||||||
|
String errorMsg = "Certificate issue occurred when generating getPKIMessage";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
} catch (MessageEncodingException e) {
|
||||||
|
String errorMsg = "Message encoding issue occurred when generating getPKIMessage";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
} catch (IOException e) {
|
||||||
|
String errorMsg = "Input output issue occurred when generating getPKIMessage";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
} catch (MessageDecodingException e) {
|
||||||
|
String errorMsg = "Message decoding issue occurred when generating getPKIMessage";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
} catch (CMSException e) {
|
||||||
|
String errorMsg = "CMS issue occurred when generating getPKIMessage";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public static X509Certificate generateCertificateFromCSR(PrivateKey privateKey,
|
||||||
|
PKCS10CertificationRequest request,
|
||||||
|
String issueSubject)
|
||||||
|
throws KeystoreException {
|
||||||
|
|
||||||
|
CommonUtil commonUtil = new CommonUtil();
|
||||||
|
Date validityBeginDate = commonUtil.getValidityStartDate();
|
||||||
|
Date validityEndDate = commonUtil.getValidityEndDate();
|
||||||
|
|
||||||
|
X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(
|
||||||
|
new X500Name(issueSubject), BigInteger.valueOf(System.currentTimeMillis()),
|
||||||
|
validityBeginDate, validityEndDate, request.getSubject(), request.getSubjectPublicKeyInfo());
|
||||||
|
|
||||||
|
ContentSigner sigGen;
|
||||||
|
X509Certificate issuedCert;
|
||||||
|
try {
|
||||||
|
certificateBuilder.addExtension(X509Extension.keyUsage, true, new KeyUsage(
|
||||||
|
KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
|
||||||
|
sigGen = new JcaContentSignerBuilder(ConfigurationUtil.SHA256_RSA)
|
||||||
|
.setProvider(ConfigurationUtil.PROVIDER).build(privateKey);
|
||||||
|
issuedCert = new JcaX509CertificateConverter().setProvider(
|
||||||
|
ConfigurationUtil.PROVIDER).getCertificate(
|
||||||
|
certificateBuilder.build(sigGen));
|
||||||
|
} catch (CertIOException e) {
|
||||||
|
String errorMsg = "Certificate Input output issue occurred when generating generateCertificateFromCSR";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
} catch (OperatorCreationException e) {
|
||||||
|
String errorMsg = "Operator creation issue occurred when generating generateCertificateFromCSR";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
} catch (CertificateException e) {
|
||||||
|
String errorMsg = "Certificate issue occurred when generating generateCertificateFromCSR";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
}
|
||||||
|
|
||||||
|
return issuedCert;
|
||||||
|
}
|
||||||
|
|
||||||
|
private CMSSignedData getMessageData(final List<X509Certificate> certs) throws KeystoreException {
|
||||||
|
|
||||||
|
CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
|
||||||
|
JcaCertStore store;
|
||||||
|
try {
|
||||||
|
store = new JcaCertStore(certs);
|
||||||
|
generator.addCertificates(store);
|
||||||
|
|
||||||
|
return generator.generate(new CMSAbsentContent());
|
||||||
|
} catch (CertificateEncodingException e) {
|
||||||
|
String errorMsg = "Certificate encoding issue occurred when generating getMessageData";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
} catch (CMSException e) {
|
||||||
|
String errorMsg = "Message decoding issue occurred when generating getMessageData";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private PrivateKey getSignerKey(String signerPrivateKeyPath) throws KeystoreException {
|
||||||
|
|
||||||
|
File file = new File(signerPrivateKeyPath);
|
||||||
|
FileInputStream fis;
|
||||||
|
|
||||||
|
try {
|
||||||
|
fis = new FileInputStream(file);
|
||||||
|
DataInputStream dis = new DataInputStream(fis);
|
||||||
|
byte[] keyBytes = new byte[(int) file.length()];
|
||||||
|
dis.readFully(keyBytes);
|
||||||
|
dis.close();
|
||||||
|
|
||||||
|
String temp = new String(keyBytes);
|
||||||
|
String privateKeyPEM = temp.replace(
|
||||||
|
ConfigurationUtil.RSA_PRIVATE_KEY_BEGIN_TEXT, ConfigurationUtil.EMPTY_TEXT);
|
||||||
|
privateKeyPEM = privateKeyPEM
|
||||||
|
.replace(ConfigurationUtil.RSA_PRIVATE_KEY_END_TEXT, ConfigurationUtil.EMPTY_TEXT);
|
||||||
|
|
||||||
|
byte[] decoded = Base64.decodeBase64(privateKeyPEM);
|
||||||
|
PKCS8EncodedKeySpec encodedKeySpec = new PKCS8EncodedKeySpec(decoded);
|
||||||
|
KeyFactory keyFactory = KeyFactory.getInstance(ConfigurationUtil.RSA);
|
||||||
|
|
||||||
|
return keyFactory.generatePrivate(encodedKeySpec);
|
||||||
|
} catch (FileNotFoundException e) {
|
||||||
|
String errorMsg = "Private key file not found in getSignerKey";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
} catch (IOException e) {
|
||||||
|
String errorMsg = "Input output issue in getSignerKey";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
} catch (NoSuchAlgorithmException e) {
|
||||||
|
String errorMsg = "Algorithm not not found in getSignerKey";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
} catch (InvalidKeySpecException e) {
|
||||||
|
String errorMsg = "Invalid key found in getSignerKey";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private X509Certificate getSigner(String signerCertificatePath) throws KeystoreException {
|
||||||
|
|
||||||
|
X509Certificate certificate;
|
||||||
|
try {
|
||||||
|
CertificateFactory certificateFactory = CertificateFactory.getInstance(ConfigurationUtil.X_509);
|
||||||
|
certificate = (X509Certificate) certificateFactory.generateCertificate(
|
||||||
|
new FileInputStream(signerCertificatePath));
|
||||||
|
|
||||||
|
return certificate;
|
||||||
|
} catch (CertificateException e) {
|
||||||
|
String errorMsg = "Certificate related issue occurred in getSigner";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
} catch (FileNotFoundException e) {
|
||||||
|
String errorMsg = "Signer certificate path not found in getSigner";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public SCEPResponse getCACert() throws KeystoreException {
|
||||||
|
|
||||||
|
try {
|
||||||
|
SCEPResponse scepResponse = new SCEPResponse();
|
||||||
|
KeyStoreReader keyStoreReader = new KeyStoreReader();
|
||||||
|
|
||||||
|
byte[] caBytes = keyStoreReader.getCACertificate().getEncoded();
|
||||||
|
byte[] raBytes = keyStoreReader.getRACertificate().getEncoded();
|
||||||
|
|
||||||
|
final List<X509Certificate> certs = getRootCertificates(caBytes, raBytes);
|
||||||
|
|
||||||
|
byte[] bytes;
|
||||||
|
if (certs.size() == 0) {
|
||||||
|
scepResponse.setResultCriteria(CAStatus.CA_CERT_FAILED);
|
||||||
|
bytes = new byte[0];
|
||||||
|
} else if (certs.size() == 1) {
|
||||||
|
scepResponse.setResultCriteria(CAStatus.CA_CERT_RECEIVED);
|
||||||
|
bytes = certs.get(0).getEncoded();
|
||||||
|
} else {
|
||||||
|
scepResponse.setResultCriteria(CAStatus.CA_RA_CERT_RECEIVED);
|
||||||
|
CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
|
||||||
|
JcaCertStore store = new JcaCertStore(certs);
|
||||||
|
generator.addCertificates(store);
|
||||||
|
CMSSignedData degenerateSd = generator.generate(new CMSAbsentContent());
|
||||||
|
bytes = degenerateSd.getEncoded();
|
||||||
|
}
|
||||||
|
scepResponse.setEncodedResponse(bytes);
|
||||||
|
|
||||||
|
return scepResponse;
|
||||||
|
} catch (CertificateEncodingException e) {
|
||||||
|
String errorMsg = "Certificate encoding issue occurred in getCACert";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
} catch (CMSException e) {
|
||||||
|
String errorMsg = "CMS issue occurred in getCACert";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
} catch (IOException e) {
|
||||||
|
String errorMsg = "Input output issue occurred in getCACert";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
} catch (KeystoreException e) {
|
||||||
|
String errorMsg = "Keystore reading error occurred when handling profile request";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,186 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
package org.wso2.carbon.certificate.mgt.core.impl;
|
||||||
|
|
||||||
|
import org.apache.commons.logging.Log;
|
||||||
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
import org.wso2.carbon.certificate.mgt.core.util.ConfigurationUtil;
|
||||||
|
import org.wso2.carbon.certificate.mgt.core.exception.KeystoreException;
|
||||||
|
|
||||||
|
import java.io.FileInputStream;
|
||||||
|
import java.io.FileNotFoundException;
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.io.InputStream;
|
||||||
|
import java.security.KeyStore;
|
||||||
|
import java.security.KeyStoreException;
|
||||||
|
import java.security.NoSuchAlgorithmException;
|
||||||
|
import java.security.PrivateKey;
|
||||||
|
import java.security.UnrecoverableKeyException;
|
||||||
|
import java.security.cert.Certificate;
|
||||||
|
import java.security.cert.CertificateException;
|
||||||
|
|
||||||
|
public class KeyStoreReader {
|
||||||
|
|
||||||
|
private static final Log log = LogFactory.getLog(KeyStoreReader.class);
|
||||||
|
|
||||||
|
private KeyStore loadKeyStore(String configEntryKeyStoreType, String configEntryKeyStorePath,
|
||||||
|
String configEntryKeyStorePassword) throws KeystoreException {
|
||||||
|
|
||||||
|
InputStream inputStream = null;
|
||||||
|
KeyStore keystore;
|
||||||
|
|
||||||
|
try {
|
||||||
|
keystore = KeyStore.getInstance(ConfigurationUtil.getConfigEntry(configEntryKeyStoreType));
|
||||||
|
inputStream = new FileInputStream(ConfigurationUtil.getConfigEntry(configEntryKeyStorePath));
|
||||||
|
keystore.load(inputStream, ConfigurationUtil.getConfigEntry(configEntryKeyStorePassword).toCharArray());
|
||||||
|
|
||||||
|
} catch (KeyStoreException e) {
|
||||||
|
String errorMsg = "KeyStore issue occurred when loading KeyStore";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
} catch (FileNotFoundException e) {
|
||||||
|
String errorMsg = "KeyStore file not found when loading KeyStore";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
} catch (NoSuchAlgorithmException e) {
|
||||||
|
String errorMsg = "Algorithm not found when loading KeyStore";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
} catch (CertificateException e) {
|
||||||
|
String errorMsg = "Certificate expired when loading KeyStore";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
} catch (IOException e) {
|
||||||
|
String errorMsg = "Input output issue occurred when loading KeyStore";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
} finally {
|
||||||
|
try {
|
||||||
|
if (inputStream != null) {
|
||||||
|
inputStream.close();
|
||||||
|
}
|
||||||
|
} catch (IOException e) {
|
||||||
|
log.error("Error closing KeyStore input stream", e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return keystore;
|
||||||
|
}
|
||||||
|
|
||||||
|
KeyStore loadMDMKeyStore() throws KeystoreException {
|
||||||
|
return loadKeyStore(ConfigurationUtil.CERTIFICATE_KEYSTORE, ConfigurationUtil.PATH_CERTIFICATE_KEYSTORE,
|
||||||
|
ConfigurationUtil.CERTIFICATE_KEYSTORE_PASSWORD);
|
||||||
|
}
|
||||||
|
|
||||||
|
public Certificate getCACertificate() throws KeystoreException {
|
||||||
|
|
||||||
|
KeyStore keystore = loadMDMKeyStore();
|
||||||
|
Certificate caCertificate;
|
||||||
|
|
||||||
|
try {
|
||||||
|
caCertificate = keystore.getCertificate(ConfigurationUtil.getConfigEntry(ConfigurationUtil.CA_CERT_ALIAS));
|
||||||
|
} catch (KeyStoreException e) {
|
||||||
|
String errorMsg = "KeyStore issue occurred when loading KeyStore";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (caCertificate == null) {
|
||||||
|
throw new KeystoreException("CA certificate not found in KeyStore");
|
||||||
|
}
|
||||||
|
|
||||||
|
return caCertificate;
|
||||||
|
}
|
||||||
|
|
||||||
|
PrivateKey getCAPrivateKey() throws KeystoreException {
|
||||||
|
|
||||||
|
KeyStore keyStore = loadMDMKeyStore();
|
||||||
|
PrivateKey caPrivateKey;
|
||||||
|
try {
|
||||||
|
caPrivateKey = (PrivateKey) (keyStore.getKey(
|
||||||
|
ConfigurationUtil.getConfigEntry(ConfigurationUtil.CA_CERT_ALIAS),
|
||||||
|
ConfigurationUtil.getConfigEntry(ConfigurationUtil.KEYSTORE_CA_CERT_PRIV_PASSWORD).toCharArray()));
|
||||||
|
} catch (UnrecoverableKeyException e) {
|
||||||
|
String errorMsg = "Key is unrecoverable when retrieving CA private key";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
} catch (KeyStoreException e) {
|
||||||
|
String errorMsg = "KeyStore issue occurred when retrieving CA private key";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
} catch (NoSuchAlgorithmException e) {
|
||||||
|
String errorMsg = "Algorithm not found when retrieving CA private key";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (caPrivateKey == null) {
|
||||||
|
throw new KeystoreException("CA private key not found in KeyStore");
|
||||||
|
}
|
||||||
|
|
||||||
|
return caPrivateKey;
|
||||||
|
}
|
||||||
|
|
||||||
|
public Certificate getRACertificate() throws KeystoreException {
|
||||||
|
|
||||||
|
KeyStore keystore = loadMDMKeyStore();
|
||||||
|
Certificate raCertificate;
|
||||||
|
try {
|
||||||
|
raCertificate = keystore.getCertificate(ConfigurationUtil.getConfigEntry(ConfigurationUtil.RA_CERT_ALIAS));
|
||||||
|
} catch (KeyStoreException e) {
|
||||||
|
String errorMsg = "KeyStore issue occurred when retrieving RA private key";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (raCertificate == null) {
|
||||||
|
throw new KeystoreException("RA certificate not found in KeyStore");
|
||||||
|
}
|
||||||
|
|
||||||
|
return raCertificate;
|
||||||
|
}
|
||||||
|
|
||||||
|
PrivateKey getRAPrivateKey() throws KeystoreException {
|
||||||
|
|
||||||
|
KeyStore keystore = loadMDMKeyStore();
|
||||||
|
PrivateKey raPrivateKey;
|
||||||
|
try {
|
||||||
|
raPrivateKey = (PrivateKey) (keystore.getKey(
|
||||||
|
ConfigurationUtil.getConfigEntry(ConfigurationUtil.RA_CERT_ALIAS),
|
||||||
|
ConfigurationUtil.getConfigEntry(ConfigurationUtil.KEYSTORE_RA_CERT_PRIV_PASSWORD).toCharArray()));
|
||||||
|
} catch (UnrecoverableKeyException e) {
|
||||||
|
String errorMsg = "Key is unrecoverable when retrieving RA private key";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
} catch (KeyStoreException e) {
|
||||||
|
String errorMsg = "KeyStore issue occurred when retrieving RA private key";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
} catch (NoSuchAlgorithmException e) {
|
||||||
|
String errorMsg = "Algorithm not found when retrieving RA private key";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (raPrivateKey == null) {
|
||||||
|
throw new KeystoreException("RA private key not found in KeyStore");
|
||||||
|
}
|
||||||
|
|
||||||
|
return raPrivateKey;
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,57 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
package org.wso2.carbon.certificate.mgt.core.internal;
|
||||||
|
|
||||||
|
import org.apache.commons.logging.Log;
|
||||||
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
import org.osgi.framework.BundleContext;
|
||||||
|
import org.osgi.service.component.ComponentContext;
|
||||||
|
import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementServiceImpl;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @scr.component name="org.wso2.carbon.certificate.mgt" immediate="true"
|
||||||
|
*/
|
||||||
|
public class CertificateManagementServiceComponent {
|
||||||
|
|
||||||
|
private static Log log = LogFactory.getLog(CertificateManagementServiceComponent.class);
|
||||||
|
|
||||||
|
@SuppressWarnings("unused")
|
||||||
|
protected void activate(ComponentContext componentContext) {
|
||||||
|
try {
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Initializing certificate management core bundle");
|
||||||
|
}
|
||||||
|
|
||||||
|
BundleContext bundleContext = componentContext.getBundleContext();
|
||||||
|
bundleContext.registerService(CertificateManagementServiceImpl.class.getName(),
|
||||||
|
CertificateManagementServiceImpl.getInstance(), null);
|
||||||
|
|
||||||
|
if (log.isDebugEnabled()) {
|
||||||
|
log.debug("Certificate management core bundle has been successfully initialized");
|
||||||
|
}
|
||||||
|
} catch (Throwable e) {
|
||||||
|
log.error("Error occurred while initializing certificate management core bundle", e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@SuppressWarnings("unused")
|
||||||
|
protected void deactivate(ComponentContext componentContext) {
|
||||||
|
//do nothing
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,49 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
package org.wso2.carbon.certificate.mgt.core.service;
|
||||||
|
|
||||||
|
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
|
||||||
|
import org.wso2.carbon.certificate.mgt.core.dto.SCEPResponse;
|
||||||
|
import org.wso2.carbon.certificate.mgt.core.exception.KeystoreException;
|
||||||
|
|
||||||
|
import java.io.InputStream;
|
||||||
|
import java.security.PrivateKey;
|
||||||
|
import java.security.cert.Certificate;
|
||||||
|
import java.security.cert.X509Certificate;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
public interface CertificateManagementService {
|
||||||
|
|
||||||
|
Certificate getCACertificate() throws KeystoreException;
|
||||||
|
|
||||||
|
Certificate getRACertificate() throws KeystoreException;
|
||||||
|
|
||||||
|
public List<X509Certificate> getRootCertificates(byte[] ca, byte[] ra) throws KeystoreException;
|
||||||
|
|
||||||
|
public X509Certificate generateX509Certificate() throws KeystoreException;
|
||||||
|
|
||||||
|
public SCEPResponse getCACertSCEP() throws KeystoreException;
|
||||||
|
|
||||||
|
public byte[] getCACapsSCEP();
|
||||||
|
|
||||||
|
public byte[] getPKIMessageSCEP(InputStream inputStream) throws KeystoreException;
|
||||||
|
|
||||||
|
public X509Certificate generateCertificateFromCSR(PrivateKey privateKey,
|
||||||
|
PKCS10CertificationRequest request,
|
||||||
|
String issueSubject) throws KeystoreException;
|
||||||
|
}
|
@ -0,0 +1,87 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
package org.wso2.carbon.certificate.mgt.core.service;
|
||||||
|
|
||||||
|
import org.apache.commons.logging.Log;
|
||||||
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
|
||||||
|
import org.wso2.carbon.certificate.mgt.core.dto.SCEPResponse;
|
||||||
|
import org.wso2.carbon.certificate.mgt.core.exception.KeystoreException;
|
||||||
|
import org.wso2.carbon.certificate.mgt.core.impl.CertificateGenerator;
|
||||||
|
import org.wso2.carbon.certificate.mgt.core.impl.KeyStoreReader;
|
||||||
|
import org.wso2.carbon.certificate.mgt.core.util.ConfigurationUtil;
|
||||||
|
|
||||||
|
import java.io.InputStream;
|
||||||
|
import java.security.PrivateKey;
|
||||||
|
import java.security.cert.Certificate;
|
||||||
|
import java.security.cert.X509Certificate;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
public class CertificateManagementServiceImpl implements CertificateManagementService {
|
||||||
|
|
||||||
|
private static final Log log = LogFactory.getLog(CertificateManagementServiceImpl.class);
|
||||||
|
private static CertificateManagementServiceImpl certificateManagementServiceImpl;
|
||||||
|
private static KeyStoreReader keyStoreReader;
|
||||||
|
private static CertificateGenerator certificateGenerator;
|
||||||
|
|
||||||
|
private CertificateManagementServiceImpl() {}
|
||||||
|
|
||||||
|
public static CertificateManagementServiceImpl getInstance() {
|
||||||
|
|
||||||
|
if (certificateManagementServiceImpl == null) {
|
||||||
|
certificateManagementServiceImpl = new CertificateManagementServiceImpl();
|
||||||
|
keyStoreReader = new KeyStoreReader();
|
||||||
|
certificateGenerator = new CertificateGenerator();
|
||||||
|
}
|
||||||
|
return certificateManagementServiceImpl;
|
||||||
|
}
|
||||||
|
|
||||||
|
public Certificate getCACertificate() throws KeystoreException {
|
||||||
|
return keyStoreReader.getCACertificate();
|
||||||
|
}
|
||||||
|
|
||||||
|
public Certificate getRACertificate() throws KeystoreException {
|
||||||
|
return keyStoreReader.getRACertificate();
|
||||||
|
}
|
||||||
|
|
||||||
|
public List<X509Certificate> getRootCertificates(byte[] ca, byte[] ra) throws KeystoreException {
|
||||||
|
return certificateGenerator.getRootCertificates(ca, ra);
|
||||||
|
}
|
||||||
|
|
||||||
|
public X509Certificate generateX509Certificate() throws KeystoreException {
|
||||||
|
return certificateGenerator.generateX509Certificate();
|
||||||
|
}
|
||||||
|
|
||||||
|
public SCEPResponse getCACertSCEP() throws KeystoreException {
|
||||||
|
return certificateGenerator.getCACert();
|
||||||
|
}
|
||||||
|
|
||||||
|
public byte[] getCACapsSCEP() {
|
||||||
|
return ConfigurationUtil.POST_BODY_CA_CAPS.getBytes();
|
||||||
|
}
|
||||||
|
|
||||||
|
public byte[] getPKIMessageSCEP(InputStream inputStream) throws KeystoreException {
|
||||||
|
return certificateGenerator.getPKIMessage(inputStream);
|
||||||
|
}
|
||||||
|
|
||||||
|
public X509Certificate generateCertificateFromCSR(PrivateKey privateKey,
|
||||||
|
PKCS10CertificationRequest request,
|
||||||
|
String issueSubject) throws KeystoreException {
|
||||||
|
return certificateGenerator.generateCertificateFromCSR(privateKey, request, issueSubject);
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,43 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
package org.wso2.carbon.certificate.mgt.core.util;
|
||||||
|
|
||||||
|
import java.util.Calendar;
|
||||||
|
import java.util.Date;
|
||||||
|
|
||||||
|
public class CommonUtil {
|
||||||
|
|
||||||
|
public Date getValidityStartDate() {
|
||||||
|
Date targetDate = new Date();
|
||||||
|
Calendar calendar = Calendar.getInstance();
|
||||||
|
calendar.setTime(targetDate);
|
||||||
|
calendar.add(Calendar.DATE, -2);
|
||||||
|
|
||||||
|
return calendar.getTime();
|
||||||
|
}
|
||||||
|
|
||||||
|
public Date getValidityEndDate() {
|
||||||
|
Date targetDate = new Date();
|
||||||
|
Calendar calendar = Calendar.getInstance();
|
||||||
|
calendar.setTime(targetDate);
|
||||||
|
calendar.add(Calendar.YEAR, 100);
|
||||||
|
|
||||||
|
return calendar.getTime();
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,137 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
package org.wso2.carbon.certificate.mgt.core.util;
|
||||||
|
|
||||||
|
import org.w3c.dom.Document;
|
||||||
|
import org.w3c.dom.NodeList;
|
||||||
|
import org.wso2.carbon.certificate.mgt.core.exception.KeystoreException;
|
||||||
|
import org.xml.sax.SAXException;
|
||||||
|
import javax.xml.parsers.DocumentBuilder;
|
||||||
|
import javax.xml.parsers.DocumentBuilderFactory;
|
||||||
|
import javax.xml.parsers.ParserConfigurationException;
|
||||||
|
import java.io.File;
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
|
public class ConfigurationUtil {
|
||||||
|
|
||||||
|
public static final String PATH_CERTIFICATE_KEYSTORE = "CertificateKeystoreLocation";
|
||||||
|
public static final String CERTIFICATE_KEYSTORE_PASSWORD = "CertificateKeystorePassword";
|
||||||
|
public static final String KEYSTORE_CA_CERT_PRIV_PASSWORD = "CAPrivateKeyPassword";
|
||||||
|
public static final String KEYSTORE_RA_CERT_PRIV_PASSWORD = "RAPrivateKeyPassword";
|
||||||
|
public static final String CA_CERT_ALIAS = "CACertAlias";
|
||||||
|
public static final String RA_CERT_ALIAS = "RACertAlias";
|
||||||
|
public static final String SIGNATUREALGO = "SHA1withRSA";
|
||||||
|
public static final String PROVIDER = "BC";
|
||||||
|
public static final String KEYSTORE = "Type";
|
||||||
|
public static final String CERTIFICATE_KEYSTORE = "CertificateKeystoreType";
|
||||||
|
public static final String RSA = "RSA";
|
||||||
|
public static final String UTF_8 = "UTF-8";
|
||||||
|
public static final String SHA256_RSA = "SHA256WithRSAEncryption";
|
||||||
|
public static final String X_509 = "X.509";
|
||||||
|
public static final String POST_BODY_CA_CAPS = "POSTPKIOperation\nSHA-1\nDES3\n";
|
||||||
|
public static final String DES_EDE = "DESede";
|
||||||
|
public static final String CONF_LOCATION = "conf.location";
|
||||||
|
private static final String CARBON_HOME = "carbon.home";
|
||||||
|
private static final String CERTIFICATE_CONFIG_XML = "certificate-config.xml";
|
||||||
|
private static final String CARBON_HOME_ENTRY = "${carbon.home}";
|
||||||
|
public static final String DEFAULT_PRINCIPAL = "O=WSO2, OU=Mobile, C=LK";
|
||||||
|
public static final String RSA_PRIVATE_KEY_BEGIN_TEXT = "-----BEGIN RSA PRIVATE KEY-----\n";
|
||||||
|
public static final String RSA_PRIVATE_KEY_END_TEXT = "-----END RSA PRIVATE KEY-----";
|
||||||
|
public static final String EMPTY_TEXT = "";
|
||||||
|
public static final int RSA_KEY_LENGTH = 1024;
|
||||||
|
|
||||||
|
|
||||||
|
private static ConfigurationUtil configurationUtil;
|
||||||
|
private static final String[] emmConfigEntryNames = { CA_CERT_ALIAS, RA_CERT_ALIAS,
|
||||||
|
CERTIFICATE_KEYSTORE, PATH_CERTIFICATE_KEYSTORE, CERTIFICATE_KEYSTORE_PASSWORD,
|
||||||
|
KEYSTORE_CA_CERT_PRIV_PASSWORD, KEYSTORE_RA_CERT_PRIV_PASSWORD };
|
||||||
|
|
||||||
|
private static Map<String, String> configMap;
|
||||||
|
|
||||||
|
private static Map<String, String> readEMMConfigurations() throws KeystoreException {
|
||||||
|
|
||||||
|
String emmConfLocation = System.getProperty(CONF_LOCATION) + File.separator + CERTIFICATE_CONFIG_XML;
|
||||||
|
|
||||||
|
if (configurationUtil == null || configMap == null) {
|
||||||
|
|
||||||
|
configurationUtil = new ConfigurationUtil();
|
||||||
|
configMap = new HashMap<String, String>();
|
||||||
|
|
||||||
|
Document document;
|
||||||
|
try {
|
||||||
|
File fXmlFile = new File(emmConfLocation);
|
||||||
|
DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
|
||||||
|
DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
|
||||||
|
document = documentBuilder.parse(fXmlFile);
|
||||||
|
} catch (ParserConfigurationException e) {
|
||||||
|
throw new KeystoreException("Error parsing configuration in ios-config.xml file");
|
||||||
|
} catch (SAXException e) {
|
||||||
|
throw new KeystoreException("SAX exception in ios-config.xml file");
|
||||||
|
} catch (IOException e) {
|
||||||
|
throw new KeystoreException("Error reading ios-config.xml file");
|
||||||
|
}
|
||||||
|
|
||||||
|
for (String configEntry : emmConfigEntryNames) {
|
||||||
|
NodeList elements = document.getElementsByTagName(configEntry);
|
||||||
|
if (elements != null && elements.getLength() > 0) {
|
||||||
|
configMap.put(configEntry, elements.item(0).getTextContent());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
String emmKeyStoreLocation = replaceCarbonHomeEnvEntry(configMap.get(PATH_CERTIFICATE_KEYSTORE));
|
||||||
|
if (emmKeyStoreLocation != null) {
|
||||||
|
configMap.put(PATH_CERTIFICATE_KEYSTORE, emmKeyStoreLocation);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return configMap;
|
||||||
|
}
|
||||||
|
|
||||||
|
public static String getConfigEntry(final String entry) throws KeystoreException {
|
||||||
|
|
||||||
|
Map<String, String> configurationMap = readEMMConfigurations();
|
||||||
|
String configValue = configurationMap.get(entry);
|
||||||
|
|
||||||
|
if (configValue == null) {
|
||||||
|
throw new KeystoreException(String.format("Configuration entry %s not available", entry));
|
||||||
|
}
|
||||||
|
|
||||||
|
return configValue.trim();
|
||||||
|
}
|
||||||
|
|
||||||
|
private static String replaceCarbonHomeEnvEntry(String entry) {
|
||||||
|
if (entry != null && entry.toLowerCase().contains(CARBON_HOME_ENTRY)) {
|
||||||
|
return entry.replace(CARBON_HOME_ENTRY, System.getProperty(CARBON_HOME));
|
||||||
|
}
|
||||||
|
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
public static ConfigurationUtil getInstance() {
|
||||||
|
if (configurationUtil == null) {
|
||||||
|
synchronized (ConfigurationUtil.class) {
|
||||||
|
if (configurationUtil == null) {
|
||||||
|
configurationUtil = new ConfigurationUtil();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return configurationUtil;
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,101 @@
|
|||||||
|
package org.wso2.carbon.certificate.mgt.core.impl;
|
||||||
|
|
||||||
|
import org.apache.commons.io.FileUtils;
|
||||||
|
import org.apache.commons.logging.Log;
|
||||||
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
import org.testng.Assert;
|
||||||
|
import org.testng.annotations.Test;
|
||||||
|
import org.wso2.carbon.certificate.mgt.core.exception.KeystoreException;
|
||||||
|
import org.wso2.carbon.certificate.mgt.core.util.ConfigurationUtil;
|
||||||
|
|
||||||
|
import java.io.File;
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.security.cert.X509Certificate;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
public class CertificateGeneratorTestSuite {
|
||||||
|
|
||||||
|
private static Log log = LogFactory.getLog(CertificateGeneratorTestSuite.class);
|
||||||
|
private static final String CA_CERT_PEM = "src/test/resources/ca_cert.pem";
|
||||||
|
private static final String RA_CERT_PEM = "src/test/resources/ra_cert.pem";
|
||||||
|
private static final String CA_PRIVATE_KEY_PATH = "src/test/resources/ca_private.key";
|
||||||
|
private final CertificateGenerator certificateGenerator = new CertificateGenerator();
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testGetRootCertificates() {
|
||||||
|
try {
|
||||||
|
File caPemFile = new File(CA_CERT_PEM);
|
||||||
|
File raPemFile = new File(RA_CERT_PEM);
|
||||||
|
|
||||||
|
byte[] ca = FileUtils.readFileToByteArray(caPemFile);
|
||||||
|
byte[] ra = FileUtils.readFileToByteArray(raPemFile);
|
||||||
|
|
||||||
|
List<X509Certificate> rootCertificates = certificateGenerator.getRootCertificates(ca, ra);
|
||||||
|
Assert.assertNotNull(rootCertificates, "Root certificates retrieved");
|
||||||
|
|
||||||
|
Assert.assertEquals(rootCertificates.get(0).getType(), ConfigurationUtil.X_509);
|
||||||
|
Assert.assertEquals(rootCertificates.get(1).getType(), ConfigurationUtil.X_509);
|
||||||
|
} catch (IOException e) {
|
||||||
|
Assert.fail("Error reading byte streams for CA and RA ", e);
|
||||||
|
} catch (KeystoreException e) {
|
||||||
|
Assert.fail("Error retrieving root certificates ", e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testGenerateX509Certificate() {
|
||||||
|
try {
|
||||||
|
X509Certificate certificate = certificateGenerator.generateX509Certificate();
|
||||||
|
|
||||||
|
Assert.assertNotNull(certificate, "Certificate received");
|
||||||
|
Assert.assertEquals(certificate.getType(), ConfigurationUtil.X_509);
|
||||||
|
} catch (KeystoreException e) {
|
||||||
|
Assert.fail("Error occurred while generating X509 certificate ", e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// @Test
|
||||||
|
// public void testGetPKIMessage() {
|
||||||
|
// try {
|
||||||
|
// byte[] pkiMessage = certificateGenerator.getPKIMessage(null);
|
||||||
|
// } catch (IOSEnrollmentException e) {
|
||||||
|
// Assert.fail("Error occurred while retrieving PKI Message ", e);
|
||||||
|
// }
|
||||||
|
// }
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testGenerateCertificateFromCSR() {
|
||||||
|
try {
|
||||||
|
X509Certificate certificate = certificateGenerator.generateX509Certificate();
|
||||||
|
|
||||||
|
Assert.assertNotNull(certificate, "Certificate received");
|
||||||
|
Assert.assertEquals(certificate.getType(), ConfigurationUtil.X_509);
|
||||||
|
} catch (KeystoreException e) {
|
||||||
|
Assert.fail("Error occurred while generating certificate ", e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// @Test
|
||||||
|
// public void testGetSignerKey() {
|
||||||
|
// try {
|
||||||
|
// PrivateKey privateKey = certificateGenerator.getSignerKey(CA_PRIVATE_KEY_PATH);
|
||||||
|
//
|
||||||
|
// Assert.assertNotNull(privateKey, "Private key received");
|
||||||
|
// Assert.assertEquals(privateKey.getAlgorithm(), ConfigurationUtil.RSA);
|
||||||
|
// } catch (KeystoreException e) {
|
||||||
|
// Assert.fail("Error occurred while generating certificate ", e);
|
||||||
|
// }
|
||||||
|
// }
|
||||||
|
//
|
||||||
|
// @Test
|
||||||
|
// public void testGetSigner() {
|
||||||
|
// try {
|
||||||
|
// X509Certificate certificate = certificateGenerator.getSigner(CA_CERT_PEM);
|
||||||
|
//
|
||||||
|
// Assert.assertNotNull(certificate, "Certificate received");
|
||||||
|
// Assert.assertEquals(certificate.getType(), ConfigurationUtil.X_509);
|
||||||
|
// } catch (KeystoreException e) {
|
||||||
|
// Assert.fail("Error while retrieving certificate ", e);
|
||||||
|
// }
|
||||||
|
// }
|
||||||
|
}
|
@ -0,0 +1,38 @@
|
|||||||
|
package org.wso2.carbon.certificate.mgt.core.util;
|
||||||
|
|
||||||
|
import org.apache.commons.logging.Log;
|
||||||
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
import org.testng.Assert;
|
||||||
|
import org.testng.annotations.Test;
|
||||||
|
|
||||||
|
import java.util.Date;
|
||||||
|
|
||||||
|
public class CommonUtilTestSuite {
|
||||||
|
|
||||||
|
private static Log log = LogFactory.getLog(CommonUtilTestSuite.class);
|
||||||
|
private final CommonUtil commonUtil = new CommonUtil();
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testValidityStartDate() {
|
||||||
|
Date validityStartDate = commonUtil.getValidityStartDate();
|
||||||
|
|
||||||
|
if(validityStartDate == null) {
|
||||||
|
Assert.fail("Validity start date is empty");
|
||||||
|
}
|
||||||
|
|
||||||
|
Date todayDate = new Date();
|
||||||
|
Assert.assertTrue(validityStartDate.before(todayDate), "Validity start date is valid");
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testValidityEndDate() {
|
||||||
|
Date validityEndDate = commonUtil.getValidityEndDate();
|
||||||
|
|
||||||
|
if(validityEndDate == null) {
|
||||||
|
Assert.fail("Validity end date is empty");
|
||||||
|
}
|
||||||
|
|
||||||
|
Date todayDate = new Date();
|
||||||
|
Assert.assertTrue(validityEndDate.after(todayDate), "Validity end date is valid");
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,34 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIF+zCCA+OgAwIBAgIJAJE458QXNuiLMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYD
|
||||||
|
VQQGEwJVUzENMAsGA1UECBMEVGVzdDENMAsGA1UEBxMEVGVzdDERMA8GA1UEChMI
|
||||||
|
VGVzdCBPcmcxFjAUBgNVBAsTDVRlc3Qgb3JnIHVuaXQxFTATBgNVBAMTDFdTTzIg
|
||||||
|
Um9vdCBDQTEcMBoGCSqGSIb3DQEJARYNcm9vdEB3c28yLmNvbTAeFw0xNTAxMjcx
|
||||||
|
MjUxMjRaFw0xNzEwMjMxMjUxMjRaMIGLMQswCQYDVQQGEwJVUzENMAsGA1UECBME
|
||||||
|
VGVzdDENMAsGA1UEBxMEVGVzdDERMA8GA1UEChMIVGVzdCBPcmcxFjAUBgNVBAsT
|
||||||
|
DVRlc3Qgb3JnIHVuaXQxFTATBgNVBAMTDFdTTzIgUm9vdCBDQTEcMBoGCSqGSIb3
|
||||||
|
DQEJARYNcm9vdEB3c28yLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
|
||||||
|
ggIBANJ756zjlkNKJf9O80qwFWxlwr4vOa80oaGXaO8Luj8ZNb7zyGATppTmZi2b
|
||||||
|
rRVfNPGHhN/0REb5+Gcf0xvk1b5Wp4E+JoDKfZMwOVQsMVmKYHqopgiiE28L/YoN
|
||||||
|
d0XmZA0J03nfQ4rzYggwQX7oRsW/AptkdURV4i8xD3SsqDGDZyYxQVDkj55nrweE
|
||||||
|
d5FWOnYvvpdbFJ4WanJmGe1WRtLMJ0jFi7tw9Wc7W/5+fvIA9bvHDHoG1VlfyjQU
|
||||||
|
SvTLlAN7Ui0ztXTcOZuN3HI0putMQRyaAD7Ljl7E1ROiqMhN/z80Bck8Yi7ELOmq
|
||||||
|
+cJOir/4CAamj8SugZ0iXo922slrSemWL9tjNT7MFmjFXmgIfVmaJF7OxKyxHhO8
|
||||||
|
gJKTlU2KSJJH2CzMwnGdRFrDlsAotVjGLYFWHUN4HW2uA2crEEmk+UduwnVMazqU
|
||||||
|
wBFxv+INf0U55bsXTv7C3L06IUaTBvxhxKQmzj9BeQGwWAC2Co4s5riT2ttivSRl
|
||||||
|
XijPIEDTfmvE/fjj4KfQQOTY3+EejacMe6gb/qVsCZ1g9Tbk7WLgjYHBuOQSAz3l
|
||||||
|
wPPqPY+6CakeL29wWyPg7pGzR6lMcYItUdHJuNsTijs0x6Xi1O5iIuL2o0vl8FRH
|
||||||
|
+tZFm3ujtCIHprjUgcn6aOR9Ms/NkUJCziKKAb4KoohNFgr/AgMBAAGjYDBeMB0G
|
||||||
|
A1UdDgQWBBSDhLDYVCYhJsxvK1ZNV05qGGVajjAfBgNVHSMEGDAWgBSDhLDYVCYh
|
||||||
|
JsxvK1ZNV05qGGVajjAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBhjANBgkq
|
||||||
|
hkiG9w0BAQUFAAOCAgEAykqOsxHV43Bx24+7DfxLNYyafBayHacQ4uwtldwexyQB
|
||||||
|
fIyJKjhzZUSvl37zhFPhJRJHogFIds+FoqaQsF8PvI/YSKs3UYRhje2mJan79lEA
|
||||||
|
rCd+3zDGmzQhmutVo7C1bCQuujV8YLIJGvvcnMcHnMLpc5CfjzmI2C6qMZ5XgpHx
|
||||||
|
/Mhindllqr0ZVvqRive0A2svW1k47XWB7BIfx/aoZ1viPHDNYVuYZ6j/NAFv8/Fu
|
||||||
|
3n/TfYOJ5rz0NPGHYXnmFcgGxtYTu5u6Q9YVdDLZv9lqYbMRSdiQ8SVDzwxft9N5
|
||||||
|
g6/VoXLoMpCS7/6jR3J0GbG2r/vr024QMOHDZHQDjkAVUBni6/bRHqj389RnOXhQ
|
||||||
|
+TSlx/hGgtdTpZRv63PjAqTCdDAhazWAgG/W+dxUhAywiOYHeXincuuDER0ypkfG
|
||||||
|
caUvbN9/mWtGJvtW+L9OlTj3LQlXD2ORehz5itS3eV0DVkscCOLzzkVLtIJeew1o
|
||||||
|
RmiADNOUe5A6V0cW5HIFi9F7Recqv9lGphwQeq+2cmvUKkSPcx+Z/SHTT/nIOioq
|
||||||
|
xxafJhci5dAEsPgtzxnA6QqPQtxOj46aZxQh5+hzZ/1CQq3UThDdQreJL51c+NOS
|
||||||
|
ZFQh6YVpJH6ZdSldBJnHjbS7RL/bv2kl1Pmv808T+iG+GpDw2XljwsI6TL8ACok=
|
||||||
|
-----END CERTIFICATE-----
|
@ -0,0 +1,51 @@
|
|||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIIJKgIBAAKCAgEA0nvnrOOWQ0ol/07zSrAVbGXCvi85rzShoZdo7wu6Pxk1vvPI
|
||||||
|
YBOmlOZmLZutFV808YeE3/RERvn4Zx/TG+TVvlangT4mgMp9kzA5VCwxWYpgeqim
|
||||||
|
CKITbwv9ig13ReZkDQnTed9DivNiCDBBfuhGxb8Cm2R1RFXiLzEPdKyoMYNnJjFB
|
||||||
|
UOSPnmevB4R3kVY6di++l1sUnhZqcmYZ7VZG0swnSMWLu3D1Zztb/n5+8gD1u8cM
|
||||||
|
egbVWV/KNBRK9MuUA3tSLTO1dNw5m43ccjSm60xBHJoAPsuOXsTVE6KoyE3/PzQF
|
||||||
|
yTxiLsQs6ar5wk6Kv/gIBqaPxK6BnSJej3bayWtJ6ZYv22M1PswWaMVeaAh9WZok
|
||||||
|
Xs7ErLEeE7yAkpOVTYpIkkfYLMzCcZ1EWsOWwCi1WMYtgVYdQ3gdba4DZysQSaT5
|
||||||
|
R27CdUxrOpTAEXG/4g1/RTnluxdO/sLcvTohRpMG/GHEpCbOP0F5AbBYALYKjizm
|
||||||
|
uJPa22K9JGVeKM8gQNN+a8T9+OPgp9BA5Njf4R6Npwx7qBv+pWwJnWD1NuTtYuCN
|
||||||
|
gcG45BIDPeXA8+o9j7oJqR4vb3BbI+DukbNHqUxxgi1R0cm42xOKOzTHpeLU7mIi
|
||||||
|
4vajS+XwVEf61kWbe6O0IgemuNSByfpo5H0yz82RQkLOIooBvgqiiE0WCv8CAwEA
|
||||||
|
AQKCAgBAyt+AOvawdAzKULVX0mhl29Vc0hDBvEPdCEzG+Sc18T64LzcJTENFJr9h
|
||||||
|
XsCjCZG0n/DpN7ok1yH+LK/BsGmTk/0wLb+QecS6IGglXw058PzOBUhG9A1ja596
|
||||||
|
dba3j7pQwSuWIoIaLd2Jg8FFnZ7blHbq+ruWc5GS0Vleox+LTlXcTeE7U4BaVLRu
|
||||||
|
bfqYhKCubPgQg3sPRvsxh/iHNL3MegfFwPnIk3cXdhBVgP725BDA4v8WOTBHuNL3
|
||||||
|
wR9px5kikT20qGw9MuWQ2tR3W3neiLSqZ0WYDvUeexzUVIf8UPY3sH3vemUG3GCu
|
||||||
|
9XC4vZC8k091LKSo+MbxZfkR1JZ4R2CEMcFJaz/jc6VN2bTOWuWWczReOzq0Xx7P
|
||||||
|
GbsmcQNBhY8qBoz+cOWifxBWZzKSWfcNMgwnNyAKlDrOehpp+gZ1yH7dk9fL/wrE
|
||||||
|
jSEEnhq4SVDeGEOo7gEi17Px8/256PKwQB4wELPBwODBslPzJ0PPDKk4mxBq3JQP
|
||||||
|
EJKnBhu15KGJuoUZ42GcYSn55Zu/Rujqhn9cWbwhq0KrExwVI3EWnd89dYv360Mu
|
||||||
|
RskqPTuEpAUOUCQPIUT0p3f1PBgML6L5HxjJDUt6n2N8Y1xT8sKF6FKnbvdizcqz
|
||||||
|
v0+xdBk0xpSoazHzH1lnia3fZ6EPzMPHbLrz4ga0eUdaGwbSEQKCAQEA6sUljKKH
|
||||||
|
7EsKsXaQ6igqQ2TkZWTu+xqRlFjb2tTmyHt99O4w3L45ae0la7ApygTRFHs3z9XB
|
||||||
|
ws12bVkXdA35txKk97SNmWDrZbxpswHmTSnrOLGD2VFD4J/YifuBkT8K7PEJno9U
|
||||||
|
Ewi70RHGQEFfL3VL1TOa2WnJELOLkzoCkBL/NaVawtbK7O7KIrCu3jFCq3zu+uku
|
||||||
|
XVHTzXi+gr+uknGraxKcyLhCu6/7Uot+uYrtCzFsk4vTs2bovWuL2KLi/MAP8x3K
|
||||||
|
FcNNj2SPr+PzwzlqthiW/rtZjg7MFMdN9RAhImjbIJt3svzWsB4nr7VQxHYStfFJ
|
||||||
|
xIwbFp233qFKjQKCAQEA5YSK9L9o4LRDilwCz3p1tZ1tgY9tMUbG2wx0dG9xrETY
|
||||||
|
4yGwTPAc++Tp3aOnbO544ZpnGLBoQTgtOc1p4jyj/Md2CwlP8UfbYhEdYEN9Gn5H
|
||||||
|
ylu1b0cRwHeO4Bfnekqk8EL0rl3KUUsAk2uKEwCBwsuxjFurMDasyoA5T5gcsa4p
|
||||||
|
EhEF5D7t5sJb7f8hP+vMBa2yUKQT9dflF8xN7iHvxhun1qipX1AzZ341H94QbgRb
|
||||||
|
rYdfxzBr4aa5UZe5Ls9ofQf0S3zXVEXah/Pg+3o0BppdIrtLXTWcI/yeE6L8/Ebr
|
||||||
|
jMXLiTzd4bwWjbTijEJ/MKb/UsPQqbZsXNzMiyxuuwKCAQEAvs0xQkYJr+ohK6+Q
|
||||||
|
AS5ZguJpmVpZu6yRKn65V/V2BvQOn1RCU/Up1kQNCKNooy4c+sdVyc0RJ5AyspYY
|
||||||
|
sJJ3I+m8NzD/b+tMBSgGw5xEnuv1puLmpGUehF2E8Ed+uxwAdidDySD1lG6hrj4C
|
||||||
|
4NAAWyK6WfER5abK6Y7yXdpkoNE/p0rXI8jLrZo4n872n9BrPdJQq419yAwr1i9O
|
||||||
|
rha4+330chXzZFIUslNJL4H9oTAejN1DP/sBOCnn96KDSrK/RemWTOEmD1/mFicF
|
||||||
|
fE8IGt78Mjhz510+YGz4Qd7lJclRFJUhmjOgKdDBbutjF7OFi9XmSQZsDJhNn6jY
|
||||||
|
+dAeNQKCAQEAsAFpUfCq644xMRwIJ7VAKQrVnAIx+RTOj9JIR7XilPmi3OLLwORt
|
||||||
|
RZmw4f+K99UUK+Vs5Bj7ifAbdnUYmp5oHwOSeTol7OBu0xBO17BJcpSeVwbm5rO4
|
||||||
|
YEEO9rg+EaDGRV0DJ+fSq255vZM9Kf88gvYTbJArgeibrxqPWINMldD5u9oEC5la
|
||||||
|
dJhdSPBaPhuDtGMUGBULHX73Nr28kT3DEsfIeKuUXvwwv0+gS5TOQp/i8fqbLzPp
|
||||||
|
tvxUpsZUAxqYhTEhXPYaZoy+3Xze7dozpVCg1W6Nh6gB2fLyAhr+KDP2lFhmEhL0
|
||||||
|
EBRds0Oga3De+p9FsuFo1YyIItpLnPpw2wKCAQEArUQM9k0Qprczx9sKf/YF+ulx
|
||||||
|
tiiGyRUV7kAcrQiQAjB88wPoB/ovnW4VCI4y/mNeZGvyCWeQx9g+Ntc5BJlIlJYi
|
||||||
|
wviyQ5Lq1OlOWQlWIkKCI2Z+s5uYKTSgZRp7VLnvKswHnxBy2Bxq3i9taP6QYlZz
|
||||||
|
3ff/plfK3ZM6moc89wl/aQgdhWsV/WV7bKcnncM9K2N7dpKzRcZ+6iuJt9PNKo5V
|
||||||
|
6GUYEvn04twumzgqGtYQbiq63YfHe8QLvX/j8ffGH8O0rUAIrQnrNl0n0SoE9ECU
|
||||||
|
lUCVCXzypT+MKAeHfI4aFeWG48sdfnHPWOkyRHXWFLAwkHUVnqmYhXLpmJBtMw==
|
||||||
|
-----END RSA PRIVATE KEY-----
|
@ -0,0 +1,19 @@
|
|||||||
|
<?xml version="1.0" encoding="ISO-8859-1"?>
|
||||||
|
<CertificateConfigurations>
|
||||||
|
<CertificateKeystore>
|
||||||
|
<!-- EMM Keystore file location-->
|
||||||
|
<CertificateKeystoreLocation>${carbon.home}/repository/resources/security/wso2cert.jks</CertificateKeystoreLocation>
|
||||||
|
<!-- EMM Keystore type (JKS/PKCS12 etc.)-->
|
||||||
|
<CertificateKeystoreType>JKS</CertificateKeystoreType>
|
||||||
|
<!-- EMM Keystore password-->
|
||||||
|
<CertificateKeystorePassword>wso2carbon</CertificateKeystorePassword>
|
||||||
|
<!-- Certificate authority certificate alias -->
|
||||||
|
<CACertAlias>cacert</CACertAlias>
|
||||||
|
<!-- Certificate authority private key password -->
|
||||||
|
<CAPrivateKeyPassword>cacert</CAPrivateKeyPassword>
|
||||||
|
<!-- Registration authority certificate alias -->
|
||||||
|
<RACertAlias>racert</RACertAlias>
|
||||||
|
<!-- Registration authority private key password -->
|
||||||
|
<RAPrivateKeyPassword>racert</RAPrivateKeyPassword>
|
||||||
|
</CertificateKeystore>
|
||||||
|
</CertificateConfigurations>
|
@ -0,0 +1,33 @@
|
|||||||
|
#
|
||||||
|
# Copyright 2015 WSO2, Inc. (http://wso2.com)
|
||||||
|
#
|
||||||
|
# WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
# version 2.0 (the "License"); you may not use this file except
|
||||||
|
# in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
#
|
||||||
|
|
||||||
|
#
|
||||||
|
# This is the log4j configuration file used by WSO2 Carbon
|
||||||
|
#
|
||||||
|
# IMPORTANT : Please do not remove or change the names of any
|
||||||
|
# of the Appenders defined here. The layout pattern & log file
|
||||||
|
# can be changed using the WSO2 Carbon Management Console, and those
|
||||||
|
# settings will override the settings in this file.
|
||||||
|
#
|
||||||
|
|
||||||
|
log4j.rootLogger=INFO, STD_OUT
|
||||||
|
|
||||||
|
# Redirect log messages to console
|
||||||
|
log4j.appender.STD_OUT=org.apache.log4j.ConsoleAppender
|
||||||
|
log4j.appender.STD_OUT.Target=System.out
|
||||||
|
log4j.appender.STD_OUT.layout=org.apache.log4j.PatternLayout
|
||||||
|
log4j.appender.STD_OUT.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n
|
@ -0,0 +1,33 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIFqDCCA5CgAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBizELMAkGA1UEBhMCVVMx
|
||||||
|
DTALBgNVBAgTBFRlc3QxDTALBgNVBAcTBFRlc3QxETAPBgNVBAoTCFRlc3QgT3Jn
|
||||||
|
MRYwFAYDVQQLEw1UZXN0IG9yZyB1bml0MRUwEwYDVQQDEwxXU08yIFJvb3QgQ0Ex
|
||||||
|
HDAaBgkqhkiG9w0BCQEWDXJvb3RAd3NvMi5jb20wHhcNMTUwMTI3MTI1MzAxWhcN
|
||||||
|
MTcxMDIzMTI1MzAxWjCBgzELMAkGA1UEBhMCVVMxGTAXBgNVBAgTEFRlc3QgUkEg
|
||||||
|
UHJvdmluY2UxFTATBgNVBAcTDFRlc3QgUkEgQ2l0eTEUMBIGA1UEChMLVGVzdCBS
|
||||||
|
QSBPcmcxGTAXBgNVBAsTEFRlc3QgUkEgb3JnIHVuaXQxETAPBgNVBAMTCFdTTzIg
|
||||||
|
UkEgMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtUMgUlYYU3/TPfEe
|
||||||
|
zNAvBaiOi/jUjfZ9IbxvMl7obDT17/5vU68TCGkZRjyfYUEiGNBisUEFWjSk/sGL
|
||||||
|
/ofYKUAxw33cd456FLMjaJX/4Zk4y8eYB1m1GGlHejoDyjPhq8S6GDmy+PXbJr8n
|
||||||
|
lSTROR2mQHkGwYrCreWeU4AYWzdctIFk7U2DKeIvZYSidIIjfSpDXURxrt9LPvig
|
||||||
|
fMzr5l/WkZfjvk5S+W7rgMtpllxlEPgyDc07pNAdNSq5FB990oaUsVX8o6l6wdCw
|
||||||
|
grYz83edPOKwZa04fsVztz2oF3ZYSGGjD3lwh0KS/jUL+awRyhMx5p/O1hySg6PP
|
||||||
|
pJjeqRuobNTuwSAXxp3nsNSY0DkGW04pSxWoDQqhnpaqBbAf71l6ya2e3so1SHm/
|
||||||
|
jouWSYTHncq5bmGE4AN7ZGVGZvfx84+UR8fNxJxxLo+DFFE0oJNzpPGNxILpHxgT
|
||||||
|
V7IOII6mhfkrQk+AFQiW2Y5FXLVYv8r+SPXW8pYsjaWl971XZeM/HC3L9IZkCrrr
|
||||||
|
a0ID5oT6vt+xTmdo4yiBqIP5TBYm+1a9YzMAy7XGtPih9k6cufMLcfzvUZdOXw9x
|
||||||
|
3T05nM5ZtcDq0gHvUzQ7sfHTguWVnuHVEdb2ox4x2L5NzEA475fbSdXpMok9z/z7
|
||||||
|
Xa71vIZi28InDAFBQehUlJnFtf0CAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNV
|
||||||
|
HQ8EBAMCBaAwDQYJKoZIhvcNAQEFBQADggIBAAO0TwnQBMJvL8wbfsnTqAGCCHM4
|
||||||
|
x1cpW+KgTmflPEliYGOn/dJYDz/dUowCgoj5mrSxjQ3G1/qL+9Y7E33h0tyw37vH
|
||||||
|
YDL1p2Tn+fwmXRHrk+CHoPHNcImEfSIDWbbG7ehBR6erVfbQSZjmj4fwPkItp8rP
|
||||||
|
nyUtXHOLpfFYoAxYkNP9+C8vpC9W/H1pj3rzmQFA1z+EZAKVV7vDAxbe6sun84nf
|
||||||
|
YAaMSIzHx1B+XLHokgChmnZr3wV7EypBEmmKp4ITvJqK7WsIG9t1M6hI7OTPCURR
|
||||||
|
mdy+DJtIoIUbZxHyIyC9nPcVJFkdBusnfXq4uMb0KMaWYCU8ESqZPySukF2qZ5KA
|
||||||
|
acB+0ZhY+EGQ6QF/hB6iiUj96BlQ7XAPXFU6xUt6nRjDiJmb3vW1IEv0hpbs7PRl
|
||||||
|
UMlbOwQk37rXpFqQc6ZW7lsxI2RmfkD4DOkQIGH3q5foVr+PEp0uSPWrFX62eBet
|
||||||
|
1S4c/opVv6BcuUgilYABHTYxb45GfYwJAI9Qw2uQWT8DmhtVbcYu6GLYGlnRyaOC
|
||||||
|
EPzc0z0KQTjhsgHWzi60IYBBh+fy+Z7w5X1rTTvhFOoU5J7kedGEqiBatIZmhF5t
|
||||||
|
UFbT0u350ET5a0Kg83gu5aLwXdoIP9o7bp3XzLBMVNny2RX3tOHUA2HBe/p0h0OU
|
||||||
|
Ggt3G6oD0gBe9pZI
|
||||||
|
-----END CERTIFICATE-----
|
@ -0,0 +1,10 @@
|
|||||||
|
<!DOCTYPE suite SYSTEM "http://testng.org/testng-1.0.dtd" >
|
||||||
|
|
||||||
|
<suite name="iOS-MDM-Tests">
|
||||||
|
<test name="Operatoin Bean validation tests" preserve-order="true">
|
||||||
|
<classes>
|
||||||
|
<class name="org.wso2.carbon.certificate.mgt.core.impl.CertificateGeneratorTestSuite"/>
|
||||||
|
<class name="org.wso2.carbon.certificate.mgt.core.util.CommonUtil"/>
|
||||||
|
</classes>
|
||||||
|
</test>
|
||||||
|
</suite>
|
Binary file not shown.
@ -0,0 +1,60 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!--
|
||||||
|
~ Copyright (c) 2014, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
~
|
||||||
|
~ WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
~ Version 2.0 (the "License"); you may not use this file except
|
||||||
|
~ in compliance with the License.
|
||||||
|
~ You may obtain a copy of the License at
|
||||||
|
~
|
||||||
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
~
|
||||||
|
~ Unless required by applicable law or agreed to in writing,
|
||||||
|
~ software distributed under the License is distributed on an
|
||||||
|
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
~ KIND, either express or implied. See the License for the
|
||||||
|
~ specific language governing permissions and limitations
|
||||||
|
~ under the License.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||||
|
|
||||||
|
<parent>
|
||||||
|
<groupId>org.wso2.carbon.devicemgt</groupId>
|
||||||
|
<artifactId>carbon-devicemgt</artifactId>
|
||||||
|
<version>0.9.2-SNAPSHOT</version>
|
||||||
|
<relativePath>../../pom.xml</relativePath>
|
||||||
|
</parent>
|
||||||
|
|
||||||
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
<groupId>org.wso2.carbon.devicemgt</groupId>
|
||||||
|
<artifactId>certificate-mgt</artifactId>
|
||||||
|
<version>0.9.2-SNAPSHOT</version>
|
||||||
|
<packaging>pom</packaging>
|
||||||
|
<name>WSO2 Carbon - Certificate Management Component</name>
|
||||||
|
<url>http://wso2.org</url>
|
||||||
|
|
||||||
|
<modules>
|
||||||
|
<module>org.wso2.carbon.certificate.mgt.core</module>
|
||||||
|
</modules>
|
||||||
|
|
||||||
|
<build>
|
||||||
|
<pluginManagement>
|
||||||
|
<plugins>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.apache.felix</groupId>
|
||||||
|
<artifactId>maven-scr-plugin</artifactId>
|
||||||
|
<version>1.7.2</version>
|
||||||
|
<executions>
|
||||||
|
<execution>
|
||||||
|
<id>generate-scr-scrdescriptor</id>
|
||||||
|
<goals>
|
||||||
|
<goal>scr</goal>
|
||||||
|
</goals>
|
||||||
|
</execution>
|
||||||
|
</executions>
|
||||||
|
</plugin>
|
||||||
|
</plugins>
|
||||||
|
</pluginManagement>
|
||||||
|
</build>
|
||||||
|
</project>
|
@ -0,0 +1,156 @@
|
|||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<!--
|
||||||
|
~ Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
~
|
||||||
|
~ WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
~ Version 2.0 (the "License"); you may not use this file except
|
||||||
|
~ in compliance with the License.
|
||||||
|
~ you may obtain a copy of the License at
|
||||||
|
~
|
||||||
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
~
|
||||||
|
~ Unless required by applicable law or agreed to in writing,
|
||||||
|
~ software distributed under the License is distributed on an
|
||||||
|
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
~ KIND, either express or implied. See the License for the
|
||||||
|
~ specific language governing permissions and limitations
|
||||||
|
~ under the License.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||||
|
|
||||||
|
<parent>
|
||||||
|
<groupId>org.wso2.carbon.devicemgt</groupId>
|
||||||
|
<artifactId>device-mgt-feature</artifactId>
|
||||||
|
<version>0.9.2-SNAPSHOT</version>
|
||||||
|
<relativePath>../pom.xml</relativePath>
|
||||||
|
</parent>
|
||||||
|
|
||||||
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
<artifactId>org.wso2.carbon.certificate.mgt.server.feature</artifactId>
|
||||||
|
<packaging>pom</packaging>
|
||||||
|
<version>0.9.2-SNAPSHOT</version>
|
||||||
|
<name>WSO2 Carbon - Certificate Management Server Feature</name>
|
||||||
|
<url>http://wso2.org</url>
|
||||||
|
<description>This feature contains the core bundles required for back-end Certificate Management functionality
|
||||||
|
</description>
|
||||||
|
|
||||||
|
<dependencies>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.wso2.carbon.devicemgt</groupId>
|
||||||
|
<artifactId>org.wso2.carbon.certificate.mgt.core</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.bouncycastle.wso2</groupId>
|
||||||
|
<artifactId>bcprov-jdk15on</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.bouncycastle.wso2</groupId>
|
||||||
|
<artifactId>bcpkix-jdk15on</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.bouncycastle.wso2</groupId>
|
||||||
|
<artifactId>bcmail-jdk15on</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>com.google.code.jscep.wso2</groupId>
|
||||||
|
<artifactId>jscep</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>commons-io.wso2</groupId>
|
||||||
|
<artifactId>commons-io</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>commons-lang.wso2</groupId>
|
||||||
|
<artifactId>commons-lang</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>commons-codec.wso2</groupId>
|
||||||
|
<artifactId>commons-codec</artifactId>
|
||||||
|
</dependency>
|
||||||
|
</dependencies>
|
||||||
|
|
||||||
|
<build>
|
||||||
|
<plugins>
|
||||||
|
<plugin>
|
||||||
|
<artifactId>maven-resources-plugin</artifactId>
|
||||||
|
<version>2.6</version>
|
||||||
|
<executions>
|
||||||
|
<execution>
|
||||||
|
<id>copy-resources</id>
|
||||||
|
<phase>generate-resources</phase>
|
||||||
|
<goals>
|
||||||
|
<goal>copy-resources</goal>
|
||||||
|
</goals>
|
||||||
|
<configuration>
|
||||||
|
<outputDirectory>src/main/resources</outputDirectory>
|
||||||
|
<resources>
|
||||||
|
<resource>
|
||||||
|
<directory>resources</directory>
|
||||||
|
<includes>
|
||||||
|
<include>build.properties</include>
|
||||||
|
<include>p2.inf</include>
|
||||||
|
</includes>
|
||||||
|
</resource>
|
||||||
|
</resources>
|
||||||
|
</configuration>
|
||||||
|
</execution>
|
||||||
|
</executions>
|
||||||
|
</plugin>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.wso2.maven</groupId>
|
||||||
|
<artifactId>carbon-p2-plugin</artifactId>
|
||||||
|
<version>${carbon.p2.plugin.version}</version>
|
||||||
|
<executions>
|
||||||
|
<execution>
|
||||||
|
<id>p2-feature-generation</id>
|
||||||
|
<phase>package</phase>
|
||||||
|
<goals>
|
||||||
|
<goal>p2-feature-gen</goal>
|
||||||
|
</goals>
|
||||||
|
<configuration>
|
||||||
|
<id>org.wso2.carbon.device.mgt.server</id>
|
||||||
|
<propertiesFile>../../../features/etc/feature.properties</propertiesFile>
|
||||||
|
<adviceFile>
|
||||||
|
<properties>
|
||||||
|
<propertyDef>org.wso2.carbon.p2.category.type:server</propertyDef>
|
||||||
|
<propertyDef>org.eclipse.equinox.p2.type.group:false</propertyDef>
|
||||||
|
</properties>
|
||||||
|
</adviceFile>
|
||||||
|
<bundles>
|
||||||
|
<bundleDef>
|
||||||
|
org.wso2.carbon.devicemgt:org.wso2.carbon.certificate.mgt.core:${carbon.device.mgt.version}
|
||||||
|
</bundleDef>
|
||||||
|
<bundleDef>
|
||||||
|
org.bouncycastle.wso2:bcprov-jdk15on:${bcprov.wso2.version}
|
||||||
|
</bundleDef>
|
||||||
|
<bundleDef>
|
||||||
|
org.bouncycastle.wso2:bcpkix-jdk15on:${bcpkix.wso2.version}
|
||||||
|
</bundleDef>
|
||||||
|
<bundleDef>
|
||||||
|
org.bouncycastle.wso2:bcmail-jdk15on:${bcmail.wso2.version}
|
||||||
|
</bundleDef>
|
||||||
|
<bundleDef>
|
||||||
|
com.google.code.jscep.wso2:jscep:${jscep.version}
|
||||||
|
</bundleDef>
|
||||||
|
<bundleDef>
|
||||||
|
commons-io.wso2:commons-io:${version.commons.io}
|
||||||
|
</bundleDef>
|
||||||
|
<bundleDef>
|
||||||
|
commons-lang.wso2:commons-lang:${version.commons.lang}
|
||||||
|
</bundleDef>
|
||||||
|
<bundleDef>
|
||||||
|
commons-codec.wso2:commons-codec:${version.commons.codec}
|
||||||
|
</bundleDef>
|
||||||
|
</bundles>
|
||||||
|
<importFeatures>
|
||||||
|
<importFeatureDef>org.wso2.carbon.core.server:${carbon.kernel.version}</importFeatureDef>
|
||||||
|
</importFeatures>
|
||||||
|
</configuration>
|
||||||
|
</execution>
|
||||||
|
</executions>
|
||||||
|
</plugin>
|
||||||
|
</plugins>
|
||||||
|
</build>
|
||||||
|
</project>
|
@ -0,0 +1 @@
|
|||||||
|
custom = true
|
@ -0,0 +1,19 @@
|
|||||||
|
<?xml version="1.0" encoding="ISO-8859-1"?>
|
||||||
|
<CertificateConfigurations>
|
||||||
|
<CertificateKeystore>
|
||||||
|
<!-- EMM Keystore file location-->
|
||||||
|
<CertificateKeystoreLocation>${carbon.home}/repository/resources/security/wso2cert.jks</CertificateKeystoreLocation>
|
||||||
|
<!-- EMM Keystore type (JKS/PKCS12 etc.)-->
|
||||||
|
<CertificateKeystoreType>JKS</CertificateKeystoreType>
|
||||||
|
<!-- EMM Keystore password-->
|
||||||
|
<CertificateKeystorePassword>wso2carbon</CertificateKeystorePassword>
|
||||||
|
<!-- Certificate authority certificate alias -->
|
||||||
|
<CACertAlias>cacert</CACertAlias>
|
||||||
|
<!-- Certificate authority private key password -->
|
||||||
|
<CAPrivateKeyPassword>cacert</CAPrivateKeyPassword>
|
||||||
|
<!-- Registration authority certificate alias -->
|
||||||
|
<RACertAlias>racert</RACertAlias>
|
||||||
|
<!-- Registration authority private key password -->
|
||||||
|
<RAPrivateKeyPassword>racert</RAPrivateKeyPassword>
|
||||||
|
</CertificateKeystore>
|
||||||
|
</CertificateConfigurations>
|
@ -0,0 +1,2 @@
|
|||||||
|
instructions.configure = \
|
||||||
|
org.eclipse.equinox.p2.touchpoint.natives.copy(source:${installFolder}/../features/org.wso2.carbon.certificate.mgt.server_${feature.version}/conf/certificate-config.xml,target:${installFolder}/../../conf/certificate-config.xml,overwrite:true);\
|
@ -0,0 +1,41 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<!--
|
||||||
|
~ Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
~
|
||||||
|
~ WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
~ Version 2.0 (the "License"); you may not use this file except
|
||||||
|
~ in compliance with the License.
|
||||||
|
~ You may obtain a copy of the License at
|
||||||
|
~
|
||||||
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
~
|
||||||
|
~ Unless required by applicable law or agreed to in writing,
|
||||||
|
~ software distributed under the License is distributed on an
|
||||||
|
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
~ KIND, either express or implied. See the License for the
|
||||||
|
~ specific language governing permissions and limitations
|
||||||
|
~ under the License.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||||
|
|
||||||
|
<parent>
|
||||||
|
<groupId>org.wso2.carbon.devicemgt</groupId>
|
||||||
|
<artifactId>carbon-devicemgt</artifactId>
|
||||||
|
<version>0.9.2-SNAPSHOT</version>
|
||||||
|
<relativePath>../../pom.xml</relativePath>
|
||||||
|
</parent>
|
||||||
|
|
||||||
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
<groupId>org.wso2.carbon.devicemgt</groupId>
|
||||||
|
<artifactId>certificate-mgt-feature</artifactId>
|
||||||
|
<version>0.9.2-SNAPSHOT</version>
|
||||||
|
<packaging>pom</packaging>
|
||||||
|
<name>WSO2 Carbon - Certificate Management Feature</name>
|
||||||
|
<url>http://wso2.org</url>
|
||||||
|
|
||||||
|
<modules>
|
||||||
|
<module>org.wso2.carbon.certificate.mgt.server.feature</module>
|
||||||
|
</modules>
|
||||||
|
|
||||||
|
</project>
|
Loading…
Reference in new issue