diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml
index 72647601ae..81d6be9ba4 100644
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml
@@ -27,7 +27,6 @@
4.0.0
- org.wso2.carbon.devicemgt
org.wso2.carbon.certificate.mgt.core
0.9.2-SNAPSHOT
bundle
diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java
index a1ddb3c20e..e0c999ad07 100755
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java
@@ -77,6 +77,7 @@ import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.SignatureException;
+import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
@@ -283,6 +284,53 @@ public class CertificateGenerator {
}
}
+ public boolean verifySignature(String headerSignature) throws KeystoreException {
+
+ if (headerSignature == null || headerSignature.isEmpty()) {
+ return false;
+ }
+
+ try {
+ KeyStoreReader keyStoreReader = new KeyStoreReader();
+ CMSSignedData signedData = new CMSSignedData(Base64.decodeBase64(headerSignature.getBytes()));
+ Store reqStore = signedData.getCertificates();
+ @SuppressWarnings("unchecked")
+ Collection reqCerts = reqStore.getMatches(null);
+
+ if (reqCerts != null && reqCerts.size() > 0) {
+ CertificateFactory certificateFactory = CertificateFactory.getInstance(ConfigurationUtil.X_509);
+ X509CertificateHolder holder = reqCerts.iterator().next();
+ ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(holder.getEncoded());
+ X509Certificate reqCert = (X509Certificate) certificateFactory.
+ generateCertificate(byteArrayInputStream);
+
+ if(reqCert != null && reqCert.getSerialNumber() != null) {
+ Certificate lookUpCertificate = keyStoreReader.getCertificateByAlias(
+ reqCert.getSerialNumber().toString());
+
+ if (lookUpCertificate != null) {
+ return true;
+ }
+ }
+
+ }
+ } catch (CMSException e) {
+ String errorMsg = "CMSException when decoding certificate signature";
+ log.error(errorMsg, e);
+ throw new KeystoreException(errorMsg, e);
+ } catch (IOException e) {
+ String errorMsg = "IOException when decoding certificate signature";
+ log.error(errorMsg, e);
+ throw new KeystoreException(errorMsg, e);
+ } catch (CertificateException e) {
+ String errorMsg = "CertificateException when decoding certificate signature";
+ log.error(errorMsg, e);
+ throw new KeystoreException(errorMsg, e);
+ }
+
+ return false;
+ }
+
public X509Certificate generateCertificateFromCSR(PrivateKey privateKey,
PKCS10CertificationRequest request,
String issueSubject)
diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/KeyStoreReader.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/KeyStoreReader.java
index f714a4746b..1b82bb9683 100755
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/KeyStoreReader.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/KeyStoreReader.java
@@ -204,6 +204,25 @@ public class KeyStoreReader {
return raCertificate;
}
+ public Certificate getCertificateByAlias(String alias) throws KeystoreException {
+
+ KeyStore keystore = loadCertificateKeyStore();
+ Certificate raCertificate;
+ try {
+ raCertificate = keystore.getCertificate(alias);
+ } catch (KeyStoreException e) {
+ String errorMsg = "KeyStore issue occurred when retrieving RA private key";
+ log.error(errorMsg, e);
+ throw new KeystoreException(errorMsg, e);
+ }
+
+ if (raCertificate == null) {
+ throw new KeystoreException("RA certificate not found in KeyStore");
+ }
+
+ return raCertificate;
+ }
+
PrivateKey getRAPrivateKey() throws KeystoreException {
KeyStore keystore = loadCertificateKeyStore();
diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java
index c9b1ca5c96..67171a3f93 100644
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java
@@ -33,17 +33,20 @@ public interface CertificateManagementService {
Certificate getRACertificate() throws KeystoreException;
- public List getRootCertificates(byte[] ca, byte[] ra) throws KeystoreException;
+ List getRootCertificates(byte[] ca, byte[] ra) throws KeystoreException;
- public X509Certificate generateX509Certificate() throws KeystoreException;
+ X509Certificate generateX509Certificate() throws KeystoreException;
- public SCEPResponse getCACertSCEP() throws KeystoreException;
+ SCEPResponse getCACertSCEP() throws KeystoreException;
- public byte[] getCACapsSCEP();
+ byte[] getCACapsSCEP();
- public byte[] getPKIMessageSCEP(InputStream inputStream) throws KeystoreException;
+ byte[] getPKIMessageSCEP(InputStream inputStream) throws KeystoreException;
- public X509Certificate generateCertificateFromCSR(PrivateKey privateKey,
- PKCS10CertificationRequest request,
+ X509Certificate generateCertificateFromCSR(PrivateKey privateKey, PKCS10CertificationRequest request,
String issueSubject) throws KeystoreException;
+
+ Certificate getCertificateByAlias(String alias) throws KeystoreException;
+
+ boolean verifySignature(String headerSignature) throws KeystoreException;
}
diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java
index a294acbc16..014363e90d 100644
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java
@@ -84,4 +84,12 @@ public class CertificateManagementServiceImpl implements CertificateManagementSe
String issueSubject) throws KeystoreException {
return certificateGenerator.generateCertificateFromCSR(privateKey, request, issueSubject);
}
+
+ public Certificate getCertificateByAlias(String alias) throws KeystoreException {
+ return keyStoreReader.getCertificateByAlias(alias);
+ }
+
+ public boolean verifySignature(String headerSignature) throws KeystoreException {
+ return certificateGenerator.verifySignature(headerSignature);
+ }
}