diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml index 72647601ae..81d6be9ba4 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml @@ -27,7 +27,6 @@ 4.0.0 - org.wso2.carbon.devicemgt org.wso2.carbon.certificate.mgt.core 0.9.2-SNAPSHOT bundle diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java index a1ddb3c20e..7a2538af22 100755 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java @@ -64,7 +64,6 @@ import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; -import java.math.BigInteger; import java.security.InvalidKeyException; import java.security.KeyFactory; import java.security.KeyPair; @@ -77,6 +76,7 @@ import java.security.PrivateKey; import java.security.SecureRandom; import java.security.Security; import java.security.SignatureException; +import java.security.cert.Certificate; import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.security.cert.CertificateExpiredException; @@ -157,10 +157,9 @@ public class CertificateGenerator { keyPairGenerator.initialize(ConfigurationUtil.RSA_KEY_LENGTH, new SecureRandom()); KeyPair pair = keyPairGenerator.generateKeyPair(); X500Principal principal = new X500Principal(ConfigurationUtil.DEFAULT_PRINCIPAL); - BigInteger serial = BigInteger.valueOf(System.currentTimeMillis()); X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder( - principal, serial, validityBeginDate, validityEndDate, + principal, CommonUtil.generateSerialNumber(), validityBeginDate, validityEndDate, principal, pair.getPublic()); ContentSigner contentSigner = new JcaContentSignerBuilder(ConfigurationUtil.SHA256_RSA) .setProvider(ConfigurationUtil.PROVIDER).build( @@ -283,6 +282,58 @@ public class CertificateGenerator { } } + public boolean verifySignature(String headerSignature) throws KeystoreException { + Certificate certificate = extractCertificateFromSignature(headerSignature); + return (certificate != null); + } + + public X509Certificate extractCertificateFromSignature(String headerSignature) throws KeystoreException { + + if (headerSignature == null || headerSignature.isEmpty()) { + return null; + } + + try { + KeyStoreReader keyStoreReader = new KeyStoreReader(); + CMSSignedData signedData = new CMSSignedData(Base64.decodeBase64(headerSignature.getBytes())); + Store reqStore = signedData.getCertificates(); + @SuppressWarnings("unchecked") + Collection reqCerts = reqStore.getMatches(null); + + if (reqCerts != null && reqCerts.size() > 0) { + CertificateFactory certificateFactory = CertificateFactory.getInstance(ConfigurationUtil.X_509); + X509CertificateHolder holder = reqCerts.iterator().next(); + ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(holder.getEncoded()); + X509Certificate reqCert = (X509Certificate) certificateFactory. + generateCertificate(byteArrayInputStream); + + if(reqCert != null && reqCert.getSerialNumber() != null) { + Certificate lookUpCertificate = keyStoreReader.getCertificateByAlias( + reqCert.getSerialNumber().toString()); + + if (lookUpCertificate != null && (lookUpCertificate instanceof X509Certificate)) { + return (X509Certificate)lookUpCertificate; + } + } + + } + } catch (CMSException e) { + String errorMsg = "CMSException when decoding certificate signature"; + log.error(errorMsg, e); + throw new KeystoreException(errorMsg, e); + } catch (IOException e) { + String errorMsg = "IOException when decoding certificate signature"; + log.error(errorMsg, e); + throw new KeystoreException(errorMsg, e); + } catch (CertificateException e) { + String errorMsg = "CertificateException when decoding certificate signature"; + log.error(errorMsg, e); + throw new KeystoreException(errorMsg, e); + } + + return null; + } + public X509Certificate generateCertificateFromCSR(PrivateKey privateKey, PKCS10CertificationRequest request, String issueSubject) @@ -305,7 +356,7 @@ public class CertificateGenerator { } X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder( - new X500Name(issueSubject), BigInteger.valueOf(System.currentTimeMillis()), + new X500Name(issueSubject), CommonUtil.generateSerialNumber(), validityBeginDate, validityEndDate, certSubject, request.getSubjectPublicKeyInfo()); ContentSigner sigGen; diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/KeyStoreReader.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/KeyStoreReader.java index f714a4746b..1b82bb9683 100755 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/KeyStoreReader.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/KeyStoreReader.java @@ -204,6 +204,25 @@ public class KeyStoreReader { return raCertificate; } + public Certificate getCertificateByAlias(String alias) throws KeystoreException { + + KeyStore keystore = loadCertificateKeyStore(); + Certificate raCertificate; + try { + raCertificate = keystore.getCertificate(alias); + } catch (KeyStoreException e) { + String errorMsg = "KeyStore issue occurred when retrieving RA private key"; + log.error(errorMsg, e); + throw new KeystoreException(errorMsg, e); + } + + if (raCertificate == null) { + throw new KeystoreException("RA certificate not found in KeyStore"); + } + + return raCertificate; + } + PrivateKey getRAPrivateKey() throws KeystoreException { KeyStore keystore = loadCertificateKeyStore(); diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java index c9b1ca5c96..0b47c43707 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java @@ -33,17 +33,22 @@ public interface CertificateManagementService { Certificate getRACertificate() throws KeystoreException; - public List getRootCertificates(byte[] ca, byte[] ra) throws KeystoreException; + List getRootCertificates(byte[] ca, byte[] ra) throws KeystoreException; - public X509Certificate generateX509Certificate() throws KeystoreException; + X509Certificate generateX509Certificate() throws KeystoreException; - public SCEPResponse getCACertSCEP() throws KeystoreException; + SCEPResponse getCACertSCEP() throws KeystoreException; - public byte[] getCACapsSCEP(); + byte[] getCACapsSCEP(); - public byte[] getPKIMessageSCEP(InputStream inputStream) throws KeystoreException; + byte[] getPKIMessageSCEP(InputStream inputStream) throws KeystoreException; - public X509Certificate generateCertificateFromCSR(PrivateKey privateKey, - PKCS10CertificationRequest request, + X509Certificate generateCertificateFromCSR(PrivateKey privateKey, PKCS10CertificationRequest request, String issueSubject) throws KeystoreException; + + Certificate getCertificateByAlias(String alias) throws KeystoreException; + + boolean verifySignature(String headerSignature) throws KeystoreException; + + public X509Certificate extractCertificateFromSignature(String headerSignature) throws KeystoreException; } diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java index a294acbc16..c379df4264 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java @@ -84,4 +84,16 @@ public class CertificateManagementServiceImpl implements CertificateManagementSe String issueSubject) throws KeystoreException { return certificateGenerator.generateCertificateFromCSR(privateKey, request, issueSubject); } + + public Certificate getCertificateByAlias(String alias) throws KeystoreException { + return keyStoreReader.getCertificateByAlias(alias); + } + + public boolean verifySignature(String headerSignature) throws KeystoreException { + return certificateGenerator.verifySignature(headerSignature); + } + + public X509Certificate extractCertificateFromSignature(String headerSignature) throws KeystoreException { + return certificateGenerator.extractCertificateFromSignature(headerSignature); + } } diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/CommonUtil.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/CommonUtil.java index a149c92569..6b9bc5897e 100755 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/CommonUtil.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/CommonUtil.java @@ -17,6 +17,7 @@ */ package org.wso2.carbon.certificate.mgt.core.util; +import java.math.BigInteger; import java.util.Calendar; import java.util.Date; @@ -40,4 +41,8 @@ public class CommonUtil { return calendar.getTime(); } + public static synchronized BigInteger generateSerialNumber() { + return BigInteger.valueOf(System.currentTimeMillis()); + } + } diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml index 3405148639..edca5ac955 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml @@ -88,7 +88,11 @@ org.wso2.carbon.user.core.tenant, org.wso2.carbon.utils, org.wso2.carbon.utils.multitenancy, - org.xml.sax + org.xml.sax, + javax.servlet.http, + javax.xml, + org.apache.axis2.transport.http, + org.wso2.carbon.apimgt.impl