Certificate verification

9 years ago · 0140974487
parent f4b2a9ca3a
commit 0140974487
5 changed files with 85 additions and 8 deletions
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml
@ -27,7 +27,6 @@
    </parent>
    <modelVersion>4.0.0</modelVersion>
    <groupId>org.wso2.carbon.devicemgt</groupId>
    <artifactId>org.wso2.carbon.certificate.mgt.core</artifactId>
    <version>0.9.2-SNAPSHOT</version>
    <packaging>bundle</packaging>
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java
@ -77,6 +77,7 @@ import java.security.PrivateKey;
 import java.security.SecureRandom;
 import java.security.Security;
 import java.security.SignatureException;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateExpiredException;
@ -283,6 +284,53 @@ public class CertificateGenerator {
        }
    }
    public boolean verifySignature(String headerSignature) throws KeystoreException {
        if (headerSignature == null || headerSignature.isEmpty()) {
            return false;
        }
        try {
            KeyStoreReader keyStoreReader = new KeyStoreReader();
            CMSSignedData signedData = new CMSSignedData(Base64.decodeBase64(headerSignature.getBytes()));
            Store reqStore = signedData.getCertificates();
            @SuppressWarnings("unchecked")
            Collection<X509CertificateHolder> reqCerts = reqStore.getMatches(null);
            if (reqCerts != null && reqCerts.size() > 0) {
                CertificateFactory certificateFactory = CertificateFactory.getInstance(ConfigurationUtil.X_509);
                X509CertificateHolder holder = reqCerts.iterator().next();
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(holder.getEncoded());
                X509Certificate reqCert = (X509Certificate) certificateFactory.
                        generateCertificate(byteArrayInputStream);
                if(reqCert != null && reqCert.getSerialNumber() != null) {
                    Certificate lookUpCertificate = keyStoreReader.getCertificateByAlias(
                            reqCert.getSerialNumber().toString());
                    if (lookUpCertificate != null) {
                        return true;
                    }
                }
            }
        } catch (CMSException e) {
            String errorMsg = "CMSException when decoding certificate signature";
            log.error(errorMsg, e);
            throw new KeystoreException(errorMsg, e);
        } catch (IOException e) {
            String errorMsg = "IOException when decoding certificate signature";
            log.error(errorMsg, e);
            throw new KeystoreException(errorMsg, e);
        } catch (CertificateException e) {
            String errorMsg = "CertificateException when decoding certificate signature";
            log.error(errorMsg, e);
            throw new KeystoreException(errorMsg, e);
        }
        return false;
    }
    public X509Certificate generateCertificateFromCSR(PrivateKey privateKey,
                                                             PKCS10CertificationRequest request,
                                                             String issueSubject)
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/KeyStoreReader.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/KeyStoreReader.java
@ -204,6 +204,25 @@ public class KeyStoreReader {
        return raCertificate;
    }
    public Certificate getCertificateByAlias(String alias) throws KeystoreException {
        KeyStore keystore = loadCertificateKeyStore();
        Certificate raCertificate;
        try {
            raCertificate = keystore.getCertificate(alias);
        } catch (KeyStoreException e) {
            String errorMsg = "KeyStore issue occurred when retrieving RA private key";
            log.error(errorMsg, e);
            throw new KeystoreException(errorMsg, e);
        }
        if (raCertificate == null) {
            throw new KeystoreException("RA certificate not found in KeyStore");
        }
        return raCertificate;
    }
    PrivateKey getRAPrivateKey() throws KeystoreException {
        KeyStore keystore = loadCertificateKeyStore();
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java
@ -33,17 +33,20 @@ public interface CertificateManagementService {
    Certificate getRACertificate() throws KeystoreException;
-    public List<X509Certificate> getRootCertificates(byte[] ca, byte[] ra) throws KeystoreException;
+    List<X509Certificate> getRootCertificates(byte[] ca, byte[] ra) throws KeystoreException;
-    public X509Certificate generateX509Certificate() throws KeystoreException;
+    X509Certificate generateX509Certificate() throws KeystoreException;
-    public SCEPResponse getCACertSCEP() throws KeystoreException;
+    SCEPResponse getCACertSCEP() throws KeystoreException;
-    public byte[] getCACapsSCEP();
+    byte[] getCACapsSCEP();
-    public byte[] getPKIMessageSCEP(InputStream inputStream) throws KeystoreException;
+    byte[] getPKIMessageSCEP(InputStream inputStream) throws KeystoreException;
-    public X509Certificate generateCertificateFromCSR(PrivateKey privateKey,
+    X509Certificate generateCertificateFromCSR(PrivateKey privateKey, PKCS10CertificationRequest request,
                                                              PKCS10CertificationRequest request,
                                                              String issueSubject) throws KeystoreException;
    Certificate getCertificateByAlias(String alias) throws KeystoreException;
    boolean verifySignature(String headerSignature) throws KeystoreException;
 }
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java
@ -84,4 +84,12 @@ public class CertificateManagementServiceImpl implements CertificateManagementSe
                                                              String issueSubject) throws KeystoreException {
        return certificateGenerator.generateCertificateFromCSR(privateKey, request, issueSubject);
    }
    public Certificate getCertificateByAlias(String alias) throws KeystoreException {
        return keyStoreReader.getCertificateByAlias(alias);
    }
    public boolean verifySignature(String headerSignature) throws KeystoreException {
        return certificateGenerator.verifySignature(headerSignature);
    }
 }