Merge branch 'hasuniea-master'

merge-requests/7/head
harshanl 9 years ago
commit 14923d0d99

@ -71,11 +71,12 @@
org.bouncycastle.operator.jcajce, org.bouncycastle.operator.jcajce,
org.bouncycastle.pkcs, org.bouncycastle.pkcs,
org.bouncycastle.util, org.bouncycastle.util,
org.bouncycastle.asn1.util,
org.jscep.message, org.jscep.message,
org.jscep.transaction, org.jscep.transaction,
org.w3c.dom, org.w3c.dom,
org.xml.sax org.xml.sax,
javax.xml.bind,
org.bouncycastle.pkcs.jcajce
</Import-Package> </Import-Package>
<Export-Package> <Export-Package>
!org.wso2.carbon.certificate.mgt.core.internal.*, !org.wso2.carbon.certificate.mgt.core.internal.*,

@ -44,14 +44,7 @@ import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest; import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.util.Store; import org.bouncycastle.util.Store;
import org.jscep.message.CertRep; import org.jscep.message.*;
import org.jscep.message.MessageDecodingException;
import org.jscep.message.MessageEncodingException;
import org.jscep.message.PkcsPkiEnvelopeDecoder;
import org.jscep.message.PkcsPkiEnvelopeEncoder;
import org.jscep.message.PkiMessage;
import org.jscep.message.PkiMessageDecoder;
import org.jscep.message.PkiMessageEncoder;
import org.jscep.transaction.FailInfo; import org.jscep.transaction.FailInfo;
import org.jscep.transaction.Nonce; import org.jscep.transaction.Nonce;
import org.jscep.transaction.TransactionId; import org.jscep.transaction.TransactionId;
@ -62,32 +55,11 @@ import org.wso2.carbon.certificate.mgt.core.util.CommonUtil;
import org.wso2.carbon.certificate.mgt.core.util.ConfigurationUtil; import org.wso2.carbon.certificate.mgt.core.util.ConfigurationUtil;
import javax.security.auth.x500.X500Principal; import javax.security.auth.x500.X500Principal;
import java.io.ByteArrayInputStream; import javax.xml.bind.DatatypeConverter;
import java.io.DataInputStream; import java.io.*;
import java.io.File; import java.security.*;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.Certificate; import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException; import java.security.cert.*;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException; import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList; import java.util.ArrayList;
@ -598,4 +570,31 @@ public class CertificateGenerator {
return null; return null;
} }
/**
* Get Signed certificate by parsing certificate.
* @param binarySecurityToken CSR that comes from the client as a String value.It is base 64 encoded request
* security token.
* @return Return signed certificate in X508Certificate type object.
* @throws KeystoreException
*/
public X509Certificate getSignedCertificateFromCSR(String binarySecurityToken)
throws KeystoreException {
byte[] byteArrayBst = DatatypeConverter.parseBase64Binary(binarySecurityToken);
PKCS10CertificationRequest certificationRequest;
KeyStoreReader keyStoreReader = new KeyStoreReader();
PrivateKey privateKeyCA = keyStoreReader.getCAPrivateKey();
X509Certificate certCA = (X509Certificate) keyStoreReader.getCACertificate();
try {
certificationRequest = new PKCS10CertificationRequest(byteArrayBst);
} catch (IOException e) {
String msg = "CSR cannot be recovered.";
log.error(msg, e);
throw new KeystoreException(msg, e);
}
X509Certificate signedCertificate = generateCertificateFromCSR(privateKeyCA, certificationRequest,
certCA.getIssuerX500Principal().getName());
return signedCertificate;
}
} }

@ -53,4 +53,6 @@ public interface CertificateManagementService {
public X509Certificate extractCertificateFromSignature(String headerSignature) throws KeystoreException; public X509Certificate extractCertificateFromSignature(String headerSignature) throws KeystoreException;
String extractChallengeToken(X509Certificate certificate); String extractChallengeToken(X509Certificate certificate);
X509Certificate getSignedCertificateFromCSR(String binarySecurityToken) throws KeystoreException;
} }

@ -100,4 +100,9 @@ public class CertificateManagementServiceImpl implements CertificateManagementSe
public String extractChallengeToken(X509Certificate certificate) { public String extractChallengeToken(X509Certificate certificate) {
return certificateGenerator.extractChallengeToken(certificate); return certificateGenerator.extractChallengeToken(certificate);
} }
public X509Certificate getSignedCertificateFromCSR(String binarySecurityToken) throws KeystoreException {
return certificateGenerator.getSignedCertificateFromCSR(binarySecurityToken);
}
} }

@ -37,7 +37,7 @@ public class ConfigurationUtil {
public static final String KEYSTORE_RA_CERT_PRIV_PASSWORD = "RAPrivateKeyPassword"; public static final String KEYSTORE_RA_CERT_PRIV_PASSWORD = "RAPrivateKeyPassword";
public static final String CA_CERT_ALIAS = "CACertAlias"; public static final String CA_CERT_ALIAS = "CACertAlias";
public static final String RA_CERT_ALIAS = "RACertAlias"; public static final String RA_CERT_ALIAS = "RACertAlias";
public static final String SIGNATUREALGO = "SHA1withRSA"; public static final String SIGNATURE_ALGORITHM = "SHA1withRSA";
public static final String PROVIDER = "BC"; public static final String PROVIDER = "BC";
public static final String KEYSTORE = "Type"; public static final String KEYSTORE = "Type";
public static final String CERTIFICATE_KEYSTORE = "CertificateKeystoreType"; public static final String CERTIFICATE_KEYSTORE = "CertificateKeystoreType";
@ -56,6 +56,7 @@ public class ConfigurationUtil {
public static final String RSA_PRIVATE_KEY_END_TEXT = "-----END RSA PRIVATE KEY-----"; public static final String RSA_PRIVATE_KEY_END_TEXT = "-----END RSA PRIVATE KEY-----";
public static final String EMPTY_TEXT = ""; public static final String EMPTY_TEXT = "";
public static final int RSA_KEY_LENGTH = 1024; public static final int RSA_KEY_LENGTH = 1024;
public static final long MILLI_SECONDS = 1000L * 60 * 60 * 24;
private static ConfigurationUtil configurationUtil; private static ConfigurationUtil configurationUtil;

@ -90,6 +90,7 @@
org.wso2.carbon.utils, org.wso2.carbon.utils,
org.wso2.carbon.utils.multitenancy, org.wso2.carbon.utils.multitenancy,
org.xml.sax, org.xml.sax,
javax.servlet,
javax.servlet.http, javax.servlet.http,
javax.xml, javax.xml,
org.apache.axis2.transport.http, org.apache.axis2.transport.http,

@ -51,7 +51,8 @@ public class CertificateAuthenticator implements WebappAuthenticator {
if (certHeader != null && if (certHeader != null &&
AuthenticatorFrameworkDataHolder.getInstance().getCertificateManagementService(). AuthenticatorFrameworkDataHolder.getInstance().getCertificateManagementService().
verifySignature(certHeader)) { verifySignature(certHeader)) {
AuthenticatorFrameworkDataHolder.getInstance().getCertificateManagementService().
extractCertificateFromSignature(certHeader);
X509Certificate certificate = X509Certificate certificate =
AuthenticatorFrameworkDataHolder.getInstance().getCertificateManagementService(). AuthenticatorFrameworkDataHolder.getInstance().getCertificateManagementService().
extractCertificateFromSignature(certHeader); extractCertificateFromSignature(certHeader);

Loading…
Cancel
Save