Partial commit

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationHandler.java

@@ -27,18 +27,41 @@ import org.wso2.carbon.tomcat.ext.valves.CompositeValve;
 import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
 
 import javax.servlet.http.HttpServletResponse;
+import java.util.Arrays;
+import java.util.List;
 import java.util.StringTokenizer;
 
 public class WebappAuthenticationHandler extends CarbonTomcatValve {
 
     private static final Log log = LogFactory.getLog(WebappAuthenticationHandler.class);
+    private static final String BYPASS_URIS = "bypass-uris";
 
     @Override
     public void invoke(Request request, Response response, CompositeValve compositeValve) {
+
         if (this.isContextSkipped(request) || (!this.isAdminService(request) && this.skipAuthentication(request))) {
             this.getNext().invoke(request, response, compositeValve);
             return;
         }
+
+        String byPassURIs = request.getContext().findParameter(WebappAuthenticationHandler.BYPASS_URIS);
+
+        if(byPassURIs != null && !byPassURIs.isEmpty()) {
+
+            List<String> requestURI = Arrays.asList(byPassURIs.split(","));
+
+            if(requestURI != null && requestURI.size() > 0) {
+                for (String pathURI : requestURI) {
+                    pathURI = pathURI.replace("\n", "").replace("\r", "").trim();
+
+                    if (request.getRequestURI().equals(pathURI)) {
+                        this.getNext().invoke(request, response, compositeValve);
+                        return;
+                    }
+                }
+            }
+        }
+
         WebappAuthenticator authenticator = WebappAuthenticatorFactory.getAuthenticator(request);
         if (authenticator == null) {
             String msg = "Failed to load an appropriate authenticator to authenticate the request";

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorFrameworkValve.java

@@ -27,22 +27,47 @@ import org.wso2.carbon.tomcat.ext.valves.CompositeValve;
 import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
 
 import javax.servlet.http.HttpServletResponse;
+<<<<<<< HEAD
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Properties;
+=======
+import java.util.Arrays;
+import java.util.List;
+>>>>>>> e1a74e049dbebd513910e9ed69226f488d73c314
 
 public class WebappAuthenticatorFrameworkValve extends CarbonTomcatValve {
 
     private static final String AUTHENTICATION_SCHEME = "authentication-scheme";
+    private static final String BYPASS_URIS = "bypass-uris";
     private static final Log log = LogFactory.getLog(WebappAuthenticatorFrameworkValve.class);
 
     @Override
     public void invoke(Request request, Response response, CompositeValve compositeValve) {
-        String authScheme = request.getAuthType();
-        if (authScheme == null || "".equals(authScheme)) {
+
+        String authScheme = request.getContext().findParameter(WebappAuthenticatorFrameworkValve.AUTHENTICATION_SCHEME);
+
+        if (authScheme == null || authScheme.isEmpty()) {
             this.getNext().invoke(request, response, compositeValve);
             return;
         }
+
+        String byPassURIs = request.getContext().findParameter(WebappAuthenticatorFrameworkValve.BYPASS_URIS);
+
+        if(byPassURIs != null && !byPassURIs.isEmpty()) {
+
+            List<String> requestURI = Arrays.asList(byPassURIs.split(","));
+
+            if(requestURI != null && requestURI.size() > 0) {
+                for (String pathURI : requestURI) {
+                    if (request.getRequestURI().equals(pathURI)) {
+                        this.getNext().invoke(request, response, compositeValve);
+                        return;
+                    }
+                }
+            }
+        }
+
         WebappAuthenticator authenticator = WebappAuthenticatorFactory.getAuthenticator(authScheme);
         if (authenticator == null) {
             String msg = "Failed to load an appropriate authenticator to authenticate the request";

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java

@@ -14,22 +14,20 @@ public class CertificateAuthenticator implements WebappAuthenticator {
 
     private static final Log log = LogFactory.getLog(CertificateAuthenticator.class);
     private static final String CERTIFICATE_AUTHENTICATOR = "CertificateAuth";
-    private static final String HEADER_MDM_SIGNATURE = "Mdm-Signature";
-    private String[] skippedURIs;
-
-    public CertificateAuthenticator() {
-        skippedURIs = new String[]{
-                "/ios-enrollment/ca",
-                "/ios-enrollment/authenticate",
-                "/ios-enrollment/profile",
-                "/ios-enrollment/scep",
-                "/ios-enrollment/enroll",
-                "/ios-enrollment/enrolled"};
-    }
+    private static final String CERTIFICATE_VERIFICATION_HEADER = "certificate-verification-header";
 
     @Override
     public boolean canHandle(Request request) {
-        return true;
+        String certVerificationHeader = request.getContext().findParameter(CERTIFICATE_VERIFICATION_HEADER);
+
+        if (certVerificationHeader != null && !certVerificationHeader.isEmpty()) {
+
+            String certHeader = request.getHeader(certVerificationHeader);
+
+            return certHeader != null;
+        }
+
+        return false;
     }
 
     @Override
@@ -40,16 +38,17 @@ public class CertificateAuthenticator implements WebappAuthenticator {
             return Status.CONTINUE;
         }
 
-        if(isURISkipped(requestUri)) {
-            return Status.CONTINUE;
-        }
-
-        String headerMDMSignature = request.getHeader(HEADER_MDM_SIGNATURE);
+        String certVerificationHeader = request.getContext().findParameter(CERTIFICATE_VERIFICATION_HEADER);
 
         try {
-            if (headerMDMSignature != null && !headerMDMSignature.isEmpty() &&
-                    DataHolder.getInstance().getCertificateManagementService().verifySignature(headerMDMSignature)) {
-                return Status.SUCCESS;
+            if (certVerificationHeader != null && !certVerificationHeader.isEmpty()) {
+
+                String certHeader = request.getHeader(certVerificationHeader);
+
+                if (certHeader != null && DataHolder.getInstance().getCertificateManagementService().
+                        verifySignature(certHeader)) {
+                    return Status.SUCCESS;
+                }
             }
         } catch (KeystoreException e) {
             log.error("KeystoreException occurred ", e);
@@ -63,16 +62,4 @@ public class CertificateAuthenticator implements WebappAuthenticator {
     public String getName() {
         return CERTIFICATE_AUTHENTICATOR;
     }
-
-    private boolean isURISkipped(String requestUri) {
-
-        for (String element : skippedURIs) {
-            if (element.equals(requestUri)) {
-                return true;
-            }
-        }
-
-        return false;
-    }
-
 }