implemented certificateGenerater

components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml

@@ -71,11 +71,12 @@
                             org.bouncycastle.operator.jcajce,
                             org.bouncycastle.pkcs,
                             org.bouncycastle.util,
-                            org.bouncycastle.asn1.util,
                             org.jscep.message,
                             org.jscep.transaction,
                             org.w3c.dom,
-                            org.xml.sax
+                            org.xml.sax,
+                            javax.xml.bind,
+                            org.bouncycastle.pkcs.jcajce
                         </Import-Package>
                         <Export-Package>
                             !org.wso2.carbon.certificate.mgt.core.internal.*,

components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java

@@ -26,8 +26,7 @@ import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.pkcs.Attribute;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.KeyUsage;
+import org.bouncycastle.asn1.x509.*;
-import org.bouncycastle.asn1.x509.X509Extension;
 import org.bouncycastle.cert.CertIOException;
 import org.bouncycastle.cert.X509CertificateHolder;
 import org.bouncycastle.cert.X509v3CertificateBuilder;
@@ -43,6 +42,7 @@ import org.bouncycastle.operator.ContentSigner;
 import org.bouncycastle.operator.OperatorCreationException;
 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
 import org.bouncycastle.pkcs.PKCS10CertificationRequest;
+import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest;
 import org.bouncycastle.util.Store;
 import org.jscep.message.CertRep;
 import org.jscep.message.MessageDecodingException;
@@ -62,6 +62,7 @@ import org.wso2.carbon.certificate.mgt.core.util.CommonUtil;
 import org.wso2.carbon.certificate.mgt.core.util.ConfigurationUtil;
 
 import javax.security.auth.x500.X500Principal;
+import javax.xml.bind.DatatypeConverter;
 import java.io.ByteArrayInputStream;
 import java.io.DataInputStream;
 import java.io.File;
@@ -69,6 +70,7 @@ import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
+import java.math.BigInteger;
 import java.security.InvalidKeyException;
 import java.security.KeyFactory;
 import java.security.KeyPair;
@@ -97,6 +99,20 @@ import java.util.List;
 
 public class CertificateGenerator {
 
+    private enum PropertyIndex {
+        COMMON_NAME_INDEX(0),
+        NOT_BEFORE_DAYS_INDEX(1),
+        NOT_AFTER_DAYS_INDEX(2);
+
+        private final int itemPosition;
+        private PropertyIndex(final int itemPosition) {
+            this.itemPosition = itemPosition;
+        }
+        public int getValue() {
+            return this.itemPosition;
+        }
+    }
+
     private static final Log log = LogFactory.getLog(CertificateGenerator.class);
 
     public List<X509Certificate> getRootCertificates(byte[] ca, byte[] ra) throws KeystoreException {
@@ -596,4 +612,80 @@ public class CertificateGenerator {
 
         return null;
     }
+
+    public X509Certificate getSignCertificateFromCSR(String binarySecurityToken,
+                                                     X509Certificate caCert, List certPropertyList)
+            throws KeystoreException {
+        byte[] byteArrayBst = DatatypeConverter.parseBase64Binary(binarySecurityToken);
+        PKCS10CertificationRequest certificationRequest = null;
+        KeyStoreReader keyStoreReader = new KeyStoreReader();
+        PrivateKey privateKeyCA = keyStoreReader.getCAPrivateKey();
+
+        try {
+            certificationRequest = new PKCS10CertificationRequest(byteArrayBst);
+        } catch (IOException e) {
+            String msg = "CSR cannot be recovered.";
+            log.error(msg, e);
+        }
+        JcaPKCS10CertificationRequest csr = new JcaPKCS10CertificationRequest(certificationRequest);
+        X509Certificate signedCertificate = signCSR(csr, privateKeyCA,  caCert, certPropertyList);
+        saveCertInKeyStore(signedCertificate);
+        return signedCertificate;
+    }
+
+    private static X509Certificate signCSR(JcaPKCS10CertificationRequest jcaRequest,
+                                          PrivateKey privateKey, X509Certificate caCert,
+                                          List certParameterList) {
+
+        String commonName =
+                (String) certParameterList.get(PropertyIndex.COMMON_NAME_INDEX.getValue());
+        int notBeforeDays =
+                (Integer) certParameterList.get(PropertyIndex.NOT_BEFORE_DAYS_INDEX.getValue());
+        int notAfterDays =
+                (Integer) certParameterList.get(PropertyIndex.NOT_AFTER_DAYS_INDEX.getValue());
+        X509v3CertificateBuilder certificateBuilder;
+        X509Certificate signedCertificate = null;
+
+        try {
+            ContentSigner signer;
+            BigInteger serialNumber = BigInteger.valueOf(new SecureRandom().
+                    nextInt(Integer.MAX_VALUE));
+            Date notBeforeDate = new Date(System.currentTimeMillis() -
+                    (ConfigurationUtil.MILLI_SECONDS * notBeforeDays));
+            Date notAfterDate = new Date(System.currentTimeMillis() +
+                    (ConfigurationUtil.MILLI_SECONDS * notAfterDays));
+            certificateBuilder =
+                    new JcaX509v3CertificateBuilder(caCert, serialNumber, notBeforeDate, notAfterDate,
+                            new X500Principal(commonName),
+                            jcaRequest.getPublicKey());
+
+            //Adding extensions to the signed certificate.
+            certificateBuilder.addExtension(Extension.keyUsage, true,
+                    new KeyUsage(KeyUsage.digitalSignature));
+            certificateBuilder.addExtension(Extension.extendedKeyUsage, false,
+                    new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth));
+            certificateBuilder.addExtension(Extension.basicConstraints, true,
+                    new BasicConstraints(false));
+
+            signer = new JcaContentSignerBuilder(ConfigurationUtil.SIGNATURE_ALGORITHM).
+                    setProvider(ConfigurationUtil.PROVIDER).build(privateKey);
+
+            signedCertificate = new JcaX509CertificateConverter().setProvider(
+                    ConfigurationUtil.PROVIDER).getCertificate(
+                    certificateBuilder.build(signer));
+        } catch (InvalidKeyException e) {
+            //throw new CertificateGenerationException("CSR's public key is invalid", e);
+        } catch (NoSuchAlgorithmException e) {
+            //throw new CertificateGenerationException("Certificate cannot be generated", e);
+        } catch (CertIOException e) {
+            // throw new CertificateGenerationException(
+            //   "Cannot add extension(s) to signed certificate", e);
+        } catch (OperatorCreationException e) {
+            // throw new CertificateGenerationException("Content signer cannot be created", e);
+        } catch (CertificateException e) {
+            //throw new CertificateGenerationException("Signed certificate cannot be generated", e);
+        }
+        return signedCertificate;
+    }
+
 }

components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java

@@ -53,4 +53,7 @@ public interface CertificateManagementService {
     public X509Certificate extractCertificateFromSignature(String headerSignature) throws KeystoreException;
 
     String extractChallengeToken(X509Certificate certificate);
+
+    X509Certificate getSignCertificateFromCSR(String binarySecurityToken, X509Certificate caCert,
+                                              List certParameterList) throws KeystoreException;
 }

components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java

@@ -100,4 +100,11 @@ public class CertificateManagementServiceImpl implements CertificateManagementSe
     public String extractChallengeToken(X509Certificate certificate) {
         return certificateGenerator.extractChallengeToken(certificate);
     }
+
+    public X509Certificate getSignCertificateFromCSR(String binarySecurityToken,
+                                                     X509Certificate caCert, List certParameterList)
+            throws KeystoreException {
+        return certificateGenerator.getSignCertificateFromCSR(binarySecurityToken, caCert,
+                certParameterList);
+    }
 }

components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/ConfigurationUtil.java

@@ -37,7 +37,7 @@ public class ConfigurationUtil {
 	public static final String KEYSTORE_RA_CERT_PRIV_PASSWORD = "RAPrivateKeyPassword";
 	public static final String CA_CERT_ALIAS = "CACertAlias";
 	public static final String RA_CERT_ALIAS = "RACertAlias";
-	public static final String SIGNATUREALGO = "SHA1withRSA";
+	public static final String SIGNATURE_ALGORITHM = "SHA1withRSA";
 	public static final String PROVIDER = "BC";
 	public static final String KEYSTORE = "Type";
 	public static final String CERTIFICATE_KEYSTORE = "CertificateKeystoreType";
@@ -56,6 +56,7 @@ public class ConfigurationUtil {
     public static final String RSA_PRIVATE_KEY_END_TEXT = "-----END RSA PRIVATE KEY-----";
     public static final String EMPTY_TEXT = "";
 	public static final int RSA_KEY_LENGTH = 1024;
+	public static final long MILLI_SECONDS = 1000L * 60 * 60 * 24;
 
 
 	private static ConfigurationUtil configurationUtil;

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml

@@ -90,6 +90,7 @@
                             org.wso2.carbon.utils,
                             org.wso2.carbon.utils.multitenancy,
                             org.xml.sax,
+                            javax.servlet,
                             javax.servlet.http,
                             javax.xml,
                             org.apache.axis2.transport.http,

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java

@@ -51,7 +51,8 @@ public class CertificateAuthenticator implements WebappAuthenticator {
                 if (certHeader != null &&
                     AuthenticatorFrameworkDataHolder.getInstance().getCertificateManagementService().
                             verifySignature(certHeader)) {
-
+                    AuthenticatorFrameworkDataHolder.getInstance().getCertificateManagementService().
+                            extractCertificateFromSignature(certHeader);
                     X509Certificate certificate =
                             AuthenticatorFrameworkDataHolder.getInstance().getCertificateManagementService().
                                     extractCertificateFromSignature(certHeader);