Partial commit

4.x.x
milanperera 9 years ago
commit 517039cccb

@ -33,6 +33,7 @@ public class PermissionManager {
private static PermissionManager permissionManager; private static PermissionManager permissionManager;
public static PermissionManager getInstance() { public static PermissionManager getInstance() {
if (permissionManager == null) { if (permissionManager == null) {
synchronized (PermissionManager.class) { synchronized (PermissionManager.class) {

@ -93,7 +93,8 @@
javax.xml, javax.xml,
org.apache.axis2.transport.http, org.apache.axis2.transport.http,
org.wso2.carbon.apimgt.impl, org.wso2.carbon.apimgt.impl,
org.wso2.carbon.registry.api org.wso2.carbon.certificate.mgt.core.service,
org.wso2.carbon.certificate.mgt.core.exception
</Import-Package> </Import-Package>
<!--<Fragment-Host>tomcat</Fragment-Host>--> <!--<Fragment-Host>tomcat</Fragment-Host>-->
</instructions> </instructions>
@ -147,6 +148,10 @@
<groupId>org.wso2.orbit.com.nimbusds</groupId> <groupId>org.wso2.orbit.com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId> <artifactId>nimbus-jose-jwt</artifactId>
</dependency> </dependency>
<dependency>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>org.wso2.carbon.certificate.mgt.core</artifactId>
</dependency>
</dependencies> </dependencies>
</project> </project>

@ -18,12 +18,14 @@
*/ */
package org.wso2.carbon.webapp.authenticator.framework; package org.wso2.carbon.webapp.authenticator.framework;
import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService;
import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.user.core.service.RealmService;
public class DataHolder { public class DataHolder {
private WebappAuthenticatorRepository repository; private WebappAuthenticatorRepository repository;
private RealmService realmService; private RealmService realmService;
private CertificateManagementService certificateManagementService;
private DataHolder() {} private DataHolder() {}
@ -48,4 +50,12 @@ public class DataHolder {
public void setRealmService(RealmService realmService) { public void setRealmService(RealmService realmService) {
this.realmService = realmService; this.realmService = realmService;
} }
public CertificateManagementService getCertificateManagementService() {
return certificateManagementService;
}
public void setCertificateManagementService(CertificateManagementService certificateManagementService) {
this.certificateManagementService = certificateManagementService;
}
} }

@ -0,0 +1,78 @@
package org.wso2.carbon.webapp.authenticator.framework.authenticator;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.certificate.mgt.core.exception.KeystoreException;
import org.wso2.carbon.webapp.authenticator.framework.DataHolder;
/**
* This authenticator authenticates HTTP requests using certificates.
*/
public class CertificateAuthenticator implements WebappAuthenticator {
private static final Log log = LogFactory.getLog(CertificateAuthenticator.class);
private static final String CERTIFICATE_AUTHENTICATOR = "CertificateAuth";
private static final String HEADER_MDM_SIGNATURE = "Mdm-Signature";
private String[] skippedURIs;
public CertificateAuthenticator() {
skippedURIs = new String[]{
"/ios-enrollment/ca",
"/ios-enrollment/authenticate",
"/ios-enrollment/profile",
"/ios-enrollment/scep",
"/ios-enrollment/enroll",
"/ios-enrollment/enrolled"};
}
@Override
public boolean canHandle(Request request) {
return true;
}
@Override
public Status authenticate(Request request, Response response) {
String requestUri = request.getRequestURI();
if (requestUri == null || requestUri.isEmpty()) {
return Status.CONTINUE;
}
if(isURISkipped(requestUri)) {
return Status.CONTINUE;
}
String headerMDMSignature = request.getHeader(HEADER_MDM_SIGNATURE);
try {
if (headerMDMSignature != null && !headerMDMSignature.isEmpty() &&
DataHolder.getInstance().getCertificateManagementService().verifySignature(headerMDMSignature)) {
return Status.SUCCESS;
}
} catch (KeystoreException e) {
log.error("KeystoreException occurred ", e);
return Status.FAILURE;
}
return Status.FAILURE;
}
@Override
public String getName() {
return CERTIFICATE_AUTHENTICATOR;
}
private boolean isURISkipped(String requestUri) {
for (String element : skippedURIs) {
if (element.equals(requestUri)) {
return true;
}
}
return false;
}
}

@ -21,6 +21,7 @@ package org.wso2.carbon.webapp.authenticator.framework.internal;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.osgi.service.component.ComponentContext; import org.osgi.service.component.ComponentContext;
import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService;
import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve; import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve;
import org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer; import org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer;
import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.user.core.service.RealmService;
@ -44,6 +45,12 @@ import java.util.List;
* policy="dynamic" * policy="dynamic"
* bind="setRealmService" * bind="setRealmService"
* unbind="unsetRealmService" * unbind="unsetRealmService"
* @scr.reference name="org.wso2.carbon.certificate.mgt"
* interface="org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService"
* policy="dynamic"
* cardinality="1..n"
* bind="setCertificateManagementService"
* unbind="unsetCertificateManagementService"
*/ */
public class WebappAuthenticatorFrameworkServiceComponent { public class WebappAuthenticatorFrameworkServiceComponent {
@ -98,4 +105,19 @@ public class WebappAuthenticatorFrameworkServiceComponent {
protected void unsetRealmService(RealmService realmService) { protected void unsetRealmService(RealmService realmService) {
DataHolder.getInstance().setRealmService(null); DataHolder.getInstance().setRealmService(null);
} }
protected void setCertificateManagementService(CertificateManagementService certificateManagementService) {
if (log.isDebugEnabled()) {
log.debug("Setting certificate management service");
}
DataHolder.getInstance().setCertificateManagementService(certificateManagementService);
}
protected void unsetCertificateManagementService(CertificateManagementService certificateManagementService) {
if (log.isDebugEnabled()) {
log.debug("Removing certificate management service");
}
DataHolder.getInstance().setCertificateManagementService(null);
}
} }

@ -12,5 +12,9 @@
<Name>JWT</Name> <Name>JWT</Name>
<ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.JWTAuthenticator</ClassName> <ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.JWTAuthenticator</ClassName>
</Authenticator> </Authenticator>
<Authenticator>
<Name>CertificateAuth</Name>
<ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.CertificateAuthenticator</ClassName>
</Authenticator>
</Authenticators> </Authenticators>
</WebappAuthenticatorConfig> </WebappAuthenticatorConfig>

Loading…
Cancel
Save