implemented certificateGenerater

4.x.x
hasuniea 9 years ago
parent d15eb10636
commit 7a110a8eb5

@ -71,11 +71,12 @@
org.bouncycastle.operator.jcajce,
org.bouncycastle.pkcs,
org.bouncycastle.util,
org.bouncycastle.asn1.util,
org.jscep.message,
org.jscep.transaction,
org.w3c.dom,
org.xml.sax
org.xml.sax,
javax.xml.bind,
org.bouncycastle.pkcs.jcajce
</Import-Package>
<Export-Package>
!org.wso2.carbon.certificate.mgt.core.internal.*,

@ -26,8 +26,7 @@ import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.pkcs.Attribute;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.asn1.x509.*;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
@ -43,6 +42,7 @@ import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest;
import org.bouncycastle.util.Store;
import org.jscep.message.CertRep;
import org.jscep.message.MessageDecodingException;
@ -62,6 +62,7 @@ import org.wso2.carbon.certificate.mgt.core.util.CommonUtil;
import org.wso2.carbon.certificate.mgt.core.util.ConfigurationUtil;
import javax.security.auth.x500.X500Principal;
import javax.xml.bind.DatatypeConverter;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.File;
@ -69,6 +70,7 @@ import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
@ -97,6 +99,20 @@ import java.util.List;
public class CertificateGenerator {
private enum PropertyIndex {
COMMON_NAME_INDEX(0),
NOT_BEFORE_DAYS_INDEX(1),
NOT_AFTER_DAYS_INDEX(2);
private final int itemPosition;
private PropertyIndex(final int itemPosition) {
this.itemPosition = itemPosition;
}
public int getValue() {
return this.itemPosition;
}
}
private static final Log log = LogFactory.getLog(CertificateGenerator.class);
public List<X509Certificate> getRootCertificates(byte[] ca, byte[] ra) throws KeystoreException {
@ -596,4 +612,80 @@ public class CertificateGenerator {
return null;
}
public X509Certificate getSignCertificateFromCSR(String binarySecurityToken,
X509Certificate caCert, List certPropertyList)
throws KeystoreException {
byte[] byteArrayBst = DatatypeConverter.parseBase64Binary(binarySecurityToken);
PKCS10CertificationRequest certificationRequest = null;
KeyStoreReader keyStoreReader = new KeyStoreReader();
PrivateKey privateKeyCA = keyStoreReader.getCAPrivateKey();
try {
certificationRequest = new PKCS10CertificationRequest(byteArrayBst);
} catch (IOException e) {
String msg = "CSR cannot be recovered.";
log.error(msg, e);
}
JcaPKCS10CertificationRequest csr = new JcaPKCS10CertificationRequest(certificationRequest);
X509Certificate signedCertificate = signCSR(csr, privateKeyCA, caCert, certPropertyList);
saveCertInKeyStore(signedCertificate);
return signedCertificate;
}
private static X509Certificate signCSR(JcaPKCS10CertificationRequest jcaRequest,
PrivateKey privateKey, X509Certificate caCert,
List certParameterList) {
String commonName =
(String) certParameterList.get(PropertyIndex.COMMON_NAME_INDEX.getValue());
int notBeforeDays =
(Integer) certParameterList.get(PropertyIndex.NOT_BEFORE_DAYS_INDEX.getValue());
int notAfterDays =
(Integer) certParameterList.get(PropertyIndex.NOT_AFTER_DAYS_INDEX.getValue());
X509v3CertificateBuilder certificateBuilder;
X509Certificate signedCertificate = null;
try {
ContentSigner signer;
BigInteger serialNumber = BigInteger.valueOf(new SecureRandom().
nextInt(Integer.MAX_VALUE));
Date notBeforeDate = new Date(System.currentTimeMillis() -
(ConfigurationUtil.MILLI_SECONDS * notBeforeDays));
Date notAfterDate = new Date(System.currentTimeMillis() +
(ConfigurationUtil.MILLI_SECONDS * notAfterDays));
certificateBuilder =
new JcaX509v3CertificateBuilder(caCert, serialNumber, notBeforeDate, notAfterDate,
new X500Principal(commonName),
jcaRequest.getPublicKey());
//Adding extensions to the signed certificate.
certificateBuilder.addExtension(Extension.keyUsage, true,
new KeyUsage(KeyUsage.digitalSignature));
certificateBuilder.addExtension(Extension.extendedKeyUsage, false,
new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth));
certificateBuilder.addExtension(Extension.basicConstraints, true,
new BasicConstraints(false));
signer = new JcaContentSignerBuilder(ConfigurationUtil.SIGNATURE_ALGORITHM).
setProvider(ConfigurationUtil.PROVIDER).build(privateKey);
signedCertificate = new JcaX509CertificateConverter().setProvider(
ConfigurationUtil.PROVIDER).getCertificate(
certificateBuilder.build(signer));
} catch (InvalidKeyException e) {
//throw new CertificateGenerationException("CSR's public key is invalid", e);
} catch (NoSuchAlgorithmException e) {
//throw new CertificateGenerationException("Certificate cannot be generated", e);
} catch (CertIOException e) {
// throw new CertificateGenerationException(
// "Cannot add extension(s) to signed certificate", e);
} catch (OperatorCreationException e) {
// throw new CertificateGenerationException("Content signer cannot be created", e);
} catch (CertificateException e) {
//throw new CertificateGenerationException("Signed certificate cannot be generated", e);
}
return signedCertificate;
}
}

@ -53,4 +53,7 @@ public interface CertificateManagementService {
public X509Certificate extractCertificateFromSignature(String headerSignature) throws KeystoreException;
String extractChallengeToken(X509Certificate certificate);
X509Certificate getSignCertificateFromCSR(String binarySecurityToken, X509Certificate caCert,
List certParameterList) throws KeystoreException;
}

@ -100,4 +100,11 @@ public class CertificateManagementServiceImpl implements CertificateManagementSe
public String extractChallengeToken(X509Certificate certificate) {
return certificateGenerator.extractChallengeToken(certificate);
}
public X509Certificate getSignCertificateFromCSR(String binarySecurityToken,
X509Certificate caCert, List certParameterList)
throws KeystoreException {
return certificateGenerator.getSignCertificateFromCSR(binarySecurityToken, caCert,
certParameterList);
}
}

@ -37,7 +37,7 @@ public class ConfigurationUtil {
public static final String KEYSTORE_RA_CERT_PRIV_PASSWORD = "RAPrivateKeyPassword";
public static final String CA_CERT_ALIAS = "CACertAlias";
public static final String RA_CERT_ALIAS = "RACertAlias";
public static final String SIGNATUREALGO = "SHA1withRSA";
public static final String SIGNATURE_ALGORITHM = "SHA1withRSA";
public static final String PROVIDER = "BC";
public static final String KEYSTORE = "Type";
public static final String CERTIFICATE_KEYSTORE = "CertificateKeystoreType";
@ -56,6 +56,7 @@ public class ConfigurationUtil {
public static final String RSA_PRIVATE_KEY_END_TEXT = "-----END RSA PRIVATE KEY-----";
public static final String EMPTY_TEXT = "";
public static final int RSA_KEY_LENGTH = 1024;
public static final long MILLI_SECONDS = 1000L * 60 * 60 * 24;
private static ConfigurationUtil configurationUtil;

@ -90,6 +90,7 @@
org.wso2.carbon.utils,
org.wso2.carbon.utils.multitenancy,
org.xml.sax,
javax.servlet,
javax.servlet.http,
javax.xml,
org.apache.axis2.transport.http,

@ -51,7 +51,8 @@ public class CertificateAuthenticator implements WebappAuthenticator {
if (certHeader != null &&
AuthenticatorFrameworkDataHolder.getInstance().getCertificateManagementService().
verifySignature(certHeader)) {
AuthenticatorFrameworkDataHolder.getInstance().getCertificateManagementService().
extractCertificateFromSignature(certHeader);
X509Certificate certificate =
AuthenticatorFrameworkDataHolder.getInstance().getCertificateManagementService().
extractCertificateFromSignature(certHeader);

Loading…
Cancel
Save