Dileesha Rajapakse 9 years ago
commit a54fc4a254

@ -71,11 +71,12 @@
org.bouncycastle.operator.jcajce,
org.bouncycastle.pkcs,
org.bouncycastle.util,
org.bouncycastle.asn1.util,
org.jscep.message,
org.jscep.transaction,
org.w3c.dom,
org.xml.sax
org.xml.sax,
javax.xml.bind,
org.bouncycastle.pkcs.jcajce
</Import-Package>
<Export-Package>
!org.wso2.carbon.certificate.mgt.core.internal.*,

@ -44,14 +44,7 @@ import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.util.Store;
import org.jscep.message.CertRep;
import org.jscep.message.MessageDecodingException;
import org.jscep.message.MessageEncodingException;
import org.jscep.message.PkcsPkiEnvelopeDecoder;
import org.jscep.message.PkcsPkiEnvelopeEncoder;
import org.jscep.message.PkiMessage;
import org.jscep.message.PkiMessageDecoder;
import org.jscep.message.PkiMessageEncoder;
import org.jscep.message.*;
import org.jscep.transaction.FailInfo;
import org.jscep.transaction.Nonce;
import org.jscep.transaction.TransactionId;
@ -62,32 +55,11 @@ import org.wso2.carbon.certificate.mgt.core.util.CommonUtil;
import org.wso2.carbon.certificate.mgt.core.util.ConfigurationUtil;
import javax.security.auth.x500.X500Principal;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.SignatureException;
import javax.xml.bind.DatatypeConverter;
import java.io.*;
import java.security.*;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.cert.*;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
@ -598,4 +570,31 @@ public class CertificateGenerator {
return null;
}
/**
* Get Signed certificate by parsing certificate.
* @param binarySecurityToken CSR that comes from the client as a String value.It is base 64 encoded request
* security token.
* @return Return signed certificate in X508Certificate type object.
* @throws KeystoreException
*/
public X509Certificate getSignedCertificateFromCSR(String binarySecurityToken)
throws KeystoreException {
byte[] byteArrayBst = DatatypeConverter.parseBase64Binary(binarySecurityToken);
PKCS10CertificationRequest certificationRequest;
KeyStoreReader keyStoreReader = new KeyStoreReader();
PrivateKey privateKeyCA = keyStoreReader.getCAPrivateKey();
X509Certificate certCA = (X509Certificate) keyStoreReader.getCACertificate();
try {
certificationRequest = new PKCS10CertificationRequest(byteArrayBst);
} catch (IOException e) {
String msg = "CSR cannot be recovered.";
log.error(msg, e);
throw new KeystoreException(msg, e);
}
X509Certificate signedCertificate = generateCertificateFromCSR(privateKeyCA, certificationRequest,
certCA.getIssuerX500Principal().getName());
return signedCertificate;
}
}

@ -53,4 +53,6 @@ public interface CertificateManagementService {
public X509Certificate extractCertificateFromSignature(String headerSignature) throws KeystoreException;
String extractChallengeToken(X509Certificate certificate);
X509Certificate getSignedCertificateFromCSR(String binarySecurityToken) throws KeystoreException;
}

@ -100,4 +100,9 @@ public class CertificateManagementServiceImpl implements CertificateManagementSe
public String extractChallengeToken(X509Certificate certificate) {
return certificateGenerator.extractChallengeToken(certificate);
}
public X509Certificate getSignedCertificateFromCSR(String binarySecurityToken) throws KeystoreException {
return certificateGenerator.getSignedCertificateFromCSR(binarySecurityToken);
}
}

@ -37,7 +37,7 @@ public class ConfigurationUtil {
public static final String KEYSTORE_RA_CERT_PRIV_PASSWORD = "RAPrivateKeyPassword";
public static final String CA_CERT_ALIAS = "CACertAlias";
public static final String RA_CERT_ALIAS = "RACertAlias";
public static final String SIGNATUREALGO = "SHA1withRSA";
public static final String SIGNATURE_ALGORITHM = "SHA1withRSA";
public static final String PROVIDER = "BC";
public static final String KEYSTORE = "Type";
public static final String CERTIFICATE_KEYSTORE = "CertificateKeystoreType";
@ -56,6 +56,7 @@ public class ConfigurationUtil {
public static final String RSA_PRIVATE_KEY_END_TEXT = "-----END RSA PRIVATE KEY-----";
public static final String EMPTY_TEXT = "";
public static final int RSA_KEY_LENGTH = 1024;
public static final long MILLI_SECONDS = 1000L * 60 * 60 * 24;
private static ConfigurationUtil configurationUtil;

@ -41,6 +41,8 @@ public interface PolicyDAO {
*/
Policy addPolicyToRole(List<String> roleNames, Policy policy) throws PolicyManagerDAOException;
Policy updateRolesOfPolicy(List<String> rolesToAdd, Policy policy) throws PolicyManagerDAOException;
/**
* This method is used to add/update the users associated with the policy.
* @param usernameList - List of the users that needs to be applied
@ -50,6 +52,8 @@ public interface PolicyDAO {
*/
Policy addPolicyToUser(List<String> usernameList, Policy policy) throws PolicyManagerDAOException;
Policy updateUserOfPolicy(List<String> usersToAdd, Policy policy) throws PolicyManagerDAOException;
Policy addPolicyToDevice(List<Device> devices, Policy policy) throws PolicyManagerDAOException;
boolean updatePolicyPriorities(List<Policy> policies) throws PolicyManagerDAOException;
@ -114,6 +118,8 @@ public interface PolicyDAO {
boolean deleteAllPolicyRelatedConfigs(int policyId) throws PolicyManagerDAOException;
boolean deleteCriteriaAndDeviceRelatedConfigs(int policyId) throws PolicyManagerDAOException;
List<String> getPolicyAppliedRoles(int policyId) throws PolicyManagerDAOException;
List<String> getPolicyAppliedUsers(int policyId) throws PolicyManagerDAOException;

@ -71,8 +71,52 @@ public class PolicyDAOImpl implements PolicyDAO {
public Policy addPolicyToRole(List<String> rolesToAdd, Policy policy) throws PolicyManagerDAOException {
Connection conn;
PreparedStatement insertStmt = null;
// PreparedStatement deleteStmt = null;
// final List<String> currentRoles = this.getPolicy(policy.getId()).getRoles();
//
// SetReferenceTransformer<String> transformer = new SetReferenceTransformer<String>();
//
// transformer.transform(currentRoles, rolesToAdd);
// rolesToAdd = transformer.getObjectsToAdd();
// List<String> rolesToDelete = transformer.getObjectsToRemove();
try {
conn = this.getConnection();
if (rolesToAdd.size() > 0) {
String query = "INSERT INTO DM_ROLE_POLICY (ROLE_NAME, POLICY_ID) VALUES (?, ?)";
insertStmt = conn.prepareStatement(query);
for (String role : rolesToAdd) {
insertStmt.setString(1, role);
insertStmt.setInt(2, policy.getId());
insertStmt.addBatch();
}
insertStmt.executeBatch();
}
// if (rolesToDelete.size() > 0){
// String deleteQuery = "DELETE FROM DM_ROLE_POLICY WHERE ROLE_NAME=? AND POLICY_ID=?";
// deleteStmt = conn.prepareStatement(deleteQuery);
// for (String role : rolesToDelete) {
// deleteStmt.setString(1, role);
// deleteStmt.setInt(2, policy.getId());
// deleteStmt.addBatch();
// }
// deleteStmt.executeBatch();
// }
} catch (SQLException e) {
throw new PolicyManagerDAOException("Error occurred while adding the role name with policy to database", e);
} finally {
PolicyManagementDAOUtil.cleanupResources(insertStmt, null);
}
return policy;
}
@Override
public Policy updateRolesOfPolicy(List<String> rolesToAdd, Policy previousPolicy) throws PolicyManagerDAOException {
Connection conn;
PreparedStatement insertStmt = null;
PreparedStatement deleteStmt = null;
final List<String> currentRoles = policy.getRoles();
final List<String> currentRoles = previousPolicy.getRoles();
SetReferenceTransformer<String> transformer = new SetReferenceTransformer<String>();
@ -81,22 +125,22 @@ public class PolicyDAOImpl implements PolicyDAO {
List<String> rolesToDelete = transformer.getObjectsToRemove();
try {
conn = this.getConnection();
if (rolesToAdd.size() > 0){
if (rolesToAdd.size() > 0) {
String query = "INSERT INTO DM_ROLE_POLICY (ROLE_NAME, POLICY_ID) VALUES (?, ?)";
insertStmt = conn.prepareStatement(query);
for (String role : rolesToAdd) {
insertStmt.setString(1, role);
insertStmt.setInt(2, policy.getId());
insertStmt.setInt(2, previousPolicy.getId());
insertStmt.addBatch();
}
insertStmt.executeBatch();
}
if (rolesToAdd.size() > 0){
if (rolesToDelete.size() > 0) {
String deleteQuery = "DELETE FROM DM_ROLE_POLICY WHERE ROLE_NAME=? AND POLICY_ID=?";
deleteStmt = conn.prepareStatement(deleteQuery);
for (String role : rolesToDelete) {
deleteStmt.setString(1, role);
deleteStmt.setInt(2, policy.getId());
deleteStmt.setInt(2, previousPolicy.getId());
deleteStmt.addBatch();
}
deleteStmt.executeBatch();
@ -105,14 +149,60 @@ public class PolicyDAOImpl implements PolicyDAO {
throw new PolicyManagerDAOException("Error occurred while adding the role name with policy to database", e);
} finally {
PolicyManagementDAOUtil.cleanupResources(insertStmt, null);
PolicyManagementDAOUtil.cleanupResources(deleteStmt, null);
}
return policy;
return previousPolicy;
}
@Override
public Policy addPolicyToUser(List<String> usersToAdd, Policy policy) throws PolicyManagerDAOException {
Connection conn;
PreparedStatement insertStmt = null;
// PreparedStatement deleteStmt = null;
// final List<String> currentUsers = this.getPolicy(policy.getId()).getUsers();
//
// SetReferenceTransformer<String> transformer = new SetReferenceTransformer<String>();
//
// transformer.transform(currentUsers, usersToAdd);
// usersToAdd = transformer.getObjectsToAdd();
// List<String> usersToDelete = transformer.getObjectsToRemove();
try {
conn = this.getConnection();
if (usersToAdd.size() > 0) {
String query = "INSERT INTO DM_USER_POLICY (POLICY_ID, USERNAME) VALUES (?, ?)";
insertStmt = conn.prepareStatement(query);
for (String username : usersToAdd) {
insertStmt.setInt(1, policy.getId());
insertStmt.setString(2, username);
insertStmt.addBatch();
}
insertStmt.executeBatch();
}
// if (usersToDelete.size() > 0){
// String deleteQuery = "DELETE FROM DM_USER_POLICY WHERE USERNAME=? AND POLICY_ID=?";
// deleteStmt = conn.prepareStatement(deleteQuery);
// for (String username : usersToDelete) {
// deleteStmt.setString(1, username);
// deleteStmt.setInt(2, policy.getId());
// deleteStmt.addBatch();
// }
// deleteStmt.executeBatch();
// }
} catch (SQLException e) {
throw new PolicyManagerDAOException("Error occurred while adding the user name with policy to database", e);
} finally {
PolicyManagementDAOUtil.cleanupResources(insertStmt, null);
// PolicyManagementDAOUtil.cleanupResources(deleteStmt, null);
}
return policy;
}
@Override
public Policy updateUserOfPolicy(List<String> usersToAdd, Policy policy) throws PolicyManagerDAOException {
Connection conn;
PreparedStatement insertStmt = null;
PreparedStatement deleteStmt = null;
final List<String> currentUsers = policy.getUsers();
@ -123,7 +213,7 @@ public class PolicyDAOImpl implements PolicyDAO {
List<String> usersToDelete = transformer.getObjectsToRemove();
try {
conn = this.getConnection();
if (usersToAdd.size() > 0){
if (usersToAdd.size() > 0) {
String query = "INSERT INTO DM_USER_POLICY (POLICY_ID, USERNAME) VALUES (?, ?)";
insertStmt = conn.prepareStatement(query);
for (String username : usersToAdd) {
@ -133,7 +223,7 @@ public class PolicyDAOImpl implements PolicyDAO {
}
insertStmt.executeBatch();
}
if (usersToDelete.size() > 0){
if (usersToDelete.size() > 0) {
String deleteQuery = "DELETE FROM DM_USER_POLICY WHERE USERNAME=? AND POLICY_ID=?";
deleteStmt = conn.prepareStatement(deleteQuery);
for (String username : usersToDelete) {
@ -153,6 +243,7 @@ public class PolicyDAOImpl implements PolicyDAO {
return policy;
}
@Override
public Policy addPolicyToDevice(List<Device> devices, Policy policy) throws PolicyManagerDAOException {
Connection conn;
@ -1202,6 +1293,46 @@ public class PolicyDAOImpl implements PolicyDAO {
}
}
@Override
public boolean deleteCriteriaAndDeviceRelatedConfigs(int policyId) throws PolicyManagerDAOException {
Connection conn;
PreparedStatement stmt = null;
try {
conn = this.getConnection();
// String userPolicy = "DELETE FROM DM_USER_POLICY WHERE POLICY_ID = ?";
// stmt = conn.prepareStatement(userPolicy);
// stmt.setInt(1, policyId);
// stmt.executeUpdate();
//
// String rolePolicy = "DELETE FROM DM_ROLE_POLICY WHERE POLICY_ID = ?";
// stmt = conn.prepareStatement(rolePolicy);
// stmt.setInt(1, policyId);
// stmt.executeUpdate();
String devicePolicy = "DELETE FROM DM_DEVICE_POLICY WHERE POLICY_ID = ?";
stmt = conn.prepareStatement(devicePolicy);
stmt.setInt(1, policyId);
stmt.executeUpdate();
String deleteCriteria = "DELETE FROM DM_POLICY_CRITERIA WHERE POLICY_ID = ?";
stmt = conn.prepareStatement(deleteCriteria);
stmt.setInt(1, policyId);
stmt.executeUpdate();
if (log.isDebugEnabled()) {
log.debug("Policy (" + policyId + ") related configs deleted from database.");
}
return true;
} catch (SQLException e) {
throw new PolicyManagerDAOException("Unable to delete the policy (" + policyId +
") related configs from database", e);
} finally {
PolicyManagementDAOUtil.cleanupResources(stmt, null);
}
}
private Connection getConnection() throws PolicyManagerDAOException {
return PolicyManagementDAOFactory.getConnection();
}
@ -1345,7 +1476,8 @@ public class PolicyDAOImpl implements PolicyDAO {
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
try {
conn = this.getConnection();
String query = "SELECT * FROM DM_DEVICE_POLICY_APPLIED WHERE DEVICE_ID = ? AND TENANT_ID = ? AND ENROLMENT_ID = ?";
String query = "SELECT * FROM DM_DEVICE_POLICY_APPLIED WHERE DEVICE_ID = ? AND TENANT_ID = ? AND " +
"ENROLMENT_ID = ?";
stmt = conn.prepareStatement(query);
stmt.setInt(1, deviceId);
stmt.setInt(2, tenantId);

@ -180,15 +180,15 @@ public class PolicyManagerImpl implements PolicyManager {
if (!newFeaturesList.isEmpty()) {
featureDAO.addProfileFeatures(newFeaturesList, profileId);
}
policyDAO.deleteAllPolicyRelatedConfigs(policy.getId());
policyDAO.deleteCriteriaAndDeviceRelatedConfigs(policy.getId());
if (policy.getUsers() != null) {
policyDAO.addPolicyToUser(policy.getUsers(), previousPolicy);
policyDAO.updateUserOfPolicy(policy.getUsers(), previousPolicy);
}
if (policy.getRoles() != null) {
policyDAO.addPolicyToRole(policy.getRoles(), previousPolicy);
policyDAO.updateRolesOfPolicy(policy.getRoles(), previousPolicy);
}
if (policy.getDevices() != null) {
@ -539,7 +539,7 @@ public class PolicyManagerImpl implements PolicyManager {
policy.setDevices(deviceList);
try {
// PolicyManagementDAOFactory.openConnection();
// PolicyManagementDAOFactory.openConnection();
Profile profile = profileManager.getProfile(policy.getProfileId());
policy.setProfile(profile);
} catch (ProfileManagementException e) {

@ -90,6 +90,7 @@
org.wso2.carbon.utils,
org.wso2.carbon.utils.multitenancy,
org.xml.sax,
javax.servlet,
javax.servlet.http,
javax.xml,
org.apache.axis2.transport.http,

@ -26,6 +26,7 @@ import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthen
public class AuthenticationInfo {
private WebappAuthenticator.Status status = WebappAuthenticator.Status.FAILURE;
private String message;
private String username;
private String tenantDomain;
private int tenantId = -1;
@ -43,6 +44,14 @@ public class AuthenticationInfo {
return username;
}
public String getMessage() {
return message;
}
public void setMessage(String message) {
this.message = message;
}
public void setUsername(String username) {
this.username = username;
}

@ -74,12 +74,12 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
privilegedCarbonContext.setTenantId(authenticationInfo.getTenantId());
privilegedCarbonContext.setTenantDomain(authenticationInfo.getTenantDomain());
privilegedCarbonContext.setUsername(authenticationInfo.getUsername());
this.processRequest(request, response, compositeValve, authenticationInfo.getStatus());
this.processRequest(request, response, compositeValve, authenticationInfo);
} finally {
PrivilegedCarbonContext.endTenantFlow();
}
} else {
this.processRequest(request, response, compositeValve, authenticationInfo.getStatus());
this.processRequest(request, response, compositeValve, authenticationInfo);
}
}
@ -113,14 +113,18 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
}
private void processRequest(Request request, Response response, CompositeValve compositeValve,
WebappAuthenticator.Status status) {
switch (status) {
AuthenticationInfo authenticationInfo) {
switch (authenticationInfo.getStatus()) {
case SUCCESS:
case CONTINUE:
this.getNext().invoke(request, response, compositeValve);
break;
case FAILURE:
String msg = "Failed to authorize incoming request";
if(authenticationInfo.getMessage() != null && !authenticationInfo.getMessage().isEmpty()) {
msg = authenticationInfo.getMessage();
response.setHeader("WWW-Authenticate", msg);
}
log.error(msg);
AuthenticationFrameworkUtil
.handleResponse(request, response, HttpServletResponse.SC_UNAUTHORIZED,

@ -51,7 +51,8 @@ public class CertificateAuthenticator implements WebappAuthenticator {
if (certHeader != null &&
AuthenticatorFrameworkDataHolder.getInstance().getCertificateManagementService().
verifySignature(certHeader)) {
AuthenticatorFrameworkDataHolder.getInstance().getCertificateManagementService().
extractCertificateFromSignature(certHeader);
X509Certificate certificate =
AuthenticatorFrameworkDataHolder.getInstance().getCertificateManagementService().
extractCertificateFromSignature(certHeader);

@ -117,6 +117,8 @@ public class OAuthAuthenticator implements WebappAuthenticator {
if (oAuth2TokenValidationResponseDTO.isValid()) {
authenticationInfo.setStatus(Status.CONTINUE);
}
} else {
authenticationInfo.setMessage(oAuth2TokenValidationResponseDTO.getErrorMsg());
}
}
} catch (AuthenticationException e) {

Loading…
Cancel
Save