From 454c459172aa4092d1767bc5c8aa81f657a5fc99 Mon Sep 17 00:00:00 2001 From: Dilshan Edirisuriya Date: Wed, 2 Sep 2015 16:46:51 +0530 Subject: [PATCH] Extract certificate from signature --- .../mgt/core/impl/CertificateGenerator.java | 19 +++++++++++-------- .../service/CertificateManagementService.java | 2 ++ .../CertificateManagementServiceImpl.java | 4 ++++ .../certificate/mgt/core/util/CommonUtil.java | 5 +++++ .../pom.xml | 6 +++++- 5 files changed, 27 insertions(+), 9 deletions(-) diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java index e0c999ad071..7a2538af224 100755 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java @@ -64,7 +64,6 @@ import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; -import java.math.BigInteger; import java.security.InvalidKeyException; import java.security.KeyFactory; import java.security.KeyPair; @@ -158,10 +157,9 @@ public class CertificateGenerator { keyPairGenerator.initialize(ConfigurationUtil.RSA_KEY_LENGTH, new SecureRandom()); KeyPair pair = keyPairGenerator.generateKeyPair(); X500Principal principal = new X500Principal(ConfigurationUtil.DEFAULT_PRINCIPAL); - BigInteger serial = BigInteger.valueOf(System.currentTimeMillis()); X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder( - principal, serial, validityBeginDate, validityEndDate, + principal, CommonUtil.generateSerialNumber(), validityBeginDate, validityEndDate, principal, pair.getPublic()); ContentSigner contentSigner = new JcaContentSignerBuilder(ConfigurationUtil.SHA256_RSA) .setProvider(ConfigurationUtil.PROVIDER).build( @@ -285,9 +283,14 @@ public class CertificateGenerator { } public boolean verifySignature(String headerSignature) throws KeystoreException { + Certificate certificate = extractCertificateFromSignature(headerSignature); + return (certificate != null); + } + + public X509Certificate extractCertificateFromSignature(String headerSignature) throws KeystoreException { if (headerSignature == null || headerSignature.isEmpty()) { - return false; + return null; } try { @@ -308,8 +311,8 @@ public class CertificateGenerator { Certificate lookUpCertificate = keyStoreReader.getCertificateByAlias( reqCert.getSerialNumber().toString()); - if (lookUpCertificate != null) { - return true; + if (lookUpCertificate != null && (lookUpCertificate instanceof X509Certificate)) { + return (X509Certificate)lookUpCertificate; } } @@ -328,7 +331,7 @@ public class CertificateGenerator { throw new KeystoreException(errorMsg, e); } - return false; + return null; } public X509Certificate generateCertificateFromCSR(PrivateKey privateKey, @@ -353,7 +356,7 @@ public class CertificateGenerator { } X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder( - new X500Name(issueSubject), BigInteger.valueOf(System.currentTimeMillis()), + new X500Name(issueSubject), CommonUtil.generateSerialNumber(), validityBeginDate, validityEndDate, certSubject, request.getSubjectPublicKeyInfo()); ContentSigner sigGen; diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java index 67171a3f93d..0b47c43707f 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java @@ -49,4 +49,6 @@ public interface CertificateManagementService { Certificate getCertificateByAlias(String alias) throws KeystoreException; boolean verifySignature(String headerSignature) throws KeystoreException; + + public X509Certificate extractCertificateFromSignature(String headerSignature) throws KeystoreException; } diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java index 014363e90d9..c379df42646 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java @@ -92,4 +92,8 @@ public class CertificateManagementServiceImpl implements CertificateManagementSe public boolean verifySignature(String headerSignature) throws KeystoreException { return certificateGenerator.verifySignature(headerSignature); } + + public X509Certificate extractCertificateFromSignature(String headerSignature) throws KeystoreException { + return certificateGenerator.extractCertificateFromSignature(headerSignature); + } } diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/CommonUtil.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/CommonUtil.java index a149c925698..6b9bc5897e0 100755 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/CommonUtil.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/CommonUtil.java @@ -17,6 +17,7 @@ */ package org.wso2.carbon.certificate.mgt.core.util; +import java.math.BigInteger; import java.util.Calendar; import java.util.Date; @@ -40,4 +41,8 @@ public class CommonUtil { return calendar.getTime(); } + public static synchronized BigInteger generateSerialNumber() { + return BigInteger.valueOf(System.currentTimeMillis()); + } + } diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml index 34051486391..edca5ac9554 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml @@ -88,7 +88,11 @@ org.wso2.carbon.user.core.tenant, org.wso2.carbon.utils, org.wso2.carbon.utils.multitenancy, - org.xml.sax + org.xml.sax, + javax.servlet.http, + javax.xml, + org.apache.axis2.transport.http, + org.wso2.carbon.apimgt.impl