diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/pom.xml b/components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/pom.xml
index 71fef924be..cbaf0f058c 100644
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/pom.xml
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/pom.xml
@@ -76,6 +76,7 @@
WSO2 Carbon - API Security Handler Component
org.apache.axiom.*,
+ javax.security.cert.*,
javax.xml.parsers;version="${javax.xml.parsers.import.pkg.version}";resolution:=optional,
javax.xml.*,
org.apache.axis2.*,
@@ -90,7 +91,8 @@
org.w3c.dom,
org.apache.synapse,
org.apache.synapse.core.axis2,
- org.apache.synapse.rest
+ org.apache.synapse.rest,
+ org.wso2.carbon.certificate.mgt.core.impl
diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/main/java/org/wso2/carbon/apimgt/handlers/AuthenticationHandler.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/main/java/org/wso2/carbon/apimgt/handlers/AuthenticationHandler.java
index c5fe71dd4a..2891e06179 100644
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/main/java/org/wso2/carbon/apimgt/handlers/AuthenticationHandler.java
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/main/java/org/wso2/carbon/apimgt/handlers/AuthenticationHandler.java
@@ -31,11 +31,17 @@ import org.wso2.carbon.apimgt.handlers.invoker.RESTInvoker;
import org.wso2.carbon.apimgt.handlers.invoker.RESTResponse;
import org.wso2.carbon.apimgt.handlers.utils.AuthConstants;
import org.wso2.carbon.apimgt.handlers.utils.Utils;
+import org.wso2.carbon.certificate.mgt.core.impl.CertificateGenerator;
import org.wso2.carbon.context.PrivilegedCarbonContext;
+import javax.security.cert.CertificateEncodingException;
+import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import java.util.StringTokenizer;
@@ -140,6 +146,21 @@ public class AuthenticationHandler extends AbstractHandler {
if (log.isDebugEnabled()) {
log.debug("Verify response:" + response.getContent());
}
+ } else if (headers.containsKey(AuthConstants.MUTUAL_AUTH_HEADER)) {
+ javax.security.cert.X509Certificate[] certs =
+ (javax.security.cert.X509Certificate[]) axisMC.getProperty(AuthConstants.CLIENT_CERTIFICATE);
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ ByteArrayInputStream bais = new ByteArrayInputStream(certs[0].getEncoded());
+ X509Certificate x509 = (X509Certificate) cf.generateCertificate(bais);
+ if (bais != null) {
+ bais.close();
+ }
+ if (x509 != null) {
+ headers.put(AuthConstants.PROXY_MUTUAL_AUTH_HEADER, CertificateGenerator.getCommonName(x509));
+ return true;
+ } else {
+ response = null;
+ }
} else if (headers.containsKey(AuthConstants.ENCODED_PEM)) {
String encodedPem = headers.get(AuthConstants.ENCODED_PEM).toString();
if (log.isDebugEnabled()) {
@@ -178,8 +199,13 @@ public class AuthenticationHandler extends AbstractHandler {
} catch (APIMCertificateMGTException e) {
log.error("Error while processing certificate.", e);
return false;
+ } catch (CertificateException e) {
+ log.error("Certificate issue occurred when generating converting PEM to x509Certificate", e);
+ return false;
+ } catch (CertificateEncodingException e) {
+ log.error("Error while attempting to encode certificate.", e);
+ return false;
}
-
}
@Override
@@ -205,4 +231,4 @@ public class AuthenticationHandler extends AbstractHandler {
map.put(CONTENT_TYPE, "application/json");
return map;
}
-}
+}
\ No newline at end of file
diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/main/java/org/wso2/carbon/apimgt/handlers/utils/AuthConstants.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/main/java/org/wso2/carbon/apimgt/handlers/utils/AuthConstants.java
index a1343c312b..74870c131f 100644
--- a/components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/main/java/org/wso2/carbon/apimgt/handlers/utils/AuthConstants.java
+++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.handlers/src/main/java/org/wso2/carbon/apimgt/handlers/utils/AuthConstants.java
@@ -35,6 +35,7 @@ public class AuthConstants {
// public static final String ANDROID_VERIFY_ENDPOINT = "android-verify-endpoint";
public static final String MDM_SIGNATURE = "mdm-signature";
public static final String PROXY_MUTUAL_AUTH_HEADER = "proxy-mutual-auth-header";
+ public static final String MUTUAL_AUTH_HEADER = "mutual-auth-header";
public static final String ENCODED_PEM = "encoded-pem";
public static final String CALLBACK_URL = "";
public static final String CLIENT_NAME = "IOT-API-MANAGER";
@@ -46,4 +47,5 @@ public class AuthConstants {
public static final String BASIC_AUTH_PREFIX = "Basic ";
public static final String CLIENT_ID = "clientId";
public static final String CLIENT_SECRET = "clientSecret";
+ public static final String CLIENT_CERTIFICATE = "ssl.client.auth.cert.X509";
}
diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/impl/CertificateManagementAdminServiceImpl.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/impl/CertificateManagementAdminServiceImpl.java
index 3206d56a6d..1380bc8cba 100644
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/impl/CertificateManagementAdminServiceImpl.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.cert.admin.api/src/main/java/org/wso2/carbon/certificate/mgt/cert/jaxrs/api/impl/CertificateManagementAdminServiceImpl.java
@@ -30,6 +30,7 @@ import org.wso2.carbon.certificate.mgt.cert.jaxrs.api.util.RequestValidationUtil
import org.wso2.carbon.certificate.mgt.core.dto.CertificateResponse;
import org.wso2.carbon.certificate.mgt.core.exception.CertificateManagementException;
import org.wso2.carbon.certificate.mgt.core.exception.KeystoreException;
+import org.wso2.carbon.certificate.mgt.core.impl.CertificateGenerator;
import org.wso2.carbon.certificate.mgt.core.scep.SCEPException;
import org.wso2.carbon.certificate.mgt.core.scep.SCEPManager;
import org.wso2.carbon.certificate.mgt.core.scep.TenantedDeviceWrapper;
@@ -74,7 +75,7 @@ public class CertificateManagementAdminServiceImpl implements CertificateManagem
certificate.setTenantId(PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId());
X509Certificate x509Certificate = certificateService
.pemToX509Certificate(enrollmentCertificate.getPem());
- certificate.setSerial(x509Certificate.getSerialNumber().toString());
+ certificate.setSerial(CertificateGenerator.getCommonName(x509Certificate));
certificate.setCertificate(x509Certificate);
certificates.add(certificate);
}
diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java
index a402f18e7c..e47208a490 100644
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java
@@ -164,4 +164,4 @@ public class CertificateAuthenticator implements WebappAuthenticator {
return null;
}
-}
+}
\ No newline at end of file