diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml index a253cc9a7f3..a38c8ca3db9 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml @@ -71,11 +71,12 @@ org.bouncycastle.operator.jcajce, org.bouncycastle.pkcs, org.bouncycastle.util, - org.bouncycastle.asn1.util, org.jscep.message, org.jscep.transaction, org.w3c.dom, - org.xml.sax + org.xml.sax, + javax.xml.bind, + org.bouncycastle.pkcs.jcajce !org.wso2.carbon.certificate.mgt.core.internal.*, diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java index 7735922f51c..8750a82064f 100755 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java @@ -44,14 +44,7 @@ import org.bouncycastle.operator.OperatorCreationException; import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; import org.bouncycastle.pkcs.PKCS10CertificationRequest; import org.bouncycastle.util.Store; -import org.jscep.message.CertRep; -import org.jscep.message.MessageDecodingException; -import org.jscep.message.MessageEncodingException; -import org.jscep.message.PkcsPkiEnvelopeDecoder; -import org.jscep.message.PkcsPkiEnvelopeEncoder; -import org.jscep.message.PkiMessage; -import org.jscep.message.PkiMessageDecoder; -import org.jscep.message.PkiMessageEncoder; +import org.jscep.message.*; import org.jscep.transaction.FailInfo; import org.jscep.transaction.Nonce; import org.jscep.transaction.TransactionId; @@ -62,32 +55,11 @@ import org.wso2.carbon.certificate.mgt.core.util.CommonUtil; import org.wso2.carbon.certificate.mgt.core.util.ConfigurationUtil; import javax.security.auth.x500.X500Principal; -import java.io.ByteArrayInputStream; -import java.io.DataInputStream; -import java.io.File; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.IOException; -import java.io.InputStream; -import java.security.InvalidKeyException; -import java.security.KeyFactory; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.SecureRandom; -import java.security.Security; -import java.security.SignatureException; +import javax.xml.bind.DatatypeConverter; +import java.io.*; +import java.security.*; import java.security.cert.Certificate; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateFactory; -import java.security.cert.CertificateNotYetValidException; -import java.security.cert.X509Certificate; +import java.security.cert.*; import java.security.spec.InvalidKeySpecException; import java.security.spec.PKCS8EncodedKeySpec; import java.util.ArrayList; @@ -598,4 +570,31 @@ public class CertificateGenerator { return null; } + + /** + * Get Signed certificate by parsing certificate. + * @param binarySecurityToken CSR that comes from the client as a String value.It is base 64 encoded request + * security token. + * @return Return signed certificate in X508Certificate type object. + * @throws KeystoreException + */ + public X509Certificate getSignedCertificateFromCSR(String binarySecurityToken) + throws KeystoreException { + byte[] byteArrayBst = DatatypeConverter.parseBase64Binary(binarySecurityToken); + PKCS10CertificationRequest certificationRequest; + KeyStoreReader keyStoreReader = new KeyStoreReader(); + PrivateKey privateKeyCA = keyStoreReader.getCAPrivateKey(); + X509Certificate certCA = (X509Certificate) keyStoreReader.getCACertificate(); + + try { + certificationRequest = new PKCS10CertificationRequest(byteArrayBst); + } catch (IOException e) { + String msg = "CSR cannot be recovered."; + log.error(msg, e); + throw new KeystoreException(msg, e); + } + X509Certificate signedCertificate = generateCertificateFromCSR(privateKeyCA, certificationRequest, + certCA.getIssuerX500Principal().getName()); + return signedCertificate; + } } \ No newline at end of file diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java index 00a8a68e745..f89ab4f986f 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java @@ -53,4 +53,6 @@ public interface CertificateManagementService { public X509Certificate extractCertificateFromSignature(String headerSignature) throws KeystoreException; String extractChallengeToken(X509Certificate certificate); + + X509Certificate getSignedCertificateFromCSR(String binarySecurityToken) throws KeystoreException; } diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java index cc3fb3efeb5..77dfe1686cc 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java @@ -100,4 +100,9 @@ public class CertificateManagementServiceImpl implements CertificateManagementSe public String extractChallengeToken(X509Certificate certificate) { return certificateGenerator.extractChallengeToken(certificate); } + + public X509Certificate getSignedCertificateFromCSR(String binarySecurityToken) throws KeystoreException { + return certificateGenerator.getSignedCertificateFromCSR(binarySecurityToken); + } + } diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/ConfigurationUtil.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/ConfigurationUtil.java index 3767d828241..36d9182c10b 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/ConfigurationUtil.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/ConfigurationUtil.java @@ -37,7 +37,7 @@ public class ConfigurationUtil { public static final String KEYSTORE_RA_CERT_PRIV_PASSWORD = "RAPrivateKeyPassword"; public static final String CA_CERT_ALIAS = "CACertAlias"; public static final String RA_CERT_ALIAS = "RACertAlias"; - public static final String SIGNATUREALGO = "SHA1withRSA"; + public static final String SIGNATURE_ALGORITHM = "SHA1withRSA"; public static final String PROVIDER = "BC"; public static final String KEYSTORE = "Type"; public static final String CERTIFICATE_KEYSTORE = "CertificateKeystoreType"; @@ -56,6 +56,7 @@ public class ConfigurationUtil { public static final String RSA_PRIVATE_KEY_END_TEXT = "-----END RSA PRIVATE KEY-----"; public static final String EMPTY_TEXT = ""; public static final int RSA_KEY_LENGTH = 1024; + public static final long MILLI_SECONDS = 1000L * 60 * 60 * 24; private static ConfigurationUtil configurationUtil; diff --git a/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/dao/PolicyDAO.java b/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/dao/PolicyDAO.java index 9fa1259b313..d1065e17a56 100644 --- a/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/dao/PolicyDAO.java +++ b/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/dao/PolicyDAO.java @@ -41,6 +41,8 @@ public interface PolicyDAO { */ Policy addPolicyToRole(List roleNames, Policy policy) throws PolicyManagerDAOException; + Policy updateRolesOfPolicy(List rolesToAdd, Policy policy) throws PolicyManagerDAOException; + /** * This method is used to add/update the users associated with the policy. * @param usernameList - List of the users that needs to be applied @@ -50,6 +52,8 @@ public interface PolicyDAO { */ Policy addPolicyToUser(List usernameList, Policy policy) throws PolicyManagerDAOException; + Policy updateUserOfPolicy(List usersToAdd, Policy policy) throws PolicyManagerDAOException; + Policy addPolicyToDevice(List devices, Policy policy) throws PolicyManagerDAOException; boolean updatePolicyPriorities(List policies) throws PolicyManagerDAOException; @@ -114,6 +118,8 @@ public interface PolicyDAO { boolean deleteAllPolicyRelatedConfigs(int policyId) throws PolicyManagerDAOException; + boolean deleteCriteriaAndDeviceRelatedConfigs(int policyId) throws PolicyManagerDAOException; + List getPolicyAppliedRoles(int policyId) throws PolicyManagerDAOException; List getPolicyAppliedUsers(int policyId) throws PolicyManagerDAOException; diff --git a/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/dao/impl/PolicyDAOImpl.java b/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/dao/impl/PolicyDAOImpl.java index 322b57918c0..9cc11640d66 100644 --- a/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/dao/impl/PolicyDAOImpl.java +++ b/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/dao/impl/PolicyDAOImpl.java @@ -71,8 +71,52 @@ public class PolicyDAOImpl implements PolicyDAO { public Policy addPolicyToRole(List rolesToAdd, Policy policy) throws PolicyManagerDAOException { Connection conn; PreparedStatement insertStmt = null; +// PreparedStatement deleteStmt = null; +// final List currentRoles = this.getPolicy(policy.getId()).getRoles(); +// +// SetReferenceTransformer transformer = new SetReferenceTransformer(); +// +// transformer.transform(currentRoles, rolesToAdd); +// rolesToAdd = transformer.getObjectsToAdd(); +// List rolesToDelete = transformer.getObjectsToRemove(); + try { + conn = this.getConnection(); + if (rolesToAdd.size() > 0) { + String query = "INSERT INTO DM_ROLE_POLICY (ROLE_NAME, POLICY_ID) VALUES (?, ?)"; + insertStmt = conn.prepareStatement(query); + for (String role : rolesToAdd) { + insertStmt.setString(1, role); + insertStmt.setInt(2, policy.getId()); + insertStmt.addBatch(); + } + insertStmt.executeBatch(); + } +// if (rolesToDelete.size() > 0){ +// String deleteQuery = "DELETE FROM DM_ROLE_POLICY WHERE ROLE_NAME=? AND POLICY_ID=?"; +// deleteStmt = conn.prepareStatement(deleteQuery); +// for (String role : rolesToDelete) { +// deleteStmt.setString(1, role); +// deleteStmt.setInt(2, policy.getId()); +// deleteStmt.addBatch(); +// } +// deleteStmt.executeBatch(); +// } + } catch (SQLException e) { + throw new PolicyManagerDAOException("Error occurred while adding the role name with policy to database", e); + } finally { + PolicyManagementDAOUtil.cleanupResources(insertStmt, null); + } + return policy; + } + + + @Override + public Policy updateRolesOfPolicy(List rolesToAdd, Policy previousPolicy) throws PolicyManagerDAOException { + Connection conn; + PreparedStatement insertStmt = null; PreparedStatement deleteStmt = null; - final List currentRoles = policy.getRoles(); + + final List currentRoles = previousPolicy.getRoles(); SetReferenceTransformer transformer = new SetReferenceTransformer(); @@ -81,22 +125,22 @@ public class PolicyDAOImpl implements PolicyDAO { List rolesToDelete = transformer.getObjectsToRemove(); try { conn = this.getConnection(); - if (rolesToAdd.size() > 0){ + if (rolesToAdd.size() > 0) { String query = "INSERT INTO DM_ROLE_POLICY (ROLE_NAME, POLICY_ID) VALUES (?, ?)"; insertStmt = conn.prepareStatement(query); for (String role : rolesToAdd) { insertStmt.setString(1, role); - insertStmt.setInt(2, policy.getId()); + insertStmt.setInt(2, previousPolicy.getId()); insertStmt.addBatch(); } insertStmt.executeBatch(); } - if (rolesToAdd.size() > 0){ + if (rolesToDelete.size() > 0) { String deleteQuery = "DELETE FROM DM_ROLE_POLICY WHERE ROLE_NAME=? AND POLICY_ID=?"; deleteStmt = conn.prepareStatement(deleteQuery); for (String role : rolesToDelete) { deleteStmt.setString(1, role); - deleteStmt.setInt(2, policy.getId()); + deleteStmt.setInt(2, previousPolicy.getId()); deleteStmt.addBatch(); } deleteStmt.executeBatch(); @@ -105,14 +149,60 @@ public class PolicyDAOImpl implements PolicyDAO { throw new PolicyManagerDAOException("Error occurred while adding the role name with policy to database", e); } finally { PolicyManagementDAOUtil.cleanupResources(insertStmt, null); + PolicyManagementDAOUtil.cleanupResources(deleteStmt, null); } - return policy; + return previousPolicy; } @Override public Policy addPolicyToUser(List usersToAdd, Policy policy) throws PolicyManagerDAOException { Connection conn; PreparedStatement insertStmt = null; +// PreparedStatement deleteStmt = null; +// final List currentUsers = this.getPolicy(policy.getId()).getUsers(); +// +// SetReferenceTransformer transformer = new SetReferenceTransformer(); +// +// transformer.transform(currentUsers, usersToAdd); +// usersToAdd = transformer.getObjectsToAdd(); +// List usersToDelete = transformer.getObjectsToRemove(); + try { + conn = this.getConnection(); + if (usersToAdd.size() > 0) { + String query = "INSERT INTO DM_USER_POLICY (POLICY_ID, USERNAME) VALUES (?, ?)"; + insertStmt = conn.prepareStatement(query); + for (String username : usersToAdd) { + insertStmt.setInt(1, policy.getId()); + insertStmt.setString(2, username); + insertStmt.addBatch(); + } + insertStmt.executeBatch(); + } +// if (usersToDelete.size() > 0){ +// String deleteQuery = "DELETE FROM DM_USER_POLICY WHERE USERNAME=? AND POLICY_ID=?"; +// deleteStmt = conn.prepareStatement(deleteQuery); +// for (String username : usersToDelete) { +// deleteStmt.setString(1, username); +// deleteStmt.setInt(2, policy.getId()); +// deleteStmt.addBatch(); +// } +// deleteStmt.executeBatch(); +// } + + } catch (SQLException e) { + throw new PolicyManagerDAOException("Error occurred while adding the user name with policy to database", e); + } finally { + PolicyManagementDAOUtil.cleanupResources(insertStmt, null); +// PolicyManagementDAOUtil.cleanupResources(deleteStmt, null); + } + return policy; + } + + + @Override + public Policy updateUserOfPolicy(List usersToAdd, Policy policy) throws PolicyManagerDAOException { + Connection conn; + PreparedStatement insertStmt = null; PreparedStatement deleteStmt = null; final List currentUsers = policy.getUsers(); @@ -123,7 +213,7 @@ public class PolicyDAOImpl implements PolicyDAO { List usersToDelete = transformer.getObjectsToRemove(); try { conn = this.getConnection(); - if (usersToAdd.size() > 0){ + if (usersToAdd.size() > 0) { String query = "INSERT INTO DM_USER_POLICY (POLICY_ID, USERNAME) VALUES (?, ?)"; insertStmt = conn.prepareStatement(query); for (String username : usersToAdd) { @@ -133,7 +223,7 @@ public class PolicyDAOImpl implements PolicyDAO { } insertStmt.executeBatch(); } - if (usersToDelete.size() > 0){ + if (usersToDelete.size() > 0) { String deleteQuery = "DELETE FROM DM_USER_POLICY WHERE USERNAME=? AND POLICY_ID=?"; deleteStmt = conn.prepareStatement(deleteQuery); for (String username : usersToDelete) { @@ -153,6 +243,7 @@ public class PolicyDAOImpl implements PolicyDAO { return policy; } + @Override public Policy addPolicyToDevice(List devices, Policy policy) throws PolicyManagerDAOException { Connection conn; @@ -1202,6 +1293,46 @@ public class PolicyDAOImpl implements PolicyDAO { } } + + @Override + public boolean deleteCriteriaAndDeviceRelatedConfigs(int policyId) throws PolicyManagerDAOException { + Connection conn; + PreparedStatement stmt = null; + try { + conn = this.getConnection(); + +// String userPolicy = "DELETE FROM DM_USER_POLICY WHERE POLICY_ID = ?"; +// stmt = conn.prepareStatement(userPolicy); +// stmt.setInt(1, policyId); +// stmt.executeUpdate(); +// +// String rolePolicy = "DELETE FROM DM_ROLE_POLICY WHERE POLICY_ID = ?"; +// stmt = conn.prepareStatement(rolePolicy); +// stmt.setInt(1, policyId); +// stmt.executeUpdate(); + + String devicePolicy = "DELETE FROM DM_DEVICE_POLICY WHERE POLICY_ID = ?"; + stmt = conn.prepareStatement(devicePolicy); + stmt.setInt(1, policyId); + stmt.executeUpdate(); + + String deleteCriteria = "DELETE FROM DM_POLICY_CRITERIA WHERE POLICY_ID = ?"; + stmt = conn.prepareStatement(deleteCriteria); + stmt.setInt(1, policyId); + stmt.executeUpdate(); + + if (log.isDebugEnabled()) { + log.debug("Policy (" + policyId + ") related configs deleted from database."); + } + return true; + } catch (SQLException e) { + throw new PolicyManagerDAOException("Unable to delete the policy (" + policyId + + ") related configs from database", e); + } finally { + PolicyManagementDAOUtil.cleanupResources(stmt, null); + } + } + private Connection getConnection() throws PolicyManagerDAOException { return PolicyManagementDAOFactory.getConnection(); } @@ -1345,7 +1476,8 @@ public class PolicyDAOImpl implements PolicyDAO { int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); try { conn = this.getConnection(); - String query = "SELECT * FROM DM_DEVICE_POLICY_APPLIED WHERE DEVICE_ID = ? AND TENANT_ID = ? AND ENROLMENT_ID = ?"; + String query = "SELECT * FROM DM_DEVICE_POLICY_APPLIED WHERE DEVICE_ID = ? AND TENANT_ID = ? AND " + + "ENROLMENT_ID = ?"; stmt = conn.prepareStatement(query); stmt.setInt(1, deviceId); stmt.setInt(2, tenantId); diff --git a/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/mgt/impl/PolicyManagerImpl.java b/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/mgt/impl/PolicyManagerImpl.java index e563d8c631e..06b71d071a2 100644 --- a/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/mgt/impl/PolicyManagerImpl.java +++ b/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/mgt/impl/PolicyManagerImpl.java @@ -180,15 +180,15 @@ public class PolicyManagerImpl implements PolicyManager { if (!newFeaturesList.isEmpty()) { featureDAO.addProfileFeatures(newFeaturesList, profileId); } - policyDAO.deleteAllPolicyRelatedConfigs(policy.getId()); + policyDAO.deleteCriteriaAndDeviceRelatedConfigs(policy.getId()); if (policy.getUsers() != null) { - policyDAO.addPolicyToUser(policy.getUsers(), previousPolicy); + policyDAO.updateUserOfPolicy(policy.getUsers(), previousPolicy); } if (policy.getRoles() != null) { - policyDAO.addPolicyToRole(policy.getRoles(), previousPolicy); + policyDAO.updateRolesOfPolicy(policy.getRoles(), previousPolicy); } if (policy.getDevices() != null) { @@ -539,7 +539,7 @@ public class PolicyManagerImpl implements PolicyManager { policy.setDevices(deviceList); try { - // PolicyManagementDAOFactory.openConnection(); + // PolicyManagementDAOFactory.openConnection(); Profile profile = profileManager.getProfile(policy.getProfileId()); policy.setProfile(profile); } catch (ProfileManagementException e) { diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml index 2053ed89ad1..4c28efc1f5e 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml @@ -90,6 +90,7 @@ org.wso2.carbon.utils, org.wso2.carbon.utils.multitenancy, org.xml.sax, + javax.servlet, javax.servlet.http, javax.xml, org.apache.axis2.transport.http, diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/AuthenticationInfo.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/AuthenticationInfo.java index a65c99fa39c..d7a0ec1c614 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/AuthenticationInfo.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/AuthenticationInfo.java @@ -26,6 +26,7 @@ import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthen public class AuthenticationInfo { private WebappAuthenticator.Status status = WebappAuthenticator.Status.FAILURE; + private String message; private String username; private String tenantDomain; private int tenantId = -1; @@ -43,6 +44,14 @@ public class AuthenticationInfo { return username; } + public String getMessage() { + return message; + } + + public void setMessage(String message) { + this.message = message; + } + public void setUsername(String username) { this.username = username; } diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java index c416444682c..bdc5428984f 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java @@ -74,12 +74,12 @@ public class WebappAuthenticationValve extends CarbonTomcatValve { privilegedCarbonContext.setTenantId(authenticationInfo.getTenantId()); privilegedCarbonContext.setTenantDomain(authenticationInfo.getTenantDomain()); privilegedCarbonContext.setUsername(authenticationInfo.getUsername()); - this.processRequest(request, response, compositeValve, authenticationInfo.getStatus()); + this.processRequest(request, response, compositeValve, authenticationInfo); } finally { PrivilegedCarbonContext.endTenantFlow(); } } else { - this.processRequest(request, response, compositeValve, authenticationInfo.getStatus()); + this.processRequest(request, response, compositeValve, authenticationInfo); } } @@ -113,14 +113,18 @@ public class WebappAuthenticationValve extends CarbonTomcatValve { } private void processRequest(Request request, Response response, CompositeValve compositeValve, - WebappAuthenticator.Status status) { - switch (status) { + AuthenticationInfo authenticationInfo) { + switch (authenticationInfo.getStatus()) { case SUCCESS: case CONTINUE: this.getNext().invoke(request, response, compositeValve); break; case FAILURE: String msg = "Failed to authorize incoming request"; + if(authenticationInfo.getMessage() != null && !authenticationInfo.getMessage().isEmpty()) { + msg = authenticationInfo.getMessage(); + response.setHeader("WWW-Authenticate", msg); + } log.error(msg); AuthenticationFrameworkUtil .handleResponse(request, response, HttpServletResponse.SC_UNAUTHORIZED, diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java index 83631d49fd8..88d695cf16e 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java @@ -51,7 +51,8 @@ public class CertificateAuthenticator implements WebappAuthenticator { if (certHeader != null && AuthenticatorFrameworkDataHolder.getInstance().getCertificateManagementService(). verifySignature(certHeader)) { - + AuthenticatorFrameworkDataHolder.getInstance().getCertificateManagementService(). + extractCertificateFromSignature(certHeader); X509Certificate certificate = AuthenticatorFrameworkDataHolder.getInstance().getCertificateManagementService(). extractCertificateFromSignature(certHeader); diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java index abe4eac0c44..6064fe8c8fa 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java @@ -117,6 +117,8 @@ public class OAuthAuthenticator implements WebappAuthenticator { if (oAuth2TokenValidationResponseDTO.isValid()) { authenticationInfo.setStatus(Status.CONTINUE); } + } else { + authenticationInfo.setMessage(oAuth2TokenValidationResponseDTO.getErrorMsg()); } } } catch (AuthenticationException e) {