From 4a03c7abf796837e440b9b15d42e453da0337124 Mon Sep 17 00:00:00 2001 From: Dilshan Edirisuriya Date: Mon, 14 Sep 2015 15:23:11 +0530 Subject: [PATCH 1/3] certificate authentication changes --- .../internal/SCEPManagerServiceComponent.java | 86 +++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/SCEPManagerServiceComponent.java diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/SCEPManagerServiceComponent.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/SCEPManagerServiceComponent.java new file mode 100644 index 0000000000..e414b6c8ae --- /dev/null +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/SCEPManagerServiceComponent.java @@ -0,0 +1,86 @@ +package org.wso2.carbon.device.mgt.core.internal; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.osgi.framework.BundleContext; +import org.osgi.service.component.ComponentContext; +import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService; +import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; +import org.wso2.carbon.device.mgt.ios.core.service.IOSEnrollmentService; + +/** + * @scr.component name="org.wso2.carbon.device.ios.enrollment" immediate="true" + * @scr.reference name="org.wso2.carbon.device.manager" + * interface="org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService" + * policy="dynamic" + * cardinality="1..n" + * bind="setDeviceManagementService" + * unbind="unsetDeviceManagementService" + * @scr.reference name="org.wso2.carbon.certificate.mgt" + * interface="org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService" + * policy="dynamic" + * cardinality="1..n" + * bind="setCertificateManagementService" + * unbind="unsetCertificateManagementService" + */ +public class SCEPManagerServiceComponent { + + private static final Log log = LogFactory.getLog(IOSEnrollmentServiceComponent.class); + + protected void activate(ComponentContext componentContext) { + + try { + if (log.isDebugEnabled()) { + log.debug("Initializing iOS device management core bundle"); + } + + BundleContext bundleContext = componentContext.getBundleContext(); + bundleContext.registerService(IOSEnrollmentService.class.getName(), + IOSEnrollmentService.getInstance(), null); + + if (log.isDebugEnabled()) { + log.debug("iOS device management core bundle has been successfully initialized"); + } + } catch (Throwable e) { + String msg = "Error occurred while initializing ios device management core bundle"; + log.error(msg, e); + } + } + + protected void deactivate(ComponentContext ctx) { + if (log.isDebugEnabled()) { + log.debug("Deactivating iOS device management core bundle"); + } + } + + protected void setDeviceManagementService(DeviceManagementProviderService deviceManagementService) { + if (log.isDebugEnabled()) { + log.debug("Setting device management service provider"); + } + IOSEnrollmentServiceHolder.getInstance().setDeviceManagementService(deviceManagementService); + } + + protected void unsetDeviceManagementService(DeviceManagementProviderService deviceManagementService) { + if (log.isDebugEnabled()) { + log.debug("Removing device management service provider"); + } + + IOSEnrollmentServiceHolder.getInstance().setDeviceManagementService(null); + } + + protected void setCertificateManagementService(CertificateManagementService certificateManagementService) { + if (log.isDebugEnabled()) { + log.debug("Setting certificate management service"); + } + IOSEnrollmentServiceHolder.getInstance().setCertificateManagementService(certificateManagementService); + } + + protected void unsetCertificateManagementService(CertificateManagementService certificateManagementService) { + if (log.isDebugEnabled()) { + log.debug("Removing certificate management service"); + } + + IOSEnrollmentServiceHolder.getInstance().setCertificateManagementService(null); + } + +} From 5f2ec88300146916e15144fa56c6f53cd03c14a6 Mon Sep 17 00:00:00 2001 From: Dilshan Edirisuriya Date: Mon, 14 Sep 2015 15:28:28 +0530 Subject: [PATCH 2/3] Changes in certificate managment --- .../pom.xml | 1 + .../mgt/core/impl/CertificateGenerator.java | 62 ++++++++++++++++++ .../service/CertificateManagementService.java | 2 + .../CertificateManagementServiceImpl.java | 4 ++ .../internal/SCEPManagerServiceComponent.java | 63 +++---------------- .../pom.xml | 12 +++- .../authenticator/framework/DataHolder.java | 14 ++++- .../WebappAuthenticatorFrameworkValve.java | 19 ------ .../CertificateAuthenticator.java | 35 ++++++++++- ...uthenticatorFrameworkServiceComponent.java | 23 +++++++ 10 files changed, 158 insertions(+), 77 deletions(-) diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml index f22bffeab8..a253cc9a7f 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml @@ -71,6 +71,7 @@ org.bouncycastle.operator.jcajce, org.bouncycastle.pkcs, org.bouncycastle.util, + org.bouncycastle.asn1.util, org.jscep.message, org.jscep.transaction, org.w3c.dom, diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java index 3aed3f4004..c97d84472d 100755 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java @@ -20,7 +20,11 @@ package org.wso2.carbon.certificate.mgt.core.impl; import org.apache.commons.codec.binary.Base64; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.bouncycastle.asn1.ASN1Encodable; +import org.bouncycastle.asn1.ASN1InputStream; +import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.pkcs.Attribute; +import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x509.KeyUsage; import org.bouncycastle.asn1.x509.X509Extension; @@ -366,6 +370,16 @@ public class CertificateGenerator { try { certificateBuilder.addExtension(X509Extension.keyUsage, true, new KeyUsage( KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); + + if(attributes != null) { + ASN1Encodable extractedValue = getChallengePassword(attributes); + + if(extractedValue != null) { + certificateBuilder.addExtension(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, true, + extractedValue); + } + } + sigGen = new JcaContentSignerBuilder(ConfigurationUtil.SHA256_RSA) .setProvider(ConfigurationUtil.PROVIDER).build(privateKey); issuedCert = new JcaX509CertificateConverter().setProvider( @@ -390,6 +404,19 @@ public class CertificateGenerator { return issuedCert; } + private ASN1Encodable getChallengePassword(Attribute[] attributes) { + + for (Attribute attribute : attributes) { + if (PKCSObjectIdentifiers.pkcs_9_at_challengePassword.equals(attribute.getAttrType())) { + if(attribute.getAttrValues() != null && attribute.getAttrValues().size() > 0) { + return attribute.getAttrValues().getObjectAt(0); + } + } + } + + return null; + } + private CMSSignedData getMessageData(final List certs) throws KeystoreException { CMSSignedDataGenerator generator = new CMSSignedDataGenerator(); @@ -534,4 +561,39 @@ public class CertificateGenerator { throw new KeystoreException(errorMsg, e); } } + + public String extractChallengeToken(X509Certificate certificate) { + + byte[] challengePassword = certificate.getExtensionValue( + PKCSObjectIdentifiers.pkcs_9_at_challengePassword.toString()); + + if (challengePassword != null) { + return new String(challengePassword); + } + + return null; + } + + private ASN1Primitive toASN1Primitive(byte[] data) { + + ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(data); + ASN1InputStream inputStream = new ASN1InputStream(byteArrayInputStream); + + try { + return inputStream.readObject(); + } catch (IOException e) { + String errorMsg = "IOException occurred when converting binary array to ASN1Primitive"; + log.error(errorMsg, e); + } finally { + try { + byteArrayInputStream.close(); + inputStream.close(); + } catch (IOException e) { + String errorMsg = "IOException occurred when closing streams"; + log.error(errorMsg, e); + } + } + + return null; + } } \ No newline at end of file diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java index 0b47c43707..00a8a68e74 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java @@ -51,4 +51,6 @@ public interface CertificateManagementService { boolean verifySignature(String headerSignature) throws KeystoreException; public X509Certificate extractCertificateFromSignature(String headerSignature) throws KeystoreException; + + String extractChallengeToken(X509Certificate certificate); } diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java index c379df4264..cc3fb3efeb 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java @@ -96,4 +96,8 @@ public class CertificateManagementServiceImpl implements CertificateManagementSe public X509Certificate extractCertificateFromSignature(String headerSignature) throws KeystoreException { return certificateGenerator.extractCertificateFromSignature(headerSignature); } + + public String extractChallengeToken(X509Certificate certificate) { + return certificateGenerator.extractChallengeToken(certificate); + } } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/SCEPManagerServiceComponent.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/SCEPManagerServiceComponent.java index e414b6c8ae..9c3b20a7a8 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/SCEPManagerServiceComponent.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/internal/SCEPManagerServiceComponent.java @@ -4,83 +4,40 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.osgi.framework.BundleContext; import org.osgi.service.component.ComponentContext; -import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService; -import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; -import org.wso2.carbon.device.mgt.ios.core.service.IOSEnrollmentService; +import org.wso2.carbon.device.mgt.core.scep.SCEPManager; +import org.wso2.carbon.device.mgt.core.scep.SCEPManagerImpl; /** - * @scr.component name="org.wso2.carbon.device.ios.enrollment" immediate="true" - * @scr.reference name="org.wso2.carbon.device.manager" - * interface="org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService" - * policy="dynamic" - * cardinality="1..n" - * bind="setDeviceManagementService" - * unbind="unsetDeviceManagementService" - * @scr.reference name="org.wso2.carbon.certificate.mgt" - * interface="org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService" - * policy="dynamic" - * cardinality="1..n" - * bind="setCertificateManagementService" - * unbind="unsetCertificateManagementService" + * @scr.component name="org.wso2.carbon.device.mgt.core.scep" immediate="true" */ public class SCEPManagerServiceComponent { - private static final Log log = LogFactory.getLog(IOSEnrollmentServiceComponent.class); + private static final Log log = LogFactory.getLog(SCEPManagerServiceComponent.class); protected void activate(ComponentContext componentContext) { try { if (log.isDebugEnabled()) { - log.debug("Initializing iOS device management core bundle"); + log.debug("Initializing SCEP core bundle"); } BundleContext bundleContext = componentContext.getBundleContext(); - bundleContext.registerService(IOSEnrollmentService.class.getName(), - IOSEnrollmentService.getInstance(), null); + bundleContext.registerService(SCEPManager.class.getName(), + new SCEPManagerImpl(), null); if (log.isDebugEnabled()) { - log.debug("iOS device management core bundle has been successfully initialized"); + log.debug("SCEP core bundle has been successfully initialized"); } } catch (Throwable e) { - String msg = "Error occurred while initializing ios device management core bundle"; + String msg = "Error occurred while initializing SCEP core bundle"; log.error(msg, e); } } protected void deactivate(ComponentContext ctx) { if (log.isDebugEnabled()) { - log.debug("Deactivating iOS device management core bundle"); + log.debug("Deactivating SCEP core bundle"); } } - protected void setDeviceManagementService(DeviceManagementProviderService deviceManagementService) { - if (log.isDebugEnabled()) { - log.debug("Setting device management service provider"); - } - IOSEnrollmentServiceHolder.getInstance().setDeviceManagementService(deviceManagementService); - } - - protected void unsetDeviceManagementService(DeviceManagementProviderService deviceManagementService) { - if (log.isDebugEnabled()) { - log.debug("Removing device management service provider"); - } - - IOSEnrollmentServiceHolder.getInstance().setDeviceManagementService(null); - } - - protected void setCertificateManagementService(CertificateManagementService certificateManagementService) { - if (log.isDebugEnabled()) { - log.debug("Setting certificate management service"); - } - IOSEnrollmentServiceHolder.getInstance().setCertificateManagementService(certificateManagementService); - } - - protected void unsetCertificateManagementService(CertificateManagementService certificateManagementService) { - if (log.isDebugEnabled()) { - log.debug("Removing certificate management service"); - } - - IOSEnrollmentServiceHolder.getInstance().setCertificateManagementService(null); - } - } diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml index 2b7953b8cb..66f49daea6 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml @@ -94,7 +94,9 @@ org.apache.axis2.transport.http, org.wso2.carbon.apimgt.impl, org.wso2.carbon.certificate.mgt.core.service, - org.wso2.carbon.certificate.mgt.core.exception + org.wso2.carbon.certificate.mgt.core.exception, + org.wso2.carbon.device.mgt.common, + org.wso2.carbon.device.mgt.core.scep @@ -152,6 +154,14 @@ org.wso2.carbon.devicemgt org.wso2.carbon.certificate.mgt.core + + org.wso2.carbon.devicemgt + org.wso2.carbon.device.mgt.core + + + org.wso2.carbon.devicemgt + org.wso2.carbon.device.mgt.common + diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/DataHolder.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/DataHolder.java index 2ad358341d..e270014a1d 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/DataHolder.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/DataHolder.java @@ -19,6 +19,8 @@ package org.wso2.carbon.webapp.authenticator.framework; import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService; +import org.wso2.carbon.device.mgt.core.scep.SCEPManager; +import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; import org.wso2.carbon.user.core.service.RealmService; public class DataHolder { @@ -26,11 +28,11 @@ public class DataHolder { private WebappAuthenticatorRepository repository; private RealmService realmService; private CertificateManagementService certificateManagementService; + private SCEPManager scepManager; + private static DataHolder thisInstance = new DataHolder(); private DataHolder() {} - private static DataHolder thisInstance = new DataHolder(); - public static DataHolder getInstance() { return thisInstance; } @@ -58,4 +60,12 @@ public class DataHolder { public void setCertificateManagementService(CertificateManagementService certificateManagementService) { this.certificateManagementService = certificateManagementService; } + + public SCEPManager getScepManager() { + return scepManager; + } + + public void setScepManager(SCEPManager scepManager) { + this.scepManager = scepManager; + } } diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorFrameworkValve.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorFrameworkValve.java index 1701c7d30c..02b94941cd 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorFrameworkValve.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticatorFrameworkValve.java @@ -27,13 +27,10 @@ import org.wso2.carbon.tomcat.ext.valves.CompositeValve; import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator; import javax.servlet.http.HttpServletResponse; -import java.util.Arrays; -import java.util.List; public class WebappAuthenticatorFrameworkValve extends CarbonTomcatValve { private static final String AUTHENTICATION_SCHEME = "authentication-scheme"; - private static final String BYPASS_URIS = "bypass-uris"; private static final Log log = LogFactory.getLog(WebappAuthenticatorFrameworkValve.class); @Override @@ -46,22 +43,6 @@ public class WebappAuthenticatorFrameworkValve extends CarbonTomcatValve { return; } - String byPassURIs = request.getContext().findParameter(WebappAuthenticatorFrameworkValve.BYPASS_URIS); - - if(byPassURIs != null && !byPassURIs.isEmpty()) { - - List requestURI = Arrays.asList(byPassURIs.split(",")); - - if(requestURI != null && requestURI.size() > 0) { - for (String pathURI : requestURI) { - if (request.getRequestURI().equals(pathURI)) { - this.getNext().invoke(request, response, compositeValve); - return; - } - } - } - } - WebappAuthenticator authenticator = WebappAuthenticatorFactory.getAuthenticator(authScheme); if (authenticator == null) { String msg = "Failed to load an appropriate authenticator to authenticate the request"; diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java index 7ef83a3fd9..77edaadbae 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java @@ -5,8 +5,16 @@ import org.apache.catalina.connector.Response; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.wso2.carbon.certificate.mgt.core.exception.KeystoreException; +import org.wso2.carbon.context.PrivilegedCarbonContext; +import org.wso2.carbon.device.mgt.common.DeviceIdentifier; +import org.wso2.carbon.device.mgt.common.DeviceManagementConstants; +import org.wso2.carbon.device.mgt.core.scep.SCEPException; +import org.wso2.carbon.device.mgt.core.scep.SCEPManager; +import org.wso2.carbon.device.mgt.core.scep.TenantedDeviceWrapper; import org.wso2.carbon.webapp.authenticator.framework.DataHolder; +import java.security.cert.X509Certificate; + /** * This authenticator authenticates HTTP requests using certificates. */ @@ -47,12 +55,35 @@ public class CertificateAuthenticator implements WebappAuthenticator { if (certHeader != null && DataHolder.getInstance().getCertificateManagementService(). verifySignature(certHeader)) { - return Status.SUCCESS; + + X509Certificate certificate = DataHolder.getInstance().getCertificateManagementService(). + extractCertificateFromSignature(certHeader); + String challengeToken = DataHolder.getInstance().getCertificateManagementService(). + extractChallengeToken(certificate); + + if(challengeToken != null) { + + challengeToken = challengeToken.substring(challengeToken.indexOf("(") + 1).trim(); + + SCEPManager scepManager = DataHolder.getInstance().getScepManager(); + DeviceIdentifier deviceIdentifier = new DeviceIdentifier(); + deviceIdentifier.setId(challengeToken); + deviceIdentifier.setType(DeviceManagementConstants.MobileDeviceTypes.MOBILE_DEVICE_TYPE_IOS); + + TenantedDeviceWrapper tenantedDeviceWrapper = scepManager.getValidatedDevice(deviceIdentifier); + + PrivilegedCarbonContext ctx = PrivilegedCarbonContext.getThreadLocalCarbonContext(); + ctx.setTenantId(tenantedDeviceWrapper.getTenantId()); + ctx.setTenantDomain(tenantedDeviceWrapper.getTenantDomain()); + + return Status.SUCCESS; + } } } } catch (KeystoreException e) { log.error("KeystoreException occurred ", e); - return Status.FAILURE; + } catch (SCEPException e) { + log.error("SCEPException occurred ", e); } return Status.FAILURE; diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java index 7b7935a1f9..1479e7991d 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java @@ -22,6 +22,8 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.osgi.service.component.ComponentContext; import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService; +import org.wso2.carbon.device.mgt.core.scep.SCEPManager; +import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve; import org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer; import org.wso2.carbon.user.core.service.RealmService; @@ -50,6 +52,12 @@ import java.util.List; * cardinality="1..n" * bind="setCertificateManagementService" * unbind="unsetCertificateManagementService" + * @scr.reference name="org.wso2.carbon.device.mgt.core.scep" + * interface="org.wso2.carbon.device.mgt.core.scep.SCEPManager" + * policy="dynamic" + * cardinality="1..n" + * bind="setSCEPManagementService" + * unbind="unsetSCEPManagementService" */ public class WebappAuthenticatorFrameworkServiceComponent { @@ -112,4 +120,19 @@ public class WebappAuthenticatorFrameworkServiceComponent { DataHolder.getInstance().setCertificateManagementService(null); } + + protected void setSCEPManagementService(SCEPManager scepManager) { + if (log.isDebugEnabled()) { + log.debug("Setting SCEP management service"); + } + DataHolder.getInstance().setScepManager(scepManager); + } + + protected void unsetSCEPManagementService(SCEPManager scepManager) { + if (log.isDebugEnabled()) { + log.debug("Removing SCEP management service"); + } + + DataHolder.getInstance().setScepManager(null); + } } From ac5a7f4ab1c6ce25aee56fe0aab6ed4861c566fc Mon Sep 17 00:00:00 2001 From: Dilshan Edirisuriya Date: Mon, 14 Sep 2015 17:12:07 +0530 Subject: [PATCH 3/3] Null check in JWT authenticator and fixing tenant id issue in device DAO --- .../carbon/device/mgt/core/dao/impl/DeviceDAOImpl.java | 2 +- .../framework/authenticator/JWTAuthenticator.java | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/impl/DeviceDAOImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/impl/DeviceDAOImpl.java index ddd01eb9f2..e38a3e6df6 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/impl/DeviceDAOImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/impl/DeviceDAOImpl.java @@ -142,7 +142,7 @@ public class DeviceDAOImpl implements DeviceDAO { HashMap deviceHashMap = new HashMap<>(); try { conn = this.getConnection(); - String sql = "SELECT d1.ID AS DEVICE_ID, d1.DESCRIPTION, d1.NAME AS DEVICE_NAME, d1.DEVICE_TYPE, d1.TENANT_ID, " + + String sql = "SELECT d1.ID AS DEVICE_ID, d1.DESCRIPTION, d1.NAME AS DEVICE_NAME, d1.DEVICE_TYPE, e.TENANT_ID, " + "d1.DEVICE_IDENTIFICATION, e.OWNER, e.OWNERSHIP, e.STATUS, e.DATE_OF_LAST_UPDATE, " + "e.DATE_OF_ENROLMENT, e.ID AS ENROLMENT_ID FROM DM_ENROLMENT e, (SELECT d.ID, d.DESCRIPTION, d.NAME, " + "t.NAME AS DEVICE_TYPE, d.DEVICE_IDENTIFICATION FROM DM_DEVICE d, DM_DEVICE_TYPE t WHERE " + diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java index e359375eb3..cb71da9fcd 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/JWTAuthenticator.java @@ -28,8 +28,6 @@ import org.apache.catalina.connector.Request; import org.apache.catalina.connector.Response; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.apache.tomcat.util.buf.ByteChunk; -import org.apache.tomcat.util.buf.MessageBytes; import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.core.util.KeyStoreManager; import org.wso2.carbon.user.api.TenantManager; @@ -37,13 +35,11 @@ import org.wso2.carbon.user.api.UserStoreException; import org.wso2.carbon.user.api.UserStoreManager; import org.wso2.carbon.utils.multitenancy.MultitenantConstants; import org.wso2.carbon.utils.multitenancy.MultitenantUtils; -import org.wso2.carbon.webapp.authenticator.framework.Constants; import org.wso2.carbon.webapp.authenticator.framework.DataHolder; import java.security.interfaces.RSAPublicKey; import java.text.ParseException; import java.util.StringTokenizer; -import java.util.regex.Matcher; /** * This authenticator authenticates HTTP requests using JWT header. @@ -128,6 +124,11 @@ public class JWTAuthenticator implements WebappAuthenticator { } private String decodeAuthorizationHeader(String authorizationHeader) { + + if(authorizationHeader == null) { + return null; + } + String[] splitValues = authorizationHeader.trim().split(" "); byte[] decodedBytes = Base64Utils.decode(splitValues[1].trim()); if (decodedBytes != null) {