diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml
index 72647601aec..81d6be9ba4f 100644
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml
@@ -27,7 +27,6 @@
4.0.0
- org.wso2.carbon.devicemgt
org.wso2.carbon.certificate.mgt.core
0.9.2-SNAPSHOT
bundle
diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java
index a1ddb3c20e8..7a2538af224 100755
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java
@@ -64,7 +64,6 @@ import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
-import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
@@ -77,6 +76,7 @@ import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.SignatureException;
+import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
@@ -157,10 +157,9 @@ public class CertificateGenerator {
keyPairGenerator.initialize(ConfigurationUtil.RSA_KEY_LENGTH, new SecureRandom());
KeyPair pair = keyPairGenerator.generateKeyPair();
X500Principal principal = new X500Principal(ConfigurationUtil.DEFAULT_PRINCIPAL);
- BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(
- principal, serial, validityBeginDate, validityEndDate,
+ principal, CommonUtil.generateSerialNumber(), validityBeginDate, validityEndDate,
principal, pair.getPublic());
ContentSigner contentSigner = new JcaContentSignerBuilder(ConfigurationUtil.SHA256_RSA)
.setProvider(ConfigurationUtil.PROVIDER).build(
@@ -283,6 +282,58 @@ public class CertificateGenerator {
}
}
+ public boolean verifySignature(String headerSignature) throws KeystoreException {
+ Certificate certificate = extractCertificateFromSignature(headerSignature);
+ return (certificate != null);
+ }
+
+ public X509Certificate extractCertificateFromSignature(String headerSignature) throws KeystoreException {
+
+ if (headerSignature == null || headerSignature.isEmpty()) {
+ return null;
+ }
+
+ try {
+ KeyStoreReader keyStoreReader = new KeyStoreReader();
+ CMSSignedData signedData = new CMSSignedData(Base64.decodeBase64(headerSignature.getBytes()));
+ Store reqStore = signedData.getCertificates();
+ @SuppressWarnings("unchecked")
+ Collection reqCerts = reqStore.getMatches(null);
+
+ if (reqCerts != null && reqCerts.size() > 0) {
+ CertificateFactory certificateFactory = CertificateFactory.getInstance(ConfigurationUtil.X_509);
+ X509CertificateHolder holder = reqCerts.iterator().next();
+ ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(holder.getEncoded());
+ X509Certificate reqCert = (X509Certificate) certificateFactory.
+ generateCertificate(byteArrayInputStream);
+
+ if(reqCert != null && reqCert.getSerialNumber() != null) {
+ Certificate lookUpCertificate = keyStoreReader.getCertificateByAlias(
+ reqCert.getSerialNumber().toString());
+
+ if (lookUpCertificate != null && (lookUpCertificate instanceof X509Certificate)) {
+ return (X509Certificate)lookUpCertificate;
+ }
+ }
+
+ }
+ } catch (CMSException e) {
+ String errorMsg = "CMSException when decoding certificate signature";
+ log.error(errorMsg, e);
+ throw new KeystoreException(errorMsg, e);
+ } catch (IOException e) {
+ String errorMsg = "IOException when decoding certificate signature";
+ log.error(errorMsg, e);
+ throw new KeystoreException(errorMsg, e);
+ } catch (CertificateException e) {
+ String errorMsg = "CertificateException when decoding certificate signature";
+ log.error(errorMsg, e);
+ throw new KeystoreException(errorMsg, e);
+ }
+
+ return null;
+ }
+
public X509Certificate generateCertificateFromCSR(PrivateKey privateKey,
PKCS10CertificationRequest request,
String issueSubject)
@@ -305,7 +356,7 @@ public class CertificateGenerator {
}
X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(
- new X500Name(issueSubject), BigInteger.valueOf(System.currentTimeMillis()),
+ new X500Name(issueSubject), CommonUtil.generateSerialNumber(),
validityBeginDate, validityEndDate, certSubject, request.getSubjectPublicKeyInfo());
ContentSigner sigGen;
diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/KeyStoreReader.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/KeyStoreReader.java
index f714a4746b2..1b82bb96831 100755
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/KeyStoreReader.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/KeyStoreReader.java
@@ -204,6 +204,25 @@ public class KeyStoreReader {
return raCertificate;
}
+ public Certificate getCertificateByAlias(String alias) throws KeystoreException {
+
+ KeyStore keystore = loadCertificateKeyStore();
+ Certificate raCertificate;
+ try {
+ raCertificate = keystore.getCertificate(alias);
+ } catch (KeyStoreException e) {
+ String errorMsg = "KeyStore issue occurred when retrieving RA private key";
+ log.error(errorMsg, e);
+ throw new KeystoreException(errorMsg, e);
+ }
+
+ if (raCertificate == null) {
+ throw new KeystoreException("RA certificate not found in KeyStore");
+ }
+
+ return raCertificate;
+ }
+
PrivateKey getRAPrivateKey() throws KeystoreException {
KeyStore keystore = loadCertificateKeyStore();
diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java
index c9b1ca5c967..0b47c43707f 100644
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java
@@ -33,17 +33,22 @@ public interface CertificateManagementService {
Certificate getRACertificate() throws KeystoreException;
- public List getRootCertificates(byte[] ca, byte[] ra) throws KeystoreException;
+ List getRootCertificates(byte[] ca, byte[] ra) throws KeystoreException;
- public X509Certificate generateX509Certificate() throws KeystoreException;
+ X509Certificate generateX509Certificate() throws KeystoreException;
- public SCEPResponse getCACertSCEP() throws KeystoreException;
+ SCEPResponse getCACertSCEP() throws KeystoreException;
- public byte[] getCACapsSCEP();
+ byte[] getCACapsSCEP();
- public byte[] getPKIMessageSCEP(InputStream inputStream) throws KeystoreException;
+ byte[] getPKIMessageSCEP(InputStream inputStream) throws KeystoreException;
- public X509Certificate generateCertificateFromCSR(PrivateKey privateKey,
- PKCS10CertificationRequest request,
+ X509Certificate generateCertificateFromCSR(PrivateKey privateKey, PKCS10CertificationRequest request,
String issueSubject) throws KeystoreException;
+
+ Certificate getCertificateByAlias(String alias) throws KeystoreException;
+
+ boolean verifySignature(String headerSignature) throws KeystoreException;
+
+ public X509Certificate extractCertificateFromSignature(String headerSignature) throws KeystoreException;
}
diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java
index a294acbc16a..c379df42646 100644
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java
@@ -84,4 +84,16 @@ public class CertificateManagementServiceImpl implements CertificateManagementSe
String issueSubject) throws KeystoreException {
return certificateGenerator.generateCertificateFromCSR(privateKey, request, issueSubject);
}
+
+ public Certificate getCertificateByAlias(String alias) throws KeystoreException {
+ return keyStoreReader.getCertificateByAlias(alias);
+ }
+
+ public boolean verifySignature(String headerSignature) throws KeystoreException {
+ return certificateGenerator.verifySignature(headerSignature);
+ }
+
+ public X509Certificate extractCertificateFromSignature(String headerSignature) throws KeystoreException {
+ return certificateGenerator.extractCertificateFromSignature(headerSignature);
+ }
}
diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/CommonUtil.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/CommonUtil.java
index a149c925698..6b9bc5897e0 100755
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/CommonUtil.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/CommonUtil.java
@@ -17,6 +17,7 @@
*/
package org.wso2.carbon.certificate.mgt.core.util;
+import java.math.BigInteger;
import java.util.Calendar;
import java.util.Date;
@@ -40,4 +41,8 @@ public class CommonUtil {
return calendar.getTime();
}
+ public static synchronized BigInteger generateSerialNumber() {
+ return BigInteger.valueOf(System.currentTimeMillis());
+ }
+
}
diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml
index 34051486391..edca5ac9554 100644
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml
@@ -88,7 +88,11 @@
org.wso2.carbon.user.core.tenant,
org.wso2.carbon.utils,
org.wso2.carbon.utils.multitenancy,
- org.xml.sax
+ org.xml.sax,
+ javax.servlet.http,
+ javax.xml,
+ org.apache.axis2.transport.http,
+ org.wso2.carbon.apimgt.impl