diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml index a253cc9a7f3..a38c8ca3db9 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml @@ -71,11 +71,12 @@ org.bouncycastle.operator.jcajce, org.bouncycastle.pkcs, org.bouncycastle.util, - org.bouncycastle.asn1.util, org.jscep.message, org.jscep.transaction, org.w3c.dom, - org.xml.sax + org.xml.sax, + javax.xml.bind, + org.bouncycastle.pkcs.jcajce !org.wso2.carbon.certificate.mgt.core.internal.*, diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java index 7735922f51c..8750a82064f 100755 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java @@ -44,14 +44,7 @@ import org.bouncycastle.operator.OperatorCreationException; import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; import org.bouncycastle.pkcs.PKCS10CertificationRequest; import org.bouncycastle.util.Store; -import org.jscep.message.CertRep; -import org.jscep.message.MessageDecodingException; -import org.jscep.message.MessageEncodingException; -import org.jscep.message.PkcsPkiEnvelopeDecoder; -import org.jscep.message.PkcsPkiEnvelopeEncoder; -import org.jscep.message.PkiMessage; -import org.jscep.message.PkiMessageDecoder; -import org.jscep.message.PkiMessageEncoder; +import org.jscep.message.*; import org.jscep.transaction.FailInfo; import org.jscep.transaction.Nonce; import org.jscep.transaction.TransactionId; @@ -62,32 +55,11 @@ import org.wso2.carbon.certificate.mgt.core.util.CommonUtil; import org.wso2.carbon.certificate.mgt.core.util.ConfigurationUtil; import javax.security.auth.x500.X500Principal; -import java.io.ByteArrayInputStream; -import java.io.DataInputStream; -import java.io.File; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.IOException; -import java.io.InputStream; -import java.security.InvalidKeyException; -import java.security.KeyFactory; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.SecureRandom; -import java.security.Security; -import java.security.SignatureException; +import javax.xml.bind.DatatypeConverter; +import java.io.*; +import java.security.*; import java.security.cert.Certificate; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateFactory; -import java.security.cert.CertificateNotYetValidException; -import java.security.cert.X509Certificate; +import java.security.cert.*; import java.security.spec.InvalidKeySpecException; import java.security.spec.PKCS8EncodedKeySpec; import java.util.ArrayList; @@ -598,4 +570,31 @@ public class CertificateGenerator { return null; } + + /** + * Get Signed certificate by parsing certificate. + * @param binarySecurityToken CSR that comes from the client as a String value.It is base 64 encoded request + * security token. + * @return Return signed certificate in X508Certificate type object. + * @throws KeystoreException + */ + public X509Certificate getSignedCertificateFromCSR(String binarySecurityToken) + throws KeystoreException { + byte[] byteArrayBst = DatatypeConverter.parseBase64Binary(binarySecurityToken); + PKCS10CertificationRequest certificationRequest; + KeyStoreReader keyStoreReader = new KeyStoreReader(); + PrivateKey privateKeyCA = keyStoreReader.getCAPrivateKey(); + X509Certificate certCA = (X509Certificate) keyStoreReader.getCACertificate(); + + try { + certificationRequest = new PKCS10CertificationRequest(byteArrayBst); + } catch (IOException e) { + String msg = "CSR cannot be recovered."; + log.error(msg, e); + throw new KeystoreException(msg, e); + } + X509Certificate signedCertificate = generateCertificateFromCSR(privateKeyCA, certificationRequest, + certCA.getIssuerX500Principal().getName()); + return signedCertificate; + } } \ No newline at end of file diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java index 00a8a68e745..f89ab4f986f 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java @@ -53,4 +53,6 @@ public interface CertificateManagementService { public X509Certificate extractCertificateFromSignature(String headerSignature) throws KeystoreException; String extractChallengeToken(X509Certificate certificate); + + X509Certificate getSignedCertificateFromCSR(String binarySecurityToken) throws KeystoreException; } diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java index cc3fb3efeb5..77dfe1686cc 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java @@ -100,4 +100,9 @@ public class CertificateManagementServiceImpl implements CertificateManagementSe public String extractChallengeToken(X509Certificate certificate) { return certificateGenerator.extractChallengeToken(certificate); } + + public X509Certificate getSignedCertificateFromCSR(String binarySecurityToken) throws KeystoreException { + return certificateGenerator.getSignedCertificateFromCSR(binarySecurityToken); + } + } diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/ConfigurationUtil.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/ConfigurationUtil.java index 3767d828241..36d9182c10b 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/ConfigurationUtil.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/ConfigurationUtil.java @@ -37,7 +37,7 @@ public class ConfigurationUtil { public static final String KEYSTORE_RA_CERT_PRIV_PASSWORD = "RAPrivateKeyPassword"; public static final String CA_CERT_ALIAS = "CACertAlias"; public static final String RA_CERT_ALIAS = "RACertAlias"; - public static final String SIGNATUREALGO = "SHA1withRSA"; + public static final String SIGNATURE_ALGORITHM = "SHA1withRSA"; public static final String PROVIDER = "BC"; public static final String KEYSTORE = "Type"; public static final String CERTIFICATE_KEYSTORE = "CertificateKeystoreType"; @@ -56,6 +56,7 @@ public class ConfigurationUtil { public static final String RSA_PRIVATE_KEY_END_TEXT = "-----END RSA PRIVATE KEY-----"; public static final String EMPTY_TEXT = ""; public static final int RSA_KEY_LENGTH = 1024; + public static final long MILLI_SECONDS = 1000L * 60 * 60 * 24; private static ConfigurationUtil configurationUtil; diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml index 2053ed89ad1..4c28efc1f5e 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml @@ -90,6 +90,7 @@ org.wso2.carbon.utils, org.wso2.carbon.utils.multitenancy, org.xml.sax, + javax.servlet, javax.servlet.http, javax.xml, org.apache.axis2.transport.http, diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java index 83631d49fd8..88d695cf16e 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java @@ -51,7 +51,8 @@ public class CertificateAuthenticator implements WebappAuthenticator { if (certHeader != null && AuthenticatorFrameworkDataHolder.getInstance().getCertificateManagementService(). verifySignature(certHeader)) { - + AuthenticatorFrameworkDataHolder.getInstance().getCertificateManagementService(). + extractCertificateFromSignature(certHeader); X509Certificate certificate = AuthenticatorFrameworkDataHolder.getInstance().getCertificateManagementService(). extractCertificateFromSignature(certHeader);