From 7a110a8eb5b23cbc181b155ffe4788aa21206225 Mon Sep 17 00:00:00 2001 From: hasuniea Date: Mon, 19 Oct 2015 20:49:26 +0530 Subject: [PATCH 1/6] implemented certificateGenerater --- .../pom.xml | 5 +- .../mgt/core/impl/CertificateGenerator.java | 96 ++++++++++++++++++- .../service/CertificateManagementService.java | 3 + .../CertificateManagementServiceImpl.java | 7 ++ .../mgt/core/util/ConfigurationUtil.java | 3 +- .../pom.xml | 1 + .../CertificateAuthenticator.java | 3 +- 7 files changed, 112 insertions(+), 6 deletions(-) diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml index a253cc9a7f..a38c8ca3db 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml @@ -71,11 +71,12 @@ org.bouncycastle.operator.jcajce, org.bouncycastle.pkcs, org.bouncycastle.util, - org.bouncycastle.asn1.util, org.jscep.message, org.jscep.transaction, org.w3c.dom, - org.xml.sax + org.xml.sax, + javax.xml.bind, + org.bouncycastle.pkcs.jcajce !org.wso2.carbon.certificate.mgt.core.internal.*, diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java index c97d84472d..853741206d 100755 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java @@ -26,8 +26,7 @@ import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.pkcs.Attribute; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.KeyUsage; -import org.bouncycastle.asn1.x509.X509Extension; +import org.bouncycastle.asn1.x509.*; import org.bouncycastle.cert.CertIOException; import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.cert.X509v3CertificateBuilder; @@ -43,6 +42,7 @@ import org.bouncycastle.operator.ContentSigner; import org.bouncycastle.operator.OperatorCreationException; import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; import org.bouncycastle.pkcs.PKCS10CertificationRequest; +import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest; import org.bouncycastle.util.Store; import org.jscep.message.CertRep; import org.jscep.message.MessageDecodingException; @@ -62,6 +62,7 @@ import org.wso2.carbon.certificate.mgt.core.util.CommonUtil; import org.wso2.carbon.certificate.mgt.core.util.ConfigurationUtil; import javax.security.auth.x500.X500Principal; +import javax.xml.bind.DatatypeConverter; import java.io.ByteArrayInputStream; import java.io.DataInputStream; import java.io.File; @@ -69,6 +70,7 @@ import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; +import java.math.BigInteger; import java.security.InvalidKeyException; import java.security.KeyFactory; import java.security.KeyPair; @@ -97,6 +99,20 @@ import java.util.List; public class CertificateGenerator { + private enum PropertyIndex { + COMMON_NAME_INDEX(0), + NOT_BEFORE_DAYS_INDEX(1), + NOT_AFTER_DAYS_INDEX(2); + + private final int itemPosition; + private PropertyIndex(final int itemPosition) { + this.itemPosition = itemPosition; + } + public int getValue() { + return this.itemPosition; + } + } + private static final Log log = LogFactory.getLog(CertificateGenerator.class); public List getRootCertificates(byte[] ca, byte[] ra) throws KeystoreException { @@ -596,4 +612,80 @@ public class CertificateGenerator { return null; } + + public X509Certificate getSignCertificateFromCSR(String binarySecurityToken, + X509Certificate caCert, List certPropertyList) + throws KeystoreException { + byte[] byteArrayBst = DatatypeConverter.parseBase64Binary(binarySecurityToken); + PKCS10CertificationRequest certificationRequest = null; + KeyStoreReader keyStoreReader = new KeyStoreReader(); + PrivateKey privateKeyCA = keyStoreReader.getCAPrivateKey(); + + try { + certificationRequest = new PKCS10CertificationRequest(byteArrayBst); + } catch (IOException e) { + String msg = "CSR cannot be recovered."; + log.error(msg, e); + } + JcaPKCS10CertificationRequest csr = new JcaPKCS10CertificationRequest(certificationRequest); + X509Certificate signedCertificate = signCSR(csr, privateKeyCA, caCert, certPropertyList); + saveCertInKeyStore(signedCertificate); + return signedCertificate; + } + + private static X509Certificate signCSR(JcaPKCS10CertificationRequest jcaRequest, + PrivateKey privateKey, X509Certificate caCert, + List certParameterList) { + + String commonName = + (String) certParameterList.get(PropertyIndex.COMMON_NAME_INDEX.getValue()); + int notBeforeDays = + (Integer) certParameterList.get(PropertyIndex.NOT_BEFORE_DAYS_INDEX.getValue()); + int notAfterDays = + (Integer) certParameterList.get(PropertyIndex.NOT_AFTER_DAYS_INDEX.getValue()); + X509v3CertificateBuilder certificateBuilder; + X509Certificate signedCertificate = null; + + try { + ContentSigner signer; + BigInteger serialNumber = BigInteger.valueOf(new SecureRandom(). + nextInt(Integer.MAX_VALUE)); + Date notBeforeDate = new Date(System.currentTimeMillis() - + (ConfigurationUtil.MILLI_SECONDS * notBeforeDays)); + Date notAfterDate = new Date(System.currentTimeMillis() + + (ConfigurationUtil.MILLI_SECONDS * notAfterDays)); + certificateBuilder = + new JcaX509v3CertificateBuilder(caCert, serialNumber, notBeforeDate, notAfterDate, + new X500Principal(commonName), + jcaRequest.getPublicKey()); + + //Adding extensions to the signed certificate. + certificateBuilder.addExtension(Extension.keyUsage, true, + new KeyUsage(KeyUsage.digitalSignature)); + certificateBuilder.addExtension(Extension.extendedKeyUsage, false, + new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth)); + certificateBuilder.addExtension(Extension.basicConstraints, true, + new BasicConstraints(false)); + + signer = new JcaContentSignerBuilder(ConfigurationUtil.SIGNATURE_ALGORITHM). + setProvider(ConfigurationUtil.PROVIDER).build(privateKey); + + signedCertificate = new JcaX509CertificateConverter().setProvider( + ConfigurationUtil.PROVIDER).getCertificate( + certificateBuilder.build(signer)); + } catch (InvalidKeyException e) { + //throw new CertificateGenerationException("CSR's public key is invalid", e); + } catch (NoSuchAlgorithmException e) { + //throw new CertificateGenerationException("Certificate cannot be generated", e); + } catch (CertIOException e) { + // throw new CertificateGenerationException( + // "Cannot add extension(s) to signed certificate", e); + } catch (OperatorCreationException e) { + // throw new CertificateGenerationException("Content signer cannot be created", e); + } catch (CertificateException e) { + //throw new CertificateGenerationException("Signed certificate cannot be generated", e); + } + return signedCertificate; + } + } \ No newline at end of file diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java index 00a8a68e74..2a969bfa1a 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java @@ -53,4 +53,7 @@ public interface CertificateManagementService { public X509Certificate extractCertificateFromSignature(String headerSignature) throws KeystoreException; String extractChallengeToken(X509Certificate certificate); + + X509Certificate getSignCertificateFromCSR(String binarySecurityToken, X509Certificate caCert, + List certParameterList) throws KeystoreException; } diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java index cc3fb3efeb..71b1d32db7 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java @@ -100,4 +100,11 @@ public class CertificateManagementServiceImpl implements CertificateManagementSe public String extractChallengeToken(X509Certificate certificate) { return certificateGenerator.extractChallengeToken(certificate); } + + public X509Certificate getSignCertificateFromCSR(String binarySecurityToken, + X509Certificate caCert, List certParameterList) + throws KeystoreException { + return certificateGenerator.getSignCertificateFromCSR(binarySecurityToken, caCert, + certParameterList); + } } diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/ConfigurationUtil.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/ConfigurationUtil.java index 3767d82824..36d9182c10 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/ConfigurationUtil.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/ConfigurationUtil.java @@ -37,7 +37,7 @@ public class ConfigurationUtil { public static final String KEYSTORE_RA_CERT_PRIV_PASSWORD = "RAPrivateKeyPassword"; public static final String CA_CERT_ALIAS = "CACertAlias"; public static final String RA_CERT_ALIAS = "RACertAlias"; - public static final String SIGNATUREALGO = "SHA1withRSA"; + public static final String SIGNATURE_ALGORITHM = "SHA1withRSA"; public static final String PROVIDER = "BC"; public static final String KEYSTORE = "Type"; public static final String CERTIFICATE_KEYSTORE = "CertificateKeystoreType"; @@ -56,6 +56,7 @@ public class ConfigurationUtil { public static final String RSA_PRIVATE_KEY_END_TEXT = "-----END RSA PRIVATE KEY-----"; public static final String EMPTY_TEXT = ""; public static final int RSA_KEY_LENGTH = 1024; + public static final long MILLI_SECONDS = 1000L * 60 * 60 * 24; private static ConfigurationUtil configurationUtil; diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml index 2053ed89ad..4c28efc1f5 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml @@ -90,6 +90,7 @@ org.wso2.carbon.utils, org.wso2.carbon.utils.multitenancy, org.xml.sax, + javax.servlet, javax.servlet.http, javax.xml, org.apache.axis2.transport.http, diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java index 83631d49fd..88d695cf16 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java @@ -51,7 +51,8 @@ public class CertificateAuthenticator implements WebappAuthenticator { if (certHeader != null && AuthenticatorFrameworkDataHolder.getInstance().getCertificateManagementService(). verifySignature(certHeader)) { - + AuthenticatorFrameworkDataHolder.getInstance().getCertificateManagementService(). + extractCertificateFromSignature(certHeader); X509Certificate certificate = AuthenticatorFrameworkDataHolder.getInstance().getCertificateManagementService(). extractCertificateFromSignature(certHeader); From 2c2216e48d5d73161f684db0853a86dc623bae0b Mon Sep 17 00:00:00 2001 From: hasuniea Date: Wed, 21 Oct 2015 10:38:09 +0530 Subject: [PATCH 2/6] implement certificateManagement service --- .../mgt/core/impl/CertificateGenerator.java | 22 +++++++++++-------- .../service/CertificateManagementService.java | 2 +- .../CertificateManagementServiceImpl.java | 5 ++--- 3 files changed, 16 insertions(+), 13 deletions(-) diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java index 853741206d..fb09454df0 100755 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java @@ -613,7 +613,7 @@ public class CertificateGenerator { return null; } - public X509Certificate getSignCertificateFromCSR(String binarySecurityToken, + public X509Certificate getSignedCertificateFromCSR(String binarySecurityToken, X509Certificate caCert, List certPropertyList) throws KeystoreException { byte[] byteArrayBst = DatatypeConverter.parseBase64Binary(binarySecurityToken); @@ -635,7 +635,7 @@ public class CertificateGenerator { private static X509Certificate signCSR(JcaPKCS10CertificationRequest jcaRequest, PrivateKey privateKey, X509Certificate caCert, - List certParameterList) { + List certParameterList) throws KeystoreException { String commonName = (String) certParameterList.get(PropertyIndex.COMMON_NAME_INDEX.getValue()); @@ -644,7 +644,7 @@ public class CertificateGenerator { int notAfterDays = (Integer) certParameterList.get(PropertyIndex.NOT_AFTER_DAYS_INDEX.getValue()); X509v3CertificateBuilder certificateBuilder; - X509Certificate signedCertificate = null; + X509Certificate signedCertificate; try { ContentSigner signer; @@ -674,16 +674,20 @@ public class CertificateGenerator { ConfigurationUtil.PROVIDER).getCertificate( certificateBuilder.build(signer)); } catch (InvalidKeyException e) { - //throw new CertificateGenerationException("CSR's public key is invalid", e); + String errorMsg = "CSR's public key is invalid"; + throw new KeystoreException(errorMsg, e); } catch (NoSuchAlgorithmException e) { - //throw new CertificateGenerationException("Certificate cannot be generated", e); + String errorMsg = "Certificate cannot be generated"; + throw new KeystoreException(errorMsg, e); } catch (CertIOException e) { - // throw new CertificateGenerationException( - // "Cannot add extension(s) to signed certificate", e); + String errorMsg = "Cannot add extension(s) to signed certificate"; + throw new KeystoreException(errorMsg, e); } catch (OperatorCreationException e) { - // throw new CertificateGenerationException("Content signer cannot be created", e); + String errorMsg = "Content signer cannot be created"; + throw new KeystoreException(errorMsg, e); } catch (CertificateException e) { - //throw new CertificateGenerationException("Signed certificate cannot be generated", e); + String errorMsg = "Signed certificate cannot be generated"; + throw new KeystoreException(errorMsg, e); } return signedCertificate; } diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java index 2a969bfa1a..7810878bcf 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java @@ -54,6 +54,6 @@ public interface CertificateManagementService { String extractChallengeToken(X509Certificate certificate); - X509Certificate getSignCertificateFromCSR(String binarySecurityToken, X509Certificate caCert, + X509Certificate getSignedCertificateFromCSR(String binarySecurityToken, X509Certificate caCert, List certParameterList) throws KeystoreException; } diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java index 71b1d32db7..dc8487219e 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java @@ -101,10 +101,9 @@ public class CertificateManagementServiceImpl implements CertificateManagementSe return certificateGenerator.extractChallengeToken(certificate); } - public X509Certificate getSignCertificateFromCSR(String binarySecurityToken, + public X509Certificate getSignedCertificateFromCSR(String binarySecurityToken, X509Certificate caCert, List certParameterList) throws KeystoreException { - return certificateGenerator.getSignCertificateFromCSR(binarySecurityToken, caCert, - certParameterList); + return certificateGenerator.getSignedCertificateFromCSR(binarySecurityToken, caCert, certParameterList); } } From e1a24abfa3e8336c4e8608211050ae6cdbdbb042 Mon Sep 17 00:00:00 2001 From: hasuniea Date: Fri, 23 Oct 2015 14:46:56 +0530 Subject: [PATCH 3/6] refactored certificate service --- .../mgt/core/impl/CertificateGenerator.java | 112 ++---------------- .../service/CertificateManagementService.java | 3 +- .../CertificateManagementServiceImpl.java | 8 +- pom.xml | 2 +- 4 files changed, 18 insertions(+), 107 deletions(-) diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java index fb09454df0..1bb973e76d 100755 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java @@ -26,7 +26,8 @@ import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.pkcs.Attribute; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.*; +import org.bouncycastle.asn1.x509.KeyUsage; +import org.bouncycastle.asn1.x509.X509Extension; import org.bouncycastle.cert.CertIOException; import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.cert.X509v3CertificateBuilder; @@ -44,14 +45,7 @@ import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; import org.bouncycastle.pkcs.PKCS10CertificationRequest; import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest; import org.bouncycastle.util.Store; -import org.jscep.message.CertRep; -import org.jscep.message.MessageDecodingException; -import org.jscep.message.MessageEncodingException; -import org.jscep.message.PkcsPkiEnvelopeDecoder; -import org.jscep.message.PkcsPkiEnvelopeEncoder; -import org.jscep.message.PkiMessage; -import org.jscep.message.PkiMessageDecoder; -import org.jscep.message.PkiMessageEncoder; +import org.jscep.message.*; import org.jscep.transaction.FailInfo; import org.jscep.transaction.Nonce; import org.jscep.transaction.TransactionId; @@ -63,33 +57,10 @@ import org.wso2.carbon.certificate.mgt.core.util.ConfigurationUtil; import javax.security.auth.x500.X500Principal; import javax.xml.bind.DatatypeConverter; -import java.io.ByteArrayInputStream; -import java.io.DataInputStream; -import java.io.File; -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.IOException; -import java.io.InputStream; -import java.math.BigInteger; -import java.security.InvalidKeyException; -import java.security.KeyFactory; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PrivateKey; -import java.security.SecureRandom; -import java.security.Security; -import java.security.SignatureException; +import java.io.*; +import java.security.*; import java.security.cert.Certificate; -import java.security.cert.CertificateEncodingException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateExpiredException; -import java.security.cert.CertificateFactory; -import java.security.cert.CertificateNotYetValidException; -import java.security.cert.X509Certificate; +import java.security.cert.*; import java.security.spec.InvalidKeySpecException; import java.security.spec.PKCS8EncodedKeySpec; import java.util.ArrayList; @@ -613,83 +584,24 @@ public class CertificateGenerator { return null; } - public X509Certificate getSignedCertificateFromCSR(String binarySecurityToken, - X509Certificate caCert, List certPropertyList) + public X509Certificate getSignedCertificateFromCSR(String binarySecurityToken) throws KeystoreException { byte[] byteArrayBst = DatatypeConverter.parseBase64Binary(binarySecurityToken); - PKCS10CertificationRequest certificationRequest = null; + PKCS10CertificationRequest certificationRequest; KeyStoreReader keyStoreReader = new KeyStoreReader(); PrivateKey privateKeyCA = keyStoreReader.getCAPrivateKey(); + X509Certificate certCA = (X509Certificate) keyStoreReader.getCACertificate(); try { certificationRequest = new PKCS10CertificationRequest(byteArrayBst); } catch (IOException e) { String msg = "CSR cannot be recovered."; log.error(msg, e); + throw new KeystoreException(msg, e); } JcaPKCS10CertificationRequest csr = new JcaPKCS10CertificationRequest(certificationRequest); - X509Certificate signedCertificate = signCSR(csr, privateKeyCA, caCert, certPropertyList); - saveCertInKeyStore(signedCertificate); + X509Certificate signedCertificate = generateCertificateFromCSR(privateKeyCA, certificationRequest, + certCA.getIssuerX500Principal().getName()); return signedCertificate; } - - private static X509Certificate signCSR(JcaPKCS10CertificationRequest jcaRequest, - PrivateKey privateKey, X509Certificate caCert, - List certParameterList) throws KeystoreException { - - String commonName = - (String) certParameterList.get(PropertyIndex.COMMON_NAME_INDEX.getValue()); - int notBeforeDays = - (Integer) certParameterList.get(PropertyIndex.NOT_BEFORE_DAYS_INDEX.getValue()); - int notAfterDays = - (Integer) certParameterList.get(PropertyIndex.NOT_AFTER_DAYS_INDEX.getValue()); - X509v3CertificateBuilder certificateBuilder; - X509Certificate signedCertificate; - - try { - ContentSigner signer; - BigInteger serialNumber = BigInteger.valueOf(new SecureRandom(). - nextInt(Integer.MAX_VALUE)); - Date notBeforeDate = new Date(System.currentTimeMillis() - - (ConfigurationUtil.MILLI_SECONDS * notBeforeDays)); - Date notAfterDate = new Date(System.currentTimeMillis() + - (ConfigurationUtil.MILLI_SECONDS * notAfterDays)); - certificateBuilder = - new JcaX509v3CertificateBuilder(caCert, serialNumber, notBeforeDate, notAfterDate, - new X500Principal(commonName), - jcaRequest.getPublicKey()); - - //Adding extensions to the signed certificate. - certificateBuilder.addExtension(Extension.keyUsage, true, - new KeyUsage(KeyUsage.digitalSignature)); - certificateBuilder.addExtension(Extension.extendedKeyUsage, false, - new ExtendedKeyUsage(KeyPurposeId.id_kp_clientAuth)); - certificateBuilder.addExtension(Extension.basicConstraints, true, - new BasicConstraints(false)); - - signer = new JcaContentSignerBuilder(ConfigurationUtil.SIGNATURE_ALGORITHM). - setProvider(ConfigurationUtil.PROVIDER).build(privateKey); - - signedCertificate = new JcaX509CertificateConverter().setProvider( - ConfigurationUtil.PROVIDER).getCertificate( - certificateBuilder.build(signer)); - } catch (InvalidKeyException e) { - String errorMsg = "CSR's public key is invalid"; - throw new KeystoreException(errorMsg, e); - } catch (NoSuchAlgorithmException e) { - String errorMsg = "Certificate cannot be generated"; - throw new KeystoreException(errorMsg, e); - } catch (CertIOException e) { - String errorMsg = "Cannot add extension(s) to signed certificate"; - throw new KeystoreException(errorMsg, e); - } catch (OperatorCreationException e) { - String errorMsg = "Content signer cannot be created"; - throw new KeystoreException(errorMsg, e); - } catch (CertificateException e) { - String errorMsg = "Signed certificate cannot be generated"; - throw new KeystoreException(errorMsg, e); - } - return signedCertificate; - } - } \ No newline at end of file diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java index 7810878bcf..f89ab4f986 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java @@ -54,6 +54,5 @@ public interface CertificateManagementService { String extractChallengeToken(X509Certificate certificate); - X509Certificate getSignedCertificateFromCSR(String binarySecurityToken, X509Certificate caCert, - List certParameterList) throws KeystoreException; + X509Certificate getSignedCertificateFromCSR(String binarySecurityToken) throws KeystoreException; } diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java index dc8487219e..6ac4ee9192 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java @@ -101,9 +101,9 @@ public class CertificateManagementServiceImpl implements CertificateManagementSe return certificateGenerator.extractChallengeToken(certificate); } - public X509Certificate getSignedCertificateFromCSR(String binarySecurityToken, - X509Certificate caCert, List certParameterList) - throws KeystoreException { - return certificateGenerator.getSignedCertificateFromCSR(binarySecurityToken, caCert, certParameterList); + @Override + public X509Certificate getSignedCertificateFromCSR(String binarySecurityToken) throws KeystoreException { + return certificateGenerator.getSignedCertificateFromCSR(binarySecurityToken); } + } diff --git a/pom.xml b/pom.xml index ca47a56a5c..ccf063dbdb 100644 --- a/pom.xml +++ b/pom.xml @@ -1427,7 +1427,7 @@ 6.1.1 - 4.4.1 + 4.4.2 1.5.4 1.3 From 3de4718ab517d37d3c3e1640fe46d1e12ad13771 Mon Sep 17 00:00:00 2001 From: hasuniea Date: Thu, 29 Oct 2015 10:04:13 +0530 Subject: [PATCH 4/6] refactored certificate generator --- .../mgt/core/impl/CertificateGenerator.java | 23 ++++++------------- .../CertificateManagementServiceImpl.java | 1 - pom.xml | 2 +- 3 files changed, 8 insertions(+), 18 deletions(-) diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java index 1bb973e76d..cda449e1ab 100755 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java @@ -43,7 +43,6 @@ import org.bouncycastle.operator.ContentSigner; import org.bouncycastle.operator.OperatorCreationException; import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; import org.bouncycastle.pkcs.PKCS10CertificationRequest; -import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest; import org.bouncycastle.util.Store; import org.jscep.message.*; import org.jscep.transaction.FailInfo; @@ -70,20 +69,6 @@ import java.util.List; public class CertificateGenerator { - private enum PropertyIndex { - COMMON_NAME_INDEX(0), - NOT_BEFORE_DAYS_INDEX(1), - NOT_AFTER_DAYS_INDEX(2); - - private final int itemPosition; - private PropertyIndex(final int itemPosition) { - this.itemPosition = itemPosition; - } - public int getValue() { - return this.itemPosition; - } - } - private static final Log log = LogFactory.getLog(CertificateGenerator.class); public List getRootCertificates(byte[] ca, byte[] ra) throws KeystoreException { @@ -584,6 +569,13 @@ public class CertificateGenerator { return null; } + /** + * Get Signed certificate by parsing certificate. + * @param binarySecurityToken CSR that comes from the client as a String value.It is base 64 encoded request + * security token. + * @return Return signed certificate in X508Certificate type object. + * @throws KeystoreException + */ public X509Certificate getSignedCertificateFromCSR(String binarySecurityToken) throws KeystoreException { byte[] byteArrayBst = DatatypeConverter.parseBase64Binary(binarySecurityToken); @@ -599,7 +591,6 @@ public class CertificateGenerator { log.error(msg, e); throw new KeystoreException(msg, e); } - JcaPKCS10CertificationRequest csr = new JcaPKCS10CertificationRequest(certificationRequest); X509Certificate signedCertificate = generateCertificateFromCSR(privateKeyCA, certificationRequest, certCA.getIssuerX500Principal().getName()); return signedCertificate; diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java index 6ac4ee9192..77dfe1686c 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java @@ -101,7 +101,6 @@ public class CertificateManagementServiceImpl implements CertificateManagementSe return certificateGenerator.extractChallengeToken(certificate); } - @Override public X509Certificate getSignedCertificateFromCSR(String binarySecurityToken) throws KeystoreException { return certificateGenerator.getSignedCertificateFromCSR(binarySecurityToken); } diff --git a/pom.xml b/pom.xml index 316508d24c..40d1b95b4b 100644 --- a/pom.xml +++ b/pom.xml @@ -1427,7 +1427,7 @@ 6.1.1 - 4.4.2 + 4.4.1 1.5.4 1.3 From 20122b3f1e2d498df0bb591656a5fc5c083d07bc Mon Sep 17 00:00:00 2001 From: geethkokila Date: Fri, 30 Oct 2015 17:48:30 +0530 Subject: [PATCH 5/6] Fixing the roles and users adding issue --- .../carbon/policy/mgt/core/dao/PolicyDAO.java | 6 + .../mgt/core/dao/impl/PolicyDAOImpl.java | 150 ++++++++++++++++-- .../mgt/core/mgt/impl/PolicyManagerImpl.java | 8 +- 3 files changed, 151 insertions(+), 13 deletions(-) diff --git a/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/dao/PolicyDAO.java b/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/dao/PolicyDAO.java index 9fa1259b31..d1065e17a5 100644 --- a/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/dao/PolicyDAO.java +++ b/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/dao/PolicyDAO.java @@ -41,6 +41,8 @@ public interface PolicyDAO { */ Policy addPolicyToRole(List roleNames, Policy policy) throws PolicyManagerDAOException; + Policy updateRolesOfPolicy(List rolesToAdd, Policy policy) throws PolicyManagerDAOException; + /** * This method is used to add/update the users associated with the policy. * @param usernameList - List of the users that needs to be applied @@ -50,6 +52,8 @@ public interface PolicyDAO { */ Policy addPolicyToUser(List usernameList, Policy policy) throws PolicyManagerDAOException; + Policy updateUserOfPolicy(List usersToAdd, Policy policy) throws PolicyManagerDAOException; + Policy addPolicyToDevice(List devices, Policy policy) throws PolicyManagerDAOException; boolean updatePolicyPriorities(List policies) throws PolicyManagerDAOException; @@ -114,6 +118,8 @@ public interface PolicyDAO { boolean deleteAllPolicyRelatedConfigs(int policyId) throws PolicyManagerDAOException; + boolean deleteCriteriaAndDeviceRelatedConfigs(int policyId) throws PolicyManagerDAOException; + List getPolicyAppliedRoles(int policyId) throws PolicyManagerDAOException; List getPolicyAppliedUsers(int policyId) throws PolicyManagerDAOException; diff --git a/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/dao/impl/PolicyDAOImpl.java b/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/dao/impl/PolicyDAOImpl.java index 322b57918c..9cc11640d6 100644 --- a/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/dao/impl/PolicyDAOImpl.java +++ b/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/dao/impl/PolicyDAOImpl.java @@ -71,8 +71,52 @@ public class PolicyDAOImpl implements PolicyDAO { public Policy addPolicyToRole(List rolesToAdd, Policy policy) throws PolicyManagerDAOException { Connection conn; PreparedStatement insertStmt = null; +// PreparedStatement deleteStmt = null; +// final List currentRoles = this.getPolicy(policy.getId()).getRoles(); +// +// SetReferenceTransformer transformer = new SetReferenceTransformer(); +// +// transformer.transform(currentRoles, rolesToAdd); +// rolesToAdd = transformer.getObjectsToAdd(); +// List rolesToDelete = transformer.getObjectsToRemove(); + try { + conn = this.getConnection(); + if (rolesToAdd.size() > 0) { + String query = "INSERT INTO DM_ROLE_POLICY (ROLE_NAME, POLICY_ID) VALUES (?, ?)"; + insertStmt = conn.prepareStatement(query); + for (String role : rolesToAdd) { + insertStmt.setString(1, role); + insertStmt.setInt(2, policy.getId()); + insertStmt.addBatch(); + } + insertStmt.executeBatch(); + } +// if (rolesToDelete.size() > 0){ +// String deleteQuery = "DELETE FROM DM_ROLE_POLICY WHERE ROLE_NAME=? AND POLICY_ID=?"; +// deleteStmt = conn.prepareStatement(deleteQuery); +// for (String role : rolesToDelete) { +// deleteStmt.setString(1, role); +// deleteStmt.setInt(2, policy.getId()); +// deleteStmt.addBatch(); +// } +// deleteStmt.executeBatch(); +// } + } catch (SQLException e) { + throw new PolicyManagerDAOException("Error occurred while adding the role name with policy to database", e); + } finally { + PolicyManagementDAOUtil.cleanupResources(insertStmt, null); + } + return policy; + } + + + @Override + public Policy updateRolesOfPolicy(List rolesToAdd, Policy previousPolicy) throws PolicyManagerDAOException { + Connection conn; + PreparedStatement insertStmt = null; PreparedStatement deleteStmt = null; - final List currentRoles = policy.getRoles(); + + final List currentRoles = previousPolicy.getRoles(); SetReferenceTransformer transformer = new SetReferenceTransformer(); @@ -81,22 +125,22 @@ public class PolicyDAOImpl implements PolicyDAO { List rolesToDelete = transformer.getObjectsToRemove(); try { conn = this.getConnection(); - if (rolesToAdd.size() > 0){ + if (rolesToAdd.size() > 0) { String query = "INSERT INTO DM_ROLE_POLICY (ROLE_NAME, POLICY_ID) VALUES (?, ?)"; insertStmt = conn.prepareStatement(query); for (String role : rolesToAdd) { insertStmt.setString(1, role); - insertStmt.setInt(2, policy.getId()); + insertStmt.setInt(2, previousPolicy.getId()); insertStmt.addBatch(); } insertStmt.executeBatch(); } - if (rolesToAdd.size() > 0){ + if (rolesToDelete.size() > 0) { String deleteQuery = "DELETE FROM DM_ROLE_POLICY WHERE ROLE_NAME=? AND POLICY_ID=?"; deleteStmt = conn.prepareStatement(deleteQuery); for (String role : rolesToDelete) { deleteStmt.setString(1, role); - deleteStmt.setInt(2, policy.getId()); + deleteStmt.setInt(2, previousPolicy.getId()); deleteStmt.addBatch(); } deleteStmt.executeBatch(); @@ -105,14 +149,60 @@ public class PolicyDAOImpl implements PolicyDAO { throw new PolicyManagerDAOException("Error occurred while adding the role name with policy to database", e); } finally { PolicyManagementDAOUtil.cleanupResources(insertStmt, null); + PolicyManagementDAOUtil.cleanupResources(deleteStmt, null); } - return policy; + return previousPolicy; } @Override public Policy addPolicyToUser(List usersToAdd, Policy policy) throws PolicyManagerDAOException { Connection conn; PreparedStatement insertStmt = null; +// PreparedStatement deleteStmt = null; +// final List currentUsers = this.getPolicy(policy.getId()).getUsers(); +// +// SetReferenceTransformer transformer = new SetReferenceTransformer(); +// +// transformer.transform(currentUsers, usersToAdd); +// usersToAdd = transformer.getObjectsToAdd(); +// List usersToDelete = transformer.getObjectsToRemove(); + try { + conn = this.getConnection(); + if (usersToAdd.size() > 0) { + String query = "INSERT INTO DM_USER_POLICY (POLICY_ID, USERNAME) VALUES (?, ?)"; + insertStmt = conn.prepareStatement(query); + for (String username : usersToAdd) { + insertStmt.setInt(1, policy.getId()); + insertStmt.setString(2, username); + insertStmt.addBatch(); + } + insertStmt.executeBatch(); + } +// if (usersToDelete.size() > 0){ +// String deleteQuery = "DELETE FROM DM_USER_POLICY WHERE USERNAME=? AND POLICY_ID=?"; +// deleteStmt = conn.prepareStatement(deleteQuery); +// for (String username : usersToDelete) { +// deleteStmt.setString(1, username); +// deleteStmt.setInt(2, policy.getId()); +// deleteStmt.addBatch(); +// } +// deleteStmt.executeBatch(); +// } + + } catch (SQLException e) { + throw new PolicyManagerDAOException("Error occurred while adding the user name with policy to database", e); + } finally { + PolicyManagementDAOUtil.cleanupResources(insertStmt, null); +// PolicyManagementDAOUtil.cleanupResources(deleteStmt, null); + } + return policy; + } + + + @Override + public Policy updateUserOfPolicy(List usersToAdd, Policy policy) throws PolicyManagerDAOException { + Connection conn; + PreparedStatement insertStmt = null; PreparedStatement deleteStmt = null; final List currentUsers = policy.getUsers(); @@ -123,7 +213,7 @@ public class PolicyDAOImpl implements PolicyDAO { List usersToDelete = transformer.getObjectsToRemove(); try { conn = this.getConnection(); - if (usersToAdd.size() > 0){ + if (usersToAdd.size() > 0) { String query = "INSERT INTO DM_USER_POLICY (POLICY_ID, USERNAME) VALUES (?, ?)"; insertStmt = conn.prepareStatement(query); for (String username : usersToAdd) { @@ -133,7 +223,7 @@ public class PolicyDAOImpl implements PolicyDAO { } insertStmt.executeBatch(); } - if (usersToDelete.size() > 0){ + if (usersToDelete.size() > 0) { String deleteQuery = "DELETE FROM DM_USER_POLICY WHERE USERNAME=? AND POLICY_ID=?"; deleteStmt = conn.prepareStatement(deleteQuery); for (String username : usersToDelete) { @@ -153,6 +243,7 @@ public class PolicyDAOImpl implements PolicyDAO { return policy; } + @Override public Policy addPolicyToDevice(List devices, Policy policy) throws PolicyManagerDAOException { Connection conn; @@ -1202,6 +1293,46 @@ public class PolicyDAOImpl implements PolicyDAO { } } + + @Override + public boolean deleteCriteriaAndDeviceRelatedConfigs(int policyId) throws PolicyManagerDAOException { + Connection conn; + PreparedStatement stmt = null; + try { + conn = this.getConnection(); + +// String userPolicy = "DELETE FROM DM_USER_POLICY WHERE POLICY_ID = ?"; +// stmt = conn.prepareStatement(userPolicy); +// stmt.setInt(1, policyId); +// stmt.executeUpdate(); +// +// String rolePolicy = "DELETE FROM DM_ROLE_POLICY WHERE POLICY_ID = ?"; +// stmt = conn.prepareStatement(rolePolicy); +// stmt.setInt(1, policyId); +// stmt.executeUpdate(); + + String devicePolicy = "DELETE FROM DM_DEVICE_POLICY WHERE POLICY_ID = ?"; + stmt = conn.prepareStatement(devicePolicy); + stmt.setInt(1, policyId); + stmt.executeUpdate(); + + String deleteCriteria = "DELETE FROM DM_POLICY_CRITERIA WHERE POLICY_ID = ?"; + stmt = conn.prepareStatement(deleteCriteria); + stmt.setInt(1, policyId); + stmt.executeUpdate(); + + if (log.isDebugEnabled()) { + log.debug("Policy (" + policyId + ") related configs deleted from database."); + } + return true; + } catch (SQLException e) { + throw new PolicyManagerDAOException("Unable to delete the policy (" + policyId + + ") related configs from database", e); + } finally { + PolicyManagementDAOUtil.cleanupResources(stmt, null); + } + } + private Connection getConnection() throws PolicyManagerDAOException { return PolicyManagementDAOFactory.getConnection(); } @@ -1345,7 +1476,8 @@ public class PolicyDAOImpl implements PolicyDAO { int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(); try { conn = this.getConnection(); - String query = "SELECT * FROM DM_DEVICE_POLICY_APPLIED WHERE DEVICE_ID = ? AND TENANT_ID = ? AND ENROLMENT_ID = ?"; + String query = "SELECT * FROM DM_DEVICE_POLICY_APPLIED WHERE DEVICE_ID = ? AND TENANT_ID = ? AND " + + "ENROLMENT_ID = ?"; stmt = conn.prepareStatement(query); stmt.setInt(1, deviceId); stmt.setInt(2, tenantId); diff --git a/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/mgt/impl/PolicyManagerImpl.java b/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/mgt/impl/PolicyManagerImpl.java index e563d8c631..06b71d071a 100644 --- a/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/mgt/impl/PolicyManagerImpl.java +++ b/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/mgt/impl/PolicyManagerImpl.java @@ -180,15 +180,15 @@ public class PolicyManagerImpl implements PolicyManager { if (!newFeaturesList.isEmpty()) { featureDAO.addProfileFeatures(newFeaturesList, profileId); } - policyDAO.deleteAllPolicyRelatedConfigs(policy.getId()); + policyDAO.deleteCriteriaAndDeviceRelatedConfigs(policy.getId()); if (policy.getUsers() != null) { - policyDAO.addPolicyToUser(policy.getUsers(), previousPolicy); + policyDAO.updateUserOfPolicy(policy.getUsers(), previousPolicy); } if (policy.getRoles() != null) { - policyDAO.addPolicyToRole(policy.getRoles(), previousPolicy); + policyDAO.updateRolesOfPolicy(policy.getRoles(), previousPolicy); } if (policy.getDevices() != null) { @@ -539,7 +539,7 @@ public class PolicyManagerImpl implements PolicyManager { policy.setDevices(deviceList); try { - // PolicyManagementDAOFactory.openConnection(); + // PolicyManagementDAOFactory.openConnection(); Profile profile = profileManager.getProfile(policy.getProfileId()); policy.setProfile(profile); } catch (ProfileManagementException e) { From 8f982722fb75b99b5646076048e3f372fb341d4a Mon Sep 17 00:00:00 2001 From: harshanl Date: Fri, 30 Oct 2015 18:29:32 +0530 Subject: [PATCH 6/6] Added oauth response messages --- .../authenticator/framework/AuthenticationInfo.java | 9 +++++++++ .../framework/WebappAuthenticationValve.java | 12 ++++++++---- .../framework/authenticator/OAuthAuthenticator.java | 2 ++ 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/AuthenticationInfo.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/AuthenticationInfo.java index a65c99fa39..d7a0ec1c61 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/AuthenticationInfo.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/AuthenticationInfo.java @@ -26,6 +26,7 @@ import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthen public class AuthenticationInfo { private WebappAuthenticator.Status status = WebappAuthenticator.Status.FAILURE; + private String message; private String username; private String tenantDomain; private int tenantId = -1; @@ -43,6 +44,14 @@ public class AuthenticationInfo { return username; } + public String getMessage() { + return message; + } + + public void setMessage(String message) { + this.message = message; + } + public void setUsername(String username) { this.username = username; } diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java index c416444682..bdc5428984 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java @@ -74,12 +74,12 @@ public class WebappAuthenticationValve extends CarbonTomcatValve { privilegedCarbonContext.setTenantId(authenticationInfo.getTenantId()); privilegedCarbonContext.setTenantDomain(authenticationInfo.getTenantDomain()); privilegedCarbonContext.setUsername(authenticationInfo.getUsername()); - this.processRequest(request, response, compositeValve, authenticationInfo.getStatus()); + this.processRequest(request, response, compositeValve, authenticationInfo); } finally { PrivilegedCarbonContext.endTenantFlow(); } } else { - this.processRequest(request, response, compositeValve, authenticationInfo.getStatus()); + this.processRequest(request, response, compositeValve, authenticationInfo); } } @@ -113,14 +113,18 @@ public class WebappAuthenticationValve extends CarbonTomcatValve { } private void processRequest(Request request, Response response, CompositeValve compositeValve, - WebappAuthenticator.Status status) { - switch (status) { + AuthenticationInfo authenticationInfo) { + switch (authenticationInfo.getStatus()) { case SUCCESS: case CONTINUE: this.getNext().invoke(request, response, compositeValve); break; case FAILURE: String msg = "Failed to authorize incoming request"; + if(authenticationInfo.getMessage() != null && !authenticationInfo.getMessage().isEmpty()) { + msg = authenticationInfo.getMessage(); + response.setHeader("WWW-Authenticate", msg); + } log.error(msg); AuthenticationFrameworkUtil .handleResponse(request, response, HttpServletResponse.SC_UNAUTHORIZED, diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java index abe4eac0c4..6064fe8c8f 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java @@ -117,6 +117,8 @@ public class OAuthAuthenticator implements WebappAuthenticator { if (oAuth2TokenValidationResponseDTO.isValid()) { authenticationInfo.setStatus(Status.CONTINUE); } + } else { + authenticationInfo.setMessage(oAuth2TokenValidationResponseDTO.getErrorMsg()); } } } catch (AuthenticationException e) {