Certificate authenticator changes

revert-70aa11f8
Dilshan Edirisuriya 9 years ago
parent 9ae6099d2b
commit d17f1356e7

@ -92,7 +92,9 @@
javax.servlet.http,
javax.xml,
org.apache.axis2.transport.http,
org.wso2.carbon.apimgt.impl
org.wso2.carbon.apimgt.impl,
org.wso2.carbon.certificate.mgt.core.service,
org.wso2.carbon.certificate.mgt.core.exception
</Import-Package>
<!--<Fragment-Host>tomcat</Fragment-Host>-->
</instructions>
@ -146,6 +148,10 @@
<groupId>org.wso2.orbit.com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId>
</dependency>
<dependency>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>org.wso2.carbon.certificate.mgt.core</artifactId>
</dependency>
</dependencies>
</project>

@ -18,12 +18,14 @@
*/
package org.wso2.carbon.webapp.authenticator.framework;
import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService;
import org.wso2.carbon.user.core.service.RealmService;
public class DataHolder {
private WebappAuthenticatorRepository repository;
private RealmService realmService;
private CertificateManagementService certificateManagementService;
private DataHolder() {}
@ -48,4 +50,12 @@ public class DataHolder {
public void setRealmService(RealmService realmService) {
this.realmService = realmService;
}
public CertificateManagementService getCertificateManagementService() {
return certificateManagementService;
}
public void setCertificateManagementService(CertificateManagementService certificateManagementService) {
this.certificateManagementService = certificateManagementService;
}
}

@ -0,0 +1,78 @@
package org.wso2.carbon.webapp.authenticator.framework.authenticator;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.certificate.mgt.core.exception.KeystoreException;
import org.wso2.carbon.webapp.authenticator.framework.DataHolder;
/**
* This authenticator authenticates HTTP requests using certificates.
*/
public class CertificateAuthenticator implements WebappAuthenticator {
private static final Log log = LogFactory.getLog(CertificateAuthenticator.class);
private static final String CERTIFICATE_AUTHENTICATOR = "CertificateAuth";
private static final String HEADER_MDM_SIGNATURE = "Mdm-Signature";
private String[] skippedURIs;
public CertificateAuthenticator() {
skippedURIs = new String[]{
"/ios-enrollment/ca",
"/ios-enrollment/authenticate",
"/ios-enrollment/profile",
"/ios-enrollment/scep",
"/ios-enrollment/enroll",
"/ios-enrollment/enrolled"};
}
@Override
public boolean canHandle(Request request) {
return true;
}
@Override
public Status authenticate(Request request, Response response) {
String requestUri = request.getRequestURI();
if (requestUri == null || requestUri.isEmpty()) {
return Status.CONTINUE;
}
if(isURISkipped(requestUri)) {
return Status.CONTINUE;
}
String headerMDMSignature = request.getHeader(HEADER_MDM_SIGNATURE);
try {
if (headerMDMSignature != null && !headerMDMSignature.isEmpty() &&
DataHolder.getInstance().getCertificateManagementService().verifySignature(headerMDMSignature)) {
return Status.SUCCESS;
}
} catch (KeystoreException e) {
log.error("KeystoreException occurred ", e);
return Status.FAILURE;
}
return Status.FAILURE;
}
@Override
public String getName() {
return CERTIFICATE_AUTHENTICATOR;
}
private boolean isURISkipped(String requestUri) {
for (String element : skippedURIs) {
if (element.equals(requestUri)) {
return true;
}
}
return false;
}
}

@ -21,14 +21,14 @@ package org.wso2.carbon.webapp.authenticator.framework.internal;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.osgi.service.component.ComponentContext;
import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService;
import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve;
import org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.webapp.authenticator.framework.DataHolder;
import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticationHandler;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticatorFrameworkValve;
import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticatorRepository;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
import org.wso2.carbon.webapp.authenticator.framework.config.AuthenticatorConfig;
import org.wso2.carbon.webapp.authenticator.framework.config.WebappAuthenticatorConfig;
@ -44,6 +44,12 @@ import java.util.List;
* policy="dynamic"
* bind="setRealmService"
* unbind="unsetRealmService"
* @scr.reference name="org.wso2.carbon.certificate.mgt"
* interface="org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService"
* policy="dynamic"
* cardinality="1..n"
* bind="setCertificateManagementService"
* unbind="unsetCertificateManagementService"
*/
public class WebappAuthenticatorFrameworkServiceComponent {
@ -91,4 +97,19 @@ public class WebappAuthenticatorFrameworkServiceComponent {
protected void unsetRealmService(RealmService realmService) {
DataHolder.getInstance().setRealmService(null);
}
protected void setCertificateManagementService(CertificateManagementService certificateManagementService) {
if (log.isDebugEnabled()) {
log.debug("Setting certificate management service");
}
DataHolder.getInstance().setCertificateManagementService(certificateManagementService);
}
protected void unsetCertificateManagementService(CertificateManagementService certificateManagementService) {
if (log.isDebugEnabled()) {
log.debug("Removing certificate management service");
}
DataHolder.getInstance().setCertificateManagementService(null);
}
}

@ -12,5 +12,9 @@
<Name>JWT</Name>
<ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.JWTAuthenticator</ClassName>
</Authenticator>
<Authenticator>
<Name>CertificateAuth</Name>
<ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.CertificateAuthenticator</ClassName>
</Authenticator>
</Authenticators>
</WebappAuthenticatorConfig>

Loading…
Cancel
Save