Merge branch 'master' of https://github.com/wso2/carbon-device-mgt

9 years ago · 97987f6e10
parent cbf10a8b59 ee0e9af4cb
commit 97987f6e10
7 changed files with 108 additions and 13 deletions
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml
@ -27,7 +27,6 @@
    </parent>

    <modelVersion>4.0.0</modelVersion>
-    <groupId>org.wso2.carbon.devicemgt</groupId>
    <artifactId>org.wso2.carbon.certificate.mgt.core</artifactId>
    <version>0.9.2-SNAPSHOT</version>
    <packaging>bundle</packaging>
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java
@ -64,7 +64,6 @@ import java.io.FileInputStream;
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
-import java.math.BigInteger;
 import java.security.InvalidKeyException;
 import java.security.KeyFactory;
 import java.security.KeyPair;
@ -77,6 +76,7 @@ import java.security.PrivateKey;
 import java.security.SecureRandom;
 import java.security.Security;
 import java.security.SignatureException;
+import java.security.cert.Certificate;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateExpiredException;
@ -157,10 +157,9 @@ public class CertificateGenerator {
            keyPairGenerator.initialize(ConfigurationUtil.RSA_KEY_LENGTH, new SecureRandom());
            KeyPair pair = keyPairGenerator.generateKeyPair();
            X500Principal principal = new X500Principal(ConfigurationUtil.DEFAULT_PRINCIPAL);
-            BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());

            X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(
-                    principal, serial, validityBeginDate, validityEndDate,
+                    principal, CommonUtil.generateSerialNumber(), validityBeginDate, validityEndDate,
                    principal, pair.getPublic());
            ContentSigner contentSigner = new JcaContentSignerBuilder(ConfigurationUtil.SHA256_RSA)
                    .setProvider(ConfigurationUtil.PROVIDER).build(
@ -283,6 +282,58 @@ public class CertificateGenerator {
        }
    }

+    public boolean verifySignature(String headerSignature) throws KeystoreException {
+        Certificate certificate = extractCertificateFromSignature(headerSignature);
+        return  (certificate != null);
+    }
+
+    public X509Certificate extractCertificateFromSignature(String headerSignature) throws KeystoreException {
+
+        if (headerSignature == null || headerSignature.isEmpty()) {
+            return null;
+        }
+
+        try {
+            KeyStoreReader keyStoreReader = new KeyStoreReader();
+            CMSSignedData signedData = new CMSSignedData(Base64.decodeBase64(headerSignature.getBytes()));
+            Store reqStore = signedData.getCertificates();
+            @SuppressWarnings("unchecked")
+            Collection<X509CertificateHolder> reqCerts = reqStore.getMatches(null);
+
+            if (reqCerts != null && reqCerts.size() > 0) {
+                CertificateFactory certificateFactory = CertificateFactory.getInstance(ConfigurationUtil.X_509);
+                X509CertificateHolder holder = reqCerts.iterator().next();
+                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(holder.getEncoded());
+                X509Certificate reqCert = (X509Certificate) certificateFactory.
+                        generateCertificate(byteArrayInputStream);
+
+                if(reqCert != null && reqCert.getSerialNumber() != null) {
+                    Certificate lookUpCertificate = keyStoreReader.getCertificateByAlias(
+                            reqCert.getSerialNumber().toString());
+
+                    if (lookUpCertificate != null && (lookUpCertificate instanceof X509Certificate)) {
+                        return (X509Certificate)lookUpCertificate;
+                    }
+                }
+
+            }
+        } catch (CMSException e) {
+            String errorMsg = "CMSException when decoding certificate signature";
+            log.error(errorMsg, e);
+            throw new KeystoreException(errorMsg, e);
+        } catch (IOException e) {
+            String errorMsg = "IOException when decoding certificate signature";
+            log.error(errorMsg, e);
+            throw new KeystoreException(errorMsg, e);
+        } catch (CertificateException e) {
+            String errorMsg = "CertificateException when decoding certificate signature";
+            log.error(errorMsg, e);
+            throw new KeystoreException(errorMsg, e);
+        }
+
+        return null;
+    }
+
    public X509Certificate generateCertificateFromCSR(PrivateKey privateKey,
                                                             PKCS10CertificationRequest request,
                                                             String issueSubject)
@ -305,7 +356,7 @@ public class CertificateGenerator {
        }

        X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(
-                new X500Name(issueSubject), BigInteger.valueOf(System.currentTimeMillis()),
+                new X500Name(issueSubject), CommonUtil.generateSerialNumber(),
                validityBeginDate, validityEndDate, certSubject, request.getSubjectPublicKeyInfo());

        ContentSigner sigGen;
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/KeyStoreReader.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/KeyStoreReader.java
@ -204,6 +204,25 @@ public class KeyStoreReader {
        return raCertificate;
    }

+    public Certificate getCertificateByAlias(String alias) throws KeystoreException {
+
+        KeyStore keystore = loadCertificateKeyStore();
+        Certificate raCertificate;
+        try {
+            raCertificate = keystore.getCertificate(alias);
+        } catch (KeyStoreException e) {
+            String errorMsg = "KeyStore issue occurred when retrieving RA private key";
+            log.error(errorMsg, e);
+            throw new KeystoreException(errorMsg, e);
+        }
+
+        if (raCertificate == null) {
+            throw new KeystoreException("RA certificate not found in KeyStore");
+        }
+
+        return raCertificate;
+    }
+
    PrivateKey getRAPrivateKey() throws KeystoreException {

        KeyStore keystore = loadCertificateKeyStore();
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java
@ -33,17 +33,22 @@ public interface CertificateManagementService {

    Certificate getRACertificate() throws KeystoreException;

-    public List<X509Certificate> getRootCertificates(byte[] ca, byte[] ra) throws KeystoreException;
+    List<X509Certificate> getRootCertificates(byte[] ca, byte[] ra) throws KeystoreException;

-    public X509Certificate generateX509Certificate() throws KeystoreException;
+    X509Certificate generateX509Certificate() throws KeystoreException;

-    public SCEPResponse getCACertSCEP() throws KeystoreException;
+    SCEPResponse getCACertSCEP() throws KeystoreException;

-    public byte[] getCACapsSCEP();
+    byte[] getCACapsSCEP();

-    public byte[] getPKIMessageSCEP(InputStream inputStream) throws KeystoreException;
+    byte[] getPKIMessageSCEP(InputStream inputStream) throws KeystoreException;

-    public X509Certificate generateCertificateFromCSR(PrivateKey privateKey,
-                                                              PKCS10CertificationRequest request,
+    X509Certificate generateCertificateFromCSR(PrivateKey privateKey, PKCS10CertificationRequest request,
                                                              String issueSubject) throws KeystoreException;
+
+    Certificate getCertificateByAlias(String alias) throws KeystoreException;
+
+    boolean verifySignature(String headerSignature) throws KeystoreException;
+
+    public X509Certificate extractCertificateFromSignature(String headerSignature) throws KeystoreException;
 }
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java
@ -84,4 +84,16 @@ public class CertificateManagementServiceImpl implements CertificateManagementSe
                                                              String issueSubject) throws KeystoreException {
        return certificateGenerator.generateCertificateFromCSR(privateKey, request, issueSubject);
    }
+
+    public Certificate getCertificateByAlias(String alias) throws KeystoreException {
+        return keyStoreReader.getCertificateByAlias(alias);
+    }
+
+    public boolean verifySignature(String headerSignature) throws KeystoreException {
+        return certificateGenerator.verifySignature(headerSignature);
+    }
+
+    public X509Certificate extractCertificateFromSignature(String headerSignature) throws KeystoreException {
+        return certificateGenerator.extractCertificateFromSignature(headerSignature);
+    }
 }
--- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/CommonUtil.java
+++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/CommonUtil.java
@ -17,6 +17,7 @@
 */
 package org.wso2.carbon.certificate.mgt.core.util;

+import java.math.BigInteger;
 import java.util.Calendar;
 import java.util.Date;

@ -40,4 +41,8 @@ public class CommonUtil {
        return calendar.getTime();
    }

+    public static synchronized BigInteger generateSerialNumber() {
+        return BigInteger.valueOf(System.currentTimeMillis());
+    }
+
 }
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml
@ -88,7 +88,11 @@
                            org.wso2.carbon.user.core.tenant,
                            org.wso2.carbon.utils,
                            org.wso2.carbon.utils.multitenancy,
-                            org.xml.sax
+                            org.xml.sax,
+                            javax.servlet.http,
+                            javax.xml,
+                            org.apache.axis2.transport.http,
+                            org.wso2.carbon.apimgt.impl
                        </Import-Package>
                        <!--<Fragment-Host>tomcat</Fragment-Host>-->
                    </instructions>