revert-70aa11f8
mharindu 9 years ago
commit 97987f6e10

@ -27,7 +27,6 @@
</parent> </parent>
<modelVersion>4.0.0</modelVersion> <modelVersion>4.0.0</modelVersion>
<groupId>org.wso2.carbon.devicemgt</groupId>
<artifactId>org.wso2.carbon.certificate.mgt.core</artifactId> <artifactId>org.wso2.carbon.certificate.mgt.core</artifactId>
<version>0.9.2-SNAPSHOT</version> <version>0.9.2-SNAPSHOT</version>
<packaging>bundle</packaging> <packaging>bundle</packaging>

@ -64,7 +64,6 @@ import java.io.FileInputStream;
import java.io.FileNotFoundException; import java.io.FileNotFoundException;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException; import java.security.InvalidKeyException;
import java.security.KeyFactory; import java.security.KeyFactory;
import java.security.KeyPair; import java.security.KeyPair;
@ -77,6 +76,7 @@ import java.security.PrivateKey;
import java.security.SecureRandom; import java.security.SecureRandom;
import java.security.Security; import java.security.Security;
import java.security.SignatureException; import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException; import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException; import java.security.cert.CertificateExpiredException;
@ -157,10 +157,9 @@ public class CertificateGenerator {
keyPairGenerator.initialize(ConfigurationUtil.RSA_KEY_LENGTH, new SecureRandom()); keyPairGenerator.initialize(ConfigurationUtil.RSA_KEY_LENGTH, new SecureRandom());
KeyPair pair = keyPairGenerator.generateKeyPair(); KeyPair pair = keyPairGenerator.generateKeyPair();
X500Principal principal = new X500Principal(ConfigurationUtil.DEFAULT_PRINCIPAL); X500Principal principal = new X500Principal(ConfigurationUtil.DEFAULT_PRINCIPAL);
BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder( X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(
principal, serial, validityBeginDate, validityEndDate, principal, CommonUtil.generateSerialNumber(), validityBeginDate, validityEndDate,
principal, pair.getPublic()); principal, pair.getPublic());
ContentSigner contentSigner = new JcaContentSignerBuilder(ConfigurationUtil.SHA256_RSA) ContentSigner contentSigner = new JcaContentSignerBuilder(ConfigurationUtil.SHA256_RSA)
.setProvider(ConfigurationUtil.PROVIDER).build( .setProvider(ConfigurationUtil.PROVIDER).build(
@ -283,6 +282,58 @@ public class CertificateGenerator {
} }
} }
public boolean verifySignature(String headerSignature) throws KeystoreException {
Certificate certificate = extractCertificateFromSignature(headerSignature);
return (certificate != null);
}
public X509Certificate extractCertificateFromSignature(String headerSignature) throws KeystoreException {
if (headerSignature == null || headerSignature.isEmpty()) {
return null;
}
try {
KeyStoreReader keyStoreReader = new KeyStoreReader();
CMSSignedData signedData = new CMSSignedData(Base64.decodeBase64(headerSignature.getBytes()));
Store reqStore = signedData.getCertificates();
@SuppressWarnings("unchecked")
Collection<X509CertificateHolder> reqCerts = reqStore.getMatches(null);
if (reqCerts != null && reqCerts.size() > 0) {
CertificateFactory certificateFactory = CertificateFactory.getInstance(ConfigurationUtil.X_509);
X509CertificateHolder holder = reqCerts.iterator().next();
ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(holder.getEncoded());
X509Certificate reqCert = (X509Certificate) certificateFactory.
generateCertificate(byteArrayInputStream);
if(reqCert != null && reqCert.getSerialNumber() != null) {
Certificate lookUpCertificate = keyStoreReader.getCertificateByAlias(
reqCert.getSerialNumber().toString());
if (lookUpCertificate != null && (lookUpCertificate instanceof X509Certificate)) {
return (X509Certificate)lookUpCertificate;
}
}
}
} catch (CMSException e) {
String errorMsg = "CMSException when decoding certificate signature";
log.error(errorMsg, e);
throw new KeystoreException(errorMsg, e);
} catch (IOException e) {
String errorMsg = "IOException when decoding certificate signature";
log.error(errorMsg, e);
throw new KeystoreException(errorMsg, e);
} catch (CertificateException e) {
String errorMsg = "CertificateException when decoding certificate signature";
log.error(errorMsg, e);
throw new KeystoreException(errorMsg, e);
}
return null;
}
public X509Certificate generateCertificateFromCSR(PrivateKey privateKey, public X509Certificate generateCertificateFromCSR(PrivateKey privateKey,
PKCS10CertificationRequest request, PKCS10CertificationRequest request,
String issueSubject) String issueSubject)
@ -305,7 +356,7 @@ public class CertificateGenerator {
} }
X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder( X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(
new X500Name(issueSubject), BigInteger.valueOf(System.currentTimeMillis()), new X500Name(issueSubject), CommonUtil.generateSerialNumber(),
validityBeginDate, validityEndDate, certSubject, request.getSubjectPublicKeyInfo()); validityBeginDate, validityEndDate, certSubject, request.getSubjectPublicKeyInfo());
ContentSigner sigGen; ContentSigner sigGen;

@ -204,6 +204,25 @@ public class KeyStoreReader {
return raCertificate; return raCertificate;
} }
public Certificate getCertificateByAlias(String alias) throws KeystoreException {
KeyStore keystore = loadCertificateKeyStore();
Certificate raCertificate;
try {
raCertificate = keystore.getCertificate(alias);
} catch (KeyStoreException e) {
String errorMsg = "KeyStore issue occurred when retrieving RA private key";
log.error(errorMsg, e);
throw new KeystoreException(errorMsg, e);
}
if (raCertificate == null) {
throw new KeystoreException("RA certificate not found in KeyStore");
}
return raCertificate;
}
PrivateKey getRAPrivateKey() throws KeystoreException { PrivateKey getRAPrivateKey() throws KeystoreException {
KeyStore keystore = loadCertificateKeyStore(); KeyStore keystore = loadCertificateKeyStore();

@ -33,17 +33,22 @@ public interface CertificateManagementService {
Certificate getRACertificate() throws KeystoreException; Certificate getRACertificate() throws KeystoreException;
public List<X509Certificate> getRootCertificates(byte[] ca, byte[] ra) throws KeystoreException; List<X509Certificate> getRootCertificates(byte[] ca, byte[] ra) throws KeystoreException;
public X509Certificate generateX509Certificate() throws KeystoreException; X509Certificate generateX509Certificate() throws KeystoreException;
public SCEPResponse getCACertSCEP() throws KeystoreException; SCEPResponse getCACertSCEP() throws KeystoreException;
public byte[] getCACapsSCEP(); byte[] getCACapsSCEP();
public byte[] getPKIMessageSCEP(InputStream inputStream) throws KeystoreException; byte[] getPKIMessageSCEP(InputStream inputStream) throws KeystoreException;
public X509Certificate generateCertificateFromCSR(PrivateKey privateKey, X509Certificate generateCertificateFromCSR(PrivateKey privateKey, PKCS10CertificationRequest request,
PKCS10CertificationRequest request,
String issueSubject) throws KeystoreException; String issueSubject) throws KeystoreException;
Certificate getCertificateByAlias(String alias) throws KeystoreException;
boolean verifySignature(String headerSignature) throws KeystoreException;
public X509Certificate extractCertificateFromSignature(String headerSignature) throws KeystoreException;
} }

@ -84,4 +84,16 @@ public class CertificateManagementServiceImpl implements CertificateManagementSe
String issueSubject) throws KeystoreException { String issueSubject) throws KeystoreException {
return certificateGenerator.generateCertificateFromCSR(privateKey, request, issueSubject); return certificateGenerator.generateCertificateFromCSR(privateKey, request, issueSubject);
} }
public Certificate getCertificateByAlias(String alias) throws KeystoreException {
return keyStoreReader.getCertificateByAlias(alias);
}
public boolean verifySignature(String headerSignature) throws KeystoreException {
return certificateGenerator.verifySignature(headerSignature);
}
public X509Certificate extractCertificateFromSignature(String headerSignature) throws KeystoreException {
return certificateGenerator.extractCertificateFromSignature(headerSignature);
}
} }

@ -17,6 +17,7 @@
*/ */
package org.wso2.carbon.certificate.mgt.core.util; package org.wso2.carbon.certificate.mgt.core.util;
import java.math.BigInteger;
import java.util.Calendar; import java.util.Calendar;
import java.util.Date; import java.util.Date;
@ -40,4 +41,8 @@ public class CommonUtil {
return calendar.getTime(); return calendar.getTime();
} }
public static synchronized BigInteger generateSerialNumber() {
return BigInteger.valueOf(System.currentTimeMillis());
}
} }

@ -88,7 +88,11 @@
org.wso2.carbon.user.core.tenant, org.wso2.carbon.user.core.tenant,
org.wso2.carbon.utils, org.wso2.carbon.utils,
org.wso2.carbon.utils.multitenancy, org.wso2.carbon.utils.multitenancy,
org.xml.sax org.xml.sax,
javax.servlet.http,
javax.xml,
org.apache.axis2.transport.http,
org.wso2.carbon.apimgt.impl
</Import-Package> </Import-Package>
<!--<Fragment-Host>tomcat</Fragment-Host>--> <!--<Fragment-Host>tomcat</Fragment-Host>-->
</instructions> </instructions>

Loading…
Cancel
Save