community/device-mgt-core
1
0
Fork 0
mirror of https://repository.entgra.net/community/device-mgt-core.git synced 2025-10-06 02:01:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #295 from Shabirmean/master

Browse Source 
Changes to the certificate generators to fetch the Certificate alias from the Unique Identifier set in the CSR
This commit is contained in:
Ruwan 2016-06-08 12:20:31 +05:30
commit 211ea9a8e4
3 changed files with 67 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml
View File

@ -68,8 +68,9 @@
org.bouncycastle.jce.provider, org.bouncycastle.jce.provider,
org.bouncycastle.operator, org.bouncycastle.operator,
org.bouncycastle.operator.jcajce, org.bouncycastle.operator.jcajce,
org.bouncycastle.asn1.x500.style,
org.bouncycastle.pkcs, org.bouncycastle.pkcs,
org.bouncycastle.openssl, <!--org.bouncycastle.openssl,-->
org.bouncycastle.util, org.bouncycastle.util,
org.jscep.message, org.jscep.message,
org.wso2.carbon.context, org.wso2.carbon.context,
@ -77,7 +78,7 @@
org.w3c.dom, org.w3c.dom,
org.xml.sax, org.xml.sax,
javax.sql, javax.sql,
javax.cache, <!--javax.cache,-->
javax.naming, javax.naming,
javax.xml.bind.annotation, javax.xml.bind.annotation,
javax.xml.bind, javax.xml.bind,
@ -85,7 +86,7 @@
org.wso2.carbon.device.mgt.common.*, org.wso2.carbon.device.mgt.common.*,
io.swagger.annotations.*;resolution:=optional, io.swagger.annotations.*;resolution:=optional,
org.wso2.carbon.device.mgt.core.*, org.wso2.carbon.device.mgt.core.*,
org.bouncycastle.pkcs.jcajce <!--org.bouncycastle.pkcs.jcajce-->
</Import-Package> </Import-Package>
<Export-Package> <Export-Package>
!org.wso2.carbon.certificate.mgt.core.internal.*, !org.wso2.carbon.certificate.mgt.core.internal.*,

1
components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/dao/impl/GenericCertificateDAOImpl.java
View File

@ -61,6 +61,7 @@ public class GenericCertificateDAOImpl implements CertificateDAO {
getThreadLocalCarbonContext(); getThreadLocalCarbonContext();
String username = threadLocalCarbonContext.getUsername(); String username = threadLocalCarbonContext.getUsername();
for (Certificate certificate : certificates) { for (Certificate certificate : certificates) {
// the serial number of the certificate used for its creation is set as its alias.
String serialNumber = certificate.getSerial(); String serialNumber = certificate.getSerial();
if (serialNumber == null || serialNumber.isEmpty()) { if (serialNumber == null || serialNumber.isEmpty()) {
serialNumber = String.valueOf(certificate.getCertificate().getSerialNumber()); serialNumber = String.valueOf(certificate.getCertificate().getSerialNumber());

76
components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java
View File

@ -25,7 +25,9 @@ import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Primitive; import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.pkcs.Attribute; import org.bouncycastle.asn1.pkcs.Attribute;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.KeyUsage; import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.X509Extension; import org.bouncycastle.asn1.x509.X509Extension;
import org.bouncycastle.cert.CertIOException; import org.bouncycastle.cert.CertIOException;
@ -44,14 +46,14 @@ import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest; import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.util.Store; import org.bouncycastle.util.Store;
import org.jscep.message.PkcsPkiEnvelopeDecoder;
import org.jscep.message.PkiMessageDecoder;
import org.jscep.message.PkiMessage;
import org.jscep.message.CertRep; import org.jscep.message.CertRep;
import org.jscep.message.PkcsPkiEnvelopeEncoder;
import org.jscep.message.PkiMessageEncoder;
import org.jscep.message.MessageEncodingException;
import org.jscep.message.MessageDecodingException; import org.jscep.message.MessageDecodingException;
import org.jscep.message.MessageEncodingException;
import org.jscep.message.PkcsPkiEnvelopeDecoder;
import org.jscep.message.PkcsPkiEnvelopeEncoder;
import org.jscep.message.PkiMessage;
import org.jscep.message.PkiMessageDecoder;
import org.jscep.message.PkiMessageEncoder;
import org.jscep.transaction.FailInfo; import org.jscep.transaction.FailInfo;
import org.jscep.transaction.Nonce; import org.jscep.transaction.Nonce;
import org.jscep.transaction.TransactionId; import org.jscep.transaction.TransactionId;
@ -70,10 +72,31 @@ import org.wso2.carbon.device.mgt.common.TransactionManagementException;
import javax.security.auth.x500.X500Principal; import javax.security.auth.x500.X500Principal;
import javax.xml.bind.DatatypeConverter; import javax.xml.bind.DatatypeConverter;
import java.io.*; import java.io.ByteArrayInputStream;
import java.security.*; import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.Certificate; import java.security.cert.Certificate;
import java.security.cert.*; import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException; import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList; import java.util.ArrayList;
@ -299,7 +322,7 @@ public class CertificateGenerator {
if (distinguishedName != null && !distinguishedName.isEmpty()) { if (distinguishedName != null && !distinguishedName.isEmpty()) {
String[] dnSplits = distinguishedName.split("/CN="); String[] dnSplits = distinguishedName.split("/CN=");
if (dnSplits != null) { if (dnSplits != null) {
String commonNameExtracted = dnSplits[dnSplits.length-1]; String commonNameExtracted = dnSplits[dnSplits.length - 1];
lookUpCertificate = keyStoreReader.getCertificateBySerial(commonNameExtracted); lookUpCertificate = keyStoreReader.getCertificateBySerial(commonNameExtracted);
} }
} }
@ -419,12 +442,37 @@ public class CertificateGenerator {
// } // }
// } // }
RDN[] certUniqueIdRDN;
BigInteger certUniqueIdentifier;
// IMPORTANT: "Serial-Number" of the certificate used when creating it, is set as its "Alias" to save to
// keystore.
if (request.getSubject().getRDNs(BCStyle.UNIQUE_IDENTIFIER).length != 0) {
// if certificate attribute "UNIQUE_IDENTIFIER" exists use its hash as the "Serial-Number" for the
// certificate.
certUniqueIdRDN = request.getSubject().getRDNs(BCStyle.UNIQUE_IDENTIFIER);
certUniqueIdentifier = BigInteger.valueOf(certUniqueIdRDN[0].getFirst().getValue().toString().hashCode());
} else if (request.getSubject().getRDNs(BCStyle.SERIALNUMBER).length != 0) {
// else if certificate attribute "SERIAL_NUMBER" exists use its hash as the "Serial-Number" for the
// certificate.
certUniqueIdRDN = request.getSubject().getRDNs(BCStyle.SERIALNUMBER);
certUniqueIdentifier = BigInteger.valueOf(certUniqueIdRDN[0].getFirst().getValue().toString().hashCode());
} else {
// else get the BigInteger Value of the integer that is the current system-time in millis as the
// "Serial-Number".
certUniqueIdentifier = CommonUtil.generateSerialNumber();
}
X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder( X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(
new X500Name(issueSubject), CommonUtil.generateSerialNumber(), new X500Name(issueSubject), certUniqueIdentifier, validityBeginDate, validityEndDate, certSubject,
validityBeginDate, validityEndDate, certSubject, request.getSubjectPublicKeyInfo()); request.getSubjectPublicKeyInfo());
ContentSigner sigGen; ContentSigner sigGen;
X509Certificate issuedCert; X509Certificate issuedCert;
try { try {
certificateBuilder.addExtension(X509Extension.keyUsage, true, new KeyUsage( certificateBuilder.addExtension(X509Extension.keyUsage, true, new KeyUsage(
KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
@ -434,7 +482,7 @@ public class CertificateGenerator {
if (extractedValue != null) { if (extractedValue != null) {
certificateBuilder.addExtension(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, true, certificateBuilder.addExtension(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, true,
extractedValue); extractedValue);
} }
} }
@ -691,7 +739,7 @@ public class CertificateGenerator {
throw new KeystoreException("CSR cannot be recovered.", e); throw new KeystoreException("CSR cannot be recovered.", e);
} }
X509Certificate signedCertificate = generateCertificateFromCSR(privateKeyCA, certificationRequest, X509Certificate signedCertificate = generateCertificateFromCSR(privateKeyCA, certificationRequest,
certCA.getIssuerX500Principal().getName()); certCA.getIssuerX500Principal().getName());
return signedCertificate; return signedCertificate;
} }