mirror of
https://repository.entgra.net/community/device-mgt-core.git
synced 2025-10-06 02:01:45 +00:00
Merge branch 'master' of https://github.com/wso2/carbon-device-mgt
This commit is contained in:
mharindu
commit
97987f6e10
@ -27,7 +27,6 @@
|
|||||||
</parent>
|
</parent>
|
||||||
|
|
||||||
<modelVersion>4.0.0</modelVersion>
|
<modelVersion>4.0.0</modelVersion>
|
||||||
<groupId>org.wso2.carbon.devicemgt</groupId>
|
|
||||||
<artifactId>org.wso2.carbon.certificate.mgt.core</artifactId>
|
<artifactId>org.wso2.carbon.certificate.mgt.core</artifactId>
|
||||||
<version>0.9.2-SNAPSHOT</version>
|
<version>0.9.2-SNAPSHOT</version>
|
||||||
<packaging>bundle</packaging>
|
<packaging>bundle</packaging>
|
||||||
|
|||||||
@ -64,7 +64,6 @@ import java.io.FileInputStream;
|
|||||||
import java.io.FileNotFoundException;
|
import java.io.FileNotFoundException;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import java.math.BigInteger;
|
|
||||||
import java.security.InvalidKeyException;
|
import java.security.InvalidKeyException;
|
||||||
import java.security.KeyFactory;
|
import java.security.KeyFactory;
|
||||||
import java.security.KeyPair;
|
import java.security.KeyPair;
|
||||||
@ -77,6 +76,7 @@ import java.security.PrivateKey;
|
|||||||
import java.security.SecureRandom;
|
import java.security.SecureRandom;
|
||||||
import java.security.Security;
|
import java.security.Security;
|
||||||
import java.security.SignatureException;
|
import java.security.SignatureException;
|
||||||
|
import java.security.cert.Certificate;
|
||||||
import java.security.cert.CertificateEncodingException;
|
import java.security.cert.CertificateEncodingException;
|
||||||
import java.security.cert.CertificateException;
|
import java.security.cert.CertificateException;
|
||||||
import java.security.cert.CertificateExpiredException;
|
import java.security.cert.CertificateExpiredException;
|
||||||
@ -157,10 +157,9 @@ public class CertificateGenerator {
|
|||||||
keyPairGenerator.initialize(ConfigurationUtil.RSA_KEY_LENGTH, new SecureRandom());
|
keyPairGenerator.initialize(ConfigurationUtil.RSA_KEY_LENGTH, new SecureRandom());
|
||||||
KeyPair pair = keyPairGenerator.generateKeyPair();
|
KeyPair pair = keyPairGenerator.generateKeyPair();
|
||||||
X500Principal principal = new X500Principal(ConfigurationUtil.DEFAULT_PRINCIPAL);
|
X500Principal principal = new X500Principal(ConfigurationUtil.DEFAULT_PRINCIPAL);
|
||||||
BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
|
|
||||||
|
|
||||||
X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(
|
X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(
|
||||||
principal, serial, validityBeginDate, validityEndDate,
|
principal, CommonUtil.generateSerialNumber(), validityBeginDate, validityEndDate,
|
||||||
principal, pair.getPublic());
|
principal, pair.getPublic());
|
||||||
ContentSigner contentSigner = new JcaContentSignerBuilder(ConfigurationUtil.SHA256_RSA)
|
ContentSigner contentSigner = new JcaContentSignerBuilder(ConfigurationUtil.SHA256_RSA)
|
||||||
.setProvider(ConfigurationUtil.PROVIDER).build(
|
.setProvider(ConfigurationUtil.PROVIDER).build(
|
||||||
@ -283,6 +282,58 @@ public class CertificateGenerator {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public boolean verifySignature(String headerSignature) throws KeystoreException {
|
||||||
|
Certificate certificate = extractCertificateFromSignature(headerSignature);
|
||||||
|
return (certificate != null);
|
||||||
|
}
|
||||||
|
|
||||||
|
public X509Certificate extractCertificateFromSignature(String headerSignature) throws KeystoreException {
|
||||||
|
|
||||||
|
if (headerSignature == null || headerSignature.isEmpty()) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
KeyStoreReader keyStoreReader = new KeyStoreReader();
|
||||||
|
CMSSignedData signedData = new CMSSignedData(Base64.decodeBase64(headerSignature.getBytes()));
|
||||||
|
Store reqStore = signedData.getCertificates();
|
||||||
|
@SuppressWarnings("unchecked")
|
||||||
|
Collection<X509CertificateHolder> reqCerts = reqStore.getMatches(null);
|
||||||
|
|
||||||
|
if (reqCerts != null && reqCerts.size() > 0) {
|
||||||
|
CertificateFactory certificateFactory = CertificateFactory.getInstance(ConfigurationUtil.X_509);
|
||||||
|
X509CertificateHolder holder = reqCerts.iterator().next();
|
||||||
|
ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(holder.getEncoded());
|
||||||
|
X509Certificate reqCert = (X509Certificate) certificateFactory.
|
||||||
|
generateCertificate(byteArrayInputStream);
|
||||||
|
|
||||||
|
if(reqCert != null && reqCert.getSerialNumber() != null) {
|
||||||
|
Certificate lookUpCertificate = keyStoreReader.getCertificateByAlias(
|
||||||
|
reqCert.getSerialNumber().toString());
|
||||||
|
|
||||||
|
if (lookUpCertificate != null && (lookUpCertificate instanceof X509Certificate)) {
|
||||||
|
return (X509Certificate)lookUpCertificate;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
} catch (CMSException e) {
|
||||||
|
String errorMsg = "CMSException when decoding certificate signature";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
} catch (IOException e) {
|
||||||
|
String errorMsg = "IOException when decoding certificate signature";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
} catch (CertificateException e) {
|
||||||
|
String errorMsg = "CertificateException when decoding certificate signature";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
}
|
||||||
|
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
public X509Certificate generateCertificateFromCSR(PrivateKey privateKey,
|
public X509Certificate generateCertificateFromCSR(PrivateKey privateKey,
|
||||||
PKCS10CertificationRequest request,
|
PKCS10CertificationRequest request,
|
||||||
String issueSubject)
|
String issueSubject)
|
||||||
@ -305,7 +356,7 @@ public class CertificateGenerator {
|
|||||||
}
|
}
|
||||||
|
|
||||||
X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(
|
X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(
|
||||||
new X500Name(issueSubject), BigInteger.valueOf(System.currentTimeMillis()),
|
new X500Name(issueSubject), CommonUtil.generateSerialNumber(),
|
||||||
validityBeginDate, validityEndDate, certSubject, request.getSubjectPublicKeyInfo());
|
validityBeginDate, validityEndDate, certSubject, request.getSubjectPublicKeyInfo());
|
||||||
|
|
||||||
ContentSigner sigGen;
|
ContentSigner sigGen;
|
||||||
|
|||||||
@ -204,6 +204,25 @@ public class KeyStoreReader {
|
|||||||
return raCertificate;
|
return raCertificate;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public Certificate getCertificateByAlias(String alias) throws KeystoreException {
|
||||||
|
|
||||||
|
KeyStore keystore = loadCertificateKeyStore();
|
||||||
|
Certificate raCertificate;
|
||||||
|
try {
|
||||||
|
raCertificate = keystore.getCertificate(alias);
|
||||||
|
} catch (KeyStoreException e) {
|
||||||
|
String errorMsg = "KeyStore issue occurred when retrieving RA private key";
|
||||||
|
log.error(errorMsg, e);
|
||||||
|
throw new KeystoreException(errorMsg, e);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (raCertificate == null) {
|
||||||
|
throw new KeystoreException("RA certificate not found in KeyStore");
|
||||||
|
}
|
||||||
|
|
||||||
|
return raCertificate;
|
||||||
|
}
|
||||||
|
|
||||||
PrivateKey getRAPrivateKey() throws KeystoreException {
|
PrivateKey getRAPrivateKey() throws KeystoreException {
|
||||||
|
|
||||||
KeyStore keystore = loadCertificateKeyStore();
|
KeyStore keystore = loadCertificateKeyStore();
|
||||||
|
|||||||
@ -33,17 +33,22 @@ public interface CertificateManagementService {
|
|||||||
|
|
||||||
Certificate getRACertificate() throws KeystoreException;
|
Certificate getRACertificate() throws KeystoreException;
|
||||||
|
|
||||||
public List<X509Certificate> getRootCertificates(byte[] ca, byte[] ra) throws KeystoreException;
|
List<X509Certificate> getRootCertificates(byte[] ca, byte[] ra) throws KeystoreException;
|
||||||
|
|
||||||
public X509Certificate generateX509Certificate() throws KeystoreException;
|
X509Certificate generateX509Certificate() throws KeystoreException;
|
||||||
|
|
||||||
public SCEPResponse getCACertSCEP() throws KeystoreException;
|
SCEPResponse getCACertSCEP() throws KeystoreException;
|
||||||
|
|
||||||
public byte[] getCACapsSCEP();
|
byte[] getCACapsSCEP();
|
||||||
|
|
||||||
public byte[] getPKIMessageSCEP(InputStream inputStream) throws KeystoreException;
|
byte[] getPKIMessageSCEP(InputStream inputStream) throws KeystoreException;
|
||||||
|
|
||||||
public X509Certificate generateCertificateFromCSR(PrivateKey privateKey,
|
X509Certificate generateCertificateFromCSR(PrivateKey privateKey, PKCS10CertificationRequest request,
|
||||||
PKCS10CertificationRequest request,
|
|
||||||
String issueSubject) throws KeystoreException;
|
String issueSubject) throws KeystoreException;
|
||||||
|
|
||||||
|
Certificate getCertificateByAlias(String alias) throws KeystoreException;
|
||||||
|
|
||||||
|
boolean verifySignature(String headerSignature) throws KeystoreException;
|
||||||
|
|
||||||
|
public X509Certificate extractCertificateFromSignature(String headerSignature) throws KeystoreException;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -84,4 +84,16 @@ public class CertificateManagementServiceImpl implements CertificateManagementSe
|
|||||||
String issueSubject) throws KeystoreException {
|
String issueSubject) throws KeystoreException {
|
||||||
return certificateGenerator.generateCertificateFromCSR(privateKey, request, issueSubject);
|
return certificateGenerator.generateCertificateFromCSR(privateKey, request, issueSubject);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public Certificate getCertificateByAlias(String alias) throws KeystoreException {
|
||||||
|
return keyStoreReader.getCertificateByAlias(alias);
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean verifySignature(String headerSignature) throws KeystoreException {
|
||||||
|
return certificateGenerator.verifySignature(headerSignature);
|
||||||
|
}
|
||||||
|
|
||||||
|
public X509Certificate extractCertificateFromSignature(String headerSignature) throws KeystoreException {
|
||||||
|
return certificateGenerator.extractCertificateFromSignature(headerSignature);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -17,6 +17,7 @@
|
|||||||
*/
|
*/
|
||||||
package org.wso2.carbon.certificate.mgt.core.util;
|
package org.wso2.carbon.certificate.mgt.core.util;
|
||||||
|
|
||||||
|
import java.math.BigInteger;
|
||||||
import java.util.Calendar;
|
import java.util.Calendar;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
|
|
||||||
@ -40,4 +41,8 @@ public class CommonUtil {
|
|||||||
return calendar.getTime();
|
return calendar.getTime();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static synchronized BigInteger generateSerialNumber() {
|
||||||
|
return BigInteger.valueOf(System.currentTimeMillis());
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -88,7 +88,11 @@
|
|||||||
org.wso2.carbon.user.core.tenant,
|
org.wso2.carbon.user.core.tenant,
|
||||||
org.wso2.carbon.utils,
|
org.wso2.carbon.utils,
|
||||||
org.wso2.carbon.utils.multitenancy,
|
org.wso2.carbon.utils.multitenancy,
|
||||||
org.xml.sax
|
org.xml.sax,
|
||||||
|
javax.servlet.http,
|
||||||
|
javax.xml,
|
||||||
|
org.apache.axis2.transport.http,
|
||||||
|
org.wso2.carbon.apimgt.impl
|
||||||
</Import-Package>
|
</Import-Package>
|
||||||
<!--<Fragment-Host>tomcat</Fragment-Host>-->
|
<!--<Fragment-Host>tomcat</Fragment-Host>-->
|
||||||
</instructions>
|
</instructions>
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user