Merge branch 'master' of https://github.com/wso2/carbon-device-mgt

components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/pom.xml

@@ -71,11 +71,12 @@
                             org.bouncycastle.operator.jcajce,
                             org.bouncycastle.pkcs,
                             org.bouncycastle.util,
-                            org.bouncycastle.asn1.util,
                             org.jscep.message,
                             org.jscep.transaction,
                             org.w3c.dom,
-                            org.xml.sax
+                            org.xml.sax,
+                            javax.xml.bind,
+                            org.bouncycastle.pkcs.jcajce
                         </Import-Package>
                         <Export-Package>
                             !org.wso2.carbon.certificate.mgt.core.internal.*,

components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/impl/CertificateGenerator.java

@@ -44,14 +44,7 @@ import org.bouncycastle.operator.OperatorCreationException;
 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
 import org.bouncycastle.pkcs.PKCS10CertificationRequest;
 import org.bouncycastle.util.Store;
-import org.jscep.message.CertRep;
-import org.jscep.message.MessageDecodingException;
-import org.jscep.message.MessageEncodingException;
-import org.jscep.message.PkcsPkiEnvelopeDecoder;
-import org.jscep.message.PkcsPkiEnvelopeEncoder;
-import org.jscep.message.PkiMessage;
-import org.jscep.message.PkiMessageDecoder;
-import org.jscep.message.PkiMessageEncoder;
+import org.jscep.message.*;
 import org.jscep.transaction.FailInfo;
 import org.jscep.transaction.Nonce;
 import org.jscep.transaction.TransactionId;
@@ -62,32 +55,11 @@ import org.wso2.carbon.certificate.mgt.core.util.CommonUtil;
 import org.wso2.carbon.certificate.mgt.core.util.ConfigurationUtil;
 
 import javax.security.auth.x500.X500Principal;
-import java.io.ByteArrayInputStream;
-import java.io.DataInputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.InvalidKeyException;
-import java.security.KeyFactory;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.SecureRandom;
-import java.security.Security;
-import java.security.SignatureException;
+import javax.xml.bind.DatatypeConverter;
+import java.io.*;
+import java.security.*;
 import java.security.cert.Certificate;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.CertificateNotYetValidException;
-import java.security.cert.X509Certificate;
+import java.security.cert.*;
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.util.ArrayList;
@@ -598,4 +570,31 @@ public class CertificateGenerator {
 
         return null;
     }
+
+    /**
+     * Get Signed certificate by parsing certificate.
+     * @param binarySecurityToken CSR that comes from the client as a String value.It is base 64 encoded request
+     *                            security token.
+     * @return Return signed certificate in X508Certificate type object.
+     * @throws KeystoreException
+     */
+    public X509Certificate getSignedCertificateFromCSR(String binarySecurityToken)
+            throws KeystoreException {
+        byte[] byteArrayBst = DatatypeConverter.parseBase64Binary(binarySecurityToken);
+        PKCS10CertificationRequest certificationRequest;
+        KeyStoreReader keyStoreReader = new KeyStoreReader();
+        PrivateKey privateKeyCA = keyStoreReader.getCAPrivateKey();
+        X509Certificate certCA = (X509Certificate) keyStoreReader.getCACertificate();
+
+        try {
+            certificationRequest = new PKCS10CertificationRequest(byteArrayBst);
+        } catch (IOException e) {
+            String msg = "CSR cannot be recovered.";
+            log.error(msg, e);
+            throw new KeystoreException(msg, e);
+        }
+        X509Certificate signedCertificate = generateCertificateFromCSR(privateKeyCA, certificationRequest,
+                certCA.getIssuerX500Principal().getName());
+        return signedCertificate;
+    }
 }

components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementService.java

@@ -53,4 +53,6 @@ public interface CertificateManagementService {
     public X509Certificate extractCertificateFromSignature(String headerSignature) throws KeystoreException;
 
     String extractChallengeToken(X509Certificate certificate);
+
+    X509Certificate getSignedCertificateFromCSR(String binarySecurityToken) throws KeystoreException;
 }

components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/service/CertificateManagementServiceImpl.java

@@ -100,4 +100,9 @@ public class CertificateManagementServiceImpl implements CertificateManagementSe
     public String extractChallengeToken(X509Certificate certificate) {
         return certificateGenerator.extractChallengeToken(certificate);
     }
+
+    public X509Certificate getSignedCertificateFromCSR(String binarySecurityToken) throws KeystoreException {
+        return certificateGenerator.getSignedCertificateFromCSR(binarySecurityToken);
+    }
+
 }

components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/ConfigurationUtil.java

@@ -37,7 +37,7 @@ public class ConfigurationUtil {
 	public static final String KEYSTORE_RA_CERT_PRIV_PASSWORD = "RAPrivateKeyPassword";
 	public static final String CA_CERT_ALIAS = "CACertAlias";
 	public static final String RA_CERT_ALIAS = "RACertAlias";
-	public static final String SIGNATUREALGO = "SHA1withRSA";
+	public static final String SIGNATURE_ALGORITHM = "SHA1withRSA";
 	public static final String PROVIDER = "BC";
 	public static final String KEYSTORE = "Type";
 	public static final String CERTIFICATE_KEYSTORE = "CertificateKeystoreType";
@@ -56,6 +56,7 @@ public class ConfigurationUtil {
     public static final String RSA_PRIVATE_KEY_END_TEXT = "-----END RSA PRIVATE KEY-----";
     public static final String EMPTY_TEXT = "";
 	public static final int RSA_KEY_LENGTH = 1024;
+	public static final long MILLI_SECONDS = 1000L * 60 * 60 * 24;
 
 
 	private static ConfigurationUtil configurationUtil;

components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/dao/PolicyDAO.java

@@ -41,6 +41,8 @@ public interface PolicyDAO {
      */
     Policy addPolicyToRole(List<String> roleNames, Policy policy) throws PolicyManagerDAOException;
 
+     Policy updateRolesOfPolicy(List<String> rolesToAdd, Policy policy) throws PolicyManagerDAOException;
+
     /**
      * This method is used to add/update the users associated with the policy.
      * @param usernameList - List of the users that needs to be applied
@@ -50,6 +52,8 @@ public interface PolicyDAO {
      */
     Policy addPolicyToUser(List<String> usernameList, Policy policy) throws PolicyManagerDAOException;
 
+    Policy updateUserOfPolicy(List<String> usersToAdd, Policy policy) throws PolicyManagerDAOException;
+
     Policy addPolicyToDevice(List<Device> devices, Policy policy) throws PolicyManagerDAOException;
 
     boolean updatePolicyPriorities(List<Policy> policies) throws PolicyManagerDAOException;
@@ -114,6 +118,8 @@ public interface PolicyDAO {
 
     boolean deleteAllPolicyRelatedConfigs(int policyId) throws PolicyManagerDAOException;
 
+    boolean deleteCriteriaAndDeviceRelatedConfigs(int policyId) throws PolicyManagerDAOException;
+
     List<String> getPolicyAppliedRoles(int policyId) throws PolicyManagerDAOException;
 
     List<String> getPolicyAppliedUsers(int policyId) throws PolicyManagerDAOException;

components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/dao/impl/PolicyDAOImpl.java

@@ -71,17 +71,17 @@ public class PolicyDAOImpl implements PolicyDAO {
     public Policy addPolicyToRole(List<String> rolesToAdd, Policy policy) throws PolicyManagerDAOException {
         Connection conn;
         PreparedStatement insertStmt = null;
-        PreparedStatement deleteStmt = null;
-        final List<String> currentRoles = policy.getRoles();
-
-        SetReferenceTransformer<String> transformer = new SetReferenceTransformer<String>();
-
-        transformer.transform(currentRoles, rolesToAdd);
-        rolesToAdd = transformer.getObjectsToAdd();
-        List<String> rolesToDelete = transformer.getObjectsToRemove();
+//        PreparedStatement deleteStmt = null;
+//        final List<String> currentRoles = this.getPolicy(policy.getId()).getRoles();
+//
+//        SetReferenceTransformer<String> transformer = new SetReferenceTransformer<String>();
+//
+//        transformer.transform(currentRoles, rolesToAdd);
+//        rolesToAdd = transformer.getObjectsToAdd();
+//        List<String> rolesToDelete = transformer.getObjectsToRemove();
         try {
             conn = this.getConnection();
-            if (rolesToAdd.size() > 0){
+            if (rolesToAdd.size() > 0) {
                 String query = "INSERT INTO DM_ROLE_POLICY (ROLE_NAME, POLICY_ID) VALUES (?, ?)";
                 insertStmt = conn.prepareStatement(query);
                 for (String role : rolesToAdd) {
@@ -91,16 +91,16 @@ public class PolicyDAOImpl implements PolicyDAO {
                 }
                 insertStmt.executeBatch();
             }
-            if (rolesToAdd.size() > 0){
-                String deleteQuery = "DELETE FROM DM_ROLE_POLICY WHERE ROLE_NAME=? AND POLICY_ID=?";
-                deleteStmt = conn.prepareStatement(deleteQuery);
-                for (String role : rolesToDelete) {
-                    deleteStmt.setString(1, role);
-                    deleteStmt.setInt(2, policy.getId());
-                    deleteStmt.addBatch();
-                }
-                deleteStmt.executeBatch();
-            }
+//            if (rolesToDelete.size() > 0){
+//                String deleteQuery = "DELETE FROM DM_ROLE_POLICY WHERE ROLE_NAME=? AND POLICY_ID=?";
+//                deleteStmt = conn.prepareStatement(deleteQuery);
+//                for (String role : rolesToDelete) {
+//                    deleteStmt.setString(1, role);
+//                    deleteStmt.setInt(2, policy.getId());
+//                    deleteStmt.addBatch();
+//                }
+//                deleteStmt.executeBatch();
+//            }
         } catch (SQLException e) {
             throw new PolicyManagerDAOException("Error occurred while adding the role name with policy to database", e);
         } finally {
@@ -109,10 +109,100 @@ public class PolicyDAOImpl implements PolicyDAO {
         return policy;
     }
 
+
+    @Override
+    public Policy updateRolesOfPolicy(List<String> rolesToAdd, Policy previousPolicy) throws PolicyManagerDAOException {
+        Connection conn;
+        PreparedStatement insertStmt = null;
+        PreparedStatement deleteStmt = null;
+
+        final List<String> currentRoles = previousPolicy.getRoles();
+
+        SetReferenceTransformer<String> transformer = new SetReferenceTransformer<String>();
+
+        transformer.transform(currentRoles, rolesToAdd);
+        rolesToAdd = transformer.getObjectsToAdd();
+        List<String> rolesToDelete = transformer.getObjectsToRemove();
+        try {
+            conn = this.getConnection();
+            if (rolesToAdd.size() > 0) {
+                String query = "INSERT INTO DM_ROLE_POLICY (ROLE_NAME, POLICY_ID) VALUES (?, ?)";
+                insertStmt = conn.prepareStatement(query);
+                for (String role : rolesToAdd) {
+                    insertStmt.setString(1, role);
+                    insertStmt.setInt(2, previousPolicy.getId());
+                    insertStmt.addBatch();
+                }
+                insertStmt.executeBatch();
+            }
+            if (rolesToDelete.size() > 0) {
+                String deleteQuery = "DELETE FROM DM_ROLE_POLICY WHERE ROLE_NAME=? AND POLICY_ID=?";
+                deleteStmt = conn.prepareStatement(deleteQuery);
+                for (String role : rolesToDelete) {
+                    deleteStmt.setString(1, role);
+                    deleteStmt.setInt(2, previousPolicy.getId());
+                    deleteStmt.addBatch();
+                }
+                deleteStmt.executeBatch();
+            }
+        } catch (SQLException e) {
+            throw new PolicyManagerDAOException("Error occurred while adding the role name with policy to database", e);
+        } finally {
+            PolicyManagementDAOUtil.cleanupResources(insertStmt, null);
+            PolicyManagementDAOUtil.cleanupResources(deleteStmt, null);
+        }
+        return previousPolicy;
+    }
+
     @Override
     public Policy addPolicyToUser(List<String> usersToAdd, Policy policy) throws PolicyManagerDAOException {
         Connection conn;
         PreparedStatement insertStmt = null;
+//        PreparedStatement deleteStmt = null;
+//        final List<String> currentUsers = this.getPolicy(policy.getId()).getUsers();
+//
+//        SetReferenceTransformer<String> transformer = new SetReferenceTransformer<String>();
+//
+//        transformer.transform(currentUsers, usersToAdd);
+//        usersToAdd = transformer.getObjectsToAdd();
+//        List<String> usersToDelete = transformer.getObjectsToRemove();
+        try {
+            conn = this.getConnection();
+            if (usersToAdd.size() > 0) {
+                String query = "INSERT INTO DM_USER_POLICY (POLICY_ID, USERNAME) VALUES (?, ?)";
+                insertStmt = conn.prepareStatement(query);
+                for (String username : usersToAdd) {
+                    insertStmt.setInt(1, policy.getId());
+                    insertStmt.setString(2, username);
+                    insertStmt.addBatch();
+                }
+                insertStmt.executeBatch();
+            }
+//            if (usersToDelete.size() > 0){
+//                String deleteQuery = "DELETE FROM DM_USER_POLICY WHERE USERNAME=? AND POLICY_ID=?";
+//                deleteStmt = conn.prepareStatement(deleteQuery);
+//                for (String username : usersToDelete) {
+//                    deleteStmt.setString(1, username);
+//                    deleteStmt.setInt(2, policy.getId());
+//                    deleteStmt.addBatch();
+//                }
+//                deleteStmt.executeBatch();
+//            }
+
+        } catch (SQLException e) {
+            throw new PolicyManagerDAOException("Error occurred while adding the user name with policy to database", e);
+        } finally {
+            PolicyManagementDAOUtil.cleanupResources(insertStmt, null);
+//            PolicyManagementDAOUtil.cleanupResources(deleteStmt, null);
+        }
+        return policy;
+    }
+
+
+    @Override
+    public Policy updateUserOfPolicy(List<String> usersToAdd, Policy policy) throws PolicyManagerDAOException {
+        Connection conn;
+        PreparedStatement insertStmt = null;
         PreparedStatement deleteStmt = null;
         final List<String> currentUsers = policy.getUsers();
 
@@ -123,7 +213,7 @@ public class PolicyDAOImpl implements PolicyDAO {
         List<String> usersToDelete = transformer.getObjectsToRemove();
         try {
             conn = this.getConnection();
-            if (usersToAdd.size() > 0){
+            if (usersToAdd.size() > 0) {
                 String query = "INSERT INTO DM_USER_POLICY (POLICY_ID, USERNAME) VALUES (?, ?)";
                 insertStmt = conn.prepareStatement(query);
                 for (String username : usersToAdd) {
@@ -133,7 +223,7 @@ public class PolicyDAOImpl implements PolicyDAO {
                 }
                 insertStmt.executeBatch();
             }
-            if (usersToDelete.size() > 0){
+            if (usersToDelete.size() > 0) {
                 String deleteQuery = "DELETE FROM DM_USER_POLICY WHERE USERNAME=? AND POLICY_ID=?";
                 deleteStmt = conn.prepareStatement(deleteQuery);
                 for (String username : usersToDelete) {
@@ -153,6 +243,7 @@ public class PolicyDAOImpl implements PolicyDAO {
         return policy;
     }
 
+
     @Override
     public Policy addPolicyToDevice(List<Device> devices, Policy policy) throws PolicyManagerDAOException {
         Connection conn;
@@ -1202,6 +1293,46 @@ public class PolicyDAOImpl implements PolicyDAO {
         }
     }
 
+
+    @Override
+    public boolean deleteCriteriaAndDeviceRelatedConfigs(int policyId) throws PolicyManagerDAOException {
+        Connection conn;
+        PreparedStatement stmt = null;
+        try {
+            conn = this.getConnection();
+
+//            String userPolicy = "DELETE FROM DM_USER_POLICY WHERE POLICY_ID = ?";
+//            stmt = conn.prepareStatement(userPolicy);
+//            stmt.setInt(1, policyId);
+//            stmt.executeUpdate();
+//
+//            String rolePolicy = "DELETE FROM DM_ROLE_POLICY WHERE POLICY_ID = ?";
+//            stmt = conn.prepareStatement(rolePolicy);
+//            stmt.setInt(1, policyId);
+//            stmt.executeUpdate();
+
+            String devicePolicy = "DELETE FROM DM_DEVICE_POLICY WHERE POLICY_ID = ?";
+            stmt = conn.prepareStatement(devicePolicy);
+            stmt.setInt(1, policyId);
+            stmt.executeUpdate();
+
+            String deleteCriteria = "DELETE FROM DM_POLICY_CRITERIA WHERE POLICY_ID = ?";
+            stmt = conn.prepareStatement(deleteCriteria);
+            stmt.setInt(1, policyId);
+            stmt.executeUpdate();
+
+            if (log.isDebugEnabled()) {
+                log.debug("Policy (" + policyId + ") related configs deleted from database.");
+            }
+            return true;
+        } catch (SQLException e) {
+            throw new PolicyManagerDAOException("Unable to delete the policy (" + policyId +
+                    ") related configs from database", e);
+        } finally {
+            PolicyManagementDAOUtil.cleanupResources(stmt, null);
+        }
+    }
+
     private Connection getConnection() throws PolicyManagerDAOException {
         return PolicyManagementDAOFactory.getConnection();
     }
@@ -1345,7 +1476,8 @@ public class PolicyDAOImpl implements PolicyDAO {
         int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId();
         try {
             conn = this.getConnection();
-            String query = "SELECT * FROM DM_DEVICE_POLICY_APPLIED WHERE DEVICE_ID = ? AND TENANT_ID = ? AND ENROLMENT_ID = ?";
+            String query = "SELECT * FROM DM_DEVICE_POLICY_APPLIED WHERE DEVICE_ID = ? AND TENANT_ID = ? AND " +
+                    "ENROLMENT_ID = ?";
             stmt = conn.prepareStatement(query);
             stmt.setInt(1, deviceId);
             stmt.setInt(2, tenantId);

components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/mgt/impl/PolicyManagerImpl.java

@@ -180,15 +180,15 @@ public class PolicyManagerImpl implements PolicyManager {
             if (!newFeaturesList.isEmpty()) {
                 featureDAO.addProfileFeatures(newFeaturesList, profileId);
             }
-            policyDAO.deleteAllPolicyRelatedConfigs(policy.getId());
+            policyDAO.deleteCriteriaAndDeviceRelatedConfigs(policy.getId());
 
 
             if (policy.getUsers() != null) {
-                policyDAO.addPolicyToUser(policy.getUsers(), previousPolicy);
+                policyDAO.updateUserOfPolicy(policy.getUsers(), previousPolicy);
             }
 
             if (policy.getRoles() != null) {
-                policyDAO.addPolicyToRole(policy.getRoles(), previousPolicy);
+                policyDAO.updateRolesOfPolicy(policy.getRoles(), previousPolicy);
             }
 
             if (policy.getDevices() != null) {
@@ -539,7 +539,7 @@ public class PolicyManagerImpl implements PolicyManager {
         policy.setDevices(deviceList);
 
         try {
-         //   PolicyManagementDAOFactory.openConnection();
+            //   PolicyManagementDAOFactory.openConnection();
             Profile profile = profileManager.getProfile(policy.getProfileId());
             policy.setProfile(profile);
         } catch (ProfileManagementException e) {

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/pom.xml

@@ -90,6 +90,7 @@
                             org.wso2.carbon.utils,
                             org.wso2.carbon.utils.multitenancy,
                             org.xml.sax,
+                            javax.servlet,
                             javax.servlet.http,
                             javax.xml,
                             org.apache.axis2.transport.http,

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/AuthenticationInfo.java

@@ -26,6 +26,7 @@ import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthen
 public class AuthenticationInfo {
 
     private WebappAuthenticator.Status status = WebappAuthenticator.Status.FAILURE;
+    private String message;
     private String username;
     private String tenantDomain;
     private int tenantId = -1;
@@ -43,6 +44,14 @@ public class AuthenticationInfo {
         return username;
     }
 
+    public String getMessage() {
+        return message;
+    }
+
+    public void setMessage(String message) {
+        this.message = message;
+    }
+
     public void setUsername(String username) {
         this.username = username;
     }

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/WebappAuthenticationValve.java

@@ -74,12 +74,12 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
                 privilegedCarbonContext.setTenantId(authenticationInfo.getTenantId());
                 privilegedCarbonContext.setTenantDomain(authenticationInfo.getTenantDomain());
                 privilegedCarbonContext.setUsername(authenticationInfo.getUsername());
-                this.processRequest(request, response, compositeValve, authenticationInfo.getStatus());
+                this.processRequest(request, response, compositeValve, authenticationInfo);
             } finally {
                 PrivilegedCarbonContext.endTenantFlow();
             }
         } else {
-            this.processRequest(request, response, compositeValve, authenticationInfo.getStatus());
+            this.processRequest(request, response, compositeValve, authenticationInfo);
         }
     }
 
@@ -113,14 +113,18 @@ public class WebappAuthenticationValve extends CarbonTomcatValve {
     }
 
     private void processRequest(Request request, Response response, CompositeValve compositeValve,
-                                WebappAuthenticator.Status status) {
-        switch (status) {
+                                AuthenticationInfo authenticationInfo) {
+        switch (authenticationInfo.getStatus()) {
             case SUCCESS:
             case CONTINUE:
                 this.getNext().invoke(request, response, compositeValve);
                 break;
             case FAILURE:
                 String msg = "Failed to authorize incoming request";
+                if(authenticationInfo.getMessage() != null && !authenticationInfo.getMessage().isEmpty()) {
+                    msg = authenticationInfo.getMessage();
+                    response.setHeader("WWW-Authenticate", msg);
+                }
                 log.error(msg);
                 AuthenticationFrameworkUtil
                         .handleResponse(request, response, HttpServletResponse.SC_UNAUTHORIZED,

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/CertificateAuthenticator.java

@@ -51,7 +51,8 @@ public class CertificateAuthenticator implements WebappAuthenticator {
                 if (certHeader != null &&
                     AuthenticatorFrameworkDataHolder.getInstance().getCertificateManagementService().
                             verifySignature(certHeader)) {
-
+                    AuthenticatorFrameworkDataHolder.getInstance().getCertificateManagementService().
+                            extractCertificateFromSignature(certHeader);
                     X509Certificate certificate =
                             AuthenticatorFrameworkDataHolder.getInstance().getCertificateManagementService().
                                     extractCertificateFromSignature(certHeader);

components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authenticator/OAuthAuthenticator.java

@@ -117,6 +117,8 @@ public class OAuthAuthenticator implements WebappAuthenticator {
                     if (oAuth2TokenValidationResponseDTO.isValid()) {
                         authenticationInfo.setStatus(Status.CONTINUE);
                     }
+                } else {
+                    authenticationInfo.setMessage(oAuth2TokenValidationResponseDTO.getErrorMsg());
                 }
             }
         } catch (AuthenticationException e) {