mirror of
https://repository.entgra.net/community/device-mgt-core.git
synced 2025-10-06 02:01:45 +00:00
Certificate authenticator changes
This commit is contained in:
Dilshan Edirisuriya
parent
9ae6099d2b
commit
d17f1356e7
@ -92,7 +92,9 @@
|
||||
javax.servlet.http,
|
||||
javax.xml,
|
||||
org.apache.axis2.transport.http,
|
||||
org.wso2.carbon.apimgt.impl
|
||||
org.wso2.carbon.apimgt.impl,
|
||||
org.wso2.carbon.certificate.mgt.core.service,
|
||||
org.wso2.carbon.certificate.mgt.core.exception
|
||||
</Import-Package>
|
||||
<!--<Fragment-Host>tomcat</Fragment-Host>-->
|
||||
</instructions>
|
||||
@ -146,6 +148,10 @@
|
||||
<groupId>org.wso2.orbit.com.nimbusds</groupId>
|
||||
<artifactId>nimbus-jose-jwt</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.wso2.carbon.devicemgt</groupId>
|
||||
<artifactId>org.wso2.carbon.certificate.mgt.core</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
</project>
|
||||
|
||||
@ -18,12 +18,14 @@
|
||||
*/
|
||||
package org.wso2.carbon.webapp.authenticator.framework;
|
||||
|
||||
import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService;
|
||||
import org.wso2.carbon.user.core.service.RealmService;
|
||||
|
||||
public class DataHolder {
|
||||
|
||||
private WebappAuthenticatorRepository repository;
|
||||
private RealmService realmService;
|
||||
private CertificateManagementService certificateManagementService;
|
||||
|
||||
private DataHolder() {}
|
||||
|
||||
@ -48,4 +50,12 @@ public class DataHolder {
|
||||
public void setRealmService(RealmService realmService) {
|
||||
this.realmService = realmService;
|
||||
}
|
||||
|
||||
public CertificateManagementService getCertificateManagementService() {
|
||||
return certificateManagementService;
|
||||
}
|
||||
|
||||
public void setCertificateManagementService(CertificateManagementService certificateManagementService) {
|
||||
this.certificateManagementService = certificateManagementService;
|
||||
}
|
||||
}
|
||||
|
||||
@ -0,0 +1,78 @@
|
||||
package org.wso2.carbon.webapp.authenticator.framework.authenticator;
|
||||
|
||||
import org.apache.catalina.connector.Request;
|
||||
import org.apache.catalina.connector.Response;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.wso2.carbon.certificate.mgt.core.exception.KeystoreException;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.DataHolder;
|
||||
|
||||
/**
|
||||
* This authenticator authenticates HTTP requests using certificates.
|
||||
*/
|
||||
public class CertificateAuthenticator implements WebappAuthenticator {
|
||||
|
||||
private static final Log log = LogFactory.getLog(CertificateAuthenticator.class);
|
||||
private static final String CERTIFICATE_AUTHENTICATOR = "CertificateAuth";
|
||||
private static final String HEADER_MDM_SIGNATURE = "Mdm-Signature";
|
||||
private String[] skippedURIs;
|
||||
|
||||
public CertificateAuthenticator() {
|
||||
skippedURIs = new String[]{
|
||||
"/ios-enrollment/ca",
|
||||
"/ios-enrollment/authenticate",
|
||||
"/ios-enrollment/profile",
|
||||
"/ios-enrollment/scep",
|
||||
"/ios-enrollment/enroll",
|
||||
"/ios-enrollment/enrolled"};
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean canHandle(Request request) {
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Status authenticate(Request request, Response response) {
|
||||
|
||||
String requestUri = request.getRequestURI();
|
||||
if (requestUri == null || requestUri.isEmpty()) {
|
||||
return Status.CONTINUE;
|
||||
}
|
||||
|
||||
if(isURISkipped(requestUri)) {
|
||||
return Status.CONTINUE;
|
||||
}
|
||||
|
||||
String headerMDMSignature = request.getHeader(HEADER_MDM_SIGNATURE);
|
||||
|
||||
try {
|
||||
if (headerMDMSignature != null && !headerMDMSignature.isEmpty() &&
|
||||
DataHolder.getInstance().getCertificateManagementService().verifySignature(headerMDMSignature)) {
|
||||
return Status.SUCCESS;
|
||||
}
|
||||
} catch (KeystoreException e) {
|
||||
log.error("KeystoreException occurred ", e);
|
||||
return Status.FAILURE;
|
||||
}
|
||||
|
||||
return Status.FAILURE;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getName() {
|
||||
return CERTIFICATE_AUTHENTICATOR;
|
||||
}
|
||||
|
||||
private boolean isURISkipped(String requestUri) {
|
||||
|
||||
for (String element : skippedURIs) {
|
||||
if (element.equals(requestUri)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
}
|
||||
@ -21,14 +21,14 @@ package org.wso2.carbon.webapp.authenticator.framework.internal;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.osgi.service.component.ComponentContext;
|
||||
import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService;
|
||||
import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve;
|
||||
import org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer;
|
||||
import org.wso2.carbon.user.core.service.RealmService;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.DataHolder;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticationHandler;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticatorFrameworkValve;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticatorRepository;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.config.AuthenticatorConfig;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.config.WebappAuthenticatorConfig;
|
||||
|
||||
@ -44,6 +44,12 @@ import java.util.List;
|
||||
* policy="dynamic"
|
||||
* bind="setRealmService"
|
||||
* unbind="unsetRealmService"
|
||||
* @scr.reference name="org.wso2.carbon.certificate.mgt"
|
||||
* interface="org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService"
|
||||
* policy="dynamic"
|
||||
* cardinality="1..n"
|
||||
* bind="setCertificateManagementService"
|
||||
* unbind="unsetCertificateManagementService"
|
||||
*/
|
||||
public class WebappAuthenticatorFrameworkServiceComponent {
|
||||
|
||||
@ -91,4 +97,19 @@ public class WebappAuthenticatorFrameworkServiceComponent {
|
||||
protected void unsetRealmService(RealmService realmService) {
|
||||
DataHolder.getInstance().setRealmService(null);
|
||||
}
|
||||
|
||||
protected void setCertificateManagementService(CertificateManagementService certificateManagementService) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Setting certificate management service");
|
||||
}
|
||||
DataHolder.getInstance().setCertificateManagementService(certificateManagementService);
|
||||
}
|
||||
|
||||
protected void unsetCertificateManagementService(CertificateManagementService certificateManagementService) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Removing certificate management service");
|
||||
}
|
||||
|
||||
DataHolder.getInstance().setCertificateManagementService(null);
|
||||
}
|
||||
}
|
||||
|
||||
@ -12,5 +12,9 @@
|
||||
<Name>JWT</Name>
|
||||
<ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.JWTAuthenticator</ClassName>
|
||||
</Authenticator>
|
||||
<Authenticator>
|
||||
<Name>CertificateAuth</Name>
|
||||
<ClassName>org.wso2.carbon.webapp.authenticator.framework.authenticator.CertificateAuthenticator</ClassName>
|
||||
</Authenticator>
|
||||
</Authenticators>
|
||||
</WebappAuthenticatorConfig>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user