I thought we agreed to go ahead with self-issued access tokens? Thanks & regards, -Prabath
On Fri, Oct 3, 2014 at 10:04 PM, Danushka Fernando <[email protected]> wrote: > Hi All > I am trying to send some singed string from client to the server and in > server side I am trying to verify it. My code is as per below. > > Client Side > > //Get the filesystem keystore default primary certificate > KeyStoreManager keyStoreManager; > keyStoreManager = > KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID); > Signature signature; > try { > //Sign the secret > keyStoreManager.getDefaultPrimaryCertificate(); > signature = Signature.getInstance("SHA1WithRSA"); > signature.initSign(keyStoreManager.getDefaultPrivateKey()); > signature.update(serverSecret.getBytes()); > String signatureString = new String(signature.sign()); > String headerString = new String(username + ":" + signatureString + ":" + > serverSecret); > > // Set authorization header to service client > List headerList = new ArrayList(); > Header header = new Header(); > header.setName(HTTPConstants.HEADER_AUTHORIZATION); > header.setValue("CloudLogin " + > Base64Utils.encode(headerString.getBytes())); > headerList.add(header); > serviceClient.getOptions().setProperty(HTTPConstants.HTTP_HEADERS, > headerList); > } catch (Exception e) { > String msg = "Failed to get primary default certificate"; > log.error(msg, e); > throw new AppFactoryException(msg, e); > } > > > > Server Side > > //Get the filesystem keystore default primary certificate > KeyStoreManager keyStoreManager = > KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID); > X509Certificate cert = > keyStoreManager.getDefaultPrimaryCertificate(); > > //Authorization: CloudLogin xxxxxxx > //header data base64encode(username:signature:secret) > String authorizationHeader = > request.getHeader(HTTPConstants.HEADER_AUTHORIZATION); > String[] headerData = decodeAuthorizationHeader(authorizationHeader); > > Signature signature = Signature.getInstance("SHA1WithRSA"); > signature.initVerify(cert.getPublicKey()); > signature.update(headerData[2].getBytes()); > > if (signature.verify(headerData[1].getBytes())) { > //my logic goes here > } > } catch (Exception e) { > log.error("Error authenticating the user " + e.getMessage(), e); > } > return isAuthenticated; > } > > I ended up with the error [1]. Any idea what I am doing wrong. And idea > would be appreciated. > @Prabath: We are going to do what you suggested in M7. For just M6 we are > trying to go with this solution. > > [1][2014-10-03 21:40:52,242] ERROR > {org.wso2.carbon.identity.authenticator.cloud.CloudAuthenticator} - Error > authenticating the user Signature length not correct: got 203 but was > expecting 128 > java.security.SignatureException: Signature length not correct: got 203 but > was expecting 128 > at sun.security.rsa.RSASignature.engineVerify(RSASignature.java:189) > at java.security.Signature$Delegate.engineVerify(Signature.java:1172) > at java.security.Signature.verify(Signature.java:623) > at > org.wso2.carbon.identity.authenticator.cloud.CloudAuthenticator.isAuthenticated(CloudAuthenticator.java:114) > at > org.wso2.carbon.server.admin.module.handler.AuthenticationHandler.isAuthenticated(AuthenticationHandler.java:187) > at > org.wso2.carbon.server.admin.module.handler.AuthenticationHandler.authenticate(AuthenticationHandler.java:96) > at > org.wso2.carbon.server.admin.module.handler.AuthenticationHandler.invoke(AuthenticationHandler.java:66) > at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340) > at org.apache.axis2.engine.Phase.invoke(Phase.java:313) > at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261) > at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:167) > at > org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172) > at org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:146) > at > org.wso2.carbon.core.transports.CarbonServlet.doPost(CarbonServlet.java:231) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:755) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) > at > org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61) > at > org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128) > at > org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) > at > org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99) > at > org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:178) > at > org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) > at > org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:56) > at > org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) > at > org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:141) > at > org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:156) > at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936) > at > org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:52) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) > at > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004) > at > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589) > at > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1653) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > at java.lang.Thread.run(Thread.java:744) > > > Thanks & Regards > Danushka Fernando > Software Engineer > WSO2 inc. http://wso2.com/ > Mobile : +94716332729 -- Thanks & Regards, Prabath Twitter : @prabath LinkedIn : http://www.linkedin.com/in/prabathsiriwardena Mobile : +94 71 809 6732 http://blog.facilelogin.com http://blog.api-security.org _______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
