Hi Prabath. I guess you missed the last line of my mail. ;) We are going to do what you suggested in M7. For just M6 we are trying to go with this solution. Any way even for that solution we need this to work right? So any idea what's going wrong here?
Thanks & Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Fri, Oct 3, 2014 at 10:14 PM, Prabath Siriwardena <[email protected]> wrote: > I thought we agreed to go ahead with self-issued access tokens? > > Thanks & regards, > -Prabath > > On Fri, Oct 3, 2014 at 10:04 PM, Danushka Fernando <[email protected]> > wrote: > > Hi All > > I am trying to send some singed string from client to the server and in > > server side I am trying to verify it. My code is as per below. > > > > Client Side > > > > //Get the filesystem keystore default primary certificate > > KeyStoreManager keyStoreManager; > > keyStoreManager = > > KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID); > > Signature signature; > > try { > > //Sign the secret > > keyStoreManager.getDefaultPrimaryCertificate(); > > signature = Signature.getInstance("SHA1WithRSA"); > > signature.initSign(keyStoreManager.getDefaultPrivateKey()); > > signature.update(serverSecret.getBytes()); > > String signatureString = new String(signature.sign()); > > String headerString = new String(username + ":" + signatureString + ":" + > > serverSecret); > > > > // Set authorization header to service client > > List headerList = new ArrayList(); > > Header header = new Header(); > > header.setName(HTTPConstants.HEADER_AUTHORIZATION); > > header.setValue("CloudLogin " + > > Base64Utils.encode(headerString.getBytes())); > > headerList.add(header); > > serviceClient.getOptions().setProperty(HTTPConstants.HTTP_HEADERS, > > headerList); > > } catch (Exception e) { > > String msg = "Failed to get primary default certificate"; > > log.error(msg, e); > > throw new AppFactoryException(msg, e); > > } > > > > > > > > Server Side > > > > //Get the filesystem keystore default primary certificate > > KeyStoreManager keyStoreManager = > > KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID); > > X509Certificate cert = > > keyStoreManager.getDefaultPrimaryCertificate(); > > > > //Authorization: CloudLogin xxxxxxx > > //header data base64encode(username:signature:secret) > > String authorizationHeader = > > request.getHeader(HTTPConstants.HEADER_AUTHORIZATION); > > String[] headerData = > decodeAuthorizationHeader(authorizationHeader); > > > > Signature signature = Signature.getInstance("SHA1WithRSA"); > > signature.initVerify(cert.getPublicKey()); > > signature.update(headerData[2].getBytes()); > > > > if (signature.verify(headerData[1].getBytes())) { > > //my logic goes here > > } > > } catch (Exception e) { > > log.error("Error authenticating the user " + e.getMessage(), > e); > > } > > return isAuthenticated; > > } > > > > I ended up with the error [1]. Any idea what I am doing wrong. And idea > > would be appreciated. > > @Prabath: We are going to do what you suggested in M7. For just M6 we are > > trying to go with this solution. > > > > [1][2014-10-03 21:40:52,242] ERROR > > {org.wso2.carbon.identity.authenticator.cloud.CloudAuthenticator} - > Error > > authenticating the user Signature length not correct: got 203 but was > > expecting 128 > > java.security.SignatureException: Signature length not correct: got 203 > but > > was expecting 128 > > at sun.security.rsa.RSASignature.engineVerify(RSASignature.java:189) > > at java.security.Signature$Delegate.engineVerify(Signature.java:1172) > > at java.security.Signature.verify(Signature.java:623) > > at > > > org.wso2.carbon.identity.authenticator.cloud.CloudAuthenticator.isAuthenticated(CloudAuthenticator.java:114) > > at > > > org.wso2.carbon.server.admin.module.handler.AuthenticationHandler.isAuthenticated(AuthenticationHandler.java:187) > > at > > > org.wso2.carbon.server.admin.module.handler.AuthenticationHandler.authenticate(AuthenticationHandler.java:96) > > at > > > org.wso2.carbon.server.admin.module.handler.AuthenticationHandler.invoke(AuthenticationHandler.java:66) > > at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340) > > at org.apache.axis2.engine.Phase.invoke(Phase.java:313) > > at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261) > > at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:167) > > at > > > org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172) > > at > org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:146) > > at > > > org.wso2.carbon.core.transports.CarbonServlet.doPost(CarbonServlet.java:231) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:755) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) > > at > > > org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61) > > at > > > org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128) > > at > > > org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) > > at > > > org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68) > > at > > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) > > at > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > > at > > > org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61) > > at > > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) > > at > > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > > at > > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222) > > at > > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) > > at > > > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) > > at > > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) > > at > > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99) > > at > > > org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:178) > > at > > > org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) > > at > > > org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:56) > > at > > > org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) > > at > > > org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:141) > > at > > > org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:156) > > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936) > > at > > > org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:52) > > at > > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) > > at > > > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) > > at > > > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004) > > at > > > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589) > > at > > > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1653) > > at > > > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > > at > > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > > at java.lang.Thread.run(Thread.java:744) > > > > > > Thanks & Regards > > Danushka Fernando > > Software Engineer > > WSO2 inc. http://wso2.com/ > > Mobile : +94716332729 > > > > -- > Thanks & Regards, > Prabath > > Twitter : @prabath > LinkedIn : http://www.linkedin.com/in/prabathsiriwardena > > Mobile : +94 71 809 6732 > > http://blog.facilelogin.com > http://blog.api-security.org >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
