Resolved by base 64 encoding the signature seperately. Thanks & Regards Danushka Fernando Software Engineer WSO2 inc. http://wso2.com/ Mobile : +94716332729
On Sat, Oct 4, 2014 at 12:07 AM, Danushka Fernando <[email protected]> wrote: > Hi Prabath. > I guess you missed the last line of my mail. ;) > We are going to do what you suggested in M7. For just M6 we are trying to > go with this solution. Any way even for that solution we need this to work > right? So any idea what's going wrong here? > > Thanks & Regards > Danushka Fernando > Software Engineer > WSO2 inc. http://wso2.com/ > Mobile : +94716332729 > > On Fri, Oct 3, 2014 at 10:14 PM, Prabath Siriwardena <[email protected]> > wrote: > >> I thought we agreed to go ahead with self-issued access tokens? >> >> Thanks & regards, >> -Prabath >> >> On Fri, Oct 3, 2014 at 10:04 PM, Danushka Fernando <[email protected]> >> wrote: >> > Hi All >> > I am trying to send some singed string from client to the server and in >> > server side I am trying to verify it. My code is as per below. >> > >> > Client Side >> > >> > //Get the filesystem keystore default primary certificate >> > KeyStoreManager keyStoreManager; >> > keyStoreManager = >> > KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID); >> > Signature signature; >> > try { >> > //Sign the secret >> > keyStoreManager.getDefaultPrimaryCertificate(); >> > signature = Signature.getInstance("SHA1WithRSA"); >> > signature.initSign(keyStoreManager.getDefaultPrivateKey()); >> > signature.update(serverSecret.getBytes()); >> > String signatureString = new String(signature.sign()); >> > String headerString = new String(username + ":" + signatureString + ":" >> + >> > serverSecret); >> > >> > // Set authorization header to service client >> > List headerList = new ArrayList(); >> > Header header = new Header(); >> > header.setName(HTTPConstants.HEADER_AUTHORIZATION); >> > header.setValue("CloudLogin " + >> > Base64Utils.encode(headerString.getBytes())); >> > headerList.add(header); >> > serviceClient.getOptions().setProperty(HTTPConstants.HTTP_HEADERS, >> > headerList); >> > } catch (Exception e) { >> > String msg = "Failed to get primary default certificate"; >> > log.error(msg, e); >> > throw new AppFactoryException(msg, e); >> > } >> > >> > >> > >> > Server Side >> > >> > //Get the filesystem keystore default primary certificate >> > KeyStoreManager keyStoreManager = >> > KeyStoreManager.getInstance(MultitenantConstants.SUPER_TENANT_ID); >> > X509Certificate cert = >> > keyStoreManager.getDefaultPrimaryCertificate(); >> > >> > //Authorization: CloudLogin xxxxxxx >> > //header data base64encode(username:signature:secret) >> > String authorizationHeader = >> > request.getHeader(HTTPConstants.HEADER_AUTHORIZATION); >> > String[] headerData = >> decodeAuthorizationHeader(authorizationHeader); >> > >> > Signature signature = Signature.getInstance("SHA1WithRSA"); >> > signature.initVerify(cert.getPublicKey()); >> > signature.update(headerData[2].getBytes()); >> > >> > if (signature.verify(headerData[1].getBytes())) { >> > //my logic goes here >> > } >> > } catch (Exception e) { >> > log.error("Error authenticating the user " + >> e.getMessage(), e); >> > } >> > return isAuthenticated; >> > } >> > >> > I ended up with the error [1]. Any idea what I am doing wrong. And idea >> > would be appreciated. >> > @Prabath: We are going to do what you suggested in M7. For just M6 we >> are >> > trying to go with this solution. >> > >> > [1][2014-10-03 21:40:52,242] ERROR >> > {org.wso2.carbon.identity.authenticator.cloud.CloudAuthenticator} - >> Error >> > authenticating the user Signature length not correct: got 203 but was >> > expecting 128 >> > java.security.SignatureException: Signature length not correct: got 203 >> but >> > was expecting 128 >> > at sun.security.rsa.RSASignature.engineVerify(RSASignature.java:189) >> > at java.security.Signature$Delegate.engineVerify(Signature.java:1172) >> > at java.security.Signature.verify(Signature.java:623) >> > at >> > >> org.wso2.carbon.identity.authenticator.cloud.CloudAuthenticator.isAuthenticated(CloudAuthenticator.java:114) >> > at >> > >> org.wso2.carbon.server.admin.module.handler.AuthenticationHandler.isAuthenticated(AuthenticationHandler.java:187) >> > at >> > >> org.wso2.carbon.server.admin.module.handler.AuthenticationHandler.authenticate(AuthenticationHandler.java:96) >> > at >> > >> org.wso2.carbon.server.admin.module.handler.AuthenticationHandler.invoke(AuthenticationHandler.java:66) >> > at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340) >> > at org.apache.axis2.engine.Phase.invoke(Phase.java:313) >> > at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261) >> > at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:167) >> > at >> > >> org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172) >> > at >> org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:146) >> > at >> > >> org.wso2.carbon.core.transports.CarbonServlet.doPost(CarbonServlet.java:231) >> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:755) >> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) >> > at >> > >> org.eclipse.equinox.http.servlet.internal.ServletRegistration.service(ServletRegistration.java:61) >> > at >> > >> org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(ProxyServlet.java:128) >> > at >> > >> org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(ProxyServlet.java:68) >> > at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) >> > at >> > >> org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service(DelegationServlet.java:68) >> > at >> > >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) >> > at >> > >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) >> > at >> > >> org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilter(CharacterSetFilter.java:61) >> > at >> > >> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) >> > at >> > >> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) >> > at >> > >> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222) >> > at >> > >> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123) >> > at >> > >> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) >> > at >> > >> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) >> > at >> > >> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99) >> > at >> > >> org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:178) >> > at >> > >> org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47) >> > at >> > >> org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:56) >> > at >> > >> org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47) >> > at >> > >> org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:141) >> > at >> > >> org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:156) >> > at >> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936) >> > at >> > >> org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:52) >> > at >> > >> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) >> > at >> > >> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) >> > at >> > >> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004) >> > at >> > >> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589) >> > at >> > >> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1653) >> > at >> > >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) >> > at >> > >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) >> > at java.lang.Thread.run(Thread.java:744) >> > >> > >> > Thanks & Regards >> > Danushka Fernando >> > Software Engineer >> > WSO2 inc. http://wso2.com/ >> > Mobile : +94716332729 >> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> Twitter : @prabath >> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >> >> Mobile : +94 71 809 6732 >> >> http://blog.facilelogin.com >> http://blog.api-security.org >> > >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
