Re: [Dev] How can I get public key certificate

Thu, 14 Jan 2016 00:36:05 -0800 

Thanks Harshan,

But I am using multitenancy feature of API manager so the token is
encrypted using using domainname.jks not wso2carbon.jks.
And the domainname.jks does not exists in the physical directory.



My requirement is to validate the jwt token signature generated by wso2 for
tenant using the public key in the client side.

eg,

I have a tenant say ibm.com, the code in AbstractJWTToken is signing the
token using a key which does not exists, is that a in-memory key in the
class AbstractJWTGenerator.


private byte[] signJWT(String assertion, String endUserName)
            throws APIManagementException {

        try {
            //get tenant domain
            String tenantDomain =
MultitenantUtils.getTenantDomain(endUserName);
            //get tenantId
            int tenantId = APIUtil.getTenantId(endUserName);

            Key privateKey = null;

            if (!(privateKeys.containsKey(tenantId))) {
                APIUtil.loadTenantRegistry(tenantId);
                //get tenant's key store manager
                KeyStoreManager tenantKSM =
KeyStoreManager.getInstance(tenantId);

                if
(!tenantDomain.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) {
                    //derive key store name
                    String ksName = tenantDomain.trim().replace(".", "-");
                    String jksName = ksName + ".jks";
                    //obtain private key
                    //TODO: maintain a hash map with tenants' private keys
after first initialization
                    privateKey = tenantKSM.getPrivateKey(jksName,
tenantDomain);
                } else {
                    try {
                        privateKey = tenantKSM.getDefaultPrivateKey();
                    } catch (Exception e) {
                        log.error("Error while obtaining private key for
super tenant", e);
                    }
                }
                if (privateKey != null) {
                    privateKeys.put(tenantId, privateKey);
                }
            } else {
                privateKey = privateKeys.get(tenantId);
            }

            //initialize signature with private key and algorithm
            Signature signature = Signature.getInstance(signatureAlgorithm);
            signature.initSign((PrivateKey) privateKey);

            //update signature with data to be signed
            byte[] dataInBytes = assertion.getBytes();
            signature.update(dataInBytes);

            //sign the assertion and return the signature
            byte[] signedInfo = signature.sign();
            return signedInfo;

        } catch (NoSuchAlgorithmException e) {
            String error = "Signature algorithm not found.";
            //do not log
            throw new APIManagementException(error);
        } catch (InvalidKeyException e) {
            String error = "Invalid private key provided for the signature";
            //do not log
            throw new APIManagementException(error);
        } catch (SignatureException e) {
            String error = "Error in signature";
            //do not log
            throw new APIManagementException(error);
        }
    }














On Thu, Jan 14, 2016 at 1:20 PM, Harshan Liyanage <[email protected]> wrote:

> Hi Pramod,
>
> We are storing the public certificate file in wso2carbon.jks keystore. You
> can find it in <PRODUCT_HOME>/repository/resources/security directory.
> Refer to [1] for obtaining the certificate. For example you can use the
> following command to get the public certificate. Keystore password will be
> wso2carbon.
>
> keytool -export -keystore wso2carbon.jks -alias wso2carbon -file
> public_cert.cer
>
> [1]. https://docs.oracle.com/javase/tutorial/security/toolsign/step5.html
> [2]. https://docs.wso2.com/display/Carbon420/Keystores
>
> Thanks,
>
> Harshan Liyanage
> Software Engineer
> Mobile: *+94724423048*
> Email: [email protected]
> Blog : http://harshanliyanage.blogspot.com/
> *WSO2, Inc. :** wso2.com <http://wso2.com/>*
> lean.enterprise.middleware.
>
> On Thu, Jan 14, 2016 at 1:02 PM, Pramod Thakur <[email protected]>
> wrote:
>
>> Hi,
>>
>> How can I get public key certificate to validate JWT token signature in
>> wso2 Api Manager for tenant.
>>
>> The problem I am facing is,I couldn't get the public certificate in the
>> physical directory but wso2 is managing to sign the token, I couldn't get
>> how.
>>
>> On Thu, Jan 14, 2016 at 12:57 PM, Pramod Thakur <[email protected]>
>> wrote:
>>
>>> Hi,
>>>
>>> How can I get public key certificate to validate JWT token in wso2 Api
>>> Manager for tenant in the client endpoint.
>>>
>>> The problem i am facing is, i couldn't get the public certificate in the
>>> physical directory but wso2 is managing to sign the token, i couldn't get
>>> how.
>>>
>>>
>>> --
>>> * Regards*
>>> * Pramod Thakur*
>>> * 9980422825*
>>> * Thank you.*
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>> --
>> * Regards*
>> * Pramod Thakur*
>> * 9980422825*
>> * Thank you.*
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Dev mailing list
>> [email protected]
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>


-- 
* Regards*
* Pramod Thakur*
* 9980422825*
* Thank you.*

_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to