Thanks Harshan,
But I am using multitenancy feature of API manager so the token is
encrypted using using domainname.jks not wso2carbon.jks.
And the domainname.jks does not exists in the physical directory.
My requirement is to validate the jwt token signature generated by wso2 for
tenant using the public key in the client side.
eg,
I have a tenant say ibm.com, the code in AbstractJWTToken is signing the
token using a key which does not exists, is that a in-memory key in the
class AbstractJWTGenerator.
private byte[] signJWT(String assertion, String endUserName)
throws APIManagementException {
try {
//get tenant domain
String tenantDomain =
MultitenantUtils.getTenantDomain(endUserName);
//get tenantId
int tenantId = APIUtil.getTenantId(endUserName);
Key privateKey = null;
if (!(privateKeys.containsKey(tenantId))) {
APIUtil.loadTenantRegistry(tenantId);
//get tenant's key store manager
KeyStoreManager tenantKSM =
KeyStoreManager.getInstance(tenantId);
if
(!tenantDomain.equals(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME)) {
//derive key store name
String ksName = tenantDomain.trim().replace(".", "-");
String jksName = ksName + ".jks";
//obtain private key
//TODO: maintain a hash map with tenants' private keys
after first initialization
privateKey = tenantKSM.getPrivateKey(jksName,
tenantDomain);
} else {
try {
privateKey = tenantKSM.getDefaultPrivateKey();
} catch (Exception e) {
log.error("Error while obtaining private key for
super tenant", e);
}
}
if (privateKey != null) {
privateKeys.put(tenantId, privateKey);
}
} else {
privateKey = privateKeys.get(tenantId);
}
//initialize signature with private key and algorithm
Signature signature = Signature.getInstance(signatureAlgorithm);
signature.initSign((PrivateKey) privateKey);
//update signature with data to be signed
byte[] dataInBytes = assertion.getBytes();
signature.update(dataInBytes);
//sign the assertion and return the signature
byte[] signedInfo = signature.sign();
return signedInfo;
} catch (NoSuchAlgorithmException e) {
String error = "Signature algorithm not found.";
//do not log
throw new APIManagementException(error);
} catch (InvalidKeyException e) {
String error = "Invalid private key provided for the signature";
//do not log
throw new APIManagementException(error);
} catch (SignatureException e) {
String error = "Error in signature";
//do not log
throw new APIManagementException(error);
}
}
On Thu, Jan 14, 2016 at 1:20 PM, Harshan Liyanage <hars...@wso2.com> wrote:
> Hi Pramod,
>
> We are storing the public certificate file in wso2carbon.jks keystore. You
> can find it in <PRODUCT_HOME>/repository/resources/security directory.
> Refer to [1] for obtaining the certificate. For example you can use the
> following command to get the public certificate. Keystore password will be
> wso2carbon.
>
> keytool -export -keystore wso2carbon.jks -alias wso2carbon -file
> public_cert.cer
>
> [1]. https://docs.oracle.com/javase/tutorial/security/toolsign/step5.html
> [2]. https://docs.wso2.com/display/Carbon420/Keystores
>
> Thanks,
>
> Harshan Liyanage
> Software Engineer
> Mobile: *+94724423048*
> Email: hars...@wso2.com
> Blog : http://harshanliyanage.blogspot.com/
> *WSO2, Inc. :** wso2.com <http://wso2.com/>*
> lean.enterprise.middleware.
>
> On Thu, Jan 14, 2016 at 1:02 PM, Pramod Thakur <sendpra...@gmail.com>
> wrote:
>
>> Hi,
>>
>> How can I get public key certificate to validate JWT token signature in
>> wso2 Api Manager for tenant.
>>
>> The problem I am facing is,I couldn't get the public certificate in the
>> physical directory but wso2 is managing to sign the token, I couldn't get
>> how.
>>
>> On Thu, Jan 14, 2016 at 12:57 PM, Pramod Thakur <sendpra...@gmail.com>
>> wrote:
>>
>>> Hi,
>>>
>>> How can I get public key certificate to validate JWT token in wso2 Api
>>> Manager for tenant in the client endpoint.
>>>
>>> The problem i am facing is, i couldn't get the public certificate in the
>>> physical directory but wso2 is managing to sign the token, i couldn't get
>>> how.
>>>
>>>
>>> --
>>> * Regards*
>>> * Pramod Thakur*
>>> * 9980422825*
>>> * Thank you.*
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>> --
>> * Regards*
>> * Pramod Thakur*
>> * 9980422825*
>> * Thank you.*
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
--
* Regards*
* Pramod Thakur*
* 9980422825*
* Thank you.*
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
