Permalink
Browse files

Merge branch 'master' of github.com:DomoTop/DomoTop

  • Loading branch information...
2 parents 945a3b2 + f750552 commit b8cf04370d61dbfd34362f4d3ba3d60f7a3cc151 @vi-n vi-n committed May 11, 2012
@@ -26,9 +26,12 @@
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
+import java.security.Principal;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.Date;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@@ -43,6 +46,8 @@
import org.openremote.controller.service.ConfigurationService;
import org.openremote.controller.spring.SpringContext;
+import sun.security.x509.X509Cert;
+
/**
* This servlet implements the REST API '/rest/certificate/create' functionality which creates
* a certificate when a call has been done. <p>
@@ -79,8 +84,10 @@
private static final ClientService clientService = (ClientService) SpringContext.getInstance().getBean("clientService");
private static final ConfigurationService configurationService = (ConfigurationService) SpringContext.getInstance().getBean("configurationService");
private static final String CA_ALIAS = "ca.alias";
-
- protected String getChain(String username) throws IOException
+ private static final String ERROR_INVALID_DN = "INVALID_DN";
+ private static final String ERROR_DATE_EXPIRED = "DATE_EXPIRED";
+
+ protected String getChain(String username) throws Exception
{
username = URLDecoder.decode(username, "UTF-8");
String rootCAPath = configurationService.getItem("ca_path");
@@ -113,8 +120,25 @@ protected String getChain(String username) throws IOException
{
// Check client certificate
//if(clientService.(dn, datum)
+ X509Certificate x509cert = (X509Certificate) certificate;
+ Principal dname = x509cert.getSubjectDN();
+ Date notAfterDate = x509cert.getNotAfter();
- sb.append(new String(Base64.encodeBase64(certificate.getEncoded())));
+ if(clientService.isClientValid(dname.toString()))
+ {
+ if(clientService.isClientDateValid(notAfterDate))
+ {
+ sb.append(new String(Base64.encodeBase64(certificate.getEncoded())));
+ }
+ else
+ {
+ throw new Exception(ERROR_DATE_EXPIRED);
+ }
+ }
+ else
+ {
+ throw new Exception(ERROR_INVALID_DN);
+ }
}
else
{
@@ -162,6 +186,17 @@ protected String getChain(String username) throws IOException
logger.error("Failed to get certificate: " + e.getMessage());
response.setStatus(404);
sendResponse(response, "No certificate by that name");
- }
+ } catch (Exception e) {
+ if(e.getMessage().equals(ERROR_INVALID_DN))
+ {
+ logger.error("Certificate has an invalid DN.");
+ response.setStatus(431);
+ sendResponse(response, "Invalid DN");
+ } else if(e.getMessage().equals(ERROR_DATE_EXPIRED)) {
+ logger.error("Certificate has been expired.");
+ response.setStatus(432);
+ sendResponse(response, "Date expired");
+ }
+ }
}
}
@@ -75,11 +75,8 @@ protected String getGroup(Principal DN) throws IOException
Principal DN = null;
try
{
- logger.error("Tring to get group");
- logger.error("Auth type: " + request.getAuthType());
if(request.getAuthType() == HttpServletRequest.CLIENT_CERT_AUTH)
{
- logger.error("Has client cert");
// Obtain the certificate from the request, if any
X509Certificate[] certs = null;
if (request != null)
@@ -95,7 +92,6 @@ protected String getGroup(Principal DN) throws IOException
else
{
DN = certs[0].getSubjectDN();
- logger.error("DN= " + DN);
}
}
@@ -1,7 +1,9 @@
package org.openremote.controller.service;
+import java.security.Principal;
import java.security.cert.X509Certificate;
import java.sql.ResultSet;
+import java.util.Date;
/**
* @author <a href="mailto:melroy.van.den.berg@tass.nl">Melroy van den Berg</a> 2012
@@ -124,10 +126,16 @@
* @return true if the client is valid
*/
boolean isClientValid(String dname);
+ /**
+ * Check if the client's date is valid
+ * @param date the date (not after date)
+ * @return true if the client data is valid
+ */
+ boolean isClientDateValid(Date date);
/**
* Get the client group name via DN
* @return string group name
- */
+ */
String getGroupName(String DN);
/**
* Get timestamp from client via alias and pin
@@ -139,5 +147,5 @@
/**
* Close the result set.
*/
- void free();
+ void free();
}
@@ -10,6 +10,7 @@
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
+import java.util.Date;
import org.apache.log4j.Logger;
import org.openremote.controller.Constants;
@@ -484,6 +485,50 @@ public long getTimestamp(String pin, String deviceName)
return returnValue;
}
+ /**
+ * Check if the client is valid based on a dname
+ * @param dname the dynamic name
+ * @return true if the client is valid
+ */
+ public boolean isClientValid(String dname) {
+ boolean returnValue = false;
+ PreparedStatement preparedStatement = null;
+
+ if (database != null)
+ {
+ try {
+ preparedStatement = database.createPrepareStatement(checkClientQuery + limitByOne);
+ preparedStatement.setString(1, dname);
+ database.doSQL(preparedStatement);
+ returnValue = database.getNumRows() == 1;
+ } catch (SQLException e) {
+ logger.error("SQL Exception: " + e.getMessage());
+ }
+ } else {
+ logger.error("Database is not yet set (null)");
+ }
+ return returnValue;
+ }
+
+ /**
+ * Check if the client's date is valid
+ * @param date the date (not after date)
+ * @return true if the client data is valid
+ */
+ @Override
+ public boolean isClientDateValid(Date date) {
+ boolean returnValue = false;
+ Date currentDate = new Date();
+
+ if(currentDate.before(date)){
+ returnValue = true;
+ } else if(currentDate.equals(date)) {
+ returnValue = true;
+ }
+
+ return returnValue;
+ }
+
/**
* Close the result set.
*/
@@ -521,29 +566,4 @@ public void setDatabaseConfiguration(ConfigurationService databaseConfiguration)
public void setCertificateService(CertificateService certificateService) {
this.certificateService = certificateService;
}
-
- /**
- * Check if the client is valid based on a dname
- * @param dname the dynamic name
- * @return true if the client is valid
- */
- public boolean isClientValid(String dname) {
- boolean returnValue = false;
- PreparedStatement preparedStatement = null;
-
- if (database != null)
- {
- try {
- preparedStatement = database.createPrepareStatement(checkClientQuery + limitByOne);
- preparedStatement.setString(1, dname);
- database.doSQL(preparedStatement);
- returnValue = database.getNumRows() == 1;
- } catch (SQLException e) {
- logger.error("SQL Exception: " + e.getMessage());
- }
- } else {
- logger.error("Database is not yet set (null)");
- }
- return returnValue;
- }
}

0 comments on commit b8cf043

Please sign in to comment.