Skip to content

Commit

Permalink
Move util methods to gateway utils
Browse files Browse the repository at this point in the history
  • Loading branch information
imesh94 committed Aug 5, 2024
1 parent cc5a91d commit 9598a1f
Show file tree
Hide file tree
Showing 3 changed files with 49 additions and 48 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@

import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.Map;
import java.util.Optional;

Expand All @@ -32,8 +31,6 @@
public class GatewayClientAuthenticationHandler extends AbstractHandler {

private static final Log log = LogFactory.getLog(GatewayClientAuthenticationHandler.class);
public static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----";
public static final String END_CERT = "-----END CERTIFICATE-----";

@Override
public boolean handleRequest(org.apache.synapse.MessageContext messageContext) {
Expand All @@ -43,7 +40,7 @@ public boolean handleRequest(org.apache.synapse.MessageContext messageContext) {
}

MessageContext ctx = ((Axis2MessageContext) messageContext).getAxis2MessageContext();
X509Certificate x509Certificate = extractAuthCertificateFromMessageContext(ctx);
X509Certificate x509Certificate = GatewayUtils.extractAuthCertificateFromMessageContext(ctx);
Map headers = (Map) ctx.getProperty(MessageContext.TRANSPORT_HEADERS);

Optional<String> encodedCert = Optional.empty();
Expand All @@ -52,7 +49,7 @@ public boolean handleRequest(org.apache.synapse.MessageContext messageContext) {
log.debug("Valid certificate found in request");
}
try {
encodedCert = Optional.of(getPEMEncodedString(x509Certificate));
encodedCert = Optional.of(GatewayUtils.getPEMEncodedString(x509Certificate));
} catch (CertificateEncodingException e) {
log.error("Unable to encode certificate to PEM string", e);
}
Expand All @@ -79,50 +76,7 @@ public boolean handleRequest(org.apache.synapse.MessageContext messageContext) {

@Override
public boolean handleResponse(org.apache.synapse.MessageContext messageContext) {

return true;
}

/**
* Convert X509Certificate to PEM encoded string.
*
* @param certificate X509Certificate
* @return PEM encoded string
*/
private String getPEMEncodedString(X509Certificate certificate) throws CertificateEncodingException {
StringBuilder certificateBuilder = new StringBuilder();
Base64.Encoder encoder = Base64.getMimeEncoder(64, "\n".getBytes());

// Get the encoded certificate in DER format
byte[] encoded = certificate.getEncoded();

// Encode the byte array to a Base64 string
String base64Encoded = encoder.encodeToString(encoded);

// Build the PEM formatted certificate
certificateBuilder.append(BEGIN_CERT);
certificateBuilder.append(base64Encoded);
certificateBuilder.append("\n");
certificateBuilder.append(END_CERT);

return certificateBuilder.toString();
}

/**
* Extract Certificate from Message Context.
*
* @param ctx Message Context
* @return X509Certificate
*/
public static X509Certificate extractAuthCertificateFromMessageContext(
org.apache.axis2.context.MessageContext ctx) {

Object sslCertObject = ctx.getProperty(GatewayConstants.AXIS2_MTLS_CERT_PROPERTY);
if (sslCertObject != null) {
X509Certificate[] certs = (X509Certificate[]) sslCertObject;
return certs[0];
} else {
return null;
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,8 @@ public class GatewayConstants {
public static final String APPLICATION = "application";
public static final String APPLICATION_USER = "application_user";
public static final String AXIS2_MTLS_CERT_PROPERTY = "ssl.client.auth.cert.X509";
public static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----";
public static final String END_CERT = "-----END CERTIFICATE-----";

//dcr related configs
public static final String AM_APP_NAME_CACHEKEY = "APP_NAME";
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,8 @@
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.util.ArrayList;
import java.util.Base64;
Expand Down Expand Up @@ -773,6 +775,49 @@ private static void sendSynapseHandlerFaultResponse(MessageContext messageContex
Axis2Sender.sendBack(messageContext);
}

/**
* Convert X509Certificate to PEM encoded string.
*
* @param certificate X509Certificate
* @return PEM encoded string
*/
public static String getPEMEncodedString(X509Certificate certificate) throws CertificateEncodingException {
StringBuilder certificateBuilder = new StringBuilder();
Base64.Encoder encoder = Base64.getMimeEncoder(64, "\n".getBytes());

// Get the encoded certificate in DER format
byte[] encoded = certificate.getEncoded();

// Encode the byte array to a Base64 string
String base64Encoded = encoder.encodeToString(encoded);

// Build the PEM formatted certificate
certificateBuilder.append(GatewayConstants.BEGIN_CERT);
certificateBuilder.append(base64Encoded);
certificateBuilder.append("\n");
certificateBuilder.append(GatewayConstants.END_CERT);

return certificateBuilder.toString();
}

/**
* Extract Certificate from Message Context.
*
* @param ctx Message Context
* @return X509Certificate
*/
public static X509Certificate extractAuthCertificateFromMessageContext(
org.apache.axis2.context.MessageContext ctx) {

Object sslCertObject = ctx.getProperty(GatewayConstants.AXIS2_MTLS_CERT_PROPERTY);
if (sslCertObject != null) {
X509Certificate[] certs = (X509Certificate[]) sslCertObject;
return certs[0];
} else {
return null;
}
}

/**
* Method to get json error body in OAuth2 format.
* @return json error body
Expand Down

0 comments on commit 9598a1f

Please sign in to comment.