From 9598a1f434aa287521a79997c6b116ea8d4f5644 Mon Sep 17 00:00:00 2001 From: imesh94 Date: Mon, 5 Aug 2024 13:52:04 +0530 Subject: [PATCH] Move util methods to gateway utils --- .../GatewayClientAuthenticationHandler.java | 50 +------------------ .../gateway/util/GatewayConstants.java | 2 + .../gateway/util/GatewayUtils.java | 45 +++++++++++++++++ 3 files changed, 49 insertions(+), 48 deletions(-) diff --git a/open-banking-accelerator/components/com.wso2.openbanking.accelerator.gateway/src/main/java/com/wso2/openbanking/accelerator/gateway/handler/GatewayClientAuthenticationHandler.java b/open-banking-accelerator/components/com.wso2.openbanking.accelerator.gateway/src/main/java/com/wso2/openbanking/accelerator/gateway/handler/GatewayClientAuthenticationHandler.java index 676973e7..f17eee10 100644 --- a/open-banking-accelerator/components/com.wso2.openbanking.accelerator.gateway/src/main/java/com/wso2/openbanking/accelerator/gateway/handler/GatewayClientAuthenticationHandler.java +++ b/open-banking-accelerator/components/com.wso2.openbanking.accelerator.gateway/src/main/java/com/wso2/openbanking/accelerator/gateway/handler/GatewayClientAuthenticationHandler.java @@ -21,7 +21,6 @@ import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; -import java.util.Base64; import java.util.Map; import java.util.Optional; @@ -32,8 +31,6 @@ public class GatewayClientAuthenticationHandler extends AbstractHandler { private static final Log log = LogFactory.getLog(GatewayClientAuthenticationHandler.class); - public static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----"; - public static final String END_CERT = "-----END CERTIFICATE-----"; @Override public boolean handleRequest(org.apache.synapse.MessageContext messageContext) { @@ -43,7 +40,7 @@ public boolean handleRequest(org.apache.synapse.MessageContext messageContext) { } MessageContext ctx = ((Axis2MessageContext) messageContext).getAxis2MessageContext(); - X509Certificate x509Certificate = extractAuthCertificateFromMessageContext(ctx); + X509Certificate x509Certificate = GatewayUtils.extractAuthCertificateFromMessageContext(ctx); Map headers = (Map) ctx.getProperty(MessageContext.TRANSPORT_HEADERS); Optional encodedCert = Optional.empty(); @@ -52,7 +49,7 @@ public boolean handleRequest(org.apache.synapse.MessageContext messageContext) { log.debug("Valid certificate found in request"); } try { - encodedCert = Optional.of(getPEMEncodedString(x509Certificate)); + encodedCert = Optional.of(GatewayUtils.getPEMEncodedString(x509Certificate)); } catch (CertificateEncodingException e) { log.error("Unable to encode certificate to PEM string", e); } @@ -79,50 +76,7 @@ public boolean handleRequest(org.apache.synapse.MessageContext messageContext) { @Override public boolean handleResponse(org.apache.synapse.MessageContext messageContext) { - return true; } - /** - * Convert X509Certificate to PEM encoded string. - * - * @param certificate X509Certificate - * @return PEM encoded string - */ - private String getPEMEncodedString(X509Certificate certificate) throws CertificateEncodingException { - StringBuilder certificateBuilder = new StringBuilder(); - Base64.Encoder encoder = Base64.getMimeEncoder(64, "\n".getBytes()); - - // Get the encoded certificate in DER format - byte[] encoded = certificate.getEncoded(); - - // Encode the byte array to a Base64 string - String base64Encoded = encoder.encodeToString(encoded); - - // Build the PEM formatted certificate - certificateBuilder.append(BEGIN_CERT); - certificateBuilder.append(base64Encoded); - certificateBuilder.append("\n"); - certificateBuilder.append(END_CERT); - - return certificateBuilder.toString(); - } - - /** - * Extract Certificate from Message Context. - * - * @param ctx Message Context - * @return X509Certificate - */ - public static X509Certificate extractAuthCertificateFromMessageContext( - org.apache.axis2.context.MessageContext ctx) { - - Object sslCertObject = ctx.getProperty(GatewayConstants.AXIS2_MTLS_CERT_PROPERTY); - if (sslCertObject != null) { - X509Certificate[] certs = (X509Certificate[]) sslCertObject; - return certs[0]; - } else { - return null; - } - } } diff --git a/open-banking-accelerator/components/com.wso2.openbanking.accelerator.gateway/src/main/java/com/wso2/openbanking/accelerator/gateway/util/GatewayConstants.java b/open-banking-accelerator/components/com.wso2.openbanking.accelerator.gateway/src/main/java/com/wso2/openbanking/accelerator/gateway/util/GatewayConstants.java index 3bae54f8..e71c1bc6 100644 --- a/open-banking-accelerator/components/com.wso2.openbanking.accelerator.gateway/src/main/java/com/wso2/openbanking/accelerator/gateway/util/GatewayConstants.java +++ b/open-banking-accelerator/components/com.wso2.openbanking.accelerator.gateway/src/main/java/com/wso2/openbanking/accelerator/gateway/util/GatewayConstants.java @@ -48,6 +48,8 @@ public class GatewayConstants { public static final String APPLICATION = "application"; public static final String APPLICATION_USER = "application_user"; public static final String AXIS2_MTLS_CERT_PROPERTY = "ssl.client.auth.cert.X509"; + public static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----"; + public static final String END_CERT = "-----END CERTIFICATE-----"; //dcr related configs public static final String AM_APP_NAME_CACHEKEY = "APP_NAME"; diff --git a/open-banking-accelerator/components/com.wso2.openbanking.accelerator.gateway/src/main/java/com/wso2/openbanking/accelerator/gateway/util/GatewayUtils.java b/open-banking-accelerator/components/com.wso2.openbanking.accelerator.gateway/src/main/java/com/wso2/openbanking/accelerator/gateway/util/GatewayUtils.java index c47152e3..54a44b15 100644 --- a/open-banking-accelerator/components/com.wso2.openbanking.accelerator.gateway/src/main/java/com/wso2/openbanking/accelerator/gateway/util/GatewayUtils.java +++ b/open-banking-accelerator/components/com.wso2.openbanking.accelerator.gateway/src/main/java/com/wso2/openbanking/accelerator/gateway/util/GatewayUtils.java @@ -69,6 +69,8 @@ import java.nio.charset.StandardCharsets; import java.security.Key; import java.security.PrivateKey; +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; import java.security.interfaces.ECPrivateKey; import java.util.ArrayList; import java.util.Base64; @@ -773,6 +775,49 @@ private static void sendSynapseHandlerFaultResponse(MessageContext messageContex Axis2Sender.sendBack(messageContext); } + /** + * Convert X509Certificate to PEM encoded string. + * + * @param certificate X509Certificate + * @return PEM encoded string + */ + public static String getPEMEncodedString(X509Certificate certificate) throws CertificateEncodingException { + StringBuilder certificateBuilder = new StringBuilder(); + Base64.Encoder encoder = Base64.getMimeEncoder(64, "\n".getBytes()); + + // Get the encoded certificate in DER format + byte[] encoded = certificate.getEncoded(); + + // Encode the byte array to a Base64 string + String base64Encoded = encoder.encodeToString(encoded); + + // Build the PEM formatted certificate + certificateBuilder.append(GatewayConstants.BEGIN_CERT); + certificateBuilder.append(base64Encoded); + certificateBuilder.append("\n"); + certificateBuilder.append(GatewayConstants.END_CERT); + + return certificateBuilder.toString(); + } + + /** + * Extract Certificate from Message Context. + * + * @param ctx Message Context + * @return X509Certificate + */ + public static X509Certificate extractAuthCertificateFromMessageContext( + org.apache.axis2.context.MessageContext ctx) { + + Object sslCertObject = ctx.getProperty(GatewayConstants.AXIS2_MTLS_CERT_PROPERTY); + if (sslCertObject != null) { + X509Certificate[] certs = (X509Certificate[]) sslCertObject; + return certs[0]; + } else { + return null; + } + } + /** * Method to get json error body in OAuth2 format. * @return json error body