You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by ja...@apache.org on 2007/04/24 22:14:44 UTC
svn commit: r532069 - in /ofbiz/trunk/framework:
security/entitydef/entitymodel.xml
webapp/src/org/ofbiz/webapp/control/LoginWorker.java
Author: jaz
Date: Tue Apr 24 13:14:43 2007
New Revision: 532069
URL: http://svn.apache.org/viewvc?view=rev&rev=532069
Log:
now checking issuer serial number as well; one more layer of additional security
Modified:
ofbiz/trunk/framework/security/entitydef/entitymodel.xml
ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java
Modified: ofbiz/trunk/framework/security/entitydef/entitymodel.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/security/entitydef/entitymodel.xml?view=diff&rev=532069&r1=532068&r2=532069
==============================================================================
--- ofbiz/trunk/framework/security/entitydef/entitymodel.xml (original)
+++ ofbiz/trunk/framework/security/entitydef/entitymodel.xml Tue Apr 24 13:14:43 2007
@@ -52,6 +52,7 @@
<field name="cityLocality" type="value"></field>
<field name="stateProvince" type="value"></field>
<field name="country" type="value"></field>
+ <field name="serialNumber" type="value"></field>
<prim-key field="certProvisionId"/>
</entity>
Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java?view=diff&rev=532069&r1=532068&r2=532069
==============================================================================
--- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java (original)
+++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java Tue Apr 24 13:14:43 2007
@@ -20,6 +20,7 @@
import java.util.*;
import java.security.cert.X509Certificate;
+import java.math.BigInteger;
import javax.servlet.ServletContext;
import javax.servlet.ServletRequest;
@@ -543,14 +544,14 @@
X500Principal x500 = clientCerts[i].getSubjectX500Principal();
Debug.log("Checking client certification for authentication: " + x500.getName(), module);
- Map x500Map = KeyStoreUtil.getCertX500Map(clientCerts[i]);
+ Map x500Map = KeyStoreUtil.getCertX500Map(clientCerts[i]);
if (i == 0) {
userLoginId = (String) x500Map.get("CN");
}
try {
// check for a valid issuer (or generated cert data)
- if (LoginWorker.checkValidIssuer(delegator, x500Map)) {
+ if (LoginWorker.checkValidIssuer(delegator, x500Map, clientCerts[i].getSerialNumber())) {
Debug.log("Looking up userLogin from CN: " + userLoginId, module);
// CN should match the userLoginId
@@ -577,7 +578,7 @@
return "success";
}
- protected static boolean checkValidIssuer(GenericDelegator delegator, Map x500Map) throws GeneralException {
+ protected static boolean checkValidIssuer(GenericDelegator delegator, Map x500Map, BigInteger serialNumber) throws GeneralException {
List conds = FastList.newInstance();
conds.add(new EntityConditionList(UtilMisc.toList(new EntityExpr("commonName", EntityOperator.EQUALS, x500Map.get("CN")),
new EntityExpr("commonName", EntityOperator.EQUALS, null),
@@ -602,6 +603,10 @@
conds.add(new EntityConditionList(UtilMisc.toList(new EntityExpr("country", EntityOperator.EQUALS, x500Map.get("C")),
new EntityExpr("country", EntityOperator.EQUALS, null),
new EntityExpr("country", EntityOperator.EQUALS, "")), EntityOperator.OR));
+
+ conds.add(new EntityConditionList(UtilMisc.toList(new EntityExpr("serialNumber", EntityOperator.EQUALS, serialNumber.toString(16)),
+ new EntityExpr("serialNumber", EntityOperator.EQUALS, null),
+ new EntityExpr("serialNumber", EntityOperator.EQUALS, "")), EntityOperator.OR));
EntityConditionList condition = new EntityConditionList(conds, EntityOperator.AND);
Debug.log("Doing issuer lookup: " + condition.toString(), module);