svn commit: r532069 - in /ofbiz/trunk/framework: security/entitydef/entitymodel.xml webapp/src/org/ofbiz/webapp/control/LoginWorker.java

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

svn commit: r532069 - in /ofbiz/trunk/framework: security/entitydef/entitymodel.xml webapp/src/org/ofbiz/webapp/control/LoginWorker.java

jaz-3
Author: jaz
Date: Tue Apr 24 13:14:43 2007
New Revision: 532069

URL: http://svn.apache.org/viewvc?view=rev&rev=532069
Log:
now checking issuer serial number as well; one more layer of additional security

Modified:
    ofbiz/trunk/framework/security/entitydef/entitymodel.xml
    ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java

Modified: ofbiz/trunk/framework/security/entitydef/entitymodel.xml
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/security/entitydef/entitymodel.xml?view=diff&rev=532069&r1=532068&r2=532069
==============================================================================
--- ofbiz/trunk/framework/security/entitydef/entitymodel.xml (original)
+++ ofbiz/trunk/framework/security/entitydef/entitymodel.xml Tue Apr 24 13:14:43 2007
@@ -52,6 +52,7 @@
       <field name="cityLocality" type="value"></field>
       <field name="stateProvince" type="value"></field>
       <field name="country" type="value"></field>
+      <field name="serialNumber" type="value"></field>
       <prim-key field="certProvisionId"/>
     </entity>
 

Modified: ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java
URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java?view=diff&rev=532069&r1=532068&r2=532069
==============================================================================
--- ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java (original)
+++ ofbiz/trunk/framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java Tue Apr 24 13:14:43 2007
@@ -20,6 +20,7 @@
 
 import java.util.*;
 import java.security.cert.X509Certificate;
+import java.math.BigInteger;
 
 import javax.servlet.ServletContext;
 import javax.servlet.ServletRequest;
@@ -543,14 +544,14 @@
                     X500Principal x500 = clientCerts[i].getSubjectX500Principal();
                     Debug.log("Checking client certification for authentication: " + x500.getName(), module);
                     
-                    Map x500Map = KeyStoreUtil.getCertX500Map(clientCerts[i]);                    
+                    Map x500Map = KeyStoreUtil.getCertX500Map(clientCerts[i]);
                     if (i == 0) {
                         userLoginId = (String) x500Map.get("CN");
                     }
 
                     try {
                         // check for a valid issuer (or generated cert data)
-                        if (LoginWorker.checkValidIssuer(delegator, x500Map)) {
+                        if (LoginWorker.checkValidIssuer(delegator, x500Map, clientCerts[i].getSerialNumber())) {
                             Debug.log("Looking up userLogin from CN: " + userLoginId, module);
                             
                             // CN should match the userLoginId
@@ -577,7 +578,7 @@
         return "success";
     }
 
-    protected static boolean checkValidIssuer(GenericDelegator delegator, Map x500Map) throws GeneralException {
+    protected static boolean checkValidIssuer(GenericDelegator delegator, Map x500Map, BigInteger serialNumber) throws GeneralException {
         List conds = FastList.newInstance();
         conds.add(new EntityConditionList(UtilMisc.toList(new EntityExpr("commonName", EntityOperator.EQUALS, x500Map.get("CN")),
                 new EntityExpr("commonName", EntityOperator.EQUALS, null),
@@ -602,6 +603,10 @@
         conds.add(new EntityConditionList(UtilMisc.toList(new EntityExpr("country", EntityOperator.EQUALS, x500Map.get("C")),
                 new EntityExpr("country", EntityOperator.EQUALS, null),
                 new EntityExpr("country", EntityOperator.EQUALS, "")), EntityOperator.OR));
+
+        conds.add(new EntityConditionList(UtilMisc.toList(new EntityExpr("serialNumber", EntityOperator.EQUALS, serialNumber.toString(16)),
+                new EntityExpr("serialNumber", EntityOperator.EQUALS, null),
+                new EntityExpr("serialNumber", EntityOperator.EQUALS, "")), EntityOperator.OR));
 
         EntityConditionList condition = new EntityConditionList(conds, EntityOperator.AND);
         Debug.log("Doing issuer lookup: " + condition.toString(), module);