Merge pull request #7170 from wso2/sign-content-using-new-util-method

wso2 · Dec 5, 2024 · 33340cb · 33340cb
2 parents bbf0cbc + a9584e4
commit 33340cb
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 5 deletions.
diff --git a/.changeset/calm-dancers-type.md b/.changeset/calm-dancers-type.md
@@ -0,0 +1,5 @@
+---
+"@wso2is/identity-apps-core": patch
+---
+
+Invoke new signing function to sign the ALOR cookie
diff --git a/identity-apps-core/apps/recovery-portal/src/main/webapp/password-reset-complete.jsp b/identity-apps-core/apps/recovery-portal/src/main/webapp/password-reset-complete.jsp
@@ -44,6 +44,7 @@
 <%@ page import="java.util.HashMap" %>
 <%@ page import="java.util.List" %>
 <%@ page import="java.util.Map" %>
+<%@ page import="org.wso2.carbon.identity.core.util.IdentityUtil" %>
 <%@ page import="javax.servlet.http.Cookie" %>
 <%@ page import="java.util.Base64" %>
 <%@ page import="org.wso2.carbon.core.util.SignatureUtil" %>
@@ -226,7 +227,7 @@
 
                 JSONObject cookieValueInJson = new JSONObject();
                 cookieValueInJson.put("content", content);
-                String signature = Base64.getEncoder().encodeToString(SignatureUtil.doSignature(content));
+                String signature = Base64.getEncoder().encodeToString(IdentityUtil.signWithTenantKey(content, tenantDomain));
                 cookieValueInJson.put("signature", signature);
                 String cookieValue = Base64.getEncoder().encodeToString(cookieValueInJson.toString().getBytes());
 

diff --git a/identity-apps-core/apps/recovery-portal/src/main/webapp/self-registration-process.jsp b/identity-apps-core/apps/recovery-portal/src/main/webapp/self-registration-process.jsp
@@ -22,7 +22,6 @@
 <%@ page import="org.apache.commons.lang.StringUtils" %>
 <%@ page import="org.owasp.encoder.Encode" %>
 <%@ page import="org.wso2.carbon.core.SameSiteCookie" %>
-<%@ page import="org.wso2.carbon.core.util.SignatureUtil" %>
 <%@ page import="org.wso2.carbon.identity.core.ServiceURLBuilder" %>
 <%@ page import="org.wso2.carbon.identity.mgt.constants.SelfRegistrationStatusCodes" %>
 <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.IdentityManagementEndpointConstants" %>
@@ -376,7 +375,7 @@
 
             JSONObject cookieValueInJson = new JSONObject();
             cookieValueInJson.put("content", content);
-            String signature = Base64.getEncoder().encodeToString(SignatureUtil.doSignature(content));
+            String signature = Base64.getEncoder().encodeToString(IdentityUtil.signWithTenantKey(content, user.getTenantDomain()));
             cookieValueInJson.put("signature", signature);
             String cookieValue = Base64.getEncoder().encodeToString(cookieValueInJson.toString().getBytes());
 

diff --git a/...core/apps/recovery-portal/src/main/webapp/self-registration-with-verification-confirm.jsp b/...core/apps/recovery-portal/src/main/webapp/self-registration-with-verification-confirm.jsp
@@ -38,7 +38,7 @@
 <%@ page import="javax.ws.rs.HttpMethod" %>
 <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.model.User" %>
 <%@ page import="org.wso2.carbon.identity.recovery.util.Utils" %>
-<%@ page import="org.wso2.carbon.core.util.SignatureUtil" %>
+<%@ page import="org.wso2.carbon.identity.core.util.IdentityUtil" %>
 <%@ page import="javax.servlet.http.Cookie" %>
 <%@ page import="java.util.Base64" %>
 <%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.PreferenceRetrievalClientException" %>
@@ -162,7 +162,7 @@
 
             JSONObject cookieValueInJson = new JSONObject();
             cookieValueInJson.put("content", content);
-            String signature = Base64.getEncoder().encodeToString(SignatureUtil.doSignature(content));
+            String signature = Base64.getEncoder().encodeToString(IdentityUtil.signWithTenantKey(content, user.getTenantDomain()));
             cookieValueInJson.put("signature", signature);
             String cookieValue = Base64.getEncoder().encodeToString(cookieValueInJson.toString().getBytes());