Improve getCookie adaptive function to verify signature using new method

components/org.wso2.carbon.identity.conditional.auth.functions.http/pom.xml

@@ -193,6 +193,7 @@
                             org.wso2.carbon.identity.conditional.auth.functions.common.auth,
                             org.wso2.carbon.identity.conditional.auth.functions.common.model,
                             org.wso2.carbon.identity.core.cache; version="${carbon.identity.package.import.version.range}",
+                            org.wso2.carbon.context,
                         </Import-Package>
                     </instructions>
                 </configuration>

components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/CookieFunctionImpl.java

@@ -25,6 +25,7 @@
 import org.json.simple.JSONObject;
 import org.json.simple.parser.JSONParser;
 import org.json.simple.parser.ParseException;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
 import org.wso2.carbon.core.SameSiteCookie;
 import org.wso2.carbon.core.ServletCookie;
 import org.wso2.carbon.core.util.CryptoException;
@@ -34,6 +35,7 @@
 import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.JsServletResponse;
 import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
 import org.wso2.carbon.identity.conditional.auth.functions.http.util.HTTPConstants;
+import org.wso2.carbon.identity.core.util.IdentityUtil;
 
 import java.nio.charset.StandardCharsets;
 import java.util.HashMap;
@@ -71,7 +73,8 @@ public void setCookie(JsServletResponse response, String name, Object... params)
             boolean encrypt = Optional.ofNullable((Boolean) properties.get(HTTPConstants.ENCRYPT)).orElse(false);
             if (sign) {
                 try {
-                    signature = Base64.encode(SignatureUtil.doSignature(value));
+                    String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
+                    signature = Base64.encode(IdentityUtil.signWithTenantKey(value, tenantDomain));
                 } catch (Exception e) {
                     log.error("Error occurred when signing the cookie value.", e);
                     return;
@@ -180,7 +183,14 @@ public String getCookieValue(JsServletRequest request, Object... params) {
                     if (validateSignature) {
                         byte[] signature = Base64.decode((String) cookieValueJSON.get(HTTPConstants.SIGNATURE));
                         try {
-                            boolean isValid = SignatureUtil.validateSignature(valueString, signature);
+                            String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext()
+                                    .getTenantDomain();
+                            boolean isValid = IdentityUtil.validateSignatureFromTenant(valueString, signature,
+                                    tenantDomain);
+                            // Fallback mechanism for already signed cookies.
+                            if (!isValid) {
+                                isValid = SignatureUtil.validateSignature(valueString, signature);
+                            }
                             if (!isValid) {
                                 log.error("Cookie signature didn't matched with the cookie value.");
                                 return null;

components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/GetCookieFunctionImpl.java

@@ -26,11 +26,13 @@
 import org.json.simple.JSONObject;
 import org.json.simple.parser.JSONParser;
 import org.json.simple.parser.ParseException;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
 import org.wso2.carbon.core.util.CryptoException;
 import org.wso2.carbon.core.util.CryptoUtil;
 import org.wso2.carbon.core.util.SignatureUtil;
 import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.JsServletRequest;
 import org.wso2.carbon.identity.conditional.auth.functions.http.util.HTTPConstants;
+import org.wso2.carbon.identity.core.util.IdentityUtil;
 
 import java.nio.charset.StandardCharsets;
 import java.util.Map;
@@ -99,7 +101,13 @@ public String getCookieValue(JsServletRequest request, Object... params) {
                     if (validateSignature) {
                         byte[] signature = Base64.decode((String) cookieValueJSON.get(HTTPConstants.SIGNATURE));
                         try {
-                            boolean isValid = SignatureUtil.validateSignature(valueString, signature);
+                            String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext()
+                                    .getTenantDomain();
+                            boolean isValid = IdentityUtil.validateSignatureFromTenant(valueString, signature, tenantDomain);
+                            // Fallback mechanism for already signed cookies.
+                            if (!isValid) {
+                                isValid = SignatureUtil.validateSignature(valueString, signature);
+                            }
                             if (!isValid) {
                                 log.error("Cookie signature didn't matched with the cookie value.");
                                 return null;

components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/SetCookieFunctionImpl.java

@@ -24,14 +24,15 @@
 import org.apache.commons.logging.LogFactory;
 import org.graalvm.polyglot.HostAccess;
 import org.json.simple.JSONObject;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
 import org.wso2.carbon.core.SameSiteCookie;
 import org.wso2.carbon.core.ServletCookie;
 import org.wso2.carbon.core.util.CryptoException;
 import org.wso2.carbon.core.util.CryptoUtil;
-import org.wso2.carbon.core.util.SignatureUtil;
 import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.JsServletResponse;
 import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
 import org.wso2.carbon.identity.conditional.auth.functions.http.util.HTTPConstants;
+import org.wso2.carbon.identity.core.util.IdentityUtil;
 
 import java.nio.charset.StandardCharsets;
 import java.util.Map;
@@ -66,7 +67,8 @@ public void setCookie(JsServletResponse response, String name, Object... params)
             boolean encrypt = Optional.ofNullable((Boolean) properties.get(HTTPConstants.ENCRYPT)).orElse(false);
             if (sign) {
                 try {
-                    signature = Base64.encode(SignatureUtil.doSignature(value));
+                    String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
+                    signature = Base64.encode(IdentityUtil.signWithTenantKey(value, tenantDomain));
                 } catch (Exception e) {
                     log.error("Error occurred when signing the cookie value.", e);
                     return;

pom.xml

@@ -523,7 +523,7 @@
         <carbon.kernel.version>4.10.22</carbon.kernel.version>
         <carbon.kernel.package.import.version.range>[4.6.0, 5.0.0)</carbon.kernel.package.import.version.range>
         <carbon.user.package.import.version.range>[1.0.1, 2.0.0)</carbon.user.package.import.version.range>
-        <carbon.identity.framework.version>7.4.7</carbon.identity.framework.version>
+        <carbon.identity.framework.version>7.7.22</carbon.identity.framework.version>
         <identity.organization.management.core.version>1.0.89</identity.organization.management.core.version>
         <carbon.identity.framework.testutils.version>5.20.447</carbon.identity.framework.testutils.version>
         <carbon.identity.package.import.version.range>[5.14.0, 8.0.0)</carbon.identity.package.import.version.range>