diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.http/pom.xml b/components/org.wso2.carbon.identity.conditional.auth.functions.http/pom.xml
index b5d96f4c..0b413c6a 100644
--- a/components/org.wso2.carbon.identity.conditional.auth.functions.http/pom.xml
+++ b/components/org.wso2.carbon.identity.conditional.auth.functions.http/pom.xml
@@ -193,6 +193,7 @@
org.wso2.carbon.identity.conditional.auth.functions.common.auth,
org.wso2.carbon.identity.conditional.auth.functions.common.model,
org.wso2.carbon.identity.core.cache; version="${carbon.identity.package.import.version.range}",
+ org.wso2.carbon.context,
diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/CookieFunctionImpl.java b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/CookieFunctionImpl.java
index 5a6d4e24..45cfc5b1 100644
--- a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/CookieFunctionImpl.java
+++ b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/CookieFunctionImpl.java
@@ -25,6 +25,7 @@
import org.json.simple.JSONObject;
import org.json.simple.parser.JSONParser;
import org.json.simple.parser.ParseException;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.SameSiteCookie;
import org.wso2.carbon.core.ServletCookie;
import org.wso2.carbon.core.util.CryptoException;
@@ -34,6 +35,7 @@
import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.JsServletResponse;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
import org.wso2.carbon.identity.conditional.auth.functions.http.util.HTTPConstants;
+import org.wso2.carbon.identity.core.util.IdentityUtil;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
@@ -71,7 +73,8 @@ public void setCookie(JsServletResponse response, String name, Object... params)
boolean encrypt = Optional.ofNullable((Boolean) properties.get(HTTPConstants.ENCRYPT)).orElse(false);
if (sign) {
try {
- signature = Base64.encode(SignatureUtil.doSignature(value));
+ String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
+ signature = Base64.encode(IdentityUtil.signWithTenantKey(value, tenantDomain));
} catch (Exception e) {
log.error("Error occurred when signing the cookie value.", e);
return;
@@ -180,7 +183,14 @@ public String getCookieValue(JsServletRequest request, Object... params) {
if (validateSignature) {
byte[] signature = Base64.decode((String) cookieValueJSON.get(HTTPConstants.SIGNATURE));
try {
- boolean isValid = SignatureUtil.validateSignature(valueString, signature);
+ String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext()
+ .getTenantDomain();
+ boolean isValid = IdentityUtil.validateSignatureFromTenant(valueString, signature,
+ tenantDomain);
+ // Fallback mechanism for already signed cookies.
+ if (!isValid) {
+ isValid = SignatureUtil.validateSignature(valueString, signature);
+ }
if (!isValid) {
log.error("Cookie signature didn't matched with the cookie value.");
return null;
diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/GetCookieFunctionImpl.java b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/GetCookieFunctionImpl.java
index 02b95051..e70535a6 100644
--- a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/GetCookieFunctionImpl.java
+++ b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/GetCookieFunctionImpl.java
@@ -26,11 +26,13 @@
import org.json.simple.JSONObject;
import org.json.simple.parser.JSONParser;
import org.json.simple.parser.ParseException;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.util.CryptoException;
import org.wso2.carbon.core.util.CryptoUtil;
import org.wso2.carbon.core.util.SignatureUtil;
import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.JsServletRequest;
import org.wso2.carbon.identity.conditional.auth.functions.http.util.HTTPConstants;
+import org.wso2.carbon.identity.core.util.IdentityUtil;
import java.nio.charset.StandardCharsets;
import java.util.Map;
@@ -99,7 +101,13 @@ public String getCookieValue(JsServletRequest request, Object... params) {
if (validateSignature) {
byte[] signature = Base64.decode((String) cookieValueJSON.get(HTTPConstants.SIGNATURE));
try {
- boolean isValid = SignatureUtil.validateSignature(valueString, signature);
+ String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext()
+ .getTenantDomain();
+ boolean isValid = IdentityUtil.validateSignatureFromTenant(valueString, signature, tenantDomain);
+ // Fallback mechanism for already signed cookies.
+ if (!isValid) {
+ isValid = SignatureUtil.validateSignature(valueString, signature);
+ }
if (!isValid) {
log.error("Cookie signature didn't matched with the cookie value.");
return null;
diff --git a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/SetCookieFunctionImpl.java b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/SetCookieFunctionImpl.java
index 3a8d090a..8eb4979a 100644
--- a/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/SetCookieFunctionImpl.java
+++ b/components/org.wso2.carbon.identity.conditional.auth.functions.http/src/main/java/org/wso2/carbon/identity/conditional/auth/functions/http/SetCookieFunctionImpl.java
@@ -24,14 +24,15 @@
import org.apache.commons.logging.LogFactory;
import org.graalvm.polyglot.HostAccess;
import org.json.simple.JSONObject;
+import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.core.SameSiteCookie;
import org.wso2.carbon.core.ServletCookie;
import org.wso2.carbon.core.util.CryptoException;
import org.wso2.carbon.core.util.CryptoUtil;
-import org.wso2.carbon.core.util.SignatureUtil;
import org.wso2.carbon.identity.application.authentication.framework.config.model.graph.js.JsServletResponse;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkConstants;
import org.wso2.carbon.identity.conditional.auth.functions.http.util.HTTPConstants;
+import org.wso2.carbon.identity.core.util.IdentityUtil;
import java.nio.charset.StandardCharsets;
import java.util.Map;
@@ -66,7 +67,8 @@ public void setCookie(JsServletResponse response, String name, Object... params)
boolean encrypt = Optional.ofNullable((Boolean) properties.get(HTTPConstants.ENCRYPT)).orElse(false);
if (sign) {
try {
- signature = Base64.encode(SignatureUtil.doSignature(value));
+ String tenantDomain = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
+ signature = Base64.encode(IdentityUtil.signWithTenantKey(value, tenantDomain));
} catch (Exception e) {
log.error("Error occurred when signing the cookie value.", e);
return;
diff --git a/pom.xml b/pom.xml
index bafb73cb..94088158 100644
--- a/pom.xml
+++ b/pom.xml
@@ -523,7 +523,7 @@
4.10.22
[4.6.0, 5.0.0)
[1.0.1, 2.0.0)
- 7.4.7
+ 7.7.22
1.0.89
5.20.447
[5.14.0, 8.0.0)