adding security fixes

8 years ago · 4562b4d318
parent defa494626
commit 4562b4d318
14 changed files with 40 additions and 35 deletions
--- a/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot/pom.xml
+++ b/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot/pom.xml
@ -192,7 +192,7 @@
            <artifactId>smackx</artifactId>
        </dependency>
        <dependency>
-            <groupId>commons-codec.wso2</groupId>
+            <groupId>commons-codec</groupId>
            <artifactId>commons-codec</artifactId>
        </dependency>
    </dependencies>
--- a/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.advanced.impl/pom.xml
+++ b/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.advanced.impl/pom.xml
@ -125,7 +125,7 @@
 		</dependency>

 		<dependency>
-			<groupId>commons-codec.wso2</groupId>
+			<groupId>commons-codec</groupId>
 			<artifactId>commons-codec</artifactId>
 		</dependency>

--- a/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/pom.xml
+++ b/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/pom.xml
@ -134,7 +134,7 @@
 		</dependency>

 		<dependency>
-			<groupId>commons-codec.wso2</groupId>
+			<groupId>commons-codec</groupId>
 			<artifactId>commons-codec</artifactId>
 		</dependency>

--- a/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/pom.xml
+++ b/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.api/pom.xml
@ -69,7 +69,7 @@
 			<scope>provided</scope>
 			<exclusions>
 				<exclusion>
-					<groupId>commons-codec.wso2</groupId>
+					<groupId>commons-codec</groupId>
 					<artifactId>commons-codec</artifactId>
 				</exclusion>
 			</exclusions>
@ -208,7 +208,7 @@
 		</dependency>

 		<dependency>
-			<groupId>commons-codec.wso2</groupId>
+			<groupId>commons-codec</groupId>
 			<artifactId>commons-codec</artifactId>
 		</dependency>

--- a/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin/pom.xml
+++ b/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin/pom.xml
@ -98,7 +98,7 @@

 	<dependencies>
 		<dependency>
-			<groupId>commons-codec.wso2</groupId>
+			<groupId>commons-codec</groupId>
 			<artifactId>commons-codec</artifactId>
 		</dependency>
 		<dependency>
--- a/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.scep.api/pom.xml
+++ b/components/iot-plugins/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.scep.api/pom.xml
@ -57,7 +57,7 @@
 			<scope>provided</scope>
 			<exclusions>
 				<exclusion>
-					<groupId>commons-codec.wso2</groupId>
+					<groupId>commons-codec</groupId>
 					<artifactId>commons-codec</artifactId>
 				</exclusion>
 			</exclusions>
@ -171,7 +171,7 @@
 		</dependency>

 		<dependency>
-			<groupId>commons-codec.wso2</groupId>
+			<groupId>commons-codec</groupId>
 			<artifactId>commons-codec</artifactId>
 		</dependency>
 	</dependencies>
--- a/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.api/src/main/java/org/wso2/carbon/mdm/services/android/bean/AndroidPlatformConfiguration.java
+++ b/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.api/src/main/java/org/wso2/carbon/mdm/services/android/bean/AndroidPlatformConfiguration.java
@ -23,7 +23,6 @@ import io.swagger.annotations.ApiModelProperty;
 import org.wso2.carbon.device.mgt.common.configuration.mgt.ConfigurationEntry;

 import javax.validation.constraints.NotNull;
-import javax.validation.constraints.Pattern;
 import javax.validation.constraints.Size;
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
@ -52,7 +51,6 @@ public class AndroidPlatformConfiguration implements Serializable {
    )
    @NotNull
    @Size(min = 2, max = 10)
-    @Pattern(regexp = "^[A-Za-z0-9]*$")
    private String type;
    @ApiModelProperty(
            name = "configuration",
--- a/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.api/src/main/java/org/wso2/carbon/mdm/services/android/bean/wrapper/EventBeanWrapper.java
+++ b/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.api/src/main/java/org/wso2/carbon/mdm/services/android/bean/wrapper/EventBeanWrapper.java
@ -21,7 +21,6 @@ package org.wso2.carbon.mdm.services.android.bean.wrapper;
 import io.swagger.annotations.ApiModel;
 import io.swagger.annotations.ApiModelProperty;

-import javax.validation.constraints.Pattern;
 import javax.validation.constraints.Size;

 /**
@ -33,7 +32,6 @@ public class EventBeanWrapper {

    @ApiModelProperty(name = "deviceIdentifier", value = "DeviceIdentifier to be need to retrieve/publish Event.", required = true)
    @Size(min = 2, max = 45)
-    @Pattern(regexp = "^[A-Za-z0-9]*$")
    private String deviceIdentifier;
    @ApiModelProperty(name = "payload", value = "Event payload.", required = true)
    private String payload;
--- a/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.api/src/main/java/org/wso2/carbon/mdm/services/android/exception/GlobalThrowableMapper.java
+++ b/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.api/src/main/java/org/wso2/carbon/mdm/services/android/exception/GlobalThrowableMapper.java
@ -50,15 +50,18 @@ public class GlobalThrowableMapper implements ExceptionMapper {

        if (e instanceof JsonParseException) {
            String errorMessage = "Malformed request body.";
-            log.error(errorMessage);
+            if (log.isDebugEnabled()) {
+                log.error(errorMessage, e);
+            }
            return AndroidDeviceUtils.buildBadRequestException(errorMessage).getResponse();
-
        }
        if (e instanceof NotFoundException) {
            return ((NotFoundException) e).getResponse();
        }
        if (e instanceof UnexpectedServerErrorException) {
-            log.error("Unexpected server error", e);
+            if (log.isDebugEnabled()) {
+                log.error("Unexpected server error", e);
+            }
            return ((UnexpectedServerErrorException) e).getResponse();
        }
        if (e instanceof ConstraintViolationException) {
@ -76,7 +79,9 @@ public class GlobalThrowableMapper implements ExceptionMapper {
                    .build();
        }
        if (e instanceof ClientErrorException) {
-            log.error("Client error", e);
+            if (log.isDebugEnabled()) {
+                log.error("Client error", e);
+            }
            return ((ClientErrorException) e).getResponse();
        }
        if (e instanceof AuthenticationException) {
@ -91,11 +96,15 @@ public class GlobalThrowableMapper implements ExceptionMapper {
                    .build();
        }
        if (e instanceof ForbiddenException) {
-            log.error("Resource forbidden", e);
+            if (log.isDebugEnabled()) {
+                log.error("Resource forbidden", e);
+            }
            return ((ForbiddenException) e).getResponse();
        }
        //unknown exception log and return
-        log.error("An Unknown exception has been captured by global exception mapper.", e);
+        if (log.isDebugEnabled()) {
+            log.error("An Unknown exception has been captured by global exception mapper.", e);
+        }
        return Response.status(Response.Status.INTERNAL_SERVER_ERROR).header("Content-Type", "application/json")
                .entity(e500).build();
    }
--- a/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.api/src/main/java/org/wso2/carbon/mdm/services/android/services/EventReceiverService.java
+++ b/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.api/src/main/java/org/wso2/carbon/mdm/services/android/services/EventReceiverService.java
@ -23,7 +23,6 @@ import org.wso2.carbon.mdm.services.android.bean.DeviceState;
 import org.wso2.carbon.mdm.services.android.bean.wrapper.EventBeanWrapper;

 import javax.validation.Valid;
-import javax.validation.constraints.Pattern;
 import javax.validation.constraints.Size;
 import javax.ws.rs.*;
 import javax.ws.rs.core.MediaType;
@ -141,7 +140,6 @@ public interface EventReceiverService {
                    value = "Device Identifier to be need to retrieve events.",
                    required = true)
            @Size(min = 2, max = 45)
-            @Pattern(regexp = "^[A-Za-z0-9]*$")
            @QueryParam("id") String deviceId,
            @ApiParam(
                    name = "from",
@ -155,7 +153,6 @@ public interface EventReceiverService {
                    name = "type",
                    value = "Type of the Alert to be need to retrieve events.")
            @Size(min = 2, max = 45)
-            @Pattern(regexp = "^[A-Za-z0-9]*$")
            @QueryParam("type") String type,
            @ApiParam(
                    name = "If-Modified-Since",
--- a/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.api/src/main/java/org/wso2/carbon/mdm/services/android/services/impl/EventReceiverServiceImpl.java
+++ b/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android.api/src/main/java/org/wso2/carbon/mdm/services/android/services/impl/EventReceiverServiceImpl.java
@ -33,7 +33,6 @@ import org.wso2.carbon.mdm.services.android.util.AndroidAPIUtils;
 import org.wso2.carbon.mdm.services.android.util.Message;

 import javax.validation.Valid;
-import javax.validation.constraints.Pattern;
 import javax.validation.constraints.Size;
 import javax.ws.rs.*;
 import javax.ws.rs.core.Response;
@ -78,11 +77,10 @@ public class EventReceiverServiceImpl implements EventReceiverService {
    @Override
    public Response retrieveAlerts(@QueryParam("id")
                                       @Size(min = 2, max = 45)
-                                       @Pattern(regexp = "^[A-Za-z0-9]*$") String deviceId,
+                                       String deviceId,
                                   @QueryParam("from") long from,
                                   @QueryParam("to") long to,
                                       @Size(min = 2, max = 45)
-                                       @Pattern(regexp = "^[A-Za-z0-9]*$")
                                   @QueryParam("type") String type,
                                   @HeaderParam("If-Modified-Since") String ifModifiedSince) {

--- a/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/pom.xml
+++ b/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/pom.xml
@ -230,7 +230,7 @@
            <artifactId>core</artifactId>
        </dependency>
        <dependency>
-            <groupId>commons-codec.wso2</groupId>
+            <groupId>commons-codec</groupId>
            <artifactId>commons-codec</artifactId>
        </dependency>
        <dependency>
--- a/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/java/org/wso2/carbon/mdm/mobileservices/windows/services/wstep/impl/CertificateEnrollmentServiceImpl.java
+++ b/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/java/org/wso2/carbon/mdm/mobileservices/windows/services/wstep/impl/CertificateEnrollmentServiceImpl.java
@ -215,7 +215,6 @@ public class CertificateEnrollmentServiceImpl implements CertificateEnrollmentSe
    private String prepareWapProvisioningXML(String binarySecurityToken, String wapProvisioningFilePath,
                                             String headerBst) throws CertificateGenerationException,
            WAPProvisioningException, WindowsDeviceEnrolmentException {
-
        String rootCertEncodedString;
        String signedCertEncodedString;
        X509Certificate signedCertificate;
@ -225,11 +224,11 @@ public class CertificateEnrollmentServiceImpl implements CertificateEnrollmentSe
        Base64 base64Encoder = new Base64();
        try {
            rootCACertificate = (X509Certificate) certMgtServiceImpl.getCACertificate();
-            rootCertEncodedString = base64Encoder.encodeToString(rootCACertificate.getEncoded());
+            rootCertEncodedString = base64Encoder.encodeAsString(rootCACertificate.getEncoded());


            signedCertificate = certMgtServiceImpl.getSignedCertificateFromCSR(binarySecurityToken);
-            signedCertEncodedString = base64Encoder.encodeToString(signedCertificate.getEncoded());
+            signedCertEncodedString = base64Encoder.encodeAsString(signedCertificate.getEncoded());

            DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance();
            DocumentBuilder builder;
@ -242,7 +241,7 @@ public class CertificateEnrollmentServiceImpl implements CertificateEnrollmentSe
            //Adding SHA1 CA certificate finger print to wap-provisioning xml.
            caCertificatePosition.getParentNode().getAttributes().getNamedItem(PluginConstants.
                    CertificateEnrolment.TYPE).setTextContent(String.valueOf(
-                    DigestUtils.sha256Hex(rootCACertificate.getEncoded())).toUpperCase());
+                    DigestUtils.sha1Hex(rootCACertificate.getEncoded())).toUpperCase());
            //Adding encoded CA certificate to wap-provisioning file after removing new line
            // characters.
            NamedNodeMap rootCertAttributes = caCertificatePosition.getAttributes();
@ -261,7 +260,7 @@ public class CertificateEnrollmentServiceImpl implements CertificateEnrollmentSe
            //Adding SHA1 signed certificate finger print to wap-provisioning xml.
            signedCertificatePosition.getParentNode().getAttributes().getNamedItem(PluginConstants.
                    CertificateEnrolment.TYPE).setTextContent(String.valueOf(
-                    DigestUtils.sha256Hex(signedCertificate.getEncoded())).toUpperCase());
+                    DigestUtils.sha1Hex(signedCertificate.getEncoded())).toUpperCase());

            //Adding encoded signed certificate to wap-provisioning file after removing new line
            // characters.
@ -326,7 +325,7 @@ public class CertificateEnrollmentServiceImpl implements CertificateEnrollmentSe
        } catch (KeystoreException e) {
            throw new CertificateGenerationException("CA certificate cannot be generated.", e);
        }
-        return base64Encoder.encodeToString(provisioningXmlString.getBytes());
+        return base64Encoder.encodeAsString(provisioningXmlString.getBytes());
    }

    /**
--- a/pom.xml
+++ b/pom.xml
@ -331,7 +331,7 @@
                <version>${carbon.analytics.common.version}</version>
                <exclusions>
                    <exclusion>
-                        <groupId>commons-codec</groupId>
+                        <groupId>commons-codec.wso2</groupId>
                        <artifactId>commons-codec</artifactId>
                    </exclusion>
                </exclusions>
@ -859,10 +859,15 @@
                <artifactId>commons-httpclient</artifactId>
                <version>${orbit.version.commons-httpclient}</version>
            </dependency>
+            <!--<dependency>-->
+                <!--<groupId>commons-codec.wso2</groupId>-->
+                <!--<artifactId>commons-codec</artifactId>-->
+                <!--<version>${commons-codec.wso2.version}</version>-->
+            <!--</dependency>-->
            <dependency>
-                <groupId>commons-codec.wso2</groupId>
+                <groupId>commons-codec</groupId>
                <artifactId>commons-codec</artifactId>
-                <version>${commons-codec.wso2.version}</version>
+                <version>${commons-codec.version}</version>
            </dependency>
            <dependency>
                <groupId>org.codehaus.jackson</groupId>
@ -1169,7 +1174,8 @@
        <gcm.server.version>1.0.2</gcm.server.version>

        <orbit.version.commons-httpclient>3.1.0.wso2v2</orbit.version.commons-httpclient>
-        <commons-codec.wso2.version>1.4.0.wso2v1</commons-codec.wso2.version>
+        <!--<commons-codec.wso2.version>1.4.0.wso2v1</commons-codec.wso2.version>-->
+        <commons-codec.version>1.7</commons-codec.version>

        <javaee-web-api.version>6.0</javaee-web-api.version>