From e65b61bf95779cdc267c41fc134b3ad32aa653f4 Mon Sep 17 00:00:00 2001 From: warunalakshitha Date: Tue, 17 Jan 2017 16:05:42 +0530 Subject: [PATCH] Fix Message digest is weak security bug --- .../advanced/transport/CommunicationUtils.java | 14 +++++++------- .../agent/transport/CommunicationUtils.java | 14 +++++++------- .../impl/VirtualFirealarmSecurityManager.java | 14 +++++++------- 3 files changed, 21 insertions(+), 21 deletions(-) diff --git a/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.advanced.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/advanced/transport/CommunicationUtils.java b/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.advanced.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/advanced/transport/CommunicationUtils.java index e6e16ba52..dfcc4268c 100644 --- a/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.advanced.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/advanced/transport/CommunicationUtils.java +++ b/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.advanced.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/advanced/transport/CommunicationUtils.java @@ -43,7 +43,7 @@ public class CommunicationUtils { private static final Log log = LogFactory.getLog(TransportUtils.class); // The Signature Algorithm used. - private static final String SIGNATURE_ALG = "SHA1withRSA"; + private static final String SHA_512 = "SHA-512"; // The Encryption Algorithm and the Padding used. private static final String CIPHER_PADDING = "RSA/ECB/PKCS1Padding"; @@ -108,7 +108,7 @@ public class CommunicationUtils { String signedEncodedString; try { - signature = Signature.getInstance(SIGNATURE_ALG); + signature = Signature.getInstance(SHA_512); signature.initSign(signatureKey); signature.update(Base64.decodeBase64(message)); @@ -117,11 +117,11 @@ public class CommunicationUtils { } catch (NoSuchAlgorithmException e) { String errorMsg = - "Algorithm not found exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; + "Algorithm not found exception occurred for Signature instance of [" + SHA_512 + "]"; log.error(errorMsg); throw new TransportHandlerException(errorMsg, e); } catch (SignatureException e) { - String errorMsg = "Signature exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; + String errorMsg = "Signature exception occurred for Signature instance of [" + SHA_512 + "]"; log.error(errorMsg); throw new TransportHandlerException(errorMsg, e); } catch (InvalidKeyException e) { @@ -153,7 +153,7 @@ public class CommunicationUtils { boolean verified; try { - signature = Signature.getInstance(SIGNATURE_ALG); + signature = Signature.getInstance(SHA_512); signature.initVerify(verificationKey); signature.update(Base64.decodeBase64(data)); @@ -161,11 +161,11 @@ public class CommunicationUtils { } catch (NoSuchAlgorithmException e) { String errorMsg = - "Algorithm not found exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; + "Algorithm not found exception occurred for Signature instance of [" + SHA_512 + "]"; log.error(errorMsg); throw new TransportHandlerException(errorMsg, e); } catch (SignatureException e) { - String errorMsg = "Signature exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; + String errorMsg = "Signature exception occurred for Signature instance of [" + SHA_512 + "]"; log.error(errorMsg); throw new TransportHandlerException(errorMsg, e); } catch (InvalidKeyException e) { diff --git a/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/transport/CommunicationUtils.java b/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/transport/CommunicationUtils.java index bb445a3d9..46a43a0ba 100644 --- a/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/transport/CommunicationUtils.java +++ b/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/transport/CommunicationUtils.java @@ -43,7 +43,7 @@ public class CommunicationUtils { private static final Log log = LogFactory.getLog(TransportUtils.class); // The Signature Algorithm used. - private static final String SIGNATURE_ALG = "SHA1withRSA"; + private static final String SHA_512 = "SHA-512"; // The Encryption Algorithm and the Padding used. private static final String CIPHER_PADDING = "RSA/ECB/PKCS1Padding"; @@ -107,7 +107,7 @@ public class CommunicationUtils { String signedEncodedString; try { - signature = Signature.getInstance(SIGNATURE_ALG); + signature = Signature.getInstance(SHA_512); signature.initSign(signatureKey); signature.update(Base64.decodeBase64(message)); @@ -116,11 +116,11 @@ public class CommunicationUtils { } catch (NoSuchAlgorithmException e) { String errorMsg = - "Algorithm not found exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; + "Algorithm not found exception occurred for Signature instance of [" + SHA_512 + "]"; log.error(errorMsg); throw new TransportHandlerException(errorMsg, e); } catch (SignatureException e) { - String errorMsg = "Signature exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; + String errorMsg = "Signature exception occurred for Signature instance of [" + SHA_512 + "]"; log.error(errorMsg); throw new TransportHandlerException(errorMsg, e); } catch (InvalidKeyException e) { @@ -152,7 +152,7 @@ public class CommunicationUtils { boolean verified; try { - signature = Signature.getInstance(SIGNATURE_ALG); + signature = Signature.getInstance(SHA_512); signature.initVerify(verificationKey); signature.update(Base64.decodeBase64(data)); @@ -160,11 +160,11 @@ public class CommunicationUtils { } catch (NoSuchAlgorithmException e) { String errorMsg = - "Algorithm not found exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; + "Algorithm not found exception occurred for Signature instance of [" + SHA_512 + "]"; log.error(errorMsg); throw new TransportHandlerException(errorMsg, e); } catch (SignatureException e) { - String errorMsg = "Signature exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; + String errorMsg = "Signature exception occurred for Signature instance of [" + SHA_512 + "]"; log.error(errorMsg); throw new TransportHandlerException(errorMsg, e); } catch (InvalidKeyException e) { diff --git a/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/plugin/impl/VirtualFirealarmSecurityManager.java b/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/plugin/impl/VirtualFirealarmSecurityManager.java index 9ff12424b..f7b19fdce 100644 --- a/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/plugin/impl/VirtualFirealarmSecurityManager.java +++ b/components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/plugin/impl/VirtualFirealarmSecurityManager.java @@ -51,7 +51,7 @@ public class VirtualFirealarmSecurityManager { private static final Log log = LogFactory.getLog(VirtualFirealarmSecurityManager.class); private static PrivateKey serverPrivateKey; - private static final String SIGNATURE_ALG = "SHA1withRSA"; + private static final String SHA_512 = "SHA-512"; private static final String CIPHER_PADDING = "RSA/ECB/PKCS1Padding"; private static CertificateKeystoreConfig certificateKeystoreConfig; private VirtualFirealarmSecurityManager() { @@ -162,7 +162,7 @@ public class VirtualFirealarmSecurityManager { String signedEncodedString; try { - signature = Signature.getInstance(SIGNATURE_ALG); + signature = Signature.getInstance(SHA_512); signature.initSign(signatureKey); signature.update(Base64.decodeBase64(encryptedData)); @@ -170,11 +170,11 @@ public class VirtualFirealarmSecurityManager { signedEncodedString = Base64.encodeBase64String(signatureBytes); } catch (NoSuchAlgorithmException e) { - String errorMsg = "Algorithm not found exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; + String errorMsg = "Algorithm not found exception occurred for Signature instance of [" + SHA_512 + "]"; log.error(errorMsg); throw new VirtualFirealarmDeviceMgtPluginException(errorMsg, e); } catch (SignatureException e) { - String errorMsg = "Signature exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; + String errorMsg = "Signature exception occurred for Signature instance of [" + SHA_512 + "]"; log.error(errorMsg); throw new VirtualFirealarmDeviceMgtPluginException(errorMsg, e); } catch (InvalidKeyException e) { @@ -193,18 +193,18 @@ public class VirtualFirealarmSecurityManager { boolean verified; try { - signature = Signature.getInstance(SIGNATURE_ALG); + signature = Signature.getInstance(SHA_512); signature.initVerify(verificationKey); signature.update(Base64.decodeBase64(data)); verified = signature.verify(Base64.decodeBase64(signedData)); } catch (NoSuchAlgorithmException e) { - String errorMsg = "Algorithm not found exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; + String errorMsg = "Algorithm not found exception occurred for Signature instance of [" + SHA_512 + "]"; log.error(errorMsg); throw new VirtualFirealarmDeviceMgtPluginException(errorMsg, e); } catch (SignatureException e) { - String errorMsg = "Signature exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; + String errorMsg = "Signature exception occurred for Signature instance of [" + SHA_512 + "]"; log.error(errorMsg); throw new VirtualFirealarmDeviceMgtPluginException(errorMsg, e); } catch (InvalidKeyException e) {