adding security fixes

merge-requests/1/head
hasuniea 8 years ago
parent defa494626
commit 4562b4d318

@ -192,7 +192,7 @@
<artifactId>smackx</artifactId> <artifactId>smackx</artifactId>
</dependency> </dependency>
<dependency> <dependency>
<groupId>commons-codec.wso2</groupId> <groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId> <artifactId>commons-codec</artifactId>
</dependency> </dependency>
</dependencies> </dependencies>

@ -125,7 +125,7 @@
</dependency> </dependency>
<dependency> <dependency>
<groupId>commons-codec.wso2</groupId> <groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId> <artifactId>commons-codec</artifactId>
</dependency> </dependency>

@ -134,7 +134,7 @@
</dependency> </dependency>
<dependency> <dependency>
<groupId>commons-codec.wso2</groupId> <groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId> <artifactId>commons-codec</artifactId>
</dependency> </dependency>

@ -69,7 +69,7 @@
<scope>provided</scope> <scope>provided</scope>
<exclusions> <exclusions>
<exclusion> <exclusion>
<groupId>commons-codec.wso2</groupId> <groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId> <artifactId>commons-codec</artifactId>
</exclusion> </exclusion>
</exclusions> </exclusions>
@ -208,7 +208,7 @@
</dependency> </dependency>
<dependency> <dependency>
<groupId>commons-codec.wso2</groupId> <groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId> <artifactId>commons-codec</artifactId>
</dependency> </dependency>

@ -98,7 +98,7 @@
<dependencies> <dependencies>
<dependency> <dependency>
<groupId>commons-codec.wso2</groupId> <groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId> <artifactId>commons-codec</artifactId>
</dependency> </dependency>
<dependency> <dependency>

@ -57,7 +57,7 @@
<scope>provided</scope> <scope>provided</scope>
<exclusions> <exclusions>
<exclusion> <exclusion>
<groupId>commons-codec.wso2</groupId> <groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId> <artifactId>commons-codec</artifactId>
</exclusion> </exclusion>
</exclusions> </exclusions>
@ -171,7 +171,7 @@
</dependency> </dependency>
<dependency> <dependency>
<groupId>commons-codec.wso2</groupId> <groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId> <artifactId>commons-codec</artifactId>
</dependency> </dependency>
</dependencies> </dependencies>

@ -23,7 +23,6 @@ import io.swagger.annotations.ApiModelProperty;
import org.wso2.carbon.device.mgt.common.configuration.mgt.ConfigurationEntry; import org.wso2.carbon.device.mgt.common.configuration.mgt.ConfigurationEntry;
import javax.validation.constraints.NotNull; import javax.validation.constraints.NotNull;
import javax.validation.constraints.Pattern;
import javax.validation.constraints.Size; import javax.validation.constraints.Size;
import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlAccessorType;
@ -52,7 +51,6 @@ public class AndroidPlatformConfiguration implements Serializable {
) )
@NotNull @NotNull
@Size(min = 2, max = 10) @Size(min = 2, max = 10)
@Pattern(regexp = "^[A-Za-z0-9]*$")
private String type; private String type;
@ApiModelProperty( @ApiModelProperty(
name = "configuration", name = "configuration",

@ -21,7 +21,6 @@ package org.wso2.carbon.mdm.services.android.bean.wrapper;
import io.swagger.annotations.ApiModel; import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty; import io.swagger.annotations.ApiModelProperty;
import javax.validation.constraints.Pattern;
import javax.validation.constraints.Size; import javax.validation.constraints.Size;
/** /**
@ -33,7 +32,6 @@ public class EventBeanWrapper {
@ApiModelProperty(name = "deviceIdentifier", value = "DeviceIdentifier to be need to retrieve/publish Event.", required = true) @ApiModelProperty(name = "deviceIdentifier", value = "DeviceIdentifier to be need to retrieve/publish Event.", required = true)
@Size(min = 2, max = 45) @Size(min = 2, max = 45)
@Pattern(regexp = "^[A-Za-z0-9]*$")
private String deviceIdentifier; private String deviceIdentifier;
@ApiModelProperty(name = "payload", value = "Event payload.", required = true) @ApiModelProperty(name = "payload", value = "Event payload.", required = true)
private String payload; private String payload;

@ -50,15 +50,18 @@ public class GlobalThrowableMapper implements ExceptionMapper {
if (e instanceof JsonParseException) { if (e instanceof JsonParseException) {
String errorMessage = "Malformed request body."; String errorMessage = "Malformed request body.";
log.error(errorMessage); if (log.isDebugEnabled()) {
log.error(errorMessage, e);
}
return AndroidDeviceUtils.buildBadRequestException(errorMessage).getResponse(); return AndroidDeviceUtils.buildBadRequestException(errorMessage).getResponse();
} }
if (e instanceof NotFoundException) { if (e instanceof NotFoundException) {
return ((NotFoundException) e).getResponse(); return ((NotFoundException) e).getResponse();
} }
if (e instanceof UnexpectedServerErrorException) { if (e instanceof UnexpectedServerErrorException) {
log.error("Unexpected server error", e); if (log.isDebugEnabled()) {
log.error("Unexpected server error", e);
}
return ((UnexpectedServerErrorException) e).getResponse(); return ((UnexpectedServerErrorException) e).getResponse();
} }
if (e instanceof ConstraintViolationException) { if (e instanceof ConstraintViolationException) {
@ -76,7 +79,9 @@ public class GlobalThrowableMapper implements ExceptionMapper {
.build(); .build();
} }
if (e instanceof ClientErrorException) { if (e instanceof ClientErrorException) {
log.error("Client error", e); if (log.isDebugEnabled()) {
log.error("Client error", e);
}
return ((ClientErrorException) e).getResponse(); return ((ClientErrorException) e).getResponse();
} }
if (e instanceof AuthenticationException) { if (e instanceof AuthenticationException) {
@ -91,11 +96,15 @@ public class GlobalThrowableMapper implements ExceptionMapper {
.build(); .build();
} }
if (e instanceof ForbiddenException) { if (e instanceof ForbiddenException) {
log.error("Resource forbidden", e); if (log.isDebugEnabled()) {
log.error("Resource forbidden", e);
}
return ((ForbiddenException) e).getResponse(); return ((ForbiddenException) e).getResponse();
} }
//unknown exception log and return //unknown exception log and return
log.error("An Unknown exception has been captured by global exception mapper.", e); if (log.isDebugEnabled()) {
log.error("An Unknown exception has been captured by global exception mapper.", e);
}
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).header("Content-Type", "application/json") return Response.status(Response.Status.INTERNAL_SERVER_ERROR).header("Content-Type", "application/json")
.entity(e500).build(); .entity(e500).build();
} }

@ -23,7 +23,6 @@ import org.wso2.carbon.mdm.services.android.bean.DeviceState;
import org.wso2.carbon.mdm.services.android.bean.wrapper.EventBeanWrapper; import org.wso2.carbon.mdm.services.android.bean.wrapper.EventBeanWrapper;
import javax.validation.Valid; import javax.validation.Valid;
import javax.validation.constraints.Pattern;
import javax.validation.constraints.Size; import javax.validation.constraints.Size;
import javax.ws.rs.*; import javax.ws.rs.*;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
@ -141,7 +140,6 @@ public interface EventReceiverService {
value = "Device Identifier to be need to retrieve events.", value = "Device Identifier to be need to retrieve events.",
required = true) required = true)
@Size(min = 2, max = 45) @Size(min = 2, max = 45)
@Pattern(regexp = "^[A-Za-z0-9]*$")
@QueryParam("id") String deviceId, @QueryParam("id") String deviceId,
@ApiParam( @ApiParam(
name = "from", name = "from",
@ -155,7 +153,6 @@ public interface EventReceiverService {
name = "type", name = "type",
value = "Type of the Alert to be need to retrieve events.") value = "Type of the Alert to be need to retrieve events.")
@Size(min = 2, max = 45) @Size(min = 2, max = 45)
@Pattern(regexp = "^[A-Za-z0-9]*$")
@QueryParam("type") String type, @QueryParam("type") String type,
@ApiParam( @ApiParam(
name = "If-Modified-Since", name = "If-Modified-Since",

@ -33,7 +33,6 @@ import org.wso2.carbon.mdm.services.android.util.AndroidAPIUtils;
import org.wso2.carbon.mdm.services.android.util.Message; import org.wso2.carbon.mdm.services.android.util.Message;
import javax.validation.Valid; import javax.validation.Valid;
import javax.validation.constraints.Pattern;
import javax.validation.constraints.Size; import javax.validation.constraints.Size;
import javax.ws.rs.*; import javax.ws.rs.*;
import javax.ws.rs.core.Response; import javax.ws.rs.core.Response;
@ -78,11 +77,10 @@ public class EventReceiverServiceImpl implements EventReceiverService {
@Override @Override
public Response retrieveAlerts(@QueryParam("id") public Response retrieveAlerts(@QueryParam("id")
@Size(min = 2, max = 45) @Size(min = 2, max = 45)
@Pattern(regexp = "^[A-Za-z0-9]*$") String deviceId, String deviceId,
@QueryParam("from") long from, @QueryParam("from") long from,
@QueryParam("to") long to, @QueryParam("to") long to,
@Size(min = 2, max = 45) @Size(min = 2, max = 45)
@Pattern(regexp = "^[A-Za-z0-9]*$")
@QueryParam("type") String type, @QueryParam("type") String type,
@HeaderParam("If-Modified-Since") String ifModifiedSince) { @HeaderParam("If-Modified-Since") String ifModifiedSince) {

@ -230,7 +230,7 @@
<artifactId>core</artifactId> <artifactId>core</artifactId>
</dependency> </dependency>
<dependency> <dependency>
<groupId>commons-codec.wso2</groupId> <groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId> <artifactId>commons-codec</artifactId>
</dependency> </dependency>
<dependency> <dependency>

@ -215,7 +215,6 @@ public class CertificateEnrollmentServiceImpl implements CertificateEnrollmentSe
private String prepareWapProvisioningXML(String binarySecurityToken, String wapProvisioningFilePath, private String prepareWapProvisioningXML(String binarySecurityToken, String wapProvisioningFilePath,
String headerBst) throws CertificateGenerationException, String headerBst) throws CertificateGenerationException,
WAPProvisioningException, WindowsDeviceEnrolmentException { WAPProvisioningException, WindowsDeviceEnrolmentException {
String rootCertEncodedString; String rootCertEncodedString;
String signedCertEncodedString; String signedCertEncodedString;
X509Certificate signedCertificate; X509Certificate signedCertificate;
@ -225,11 +224,11 @@ public class CertificateEnrollmentServiceImpl implements CertificateEnrollmentSe
Base64 base64Encoder = new Base64(); Base64 base64Encoder = new Base64();
try { try {
rootCACertificate = (X509Certificate) certMgtServiceImpl.getCACertificate(); rootCACertificate = (X509Certificate) certMgtServiceImpl.getCACertificate();
rootCertEncodedString = base64Encoder.encodeToString(rootCACertificate.getEncoded()); rootCertEncodedString = base64Encoder.encodeAsString(rootCACertificate.getEncoded());
signedCertificate = certMgtServiceImpl.getSignedCertificateFromCSR(binarySecurityToken); signedCertificate = certMgtServiceImpl.getSignedCertificateFromCSR(binarySecurityToken);
signedCertEncodedString = base64Encoder.encodeToString(signedCertificate.getEncoded()); signedCertEncodedString = base64Encoder.encodeAsString(signedCertificate.getEncoded());
DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance(); DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance();
DocumentBuilder builder; DocumentBuilder builder;
@ -242,7 +241,7 @@ public class CertificateEnrollmentServiceImpl implements CertificateEnrollmentSe
//Adding SHA1 CA certificate finger print to wap-provisioning xml. //Adding SHA1 CA certificate finger print to wap-provisioning xml.
caCertificatePosition.getParentNode().getAttributes().getNamedItem(PluginConstants. caCertificatePosition.getParentNode().getAttributes().getNamedItem(PluginConstants.
CertificateEnrolment.TYPE).setTextContent(String.valueOf( CertificateEnrolment.TYPE).setTextContent(String.valueOf(
DigestUtils.sha256Hex(rootCACertificate.getEncoded())).toUpperCase()); DigestUtils.sha1Hex(rootCACertificate.getEncoded())).toUpperCase());
//Adding encoded CA certificate to wap-provisioning file after removing new line //Adding encoded CA certificate to wap-provisioning file after removing new line
// characters. // characters.
NamedNodeMap rootCertAttributes = caCertificatePosition.getAttributes(); NamedNodeMap rootCertAttributes = caCertificatePosition.getAttributes();
@ -261,7 +260,7 @@ public class CertificateEnrollmentServiceImpl implements CertificateEnrollmentSe
//Adding SHA1 signed certificate finger print to wap-provisioning xml. //Adding SHA1 signed certificate finger print to wap-provisioning xml.
signedCertificatePosition.getParentNode().getAttributes().getNamedItem(PluginConstants. signedCertificatePosition.getParentNode().getAttributes().getNamedItem(PluginConstants.
CertificateEnrolment.TYPE).setTextContent(String.valueOf( CertificateEnrolment.TYPE).setTextContent(String.valueOf(
DigestUtils.sha256Hex(signedCertificate.getEncoded())).toUpperCase()); DigestUtils.sha1Hex(signedCertificate.getEncoded())).toUpperCase());
//Adding encoded signed certificate to wap-provisioning file after removing new line //Adding encoded signed certificate to wap-provisioning file after removing new line
// characters. // characters.
@ -326,7 +325,7 @@ public class CertificateEnrollmentServiceImpl implements CertificateEnrollmentSe
} catch (KeystoreException e) { } catch (KeystoreException e) {
throw new CertificateGenerationException("CA certificate cannot be generated.", e); throw new CertificateGenerationException("CA certificate cannot be generated.", e);
} }
return base64Encoder.encodeToString(provisioningXmlString.getBytes()); return base64Encoder.encodeAsString(provisioningXmlString.getBytes());
} }
/** /**

@ -331,7 +331,7 @@
<version>${carbon.analytics.common.version}</version> <version>${carbon.analytics.common.version}</version>
<exclusions> <exclusions>
<exclusion> <exclusion>
<groupId>commons-codec</groupId> <groupId>commons-codec.wso2</groupId>
<artifactId>commons-codec</artifactId> <artifactId>commons-codec</artifactId>
</exclusion> </exclusion>
</exclusions> </exclusions>
@ -859,10 +859,15 @@
<artifactId>commons-httpclient</artifactId> <artifactId>commons-httpclient</artifactId>
<version>${orbit.version.commons-httpclient}</version> <version>${orbit.version.commons-httpclient}</version>
</dependency> </dependency>
<!--<dependency>-->
<!--<groupId>commons-codec.wso2</groupId>-->
<!--<artifactId>commons-codec</artifactId>-->
<!--<version>${commons-codec.wso2.version}</version>-->
<!--</dependency>-->
<dependency> <dependency>
<groupId>commons-codec.wso2</groupId> <groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId> <artifactId>commons-codec</artifactId>
<version>${commons-codec.wso2.version}</version> <version>${commons-codec.version}</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.codehaus.jackson</groupId> <groupId>org.codehaus.jackson</groupId>
@ -1169,7 +1174,8 @@
<gcm.server.version>1.0.2</gcm.server.version> <gcm.server.version>1.0.2</gcm.server.version>
<orbit.version.commons-httpclient>3.1.0.wso2v2</orbit.version.commons-httpclient> <orbit.version.commons-httpclient>3.1.0.wso2v2</orbit.version.commons-httpclient>
<commons-codec.wso2.version>1.4.0.wso2v1</commons-codec.wso2.version> <!--<commons-codec.wso2.version>1.4.0.wso2v1</commons-codec.wso2.version>-->
<commons-codec.version>1.7</commons-codec.version>
<javaee-web-api.version>6.0</javaee-web-api.version> <javaee-web-api.version>6.0</javaee-web-api.version>

Loading…
Cancel
Save