Fix Message digest is weak security bug

revert-dabc3590
warunalakshitha 8 years ago
parent 0b983855cf
commit e65b61bf95

@ -43,7 +43,7 @@ public class CommunicationUtils {
private static final Log log = LogFactory.getLog(TransportUtils.class); private static final Log log = LogFactory.getLog(TransportUtils.class);
// The Signature Algorithm used. // The Signature Algorithm used.
private static final String SIGNATURE_ALG = "SHA1withRSA"; private static final String SHA_512 = "SHA-512";
// The Encryption Algorithm and the Padding used. // The Encryption Algorithm and the Padding used.
private static final String CIPHER_PADDING = "RSA/ECB/PKCS1Padding"; private static final String CIPHER_PADDING = "RSA/ECB/PKCS1Padding";
@ -108,7 +108,7 @@ public class CommunicationUtils {
String signedEncodedString; String signedEncodedString;
try { try {
signature = Signature.getInstance(SIGNATURE_ALG); signature = Signature.getInstance(SHA_512);
signature.initSign(signatureKey); signature.initSign(signatureKey);
signature.update(Base64.decodeBase64(message)); signature.update(Base64.decodeBase64(message));
@ -117,11 +117,11 @@ public class CommunicationUtils {
} catch (NoSuchAlgorithmException e) { } catch (NoSuchAlgorithmException e) {
String errorMsg = String errorMsg =
"Algorithm not found exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; "Algorithm not found exception occurred for Signature instance of [" + SHA_512 + "]";
log.error(errorMsg); log.error(errorMsg);
throw new TransportHandlerException(errorMsg, e); throw new TransportHandlerException(errorMsg, e);
} catch (SignatureException e) { } catch (SignatureException e) {
String errorMsg = "Signature exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; String errorMsg = "Signature exception occurred for Signature instance of [" + SHA_512 + "]";
log.error(errorMsg); log.error(errorMsg);
throw new TransportHandlerException(errorMsg, e); throw new TransportHandlerException(errorMsg, e);
} catch (InvalidKeyException e) { } catch (InvalidKeyException e) {
@ -153,7 +153,7 @@ public class CommunicationUtils {
boolean verified; boolean verified;
try { try {
signature = Signature.getInstance(SIGNATURE_ALG); signature = Signature.getInstance(SHA_512);
signature.initVerify(verificationKey); signature.initVerify(verificationKey);
signature.update(Base64.decodeBase64(data)); signature.update(Base64.decodeBase64(data));
@ -161,11 +161,11 @@ public class CommunicationUtils {
} catch (NoSuchAlgorithmException e) { } catch (NoSuchAlgorithmException e) {
String errorMsg = String errorMsg =
"Algorithm not found exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; "Algorithm not found exception occurred for Signature instance of [" + SHA_512 + "]";
log.error(errorMsg); log.error(errorMsg);
throw new TransportHandlerException(errorMsg, e); throw new TransportHandlerException(errorMsg, e);
} catch (SignatureException e) { } catch (SignatureException e) {
String errorMsg = "Signature exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; String errorMsg = "Signature exception occurred for Signature instance of [" + SHA_512 + "]";
log.error(errorMsg); log.error(errorMsg);
throw new TransportHandlerException(errorMsg, e); throw new TransportHandlerException(errorMsg, e);
} catch (InvalidKeyException e) { } catch (InvalidKeyException e) {

@ -43,7 +43,7 @@ public class CommunicationUtils {
private static final Log log = LogFactory.getLog(TransportUtils.class); private static final Log log = LogFactory.getLog(TransportUtils.class);
// The Signature Algorithm used. // The Signature Algorithm used.
private static final String SIGNATURE_ALG = "SHA1withRSA"; private static final String SHA_512 = "SHA-512";
// The Encryption Algorithm and the Padding used. // The Encryption Algorithm and the Padding used.
private static final String CIPHER_PADDING = "RSA/ECB/PKCS1Padding"; private static final String CIPHER_PADDING = "RSA/ECB/PKCS1Padding";
@ -107,7 +107,7 @@ public class CommunicationUtils {
String signedEncodedString; String signedEncodedString;
try { try {
signature = Signature.getInstance(SIGNATURE_ALG); signature = Signature.getInstance(SHA_512);
signature.initSign(signatureKey); signature.initSign(signatureKey);
signature.update(Base64.decodeBase64(message)); signature.update(Base64.decodeBase64(message));
@ -116,11 +116,11 @@ public class CommunicationUtils {
} catch (NoSuchAlgorithmException e) { } catch (NoSuchAlgorithmException e) {
String errorMsg = String errorMsg =
"Algorithm not found exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; "Algorithm not found exception occurred for Signature instance of [" + SHA_512 + "]";
log.error(errorMsg); log.error(errorMsg);
throw new TransportHandlerException(errorMsg, e); throw new TransportHandlerException(errorMsg, e);
} catch (SignatureException e) { } catch (SignatureException e) {
String errorMsg = "Signature exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; String errorMsg = "Signature exception occurred for Signature instance of [" + SHA_512 + "]";
log.error(errorMsg); log.error(errorMsg);
throw new TransportHandlerException(errorMsg, e); throw new TransportHandlerException(errorMsg, e);
} catch (InvalidKeyException e) { } catch (InvalidKeyException e) {
@ -152,7 +152,7 @@ public class CommunicationUtils {
boolean verified; boolean verified;
try { try {
signature = Signature.getInstance(SIGNATURE_ALG); signature = Signature.getInstance(SHA_512);
signature.initVerify(verificationKey); signature.initVerify(verificationKey);
signature.update(Base64.decodeBase64(data)); signature.update(Base64.decodeBase64(data));
@ -160,11 +160,11 @@ public class CommunicationUtils {
} catch (NoSuchAlgorithmException e) { } catch (NoSuchAlgorithmException e) {
String errorMsg = String errorMsg =
"Algorithm not found exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; "Algorithm not found exception occurred for Signature instance of [" + SHA_512 + "]";
log.error(errorMsg); log.error(errorMsg);
throw new TransportHandlerException(errorMsg, e); throw new TransportHandlerException(errorMsg, e);
} catch (SignatureException e) { } catch (SignatureException e) {
String errorMsg = "Signature exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; String errorMsg = "Signature exception occurred for Signature instance of [" + SHA_512 + "]";
log.error(errorMsg); log.error(errorMsg);
throw new TransportHandlerException(errorMsg, e); throw new TransportHandlerException(errorMsg, e);
} catch (InvalidKeyException e) { } catch (InvalidKeyException e) {

@ -51,7 +51,7 @@ public class VirtualFirealarmSecurityManager {
private static final Log log = LogFactory.getLog(VirtualFirealarmSecurityManager.class); private static final Log log = LogFactory.getLog(VirtualFirealarmSecurityManager.class);
private static PrivateKey serverPrivateKey; private static PrivateKey serverPrivateKey;
private static final String SIGNATURE_ALG = "SHA1withRSA"; private static final String SHA_512 = "SHA-512";
private static final String CIPHER_PADDING = "RSA/ECB/PKCS1Padding"; private static final String CIPHER_PADDING = "RSA/ECB/PKCS1Padding";
private static CertificateKeystoreConfig certificateKeystoreConfig; private static CertificateKeystoreConfig certificateKeystoreConfig;
private VirtualFirealarmSecurityManager() { private VirtualFirealarmSecurityManager() {
@ -162,7 +162,7 @@ public class VirtualFirealarmSecurityManager {
String signedEncodedString; String signedEncodedString;
try { try {
signature = Signature.getInstance(SIGNATURE_ALG); signature = Signature.getInstance(SHA_512);
signature.initSign(signatureKey); signature.initSign(signatureKey);
signature.update(Base64.decodeBase64(encryptedData)); signature.update(Base64.decodeBase64(encryptedData));
@ -170,11 +170,11 @@ public class VirtualFirealarmSecurityManager {
signedEncodedString = Base64.encodeBase64String(signatureBytes); signedEncodedString = Base64.encodeBase64String(signatureBytes);
} catch (NoSuchAlgorithmException e) { } catch (NoSuchAlgorithmException e) {
String errorMsg = "Algorithm not found exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; String errorMsg = "Algorithm not found exception occurred for Signature instance of [" + SHA_512 + "]";
log.error(errorMsg); log.error(errorMsg);
throw new VirtualFirealarmDeviceMgtPluginException(errorMsg, e); throw new VirtualFirealarmDeviceMgtPluginException(errorMsg, e);
} catch (SignatureException e) { } catch (SignatureException e) {
String errorMsg = "Signature exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; String errorMsg = "Signature exception occurred for Signature instance of [" + SHA_512 + "]";
log.error(errorMsg); log.error(errorMsg);
throw new VirtualFirealarmDeviceMgtPluginException(errorMsg, e); throw new VirtualFirealarmDeviceMgtPluginException(errorMsg, e);
} catch (InvalidKeyException e) { } catch (InvalidKeyException e) {
@ -193,18 +193,18 @@ public class VirtualFirealarmSecurityManager {
boolean verified; boolean verified;
try { try {
signature = Signature.getInstance(SIGNATURE_ALG); signature = Signature.getInstance(SHA_512);
signature.initVerify(verificationKey); signature.initVerify(verificationKey);
signature.update(Base64.decodeBase64(data)); signature.update(Base64.decodeBase64(data));
verified = signature.verify(Base64.decodeBase64(signedData)); verified = signature.verify(Base64.decodeBase64(signedData));
} catch (NoSuchAlgorithmException e) { } catch (NoSuchAlgorithmException e) {
String errorMsg = "Algorithm not found exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; String errorMsg = "Algorithm not found exception occurred for Signature instance of [" + SHA_512 + "]";
log.error(errorMsg); log.error(errorMsg);
throw new VirtualFirealarmDeviceMgtPluginException(errorMsg, e); throw new VirtualFirealarmDeviceMgtPluginException(errorMsg, e);
} catch (SignatureException e) { } catch (SignatureException e) {
String errorMsg = "Signature exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; String errorMsg = "Signature exception occurred for Signature instance of [" + SHA_512 + "]";
log.error(errorMsg); log.error(errorMsg);
throw new VirtualFirealarmDeviceMgtPluginException(errorMsg, e); throw new VirtualFirealarmDeviceMgtPluginException(errorMsg, e);
} catch (InvalidKeyException e) { } catch (InvalidKeyException e) {

Loading…
Cancel
Save