From 09020ccb9f9421a308d02ce0a69b3a9466b211d2 Mon Sep 17 00:00:00 2001 From: Timo Briddigkeit Date: Wed, 13 Jul 2016 14:35:55 +0200 Subject: [PATCH 1/5] Fixed predictable pseudorandom number generator --- .../service/impl/UserManagementServiceImpl.java | 3 ++- .../client/extension/util/JWTClientUtil.java | 17 ++++------------- 2 files changed, 6 insertions(+), 14 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/UserManagementServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/UserManagementServiceImpl.java index 0e8d90ffc0..ffad2e8d81 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/UserManagementServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/UserManagementServiceImpl.java @@ -37,6 +37,7 @@ import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import java.net.URI; import java.net.URISyntaxException; +import java.security.SecureRandom; import java.util.*; @Path("/users") @@ -395,7 +396,7 @@ public class UserManagementServiceImpl implements UserManagementService { String lowerCaseCharset = "abcdefghijklmnopqrstuvwxyz"; String upperCaseCharset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; String numericCharset = "0123456789"; - Random randomGenerator = new Random(); + SecureRandom randomGenerator = new SecureRandom(); String totalCharset = lowerCaseCharset + upperCaseCharset + numericCharset; int totalCharsetLength = totalCharset.length(); StringBuilder initialUserPassword = new StringBuilder(); diff --git a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/util/JWTClientUtil.java b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/util/JWTClientUtil.java index dea0b0754c..2786b7a00d 100644 --- a/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/util/JWTClientUtil.java +++ b/components/identity-extensions/org.wso2.carbon.identity.jwt.client.extension/src/main/java/org/wso2/carbon/identity/jwt/client/extension/util/JWTClientUtil.java @@ -36,11 +36,11 @@ import org.apache.http.util.EntityUtils; import org.wso2.carbon.base.MultitenantConstants; import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.core.util.KeyStoreManager; -import org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService; import org.wso2.carbon.identity.jwt.client.extension.dto.JWTConfig; import org.wso2.carbon.identity.jwt.client.extension.exception.JWTClientConfigurationException; import org.wso2.carbon.identity.jwt.client.extension.exception.JWTClientException; import org.wso2.carbon.identity.jwt.client.extension.internal.JWTClientExtensionDataHolder; +import org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService; import org.wso2.carbon.registry.core.Registry; import org.wso2.carbon.registry.core.Resource; import org.wso2.carbon.registry.core.exceptions.RegistryException; @@ -48,24 +48,15 @@ import org.wso2.carbon.registry.core.service.RegistryService; import org.wso2.carbon.registry.core.service.TenantRegistryLoader; import org.wso2.carbon.utils.CarbonUtils; -import java.io.BufferedReader; -import java.io.File; -import java.io.IOException; -import java.io.InputStream; -import java.io.InputStreamReader; +import java.io.*; import java.net.URI; import java.net.URL; -import java.security.KeyManagementException; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.UnrecoverableKeyException; +import java.security.*; import java.security.cert.CertificateException; import java.security.interfaces.RSAPrivateKey; import java.util.Date; import java.util.List; import java.util.Properties; -import java.util.Random; /** * This is the utility class that is used for JWT Client. @@ -210,7 +201,7 @@ public class JWTClientUtil { long nbf = currentTimeMillis + jwtConfig.getValidityPeriodFromCurrentTime() * 60 * 1000; String jti = jwtConfig.getJti(); if (jti == null) { - String defaultTokenId = currentTimeMillis + "" + new Random().nextInt(); + String defaultTokenId = currentTimeMillis + "" + new SecureRandom().nextInt(); jti = defaultTokenId; } List aud = jwtConfig.getAudiences(); From ee5b077e6a1fd074473adfe76905844d7bb3c6e1 Mon Sep 17 00:00:00 2001 From: Timo Briddigkeit Date: Wed, 13 Jul 2016 15:02:11 +0200 Subject: [PATCH 2/5] Fixed various XML External Entity (XXE) attack vulnerabilities --- .../webapp/publisher/WebappPublisherUtil.java | 2 ++ .../mgt/core/util/CertificateManagerUtil.java | 9 +++------ .../mgt/core/util/ConfigurationUtil.java | 14 +++++++------- .../data/publisher/DataPublisherUtil.java | 2 ++ .../mgt/core/permission/mgt/PermissionUtils.java | 3 ++- .../device/mgt/core/util/DeviceManagerUtil.java | 7 ++----- .../carbon/email/sender/core/EmailSenderUtil.java | 6 ++---- .../policy/mgt/core/util/PolicyManagerUtil.java | 12 ++++-------- .../framework/AuthenticationFrameworkUtil.java | 2 ++ 9 files changed, 26 insertions(+), 31 deletions(-) diff --git a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/WebappPublisherUtil.java b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/WebappPublisherUtil.java index 9308910c06..17e2edb9a8 100644 --- a/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/WebappPublisherUtil.java +++ b/components/apimgt-extensions/org.wso2.carbon.apimgt.webapp.publisher/src/main/java/org/wso2/carbon/apimgt/webapp/publisher/WebappPublisherUtil.java @@ -20,6 +20,7 @@ package org.wso2.carbon.apimgt.webapp.publisher; import org.w3c.dom.Document; +import javax.xml.XMLConstants; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import java.io.File; @@ -34,6 +35,7 @@ public class WebappPublisherUtil { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(true); try { + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); DocumentBuilder docBuilder = factory.newDocumentBuilder(); return docBuilder.parse(file); } catch (Exception e) { diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/CertificateManagerUtil.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/CertificateManagerUtil.java index 9c9d64aa97..9f75079cfb 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/CertificateManagerUtil.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/CertificateManagerUtil.java @@ -28,28 +28,25 @@ import org.wso2.carbon.certificate.mgt.core.dao.CertificateManagementDAOUtil; import org.wso2.carbon.certificate.mgt.core.exception.CertificateManagementException; import javax.sql.DataSource; +import javax.xml.XMLConstants; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; -import java.io.ByteArrayOutputStream; import java.io.File; -import java.io.ObjectOutputStream; -import java.util.ArrayList; -import java.util.HashMap; import java.util.Hashtable; import java.util.List; public class CertificateManagerUtil { - private static final Log log = LogFactory.getLog(CertificateManagerUtil.class); - public static final String GENERAL_CONFIG_RESOURCE_PATH = "general"; public static final String MONITORING_FREQUENCY = "notifierFrequency"; + private static final Log log = LogFactory.getLog(CertificateManagerUtil.class); public static Document convertToDocument(File file) throws CertificateManagementException { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(true); try { DocumentBuilder docBuilder = factory.newDocumentBuilder(); + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); return docBuilder.parse(file); } catch (Exception e) { throw new CertificateManagementException("Error occurred while parsing file, while converting " + diff --git a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/ConfigurationUtil.java b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/ConfigurationUtil.java index 36d9182c10..fa5b49e56c 100644 --- a/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/ConfigurationUtil.java +++ b/components/certificate-mgt/org.wso2.carbon.certificate.mgt.core/src/main/java/org/wso2/carbon/certificate/mgt/core/util/ConfigurationUtil.java @@ -21,6 +21,8 @@ import org.w3c.dom.Document; import org.w3c.dom.NodeList; import org.wso2.carbon.certificate.mgt.core.exception.KeystoreException; import org.xml.sax.SAXException; + +import javax.xml.XMLConstants; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; @@ -48,22 +50,19 @@ public class ConfigurationUtil { public static final String POST_BODY_CA_CAPS = "POSTPKIOperation\nSHA-1\nDES3\n"; public static final String DES_EDE = "DESede"; public static final String CONF_LOCATION = "conf.location"; - private static final String CARBON_HOME = "carbon.home"; - private static final String CERTIFICATE_CONFIG_XML = "certificate-config.xml"; - private static final String CARBON_HOME_ENTRY = "${carbon.home}"; public static final String DEFAULT_PRINCIPAL = "O=WSO2, OU=Mobile, C=LK"; public static final String RSA_PRIVATE_KEY_BEGIN_TEXT = "-----BEGIN RSA PRIVATE KEY-----\n"; public static final String RSA_PRIVATE_KEY_END_TEXT = "-----END RSA PRIVATE KEY-----"; public static final String EMPTY_TEXT = ""; public static final int RSA_KEY_LENGTH = 1024; public static final long MILLI_SECONDS = 1000L * 60 * 60 * 24; - - - private static ConfigurationUtil configurationUtil; + private static final String CARBON_HOME = "carbon.home"; + private static final String CERTIFICATE_CONFIG_XML = "certificate-config.xml"; + private static final String CARBON_HOME_ENTRY = "${carbon.home}"; private static final String[] certificateConfigEntryNames = { CA_CERT_ALIAS, RA_CERT_ALIAS, CERTIFICATE_KEYSTORE, PATH_CERTIFICATE_KEYSTORE, CERTIFICATE_KEYSTORE_PASSWORD, KEYSTORE_CA_CERT_PRIV_PASSWORD, KEYSTORE_RA_CERT_PRIV_PASSWORD }; - + private static ConfigurationUtil configurationUtil; private static Map configMap; private static Map readCertificateConfigurations() throws KeystoreException { @@ -79,6 +78,7 @@ public class ConfigurationUtil { try { File fXmlFile = new File(certConfLocation); DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); + documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder(); document = documentBuilder.parse(fXmlFile); } catch (ParserConfigurationException e) { diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.analytics.data.publisher/src/main/java/org/wso2/carbon/device/mgt/analytics/data/publisher/DataPublisherUtil.java b/components/device-mgt/org.wso2.carbon.device.mgt.analytics.data.publisher/src/main/java/org/wso2/carbon/device/mgt/analytics/data/publisher/DataPublisherUtil.java index a13310ee94..da430d5fd4 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.analytics.data.publisher/src/main/java/org/wso2/carbon/device/mgt/analytics/data/publisher/DataPublisherUtil.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.analytics.data.publisher/src/main/java/org/wso2/carbon/device/mgt/analytics/data/publisher/DataPublisherUtil.java @@ -21,6 +21,7 @@ package org.wso2.carbon.device.mgt.analytics.data.publisher; import org.w3c.dom.Document; import org.wso2.carbon.device.mgt.analytics.data.publisher.exception.DataPublisherConfigurationException; +import javax.xml.XMLConstants; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import java.io.File; @@ -32,6 +33,7 @@ public class DataPublisherUtil { factory.setNamespaceAware(true); try { DocumentBuilder docBuilder = factory.newDocumentBuilder(); + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); return docBuilder.parse(file); } catch (Exception e) { throw new DataPublisherConfigurationException("Error occurred while parsing file, while converting " + diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java index d70247f683..27b95e56cc 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/permission/mgt/PermissionUtils.java @@ -20,7 +20,6 @@ package org.wso2.carbon.device.mgt.core.permission.mgt; import org.w3c.dom.Document; import org.wso2.carbon.context.PrivilegedCarbonContext; -import org.wso2.carbon.device.mgt.common.DeviceManagementException; import org.wso2.carbon.device.mgt.common.permission.mgt.Permission; import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException; import org.wso2.carbon.device.mgt.core.internal.DeviceManagementDataHolder; @@ -28,6 +27,7 @@ import org.wso2.carbon.registry.api.RegistryException; import org.wso2.carbon.registry.api.Resource; import org.wso2.carbon.registry.core.Registry; +import javax.xml.XMLConstants; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import java.io.File; @@ -123,6 +123,7 @@ public class PermissionUtils { factory.setNamespaceAware(true); try { DocumentBuilder docBuilder = factory.newDocumentBuilder(); + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); return docBuilder.parse(file); } catch (Exception e) { throw new PermissionManagementException("Error occurred while parsing file, while converting " + diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/util/DeviceManagerUtil.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/util/DeviceManagerUtil.java index ec798f2bdc..a9d472d498 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/util/DeviceManagerUtil.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/util/DeviceManagerUtil.java @@ -21,7 +21,6 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.w3c.dom.Document; import org.wso2.carbon.base.MultitenantConstants; -import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.device.mgt.common.Device; import org.wso2.carbon.device.mgt.common.DeviceIdentifier; import org.wso2.carbon.device.mgt.common.DeviceManagementException; @@ -41,14 +40,11 @@ import org.wso2.carbon.utils.ConfigurationContextService; import org.wso2.carbon.utils.NetworkUtils; import javax.sql.DataSource; +import javax.xml.XMLConstants; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import java.io.File; import java.util.*; -import java.util.HashMap; -import java.util.Hashtable; -import java.util.List; -import java.util.Map; public final class DeviceManagerUtil { @@ -60,6 +56,7 @@ public final class DeviceManagerUtil { factory.setNamespaceAware(true); try { DocumentBuilder docBuilder = factory.newDocumentBuilder(); + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); return docBuilder.parse(file); } catch (Exception e) { throw new DeviceManagementException("Error occurred while parsing file, while converting " + diff --git a/components/email-sender/org.wso2.carbon.email.sender.core/src/main/java/org/wso2/carbon/email/sender/core/EmailSenderUtil.java b/components/email-sender/org.wso2.carbon.email.sender.core/src/main/java/org/wso2/carbon/email/sender/core/EmailSenderUtil.java index c1f03a02bc..6c34c05805 100644 --- a/components/email-sender/org.wso2.carbon.email.sender.core/src/main/java/org/wso2/carbon/email/sender/core/EmailSenderUtil.java +++ b/components/email-sender/org.wso2.carbon.email.sender.core/src/main/java/org/wso2/carbon/email/sender/core/EmailSenderUtil.java @@ -19,11 +19,8 @@ package org.wso2.carbon.email.sender.core; import org.w3c.dom.Document; -import org.wso2.carbon.email.sender.core.internal.EmailSenderDataHolder; -import org.wso2.carbon.utils.CarbonUtils; -import org.wso2.carbon.utils.ConfigurationContextService; -import org.wso2.carbon.utils.NetworkUtils; +import javax.xml.XMLConstants; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import java.io.File; @@ -35,6 +32,7 @@ public class EmailSenderUtil { factory.setNamespaceAware(true); try { DocumentBuilder docBuilder = factory.newDocumentBuilder(); + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); return docBuilder.parse(file); } catch (Exception e) { throw new EmailSenderConfigurationFailedException("Error occurred while parsing file, while converting " + diff --git a/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/util/PolicyManagerUtil.java b/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/util/PolicyManagerUtil.java index 0d80901d21..ee55646f11 100644 --- a/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/util/PolicyManagerUtil.java +++ b/components/policy-mgt/org.wso2.carbon.policy.mgt.core/src/main/java/org/wso2/carbon/policy/mgt/core/util/PolicyManagerUtil.java @@ -44,6 +44,7 @@ import javax.cache.Cache; import javax.cache.CacheManager; import javax.cache.Caching; import javax.sql.DataSource; +import javax.xml.XMLConstants; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import java.io.ByteArrayOutputStream; @@ -53,17 +54,16 @@ import java.util.*; public class PolicyManagerUtil { - private static final Log log = LogFactory.getLog(PolicyManagerUtil.class); - public static final String GENERAL_CONFIG_RESOURCE_PATH = "general"; public static final String MONITORING_FREQUENCY = "notifierFrequency"; - + private static final Log log = LogFactory.getLog(PolicyManagerUtil.class); public static Document convertToDocument(File file) throws PolicyManagementException { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(true); try { DocumentBuilder docBuilder = factory.newDocumentBuilder(); + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); return docBuilder.parse(file); } catch (Exception e) { throw new PolicyManagementException("Error occurred while parsing file, while converting " + @@ -153,11 +153,7 @@ public class PolicyManagerUtil { public static boolean convertIntToBoolean(int x) { - if (x == 1) { - return true; - } else { - return false; - } + return x == 1; } diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/AuthenticationFrameworkUtil.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/AuthenticationFrameworkUtil.java index 1ae7b83116..81629eedb5 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/AuthenticationFrameworkUtil.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/AuthenticationFrameworkUtil.java @@ -31,6 +31,7 @@ import org.wso2.carbon.context.PrivilegedCarbonContext; import org.wso2.carbon.webapp.authenticator.framework.Utils.Utils; import javax.servlet.http.HttpServletResponse; +import javax.xml.XMLConstants; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import java.io.File; @@ -97,6 +98,7 @@ public class AuthenticationFrameworkUtil { factory.setNamespaceAware(true); try { DocumentBuilder docBuilder = factory.newDocumentBuilder(); + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); return docBuilder.parse(file); } catch (Exception e) { throw new AuthenticatorFrameworkException("Error occurred while parsing file, while converting " + From b67430408739be99b24f085f6ce9f314bbeaf6a8 Mon Sep 17 00:00:00 2001 From: Timo Briddigkeit Date: Wed, 13 Jul 2016 15:57:12 +0200 Subject: [PATCH 3/5] Made constants real constant using final --- .../carbon/device/mgt/core/search/mgt/Constants.java | 8 ++++---- .../carbon/device/mgt/core/common/TestDataHolder.java | 10 +++++----- .../backend/oauth/OauthAuthenticatorConstants.java | 2 +- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/search/mgt/Constants.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/search/mgt/Constants.java index d8b7ada7b4..0ba5bb7d10 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/search/mgt/Constants.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/search/mgt/Constants.java @@ -21,8 +21,8 @@ package org.wso2.carbon.device.mgt.core.search.mgt; public class Constants { - public static String GENERAL = "GENERAL"; - public static String PROP_AND = "PROP_AND"; - public static String PROP_OR = "PROP_OR"; - public static String LOCATION = "LOCATION"; + public static final String GENERAL = "GENERAL"; + public static final String PROP_AND = "PROP_AND"; + public static final String PROP_OR = "PROP_OR"; + public static final String LOCATION = "LOCATION"; } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/java/org/wso2/carbon/device/mgt/core/common/TestDataHolder.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/java/org/wso2/carbon/device/mgt/core/common/TestDataHolder.java index 3aef2ca254..bb467761e7 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/java/org/wso2/carbon/device/mgt/core/common/TestDataHolder.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/test/java/org/wso2/carbon/device/mgt/core/common/TestDataHolder.java @@ -27,13 +27,13 @@ import java.util.Properties; public class TestDataHolder { + public final static String TEST_DEVICE_TYPE = "Test"; + public final static Integer SUPER_TENANT_ID = -1234; + public final static String SUPER_TENANT_DOMAIN = "carbon.super"; + public final static String initialDeviceIdentifier = "12345"; + public final static String OWNER = "admin"; public static Device initialTestDevice; public static DeviceType initialTestDeviceType; - public static String TEST_DEVICE_TYPE = "Test"; - public static Integer SUPER_TENANT_ID = -1234; - public static String SUPER_TENANT_DOMAIN="carbon.super"; - public static String initialDeviceIdentifier = "12345"; - public static String OWNER = "admin"; public static Device generateDummyDeviceData(String deviceType){ diff --git a/components/identity-extensions/org.wso2.carbon.identity.authenticator.backend.oauth/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticatorConstants.java b/components/identity-extensions/org.wso2.carbon.identity.authenticator.backend.oauth/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticatorConstants.java index 4c7ace2e6d..66e96101a8 100755 --- a/components/identity-extensions/org.wso2.carbon.identity.authenticator.backend.oauth/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticatorConstants.java +++ b/components/identity-extensions/org.wso2.carbon.identity.authenticator.backend.oauth/src/main/java/org/wso2/carbon/identity/authenticator/backend/oauth/OauthAuthenticatorConstants.java @@ -24,6 +24,6 @@ public class OauthAuthenticatorConstants { public static final String BEARER_TOKEN_IDENTIFIER = "token"; public static final String AUTHENTICATOR_NAME = "OAuthAuthenticator"; public static final String SPLITING_CHARACTOR = " "; - public static String OAUTH_ENDPOINT_POSTFIX = + public static final String OAUTH_ENDPOINT_POSTFIX = "/services/OAuth2TokenValidationService.OAuth2TokenValidationServiceHttpsSoap12Endpoint/"; } From ca10ad53bb88d210b800f14ad1cc341b04c8bc6f Mon Sep 17 00:00:00 2001 From: Ace Date: Fri, 15 Jul 2016 11:59:15 +0530 Subject: [PATCH 4/5] Adding emm apis as common modules --- .../devicemgt/api/data-tables-invoker-api.jag | 59 ++++++++ .../jaggeryapps/devicemgt/api/invoker-api.jag | 140 +++++++++--------- .../devicemgt/api/operation-api.jag | 60 ++++++++ .../jaggeryapps/devicemgt/api/policy-api.jag | 52 +++++++ 4 files changed, 238 insertions(+), 73 deletions(-) create mode 100644 components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/data-tables-invoker-api.jag create mode 100644 components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/operation-api.jag create mode 100644 components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/policy-api.jag diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/data-tables-invoker-api.jag b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/data-tables-invoker-api.jag new file mode 100644 index 0000000000..160a7ff517 --- /dev/null +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/data-tables-invoker-api.jag @@ -0,0 +1,59 @@ +<% +/* + * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +var log = new Log("api/data-tables-invoker-api.jag"); + +var uri = request.getRequestURI(); +var uriMatcher = new URIMatcher(String(uri)); + +var devicemgtProps = require('/app/conf/devicemgt-props.js').config(); +var serviceInvokers = require("/app/modules/backend-service-invoker.js")["backendServiceInvoker"]; + +if (uriMatcher.match("/{context}/api/data-tables/invoker")) { + var url = request.getParameter("url"); + var targetURL; + var payload = request.getContent(); + + function appendQueryParam (url, queryParam , value) { + if (url.indexOf("?") > 0) { + return url + "&" + queryParam + "=" + value; + } + return url + "?" + queryParam + "=" + value; + } + targetURL = devicemgtProps["httpsURL"] + request.getParameter("url"); + + var allParams = request.getAllParameters(); + + for (var key in allParams) { + if (allParams.hasOwnProperty(key)) { + if(key == "limit" || key == "offset" || key == "filter"){ + targetURL = appendQueryParam(targetURL, key, allParams[key]); + } + } + } + + serviceInvokers.XMLHttp.get( + targetURL, + // response callback + function (backendResponse) { + response["status"] = backendResponse["status"]; + response["content"] = backendResponse["responseText"]; + } + ); +} diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/invoker-api.jag b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/invoker-api.jag index ac587def72..1fd232e3c7 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/invoker-api.jag +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/invoker-api.jag @@ -17,94 +17,88 @@ * under the License. */ +var log = new Log("api/invoker-api.jag"); + var uri = request.getRequestURI(); var uriMatcher = new URIMatcher(String(uri)); -var log = new Log("api/invoker-api.jag"); - var constants = require("/app/modules/constants.js"); var devicemgtProps = require('/app/conf/devicemgt-props.js').config(); -var serviceInvokers = require("/app/modules/backend-service-invoker.js").backendServiceInvoker; - -var result; +var serviceInvokers = require("/app/modules/backend-service-invoker.js")["backendServiceInvoker"]; if (uriMatcher.match("/{context}/api/invoker/execute/")) { - var method = request.getContent().actionMethod; - var targetURL = getTargetUrl(devicemgtProps.httpsURL, request.getContent().actionUrl); - var payload = request.getContent().actionPayload; - var contentType = request.getHeader(constants.CONTENT_TYPE_IDENTIFIER); - var acceptType = request.getHeader(constants.ACCEPT_IDENTIFIER); - if (method == undefined && payload == undefined) { - method = parse(request.getContent()).actionMethod; - targetURL = getTargetUrl(devicemgtProps.httpsURL, parse(request.getContent()).actionUrl); - payload = parse(request.getContent()).actionPayload; + var restAPIRequestDetails = request.getContent(); + + var requestMethod = restAPIRequestDetails["requestMethod"]; + var requestURL = restAPIRequestDetails["requestURL"]; + var requestPayload = restAPIRequestDetails["requestPayload"]; + + if (!requestMethod) { + requestMethod = parse(restAPIRequestDetails)["requestMethod"]; + } + + if (!requestURL) { + requestURL = parse(restAPIRequestDetails)["requestURL"]; } + + if (!requestPayload) { + requestPayload = parse(restAPIRequestDetails)["requestPayload"]; + } + + var restAPIEndpoint = devicemgtProps["httpsURL"] + requestURL; + try { - switch (method) { - case constants.HTTP_GET: - var responseData = serviceInvokers.XMLHttp.get( - targetURL, function (responsePayload) { - response.status = 200; - response.content = responsePayload; - }, - function (responsePayload) { - response.status = responsePayload.status; - response.content = responsePayload.responseText; - }, - contentType, - acceptType); + switch (requestMethod) { + case constants["HTTP_GET"]: + serviceInvokers.XMLHttp.get( + restAPIEndpoint, + function (restAPIResponse) { + response["status"] = restAPIResponse["status"]; + if (restAPIResponse["responseText"]) { + response["content"] = restAPIResponse["responseText"]; + } + } + ); break; - case constants.HTTP_POST: - var responseData = serviceInvokers.XMLHttp.post( - targetURL, payload, function (responsePayload) { - response.status = 200; - response.content = responsePayload; - }, - function (responsePayload) { - response.status = responsePayload.status; - response.content = responsePayload.responseText; - }, - contentType, - acceptType); + case constants["HTTP_POST"]: + serviceInvokers.XMLHttp.post( + restAPIEndpoint, + requestPayload, + function (restAPIResponse) { + response["status"] = restAPIResponse["status"]; + if (restAPIResponse["responseText"]) { + response["content"] = restAPIResponse["responseText"]; + } + } + ); break; - case constants.HTTP_PUT: - var responseData = serviceInvokers.XMLHttp.put( - targetURL, payload, function (responsePayload) { - response.status = 200; - response.content = responsePayload; - }, - function (responsePayload) { - response.status = responsePayload.status; - response.content = responsePayload.responseText; - }, - contentType, - acceptType); + case constants["HTTP_PUT"]: + serviceInvokers.XMLHttp.put( + restAPIEndpoint, + requestPayload, + function (restAPIResponse) { + response["status"] = restAPIResponse["status"]; + if (restAPIResponse["responseText"]) { + response["content"] = restAPIResponse["responseText"]; + } + } + ); break; - case constants.HTTP_DELETE: - var responseData = serviceInvokers.XMLHttp.delete( - targetURL, function (responsePayload) { - response.status = 200; - response.content = responsePayload; - }, - function (responsePayload) { - response.status = responsePayload.status; - response.content = responsePayload.responseText; - }, - contentType, - acceptType); + case constants["HTTP_DELETE"]: + serviceInvokers.XMLHttp.delete( + restAPIEndpoint, + function (restAPIResponse) { + response["status"] = restAPIResponse["status"]; + if (restAPIResponse["responseText"]) { + response["content"] = restAPIResponse["responseText"]; + } + } + ); break; } } catch (e) { - log.error("Exception occurred while accessing sevices", e); + log.error("Exception occurred while trying to access backend " + + "REST API services from Jaggery API invoker layer", e); } } - -function getTargetUrl(serverUrl, actionUrl){ - if(actionUrl == undefined || actionUrl.lastIndexOf("http", 0) === 0){ - return actionUrl; - } else { - return serverUrl + actionUrl; - } -} - %> diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/operation-api.jag b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/operation-api.jag new file mode 100644 index 0000000000..797eac1bd1 --- /dev/null +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/operation-api.jag @@ -0,0 +1,60 @@ +<% +/* + * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +var uri = request.getRequestURI(); +var uriMatcher = new URIMatcher(String(uri)); + +var log = new Log("api/operation-api.jag"); + +var serviceInvokers = require("/app/modules/backend-service-invoker.js")["backendServiceInvoker"]; +var devicemgtProps = require('/app/conf/devicemgt-props.js').config(); + +if (uriMatcher.match("/{context}/api/operation/paginate")) { + var deviceType = request.getParameter("deviceType"); + var deviceId = request.getParameter("deviceId"); + var index = request.getParameter("start"); + var length = request.getParameter("length"); + var search = request.getParameter("search[value]"); + + var restAPIEndpoint = devicemgtProps["httpsURL"] + devicemgtProps["backendRestEndpoints"]["deviceMgt"] + "/devices/" + + deviceType + "/" + deviceId + "/operations?offset=" + index + "&limit=" + length; + + serviceInvokers.XMLHttp.get( + restAPIEndpoint, + function (restAPIResponse) { + if (restAPIResponse["status"] == 200 && restAPIResponse["responseText"]) { + var responsePayload = parse(restAPIResponse["responseText"]); + + var paginatedResult = {}; + paginatedResult["recordsTotal"] = responsePayload["count"]; + paginatedResult["recordsFiltered"] = responsePayload["count"]; + paginatedResult["data"] = responsePayload["operations"]; + + response["status"] = 200; + response["content"] = paginatedResult; + } else { + response["status"] = restAPIResponse["status"]; + if (restAPIResponse["responseText"]) { + response["content"] = parse(restAPIResponse["responseText"]); + } + } + } + ); +} +%> \ No newline at end of file diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/policy-api.jag b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/policy-api.jag new file mode 100644 index 0000000000..d2a2630be7 --- /dev/null +++ b/components/device-mgt/org.wso2.carbon.device.mgt.ui/src/main/resources/jaggeryapps/devicemgt/api/policy-api.jag @@ -0,0 +1,52 @@ +<% +/* + * Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + * + * WSO2 Inc. licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +/* + @Deprecated + */ + +var uri = request.getRequestURI(); +var uriMatcher = new URIMatcher(String(uri)); + +var log = new Log("api/policy-api.jag"); + +var constants = require("/modules/constants.js"); +var policyModule = require("/modules/policy.js").policyModule; + +var result; +if (uriMatcher.match("/{context}/api/policies/update")) { + payload = request.getContent(); + policyModule.updatePolicyPriorities(payload); +} else if (uriMatcher.match("/{context}/api/policies/{id}/delete")) { + elements = uriMatcher.elements(); + policyId = elements.id; + try { + result = policyModule.deletePolicy(policyId); + } catch (e) { + log.error("Exception occurred while trying to delete policy for id:" + policyId, e); + // http status code 500 refers to - Internal Server Error. + result = 500; + } +} + +// returning the result. +if (result) { + response.content = result; +} +%> \ No newline at end of file From 90910518d653c3589ef7d66c64ed6cb2bcdcff6f Mon Sep 17 00:00:00 2001 From: Timo Briddigkeit Date: Fri, 15 Jul 2016 09:26:27 +0200 Subject: [PATCH 5/5] Fixed null pointer dereferences --- .../jaxrs/service/impl/PolicyManagementServiceImpl.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/PolicyManagementServiceImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/PolicyManagementServiceImpl.java index 455dc0f9ea..487cdc1517 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/PolicyManagementServiceImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.api/src/main/java/org/wso2/carbon/device/mgt/jaxrs/service/impl/PolicyManagementServiceImpl.java @@ -28,18 +28,18 @@ import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorization import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService; import org.wso2.carbon.device.mgt.core.internal.DeviceManagementDataHolder; import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse; +import org.wso2.carbon.device.mgt.jaxrs.beans.PolicyList; import org.wso2.carbon.device.mgt.jaxrs.beans.PolicyWrapper; +import org.wso2.carbon.device.mgt.jaxrs.beans.PriorityUpdatedPolicyWrapper; import org.wso2.carbon.device.mgt.jaxrs.service.api.PolicyManagementService; -import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.*; -import org.wso2.carbon.device.mgt.jaxrs.beans.PolicyList; import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.FilteringUtil; +import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil; import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils; import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtUtil; import org.wso2.carbon.policy.mgt.common.Policy; import org.wso2.carbon.policy.mgt.common.PolicyAdministratorPoint; import org.wso2.carbon.policy.mgt.common.PolicyManagementException; import org.wso2.carbon.policy.mgt.core.PolicyManagerService; -import org.wso2.carbon.device.mgt.jaxrs.beans.PriorityUpdatedPolicyWrapper; import javax.ws.rs.*; import javax.ws.rs.core.MediaType; @@ -122,7 +122,7 @@ public class PolicyManagementServiceImpl implements PolicyManagementService { policy.setUsers(policyWrapper.getUsers()); policy.setCompliance(policyWrapper.getCompliance()); //TODO iterates the device identifiers to create the object. need to implement a proper DAO layer here. - List devices = null; + List devices = new ArrayList(); List deviceIdentifiers = policyWrapper.getDeviceIdentifiers(); if (deviceIdentifiers != null) { for (DeviceIdentifier id : deviceIdentifiers) {