adding security fixes

revert-dabc3590
hasuniea 9 years ago
parent defa494626
commit 4562b4d318

@ -192,7 +192,7 @@
<artifactId>smackx</artifactId>
</dependency>
<dependency>
<groupId>commons-codec.wso2</groupId>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
</dependency>
</dependencies>

@ -125,7 +125,7 @@
</dependency>
<dependency>
<groupId>commons-codec.wso2</groupId>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
</dependency>

@ -134,7 +134,7 @@
</dependency>
<dependency>
<groupId>commons-codec.wso2</groupId>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
</dependency>

@ -69,7 +69,7 @@
<scope>provided</scope>
<exclusions>
<exclusion>
<groupId>commons-codec.wso2</groupId>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
</exclusion>
</exclusions>
@ -208,7 +208,7 @@
</dependency>
<dependency>
<groupId>commons-codec.wso2</groupId>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
</dependency>

@ -98,7 +98,7 @@
<dependencies>
<dependency>
<groupId>commons-codec.wso2</groupId>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
</dependency>
<dependency>

@ -57,7 +57,7 @@
<scope>provided</scope>
<exclusions>
<exclusion>
<groupId>commons-codec.wso2</groupId>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
</exclusion>
</exclusions>
@ -171,7 +171,7 @@
</dependency>
<dependency>
<groupId>commons-codec.wso2</groupId>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
</dependency>
</dependencies>

@ -23,7 +23,6 @@ import io.swagger.annotations.ApiModelProperty;
import org.wso2.carbon.device.mgt.common.configuration.mgt.ConfigurationEntry;
import javax.validation.constraints.NotNull;
import javax.validation.constraints.Pattern;
import javax.validation.constraints.Size;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
@ -52,7 +51,6 @@ public class AndroidPlatformConfiguration implements Serializable {
)
@NotNull
@Size(min = 2, max = 10)
@Pattern(regexp = "^[A-Za-z0-9]*$")
private String type;
@ApiModelProperty(
name = "configuration",

@ -21,7 +21,6 @@ package org.wso2.carbon.mdm.services.android.bean.wrapper;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import javax.validation.constraints.Pattern;
import javax.validation.constraints.Size;
/**
@ -33,7 +32,6 @@ public class EventBeanWrapper {
@ApiModelProperty(name = "deviceIdentifier", value = "DeviceIdentifier to be need to retrieve/publish Event.", required = true)
@Size(min = 2, max = 45)
@Pattern(regexp = "^[A-Za-z0-9]*$")
private String deviceIdentifier;
@ApiModelProperty(name = "payload", value = "Event payload.", required = true)
private String payload;

@ -50,15 +50,18 @@ public class GlobalThrowableMapper implements ExceptionMapper {
if (e instanceof JsonParseException) {
String errorMessage = "Malformed request body.";
log.error(errorMessage);
if (log.isDebugEnabled()) {
log.error(errorMessage, e);
}
return AndroidDeviceUtils.buildBadRequestException(errorMessage).getResponse();
}
if (e instanceof NotFoundException) {
return ((NotFoundException) e).getResponse();
}
if (e instanceof UnexpectedServerErrorException) {
log.error("Unexpected server error", e);
if (log.isDebugEnabled()) {
log.error("Unexpected server error", e);
}
return ((UnexpectedServerErrorException) e).getResponse();
}
if (e instanceof ConstraintViolationException) {
@ -76,7 +79,9 @@ public class GlobalThrowableMapper implements ExceptionMapper {
.build();
}
if (e instanceof ClientErrorException) {
log.error("Client error", e);
if (log.isDebugEnabled()) {
log.error("Client error", e);
}
return ((ClientErrorException) e).getResponse();
}
if (e instanceof AuthenticationException) {
@ -91,11 +96,15 @@ public class GlobalThrowableMapper implements ExceptionMapper {
.build();
}
if (e instanceof ForbiddenException) {
log.error("Resource forbidden", e);
if (log.isDebugEnabled()) {
log.error("Resource forbidden", e);
}
return ((ForbiddenException) e).getResponse();
}
//unknown exception log and return
log.error("An Unknown exception has been captured by global exception mapper.", e);
if (log.isDebugEnabled()) {
log.error("An Unknown exception has been captured by global exception mapper.", e);
}
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).header("Content-Type", "application/json")
.entity(e500).build();
}

@ -23,7 +23,6 @@ import org.wso2.carbon.mdm.services.android.bean.DeviceState;
import org.wso2.carbon.mdm.services.android.bean.wrapper.EventBeanWrapper;
import javax.validation.Valid;
import javax.validation.constraints.Pattern;
import javax.validation.constraints.Size;
import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
@ -141,7 +140,6 @@ public interface EventReceiverService {
value = "Device Identifier to be need to retrieve events.",
required = true)
@Size(min = 2, max = 45)
@Pattern(regexp = "^[A-Za-z0-9]*$")
@QueryParam("id") String deviceId,
@ApiParam(
name = "from",
@ -155,7 +153,6 @@ public interface EventReceiverService {
name = "type",
value = "Type of the Alert to be need to retrieve events.")
@Size(min = 2, max = 45)
@Pattern(regexp = "^[A-Za-z0-9]*$")
@QueryParam("type") String type,
@ApiParam(
name = "If-Modified-Since",

@ -33,7 +33,6 @@ import org.wso2.carbon.mdm.services.android.util.AndroidAPIUtils;
import org.wso2.carbon.mdm.services.android.util.Message;
import javax.validation.Valid;
import javax.validation.constraints.Pattern;
import javax.validation.constraints.Size;
import javax.ws.rs.*;
import javax.ws.rs.core.Response;
@ -78,11 +77,10 @@ public class EventReceiverServiceImpl implements EventReceiverService {
@Override
public Response retrieveAlerts(@QueryParam("id")
@Size(min = 2, max = 45)
@Pattern(regexp = "^[A-Za-z0-9]*$") String deviceId,
String deviceId,
@QueryParam("from") long from,
@QueryParam("to") long to,
@Size(min = 2, max = 45)
@Pattern(regexp = "^[A-Za-z0-9]*$")
@QueryParam("type") String type,
@HeaderParam("If-Modified-Since") String ifModifiedSince) {

@ -230,7 +230,7 @@
<artifactId>core</artifactId>
</dependency>
<dependency>
<groupId>commons-codec.wso2</groupId>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
</dependency>
<dependency>

@ -215,7 +215,6 @@ public class CertificateEnrollmentServiceImpl implements CertificateEnrollmentSe
private String prepareWapProvisioningXML(String binarySecurityToken, String wapProvisioningFilePath,
String headerBst) throws CertificateGenerationException,
WAPProvisioningException, WindowsDeviceEnrolmentException {
String rootCertEncodedString;
String signedCertEncodedString;
X509Certificate signedCertificate;
@ -225,11 +224,11 @@ public class CertificateEnrollmentServiceImpl implements CertificateEnrollmentSe
Base64 base64Encoder = new Base64();
try {
rootCACertificate = (X509Certificate) certMgtServiceImpl.getCACertificate();
rootCertEncodedString = base64Encoder.encodeToString(rootCACertificate.getEncoded());
rootCertEncodedString = base64Encoder.encodeAsString(rootCACertificate.getEncoded());
signedCertificate = certMgtServiceImpl.getSignedCertificateFromCSR(binarySecurityToken);
signedCertEncodedString = base64Encoder.encodeToString(signedCertificate.getEncoded());
signedCertEncodedString = base64Encoder.encodeAsString(signedCertificate.getEncoded());
DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance();
DocumentBuilder builder;
@ -242,7 +241,7 @@ public class CertificateEnrollmentServiceImpl implements CertificateEnrollmentSe
//Adding SHA1 CA certificate finger print to wap-provisioning xml.
caCertificatePosition.getParentNode().getAttributes().getNamedItem(PluginConstants.
CertificateEnrolment.TYPE).setTextContent(String.valueOf(
DigestUtils.sha256Hex(rootCACertificate.getEncoded())).toUpperCase());
DigestUtils.sha1Hex(rootCACertificate.getEncoded())).toUpperCase());
//Adding encoded CA certificate to wap-provisioning file after removing new line
// characters.
NamedNodeMap rootCertAttributes = caCertificatePosition.getAttributes();
@ -261,7 +260,7 @@ public class CertificateEnrollmentServiceImpl implements CertificateEnrollmentSe
//Adding SHA1 signed certificate finger print to wap-provisioning xml.
signedCertificatePosition.getParentNode().getAttributes().getNamedItem(PluginConstants.
CertificateEnrolment.TYPE).setTextContent(String.valueOf(
DigestUtils.sha256Hex(signedCertificate.getEncoded())).toUpperCase());
DigestUtils.sha1Hex(signedCertificate.getEncoded())).toUpperCase());
//Adding encoded signed certificate to wap-provisioning file after removing new line
// characters.
@ -326,7 +325,7 @@ public class CertificateEnrollmentServiceImpl implements CertificateEnrollmentSe
} catch (KeystoreException e) {
throw new CertificateGenerationException("CA certificate cannot be generated.", e);
}
return base64Encoder.encodeToString(provisioningXmlString.getBytes());
return base64Encoder.encodeAsString(provisioningXmlString.getBytes());
}
/**

@ -331,7 +331,7 @@
<version>${carbon.analytics.common.version}</version>
<exclusions>
<exclusion>
<groupId>commons-codec</groupId>
<groupId>commons-codec.wso2</groupId>
<artifactId>commons-codec</artifactId>
</exclusion>
</exclusions>
@ -859,10 +859,15 @@
<artifactId>commons-httpclient</artifactId>
<version>${orbit.version.commons-httpclient}</version>
</dependency>
<!--<dependency>-->
<!--<groupId>commons-codec.wso2</groupId>-->
<!--<artifactId>commons-codec</artifactId>-->
<!--<version>${commons-codec.wso2.version}</version>-->
<!--</dependency>-->
<dependency>
<groupId>commons-codec.wso2</groupId>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>${commons-codec.wso2.version}</version>
<version>${commons-codec.version}</version>
</dependency>
<dependency>
<groupId>org.codehaus.jackson</groupId>
@ -1169,7 +1174,8 @@
<gcm.server.version>1.0.2</gcm.server.version>
<orbit.version.commons-httpclient>3.1.0.wso2v2</orbit.version.commons-httpclient>
<commons-codec.wso2.version>1.4.0.wso2v1</commons-codec.wso2.version>
<!--<commons-codec.wso2.version>1.4.0.wso2v1</commons-codec.wso2.version>-->
<commons-codec.version>1.7</commons-codec.version>
<javaee-web-api.version>6.0</javaee-web-api.version>

Loading…
Cancel
Save