JBossWS SVN: r17763 - in stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10807/src: main/java/org/jboss/ws/extensions/security/element and 1 other directories.
7:48 a.m.
Author: mmusaji
Date: 2013-07-05 08:48:02 -0400 (Fri, 05 Jul 2013)
New Revision: 17763
Modified:
stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10807/src/main/java/org/jboss/ws/extensions/security/DecryptionOperation.java
stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10807/src/main/java/org/jboss/ws/extensions/security/EncryptionOperation.java
stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10807/src/main/java/org/jboss/ws/extensions/security/FailedCheckException.java
stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10807/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java
stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10807/src/main/java/org/jboss/ws/extensions/security/WSSecurityException.java
stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10807/src/main/java/org/jboss/ws/extensions/security/element/EncryptedKey.java
stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10807/src/test/java/org/jboss/test/ws/jaxws/jbws1999/JBWS1999TestCase.java
Log:
[JBPAPP-10807] Merged CVE-2011-2487 from JBPAPP-10421
Modified:
stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10807/src/main/java/org/jboss/ws/extensions/security/DecryptionOperation.java
===================================================================
---
stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10807/src/main/java/org/jboss/ws/extensions/security/DecryptionOperation.java 2013-07-05
11:31:41 UTC (rev 17762)
+++
stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10807/src/main/java/org/jboss/ws/extensions/security/DecryptionOperation.java 2013-07-05
12:48:02 UTC (rev 17763)
@@ -116,7 +116,7 @@
}
catch (XMLEncryptionException e)
{
- throw new FailedCheckException("Decryption was invalid.");
+ throw new FailedCheckException(e);
}
catch (Exception e)
{
Modified:
stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10807/src/main/java/org/jboss/ws/extensions/security/EncryptionOperation.java
===================================================================
---
stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10807/src/main/java/org/jboss/ws/extensions/security/EncryptionOperation.java 2013-07-05
11:31:41 UTC (rev 17762)
+++
stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10807/src/main/java/org/jboss/ws/extensions/security/EncryptionOperation.java 2013-07-05
12:48:02 UTC (rev 17763)
@@ -23,6 +23,7 @@
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
+import java.util.HashMap;
import java.util.List;
import javax.crypto.KeyGenerator;
@@ -46,6 +47,43 @@
private SecurityHeader header;
private SecurityStore store;
+
+ private static class Algorithm
+ {
+ Algorithm(String jceName, String xmlName, int size)
+ {
+ this.jceName = jceName;
+ this.xmlName = xmlName;
+ this.size = size;
+ }
+
+ public String jceName;
+ public String xmlName;
+ public int size;
+ }
+
+ private static HashMap<String, Algorithm> algorithms;
+ private static HashMap<String, String> algorithmsID;
+
+ private static final String DEFAULT_ALGORITHM = "aes-128";
+
+ static
+ {
+ algorithms = new HashMap<String, Algorithm>(4);
+ algorithms.put("aes-128", new Algorithm("AES",
XMLCipher.AES_128, 128));
+ algorithms.put("aes-192", new Algorithm("AES",
XMLCipher.AES_192, 192));
+ algorithms.put("aes-256", new Algorithm("AES",
XMLCipher.AES_256, 256));
+ algorithms.put("aes-128-gcm", new Algorithm("AES",
XMLCipher.AES_128_GCM, 128));
+ algorithms.put("aes-192-gcm", new Algorithm("AES",
XMLCipher.AES_192_GCM, 192));
+ algorithms.put("aes-256-gcm", new Algorithm("AES",
XMLCipher.AES_256_GCM, 256));
+ algorithms.put("tripledes", new Algorithm("TripleDes",
XMLCipher.TRIPLEDES, 168));
+
+ algorithmsID = new HashMap<String, String>(4);
+ algorithmsID.put(XMLCipher.AES_128, "aes-128");
+ algorithmsID.put(XMLCipher.AES_192, "aes-192");
+ algorithmsID.put(XMLCipher.AES_256, "aes-256");
+ algorithmsID.put(XMLCipher.TRIPLEDES, "tripledes");
+ }
public EncryptionOperation(SecurityHeader header, SecurityStore store) throws
WSSecurityException
{
@@ -89,6 +127,7 @@
public static SecretKey getSecretKey(String algorithm) throws WSSecurityException
{
+ Algorithm alg = algorithms.get(algorithm);
try
{
KeyGenerator kgen =
KeyGenerator.getInstance(EncryptionAlgorithms.getAlgorithmJceName(algorithm));
@@ -103,8 +142,8 @@
public void process(Document message, List<Target> targets, String alias, String
credential, String algorithm, boolean digest, boolean useNonce, boolean useTimestamp)
throws WSSecurityException
{
- if (! EncryptionAlgorithms.hasAlgorithm(algorithm)) {
- algorithm = EncryptionAlgorithms.DEFAULT_ALGORITHM;
+ if (! algorithms.containsKey(algorithm)) {
+ algorithm = DEFAULT_ALGORITHM;
}
SecretKey secretKey = getSecretKey(algorithm);
Modified:
stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10807/src/main/java/org/jboss/ws/extensions/security/FailedCheckException.java
===================================================================
---
stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10807/src/main/java/org/jboss/ws/extensions/security/FailedCheckException.java 2013-07-05
11:31:41 UTC (rev 17762)
+++
stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10807/src/main/java/org/jboss/ws/extensions/security/FailedCheckException.java 2013-07-05
12:48:02 UTC (rev 17763)
@@ -32,7 +32,7 @@
{
public static final QName faultCode = new QName(Constants.WSSE_NS,
"FailedCheck", Constants.WSSE_PREFIX);
- public static final String faultString = "The signature or decryption was
invlaid.";
+ public static final String faultString = "The signature or decryption was
invalid.";
public FailedCheckException()
{
Modified:
stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10807/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java
===================================================================
---
stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10807/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java 2013-07-05
11:31:41 UTC (rev 17762)
+++
stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10807/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java 2013-07-05
12:48:02 UTC (rev 17763)
@@ -69,6 +69,8 @@
{
// provide logging
private static Logger log = Logger.getLogger(WSSecurityDispatcher.class);
+
+ private static boolean VERBOSE_EXCEPTION_REPORTING =
Boolean.getBoolean("org.jboss.ws.native.security.verbose_exception_reporting");
private static List<Target>
convertTargets(List<org.jboss.ws.metadata.wsse.Target> targets)
{
@@ -112,8 +114,18 @@
private static CommonSOAPFaultException convertToFault(WSSecurityException e)
{
- return new CommonSOAPFaultException(e.getFaultCode(), e.getFaultString());
+ return convertToFault(e, VERBOSE_EXCEPTION_REPORTING);
}
+
+ private static CommonSOAPFaultException convertToFault(WSSecurityException e, boolean
verbose)
+ {
+ if (verbose) {
+ return new CommonSOAPFaultException(e.getFaultCode(), e.getFaultString());
+ } else {
+ QName faultCode = new QName(Constants.JBOSS_WSSE_NS, "GenericError",
Constants.JBOSS_WSSE_PREFIX);
+ return new CommonSOAPFaultException(faultCode, "A WS-Security error
occurred.");
+ }
+ }
public static void handleInbound(CommonMessageContext ctx) throws SOAPException,
SOAPFaultException
{
@@ -152,7 +164,7 @@
if (hasRequirements(config, operation, port))
- throw convertToFault(new InvalidSecurityHeaderException("This service
requires <wsse:Security>, which is missing."));
+ throw convertToFault(new InvalidSecurityHeaderException("This service
requires <wsse:Security>, which is missing."), true);
}
try
Modified:
stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10807/src/main/java/org/jboss/ws/extensions/security/WSSecurityException.java
===================================================================
---
stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10807/src/main/java/org/jboss/ws/extensions/security/WSSecurityException.java 2013-07-05
11:31:41 UTC (rev 17762)
+++
stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10807/src/main/java/org/jboss/ws/extensions/security/WSSecurityException.java 2013-07-05
12:48:02 UTC (rev 17763)
@@ -71,4 +71,9 @@
{
return faultString;
}
+
+ public void setInternal(boolean internal)
+ {
+ this.internal = internal;
+ }
}
Modified:
stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10807/src/main/java/org/jboss/ws/extensions/security/element/EncryptedKey.java
===================================================================
---
stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10807/src/main/java/org/jboss/ws/extensions/security/element/EncryptedKey.java 2013-07-05
11:31:41 UTC (rev 17762)
+++
stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10807/src/main/java/org/jboss/ws/extensions/security/element/EncryptedKey.java 2013-07-05
12:48:02 UTC (rev 17763)
@@ -36,6 +36,8 @@
import org.jboss.ws.extensions.security.KeyResolver;
import org.jboss.ws.extensions.security.Util;
import org.jboss.ws.extensions.security.WSSecurityException;
+import org.jboss.ws.extensions.security.EncryptionOperation;
+import org.jboss.ws.extensions.security.FailedCheckException;
import org.jboss.ws.extensions.security.operation.EncryptionAlgorithms;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -155,7 +157,16 @@
}
catch (XMLSecurityException e)
{
- throw new WSSecurityException("Could not parse encrypted key: " +
e.getMessage(), e);
+ try
+ {
+ this.secretKey = EncryptionOperation.generateSecretKey(alg);
+ }
+ catch (Exception ex)
+ {
+ WSSecurityException exception = new FailedCheckException(e);
+ exception.setInternal(true);
+ throw exception;
+ }
}
this.document = element.getOwnerDocument();
Modified:
stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10807/src/test/java/org/jboss/test/ws/jaxws/jbws1999/JBWS1999TestCase.java
===================================================================
---
stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10807/src/test/java/org/jboss/test/ws/jaxws/jbws1999/JBWS1999TestCase.java 2013-07-05
11:31:41 UTC (rev 17762)
+++
stack/native/branches/jbossws-native-2.0.1.SP2_CP11_JBPAPP-10807/src/test/java/org/jboss/test/ws/jaxws/jbws1999/JBWS1999TestCase.java 2013-07-05
12:48:02 UTC (rev 17763)
@@ -50,7 +50,7 @@
private final String TARGET_ENDPOINT_ADDRESS = "http://" + getServerHost() +
":8080/jaxws-jbws1999";
- private static final String FAULT_CODE = "wsse:FailedAuthentication";
+ private static final String FAULT_CODE = "jboss-wsse:GenericError";
private static final String FAULT_STRING = "The security token could not be
authenticated or authorized.";
@@ -111,8 +111,6 @@
SOAPFault fault = sfe.getFault();
String faultCode = fault.getFaultCode();
assertEquals("Fault Code", FAULT_CODE, faultCode);
- String faultString = fault.getFaultString();
- assertEquals("Fault String", FAULT_STRING, faultString);
}
}
@@ -149,8 +147,6 @@
SOAPFault fault = sfe.getFault();
String faultCode = fault.getFaultCode();
assertEquals("Fault Code", FAULT_CODE, faultCode);
- String faultString = fault.getFaultString();
- assertEquals("Fault Message", FAULT_STRING, faultString);
}
}
@@ -173,8 +169,6 @@
SOAPFault fault = sfe.getFault();
String faultCode = fault.getFaultCode();
assertEquals("Fault Code", FAULT_CODE, faultCode);
- String faultString = fault.getFaultString();
- assertEquals("Fault Message", FAULT_STRING, faultString);
}
}
4187
days inactive
4187
days old
jbossws-commits@lists.jboss.org
0 comments
1 participants
participants (1)
-
jbossws-commits@lists.jboss.org