mirror of
https://repository.entgra.net/community/device-mgt-core.git
synced 2025-10-06 02:01:45 +00:00
Merge pull request #316 from xenobyte/master
Fixed predictable pseudorandom number generator
This commit is contained in:
Prabath Abeysekara
GitHub
commit
fbb09a7f58
@ -20,6 +20,7 @@ package org.wso2.carbon.apimgt.webapp.publisher;
|
||||
|
||||
import org.w3c.dom.Document;
|
||||
|
||||
import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import java.io.File;
|
||||
@ -34,6 +35,7 @@ public class WebappPublisherUtil {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
factory.setNamespaceAware(true);
|
||||
try {
|
||||
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
|
||||
DocumentBuilder docBuilder = factory.newDocumentBuilder();
|
||||
return docBuilder.parse(file);
|
||||
} catch (Exception e) {
|
||||
|
||||
@ -28,28 +28,25 @@ import org.wso2.carbon.certificate.mgt.core.dao.CertificateManagementDAOUtil;
|
||||
import org.wso2.carbon.certificate.mgt.core.exception.CertificateManagementException;
|
||||
|
||||
import javax.sql.DataSource;
|
||||
import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.File;
|
||||
import java.io.ObjectOutputStream;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.Hashtable;
|
||||
import java.util.List;
|
||||
|
||||
public class CertificateManagerUtil {
|
||||
|
||||
private static final Log log = LogFactory.getLog(CertificateManagerUtil.class);
|
||||
|
||||
public static final String GENERAL_CONFIG_RESOURCE_PATH = "general";
|
||||
public static final String MONITORING_FREQUENCY = "notifierFrequency";
|
||||
private static final Log log = LogFactory.getLog(CertificateManagerUtil.class);
|
||||
|
||||
public static Document convertToDocument(File file) throws CertificateManagementException {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
factory.setNamespaceAware(true);
|
||||
try {
|
||||
DocumentBuilder docBuilder = factory.newDocumentBuilder();
|
||||
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
|
||||
return docBuilder.parse(file);
|
||||
} catch (Exception e) {
|
||||
throw new CertificateManagementException("Error occurred while parsing file, while converting " +
|
||||
|
||||
@ -21,6 +21,8 @@ import org.w3c.dom.Document;
|
||||
import org.w3c.dom.NodeList;
|
||||
import org.wso2.carbon.certificate.mgt.core.exception.KeystoreException;
|
||||
import org.xml.sax.SAXException;
|
||||
|
||||
import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.parsers.ParserConfigurationException;
|
||||
@ -48,22 +50,19 @@ public class ConfigurationUtil {
|
||||
public static final String POST_BODY_CA_CAPS = "POSTPKIOperation\nSHA-1\nDES3\n";
|
||||
public static final String DES_EDE = "DESede";
|
||||
public static final String CONF_LOCATION = "conf.location";
|
||||
private static final String CARBON_HOME = "carbon.home";
|
||||
private static final String CERTIFICATE_CONFIG_XML = "certificate-config.xml";
|
||||
private static final String CARBON_HOME_ENTRY = "${carbon.home}";
|
||||
public static final String DEFAULT_PRINCIPAL = "O=WSO2, OU=Mobile, C=LK";
|
||||
public static final String RSA_PRIVATE_KEY_BEGIN_TEXT = "-----BEGIN RSA PRIVATE KEY-----\n";
|
||||
public static final String RSA_PRIVATE_KEY_END_TEXT = "-----END RSA PRIVATE KEY-----";
|
||||
public static final String EMPTY_TEXT = "";
|
||||
public static final int RSA_KEY_LENGTH = 1024;
|
||||
public static final long MILLI_SECONDS = 1000L * 60 * 60 * 24;
|
||||
|
||||
|
||||
private static ConfigurationUtil configurationUtil;
|
||||
private static final String CARBON_HOME = "carbon.home";
|
||||
private static final String CERTIFICATE_CONFIG_XML = "certificate-config.xml";
|
||||
private static final String CARBON_HOME_ENTRY = "${carbon.home}";
|
||||
private static final String[] certificateConfigEntryNames = { CA_CERT_ALIAS, RA_CERT_ALIAS,
|
||||
CERTIFICATE_KEYSTORE, PATH_CERTIFICATE_KEYSTORE, CERTIFICATE_KEYSTORE_PASSWORD,
|
||||
KEYSTORE_CA_CERT_PRIV_PASSWORD, KEYSTORE_RA_CERT_PRIV_PASSWORD };
|
||||
|
||||
private static ConfigurationUtil configurationUtil;
|
||||
private static Map<String, String> configMap;
|
||||
|
||||
private static Map<String, String> readCertificateConfigurations() throws KeystoreException {
|
||||
@ -79,6 +78,7 @@ public class ConfigurationUtil {
|
||||
try {
|
||||
File fXmlFile = new File(certConfLocation);
|
||||
DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
|
||||
documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
|
||||
DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
|
||||
document = documentBuilder.parse(fXmlFile);
|
||||
} catch (ParserConfigurationException e) {
|
||||
|
||||
@ -21,6 +21,7 @@ package org.wso2.carbon.device.mgt.analytics.data.publisher;
|
||||
import org.w3c.dom.Document;
|
||||
import org.wso2.carbon.device.mgt.analytics.data.publisher.exception.DataPublisherConfigurationException;
|
||||
|
||||
import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import java.io.File;
|
||||
@ -32,6 +33,7 @@ public class DataPublisherUtil {
|
||||
factory.setNamespaceAware(true);
|
||||
try {
|
||||
DocumentBuilder docBuilder = factory.newDocumentBuilder();
|
||||
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
|
||||
return docBuilder.parse(file);
|
||||
} catch (Exception e) {
|
||||
throw new DataPublisherConfigurationException("Error occurred while parsing file, while converting " +
|
||||
|
||||
@ -28,18 +28,18 @@ import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorization
|
||||
import org.wso2.carbon.device.mgt.common.authorization.DeviceAccessAuthorizationService;
|
||||
import org.wso2.carbon.device.mgt.core.internal.DeviceManagementDataHolder;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.ErrorResponse;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.PolicyWrapper;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.service.api.PolicyManagementService;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.*;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.PolicyList;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.PolicyWrapper;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.PriorityUpdatedPolicyWrapper;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.service.api.PolicyManagementService;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.FilteringUtil;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.service.impl.util.RequestValidationUtil;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtAPIUtils;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.util.DeviceMgtUtil;
|
||||
import org.wso2.carbon.policy.mgt.common.Policy;
|
||||
import org.wso2.carbon.policy.mgt.common.PolicyAdministratorPoint;
|
||||
import org.wso2.carbon.policy.mgt.common.PolicyManagementException;
|
||||
import org.wso2.carbon.policy.mgt.core.PolicyManagerService;
|
||||
import org.wso2.carbon.device.mgt.jaxrs.beans.PriorityUpdatedPolicyWrapper;
|
||||
|
||||
import javax.ws.rs.*;
|
||||
import javax.ws.rs.core.MediaType;
|
||||
@ -122,7 +122,7 @@ public class PolicyManagementServiceImpl implements PolicyManagementService {
|
||||
policy.setUsers(policyWrapper.getUsers());
|
||||
policy.setCompliance(policyWrapper.getCompliance());
|
||||
//TODO iterates the device identifiers to create the object. need to implement a proper DAO layer here.
|
||||
List<Device> devices = null;
|
||||
List<Device> devices = new ArrayList<Device>();
|
||||
List<DeviceIdentifier> deviceIdentifiers = policyWrapper.getDeviceIdentifiers();
|
||||
if (deviceIdentifiers != null) {
|
||||
for (DeviceIdentifier id : deviceIdentifiers) {
|
||||
|
||||
@ -37,6 +37,7 @@ import javax.ws.rs.core.MediaType;
|
||||
import javax.ws.rs.core.Response;
|
||||
import java.net.URI;
|
||||
import java.net.URISyntaxException;
|
||||
import java.security.SecureRandom;
|
||||
import java.util.*;
|
||||
|
||||
@Path("/users")
|
||||
@ -395,7 +396,7 @@ public class UserManagementServiceImpl implements UserManagementService {
|
||||
String lowerCaseCharset = "abcdefghijklmnopqrstuvwxyz";
|
||||
String upperCaseCharset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
|
||||
String numericCharset = "0123456789";
|
||||
Random randomGenerator = new Random();
|
||||
SecureRandom randomGenerator = new SecureRandom();
|
||||
String totalCharset = lowerCaseCharset + upperCaseCharset + numericCharset;
|
||||
int totalCharsetLength = totalCharset.length();
|
||||
StringBuilder initialUserPassword = new StringBuilder();
|
||||
|
||||
@ -20,7 +20,6 @@ package org.wso2.carbon.device.mgt.core.permission.mgt;
|
||||
|
||||
import org.w3c.dom.Document;
|
||||
import org.wso2.carbon.context.PrivilegedCarbonContext;
|
||||
import org.wso2.carbon.device.mgt.common.DeviceManagementException;
|
||||
import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
|
||||
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
|
||||
import org.wso2.carbon.device.mgt.core.internal.DeviceManagementDataHolder;
|
||||
@ -28,6 +27,7 @@ import org.wso2.carbon.registry.api.RegistryException;
|
||||
import org.wso2.carbon.registry.api.Resource;
|
||||
import org.wso2.carbon.registry.core.Registry;
|
||||
|
||||
import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import java.io.File;
|
||||
@ -123,6 +123,7 @@ public class PermissionUtils {
|
||||
factory.setNamespaceAware(true);
|
||||
try {
|
||||
DocumentBuilder docBuilder = factory.newDocumentBuilder();
|
||||
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
|
||||
return docBuilder.parse(file);
|
||||
} catch (Exception e) {
|
||||
throw new PermissionManagementException("Error occurred while parsing file, while converting " +
|
||||
|
||||
@ -21,8 +21,8 @@ package org.wso2.carbon.device.mgt.core.search.mgt;
|
||||
|
||||
public class Constants {
|
||||
|
||||
public static String GENERAL = "GENERAL";
|
||||
public static String PROP_AND = "PROP_AND";
|
||||
public static String PROP_OR = "PROP_OR";
|
||||
public static String LOCATION = "LOCATION";
|
||||
public static final String GENERAL = "GENERAL";
|
||||
public static final String PROP_AND = "PROP_AND";
|
||||
public static final String PROP_OR = "PROP_OR";
|
||||
public static final String LOCATION = "LOCATION";
|
||||
}
|
||||
|
||||
@ -21,7 +21,6 @@ import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.w3c.dom.Document;
|
||||
import org.wso2.carbon.base.MultitenantConstants;
|
||||
import org.wso2.carbon.context.PrivilegedCarbonContext;
|
||||
import org.wso2.carbon.device.mgt.common.Device;
|
||||
import org.wso2.carbon.device.mgt.common.DeviceIdentifier;
|
||||
import org.wso2.carbon.device.mgt.common.DeviceManagementException;
|
||||
@ -41,14 +40,11 @@ import org.wso2.carbon.utils.ConfigurationContextService;
|
||||
import org.wso2.carbon.utils.NetworkUtils;
|
||||
|
||||
import javax.sql.DataSource;
|
||||
import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import java.io.File;
|
||||
import java.util.*;
|
||||
import java.util.HashMap;
|
||||
import java.util.Hashtable;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
|
||||
public final class DeviceManagerUtil {
|
||||
@ -60,6 +56,7 @@ public final class DeviceManagerUtil {
|
||||
factory.setNamespaceAware(true);
|
||||
try {
|
||||
DocumentBuilder docBuilder = factory.newDocumentBuilder();
|
||||
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
|
||||
return docBuilder.parse(file);
|
||||
} catch (Exception e) {
|
||||
throw new DeviceManagementException("Error occurred while parsing file, while converting " +
|
||||
|
||||
@ -27,13 +27,13 @@ import java.util.Properties;
|
||||
|
||||
public class TestDataHolder {
|
||||
|
||||
public final static String TEST_DEVICE_TYPE = "Test";
|
||||
public final static Integer SUPER_TENANT_ID = -1234;
|
||||
public final static String SUPER_TENANT_DOMAIN = "carbon.super";
|
||||
public final static String initialDeviceIdentifier = "12345";
|
||||
public final static String OWNER = "admin";
|
||||
public static Device initialTestDevice;
|
||||
public static DeviceType initialTestDeviceType;
|
||||
public static String TEST_DEVICE_TYPE = "Test";
|
||||
public static Integer SUPER_TENANT_ID = -1234;
|
||||
public static String SUPER_TENANT_DOMAIN="carbon.super";
|
||||
public static String initialDeviceIdentifier = "12345";
|
||||
public static String OWNER = "admin";
|
||||
|
||||
public static Device generateDummyDeviceData(String deviceType){
|
||||
|
||||
|
||||
@ -19,11 +19,8 @@
|
||||
package org.wso2.carbon.email.sender.core;
|
||||
|
||||
import org.w3c.dom.Document;
|
||||
import org.wso2.carbon.email.sender.core.internal.EmailSenderDataHolder;
|
||||
import org.wso2.carbon.utils.CarbonUtils;
|
||||
import org.wso2.carbon.utils.ConfigurationContextService;
|
||||
import org.wso2.carbon.utils.NetworkUtils;
|
||||
|
||||
import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import java.io.File;
|
||||
@ -35,6 +32,7 @@ public class EmailSenderUtil {
|
||||
factory.setNamespaceAware(true);
|
||||
try {
|
||||
DocumentBuilder docBuilder = factory.newDocumentBuilder();
|
||||
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
|
||||
return docBuilder.parse(file);
|
||||
} catch (Exception e) {
|
||||
throw new EmailSenderConfigurationFailedException("Error occurred while parsing file, while converting " +
|
||||
|
||||
@ -24,6 +24,6 @@ public class OauthAuthenticatorConstants {
|
||||
public static final String BEARER_TOKEN_IDENTIFIER = "token";
|
||||
public static final String AUTHENTICATOR_NAME = "OAuthAuthenticator";
|
||||
public static final String SPLITING_CHARACTOR = " ";
|
||||
public static String OAUTH_ENDPOINT_POSTFIX =
|
||||
public static final String OAUTH_ENDPOINT_POSTFIX =
|
||||
"/services/OAuth2TokenValidationService.OAuth2TokenValidationServiceHttpsSoap12Endpoint/";
|
||||
}
|
||||
|
||||
@ -36,11 +36,11 @@ import org.apache.http.util.EntityUtils;
|
||||
import org.wso2.carbon.base.MultitenantConstants;
|
||||
import org.wso2.carbon.context.PrivilegedCarbonContext;
|
||||
import org.wso2.carbon.core.util.KeyStoreManager;
|
||||
import org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService;
|
||||
import org.wso2.carbon.identity.jwt.client.extension.dto.JWTConfig;
|
||||
import org.wso2.carbon.identity.jwt.client.extension.exception.JWTClientConfigurationException;
|
||||
import org.wso2.carbon.identity.jwt.client.extension.exception.JWTClientException;
|
||||
import org.wso2.carbon.identity.jwt.client.extension.internal.JWTClientExtensionDataHolder;
|
||||
import org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService;
|
||||
import org.wso2.carbon.registry.core.Registry;
|
||||
import org.wso2.carbon.registry.core.Resource;
|
||||
import org.wso2.carbon.registry.core.exceptions.RegistryException;
|
||||
@ -48,24 +48,15 @@ import org.wso2.carbon.registry.core.service.RegistryService;
|
||||
import org.wso2.carbon.registry.core.service.TenantRegistryLoader;
|
||||
import org.wso2.carbon.utils.CarbonUtils;
|
||||
|
||||
import java.io.BufferedReader;
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.InputStreamReader;
|
||||
import java.io.*;
|
||||
import java.net.URI;
|
||||
import java.net.URL;
|
||||
import java.security.KeyManagementException;
|
||||
import java.security.KeyStore;
|
||||
import java.security.KeyStoreException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.UnrecoverableKeyException;
|
||||
import java.security.*;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.security.interfaces.RSAPrivateKey;
|
||||
import java.util.Date;
|
||||
import java.util.List;
|
||||
import java.util.Properties;
|
||||
import java.util.Random;
|
||||
|
||||
/**
|
||||
* This is the utility class that is used for JWT Client.
|
||||
@ -210,7 +201,7 @@ public class JWTClientUtil {
|
||||
long nbf = currentTimeMillis + jwtConfig.getValidityPeriodFromCurrentTime() * 60 * 1000;
|
||||
String jti = jwtConfig.getJti();
|
||||
if (jti == null) {
|
||||
String defaultTokenId = currentTimeMillis + "" + new Random().nextInt();
|
||||
String defaultTokenId = currentTimeMillis + "" + new SecureRandom().nextInt();
|
||||
jti = defaultTokenId;
|
||||
}
|
||||
List<String> aud = jwtConfig.getAudiences();
|
||||
|
||||
@ -44,6 +44,7 @@ import javax.cache.Cache;
|
||||
import javax.cache.CacheManager;
|
||||
import javax.cache.Caching;
|
||||
import javax.sql.DataSource;
|
||||
import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import java.io.ByteArrayOutputStream;
|
||||
@ -53,17 +54,16 @@ import java.util.*;
|
||||
|
||||
public class PolicyManagerUtil {
|
||||
|
||||
private static final Log log = LogFactory.getLog(PolicyManagerUtil.class);
|
||||
|
||||
public static final String GENERAL_CONFIG_RESOURCE_PATH = "general";
|
||||
public static final String MONITORING_FREQUENCY = "notifierFrequency";
|
||||
|
||||
private static final Log log = LogFactory.getLog(PolicyManagerUtil.class);
|
||||
|
||||
public static Document convertToDocument(File file) throws PolicyManagementException {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
factory.setNamespaceAware(true);
|
||||
try {
|
||||
DocumentBuilder docBuilder = factory.newDocumentBuilder();
|
||||
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
|
||||
return docBuilder.parse(file);
|
||||
} catch (Exception e) {
|
||||
throw new PolicyManagementException("Error occurred while parsing file, while converting " +
|
||||
@ -153,11 +153,7 @@ public class PolicyManagerUtil {
|
||||
|
||||
public static boolean convertIntToBoolean(int x) {
|
||||
|
||||
if (x == 1) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
return x == 1;
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -31,6 +31,7 @@ import org.wso2.carbon.context.PrivilegedCarbonContext;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.Utils.Utils;
|
||||
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import java.io.File;
|
||||
@ -97,6 +98,7 @@ public class AuthenticationFrameworkUtil {
|
||||
factory.setNamespaceAware(true);
|
||||
try {
|
||||
DocumentBuilder docBuilder = factory.newDocumentBuilder();
|
||||
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
|
||||
return docBuilder.parse(file);
|
||||
} catch (Exception e) {
|
||||
throw new AuthenticatorFrameworkException("Error occurred while parsing file, while converting " +
|
||||
|
||||
Loading…
Reference in New Issue
Block a user