mirror of
https://repository.entgra.net/community/device-mgt-plugins.git
synced 2025-09-16 23:42:15 +00:00
adding security fixes
This commit is contained in:
hasuniea
parent
defa494626
commit
4562b4d318
@ -192,7 +192,7 @@
|
||||
<artifactId>smackx</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>commons-codec.wso2</groupId>
|
||||
<groupId>commons-codec</groupId>
|
||||
<artifactId>commons-codec</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
@ -125,7 +125,7 @@
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>commons-codec.wso2</groupId>
|
||||
<groupId>commons-codec</groupId>
|
||||
<artifactId>commons-codec</artifactId>
|
||||
</dependency>
|
||||
|
||||
|
||||
@ -134,7 +134,7 @@
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>commons-codec.wso2</groupId>
|
||||
<groupId>commons-codec</groupId>
|
||||
<artifactId>commons-codec</artifactId>
|
||||
</dependency>
|
||||
|
||||
|
||||
@ -69,7 +69,7 @@
|
||||
<scope>provided</scope>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId>commons-codec.wso2</groupId>
|
||||
<groupId>commons-codec</groupId>
|
||||
<artifactId>commons-codec</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
@ -208,7 +208,7 @@
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>commons-codec.wso2</groupId>
|
||||
<groupId>commons-codec</groupId>
|
||||
<artifactId>commons-codec</artifactId>
|
||||
</dependency>
|
||||
|
||||
|
||||
@ -98,7 +98,7 @@
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>commons-codec.wso2</groupId>
|
||||
<groupId>commons-codec</groupId>
|
||||
<artifactId>commons-codec</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
@ -57,7 +57,7 @@
|
||||
<scope>provided</scope>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId>commons-codec.wso2</groupId>
|
||||
<groupId>commons-codec</groupId>
|
||||
<artifactId>commons-codec</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
@ -171,7 +171,7 @@
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>commons-codec.wso2</groupId>
|
||||
<groupId>commons-codec</groupId>
|
||||
<artifactId>commons-codec</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
@ -23,7 +23,6 @@ import io.swagger.annotations.ApiModelProperty;
|
||||
import org.wso2.carbon.device.mgt.common.configuration.mgt.ConfigurationEntry;
|
||||
|
||||
import javax.validation.constraints.NotNull;
|
||||
import javax.validation.constraints.Pattern;
|
||||
import javax.validation.constraints.Size;
|
||||
import javax.xml.bind.annotation.XmlAccessType;
|
||||
import javax.xml.bind.annotation.XmlAccessorType;
|
||||
@ -52,7 +51,6 @@ public class AndroidPlatformConfiguration implements Serializable {
|
||||
)
|
||||
@NotNull
|
||||
@Size(min = 2, max = 10)
|
||||
@Pattern(regexp = "^[A-Za-z0-9]*$")
|
||||
private String type;
|
||||
@ApiModelProperty(
|
||||
name = "configuration",
|
||||
|
||||
@ -21,7 +21,6 @@ package org.wso2.carbon.mdm.services.android.bean.wrapper;
|
||||
import io.swagger.annotations.ApiModel;
|
||||
import io.swagger.annotations.ApiModelProperty;
|
||||
|
||||
import javax.validation.constraints.Pattern;
|
||||
import javax.validation.constraints.Size;
|
||||
|
||||
/**
|
||||
@ -33,7 +32,6 @@ public class EventBeanWrapper {
|
||||
|
||||
@ApiModelProperty(name = "deviceIdentifier", value = "DeviceIdentifier to be need to retrieve/publish Event.", required = true)
|
||||
@Size(min = 2, max = 45)
|
||||
@Pattern(regexp = "^[A-Za-z0-9]*$")
|
||||
private String deviceIdentifier;
|
||||
@ApiModelProperty(name = "payload", value = "Event payload.", required = true)
|
||||
private String payload;
|
||||
|
||||
@ -50,15 +50,18 @@ public class GlobalThrowableMapper implements ExceptionMapper {
|
||||
|
||||
if (e instanceof JsonParseException) {
|
||||
String errorMessage = "Malformed request body.";
|
||||
log.error(errorMessage);
|
||||
if (log.isDebugEnabled()) {
|
||||
log.error(errorMessage, e);
|
||||
}
|
||||
return AndroidDeviceUtils.buildBadRequestException(errorMessage).getResponse();
|
||||
|
||||
}
|
||||
if (e instanceof NotFoundException) {
|
||||
return ((NotFoundException) e).getResponse();
|
||||
}
|
||||
if (e instanceof UnexpectedServerErrorException) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.error("Unexpected server error", e);
|
||||
}
|
||||
return ((UnexpectedServerErrorException) e).getResponse();
|
||||
}
|
||||
if (e instanceof ConstraintViolationException) {
|
||||
@ -76,7 +79,9 @@ public class GlobalThrowableMapper implements ExceptionMapper {
|
||||
.build();
|
||||
}
|
||||
if (e instanceof ClientErrorException) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.error("Client error", e);
|
||||
}
|
||||
return ((ClientErrorException) e).getResponse();
|
||||
}
|
||||
if (e instanceof AuthenticationException) {
|
||||
@ -91,11 +96,15 @@ public class GlobalThrowableMapper implements ExceptionMapper {
|
||||
.build();
|
||||
}
|
||||
if (e instanceof ForbiddenException) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.error("Resource forbidden", e);
|
||||
}
|
||||
return ((ForbiddenException) e).getResponse();
|
||||
}
|
||||
//unknown exception log and return
|
||||
if (log.isDebugEnabled()) {
|
||||
log.error("An Unknown exception has been captured by global exception mapper.", e);
|
||||
}
|
||||
return Response.status(Response.Status.INTERNAL_SERVER_ERROR).header("Content-Type", "application/json")
|
||||
.entity(e500).build();
|
||||
}
|
||||
|
||||
@ -23,7 +23,6 @@ import org.wso2.carbon.mdm.services.android.bean.DeviceState;
|
||||
import org.wso2.carbon.mdm.services.android.bean.wrapper.EventBeanWrapper;
|
||||
|
||||
import javax.validation.Valid;
|
||||
import javax.validation.constraints.Pattern;
|
||||
import javax.validation.constraints.Size;
|
||||
import javax.ws.rs.*;
|
||||
import javax.ws.rs.core.MediaType;
|
||||
@ -141,7 +140,6 @@ public interface EventReceiverService {
|
||||
value = "Device Identifier to be need to retrieve events.",
|
||||
required = true)
|
||||
@Size(min = 2, max = 45)
|
||||
@Pattern(regexp = "^[A-Za-z0-9]*$")
|
||||
@QueryParam("id") String deviceId,
|
||||
@ApiParam(
|
||||
name = "from",
|
||||
@ -155,7 +153,6 @@ public interface EventReceiverService {
|
||||
name = "type",
|
||||
value = "Type of the Alert to be need to retrieve events.")
|
||||
@Size(min = 2, max = 45)
|
||||
@Pattern(regexp = "^[A-Za-z0-9]*$")
|
||||
@QueryParam("type") String type,
|
||||
@ApiParam(
|
||||
name = "If-Modified-Since",
|
||||
|
||||
@ -33,7 +33,6 @@ import org.wso2.carbon.mdm.services.android.util.AndroidAPIUtils;
|
||||
import org.wso2.carbon.mdm.services.android.util.Message;
|
||||
|
||||
import javax.validation.Valid;
|
||||
import javax.validation.constraints.Pattern;
|
||||
import javax.validation.constraints.Size;
|
||||
import javax.ws.rs.*;
|
||||
import javax.ws.rs.core.Response;
|
||||
@ -78,11 +77,10 @@ public class EventReceiverServiceImpl implements EventReceiverService {
|
||||
@Override
|
||||
public Response retrieveAlerts(@QueryParam("id")
|
||||
@Size(min = 2, max = 45)
|
||||
@Pattern(regexp = "^[A-Za-z0-9]*$") String deviceId,
|
||||
String deviceId,
|
||||
@QueryParam("from") long from,
|
||||
@QueryParam("to") long to,
|
||||
@Size(min = 2, max = 45)
|
||||
@Pattern(regexp = "^[A-Za-z0-9]*$")
|
||||
@QueryParam("type") String type,
|
||||
@HeaderParam("If-Modified-Since") String ifModifiedSince) {
|
||||
|
||||
|
||||
@ -230,7 +230,7 @@
|
||||
<artifactId>core</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>commons-codec.wso2</groupId>
|
||||
<groupId>commons-codec</groupId>
|
||||
<artifactId>commons-codec</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
||||
@ -215,7 +215,6 @@ public class CertificateEnrollmentServiceImpl implements CertificateEnrollmentSe
|
||||
private String prepareWapProvisioningXML(String binarySecurityToken, String wapProvisioningFilePath,
|
||||
String headerBst) throws CertificateGenerationException,
|
||||
WAPProvisioningException, WindowsDeviceEnrolmentException {
|
||||
|
||||
String rootCertEncodedString;
|
||||
String signedCertEncodedString;
|
||||
X509Certificate signedCertificate;
|
||||
@ -225,11 +224,11 @@ public class CertificateEnrollmentServiceImpl implements CertificateEnrollmentSe
|
||||
Base64 base64Encoder = new Base64();
|
||||
try {
|
||||
rootCACertificate = (X509Certificate) certMgtServiceImpl.getCACertificate();
|
||||
rootCertEncodedString = base64Encoder.encodeToString(rootCACertificate.getEncoded());
|
||||
rootCertEncodedString = base64Encoder.encodeAsString(rootCACertificate.getEncoded());
|
||||
|
||||
|
||||
signedCertificate = certMgtServiceImpl.getSignedCertificateFromCSR(binarySecurityToken);
|
||||
signedCertEncodedString = base64Encoder.encodeToString(signedCertificate.getEncoded());
|
||||
signedCertEncodedString = base64Encoder.encodeAsString(signedCertificate.getEncoded());
|
||||
|
||||
DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance();
|
||||
DocumentBuilder builder;
|
||||
@ -242,7 +241,7 @@ public class CertificateEnrollmentServiceImpl implements CertificateEnrollmentSe
|
||||
//Adding SHA1 CA certificate finger print to wap-provisioning xml.
|
||||
caCertificatePosition.getParentNode().getAttributes().getNamedItem(PluginConstants.
|
||||
CertificateEnrolment.TYPE).setTextContent(String.valueOf(
|
||||
DigestUtils.sha256Hex(rootCACertificate.getEncoded())).toUpperCase());
|
||||
DigestUtils.sha1Hex(rootCACertificate.getEncoded())).toUpperCase());
|
||||
//Adding encoded CA certificate to wap-provisioning file after removing new line
|
||||
// characters.
|
||||
NamedNodeMap rootCertAttributes = caCertificatePosition.getAttributes();
|
||||
@ -261,7 +260,7 @@ public class CertificateEnrollmentServiceImpl implements CertificateEnrollmentSe
|
||||
//Adding SHA1 signed certificate finger print to wap-provisioning xml.
|
||||
signedCertificatePosition.getParentNode().getAttributes().getNamedItem(PluginConstants.
|
||||
CertificateEnrolment.TYPE).setTextContent(String.valueOf(
|
||||
DigestUtils.sha256Hex(signedCertificate.getEncoded())).toUpperCase());
|
||||
DigestUtils.sha1Hex(signedCertificate.getEncoded())).toUpperCase());
|
||||
|
||||
//Adding encoded signed certificate to wap-provisioning file after removing new line
|
||||
// characters.
|
||||
@ -326,7 +325,7 @@ public class CertificateEnrollmentServiceImpl implements CertificateEnrollmentSe
|
||||
} catch (KeystoreException e) {
|
||||
throw new CertificateGenerationException("CA certificate cannot be generated.", e);
|
||||
}
|
||||
return base64Encoder.encodeToString(provisioningXmlString.getBytes());
|
||||
return base64Encoder.encodeAsString(provisioningXmlString.getBytes());
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
14
pom.xml
14
pom.xml
@ -331,7 +331,7 @@
|
||||
<version>${carbon.analytics.common.version}</version>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId>commons-codec</groupId>
|
||||
<groupId>commons-codec.wso2</groupId>
|
||||
<artifactId>commons-codec</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
@ -859,10 +859,15 @@
|
||||
<artifactId>commons-httpclient</artifactId>
|
||||
<version>${orbit.version.commons-httpclient}</version>
|
||||
</dependency>
|
||||
<!--<dependency>-->
|
||||
<!--<groupId>commons-codec.wso2</groupId>-->
|
||||
<!--<artifactId>commons-codec</artifactId>-->
|
||||
<!--<version>${commons-codec.wso2.version}</version>-->
|
||||
<!--</dependency>-->
|
||||
<dependency>
|
||||
<groupId>commons-codec.wso2</groupId>
|
||||
<groupId>commons-codec</groupId>
|
||||
<artifactId>commons-codec</artifactId>
|
||||
<version>${commons-codec.wso2.version}</version>
|
||||
<version>${commons-codec.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.codehaus.jackson</groupId>
|
||||
@ -1169,7 +1174,8 @@
|
||||
<gcm.server.version>1.0.2</gcm.server.version>
|
||||
|
||||
<orbit.version.commons-httpclient>3.1.0.wso2v2</orbit.version.commons-httpclient>
|
||||
<commons-codec.wso2.version>1.4.0.wso2v1</commons-codec.wso2.version>
|
||||
<!--<commons-codec.wso2.version>1.4.0.wso2v1</commons-codec.wso2.version>-->
|
||||
<commons-codec.version>1.7</commons-codec.version>
|
||||
|
||||
<javaee-web-api.version>6.0</javaee-web-api.version>
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user