Merge pull request #531 from warunalakshitha/release-3.0.x

Fix find security Bugs

components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.advanced.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/advanced/transport/CommunicationUtils.java

@@ -43,7 +43,7 @@ public class CommunicationUtils {
     private static final Log log = LogFactory.getLog(TransportUtils.class);
 
     // The Signature Algorithm used.
-    private static final String SIGNATURE_ALG = "SHA1withRSA";
+    private static final String SHA_512 = "SHA-512";
     // The Encryption Algorithm and the Padding used.
     private static final String CIPHER_PADDING = "RSA/ECB/PKCS1Padding";
 
@@ -108,7 +108,7 @@ public class CommunicationUtils {
         String signedEncodedString;
 
         try {
-            signature = Signature.getInstance(SIGNATURE_ALG);
+            signature = Signature.getInstance(SHA_512);
             signature.initSign(signatureKey);
             signature.update(Base64.decodeBase64(message));
 
@@ -117,11 +117,11 @@ public class CommunicationUtils {
 
         } catch (NoSuchAlgorithmException e) {
             String errorMsg =
-                    "Algorithm not found exception occurred for Signature instance of [" + SIGNATURE_ALG + "]";
+                    "Algorithm not found exception occurred for Signature instance of [" + SHA_512 + "]";
             log.error(errorMsg);
             throw new TransportHandlerException(errorMsg, e);
         } catch (SignatureException e) {
-            String errorMsg = "Signature exception occurred for Signature instance of [" + SIGNATURE_ALG + "]";
+            String errorMsg = "Signature exception occurred for Signature instance of [" + SHA_512 + "]";
             log.error(errorMsg);
             throw new TransportHandlerException(errorMsg, e);
         } catch (InvalidKeyException e) {
@@ -153,7 +153,7 @@ public class CommunicationUtils {
         boolean verified;
 
         try {
-            signature = Signature.getInstance(SIGNATURE_ALG);
+            signature = Signature.getInstance(SHA_512);
             signature.initVerify(verificationKey);
             signature.update(Base64.decodeBase64(data));
 
@@ -161,11 +161,11 @@ public class CommunicationUtils {
 
         } catch (NoSuchAlgorithmException e) {
             String errorMsg =
-                    "Algorithm not found exception occurred for Signature instance of [" + SIGNATURE_ALG + "]";
+                    "Algorithm not found exception occurred for Signature instance of [" + SHA_512 + "]";
             log.error(errorMsg);
             throw new TransportHandlerException(errorMsg, e);
         } catch (SignatureException e) {
-            String errorMsg = "Signature exception occurred for Signature instance of [" + SIGNATURE_ALG + "]";
+            String errorMsg = "Signature exception occurred for Signature instance of [" + SHA_512 + "]";
             log.error(errorMsg);
             throw new TransportHandlerException(errorMsg, e);
         } catch (InvalidKeyException e) {

components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.advanced.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/advanced/transport/TransportUtils.java

@@ -34,6 +34,8 @@ import java.net.ServerSocket;
 import java.net.SocketException;
 import java.net.URL;
 import java.nio.charset.StandardCharsets;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.Enumeration;
 import java.util.HashMap;
@@ -172,27 +174,26 @@ public class TransportUtils {
      */
     public static synchronized int getAvailablePort(int randomAttempts) {
         ArrayList<Integer> failedPorts = new ArrayList<Integer>(randomAttempts);
-
+        try {
-        Random randomNum = new Random();
+            SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
-        int randomPort = MAX_PORT_NUMBER;
+            int randomPort = MAX_PORT_NUMBER;
-
+            while (randomAttempts > 0) {
-        while (randomAttempts > 0) {
+                randomPort = secureRandom.nextInt(MAX_PORT_NUMBER - MIN_PORT_NUMBER) + MIN_PORT_NUMBER;
-            randomPort = randomNum.nextInt(MAX_PORT_NUMBER - MIN_PORT_NUMBER) + MIN_PORT_NUMBER;
+                if (checkIfPortAvailable(randomPort)) {
-
+                    return randomPort;
-            if (checkIfPortAvailable(randomPort)) {
+                }
-                return randomPort;
+                failedPorts.add(randomPort);
+                randomAttempts--;
             }
-            failedPorts.add(randomPort);
+            randomPort = MAX_PORT_NUMBER;
-            randomAttempts--;
+            while (true) {
-        }
+                if (!failedPorts.contains(randomPort) && checkIfPortAvailable(randomPort)) {
-
+                    return randomPort;
-        randomPort = MAX_PORT_NUMBER;
+                }
-
+                randomPort--;
-        while (true) {
-            if (!failedPorts.contains(randomPort) && checkIfPortAvailable(randomPort)) {
-                return randomPort;
             }
-            randomPort--;
+        } catch (NoSuchAlgorithmException e) {
+            throw new RuntimeException("SHA1PRNG algorithm could not be found.");
         }
     }
 

components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.advanced.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/advanced/virtual/VirtualHardwareManager.java

@@ -33,6 +33,8 @@ import javax.sound.sampled.Clip;
 import javax.swing.*;
 import java.io.IOException;
 import java.io.InputStream;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
 
 /**
  * This class use to emulate virtual hardware functionality
@@ -188,9 +190,12 @@ public class VirtualHardwareManager {
             double mn = current - offset;
             min = (mn < min) ? min : (int) Math.round(mn);
         }
-
+        try {
-        double rnd = Math.random() * (max - min) + min;
+            SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
-        return (int) Math.round(rnd);
+            return secureRandom.nextInt(max - min) + min;
+        } catch (NoSuchAlgorithmException e) {
+            throw new RuntimeException("SHA1PRNG algorithm could not be found.");
+        }
 
     }
 

components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/enrollment/EnrollmentManager.java

@@ -129,11 +129,8 @@ public class EnrollmentManager {
 
     public void setEnrollmentStatus() {
         KeyStore keyStore;
-
         try {
             keyStore = KeyStore.getInstance(AgentConstants.DEVICE_KEYSTORE_TYPE);
-            keyStore.load(new FileInputStream(AgentConstants.DEVICE_KEYSTORE),
-                          AgentConstants.DEVICE_KEYSTORE_PASSWORD.toCharArray());
 
             this.isEnrolled = (keyStore.containsAlias(AgentConstants.DEVICE_CERT_ALIAS) &&
                     keyStore.containsAlias(AgentConstants.DEVICE_PRIVATE_KEY_ALIAS) &&
@@ -146,21 +143,7 @@ public class EnrollmentManager {
             log.error(AgentConstants.LOG_APPENDER + e);
             log.warn(AgentConstants.LOG_APPENDER + "Device will be re-enrolled.");
             return;
-        } catch (CertificateException | NoSuchAlgorithmException e) {
-            log.error(AgentConstants.LOG_APPENDER + "An error occurred whilst trying to [load] the device KeyStore '" +
-                              AgentConstants.DEVICE_KEYSTORE + "'.");
-            log.error(AgentConstants.LOG_APPENDER + e);
-            log.warn(AgentConstants.LOG_APPENDER + "Device will be re-enrolled.");
-            return;
-        } catch (IOException e) {
-            log.error(AgentConstants.LOG_APPENDER +
-                              "An error occurred whilst trying to load input stream with the keystore file: " +
-                              AgentConstants.DEVICE_KEYSTORE);
-            log.error(AgentConstants.LOG_APPENDER + e);
-            log.warn(AgentConstants.LOG_APPENDER + "Device will be re-enrolled.");
-            return;
         }
-
         try {
             if (this.isEnrolled) {
                 this.SCEPCertificate = (X509Certificate) keyStore.getCertificate(AgentConstants.DEVICE_CERT_ALIAS);
@@ -262,9 +245,6 @@ public class EnrollmentManager {
         KeyStore keyStore;
         try {
             keyStore = KeyStore.getInstance(AgentConstants.DEVICE_KEYSTORE_TYPE);
-            keyStore.load(new FileInputStream(AgentConstants.DEVICE_KEYSTORE),
-                          AgentConstants.DEVICE_KEYSTORE_PASSWORD.toCharArray());
-
             keyStore.setCertificateEntry(alias, certificate);
             keyStore.store(new FileOutputStream(AgentConstants.DEVICE_KEYSTORE),
                            AgentConstants.DEVICE_KEYSTORE_PASSWORD.toCharArray());
@@ -285,9 +265,6 @@ public class EnrollmentManager {
         KeyStore keyStore;
         try {
             keyStore = KeyStore.getInstance(AgentConstants.DEVICE_KEYSTORE_TYPE);
-            keyStore.load(new FileInputStream(AgentConstants.DEVICE_KEYSTORE),
-                          AgentConstants.DEVICE_KEYSTORE_PASSWORD.toCharArray());
-
             Certificate[] certChain = new Certificate[1];
             certChain[0] = certInCertChain;
 

components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/transport/CommunicationUtils.java

@@ -43,7 +43,7 @@ public class CommunicationUtils {
     private static final Log log = LogFactory.getLog(TransportUtils.class);
 
     // The Signature Algorithm used.
-    private static final String SIGNATURE_ALG = "SHA1withRSA";
+    private static final String SHA_512 = "SHA-512";
     // The Encryption Algorithm and the Padding used.
     private static final String CIPHER_PADDING = "RSA/ECB/PKCS1Padding";
 
@@ -107,7 +107,7 @@ public class CommunicationUtils {
         String signedEncodedString;
 
         try {
-            signature = Signature.getInstance(SIGNATURE_ALG);
+            signature = Signature.getInstance(SHA_512);
             signature.initSign(signatureKey);
             signature.update(Base64.decodeBase64(message));
 
@@ -116,11 +116,11 @@ public class CommunicationUtils {
 
         } catch (NoSuchAlgorithmException e) {
             String errorMsg =
-                    "Algorithm not found exception occurred for Signature instance of [" + SIGNATURE_ALG + "]";
+                    "Algorithm not found exception occurred for Signature instance of [" + SHA_512 + "]";
             log.error(errorMsg);
             throw new TransportHandlerException(errorMsg, e);
         } catch (SignatureException e) {
-            String errorMsg = "Signature exception occurred for Signature instance of [" + SIGNATURE_ALG + "]";
+            String errorMsg = "Signature exception occurred for Signature instance of [" + SHA_512 + "]";
             log.error(errorMsg);
             throw new TransportHandlerException(errorMsg, e);
         } catch (InvalidKeyException e) {
@@ -152,7 +152,7 @@ public class CommunicationUtils {
         boolean verified;
 
         try {
-            signature = Signature.getInstance(SIGNATURE_ALG);
+            signature = Signature.getInstance(SHA_512);
             signature.initVerify(verificationKey);
             signature.update(Base64.decodeBase64(data));
 
@@ -160,11 +160,11 @@ public class CommunicationUtils {
 
         } catch (NoSuchAlgorithmException e) {
             String errorMsg =
-                    "Algorithm not found exception occurred for Signature instance of [" + SIGNATURE_ALG + "]";
+                    "Algorithm not found exception occurred for Signature instance of [" + SHA_512 + "]";
             log.error(errorMsg);
             throw new TransportHandlerException(errorMsg, e);
         } catch (SignatureException e) {
-            String errorMsg = "Signature exception occurred for Signature instance of [" + SIGNATURE_ALG + "]";
+            String errorMsg = "Signature exception occurred for Signature instance of [" + SHA_512 + "]";
             log.error(errorMsg);
             throw new TransportHandlerException(errorMsg, e);
         } catch (InvalidKeyException e) {

components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/transport/TransportUtils.java

@@ -36,6 +36,8 @@ import java.net.ServerSocket;
 import java.net.SocketException;
 import java.net.URL;
 import java.nio.charset.StandardCharsets;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.Enumeration;
 import java.util.HashMap;
@@ -173,27 +175,26 @@ public class TransportUtils {
 	 */
 	public static synchronized int getAvailablePort(int randomAttempts) {
 		ArrayList<Integer> failedPorts = new ArrayList<Integer>(randomAttempts);
-
+		try {
-		Random randomNum = new Random();
+			SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
-		int randomPort = MAX_PORT_NUMBER;
+			int randomPort = MAX_PORT_NUMBER;
-
+			while (randomAttempts > 0) {
-		while (randomAttempts > 0) {
+				randomPort = secureRandom.nextInt(MAX_PORT_NUMBER - MIN_PORT_NUMBER) + MIN_PORT_NUMBER;
-			randomPort = randomNum.nextInt(MAX_PORT_NUMBER - MIN_PORT_NUMBER) + MIN_PORT_NUMBER;
+				if (checkIfPortAvailable(randomPort)) {
-
+					return randomPort;
-			if (checkIfPortAvailable(randomPort)) {
+				}
-				return randomPort;
+				failedPorts.add(randomPort);
+				randomAttempts--;
 			}
-			failedPorts.add(randomPort);
+			randomPort = MAX_PORT_NUMBER;
-			randomAttempts--;
+			while (true) {
-		}
+				if (!failedPorts.contains(randomPort) && checkIfPortAvailable(randomPort)) {
-
+					return randomPort;
-		randomPort = MAX_PORT_NUMBER;
+				}
-
+				randomPort--;
-		while (true) {
-			if (!failedPorts.contains(randomPort) && checkIfPortAvailable(randomPort)) {
-				return randomPort;
 			}
-			randomPort--;
+		} catch (NoSuchAlgorithmException e) {
+			throw new RuntimeException("SHA1PRNG algorithm could not be found.");
 		}
 	}
 

components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/virtual/VirtualHardwareManager.java

@@ -33,6 +33,8 @@ import javax.sound.sampled.Clip;
 import javax.swing.*;
 import java.io.IOException;
 import java.io.InputStream;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
 
 /**
  * This class use to emulate virtual hardware functionality
@@ -174,19 +176,19 @@ public class VirtualHardwareManager {
     }
 
     private int getRandom(int max, int min, int current, boolean isSmoothed, int svf) {
-
         if (isSmoothed) {
             int offset = (max - min) * svf / 100;
             double mx = current + offset;
             max = (mx > max) ? max : (int) Math.round(mx);
-
             double mn = current - offset;
             min = (mn < min) ? min : (int) Math.round(mn);
         }
-
+        try {
-        double rnd = Math.random() * (max - min) + min;
+            SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
-        return (int) Math.round(rnd);
+            return secureRandom.nextInt(max - min) + min;
-
+        } catch (NoSuchAlgorithmException e) {
+            throw new RuntimeException("SHA1PRNG algorithm could not be found.");
+        }
     }
 
     private void setAudioSequencer() {

components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/plugin/impl/VirtualFirealarmSecurityManager.java

@@ -51,7 +51,7 @@ public class VirtualFirealarmSecurityManager {
     private static final Log log = LogFactory.getLog(VirtualFirealarmSecurityManager.class);
 
     private static PrivateKey serverPrivateKey;
-    private static final String SIGNATURE_ALG = "SHA1withRSA";
+    private static final String SHA_512 = "SHA-512";
     private static final String CIPHER_PADDING = "RSA/ECB/PKCS1Padding";
     private static CertificateKeystoreConfig certificateKeystoreConfig;
     private VirtualFirealarmSecurityManager() {
@@ -162,7 +162,7 @@ public class VirtualFirealarmSecurityManager {
         String signedEncodedString;
 
         try {
-            signature = Signature.getInstance(SIGNATURE_ALG);
+            signature = Signature.getInstance(SHA_512);
             signature.initSign(signatureKey);
             signature.update(Base64.decodeBase64(encryptedData));
 
@@ -170,11 +170,11 @@ public class VirtualFirealarmSecurityManager {
             signedEncodedString = Base64.encodeBase64String(signatureBytes);
 
         } catch (NoSuchAlgorithmException e) {
-            String errorMsg = "Algorithm not found exception occurred for Signature instance of [" + SIGNATURE_ALG + "]";
+            String errorMsg = "Algorithm not found exception occurred for Signature instance of [" + SHA_512 + "]";
             log.error(errorMsg);
             throw new VirtualFirealarmDeviceMgtPluginException(errorMsg, e);
         } catch (SignatureException e) {
-            String errorMsg = "Signature exception occurred for Signature instance of [" + SIGNATURE_ALG + "]";
+            String errorMsg = "Signature exception occurred for Signature instance of [" + SHA_512 + "]";
             log.error(errorMsg);
             throw new VirtualFirealarmDeviceMgtPluginException(errorMsg, e);
         } catch (InvalidKeyException e) {
@@ -193,18 +193,18 @@ public class VirtualFirealarmSecurityManager {
         boolean verified;
 
         try {
-            signature = Signature.getInstance(SIGNATURE_ALG);
+            signature = Signature.getInstance(SHA_512);
             signature.initVerify(verificationKey);
             signature.update(Base64.decodeBase64(data));
 
             verified = signature.verify(Base64.decodeBase64(signedData));
 
         } catch (NoSuchAlgorithmException e) {
-            String errorMsg = "Algorithm not found exception occurred for Signature instance of [" + SIGNATURE_ALG + "]";
+            String errorMsg = "Algorithm not found exception occurred for Signature instance of [" + SHA_512 + "]";
             log.error(errorMsg);
             throw new VirtualFirealarmDeviceMgtPluginException(errorMsg, e);
         } catch (SignatureException e) {
-            String errorMsg = "Signature exception occurred for Signature instance of [" + SIGNATURE_ALG + "]";
+            String errorMsg = "Signature exception occurred for Signature instance of [" + SHA_512 + "]";
             log.error(errorMsg);
             throw new VirtualFirealarmDeviceMgtPluginException(errorMsg, e);
         } catch (InvalidKeyException e) {