community/device-mgt-plugins
1
0
Fork 0
mirror of https://repository.entgra.net/community/device-mgt-plugins.git synced 2025-09-16 23:42:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix Message digest is weak security bug

Browse Source
This commit is contained in:
warunalakshitha 2017-01-17 16:05:42 +05:30
parent 0b983855cf
commit e65b61bf95
3 changed files with 21 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.advanced.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/advanced/transport/CommunicationUtils.java
View File

@ -43,7 +43,7 @@ public class CommunicationUtils {
private static final Log log = LogFactory.getLog(TransportUtils.class); private static final Log log = LogFactory.getLog(TransportUtils.class);
// The Signature Algorithm used. // The Signature Algorithm used.
private static final String SIGNATURE_ALG = "SHA1withRSA"; private static final String SHA_512 = "SHA-512";
// The Encryption Algorithm and the Padding used. // The Encryption Algorithm and the Padding used.
private static final String CIPHER_PADDING = "RSA/ECB/PKCS1Padding"; private static final String CIPHER_PADDING = "RSA/ECB/PKCS1Padding";
@ -108,7 +108,7 @@ public class CommunicationUtils {
String signedEncodedString; String signedEncodedString;
try { try {
signature = Signature.getInstance(SIGNATURE_ALG); signature = Signature.getInstance(SHA_512);
signature.initSign(signatureKey); signature.initSign(signatureKey);
signature.update(Base64.decodeBase64(message)); signature.update(Base64.decodeBase64(message));
@ -117,11 +117,11 @@ public class CommunicationUtils {
} catch (NoSuchAlgorithmException e) { } catch (NoSuchAlgorithmException e) {
String errorMsg = String errorMsg =
"Algorithm not found exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; "Algorithm not found exception occurred for Signature instance of [" + SHA_512 + "]";
log.error(errorMsg); log.error(errorMsg);
throw new TransportHandlerException(errorMsg, e); throw new TransportHandlerException(errorMsg, e);
} catch (SignatureException e) { } catch (SignatureException e) {
String errorMsg = "Signature exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; String errorMsg = "Signature exception occurred for Signature instance of [" + SHA_512 + "]";
log.error(errorMsg); log.error(errorMsg);
throw new TransportHandlerException(errorMsg, e); throw new TransportHandlerException(errorMsg, e);
} catch (InvalidKeyException e) { } catch (InvalidKeyException e) {
@ -153,7 +153,7 @@ public class CommunicationUtils {
boolean verified; boolean verified;
try { try {
signature = Signature.getInstance(SIGNATURE_ALG); signature = Signature.getInstance(SHA_512);
signature.initVerify(verificationKey); signature.initVerify(verificationKey);
signature.update(Base64.decodeBase64(data)); signature.update(Base64.decodeBase64(data));
@ -161,11 +161,11 @@ public class CommunicationUtils {
} catch (NoSuchAlgorithmException e) { } catch (NoSuchAlgorithmException e) {
String errorMsg = String errorMsg =
"Algorithm not found exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; "Algorithm not found exception occurred for Signature instance of [" + SHA_512 + "]";
log.error(errorMsg); log.error(errorMsg);
throw new TransportHandlerException(errorMsg, e); throw new TransportHandlerException(errorMsg, e);
} catch (SignatureException e) { } catch (SignatureException e) {
String errorMsg = "Signature exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; String errorMsg = "Signature exception occurred for Signature instance of [" + SHA_512 + "]";
log.error(errorMsg); log.error(errorMsg);
throw new TransportHandlerException(errorMsg, e); throw new TransportHandlerException(errorMsg, e);
} catch (InvalidKeyException e) { } catch (InvalidKeyException e) {

14
components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.agent.impl/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/agent/transport/CommunicationUtils.java
View File

@ -43,7 +43,7 @@ public class CommunicationUtils {
private static final Log log = LogFactory.getLog(TransportUtils.class); private static final Log log = LogFactory.getLog(TransportUtils.class);
// The Signature Algorithm used. // The Signature Algorithm used.
private static final String SIGNATURE_ALG = "SHA1withRSA"; private static final String SHA_512 = "SHA-512";
// The Encryption Algorithm and the Padding used. // The Encryption Algorithm and the Padding used.
private static final String CIPHER_PADDING = "RSA/ECB/PKCS1Padding"; private static final String CIPHER_PADDING = "RSA/ECB/PKCS1Padding";
@ -107,7 +107,7 @@ public class CommunicationUtils {
String signedEncodedString; String signedEncodedString;
try { try {
signature = Signature.getInstance(SIGNATURE_ALG); signature = Signature.getInstance(SHA_512);
signature.initSign(signatureKey); signature.initSign(signatureKey);
signature.update(Base64.decodeBase64(message)); signature.update(Base64.decodeBase64(message));
@ -116,11 +116,11 @@ public class CommunicationUtils {
} catch (NoSuchAlgorithmException e) { } catch (NoSuchAlgorithmException e) {
String errorMsg = String errorMsg =
"Algorithm not found exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; "Algorithm not found exception occurred for Signature instance of [" + SHA_512 + "]";
log.error(errorMsg); log.error(errorMsg);
throw new TransportHandlerException(errorMsg, e); throw new TransportHandlerException(errorMsg, e);
} catch (SignatureException e) { } catch (SignatureException e) {
String errorMsg = "Signature exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; String errorMsg = "Signature exception occurred for Signature instance of [" + SHA_512 + "]";
log.error(errorMsg); log.error(errorMsg);
throw new TransportHandlerException(errorMsg, e); throw new TransportHandlerException(errorMsg, e);
} catch (InvalidKeyException e) { } catch (InvalidKeyException e) {
@ -152,7 +152,7 @@ public class CommunicationUtils {
boolean verified; boolean verified;
try { try {
signature = Signature.getInstance(SIGNATURE_ALG); signature = Signature.getInstance(SHA_512);
signature.initVerify(verificationKey); signature.initVerify(verificationKey);
signature.update(Base64.decodeBase64(data)); signature.update(Base64.decodeBase64(data));
@ -160,11 +160,11 @@ public class CommunicationUtils {
} catch (NoSuchAlgorithmException e) { } catch (NoSuchAlgorithmException e) {
String errorMsg = String errorMsg =
"Algorithm not found exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; "Algorithm not found exception occurred for Signature instance of [" + SHA_512 + "]";
log.error(errorMsg); log.error(errorMsg);
throw new TransportHandlerException(errorMsg, e); throw new TransportHandlerException(errorMsg, e);
} catch (SignatureException e) { } catch (SignatureException e) {
String errorMsg = "Signature exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; String errorMsg = "Signature exception occurred for Signature instance of [" + SHA_512 + "]";
log.error(errorMsg); log.error(errorMsg);
throw new TransportHandlerException(errorMsg, e); throw new TransportHandlerException(errorMsg, e);
} catch (InvalidKeyException e) { } catch (InvalidKeyException e) {

14
components/device-types/virtual-fire-alarm-plugin/org.wso2.carbon.device.mgt.iot.virtualfirealarm.plugin/src/main/java/org/wso2/carbon/device/mgt/iot/virtualfirealarm/plugin/impl/VirtualFirealarmSecurityManager.java
View File

@ -51,7 +51,7 @@ public class VirtualFirealarmSecurityManager {
private static final Log log = LogFactory.getLog(VirtualFirealarmSecurityManager.class); private static final Log log = LogFactory.getLog(VirtualFirealarmSecurityManager.class);
private static PrivateKey serverPrivateKey; private static PrivateKey serverPrivateKey;
private static final String SIGNATURE_ALG = "SHA1withRSA"; private static final String SHA_512 = "SHA-512";
private static final String CIPHER_PADDING = "RSA/ECB/PKCS1Padding"; private static final String CIPHER_PADDING = "RSA/ECB/PKCS1Padding";
private static CertificateKeystoreConfig certificateKeystoreConfig; private static CertificateKeystoreConfig certificateKeystoreConfig;
private VirtualFirealarmSecurityManager() { private VirtualFirealarmSecurityManager() {
@ -162,7 +162,7 @@ public class VirtualFirealarmSecurityManager {
String signedEncodedString; String signedEncodedString;
try { try {
signature = Signature.getInstance(SIGNATURE_ALG); signature = Signature.getInstance(SHA_512);
signature.initSign(signatureKey); signature.initSign(signatureKey);
signature.update(Base64.decodeBase64(encryptedData)); signature.update(Base64.decodeBase64(encryptedData));
@ -170,11 +170,11 @@ public class VirtualFirealarmSecurityManager {
signedEncodedString = Base64.encodeBase64String(signatureBytes); signedEncodedString = Base64.encodeBase64String(signatureBytes);
} catch (NoSuchAlgorithmException e) { } catch (NoSuchAlgorithmException e) {
String errorMsg = "Algorithm not found exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; String errorMsg = "Algorithm not found exception occurred for Signature instance of [" + SHA_512 + "]";
log.error(errorMsg); log.error(errorMsg);
throw new VirtualFirealarmDeviceMgtPluginException(errorMsg, e); throw new VirtualFirealarmDeviceMgtPluginException(errorMsg, e);
} catch (SignatureException e) { } catch (SignatureException e) {
String errorMsg = "Signature exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; String errorMsg = "Signature exception occurred for Signature instance of [" + SHA_512 + "]";
log.error(errorMsg); log.error(errorMsg);
throw new VirtualFirealarmDeviceMgtPluginException(errorMsg, e); throw new VirtualFirealarmDeviceMgtPluginException(errorMsg, e);
} catch (InvalidKeyException e) { } catch (InvalidKeyException e) {
@ -193,18 +193,18 @@ public class VirtualFirealarmSecurityManager {
boolean verified; boolean verified;
try { try {
signature = Signature.getInstance(SIGNATURE_ALG); signature = Signature.getInstance(SHA_512);
signature.initVerify(verificationKey); signature.initVerify(verificationKey);
signature.update(Base64.decodeBase64(data)); signature.update(Base64.decodeBase64(data));
verified = signature.verify(Base64.decodeBase64(signedData)); verified = signature.verify(Base64.decodeBase64(signedData));
} catch (NoSuchAlgorithmException e) { } catch (NoSuchAlgorithmException e) {
String errorMsg = "Algorithm not found exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; String errorMsg = "Algorithm not found exception occurred for Signature instance of [" + SHA_512 + "]";
log.error(errorMsg); log.error(errorMsg);
throw new VirtualFirealarmDeviceMgtPluginException(errorMsg, e); throw new VirtualFirealarmDeviceMgtPluginException(errorMsg, e);
} catch (SignatureException e) { } catch (SignatureException e) {
String errorMsg = "Signature exception occurred for Signature instance of [" + SIGNATURE_ALG + "]"; String errorMsg = "Signature exception occurred for Signature instance of [" + SHA_512 + "]";
log.error(errorMsg); log.error(errorMsg);
throw new VirtualFirealarmDeviceMgtPluginException(errorMsg, e); throw new VirtualFirealarmDeviceMgtPluginException(errorMsg, e);
} catch (InvalidKeyException e) { } catch (InvalidKeyException e) {