[cxf-fediz] branch master updated: Cleaning private keys in a few locations

coheigea Thu, 20 Dec 2018 03:27:55 -0800

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git



The following commit(s) were added to refs/heads/master by this push:
     new 363095a  Cleaning private keys in a few locations
363095a is described below

commit 363095abd9ab4997af10333dfbf2bb632b925475
Author: Colm O hEigeartaigh <[email protected]>
AuthorDate: Thu Dec 20 11:26:47 2018 +0000

    Cleaning private keys in a few locations
---
 .../org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java    | 8 ++++++++
 .../main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java  | 8 ++++++++
 2 files changed, 16 insertions(+)

diff --git 
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
 
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
index 9bc26f0..48df412 100644
--- 
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
+++ 
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
@@ -35,6 +35,7 @@ import java.util.List;
 import java.util.UUID;
 import java.util.zip.DataFormatException;
 
+import javax.security.auth.DestroyFailedException;
 import javax.servlet.http.HttpServletRequest;
 
 import org.w3c.dom.Document;
@@ -507,6 +508,13 @@ public class SAMLProcessorImpl extends 
AbstractFedizProcessor {
         byte[] signBytes = signature.sign();
 
         String encodedSignature = 
Base64.getEncoder().encodeToString(signBytes);
+        
+        // Clean the private key from memory when we're done
+        try {
+            privateKey.destroy();
+        } catch (DestroyFailedException ex) {
+            // ignore
+        }
 
         return URLEncoder.encode(encodedSignature, "UTF-8");
     }
diff --git 
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java 
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
index 26263a9..45bdcb0 100644
--- 
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
+++ 
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
@@ -25,6 +25,7 @@ import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 
+import javax.security.auth.DestroyFailedException;
 import javax.xml.crypto.dsig.CanonicalizationMethod;
 import javax.xml.crypto.dsig.DigestMethod;
 import javax.xml.crypto.dsig.Reference;
@@ -148,6 +149,13 @@ public final class SignatureUtils {
 
         // Marshal, generate, and sign the enveloped signature.
         signature.sign(dsc);
+        
+        // Clean the private key from memory when we're done
+        try {
+            keyEntry.destroy();
+        } catch (DestroyFailedException ex) {
+            // ignore
+        }
 
         // step 4
         // Output the resulting document.

[cxf-fediz] branch master updated: Cleaning private keys in a few locations

Reply via email to