This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/master by this push:
new 70017f9 Destroy more keys after use
70017f9 is described below
commit 70017f9262dd555e1daaf71a721e92020b3df98c
Author: Colm O hEigeartaigh <[email protected]>
AuthorDate: Thu Dec 20 11:46:14 2018 +0000
Destroy more keys after use
---
.../utils/crypto/ModelEncryptionSupport.java | 45 ++++++++++++++++++++--
.../cxf/rs/security/saml/sso/MetadataService.java | 12 +++++-
.../saml/sso/SAMLProtocolResponseValidator.java | 4 ++
.../security/saml/sso/SamlPostBindingFilter.java | 8 ++++
.../saml/sso/SamlRedirectBindingFilter.java | 8 ++++
.../rs/security/xml/AbstractXmlEncInHandler.java | 4 ++
.../cxf/rs/security/xml/XmlSigOutInterceptor.java | 9 +++++
7 files changed, 85 insertions(+), 5 deletions(-)
diff --git
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
index 25c7365..f7d5493 100644
---
a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
+++
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/utils/crypto/ModelEncryptionSupport.java
@@ -28,6 +28,7 @@ import java.util.List;
import java.util.Map;
import javax.crypto.SecretKey;
+import javax.security.auth.DestroyFailedException;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
@@ -99,7 +100,16 @@ public final class ModelEncryptionSupport {
public static Client decryptClient(String encodedSequence, String
encodedSecretKey,
KeyProperties props) throws
SecurityException {
SecretKey key = CryptoUtils.decodeSecretKey(encodedSecretKey,
props.getKeyAlgo());
- return decryptClient(encodedSequence, key, props);
+ Client client = decryptClient(encodedSequence, key, props);
+
+ // Clean the secret key from memory when we're done
+ try {
+ key.destroy();
+ } catch (DestroyFailedException ex) {
+ // ignore
+ }
+
+ return client;
}
public static Client decryptClient(String encodedSequence, Key secretKey)
throws SecurityException {
@@ -123,7 +133,16 @@ public final class ModelEncryptionSupport {
String encodedSecretKey,
KeyProperties props) throws
SecurityException {
SecretKey key = CryptoUtils.decodeSecretKey(encodedSecretKey,
props.getKeyAlgo());
- return decryptAccessToken(provider, encodedToken, key, props);
+ ServerAccessToken serverAccessToken = decryptAccessToken(provider,
encodedToken, key, props);
+
+ // Clean the secret key from memory when we're done
+ try {
+ key.destroy();
+ } catch (DestroyFailedException ex) {
+ // ignore
+ }
+
+ return serverAccessToken;
}
public static ServerAccessToken decryptAccessToken(OAuthDataProvider
provider,
@@ -151,7 +170,16 @@ public final class ModelEncryptionSupport {
String encodedSecretKey,
KeyProperties props) throws
SecurityException {
SecretKey key = CryptoUtils.decodeSecretKey(encodedSecretKey,
props.getKeyAlgo());
- return decryptRefreshToken(provider, encodedToken, key, props);
+ RefreshToken refreshToken = decryptRefreshToken(provider,
encodedToken, key, props);
+
+ // Clean the secret key from memory when we're done
+ try {
+ key.destroy();
+ } catch (DestroyFailedException ex) {
+ // ignore
+ }
+
+ return refreshToken;
}
public static RefreshToken decryptRefreshToken(OAuthDataProvider provider,
@@ -179,7 +207,16 @@ public final class ModelEncryptionSupport {
String encodedSecretKey,
KeyProperties props) throws
SecurityException {
SecretKey key = CryptoUtils.decodeSecretKey(encodedSecretKey,
props.getKeyAlgo());
- return decryptCodeGrant(provider, encodedToken, key, props);
+ ServerAuthorizationCodeGrant authzCodeGrant =
decryptCodeGrant(provider, encodedToken, key, props);
+
+ // Clean the secret key from memory when we're done
+ try {
+ key.destroy();
+ } catch (DestroyFailedException ex) {
+ // ignore
+ }
+
+ return authzCodeGrant;
}
public static ServerAuthorizationCodeGrant
decryptCodeGrant(OAuthDataProvider provider,
diff --git
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/MetadataService.java
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/MetadataService.java
index 020394c..e2cc109 100644
---
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/MetadataService.java
+++
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/MetadataService.java
@@ -24,6 +24,7 @@ import java.util.ResourceBundle;
import java.util.logging.Level;
import java.util.logging.Logger;
+import javax.security.auth.DestroyFailedException;
import javax.security.auth.callback.CallbackHandler;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
@@ -98,10 +99,19 @@ public class MetadataService extends AbstractSSOSpHandler {
privateKey, issuerCerts[0],
true);
}
- return metadataWriter.getMetaData(serviceAddress,
assertionConsumerServiceAddress,
+ Document metadata = metadataWriter.getMetaData(serviceAddress,
assertionConsumerServiceAddress,
logoutServiceAddress,
privateKey, issuerCerts[0],
true);
+
+ // Clean the private key from memory when we're done
+ try {
+ privateKey.destroy();
+ } catch (DestroyFailedException ex) {
+ // ignore
+ }
+
+ return metadata;
} catch (Exception ex) {
LOG.log(Level.FINE, ex.getMessage(), ex);
throw ExceptionUtils.toInternalServerErrorException(ex, null);
diff --git
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
index a671317..89fe44e 100644
---
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
+++
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
@@ -23,6 +23,7 @@ import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
+import java.util.Arrays;
import java.util.logging.Level;
import java.util.logging.Logger;
@@ -499,6 +500,9 @@ public class SAMLProtocolResponseValidator {
throw new
WSSecurityException(WSSecurityException.ErrorCode.FAILURE,
"invalidSAMLsecurity");
}
+ // Clean the symmetric key from memory now that we're done with it
+ Arrays.fill(decryptedBytes, (byte) 0);
+
Document payloadDoc = null;
try {
payloadDoc = StaxUtils.read(new InputStreamReader(new
ByteArrayInputStream(decryptedPayload),
diff --git
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlPostBindingFilter.java
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlPostBindingFilter.java
index 3b5355f..51eb00a 100644
---
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlPostBindingFilter.java
+++
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlPostBindingFilter.java
@@ -23,6 +23,7 @@ import java.nio.charset.StandardCharsets;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
+import javax.security.auth.DestroyFailedException;
import javax.security.auth.callback.CallbackHandler;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.HttpHeaders;
@@ -172,6 +173,13 @@ public class SamlPostBindingFilter extends
AbstractServiceProviderFilter {
signableObject.releaseDOM();
signableObject.releaseChildrenDOM(true);
+ // Clean the private key from memory when we're done
+ try {
+ privateKey.destroy();
+ } catch (DestroyFailedException ex) {
+ // ignore
+ }
+
}
}
diff --git
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java
index e1cb5d5..8767f92 100644
---
a/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java
+++
b/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SamlRedirectBindingFilter.java
@@ -27,6 +27,7 @@ import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.logging.Level;
+import javax.security.auth.DestroyFailedException;
import javax.security.auth.callback.CallbackHandler;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.HttpHeaders;
@@ -163,6 +164,13 @@ public class SamlRedirectBindingFilter extends
AbstractServiceProviderFilter {
String encodedSignature =
Base64.getEncoder().encodeToString(signBytes);
+ // Clean the private key from memory when we're done
+ try {
+ privateKey.destroy();
+ } catch (DestroyFailedException ex) {
+ // ignore
+ }
+
ub.queryParam(SSOConstants.SIGNATURE,
URLEncoder.encode(encodedSignature, StandardCharsets.UTF_8.name()));
}
diff --git
a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
index 5c02eaf..e9ca746 100644
---
a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
+++
b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/AbstractXmlEncInHandler.java
@@ -25,6 +25,7 @@ import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
+import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
@@ -81,6 +82,9 @@ public abstract class AbstractXmlEncInHandler extends
AbstractXmlSecInHandler {
throwFault("Payload can not be decrypted", ex);
}
+ // Clean the secret key from memory
+ Arrays.fill(symmetricKeyBytes, (byte) 0);
+
Document payloadDoc = null;
try {
payloadDoc = StaxUtils.read(new InputStreamReader(new
ByteArrayInputStream(decryptedPayload),
diff --git
a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
index 08c75f8..010c2a1 100644
---
a/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
+++
b/rt/rs/security/xml/src/main/java/org/apache/cxf/rs/security/xml/XmlSigOutInterceptor.java
@@ -26,6 +26,7 @@ import java.util.Set;
import java.util.UUID;
import java.util.logging.Logger;
+import javax.security.auth.DestroyFailedException;
import javax.xml.namespace.QName;
import org.w3c.dom.Document;
@@ -157,6 +158,14 @@ public class XmlSigOutInterceptor extends
AbstractXmlSecOutInterceptor {
sig.addKeyInfo(issuerCerts[0].getPublicKey());
}
sig.sign(privateKey);
+
+ // Clean the private key from memory when we're done
+ try {
+ privateKey.destroy();
+ } catch (DestroyFailedException ex) {
+ // ignore
+ }
+
return sig.getElement().getOwnerDocument();
}
