You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by rg...@apache.org on 2016/10/25 15:36:43 UTC
svn commit: r1766547 - in /qpid/java/trunk:
broker-core/src/main/java/org/apache/qpid/server/model/
broker-core/src/main/java/org/apache/qpid/server/security/
broker-core/src/main/java/org/apache/qpid/server/security/auth/database/
broker-core/src/main...
Author: rgodfrey
Date: Tue Oct 25 15:36:42 2016
New Revision: 1766547
URL: http://svn.apache.org/viewvc?rev=1766547&view=rev
Log:
QPID-7470 : Wrap use of DatatypeConverter.parseBase64Binary to validate that only valid characters exist within the string
Modified:
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/AttributeValueConverter.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/AutoGeneratedSelfSignedKeyStoreImpl.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/database/HashedUser.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractScramAuthenticationManager.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/MD5AuthenticationProvider.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/scram/ScramSaslServer.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypter.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/util/urlstreamhandler/data/Handler.java
qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/BasicAuthPreemptiveAuthenticator.java
qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java
qpid/java/trunk/client/src/main/java/org/apache/qpid/client/security/scram/AbstractScramSaslClient.java
qpid/java/trunk/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
qpid/java/trunk/common/src/main/java/org/apache/qpid/util/Strings.java
qpid/java/trunk/tools/src/main/java/org/apache/qpid/tools/RestStressTestClient.java
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/AttributeValueConverter.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/AttributeValueConverter.java?rev=1766547&r1=1766546&r2=1766547&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/AttributeValueConverter.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/model/AttributeValueConverter.java Tue Oct 25 15:36:42 2016
@@ -55,6 +55,7 @@ import com.google.common.base.Defaults;
import org.apache.qpid.server.model.preferences.GenericPrincipal;
import org.apache.qpid.server.util.ServerScopedRuntimeException;
+import org.apache.qpid.util.Strings;
abstract class AttributeValueConverter<T>
{
@@ -151,20 +152,8 @@ abstract class AttributeValueConverter<T
{
String interpolated = AbstractConfiguredObject.interpolate(object,
(String) value);
- try
- {
- interpolated = interpolated.replaceAll("\\s","");
- if(!interpolated.matches("[A-Za-z0-9+/]*[=]*"))
- {
- throw new IllegalArgumentException("Cannot convert string '"+ interpolated+ "'to a byte[] - it does not appear to be base64 data");
- }
-
- return DatatypeConverter.parseBase64Binary(interpolated);
- }
- catch(ArrayIndexOutOfBoundsException e)
- {
- throw new IllegalArgumentException("Cannot convert string '"+ interpolated+ "'to a byte[] - it does not appear to be base64 data");
- }
+ return Strings.decodeBase64(interpolated);
+
}
else
{
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/AutoGeneratedSelfSignedKeyStoreImpl.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/AutoGeneratedSelfSignedKeyStoreImpl.java?rev=1766547&r1=1766546&r2=1766547&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/AutoGeneratedSelfSignedKeyStoreImpl.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/AutoGeneratedSelfSignedKeyStoreImpl.java Tue Oct 25 15:36:42 2016
@@ -75,6 +75,7 @@ import org.apache.qpid.server.model.Rest
import org.apache.qpid.server.model.State;
import org.apache.qpid.server.model.StateTransition;
import org.apache.qpid.transport.network.security.ssl.SSLUtil;
+import org.apache.qpid.util.Strings;
public class AutoGeneratedSelfSignedKeyStoreImpl
extends AbstractConfiguredObject<AutoGeneratedSelfSignedKeyStoreImpl>
@@ -196,8 +197,8 @@ public class AutoGeneratedSelfSignedKeyS
private void loadPrivateKeyAndCertificate()
{
- byte[] privateKeyEncoded = DatatypeConverter.parseBase64Binary((String) getActualAttributes().get(ENCODED_PRIVATE_KEY));
- byte[] certificateEncoded = DatatypeConverter.parseBase64Binary((String) getActualAttributes().get(
+ byte[] privateKeyEncoded = Strings.decodeBase64((String) getActualAttributes().get(ENCODED_PRIVATE_KEY));
+ byte[] certificateEncoded = Strings.decodeBase64((String) getActualAttributes().get(
ENCODED_CERTIFICATE));
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java?rev=1766547&r1=1766546&r2=1766547&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/SiteSpecificTrustStoreImpl.java Tue Oct 25 15:36:42 2016
@@ -31,7 +31,6 @@ import java.security.cert.CertificateFac
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
-import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Map;
@@ -46,14 +45,13 @@ import javax.xml.bind.DatatypeConverter;
import com.google.common.util.concurrent.Futures;
import com.google.common.util.concurrent.ListenableFuture;
-
-import org.apache.qpid.server.configuration.updater.Task;
-import org.apache.qpid.server.logging.EventLogger;
-import org.apache.qpid.server.logging.messages.TrustStoreMessages;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.apache.qpid.server.configuration.IllegalConfigurationException;
+import org.apache.qpid.server.configuration.updater.Task;
+import org.apache.qpid.server.logging.EventLogger;
+import org.apache.qpid.server.logging.messages.TrustStoreMessages;
import org.apache.qpid.server.model.AbstractConfiguredObject;
import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.model.Broker;
@@ -69,6 +67,7 @@ import org.apache.qpid.server.model.Virt
import org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManager;
import org.apache.qpid.transport.network.security.ssl.SSLUtil;
import org.apache.qpid.transport.util.Functions;
+import org.apache.qpid.util.Strings;
@ManagedObject( category = false )
public class SiteSpecificTrustStoreImpl
@@ -281,7 +280,7 @@ public class SiteSpecificTrustStoreImpl
private void decodeCertificate()
{
- byte[] certificateEncoded = DatatypeConverter.parseBase64Binary((String) getActualAttributes().get(CERTIFICATE));
+ byte[] certificateEncoded = Strings.decodeBase64((String) getActualAttributes().get(CERTIFICATE));
try(ByteArrayInputStream input = new ByteArrayInputStream(certificateEncoded))
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/database/HashedUser.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/database/HashedUser.java?rev=1766547&r1=1766546&r2=1766547&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/database/HashedUser.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/database/HashedUser.java Tue Oct 25 15:36:42 2016
@@ -25,11 +25,11 @@ import java.nio.charset.StandardCharsets
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
-
import javax.xml.bind.DatatypeConverter;
import org.apache.qpid.server.model.AuthenticationProvider;
import org.apache.qpid.server.util.ServerScopedRuntimeException;
+import org.apache.qpid.util.Strings;
public class HashedUser implements PasswordPrincipal
@@ -61,7 +61,7 @@ public class HashedUser implements Passw
}
_encodedPassword = encoded_password;
- byte[] decoded = DatatypeConverter.parseBase64Binary(data[1]);
+ byte[] decoded = Strings.decodeBase64(data[1]);
_password = new char[decoded.length];
int index = 0;
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractScramAuthenticationManager.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractScramAuthenticationManager.java?rev=1766547&r1=1766546&r2=1766547&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractScramAuthenticationManager.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/AbstractScramAuthenticationManager.java Tue Oct 25 15:36:42 2016
@@ -50,6 +50,7 @@ import org.apache.qpid.server.security.a
import org.apache.qpid.server.security.auth.sasl.plain.PlainAdapterSaslServer;
import org.apache.qpid.server.security.auth.sasl.scram.ScramSaslServer;
import org.apache.qpid.server.security.auth.sasl.scram.ScramSaslServerSource;
+import org.apache.qpid.util.Strings;
public abstract class AbstractScramAuthenticationManager<X extends AbstractScramAuthenticationManager<X>>
extends ConfigModelPasswordManagingAuthenticationProvider<X>
@@ -159,7 +160,7 @@ public abstract class AbstractScramAuthe
final String[] passwordFields = user.getPassword().split(",");
if (passwordFields.length == 2)
{
- byte[] saltedPassword = DatatypeConverter.parseBase64Binary(passwordFields[PasswordField.SALTED_PASSWORD.ordinal()]);
+ byte[] saltedPassword = Strings.decodeBase64(passwordFields[PasswordField.SALTED_PASSWORD.ordinal()]);
try
{
@@ -320,9 +321,9 @@ public abstract class AbstractScramAuthe
{
updateStoredPasswordFormatIfNecessary(user);
final String[] passwordFields = user.getPassword().split(",");
- salt = DatatypeConverter.parseBase64Binary(passwordFields[PasswordField.SALT.ordinal()]);
- storedKey = DatatypeConverter.parseBase64Binary(passwordFields[PasswordField.STORED_KEY.ordinal()]);
- serverKey = DatatypeConverter.parseBase64Binary(passwordFields[PasswordField.SERVER_KEY.ordinal()]);
+ salt = Strings.decodeBase64(passwordFields[PasswordField.SALT.ordinal()]);
+ storedKey = Strings.decodeBase64(passwordFields[PasswordField.STORED_KEY.ordinal()]);
+ serverKey = Strings.decodeBase64(passwordFields[PasswordField.SERVER_KEY.ordinal()]);
iterationCount = Integer.parseInt(passwordFields[PasswordField.ITERATION_COUNT.ordinal()]);
exception = null;
}
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/MD5AuthenticationProvider.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/MD5AuthenticationProvider.java?rev=1766547&r1=1766546&r2=1766547&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/MD5AuthenticationProvider.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/manager/MD5AuthenticationProvider.java Tue Oct 25 15:36:42 2016
@@ -52,6 +52,7 @@ import org.apache.qpid.server.security.a
import org.apache.qpid.server.security.auth.sasl.plain.PlainAdapterSaslServer;
import org.apache.qpid.server.security.auth.sasl.plain.PlainSaslServer;
import org.apache.qpid.server.util.ServerScopedRuntimeException;
+import org.apache.qpid.util.Strings;
@ManagedObject( category = false, type = "MD5" )
public class MD5AuthenticationProvider
@@ -179,7 +180,7 @@ public class MD5AuthenticationProvider
if(user != null)
{
String passwordData = user.getPassword();
- byte[] passwordBytes = DatatypeConverter.parseBase64Binary(passwordData);
+ byte[] passwordBytes = Strings.decodeBase64(passwordData);
char[] password;
if(_hexify)
{
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/scram/ScramSaslServer.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/scram/ScramSaslServer.java?rev=1766547&r1=1766546&r2=1766547&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/scram/ScramSaslServer.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/auth/sasl/scram/ScramSaslServer.java Tue Oct 25 15:36:42 2016
@@ -34,6 +34,8 @@ import javax.security.sasl.SaslException
import javax.security.sasl.SaslServer;
import javax.xml.bind.DatatypeConverter;
+import org.apache.qpid.util.Strings;
+
public class ScramSaslServer implements SaslServer
{
public final String _mechanism;
@@ -163,7 +165,7 @@ public class ScramSaslServer implements
{
throw new SaslException("Cannot parse client final message");
}
- if(!Arrays.equals(_gs2Header,DatatypeConverter.parseBase64Binary(parts[0].substring(2))))
+ if(!Arrays.equals(_gs2Header, Strings.decodeBase64(parts[0].substring(2))))
{
throw new SaslException("Client final message channel bind data invalid");
}
@@ -181,7 +183,7 @@ public class ScramSaslServer implements
}
String clientFinalMessageWithoutProof = clientFinalMessage.substring(0,clientFinalMessage.length()-(1+parts[parts.length-1].length()));
- byte[] proofBytes = DatatypeConverter.parseBase64Binary(parts[parts.length-1].substring(2));
+ byte[] proofBytes = Strings.decodeBase64(parts[parts.length-1].substring(2));
String authMessage = _clientFirstMessageBare + "," + _serverFirstMessage + "," + clientFinalMessageWithoutProof;
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypter.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypter.java?rev=1766547&r1=1766546&r2=1766547&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypter.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/security/encryption/AESKeyFileEncrypter.java Tue Oct 25 15:36:42 2016
@@ -36,6 +36,8 @@ import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.xml.bind.DatatypeConverter;
+import org.apache.qpid.util.Strings;
+
class AESKeyFileEncrypter implements ConfigurationSecretEncrypter
{
private static final String CIPHER_NAME = "AES/CBC/PKCS5Padding";
@@ -87,7 +89,7 @@ class AESKeyFileEncrypter implements Con
{
throw new IllegalArgumentException("Encrypted value is not valid Base 64 data: '" + encrypted + "'");
}
- byte[] encryptedBytes = DatatypeConverter.parseBase64Binary(encrypted);
+ byte[] encryptedBytes = Strings.decodeBase64(encrypted);
try
{
Cipher cipher = Cipher.getInstance(CIPHER_NAME);
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/util/urlstreamhandler/data/Handler.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/util/urlstreamhandler/data/Handler.java?rev=1766547&r1=1766546&r2=1766547&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/util/urlstreamhandler/data/Handler.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/util/urlstreamhandler/data/Handler.java Tue Oct 25 15:36:42 2016
@@ -31,7 +31,7 @@ import java.net.URLDecoder;
import java.net.URLStreamHandler;
import java.nio.charset.StandardCharsets;
-import javax.xml.bind.DatatypeConverter;
+import org.apache.qpid.util.Strings;
public class Handler extends URLStreamHandler
{
@@ -79,7 +79,7 @@ public class Handler extends URLStreamHa
_base64 = parts[0].endsWith(";base64");
if(_base64)
{
- _content = DatatypeConverter.parseBase64Binary(parts[1]);
+ _content = Strings.decodeBase64(parts[1]);
}
else
{
Modified: qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java?rev=1766547&r1=1766546&r2=1766547&view=diff
==============================================================================
--- qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java (original)
+++ qpid/java/trunk/broker-core/src/main/java/org/apache/qpid/server/virtualhost/AbstractVirtualHost.java Tue Oct 25 15:36:42 2016
@@ -62,7 +62,6 @@ import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
import javax.security.auth.Subject;
-import javax.xml.bind.DatatypeConverter;
import com.google.common.base.Function;
import com.google.common.util.concurrent.AsyncFunction;
@@ -142,6 +141,7 @@ import org.apache.qpid.server.util.Actio
import org.apache.qpid.server.util.ConnectionScopedRuntimeException;
import org.apache.qpid.server.util.HousekeepingExecutor;
import org.apache.qpid.server.util.MapValueConverter;
+import org.apache.qpid.util.Strings;
public abstract class AbstractVirtualHost<X extends AbstractVirtualHost<X>> extends AbstractConfiguredObject<X>
implements VirtualHost<X>, EventListener
@@ -725,7 +725,7 @@ public abstract class AbstractVirtualHos
{
try
{
- body = DatatypeConverter.parseBase64Binary((String)messageContent);
+ body = Strings.decodeBase64((String) messageContent);
}
catch(IllegalArgumentException e)
Modified: qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/BasicAuthPreemptiveAuthenticator.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/BasicAuthPreemptiveAuthenticator.java?rev=1766547&r1=1766546&r2=1766547&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/BasicAuthPreemptiveAuthenticator.java (original)
+++ qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/auth/BasicAuthPreemptiveAuthenticator.java Tue Oct 25 15:36:42 2016
@@ -24,7 +24,6 @@ import java.nio.charset.StandardCharsets
import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;
-import javax.xml.bind.DatatypeConverter;
import org.apache.qpid.server.management.plugin.HttpManagementConfiguration;
import org.apache.qpid.server.management.plugin.HttpRequestPreemptiveAuthenticator;
@@ -34,6 +33,7 @@ import org.apache.qpid.server.security.S
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.SubjectAuthenticationResult;
import org.apache.qpid.server.security.auth.manager.UsernamePasswordAuthenticationProvider;
+import org.apache.qpid.util.Strings;
@PluggableService
public class BasicAuthPreemptiveAuthenticator implements HttpRequestPreemptiveAuthenticator
@@ -67,7 +67,7 @@ public class BasicAuthPreemptiveAuthenti
if (isBasicAuthSupported)
{
String base64UsernameAndPassword = tokens[1];
- String[] credentials = (new String(DatatypeConverter.parseBase64Binary(base64UsernameAndPassword),
+ String[] credentials = (new String(Strings.decodeBase64(base64UsernameAndPassword),
StandardCharsets.UTF_8)).split(":", 2);
if (credentials.length == 2)
{
Modified: qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java?rev=1766547&r1=1766546&r2=1766547&view=diff
==============================================================================
--- qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java (original)
+++ qpid/java/trunk/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java Tue Oct 25 15:36:42 2016
@@ -47,6 +47,7 @@ import org.apache.qpid.server.security.a
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.SubjectAuthenticationResult;
import org.apache.qpid.server.util.ConnectionScopedRuntimeException;
+import org.apache.qpid.util.Strings;
public class SaslServlet extends AbstractServlet
{
@@ -208,7 +209,7 @@ public class SaslServlet extends Abstrac
{
byte[] saslResponseBytes = saslResponse == null
? new byte[0]
- : DatatypeConverter.parseBase64Binary(saslResponse);
+ : Strings.decodeBase64(saslResponse);
SubjectAuthenticationResult authenticationResult = subjectCreator.authenticate(saslServer, saslResponseBytes);
byte[] challenge = authenticationResult.getChallenge();
Map<String, Object> outputObject = new LinkedHashMap<>();
Modified: qpid/java/trunk/client/src/main/java/org/apache/qpid/client/security/scram/AbstractScramSaslClient.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/client/src/main/java/org/apache/qpid/client/security/scram/AbstractScramSaslClient.java?rev=1766547&r1=1766546&r2=1766547&view=diff
==============================================================================
--- qpid/java/trunk/client/src/main/java/org/apache/qpid/client/security/scram/AbstractScramSaslClient.java (original)
+++ qpid/java/trunk/client/src/main/java/org/apache/qpid/client/security/scram/AbstractScramSaslClient.java Tue Oct 25 15:36:42 2016
@@ -40,6 +40,8 @@ import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
import javax.xml.bind.DatatypeConverter;
+import org.apache.qpid.util.Strings;
+
public abstract class AbstractScramSaslClient implements SaslClient
{
@@ -129,7 +131,7 @@ public abstract class AbstractScramSaslC
{
throw new SaslException("Server final message did not contain verifier");
}
- byte[] serverSignature = DatatypeConverter.parseBase64Binary(parts[0].substring(2));
+ byte[] serverSignature = Strings.decodeBase64(parts[0].substring(2));
if(!Arrays.equals(_serverSignature, serverSignature))
{
throw new SaslException("Server signature did not match");
@@ -165,7 +167,7 @@ public abstract class AbstractScramSaslC
throw new SaslException("Server challenge '" + serverFirstMessage + "' cannot be parsed, cannot find salt");
}
String base64Salt = parts[1].substring(2);
- _salt = DatatypeConverter.parseBase64Binary(base64Salt);
+ _salt = Strings.decodeBase64(base64Salt);
if(!parts[2].startsWith("i="))
{
throw new SaslException("Server challenge '" + serverFirstMessage + "' cannot be parsed, cannot find iteration count");
Modified: qpid/java/trunk/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java?rev=1766547&r1=1766546&r2=1766547&view=diff
==============================================================================
--- qpid/java/trunk/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java (original)
+++ qpid/java/trunk/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java Tue Oct 25 15:36:42 2016
@@ -63,12 +63,12 @@ import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSocket;
-import javax.xml.bind.DatatypeConverter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.apache.qpid.transport.TransportException;
+import org.apache.qpid.util.Strings;
public class SSLUtil
{
@@ -388,7 +388,7 @@ public class SSLUtil
keyBuilder.append(line);
}
- content = DatatypeConverter.parseBase64Binary(keyBuilder.toString());
+ content = Strings.decodeBase64(keyBuilder.toString());
}
}
return readPrivateKey(content, "RSA");
Modified: qpid/java/trunk/common/src/main/java/org/apache/qpid/util/Strings.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/common/src/main/java/org/apache/qpid/util/Strings.java?rev=1766547&r1=1766546&r2=1766547&view=diff
==============================================================================
--- qpid/java/trunk/common/src/main/java/org/apache/qpid/util/Strings.java (original)
+++ qpid/java/trunk/common/src/main/java/org/apache/qpid/util/Strings.java Tue Oct 25 15:36:42 2016
@@ -33,6 +33,8 @@ import java.util.Stack;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
+import javax.xml.bind.DatatypeConverter;
+
/**
* Strings
@@ -125,6 +127,17 @@ public final class Strings
return resolver;
}
+ public static byte[] decodeBase64(String base64String)
+ {
+ base64String = base64String.replaceAll("\\s","");
+ if(!base64String.matches("[A-Za-z0-9+/]*[=]*"))
+ {
+ throw new IllegalArgumentException("Cannot convert string '"+ base64String+ "'to a byte[] - it does not appear to be base64 data");
+ }
+
+ return DatatypeConverter.parseBase64Binary(base64String);
+ }
+
public static interface Resolver
{
String resolve(String variable, final Resolver resolver);
Modified: qpid/java/trunk/tools/src/main/java/org/apache/qpid/tools/RestStressTestClient.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/tools/src/main/java/org/apache/qpid/tools/RestStressTestClient.java?rev=1766547&r1=1766546&r2=1766547&view=diff
==============================================================================
--- qpid/java/trunk/tools/src/main/java/org/apache/qpid/tools/RestStressTestClient.java (original)
+++ qpid/java/trunk/tools/src/main/java/org/apache/qpid/tools/RestStressTestClient.java Tue Oct 25 15:36:42 2016
@@ -20,10 +20,6 @@
*/
package org.apache.qpid.tools;
-import javax.crypto.Mac;
-import javax.crypto.spec.SecretKeySpec;
-import javax.xml.bind.DatatypeConverter;
-
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
@@ -41,10 +37,15 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
+import javax.xml.bind.DatatypeConverter;
+
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.apache.qpid.tools.util.ArgumentsParser;
+import org.apache.qpid.util.Strings;
public class RestStressTestClient
{
@@ -463,7 +464,7 @@ public class RestStressTestClient
{
try
{
- byte[] challengeBytes = DatatypeConverter.parseBase64Binary(challenge);
+ byte[] challengeBytes = Strings.decodeBase64(challenge);
String macAlgorithm = "HmacMD5";
Mac mac = Mac.getInstance(macAlgorithm);
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org