You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2018/12/17 12:22:10 UTC
svn commit: r1849082 - in /webservices/wss4j/trunk:
ws-security-common/src/main/java/org/apache/wss4j/common/saml/
ws-security-dom/src/main/java/org/apache/wss4j/dom/message/
ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/
ws-security-dom...
Author: coheigea
Date: Mon Dec 17 12:22:10 2018
New Revision: 1849082
URL: http://svn.apache.org/viewvc?rev=1849082&view=rev
Log:
Clear the private keys from memory when we are done with them
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSecSignatureSAML.java
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java?rev=1849082&r1=1849081&r2=1849082&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java Mon Dec 17 12:22:10 2018
@@ -593,6 +593,13 @@ public class SamlAssertionWrapper {
// add the signature to the assertion
setSignature(signature, signatureDigestAlgorithm);
+
+ // Clean the private key from memory
+ try {
+ privateKey.destroy();
+ } catch (javax.security.auth.DestroyFailedException ex) {
+ LOG.debug("Error destroying private key: {}", ex.getMessage());
+ }
}
/**
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java?rev=1849082&r1=1849081&r2=1849082&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java Mon Dec 17 12:22:10 2018
@@ -27,6 +27,7 @@ import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
+import javax.security.auth.Destroyable;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.XMLStructure;
import javax.xml.crypto.dom.DOMCryptoContext;
@@ -609,6 +610,15 @@ public class WSSecSignature extends WSSe
signatureValue = sig.getSignatureValue().getValue();
+ // Clean the private key from memory
+ if (key instanceof Destroyable) {
+ try {
+ ((Destroyable)key).destroy();
+ } catch (javax.security.auth.DestroyFailedException ex) {
+ LOG.debug("Error destroying private key: {}", ex.getMessage());
+ }
+ }
+
cleanup();
} catch (Exception ex) {
LOG.error(ex.getMessage(), ex);
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java?rev=1849082&r1=1849081&r2=1849082&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java Mon Dec 17 12:22:10 2018
@@ -227,6 +227,13 @@ public class EncryptedKeyProcessor imple
decryptedBytes = getAsymmetricDecryptedBytes(data, data.getWsDocInfo(), encryptedKeyTransportMethod,
encryptedEphemeralKey, refList,
elem, privateKey);
+
+ // Clean the private key from memory
+ try {
+ privateKey.destroy();
+ } catch (javax.security.auth.DestroyFailedException ex) {
+ LOG.debug("Error destroying private key: {}", ex.getMessage());
+ }
}
List<WSDataRef> dataRefs = decryptDataRefs(refList, data.getWsDocInfo(), decryptedBytes, data);
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSecSignatureSAML.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSecSignatureSAML.java?rev=1849082&r1=1849081&r2=1849082&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSecSignatureSAML.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSecSignatureSAML.java Mon Dec 17 12:22:10 2018
@@ -23,6 +23,7 @@ import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.List;
+import javax.security.auth.Destroyable;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLSignContext;
@@ -528,6 +529,15 @@ public class WSSecSignatureSAML extends
sig.sign(signContext);
signatureValue = sig.getSignatureValue().getValue();
+
+ // Clean the private key from memory
+ if (key instanceof Destroyable) {
+ try {
+ ((Destroyable)key).destroy();
+ } catch (javax.security.auth.DestroyFailedException ex) {
+ LOG.debug("Error destroying private key: {}", ex.getMessage());
+ }
+ }
} catch (Exception ex) {
LOG.error(ex.getMessage(), ex);
throw new WSSecurityException(