Skip to content

Commit

Permalink
Merge pull request #166 from hazendaz/master
Browse files Browse the repository at this point in the history 
Dependency Updates and Base64 Encoding protection
  • Loading branch information
@hazendaz
hazendaz committed Nov 21, 2014
2 parents 444a10e + 05ed2e7 commit b14fee8
Show file tree
Hide file tree
Showing 12 changed files with 38 additions and 155 deletions.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,3 +14,4 @@ Thumbs.db
Waffle.sln.cache
Waffle.suo
*.csproj.user
.tern-project
6 changes: 6 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,9 @@
1.8 (in-progress)
=================
* Added try/catch to authorization header base64 decode in cases of invalid or unsupported authentication header.
** Throws runtimeException "Invalid authorization header."


1.7 (9/25/2014)
===============

Expand Down
2 changes: 1 addition & 1 deletion Source/JNA/waffle-jetty/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@

<el.version>3.0.1-b05</el.version>
<el-api.version>3.0.1-b04</el-api.version>
<jetty.version>9.2.3.v20140905</jetty.version>
<jetty.version>9.2.4.v20141103</jetty.version>
<jdt.version>4.4</jdt.version>
<jsp.version>2.3.3-b02</jsp.version>
<jsp-api.version>2.3.2-b01</jsp-api.version>
Expand Down
3 changes: 2 additions & 1 deletion Source/JNA/waffle-jna/src/main/java/waffle/servlet/WaffleInfoServlet.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,9 +121,10 @@ public Element getRequestInfo(final Document doc, final HttpServletRequest reque

final Enumeration<?> headers = request.getHeaderNames();
if (headers.hasMoreElements()) {
String name;
Element child = doc.createElement("headers");
while (headers.hasMoreElements()) {
String name = (String) headers.nextElement();
name = (String) headers.nextElement();

value = doc.createElement(name);
value.setTextContent(request.getHeader(name));
Expand Down
12 changes: 5 additions & 7 deletions Source/JNA/waffle-jna/src/main/java/waffle/servlet/spi/SecurityFilterProviderCollection.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,14 +48,15 @@ public SecurityFilterProviderCollection(final SecurityFilterProvider[] providerA

@SuppressWarnings("unchecked")
public SecurityFilterProviderCollection(final String[] providerNames, final IWindowsAuthProvider auth) {
Class<SecurityFilterProvider> providerClass;
Constructor<SecurityFilterProvider> providerConstructor;
for (String providerName : providerNames) {
providerName = providerName.trim();
LOGGER.info("loading '{}'", providerName);
try {
Class<SecurityFilterProvider> providerClass = (Class<SecurityFilterProvider>) Class
.forName(providerName);
Constructor<SecurityFilterProvider> c = providerClass.getConstructor(IWindowsAuthProvider.class);
SecurityFilterProvider provider = c.newInstance(auth);
providerClass = (Class<SecurityFilterProvider>) Class.forName(providerName);
providerConstructor = providerClass.getConstructor(IWindowsAuthProvider.class);
final SecurityFilterProvider provider = providerConstructor.newInstance(auth);
this.providers.add(provider);
} catch (final ClassNotFoundException e) {
LOGGER.error("error loading '{}': {}", providerName, e.getMessage());
Expand Down Expand Up @@ -121,7 +122,6 @@ private SecurityFilterProvider get(final String securityPackage) {
*/
public IWindowsIdentity doFilter(final HttpServletRequest request, final HttpServletResponse response)
throws IOException {

final AuthorizationHeader authorizationHeader = new AuthorizationHeader(request);
final SecurityFilterProvider provider = get(authorizationHeader.getSecurityPackage());
if (provider == null) {
Expand All @@ -138,13 +138,11 @@ public IWindowsIdentity doFilter(final HttpServletRequest request, final HttpSer
* @return True if authentication is required.
*/
public boolean isPrincipalException(final HttpServletRequest request) {

for (SecurityFilterProvider provider : this.providers) {
if (provider.isPrincipalException(request)) {
return true;
}
}

return false;
}

Expand Down
6 changes: 5 additions & 1 deletion Source/JNA/waffle-jna/src/main/java/waffle/util/AuthorizationHeader.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,11 @@ public String getToken() {
}

public byte[] getTokenBytes() {
return BaseEncoding.base64().decode(getToken());
try {
return BaseEncoding.base64().decode(getToken());
} catch (IllegalArgumentException e) {
throw new RuntimeException("Invalid authorization header.");
}
}

public boolean isNtlmType1Message() {
Expand Down
56 changes: 0 additions & 56 deletions Source/JNA/waffle-jna/src/main/java/waffle/util/Base64.java
View file

This file was deleted.

2 changes: 0 additions & 2 deletions Source/JNA/waffle-jna/src/main/java/waffle/util/SPNegoMessage.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,12 +85,10 @@ public static boolean isNegTokenArg(final byte[] message) {
if ((message[1] & 0x80) == 0) {
len = message[1];
} else {

lenBytes = message[1] & 0x7f;
len = 0;
int i = 2;
while (lenBytes > 0) {

len = len << 8;
len |= (message[i] & 0xff);
--lenBytes;
Expand Down
65 changes: 0 additions & 65 deletions Source/JNA/waffle-jna/src/test/java/waffle/util/Base64Tests.java
View file

This file was deleted.

36 changes: 16 additions & 20 deletions Source/JNA/waffle-parent/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,11 +109,13 @@

<assertj.version>1.7.0</assertj.version>
<contiperf.version>2.3.4</contiperf.version>
<junit.version>4.12-beta-2</junit.version>
<junit.version>4.12-beta-3</junit.version>
<mockito.version>1.10.8</mockito.version>
<powermock.version>1.5.6</powermock.version>
<signature.version>java16</signature.version>
<slf4j.version>1.7.7</slf4j.version>

<signature.artifact>java16</signature.artifact>
<signature.version>1.1</signature.version>
</properties>
<dependencies>
<dependency>
Expand Down Expand Up @@ -141,12 +143,6 @@
<artifactId>mockito-core</artifactId>
<version>${mockito.version}</version>
<scope>test</scope>
<exclusions>
<exclusion>
<artifactId>objenesis</artifactId>
<groupId>org.objenesis</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.powermock</groupId>
Expand Down Expand Up @@ -174,7 +170,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-clean-plugin</artifactId>
<version>2.6</version>
<version>2.6.1</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
Expand Down Expand Up @@ -223,14 +219,14 @@
<dependency>
<groupId>org.apache.maven.wagon</groupId>
<artifactId>wagon-ssh</artifactId>
<version>2.7</version>
<version>2.8</version>
</dependency>
</dependencies>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<version>2.17</version>
<version>2.18</version>
<configuration>
<includes>
<include>**/*Tests.java</include>
Expand Down Expand Up @@ -287,7 +283,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-assembly-plugin</artifactId>
<version>2.5</version>
<version>2.5.1</version>
<configuration>
<descriptor>${project.basedir}/src/assembly/assembly.xml</descriptor>
</configuration>
Expand Down Expand Up @@ -397,7 +393,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jxr-plugin</artifactId>
<version>2.4</version>
<version>2.5</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
Expand All @@ -407,7 +403,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-report-plugin</artifactId>
<version>2.17</version>
<version>2.18</version>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
Expand Down Expand Up @@ -443,12 +439,12 @@
<dependency>
<groupId>org.eclipse.jgit</groupId>
<artifactId>org.eclipse.jgit</artifactId>
<version>3.5.1.201410131835-r</version>
<version>3.6.0.201411121045-m1</version>
</dependency>
<dependency>
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-utils</artifactId>
<version>3.0.20</version>
<version>3.0.21</version>
</dependency>
</dependencies>
</plugin>
Expand All @@ -467,12 +463,12 @@
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>animal-sniffer-maven-plugin</artifactId>
<version>1.11</version>
<version>1.12</version>
<configuration>
<signature>
<groupId>org.codehaus.mojo.signature</groupId>
<artifactId>${signature.version}</artifactId>
<version>1.1</version>
<artifactId>${signature.artifact}</artifactId>
<version>${signature.version}</version>
</signature>
</configuration>
</plugin>
Expand Down Expand Up @@ -783,7 +779,7 @@
<extension>
<groupId>org.apache.maven.wagon</groupId>
<artifactId>wagon-ssh</artifactId>
<version>2.7</version>
<version>2.8</version>
</extension>
</extensions>
</build>
Expand Down
2 changes: 1 addition & 1 deletion Source/JNA/waffle-tomcat7/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
<description>Tomcat 7 integration for WAFFLE</description>
<url>http://dblock.github.com/waffle/</url>
<properties>
<tomcat.version>7.0.56</tomcat.version>
<tomcat.version>7.0.57</tomcat.version>
</properties>
<scm>
<connection>scm:git:ssh://[email protected]/dblock/waffle.git</connection>
Expand Down
2 changes: 1 addition & 1 deletion Source/JNA/waffle-tomcat8/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
<properties>
<maven.compiler.source>1.7</maven.compiler.source>
<maven.compiler.target>1.7</maven.compiler.target>
<tomcat.version>8.0.14</tomcat.version>
<tomcat.version>8.0.15</tomcat.version>
</properties>
<scm>
<connection>scm:git:ssh://[email protected]/dblock/waffle.git</connection>
Expand Down

0 comments on commit b14fee8

Please sign in to comment.