Updated Branches:
refs/heads/camel-2.11.x 54e8aae8b -> 38e2271a3
CAMEL-7083 Log a warning when default encryption keys used with thanks to Colm
Conflicts:
components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityTokenInjector.java
Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/38e2271a
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/38e2271a
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/38e2271a
Branch: refs/heads/camel-2.11.x
Commit: 38e2271a3c743d20d059ab128afd83bc7b375d1d
Parents: 54e8aae
Author: Willem Jiang <[email protected]>
Authored: Sun Dec 22 11:03:06 2013 +0800
Committer: Willem Jiang <[email protected]>
Committed: Sun Dec 22 11:45:32 2013 +0800
----------------------------------------------------------------------
.../shiro/security/ShiroSecurityTokenInjector.java | 7 +++++++
.../dataformat/xmlsecurity/XMLSecurityDataFormat.java | 13 ++++++++++---
2 files changed, 17 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/camel/blob/38e2271a/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityTokenInjector.java
----------------------------------------------------------------------
diff --git
a/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityTokenInjector.java
b/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityTokenInjector.java
index 9ced6dc..60292f3 100644
---
a/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityTokenInjector.java
+++
b/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityTokenInjector.java
@@ -27,8 +27,12 @@ import org.apache.camel.util.IOHelper;
import org.apache.shiro.crypto.AesCipherService;
import org.apache.shiro.crypto.CipherService;
import org.apache.shiro.util.ByteSource;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
public class ShiroSecurityTokenInjector implements Processor {
+ private static final Logger LOG =
LoggerFactory.getLogger(ShiroSecurityTokenInjector.class);
+
private final byte[] bits128 = {
(byte) 0x08, (byte) 0x09, (byte) 0x0A, (byte) 0x0B,
(byte) 0x0C, (byte) 0x0D, (byte) 0x0E, (byte) 0x0F,
@@ -57,6 +61,9 @@ public class ShiroSecurityTokenInjector implements Processor {
}
public ByteSource encrypt() throws Exception {
+ if (passPhrase == bits128) {
+ LOG.warn("Using the default encryption key is not secure");
+ }
ByteArrayOutputStream stream = new ByteArrayOutputStream();
ObjectOutput serialStream = new ObjectOutputStream(stream);
try {
http://git-wip-us.apache.org/repos/asf/camel/blob/38e2271a/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java
----------------------------------------------------------------------
diff --git
a/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java
b/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java
index abca6bb..3766a78 100755
---
a/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java
+++
b/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java
@@ -40,6 +40,8 @@ import javax.crypto.spec.DESedeKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.transform.dom.DOMSource;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -97,7 +99,9 @@ public class XMLSecurityDataFormat implements DataFormat,
CamelContextAware {
*/
@Deprecated
public static final String XML_ENC_KEY_STORE_ALIAS =
"CamelXmlEncryptionKeyAlias";
-
+
+ private static final Logger LOG =
LoggerFactory.getLogger(XMLSecurityDataFormat.class);
+ private static final String DEFAULT_KEY = "Just another 24 Byte key";
private String xmlCipherAlgorithm;
private String keyCipherAlgorithm;
@@ -124,7 +128,7 @@ public class XMLSecurityDataFormat implements DataFormat,
CamelContextAware {
public XMLSecurityDataFormat() {
this.xmlCipherAlgorithm = XMLCipher.TRIPLEDES;
// set a default pass phrase as its required
- this.passPhrase = "Just another 24 Byte key".getBytes();
+ this.passPhrase = DEFAULT_KEY.getBytes();
this.secureTag = "";
this.secureTagContents = true;
@@ -630,10 +634,13 @@ public class XMLSecurityDataFormat implements DataFormat,
CamelContextAware {
} else {
secretKey = new SecretKeySpec(passPhrase, "AES");
}
+ if (Arrays.equals(passPhrase, DEFAULT_KEY.getBytes())) {
+ LOG.warn("Using the default encryption key is not secure");
+ }
} catch (InvalidKeyException e) {
throw new InvalidKeyException("InvalidKeyException due to invalid
passPhrase: " + Arrays.toString(passPhrase));
} catch (NoSuchAlgorithmException e) {
- throw new NoSuchAlgorithmException("NoSuchAlgorithmException while
using XMLCipher.TRIPLEDES algorithm: DESede");
+ throw new NoSuchAlgorithmException("NoSuchAlgorithmException while
using algorithm: " + algorithm);
} catch (InvalidKeySpecException e) {
throw new InvalidKeySpecException("Invalid Key generated while
using passPhrase: " + Arrays.toString(passPhrase));
}
