Updated Branches: refs/heads/master 93667e432 -> 5e216a0d7
CAMEL-7083 Log a warning when default encryption keys used with thanks to Colm Project: http://git-wip-us.apache.org/repos/asf/camel/repo Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/5e216a0d Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/5e216a0d Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/5e216a0d Branch: refs/heads/master Commit: 5e216a0d71957222cfb897a93f694357b04ca6f9 Parents: 93667e4 Author: Willem Jiang <[email protected]> Authored: Sun Dec 22 11:03:06 2013 +0800 Committer: Willem Jiang <[email protected]> Committed: Sun Dec 22 11:03:06 2013 +0800 ---------------------------------------------------------------------- .../shiro/security/ShiroSecurityTokenInjector.java | 7 +++++++ .../dataformat/xmlsecurity/XMLSecurityDataFormat.java | 13 ++++++++++--- 2 files changed, 17 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/camel/blob/5e216a0d/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityTokenInjector.java ---------------------------------------------------------------------- diff --git a/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityTokenInjector.java b/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityTokenInjector.java index 1553ecf..5179b9b 100644 --- a/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityTokenInjector.java +++ b/components/camel-shiro/src/main/java/org/apache/camel/component/shiro/security/ShiroSecurityTokenInjector.java @@ -21,8 +21,12 @@ import org.apache.camel.Processor; import org.apache.shiro.crypto.AesCipherService; import org.apache.shiro.crypto.CipherService; import org.apache.shiro.util.ByteSource; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; public class ShiroSecurityTokenInjector implements Processor { + private static final Logger LOG = LoggerFactory.getLogger(ShiroSecurityTokenInjector.class); + private final byte[] bits128 = { (byte) 0x08, (byte) 0x09, (byte) 0x0A, (byte) 0x0B, (byte) 0x0C, (byte) 0x0D, (byte) 0x0E, (byte) 0x0F, @@ -52,6 +56,9 @@ public class ShiroSecurityTokenInjector implements Processor { } public ByteSource encrypt() throws Exception { + if (passPhrase == bits128) { + LOG.warn("Using the default encryption key is not secure"); + } return ShiroSecurityHelper.encrypt(securityToken, passPhrase, cipherService); } http://git-wip-us.apache.org/repos/asf/camel/blob/5e216a0d/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java ---------------------------------------------------------------------- diff --git a/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java b/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java index dfc541c..c73ff41 100755 --- a/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java +++ b/components/camel-xmlsecurity/src/main/java/org/apache/camel/dataformat/xmlsecurity/XMLSecurityDataFormat.java @@ -40,6 +40,8 @@ import javax.crypto.spec.DESedeKeySpec; import javax.crypto.spec.SecretKeySpec; import javax.xml.transform.dom.DOMSource; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -99,7 +101,9 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware { */ @Deprecated public static final String XML_ENC_KEY_STORE_ALIAS = "CamelXmlEncryptionKeyAlias"; - + + private static final Logger LOG = LoggerFactory.getLogger(XMLSecurityDataFormat.class); + private static final String DEFAULT_KEY = "Just another 24 Byte key"; private String xmlCipherAlgorithm; private String keyCipherAlgorithm; @@ -138,7 +142,7 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware { public XMLSecurityDataFormat() { this.xmlCipherAlgorithm = XMLCipher.TRIPLEDES; // set a default pass phrase as its required - this.passPhrase = "Just another 24 Byte key".getBytes(); + this.passPhrase = DEFAULT_KEY.getBytes(); this.secureTag = ""; this.secureTagContents = true; @@ -664,10 +668,13 @@ public class XMLSecurityDataFormat implements DataFormat, CamelContextAware { } else { secretKey = new SecretKeySpec(passPhrase, "AES"); } + if (Arrays.equals(passPhrase, DEFAULT_KEY.getBytes())) { + LOG.warn("Using the default encryption key is not secure"); + } } catch (InvalidKeyException e) { throw new InvalidKeyException("InvalidKeyException due to invalid passPhrase: " + Arrays.toString(passPhrase)); } catch (NoSuchAlgorithmException e) { - throw new NoSuchAlgorithmException("NoSuchAlgorithmException while using XMLCipher.TRIPLEDES algorithm: DESede"); + throw new NoSuchAlgorithmException("NoSuchAlgorithmException while using algorithm: " + algorithm); } catch (InvalidKeySpecException e) { throw new InvalidKeySpecException("Invalid Key generated while using passPhrase: " + Arrays.toString(passPhrase)); }
