From ee3a7b31114b3ee9e1f8fe5748f0bf3e14079177 Mon Sep 17 00:00:00 2001 From: "yeonghun.nam" Date: Mon, 22 Aug 2016 19:12:40 +0900 Subject: [PATCH] Resolved svace issues in AccountServer Change-Id: I2818113959143b1c1877b7b179ab4b5293d703a3 Signed-off-by: yeonghun.nam Signed-off-by: Glen Youngjin Kim Signed-off-by: Jung Seungho Signed-off-by: yeonghun.nam Reviewed-on: https://gerrit.iotivity.org/gerrit/10639 Tested-by: jenkins-iotivity Reviewed-by: Jee Hyeok Kim --- .../iotivity/cloud/accountserver/oauth/Github.java | 6 ++ .../resources/account/AccountResource.java | 6 +- .../resources/account/session/SessionResource.java | 7 +- .../account/tokenrefresh/TokenRefreshResource.java | 10 +-- .../accountserver/resources/acl/group/Group.java | 55 ++++++++------ .../resources/acl/group/GroupManager.java | 9 +++ .../resources/acl/group/GroupResource.java | 4 ++ .../resources/acl/invite/InviteManager.java | 12 ++-- .../resources/certificate/CertificateResource.java | 4 ++ .../x509/cert/CertificateBuilder.java | 83 ++++++++++++---------- .../cloud/accountserver/x509/crl/CrlStore.java | 25 +++++-- 11 files changed, 132 insertions(+), 89 deletions(-) diff --git a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/oauth/Github.java b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/oauth/Github.java index b16b181..73abb96 100644 --- a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/oauth/Github.java +++ b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/oauth/Github.java @@ -130,6 +130,12 @@ public class Github implements OAuthProvider { JSONUtil> util = new JSONUtil<>(); HashMap parsedData = util.parseJSON(response, HashMap.class); + + if (parsedData == null) { + Log.d("parsedData is null!"); + return null; + } + String userId = parsedData.get(userIdKey); userInfo.setUserid(userId); diff --git a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/resources/account/AccountResource.java b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/resources/account/AccountResource.java index 43545c3..2bba0c5 100644 --- a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/resources/account/AccountResource.java +++ b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/resources/account/AccountResource.java @@ -86,15 +86,11 @@ public class AccountResource extends Resource { private IResponse handlePostSignUp(IRequest request) throws ServerException { - if (request.getPayload() == null) { - throw new BadRequestException("payload is null"); - } - HashMap payloadData = mCbor .parsePayloadFromCbor(request.getPayload(), HashMap.class); if (payloadData == null) { - throw new BadRequestException("CBOR parsing failed"); + throw new BadRequestException("payload is null"); } HashMap responsePayload = null; diff --git a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/resources/account/session/SessionResource.java b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/resources/account/session/SessionResource.java index 4266114..b39542c 100644 --- a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/resources/account/session/SessionResource.java +++ b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/resources/account/session/SessionResource.java @@ -71,16 +71,11 @@ public class SessionResource extends Resource { private IResponse handlePostSigninout(IRequest request) throws ServerException { - // exception handle before getting payload - if (request.getPayload() == null) { - throw new BadRequestException("payload is empty"); - } - HashMap payloadData = mCbor .parsePayloadFromCbor(request.getPayload(), HashMap.class); if (payloadData == null) { - throw new BadRequestException("CBOR parsing failed"); + throw new BadRequestException("payload is null"); } HashMap responsePayload = null; diff --git a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/resources/account/tokenrefresh/TokenRefreshResource.java b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/resources/account/tokenrefresh/TokenRefreshResource.java index ae75708..79abff1 100644 --- a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/resources/account/tokenrefresh/TokenRefreshResource.java +++ b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/resources/account/tokenrefresh/TokenRefreshResource.java @@ -36,7 +36,6 @@ import org.iotivity.cloud.base.protocols.enums.ContentFormat; import org.iotivity.cloud.base.protocols.enums.ResponseStatus; import org.iotivity.cloud.base.resource.Resource; import org.iotivity.cloud.util.Cbor; -import org.iotivity.cloud.util.Log; public class TokenRefreshResource extends Resource { @@ -71,18 +70,11 @@ public class TokenRefreshResource extends Resource { private IResponse handlePostRefreshToken(IRequest request) throws ServerException { - if (request.getPayload() == null) { - throw new BadRequestException("payload is null"); - } - HashMap payloadData = mCbor .parsePayloadFromCbor(request.getPayload(), HashMap.class); - // temp code - Log.v(payloadData.toString()); - if (payloadData == null) { - throw new BadRequestException("CBOR parsing failed"); + throw new BadRequestException("payload is null"); } HashMap responsePayload = null; diff --git a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/resources/acl/group/Group.java b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/resources/acl/group/Group.java index 17038e6..d234d5d 100644 --- a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/resources/acl/group/Group.java +++ b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/resources/acl/group/Group.java @@ -31,6 +31,8 @@ import org.iotivity.cloud.accountserver.db.AccountDBManager; import org.iotivity.cloud.accountserver.db.GroupTable; import org.iotivity.cloud.accountserver.util.TypeCastingManager; import org.iotivity.cloud.base.device.Device; +import org.iotivity.cloud.base.exception.ServerException.BadRequestException; +import org.iotivity.cloud.base.exception.ServerException.InternalServerErrorException; import org.iotivity.cloud.base.exception.ServerException.UnAuthorizedException; import org.iotivity.cloud.base.protocols.IRequest; import org.iotivity.cloud.base.protocols.MessageBuilder; @@ -89,11 +91,16 @@ public class Group { public void removeMember(HashSet uuid) { GroupTable groupTable = getGroupTable(); - + if (groupTable.getGmid() == null) { + throw new InternalServerErrorException("group master is empty"); + } if (uuid.contains(groupTable.getGmid())) { GroupResource.getInstance().deleteGroup(groupTable.getGmid(), mGid); notifyToSubscriber(getResponsePayload(false)); } else { + if (groupTable.getMidlist() == null) { + throw new BadRequestException("midList is invalid in Group"); + } groupTable.setMidlist( removeGroupListSet(groupTable.getMidlist(), uuid)); AccountDBManager.getInstance().updateRecord(Constants.GROUP_TABLE, @@ -112,7 +119,9 @@ public class Group { public void removeDevice(HashSet di) { GroupTable groupTable = getGroupTable(); - + if (groupTable.getDilist() == null) { + throw new BadRequestException("deviceList is invalid in Group"); + } groupTable.setDilist(removeGroupListSet(groupTable.getDilist(), di)); AccountDBManager.getInstance().updateRecord(Constants.GROUP_TABLE, @@ -123,16 +132,7 @@ public class Group { public HashMap getInfo(String mid) { - GroupTable groupTable = getGroupTable(); - - HashSet midListSet = new HashSet( - (Collection) groupTable.getMidlist()); - - if (!midListSet.contains(mid)) { - - throw new UnAuthorizedException( - mid + " is not Group member in gid=" + mGid); - } + verifyGroupTableMid(mid); return getResponsePayload(true); } @@ -140,16 +140,7 @@ public class Group { public HashMap addSubscriber(String mid, Device subscriber, IRequest request) { - GroupTable groupTable = getGroupTable(); - - HashSet midListSet = new HashSet( - (Collection) groupTable.getMidlist()); - - if (!midListSet.contains(mid)) { - - throw new UnAuthorizedException( - mid + " is not Group member in gid=" + mGid); - } + verifyGroupTableMid(mid); GroupSubscriber newSubscriber = new GroupSubscriber(subscriber, request); @@ -162,7 +153,8 @@ public class Group { public HashMap removeSubscriber(String mid) { - HashMap responsePayload = null; + HashMap responsePayload = getResponsePayload(true); + if (mSubscribers.containsKey(mid)) { mSubscribers.remove(mid); } @@ -170,6 +162,23 @@ public class Group { return responsePayload; } + private void verifyGroupTableMid(String mid) { + + GroupTable groupTable = getGroupTable(); + + if (groupTable.getMidlist() == null) { + throw new BadRequestException("midList is invalid in Group"); + } + HashSet midListSet = new HashSet( + (Collection) groupTable.getMidlist()); + + if (!midListSet.contains(mid)) { + + throw new UnAuthorizedException( + mid + " is not Group member in gid=" + mGid); + } + } + private void notifyToSubscriber( HashMap notifiyBtyePayloadData) { synchronized (mSubscribers) { diff --git a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/resources/acl/group/GroupManager.java b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/resources/acl/group/GroupManager.java index d686684..0f380ae 100644 --- a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/resources/acl/group/GroupManager.java +++ b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/resources/acl/group/GroupManager.java @@ -34,6 +34,7 @@ import org.iotivity.cloud.accountserver.db.GroupTable; import org.iotivity.cloud.accountserver.util.TypeCastingManager; import org.iotivity.cloud.base.device.Device; import org.iotivity.cloud.base.exception.ServerException.BadRequestException; +import org.iotivity.cloud.base.exception.ServerException.InternalServerErrorException; import org.iotivity.cloud.base.protocols.IRequest; public class GroupManager { @@ -107,6 +108,14 @@ public class GroupManager { getGroupTable = mTypeGroup.convertMaptoObject(element, getGroupTable); + if (getGroupTable.getGtype() == null) { + throw new InternalServerErrorException("gtype is empty"); + } + + if (getGroupTable.getMidlist() == null) { + throw new BadRequestException("midList is invalid in Group"); + } + HashSet midListSet = new HashSet( (Collection) getGroupTable.getMidlist()); diff --git a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/resources/acl/group/GroupResource.java b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/resources/acl/group/GroupResource.java index f5b8538..be7f3a5 100644 --- a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/resources/acl/group/GroupResource.java +++ b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/resources/acl/group/GroupResource.java @@ -87,6 +87,10 @@ public class GroupResource extends Resource { HashMap payloadData = mCbor .parsePayloadFromCbor(request.getPayload(), HashMap.class); + if (payloadData == null) { + throw new BadRequestException("payload is null"); + } + if (getUriPathSegments().containsAll(request.getUriPathSegments())) { String uuid = payloadData.get(Constants.REQ_GROUP_MASTER_ID) .toString(); diff --git a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/resources/acl/invite/InviteManager.java b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/resources/acl/invite/InviteManager.java index 05d4b68..67146d3 100644 --- a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/resources/acl/invite/InviteManager.java +++ b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/resources/acl/invite/InviteManager.java @@ -30,6 +30,7 @@ import org.iotivity.cloud.accountserver.db.AccountDBManager; import org.iotivity.cloud.accountserver.db.InviteTable; import org.iotivity.cloud.accountserver.util.TypeCastingManager; import org.iotivity.cloud.base.device.Device; +import org.iotivity.cloud.base.exception.ServerException.BadRequestException; import org.iotivity.cloud.base.protocols.IRequest; import org.iotivity.cloud.base.protocols.MessageBuilder; import org.iotivity.cloud.base.protocols.enums.ContentFormat; @@ -119,7 +120,7 @@ public class InviteManager { List inviteList = getInviteTableList( Constants.KEYFIELD_INVITE_USER, uid); - if (inviteList != null) { + if (!inviteList.isEmpty()) { invitePayloadData = new ArrayList<>(); for (InviteTable invite : inviteList) { HashMap inviteElement = new HashMap<>(); @@ -132,7 +133,7 @@ public class InviteManager { List invitedList = getInviteTableList( Constants.KEYFIELD_INVITED_USER, uid); - if (invitedList != null) { + if (inviteList.isEmpty()) { invitedPayloadData = new ArrayList<>(); for (InviteTable invited : invitedList) { HashMap invitedElement = new HashMap<>(); @@ -186,16 +187,15 @@ public class InviteManager { private List getInviteTableList(String property, String uid) { InviteTable getInviteTable = new InviteTable(); - ArrayList inviteList = null; + ArrayList inviteList = new ArrayList<>(); HashMap condition = new HashMap<>(); condition.put(property, uid); ArrayList> mapInviteList = AccountDBManager .getInstance().selectRecord(Constants.INVITE_TABLE, condition); - if (!mapInviteList.isEmpty()) { - inviteList = new ArrayList<>(); + if (mapInviteList == null) { + throw new BadRequestException("uid is invalid"); } - for (HashMap mapInviteTable : mapInviteList) { getInviteTable = mTypeInvite.convertMaptoObject(mapInviteTable, diff --git a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/resources/certificate/CertificateResource.java b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/resources/certificate/CertificateResource.java index 3e390c1..8abbea2 100644 --- a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/resources/certificate/CertificateResource.java +++ b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/resources/certificate/CertificateResource.java @@ -78,6 +78,10 @@ public class CertificateResource extends Resource { Map payloadData = mCbor .parsePayloadFromCbor(request.getPayload(), HashMap.class); + if (payloadData == null) { + throw new BadRequestException("CBOR parsing failed"); + } + Map responsePayload = null; if (payloadData.containsKey(Constants.REQ_CSR)) { diff --git a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/x509/cert/CertificateBuilder.java b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/x509/cert/CertificateBuilder.java index cc67ef6..00f3038 100644 --- a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/x509/cert/CertificateBuilder.java +++ b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/x509/cert/CertificateBuilder.java @@ -51,42 +51,47 @@ import org.bouncycastle.operator.OperatorCreationException; import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; public class CertificateBuilder { - private String mIssuer; - private String mSubjectCN; - private String mSubjectC; - private String mSubjectO; - private String mSubjectOU; - private String mSubjectAltName; - private Date mNotBefore; - private Date mNotAfter; - private PrivateKey mPrivKey; - private PublicKey mPubKey; - private BigInteger mSerial; - private static final String BC = BouncyCastleProvider.PROVIDER_NAME; - private static final String SIGNATURE_ALGORITHM = "SHA256withECDSA"; - private static final String CURVE = "secp256r1"; + private String mIssuer; + private String mSubjectCN; + private String mSubjectC; + private String mSubjectO; + private String mSubjectOU; + private String mSubjectAltName; + private Date mNotBefore; + private Date mNotAfter; + private PrivateKey mPrivKey; + private PublicKey mPubKey; + private BigInteger mSerial; + private static final String BC = BouncyCastleProvider.PROVIDER_NAME; + private static final String SIGNATURE_ALGORITHM = "SHA256withECDSA"; + private static final String CURVE = "secp256r1"; private static final String KEY_GENERATOR_ALGORITHM = "ECDSA"; - public CertificateBuilder(String subject, Date notBefore, Date notAfter, BigInteger serial) { + public CertificateBuilder(String subject, Date notBefore, Date notAfter, + BigInteger serial) { Security.addProvider(new BouncyCastleProvider()); init(subject, null, notBefore, notAfter, null, null, serial); } - public CertificateBuilder(String subject, PublicKey pubKey, Date notBefore, Date notAfter, - BigInteger serial, CertificatePrivateKeyPair root) { - X500Name x500name = new X500Name( root.getCertificate().getSubjectX500Principal().getName() ); + public CertificateBuilder(String subject, PublicKey pubKey, Date notBefore, + Date notAfter, BigInteger serial, CertificatePrivateKeyPair root) { + X500Name x500name = new X500Name( + root.getCertificate().getSubjectX500Principal().getName()); RDN cn = x500name.getRDNs(BCStyle.CN)[0]; - init(subject, IETFUtils.valueToString(cn.getFirst().getValue()), notBefore, notAfter, root.getKey(), pubKey, serial); + init(subject, IETFUtils.valueToString(cn.getFirst().getValue()), + notBefore, notAfter, root.getKey(), pubKey, serial); } - public CertificateBuilder(String subject, String issuer, Date notBefore, Date notAfter, - PrivateKey privKey, PublicKey pubKey, BigInteger serial) { + public CertificateBuilder(String subject, String issuer, Date notBefore, + Date notAfter, PrivateKey privKey, PublicKey pubKey, + BigInteger serial) { Security.addProvider(new BouncyCastleProvider()); init(subject, issuer, notBefore, notAfter, privKey, pubKey, serial); } - private void init(String subject, String issuer, Date notBefore, Date notAfter, - PrivateKey privKey, PublicKey pubKey, BigInteger serial) { + private void init(String subject, String issuer, Date notBefore, + Date notAfter, PrivateKey privKey, PublicKey pubKey, + BigInteger serial) { this.mSubjectCN = subject; this.mIssuer = issuer; this.mNotBefore = notBefore; @@ -112,10 +117,9 @@ public class CertificateBuilder { this.mSubjectAltName = subjectAltName; } - public CertificatePrivateKeyPair build() - throws GeneralSecurityException, OperatorCreationException, CertIOException { - if(null == mPrivKey && null == mPubKey) - { + public CertificatePrivateKeyPair build() throws GeneralSecurityException, + OperatorCreationException, CertIOException { + if (null == mPrivKey && null == mPubKey) { ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(CURVE); KeyPairGenerator g = null; @@ -133,31 +137,38 @@ public class CertificateBuilder { subjectNameBld.addRDN(BCStyle.CN, mSubjectCN); - if(null != mSubjectOU) { + if (null != mSubjectOU) { subjectNameBld.addRDN(BCStyle.OU, mSubjectOU); } - if(null != mSubjectO) { + if (null != mSubjectO) { subjectNameBld.addRDN(BCStyle.O, mSubjectO); } - if(null != mSubjectC) { + if (null != mSubjectC) { subjectNameBld.addRDN(BCStyle.C, mSubjectC); } X500NameBuilder issuerNameBld = new X500NameBuilder(BCStyle.INSTANCE); issuerNameBld.addRDN(BCStyle.CN, mIssuer); - ContentSigner sigGen = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider(BC).build(mPrivKey); + if (mPrivKey == null || mPubKey == null) + throw new CertIOException("mPrivKey or mPubKey is null!"); - X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(issuerNameBld.build(), - mSerial, mNotBefore, mNotAfter ,subjectNameBld.build(), mPubKey); + ContentSigner sigGen = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM) + .setProvider(BC).build(mPrivKey); - if(null != mSubjectAltName) { - certGen.addExtension(Extension.subjectAlternativeName, false, new DEROctetString(mSubjectAltName.getBytes())); + X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder( + issuerNameBld.build(), mSerial, mNotBefore, mNotAfter, + subjectNameBld.build(), mPubKey); + + if (null != mSubjectAltName) { + certGen.addExtension(Extension.subjectAlternativeName, false, + new DEROctetString(mSubjectAltName.getBytes())); } - cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certGen.build(sigGen)); + cert = new JcaX509CertificateConverter().setProvider("BC") + .getCertificate(certGen.build(sigGen)); return new CertificatePrivateKeyPair(cert, mPrivKey); } diff --git a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/x509/crl/CrlStore.java b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/x509/crl/CrlStore.java index 3ed43f1..19b606a 100644 --- a/cloud/account/src/main/java/org/iotivity/cloud/accountserver/x509/crl/CrlStore.java +++ b/cloud/account/src/main/java/org/iotivity/cloud/accountserver/x509/crl/CrlStore.java @@ -23,6 +23,7 @@ package org.iotivity.cloud.accountserver.x509.crl; import java.io.FileInputStream; import java.io.FileOutputStream; +import java.io.IOException; import java.io.InputStream; public final class CrlStore { @@ -35,23 +36,32 @@ public final class CrlStore { private static final String CRL_FILE_NAME = "crl"; public static void saveCrl(byte[] crl) { + + FileOutputStream out = null; try { - FileOutputStream out = new FileOutputStream(CRL_FILE_NAME); + out = new FileOutputStream(CRL_FILE_NAME); out.write(crl); - out.close(); } catch (java.io.IOException e) { e.printStackTrace(); } + + try { + if (out != null) + out.close(); + } catch (IOException e) { + e.printStackTrace(); + } } public static byte[] loadCrl() { + InputStream f = null; try { - InputStream f = new FileInputStream(CRL_FILE_NAME); + f = new FileInputStream(CRL_FILE_NAME); int size = f.available(); byte data[] = new byte[size]; - if(f.read(data) != data.length) { + if (f.read(data) != data.length) { System.err.println("couldn't read crl"); } f.close(); @@ -61,6 +71,13 @@ public final class CrlStore { e.printStackTrace(); } + try { + if (f != null) + f.close(); + } catch (IOException e) { + e.printStackTrace(); + } + return null; } } -- 2.7.4