From e9299024ece3ac9243d297973d7e44867cd11809 Mon Sep 17 00:00:00 2001 From: "ARTECH\\sgrampone" Date: Thu, 29 Feb 2024 15:43:00 -0300 Subject: [PATCH 1/3] Bump wss4j from version 1.6.19 to version 2.4.3 --- wrappercommon/pom.xml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/wrappercommon/pom.xml b/wrappercommon/pom.xml index b52622955..888571993 100644 --- a/wrappercommon/pom.xml +++ b/wrappercommon/pom.xml @@ -34,11 +34,13 @@ commons-io 2.11.0 - - org.apache.ws.security - wss4j - 1.6.19 - + + org.apache.wss4j + wss4j + 2.4.3 + pom + + From 5ca1539470a78bb8c4e030cdea1e937903676eda Mon Sep 17 00:00:00 2001 From: "ARTECH\\sgrampone" Date: Tue, 5 Mar 2024 13:26:50 -0300 Subject: [PATCH 2/3] Bump wws4j from version 1.6.19 to version 2.4.3 --- wrappercommon/pom.xml | 12 ++++-- .../genexus/ws/GXHandlerConsumerChain.java | 43 ++++++++++++------- .../genexus/ws/GXHandlerConsumerChain.java | 41 +++++++++++------- 3 files changed, 61 insertions(+), 35 deletions(-) diff --git a/wrappercommon/pom.xml b/wrappercommon/pom.xml index 888571993..e783d6b5f 100644 --- a/wrappercommon/pom.xml +++ b/wrappercommon/pom.xml @@ -36,12 +36,18 @@ org.apache.wss4j - wss4j + wss4j-ws-security-common 2.4.3 - pom + + org.apache.wss4j + wss4j-ws-security-dom + 2.4.3 + + + - + gxwrappercommon diff --git a/wrapperjakarta/src/main/java/com/genexus/ws/GXHandlerConsumerChain.java b/wrapperjakarta/src/main/java/com/genexus/ws/GXHandlerConsumerChain.java index 35d1b717e..76985e5e6 100644 --- a/wrapperjakarta/src/main/java/com/genexus/ws/GXHandlerConsumerChain.java +++ b/wrapperjakarta/src/main/java/com/genexus/ws/GXHandlerConsumerChain.java @@ -3,6 +3,8 @@ import java.util.Set; import java.util.HashSet; import java.util.Properties; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; import javax.xml.namespace.QName; import javax.xml.transform.*; import javax.xml.transform.dom.DOMResult; @@ -12,12 +14,14 @@ import jakarta.xml.ws.handler.soap.SOAPMessageContext; import jakarta.xml.soap.*; import javax.xml.parsers.DocumentBuilderFactory; -import org.apache.ws.security.components.crypto.Crypto; -import org.apache.ws.security.components.crypto.CryptoFactory; -import org.apache.ws.security.message.WSSecEncrypt; -import org.apache.ws.security.message.WSSecHeader; -import org.apache.ws.security.message.WSSecSignature; -import org.apache.ws.security.message.WSSecTimestamp; + +import org.apache.wss4j.common.crypto.Crypto; +import org.apache.wss4j.common.crypto.CryptoFactory; +import org.apache.wss4j.dom.message.WSSecEncrypt; +import org.apache.wss4j.dom.message.WSSecHeader; +import org.apache.wss4j.dom.message.WSSecSignature; +import org.apache.wss4j.dom.message.WSSecTimestamp; + import org.w3c.dom.*; import java.io.InputStream; import java.io.ByteArrayInputStream; @@ -26,6 +30,8 @@ import com.genexus.diagnostics.core.LogManager; import com.genexus.common.interfaces.*; +import static org.apache.wss4j.common.util.KeyUtils.getKeyGenerator; + public class GXHandlerConsumerChain implements SOAPHandler { public static final ILogger logger = LogManager.getLogger(GXHandlerConsumerChain.class); @@ -156,8 +162,8 @@ public boolean handleMessage(SOAPMessageContext messageContext) Document doc = messageToDocument(messageContext.getMessage()); //Security header - WSSecHeader secHeader = new WSSecHeader(); - secHeader.insertSecurityHeader(doc); + WSSecHeader secHeader = new WSSecHeader(doc); + secHeader.insertSecurityHeader(); Document signedDoc = null; //Signature @@ -168,7 +174,7 @@ public boolean handleMessage(SOAPMessageContext messageContext) signatureProperties.put("org.apache.ws.security.crypto.merlin.keystore.password", wsSignature.getKeystore().getPassword()); signatureProperties.put("org.apache.ws.security.crypto.merlin.file", wsSignature.getKeystore().getSource()); Crypto signatureCrypto = CryptoFactory.getInstance(signatureProperties); - WSSecSignature sign = new WSSecSignature(); + WSSecSignature sign = new WSSecSignature(doc); sign.setKeyIdentifierType(wsSignature.getKeyIdentifierType()); sign.setUserInfo(wsSignature.getAlias(), wsSignature.getKeystore().getPassword()); if (wsSignature.getCanonicalizationalgorithm() != null) @@ -177,13 +183,13 @@ public boolean handleMessage(SOAPMessageContext messageContext) sign.setDigestAlgo(wsSignature.getDigest()); if (wsSignature.getSignaturealgorithm() != null) sign.setSignatureAlgorithm(wsSignature.getSignaturealgorithm()); - signedDoc = sign.build(doc, signatureCrypto, secHeader); + signedDoc = sign.build( signatureCrypto); if (expirationTimeout > 0) { - WSSecTimestamp timestamp = new WSSecTimestamp(); + WSSecTimestamp timestamp = new WSSecTimestamp(secHeader); timestamp.setTimeToLive(expirationTimeout); - signedDoc = timestamp.build(signedDoc, secHeader); + signedDoc = timestamp.build(); } } @@ -195,14 +201,19 @@ public boolean handleMessage(SOAPMessageContext messageContext) encryptionProperties.put("org.apache.ws.security.crypto.merlin.keystore.password", wsEncryption.getKeystore().getPassword()); encryptionProperties.put("org.apache.ws.security.crypto.merlin.file", wsEncryption.getKeystore().getSource()); Crypto encryptionCrypto = CryptoFactory.getInstance(encryptionProperties); - WSSecEncrypt builder = new WSSecEncrypt(); - builder.setUserInfo(wsEncryption.getAlias(), wsEncryption.getKeystore().getPassword()); - builder.setKeyIdentifierType(wsEncryption.getKeyIdentifierType()); if (signedDoc == null) { signedDoc = doc; } - builder.build(signedDoc, encryptionCrypto, secHeader); + WSSecEncrypt builder = new WSSecEncrypt(signedDoc); + builder.setUserInfo(wsEncryption.getAlias(), wsEncryption.getKeystore().getPassword()); + builder.setKeyIdentifierType(wsEncryption.getKeyIdentifierType()); + //using wss4j default encryption algorithm AES128-CBC + KeyGenerator keyGenerator = KeyGenerator.getInstance("AES"); + keyGenerator.init(128); + SecretKey key = keyGenerator.generateKey(); + + builder.build(encryptionCrypto, key); } Document securityDoc = doc; diff --git a/wrapperjavax/src/main/java/com/genexus/ws/GXHandlerConsumerChain.java b/wrapperjavax/src/main/java/com/genexus/ws/GXHandlerConsumerChain.java index f3143b47f..e0a19c4ff 100644 --- a/wrapperjavax/src/main/java/com/genexus/ws/GXHandlerConsumerChain.java +++ b/wrapperjavax/src/main/java/com/genexus/ws/GXHandlerConsumerChain.java @@ -3,6 +3,8 @@ import java.util.Set; import java.util.HashSet; import java.util.Properties; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; import javax.xml.namespace.QName; import javax.xml.transform.*; import javax.xml.transform.dom.DOMResult; @@ -12,12 +14,14 @@ import javax.xml.ws.handler.soap.SOAPMessageContext; import javax.xml.soap.*; import javax.xml.parsers.DocumentBuilderFactory; -import org.apache.ws.security.components.crypto.Crypto; -import org.apache.ws.security.components.crypto.CryptoFactory; -import org.apache.ws.security.message.WSSecEncrypt; -import org.apache.ws.security.message.WSSecHeader; -import org.apache.ws.security.message.WSSecSignature; -import org.apache.ws.security.message.WSSecTimestamp; + +import org.apache.wss4j.common.crypto.Crypto; +import org.apache.wss4j.common.crypto.CryptoFactory; +import org.apache.wss4j.dom.message.WSSecEncrypt; +import org.apache.wss4j.dom.message.WSSecHeader; +import org.apache.wss4j.dom.message.WSSecSignature; +import org.apache.wss4j.dom.message.WSSecTimestamp; + import org.w3c.dom.*; import java.io.InputStream; import java.io.ByteArrayInputStream; @@ -156,8 +160,8 @@ public boolean handleMessage(SOAPMessageContext messageContext) Document doc = messageToDocument(messageContext.getMessage()); //Security header - WSSecHeader secHeader = new WSSecHeader(); - secHeader.insertSecurityHeader(doc); + WSSecHeader secHeader = new WSSecHeader(doc); + secHeader.insertSecurityHeader(); Document signedDoc = null; //Signature @@ -168,7 +172,7 @@ public boolean handleMessage(SOAPMessageContext messageContext) signatureProperties.put("org.apache.ws.security.crypto.merlin.keystore.password", wsSignature.getKeystore().getPassword()); signatureProperties.put("org.apache.ws.security.crypto.merlin.file", wsSignature.getKeystore().getSource()); Crypto signatureCrypto = CryptoFactory.getInstance(signatureProperties); - WSSecSignature sign = new WSSecSignature(); + WSSecSignature sign = new WSSecSignature(doc); sign.setKeyIdentifierType(wsSignature.getKeyIdentifierType()); sign.setUserInfo(wsSignature.getAlias(), wsSignature.getKeystore().getPassword()); if (wsSignature.getCanonicalizationalgorithm() != null) @@ -177,13 +181,13 @@ public boolean handleMessage(SOAPMessageContext messageContext) sign.setDigestAlgo(wsSignature.getDigest()); if (wsSignature.getSignaturealgorithm() != null) sign.setSignatureAlgorithm(wsSignature.getSignaturealgorithm()); - signedDoc = sign.build(doc, signatureCrypto, secHeader); + signedDoc = sign.build( signatureCrypto); if (expirationTimeout > 0) { - WSSecTimestamp timestamp = new WSSecTimestamp(); + WSSecTimestamp timestamp = new WSSecTimestamp(secHeader); timestamp.setTimeToLive(expirationTimeout); - signedDoc = timestamp.build(signedDoc, secHeader); + signedDoc = timestamp.build(); } } @@ -195,14 +199,19 @@ public boolean handleMessage(SOAPMessageContext messageContext) encryptionProperties.put("org.apache.ws.security.crypto.merlin.keystore.password", wsEncryption.getKeystore().getPassword()); encryptionProperties.put("org.apache.ws.security.crypto.merlin.file", wsEncryption.getKeystore().getSource()); Crypto encryptionCrypto = CryptoFactory.getInstance(encryptionProperties); - WSSecEncrypt builder = new WSSecEncrypt(); - builder.setUserInfo(wsEncryption.getAlias(), wsEncryption.getKeystore().getPassword()); - builder.setKeyIdentifierType(wsEncryption.getKeyIdentifierType()); if (signedDoc == null) { signedDoc = doc; } - builder.build(signedDoc, encryptionCrypto, secHeader); + WSSecEncrypt builder = new WSSecEncrypt(signedDoc); + builder.setUserInfo(wsEncryption.getAlias(), wsEncryption.getKeystore().getPassword()); + builder.setKeyIdentifierType(wsEncryption.getKeyIdentifierType()); + //using wss4j default encryption algorithm AES128-CBC + KeyGenerator keyGenerator = KeyGenerator.getInstance("AES"); + keyGenerator.init(128); + SecretKey key = keyGenerator.generateKey(); + + builder.build(encryptionCrypto, key); } Document securityDoc = doc; From 89c361a7e684b9383da54c4a9e15c4ee17227ceb Mon Sep 17 00:00:00 2001 From: "ARTECH\\sgrampone" Date: Tue, 26 Mar 2024 16:11:25 -0300 Subject: [PATCH 3/3] Issue: 107613 Exclude geronimo-javamail_1.4_mail from transitive dependencies --- wrappercommon/pom.xml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/wrappercommon/pom.xml b/wrappercommon/pom.xml index e783d6b5f..e8c72f8e0 100644 --- a/wrappercommon/pom.xml +++ b/wrappercommon/pom.xml @@ -38,6 +38,12 @@ org.apache.wss4j wss4j-ws-security-common 2.4.3 + + + org.apache.geronimo.javamail + geronimo-javamail_1.4_mail + + org.apache.wss4j