ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1849082 - in /webservices/wss4j/trunk: ws-security-common/src/main/java/org/apache/wss4j/common/saml/ ws-security-dom/src/main/java/org/apache/wss4j/dom/message/ ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/ ws-security-dom...
Date Mon, 17 Dec 2018 12:22:10 GMT
Author: coheigea
Date: Mon Dec 17 12:22:10 2018
New Revision: 1849082

URL: http://svn.apache.org/viewvc?rev=1849082&view=rev
Log:
Clear the private keys from memory when we are done with them

Modified:
    webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSecSignatureSAML.java

Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java?rev=1849082&r1=1849081&r2=1849082&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
(original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
Mon Dec 17 12:22:10 2018
@@ -593,6 +593,13 @@ public class SamlAssertionWrapper {
 
         // add the signature to the assertion
         setSignature(signature, signatureDigestAlgorithm);
+
+        // Clean the private key from memory
+        try {
+            privateKey.destroy();
+        } catch (javax.security.auth.DestroyFailedException ex) {
+            LOG.debug("Error destroying private key: {}", ex.getMessage());
+        }
     }
 
     /**

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java?rev=1849082&r1=1849081&r2=1849082&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecSignature.java
Mon Dec 17 12:22:10 2018
@@ -27,6 +27,7 @@ import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 
+import javax.security.auth.Destroyable;
 import javax.xml.crypto.MarshalException;
 import javax.xml.crypto.XMLStructure;
 import javax.xml.crypto.dom.DOMCryptoContext;
@@ -609,6 +610,15 @@ public class WSSecSignature extends WSSe
 
             signatureValue = sig.getSignatureValue().getValue();
 
+            // Clean the private key from memory
+            if (key instanceof Destroyable) {
+                try {
+                    ((Destroyable)key).destroy();
+                } catch (javax.security.auth.DestroyFailedException ex) {
+                    LOG.debug("Error destroying private key: {}", ex.getMessage());
+                }
+            }
+
             cleanup();
         } catch (Exception ex) {
             LOG.error(ex.getMessage(), ex);

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java?rev=1849082&r1=1849081&r2=1849082&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java
Mon Dec 17 12:22:10 2018
@@ -227,6 +227,13 @@ public class EncryptedKeyProcessor imple
             decryptedBytes = getAsymmetricDecryptedBytes(data, data.getWsDocInfo(), encryptedKeyTransportMethod,
                                                          encryptedEphemeralKey, refList,
                                                          elem, privateKey);
+
+            // Clean the private key from memory
+            try {
+                privateKey.destroy();
+            } catch (javax.security.auth.DestroyFailedException ex) {
+                LOG.debug("Error destroying private key: {}", ex.getMessage());
+            }
         }
 
         List<WSDataRef> dataRefs = decryptDataRefs(refList, data.getWsDocInfo(), decryptedBytes,
data);

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSecSignatureSAML.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSecSignatureSAML.java?rev=1849082&r1=1849081&r2=1849082&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSecSignatureSAML.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/saml/WSSecSignatureSAML.java
Mon Dec 17 12:22:10 2018
@@ -23,6 +23,7 @@ import java.security.PublicKey;
 import java.security.cert.X509Certificate;
 import java.util.List;
 
+import javax.security.auth.Destroyable;
 import javax.xml.crypto.dsig.SignatureMethod;
 import javax.xml.crypto.dsig.SignedInfo;
 import javax.xml.crypto.dsig.XMLSignContext;
@@ -528,6 +529,15 @@ public class WSSecSignatureSAML extends
             sig.sign(signContext);
 
             signatureValue = sig.getSignatureValue().getValue();
+
+            // Clean the private key from memory
+            if (key instanceof Destroyable) {
+                try {
+                    ((Destroyable)key).destroy();
+                } catch (javax.security.auth.DestroyFailedException ex) {
+                    LOG.debug("Error destroying private key: {}", ex.getMessage());
+                }
+            }
         } catch (Exception ex) {
             LOG.error(ex.getMessage(), ex);
             throw new WSSecurityException(



Mime
View raw message