I'm attempting to use an online timestamp authority (rfc3161) with the Digital Signature Service Java library. However, the following snippet (from their test cases, and similar to the one from their Cookbook):
String tspServer = "http://tsa.belgium.be/connect";
OnlineTSPSource otsp = new OnlineTSPSource(tspServer);
/* tried setting otsp.setDataLoader(new TimestampDataLoader());
too, as it defaults to otsp.setDataLoader(new
NativeHTTPDataLoader()); the exception happens in both cases */
byte[] digest = DSSUtils.digest(DigestAlgorithm.SHA1, "Hello world".getBytes());
TimeStampToken timeStampResponse =
otsp.getTimeStampResponse(DigestAlgorithm.SHA1, digest);
always ends with the following exception:
eu.europa.esig.dss.DSSException:
java.util.concurrent.ExecutionException: java.lang.NoSuchMethodError:
org.apache.commons.io.IOUtils.closeQuietly(Ljava/io/Closeable;)V
Already tried many different public rfc3161 servers (some listed here). Sure there's something wrong going on there, but, as a beginner, I cannot understand what is wrong (what method should be there).
If anyone could put me in the right direction to get the snippet working (or even be kind enough to comment a reliable startup guide on cades/xades/pades with Java's bouncycastle) I would be really grateful.
As stated in the comments by Marteen Bodewes and Mark Rotteveel, there was something wrong with the version of Apache Commons-IO in the classpath. The project is set using Apache Maven and there was an old Commons-IO version declared there as a dependency. In this case, it was enough to remove that declaration, so Maven could download the appropriate version that was declared as an esig/DSS dependency.
esig/DSS version was 5.4 at the time.
Related
I've been searching around all over the internet to no avail. I am attempting to use Guava to get all the classes in a package of mine, but it is not behaving as intended. It always returns an empty set, making it impossible to do anything with the given results. Could there be a problem with System Variables, or some other road-block?
Here is some of my code.
String packageName = "me.travja.package";
ImmutableSet<ClassPath.ClassInfo> root = null;
try {
System.out.println(ClassPath.from(getClass().getClassLoader()));
root = ClassPath.from(getClass().getClassLoader()).getTopLevelClasses();//.getTopLevelClassesRecursive(packageName);
} catch (IOException e) {
e.printStackTrace();
}
for (ClassPath.ClassInfo info : root) {
System.out.println(info.getPackageName() + " -- " + info.getSimpleName());
}
It never hits the last sout because it's empty, but the one that prints the classpath prints 'com.google.common.reflect.ClassPath#33571c14' which isn't super useful. But to my knowledge, shouldn't that resemble more of my application's directory?
Thank you for your help with this. It's been bugging me for too long.
EDIT: I did some digging around. It seems that it works as intended if my file path doesn't contain a Space. I read a little that this used to be a problem with Guava in older versions, but I even tried using Maven and shading the latest version of Guava. Is there any way to fix this, or do I just have to be cautious that my file path never has a space in it?
After doing some more digging, one of the other dependencies that I was using had shaded an older version of Guava and that is what my code was using. As a result, it was broken. I used a decompiler so I could manually shade the ClassPath class from a newer Guava into my own code, and imported that. Works flawlessly now.
I have an SOAP 1.1 Service developed with Spring Boot in Java which responses without any problems to any of my requests and deliver a valid SOAP-response.
Now the problem is as soon as I add this service as Service Reference to any .NET/C# project the reference gets created and I can send requests but the response (Which get definitely sent from my SOAP-Service) cant be mapped back and the object in my .NET application is always null.
I already found out what the problem might be but I don't know exactly how (of if it is even possible like this) to change my xsd/wsdl to generate all the sources correctly.
First of all here is my .xsd from my Java Spring Boot project for the generation of the WSDL & Service Reference:
Here is the code from the generated Service Reference from Visual Studio in a C# project:
[System.Web.Services.Protocols.SoapDocumentMethodAttribute([NAMESPACE]/processing", Use=System.Web.Services.Description.SoapBindingUse.Literal, ParameterStyle=System.Web.Services.Protocols.SoapParameterStyle.Bare)]
[return: System.Xml.Serialization.XmlElementAttribute("processingResponse", Namespace="http://[NAMESPACE]/base", IsNullable=true)]
public processingResponse processing([System.Xml.Serialization.XmlElementAttribute(Namespace="http://[NAMESPACE]/base", IsNullable=true)] processingRequest processingRequest) {
object[] results = this.Invoke("processing", new object[] {
processingRequest});
return ((processingResponse)(results[0]));
}
I found out if I change the following line
[return: System.Xml.Serialization.XmlElementAttribute("processingResponse", Namespace="http://[NAMESPACE]", IsNullable=true)]
and add "Form=System.Xml.Schema.XmlSchemaForm.Unqualified":
[return: System.Xml.Serialization.XmlElementAttribute("processingResponse", Namespace="http://[NAMESPACE]", IsNullable=true, Form = System.Xml.Schema.XmlSchemaForm.Unqualified)]
The response gets mapped correctly to my Object and it seem to work like this without any problems at the moment.
The problem is that I want to change my .xsd to generate these sources correctly from the start - I already tried to add Form=Unqualified to the "AppDataDataResult" element inside the "processingResponse" complexType but it doesnt work.
Adding this property directly to the processingResponse Element isn't working either cause it's not possible cause the <xs:element/> is one level beneath the schema definition/tag.
I havent found any concrete solution to this problem cause it seems to be very specific with the Spring Boot Framework Java, and the generation of the wsdl.
I hope someone can help me with this problem cause it doesnt seem to be a big one (Its "only" a attribute which needs to get added during the generation of the sources) but I cant seem to find a solution to this. Thanks in advance for the help!
I found the Problem and it was a really simple fix for this Issue - In my Spring Boot Project I was returning JAXBElements and a Parameter for the response is the "QName" which indicates the Object of the Response. The Problem here was that the SOAP-Response did not have the relevant Namespace to identify the Object during the generation of Sources in .NET. So I added the correct Namespace-URI to the QName-Object and now the objects gets resolved and returns the correct responses:
final QName qname = new QName(NAMESPACE_URI, "processingResponse");
return new JAXBElement<>(qname, ProcessingResponse.class, processingResponse);
In the end it was a pretty stupid/simple problem but I tried everything else but havent tried to most obvious/easiest.
I am testing basic stuff in ESAPI, and I ran across this symmetric encryption tutorial and copied and pasted the code, (along with importing the ESAPI 2.1.0 jar file, ESAPI.properties and validation.properties in the 'src' directory in Eclipse)
Modified code from the tutorial:
import org.owasp.esapi.crypto.CipherText;
import org.owasp.esapi.crypto.PlainText;
import org.owasp.esapi.errors.EncryptionException;
import org.owasp.esapi.reference.crypto.JavaEncryptor;
public class ESAPIsymEncTester {
public static void main(String[] args) throws EncryptionException{
String myplaintext = "My plaintext";
CipherText ciphertext =
JavaEncryptor.getInstance().encrypt( new PlainText(myplaintext) );
PlainText recoveredPlaintext = JavaEncryptor.getInstance().decrypt(ciphertext);
assert myplaintext.equals( recoveredPlaintext.toString() );
System.out.println("recovered plaintext: " + recoveredPlaintext.toString());
}
}
However, when I run this in Eclipse Luna using Java 1.8, I get this stack trace:
Exception in thread "main" org.owasp.esapi.errors.EncryptionException: Encryption failure: Invalid key exception.
at org.owasp.esapi.reference.crypto.JavaEncryptor.encrypt(JavaEncryptor.java:526)
at org.owasp.esapi.reference.crypto.JavaEncryptor.encrypt(JavaEncryptor.java:338)
at com.fate.engine.test.ESAPIsymEncTester.main(ESAPIsymEncTester.java:15)
Caused by: java.security.InvalidKeyException: Invalid AES key length: 96 bytes
at com.sun.crypto.provider.AESCipher.engineGetKeySize(AESCipher.java:495)
at javax.crypto.Cipher.passCryptoPermCheck(Cipher.java:1062)
at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1033)
at javax.crypto.Cipher.init(Cipher.java:1367)
at javax.crypto.Cipher.init(Cipher.java:1301)
at org.owasp.esapi.reference.crypto.JavaEncryptor.encrypt(JavaEncryptor.java:504)
... 2 more
I am not sure if this is a bug in the JavaEncryptor.java code, or if I am pulling something that I misconfigured from the ESAPI.properties file.
I replaced the master key and salt by running the JavaEncryptor and copy/pasting the resultant key/salt.
If it is a bug, I will email the ESAPI guys to get clarification on how I can fix it, since I looked through the JavaEncryptor code and am not entirely clear where all of the pieces are coming from.
Encryptor.MasterKey=WppLubGgsc/p6HhvcPf2LA==
Encryptor.MasterSalt=YokRN9mjMUTZspEbzBY90NA6EC8=
Encryptor.PreferredJCEProvider=
Encryptor.EncryptionAlgorithm=AES
Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
Encryptor.cipher_modes.additional_allowed=CBC
Encryptor.EncryptionKeyLength=128
Encryptor.ChooseIVMethod=random
Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
Encryptor.CipherText.useMAC=true
Encryptor.PlainText.overwrite=true
Encryptor.HashAlgorithm=SHA-512 *****
Encryptor.HashIterations=1024
Encryptor.DigitalSignatureAlgorithm=SHA1withDSA
Encryptor.DigitalSignatureKeyLength=1024
Encryptor.RandomAlgorithm=SHA1PRNG
Encryptor.CharacterEncoding=UTF-8
Encryptor.KDF.PRF=HmacSHA1 *****
You forgot to place the most important part of your log into the question:
Dec 11, 2015 8:05:24 AM org.owasp.esapi.reference.JavaLogFactory$JavaLogger log
WARNING: [SECURITY FAILURE Anonymous:null#unknown -> /JavaEncryptor] Encryption key length mismatch. ESAPI.EncryptionKeyLength is 128 bits, but length of actual encryption key is 24 bits. Did you remember to regenerate your master key (if that is what you are using)???
This is a clue that there is something here that the library expects you to do.
It seems to me that you probably have the default encryptor properties set like this in esapi.properties:
Encryptor.MasterKey=owasp1
Encryptor.MasterSalt=testtest
The class JavaEncryptor has a main method that will generate valid properties for you. Run it in eclipse or via the command line. It will give you values to replace in esapi.properties, like this:
Dec 11, 2015 8:10:25 AM org.owasp.esapi.reference.JavaLogFactory$JavaLogger log
OFF: [SECURITY AUDIT Anonymous:null#unknown -> /SecurityProviderLoader] No Encryptor.PreferredJCEProvider specified.
SecurityConfiguration for Encryptor.EncryptionKeyLength not an integer in ESAPI.properties. Using default: 128
Generating a new secret master key
use '-print' to also show available crypto algorithms from all the security providers
SecurityConfiguration for Encryptor.EncryptionKeyLength not an integer in ESAPI.properties. Using default: 128
Copy and paste these lines into your ESAPI.properties
#==============================================================
Encryptor.MasterKey=qW0Qw+8eb1Zu1MBv5djwqA==
Encryptor.MasterSalt=b0VappFU1Hd6LjIt+TGYqQlfrdU=
#==============================================================
Once I did that, your code example runs just fine.
Here's what I'm going to suggest... grab the TEST version of ESAPI.properties from GitHub ("wget https://github.com/ESAPI/esapi-java-legacy/blob/master/src/test/resources/esapi/ESAPI.properties" should work, you use 'git' or save if from your browser), put it in place, and first use it AS-IS. If it fails, then there is a problem in you tweaked code. If it works, there was a problem in your ESAPI.properties file. Many people already suggested what to look for in terms of what might be wrong, but the differences should be minor enough that you should be able to spot them by diff'ing yours versus the TEST version in src/test/resources/esapi/ESAPI.properties. (The production version, incidentally, is under 'configuration/esapi/ESAPI.properties' and is not included with the jar because of some bug in the pom.xml which I don't know how to fix as I am not a Maven guru.)
If you have further questions, contact me at my Gmail account which you should be able to find easily enough via Google with my name and the term "OWASP". Once we figure out an answer that works for you, either you or I can post an answer back to Stack Overflow, but I don't frequent this forum enough to regularly monitor it. (Although, come to think of it, I probably do get notified of replies.)
Hope this helps,
-kevin w. wall / ESAPI crypto developer and co-project lead
I am using SVNKit to checkout svn base repository. Earlier I was using checkout to head for that purpose I was using SVNRevision.HEAD. It was working fine without issue.
below is the syntax of same and revision.Head was used in case of checkout to Head.
doCheckout(SVNURL url,File dstPath,SVNRevision pegRevision,SVNRevision revision, boolean recursive)
but let say if I have to checkout to a specific revision for example 27988, what should be value of pegRevision parameter ?
I am confused please help, I tried HEAD/BASE for pegrevision and also same 27988 etc but it gives error like URL not exist etc .
Just an update, problem was with my code revision was going as 0 always due to some logic issue hence SVN URL was not found and giving error. I tried now with HEAD as pegRevision and 27988 revision works just fine. Thanks!
Well, first, you have to specify an SVNRevision, not an integer.
long targetRev = 27988;
SVNRevision revision = SVNRevision.create( targetRev );
doCheckout(...
As for pegRevision, you almost certainly want SVNRevision.HEAD. As the docs specify, it is:
the revision at which url will be firstly seen in the repository to
make sure it's the one that is needed
So, HEAD is usually sufficient. When it's not, things get complicated (and very specific), see the svn book.
i have a grails project with an Image Domain Class and Controller.
I just installed the grails ImageTools 1.0.4 Plugin and i would like to generate thumbnails for images wich will be uploaded.
My Image-Domain-Class:
class Image {
byte[] data
//String name
byte[] thumbnail
static constraints = {
//name()
data()
}
}
The "safe"-action in my Controller:
def save = {
def imageInstance = new Image(params)
def imageTool = new ImageTool()
imageTool.load(imageInstance.data)
imageTool.thumbnail(320)
imageInstance.thumbnail = imageTool.getBytes("JPEG") //Here is my problem!
if(!imageInstance.hasErrors() && imageInstance.save()) {
flash.message = "Image ${imageInstance.id} created"
redirect(action:show,id:imageInstance.id)
}
else {
render(view:'create',model:[imageInstance:imageInstance])
}
}
When I start my Grails-application and uploading an image I'm getting the following error-message:
Error 200: groovy.lang.MissingMethodException: No signature of method: ImageTool.getBytes() is applicable for argument types: (java.lang.String) values: {"JPEG"}
Servlet: grails
URI: /grailsproject/grails/image/save.dispatch
Exception Message: No signature of method: ImageTool.getBytes() is applicable for argument types: (java.lang.String) values: {"JPEG"}
Caused by: groovy.lang.MissingMethodException: No signature of method: ImageTool.getBytes() is applicable for argument types: (java.lang.String) values: {"JPEG"}
Class: GrailsAuthenticationProcessingFilter
At Line: [57]
It says that the Method getBytes() is missing but the method is still available. My IDE intelliJ also recognizes no errors.
So what can I do? Could someone help me please?
Sorry for my bad english. If you are german, please look at http://support-network.info/board/problem-mit-imagetools-getbytes-t3008.html .
I use Grails 1.0.4.
I could fix this error message. I just copied the getBytes() method from the git Repository of Ricardo (the plugin developer) and replaced the old one with the new one. Now everything works! I don't know where the bug was but i'm happy that i solved it.
Thank you both very much!
Looks like that method is a fairly new addition to the class (3/6/2009). If you have verified that that method is in the ./plugins/imagetools/src/groovy/ImageTool.groovy file I'd recommend running:
grails clean
If you had been using this plugin prior it might be a cache problem.
The reply that you received from John sounds about right - if you have installed the new plugin and can see the code, but keep getting this error only outside IntelliJ, you should try cleaning your grails cache - it's very possible that an older copy of the plugin is precompiled on the cache.
Are you using Grails 1.1? I haven't yet tested it with the latest grails, but I understand it keeps the plugins not under the project but in a separate directory. Do let me know and I'll try it out.
I don't know what the plugin is really giving you over using JAI directly, IMHO it isn't doing much.
I use ImageMagick out of process for my image conversion and the results are superior to what can be done with JAI from what I have seen. Of course if your doing as much traffic as Amazon running out of process is not an option, however if you need to get to revenue as quickly as possible then you might want to consider what I've done.
I use apache-commons-exec to have a nice interface around handling opening an external process and reading data from std in and out. The only thing I'm using JAI for is to read the sizes of images.
try this one http://support-network.info/board/gel%C3%B6st-problem-mit-imagetools-getbytes-t3008.html