private static void loadLibraryInternal(String libraryName) {
    String sunAppletLauncher = System.getProperty("sun.jnlp.applet.launcher");
    boolean usingJNLPAppletLauncher = Boolean.valueOf(sunAppletLauncher).booleanValue();

    if (usingJNLPAppletLauncher) {
      try {
        Class jnlpAppletLauncherClass =
            Class.forName("org.jdesktop.applet.util.JNLPAppletLauncher");
        Method jnlpLoadLibraryMethod =
            jnlpAppletLauncherClass.getDeclaredMethod("loadLibrary", new Class[] {String.class});
        jnlpLoadLibraryMethod.invoke(null, new Object[] {libraryName});
      } catch (Exception e) {
        Throwable t = e;
        if (t instanceof InvocationTargetException) {
          t = ((InvocationTargetException) t).getTargetException();
        }
        if (t instanceof Error) throw (Error) t;
        if (t instanceof RuntimeException) {
          throw (RuntimeException) t;
        }
        // Throw UnsatisfiedLinkError for best compatibility with System.loadLibrary()
        throw (UnsatisfiedLinkError) new UnsatisfiedLinkError().initCause(e);
      }
    } else {
      System.loadLibrary(libraryName);
    }
  }
  static {
    ConfigurationService cfg = LibJitsi.getConfigurationService();
    boolean dropUnencryptedPkts = false;

    if (cfg == null) {
      String s = System.getProperty(DROP_UNENCRYPTED_PKTS_PNAME);

      if (s != null) dropUnencryptedPkts = Boolean.parseBoolean(s);
    } else {
      dropUnencryptedPkts = cfg.getBoolean(DROP_UNENCRYPTED_PKTS_PNAME, dropUnencryptedPkts);
    }
    DROP_UNENCRYPTED_PKTS = dropUnencryptedPkts;
  }
Beispiel #3
0
  /*
   * Check the MESSAGE_OUTBOUND_PROPERTY in the context
   * to see if this is an outgoing or incoming message.
   * Write a brief message to the print stream and
   * output the message. The writeTo() method can throw
   * SOAPException or IOException
   */
  private void logToSystemOut(SOAPMessageContext smc) {
    boolean DEBUG_ = DEBUG || ClientUpdates.DEBUG;
    Boolean outboundProperty = (Boolean) smc.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);

    if (outboundProperty.booleanValue()) {
      if (DEBUG_) out.println("\nOutbound message:");
    } else {
      if (DEBUG_) out.println("\nInbound message:");
      try {

        validateSignature(smc.getMessage());
      } catch (Exception e) {
      }
    }

    SOAPMessage message = smc.getMessage();
    try {
      if (DEBUG_) message.writeTo(out);
      if (DEBUG_) out.println(""); // just to add a newline
    } catch (Exception e) {
      out.println("Exception in handler: " + e);
    }
  }
  public static void load(Properties properties)
      throws NoSuchAlgorithmException, InstantiationException, IllegalAccessException,
          ClassNotFoundException, IOException, NoSuchProviderException {
    CsrfGuard csrfGuard = SingletonHolder.instance;

    /** load simple properties * */
    csrfGuard.setLogger(
        (ILogger)
            Class.forName(
                    properties.getProperty(
                        "org.owasp.csrfguard.Logger", "org.owasp.csrfguard.log.ConsoleLogger"))
                .newInstance());
    csrfGuard.setTokenName(
        properties.getProperty("org.owasp.csrfguard.TokenName", "OWASP_CSRFGUARD"));
    csrfGuard.setTokenLength(
        Integer.parseInt(properties.getProperty("org.owasp.csrfguard.TokenLength", "32")));
    csrfGuard.setRotate(
        Boolean.valueOf(properties.getProperty("org.owasp.csrfguard.Rotate", "false")));
    csrfGuard.setTokenPerPage(
        Boolean.valueOf(properties.getProperty("org.owasp.csrfguard.TokenPerPage", "false")));
    csrfGuard.setTokenPerPagePrecreate(
        Boolean.valueOf(
            properties.getProperty("org.owasp.csrfguard.TokenPerPagePrecreate", "false")));
    csrfGuard.setPrng(
        SecureRandom.getInstance(
            properties.getProperty("org.owasp.csrfguard.PRNG", "SHA1PRNG"),
            properties.getProperty("org.owasp.csrfguard.PRNG.Provider", "SUN")));
    csrfGuard.setNewTokenLandingPage(
        properties.getProperty("org.owasp.csrfguard.NewTokenLandingPage"));

    // default to false if newTokenLandingPage is not set; default to true if set.
    if (csrfGuard.getNewTokenLandingPage() == null) {
      csrfGuard.setUseNewTokenLandingPage(
          Boolean.valueOf(
              properties.getProperty("org.owasp.csrfguard.UseNewTokenLandingPage", "false")));
    } else {
      csrfGuard.setUseNewTokenLandingPage(
          Boolean.valueOf(
              properties.getProperty("org.owasp.csrfguard.UseNewTokenLandingPage", "true")));
    }
    csrfGuard.setSessionKey(
        properties.getProperty("org.owasp.csrfguard.SessionKey", "OWASP_CSRFGUARD_KEY"));
    csrfGuard.setAjax(Boolean.valueOf(properties.getProperty("org.owasp.csrfguard.Ajax", "false")));
    csrfGuard.setProtect(
        Boolean.valueOf(properties.getProperty("org.owasp.csrfguard.Protect", "false")));

    /** first pass: instantiate actions * */
    Map<String, IAction> actionsMap = new HashMap<String, IAction>();

    for (Object obj : properties.keySet()) {
      String key = (String) obj;

      if (key.startsWith(ACTION_PREFIX)) {
        String directive = key.substring(ACTION_PREFIX.length());
        int index = directive.indexOf('.');

        /** action name/class * */
        if (index < 0) {
          String actionClass = properties.getProperty(key);
          IAction action = (IAction) Class.forName(actionClass).newInstance();

          action.setName(directive);
          actionsMap.put(action.getName(), action);
          csrfGuard.getActions().add(action);
        }
      }
    }

    /** second pass: initialize action parameters * */
    for (Object obj : properties.keySet()) {
      String key = (String) obj;

      if (key.startsWith(ACTION_PREFIX)) {
        String directive = key.substring(ACTION_PREFIX.length());
        int index = directive.indexOf('.');

        /** action name/class * */
        if (index >= 0) {
          String actionName = directive.substring(0, index);
          IAction action = actionsMap.get(actionName);

          if (action == null) {
            throw new IOException(
                String.format("action class %s has not yet been specified", actionName));
          }

          String parameterName = directive.substring(index + 1);
          String parameterValue = properties.getProperty(key);

          action.setParameter(parameterName, parameterValue);
        }
      }
    }

    /** ensure at least one action was defined * */
    if (csrfGuard.getActions().size() <= 0) {
      throw new IOException("failure to define at least one action");
    }

    /** initialize protected, unprotected pages * */
    for (Object obj : properties.keySet()) {
      String key = (String) obj;

      if (key.startsWith(PROTECTED_PAGE_PREFIX)) {
        String directive = key.substring(PROTECTED_PAGE_PREFIX.length());
        int index = directive.indexOf('.');

        /** page name/class * */
        if (index < 0) {
          String pageUri = properties.getProperty(key);

          csrfGuard.getProtectedPages().add(Pattern.compile(pageUri));
        }
      }

      if (key.startsWith(UNPROTECTED_PAGE_PREFIX)) {
        String directive = key.substring(UNPROTECTED_PAGE_PREFIX.length());
        int index = directive.indexOf('.');

        /** page name/class * */
        if (index < 0) {
          String pageUri = properties.getProperty(key);

          csrfGuard.getUnprotectedPages().add(Pattern.compile(pageUri));
        }
      }
    }

    /** initialize protected methods * */
    String methodList = properties.getProperty("org.owasp.csrfguard.ProtectedMethods");
    if (methodList != null && methodList.trim().length() != 0) {
      for (String method : methodList.split(",")) {
        csrfGuard.getProtectedMethods().add(method.trim());
      }
    }
  }
  /**
   * Parses annotation instances from the javadoc annotation instance type
   *
   * @param annotationDocs Annotations decorated on some type
   * @return Serializable representation of annotations
   */
  protected static AnnotationInstance[] ParseAnnotationInstances(
      AnnotationDesc[] annotationDocs, String origin) {
    AnnotationInstance[] annotations = null;

    if (annotationDocs != null && annotationDocs.length > 0) {
      ArrayList<AnnotationInstance> list = new ArrayList<AnnotationInstance>();

      for (AnnotationDesc annot : annotationDocs) {
        AnnotationInstance instance = new AnnotationInstance();

        AnnotationTypeDoc annotTypeInfo = null;
        try {
          annotTypeInfo = annot.annotationType();
          instance.name = annot.annotationType().name();
          instance.qualifiedName = annot.annotationType().qualifiedTypeName();

        } catch (ClassCastException castException) {
          log.error("Unable to obtain type data about an annotation found on: " + origin);
          log.error("Add to the -cp parameter the class/jar that defines this annotation.");
          instance.name = null;
          instance.qualifiedName = null;
        }

        AnnotationDesc.ElementValuePair[] arguments = annot.elementValues();
        if (arguments != null && arguments.length > 0) {
          ArrayList<AnnotationArgument> argumentList = new ArrayList<AnnotationArgument>();

          for (AnnotationDesc.ElementValuePair pair : arguments) {
            AnnotationArgument annotationArgument = new AnnotationArgument();
            annotationArgument.name = pair.element().name();

            Type annotationArgumentType = pair.element().returnType();
            annotationArgument.type = annotationArgumentType.qualifiedTypeName();
            annotationArgument.isPrimitive = annotationArgumentType.isPrimitive();
            annotationArgument.isArray = annotationArgumentType.dimension().length() > 0;

            Object objValue = pair.value().value();
            if (objValue instanceof AnnotationValue[]) {
              AnnotationValue[] realValues = (AnnotationValue[]) objValue;
              String[] values = new String[realValues.length];

              for (int i = 0; i < realValues.length; i++) {
                values[i] = realValues[i].value().toString();
              }
              annotationArgument.value = values;
            } else if (objValue instanceof Number) {
              Number number = (Number) objValue;
              annotationArgument.value = new String[] {number.toString()};
            } else if (objValue instanceof Character) {
              Character character = (Character) objValue;
              annotationArgument.value = new String[] {character.toString()};
            } else if (objValue instanceof Boolean) {
              Boolean booleanValue = (Boolean) objValue;
              annotationArgument.value = new String[] {booleanValue.toString()};
            } else if (objValue instanceof String) {
              String stringValue = (String) objValue;
              annotationArgument.value = new String[] {stringValue};
            } else if (objValue instanceof FieldDoc) {
              FieldDoc field = (FieldDoc) objValue;
              annotationArgument.value = new String[] {field.name()};
            } else if (objValue instanceof ClassDoc) {
              ClassDoc classDoc = (ClassDoc) objValue;
              annotationArgument.value = new String[] {classDoc.qualifiedTypeName()};
            }
            argumentList.add(annotationArgument);
          }

          instance.arguments = argumentList.toArray(new AnnotationArgument[] {});
        }

        list.add(instance);
      }

      annotations = list.toArray(new AnnotationInstance[] {});
    }

    return annotations;
  }
Beispiel #6
0
  /** Determine JDK level of an applet. */
  private void findAppletJDKLevel(Applet applet) {
    // To determine the JDK level of an applet, the
    // most reliable way is to check the major version
    // of the applet class file.

    // synchronized on applet class object, so calling from
    // different instances of the same applet will be
    // serialized.
    Class<?> appletClass = applet.getClass();

    synchronized (appletClass) {
      // Determine if the JDK level of an applet has been
      // checked before.
      Boolean jdk11Target = loader.isJDK11Target(appletClass);
      Boolean jdk12Target = loader.isJDK12Target(appletClass);

      // if applet JDK level has been checked before, retrieve
      // value and return.
      if (jdk11Target != null || jdk12Target != null) {
        jdk11Applet = (jdk11Target == null) ? false : jdk11Target.booleanValue();
        jdk12Applet = (jdk12Target == null) ? false : jdk12Target.booleanValue();
        return;
      }

      String name = appletClass.getName();

      // first convert any '.' to '/'
      name = name.replace('.', '/');

      // append .class
      final String resourceName = name + ".class";

      byte[] classHeader = new byte[8];

      try (InputStream is =
          AccessController.doPrivileged(
              (PrivilegedAction<InputStream>) () -> loader.getResourceAsStream(resourceName))) {

        // Read the first 8 bytes of the class file
        int byteRead = is.read(classHeader, 0, 8);

        // return if the header is not read in entirely
        // for some reasons.
        if (byteRead != 8) return;
      } catch (IOException e) {
        return;
      }

      // Check major version in class file header
      int major_version = readShort(classHeader, 6);

      // Major version in class file is as follows:
      //   45 - JDK 1.1
      //   46 - JDK 1.2
      //   47 - JDK 1.3
      //   48 - JDK 1.4
      //   49 - JDK 1.5
      if (major_version < 46) jdk11Applet = true;
      else if (major_version == 46) jdk12Applet = true;

      // Store applet JDK level in AppContext for later lookup,
      // e.g. page switch.
      loader.setJDK11Target(appletClass, jdk11Applet);
      loader.setJDK12Target(appletClass, jdk12Applet);
    }
  }
  @Override
  protected void initComponentDefaults(UIDefaults table) {
    String prefValue;
    // True if file choosers orders by type
    boolean isOrderFilesByType = false;
    // True if file choosers shows all files by default
    prefValue =
        OSXPreferences.getString( //
                OSXPreferences.FINDER_PREFERENCES, "AppleShowAllFiles", "false") //
            .toLowerCase();
    boolean isFileHidingEnabled = prefValue.equals("false") || prefValue.equals("no");
    boolean isQuickLookEnabled =
        Boolean.valueOf(QuaquaManager.getProperty("Quaqua.FileChooser.quickLookEnabled", "true"));

    Font smallSystemFont = SMALL_SYSTEM_FONT;
    Color grayedFocusCellBorderColor = (Color) table.get("listHighlight");

    Object[] uiDefaults = {
      "Browser.expandedIcon",
      new UIDefaults.ProxyLazyValue(
          "ch.randelshofer.quaqua.QuaquaIconFactory",
          "createIcon",
          new Object[] {jaguarDir + "Browser.disclosureIcons.png", 6, Boolean.TRUE, 0}),
      "Browser.expandingIcon",
      new UIDefaults.ProxyLazyValue(
          "ch.randelshofer.quaqua.QuaquaIconFactory",
          "createIcon",
          new Object[] {jaguarDir + "Browser.disclosureIcons.png", 6, Boolean.TRUE, 1}),
      "Browser.focusedSelectedExpandedIcon",
      new UIDefaults.ProxyLazyValue(
          "ch.randelshofer.quaqua.QuaquaIconFactory",
          "createIcon",
          new Object[] {jaguarDir + "Browser.disclosureIcons.png", 6, Boolean.TRUE, 2}),
      "Browser.focusedSelectedExpandingIcon",
      new UIDefaults.ProxyLazyValue(
          "ch.randelshofer.quaqua.QuaquaIconFactory",
          "createIcon",
          new Object[] {jaguarDir + "Browser.disclosureIcons.png", 6, Boolean.TRUE, 3}),
      "Browser.selectedExpandedIcon",
      new UIDefaults.ProxyLazyValue(
          "ch.randelshofer.quaqua.QuaquaIconFactory",
          "createIcon",
          new Object[] {jaguarDir + "Browser.disclosureIcons.png", 6, Boolean.TRUE, 4}),
      "Browser.selectedExpandingIcon",
      new UIDefaults.ProxyLazyValue(
          "ch.randelshofer.quaqua.QuaquaIconFactory",
          "createIcon",
          new Object[] {jaguarDir + "Browser.disclosureIcons.png", 6, Boolean.TRUE, 5}),
      //
      "Browser.selectionBackground",
      new ColorUIResource(56, 117, 215),
      "Browser.selectionForeground",
      new ColorUIResource(255, 255, 255),
      "Browser.inactiveSelectionBackground",
      new ColorUIResource(208, 208, 208),
      "Browser.inactiveSelectionForeground",
      new ColorUIResource(0, 0, 0),
      "Browser.sizeHandleIcon",
      makeIcon(getClass(), commonDir + "Browser.sizeHandleIcon.png"),
      "FileChooser.homeFolderIcon",
      LookAndFeel.makeIcon(getClass(), commonDir + "FileChooser.homeFolderIcon.png"),
      //
      "FileView.computerIcon",
      LookAndFeel.makeIcon(getClass(), commonDir + "FileView.computerIcon.png"),
      //
      "FileChooser.fileHidingEnabled",
      isFileHidingEnabled,
      "FileChooser.quickLookEnabled",
      isQuickLookEnabled,
      "FileChooser.orderByType",
      isOrderFilesByType,
      "FileChooser.previewLabelForeground",
      new ColorUIResource(0x000000),
      "FileChooser.previewValueForeground",
      new ColorUIResource(0x000000),
      "FileChooser.previewLabelFont",
      smallSystemFont,
      "FileChooser.previewValueFont",
      smallSystemFont,
      "FileChooser.splitPaneDividerSize",
      6,
      "FileChooser.previewLabelInsets",
      new InsetsUIResource(0, 0, 0, 4),
      "FileChooser.cellTipOrigin",
      new Point(18, 1),
      "FileChooser.autovalidate",
      Boolean.TRUE,
      "FileChooser.browserFocusCellHighlightBorder",
      new UIDefaults.ProxyLazyValue(
          "javax.swing.plaf.BorderUIResource$EmptyBorderUIResource",
          new Object[] {new Insets(1, 1, 1, 1)}),
      "FileChooser.browserFocusCellHighlightBorderGrayed",
      new UIDefaults.ProxyLazyValue(
          "javax.swing.plaf.BorderUIResource$MatteBorderUIResource",
          new Object[] {1, 1, 1, 1, grayedFocusCellBorderColor}),
      "FileChooser.browserCellBorder",
      new UIDefaults.ProxyLazyValue(
          "javax.swing.plaf.BorderUIResource$EmptyBorderUIResource",
          new Object[] {new Insets(1, 1, 1, 1)}),
      "FileChooser.browserUseUnselectedExpandIconForLabeledFile",
      Boolean.TRUE,
      "Sheet.showAsSheet",
      Boolean.TRUE,
    };
    table.putDefaults(uiDefaults);
  }
  private void handleLoginPost(
      Request request, HttpServletResponse httpServletResponse, boolean secured) throws Exception {
    String userId = request.getParameter(PARAM_USER_ID);
    String password = request.getParameter(PARAM_PASSWORD);
    String rememberAccountStr = request.getParameter(PARAM_REMEMBER_ACCOUNT);
    boolean rememberAccount = Boolean.parseBoolean(rememberAccountStr);
    LoginInfo.SessionInfo sessionInfo = UserHelpers.getSessionInfo(request);

    logOut(sessionInfo.browserId);

    User user = userDb.get(userId);
    if (user == null) {
      WebUtils.redirectToError("User " + userId + " not found", request, httpServletResponse);
      return;
    }

    if (!user.checkPassword(password)) {
      WebUtils.redirectToError("Invalid password", request, httpServletResponse);
      return;
    }

    if (!user.active) {
      WebUtils.redirectToError(
          "Account for User " + userId + " needs to be activated", request, httpServletResponse);
      return;
    }

    LOG.info("Logged in user " + userId);

    sessionInfo.sessionId = null;
    if (sessionInfo.browserId == null) {
      sessionInfo.browserId = getRandomId();
    } else {
      for (LoginInfo loginInfo : loginInfoDb.getLoginsForBrowser(sessionInfo.browserId)) {
        if (userId.equals(loginInfo.userId)) {
          sessionInfo.sessionId = loginInfo.sessionId;
          break;
        }
      }
    }

    long expireOn = System.currentTimeMillis() + Config.getConfig().loginExpireInterval;
    if (sessionInfo.sessionId == null) {
      sessionInfo.sessionId = getRandomId();
      Config config = Config.getConfig();
      loginInfoDb.add(
          new LoginInfo(
              sessionInfo.browserId,
              sessionInfo.sessionId,
              userId,
              expireOn,
              rememberAccount,
              config.defaultStyle,
              config.defaultItemsPerPage,
              config.defaultFeedDateFormat));
      LOG.info(String.format("Logging in in a new session. User: %s", user));
    } else {
      loginInfoDb.updateExpireTime(sessionInfo.browserId, sessionInfo.sessionId, expireOn);
      LOG.info(String.format("Logging in in an existing session. User: %s", user));
    }

    WebUtils.saveCookies(
        httpServletResponse, secured, sessionInfo.browserId, sessionInfo.sessionId);

    httpServletResponse.sendRedirect("/");
  }
  private byte[] transform(Data dereferencedData, XMLCryptoContext context)
      throws XMLSignatureException {

    if (md == null) {
      try {
        md =
            MessageDigest.getInstance(((DOMDigestMethod) digestMethod).getMessageDigestAlgorithm());
      } catch (NoSuchAlgorithmException nsae) {
        throw new XMLSignatureException(nsae);
      }
    }
    md.reset();
    DigesterOutputStream dos;
    Boolean cache = (Boolean) context.getProperty("javax.xml.crypto.dsig.cacheReference");
    if (cache != null && cache.booleanValue() == true) {
      this.derefData = copyDerefData(dereferencedData);
      dos = new DigesterOutputStream(md, true);
    } else {
      dos = new DigesterOutputStream(md);
    }
    OutputStream os = new UnsyncBufferedOutputStream(dos);
    Data data = dereferencedData;
    for (int i = 0, size = transforms.size(); i < size; i++) {
      DOMTransform transform = (DOMTransform) transforms.get(i);
      try {
        if (i < size - 1) {
          data = transform.transform(data, context);
        } else {
          data = transform.transform(data, context, os);
        }
      } catch (TransformException te) {
        throw new XMLSignatureException(te);
      }
    }

    try {
      if (data != null) {
        XMLSignatureInput xi;
        if (data instanceof ApacheData) {
          xi = ((ApacheData) data).getXMLSignatureInput();
        } else if (data instanceof OctetStreamData) {
          xi = new XMLSignatureInput(((OctetStreamData) data).getOctetStream());
        } else if (data instanceof NodeSetData) {
          TransformService spi =
              TransformService.getInstance(CanonicalizationMethod.INCLUSIVE, "DOM");
          data = spi.transform(data, context);
          xi = new XMLSignatureInput(((OctetStreamData) data).getOctetStream());
        } else {
          throw new XMLSignatureException("unrecognized Data type");
        }
        xi.updateOutputStream(os);
      }
      os.flush();
      if (cache != null && cache.booleanValue() == true) {
        this.dis = dos.getInputStream();
      }
      return dos.getDigestValue();
    } catch (Exception e) {
      throw new XMLSignatureException(e);
    }
  }