Skip to content
This repository was archived by the owner on Apr 4, 2024. It is now read-only.

Populate lib directory via Maven #16

Open
fcorneli wants to merge 20 commits into
base: master
Choose a base branch
from
Open

Populate lib directory via Maven #16

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
b64b9d1
populate lib directory via Maven 'mvn -Pant package'
fcorneli Mar 16, 2013
9f6bf26
PKCS11: using password callback
Mar 18, 2013
c7a49c8
PKCS11: using password callback: added missing classes
Mar 18, 2013
c36574a
SAML: support for HTTP Redirect Binding
Mar 20, 2013
5c290ea
Merge pull request #18 from cmlh/license
RoganDawes Jul 28, 2013
615fdf8
resign SAML assertion
Oct 10, 2013
2716997
Update location of the One-JAR plugin
Nov 13, 2013
b3cee8b
Add a drop down in the Fuzzer containing conversations which can be u…
Nov 13, 2013
d3c887e
Create a temporary session
Nov 13, 2013
80028ee
populate lib directory via Maven 'mvn -Pant package'
fcorneli Mar 16, 2013
4ddf7dc
PKCS11: using password callback
Mar 18, 2013
a8f08d9
PKCS11: using password callback: added missing classes
Mar 18, 2013
1b6dd3d
SAML: support for HTTP Redirect Binding
Mar 20, 2013
15cf476
installer metadata
fcorneli Dec 9, 2013
405b323
Merge branch 'master' of github.com:fcorneli/OWASP-WebScarab
fcorneli Dec 9, 2013
8a4bc70
fix for SAMLResponse deflate
fcorneli Dec 9, 2013
8a61aca
decryption of SAML assertions
fcorneli Dec 9, 2013
33c3e48
fix resign SAML assertion attack
fcorneli Dec 11, 2013
5718f14
assertion decryption attack
fcorneli Dec 11, 2013
3294700
assertion ID renaming attacks
fcorneli Dec 11, 2013
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 29 additions & 37 deletions INSTALL
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,44 +1,36 @@
/*
* $Source: /cvsroot/owasp/webscarab/INSTALL,v $
* Copyright (c) 2002 owasp.org.
* This file is part of WebScarab.
* WebScarab is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* WebScarab is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* The valid license text for this file can be retrieved with
* the call: java -cp owasp.jar org.owasp.webscarab.LICENSE
*
* If you are not able to view the LICENSE that way, which should
* always be possible within a valid and working WebScarab release,
* please write to the Free Software Foundation, Inc.,
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
INSTALL for OWASP WebScarab
===========================

=== 1. Requirements

This is the WebScarab OpenSource project, hosted at
http://www.owasp.org/webscarab.
https://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
All source code and development stuff is done under
http://sourceforge.net/projects/owasp
https://github.com/OWASP/OWASP-WebScarab

Prior to building WebScarab, you should download the various
libraries that it depends on. You can see the list in the ant build.xml
file, in this directory. If you got this file by checking out the source
from the WebScarab CVS repository, you should have the required libraries
already.
Required tools are:
* Apache Maven 3.0.4+ for building
* NetBeans 7.3 for development (for the Swing forms)

WebScarab uses the Apache Ant build tool. In order to build WebScarab, you
should use a reasonably recent version of Ant.

There are two Ant build tasks that depend on external tools, IzPack and
ProGuard. You are only likely to need these tools if you plan to build
redistributable images of WebScarab. i.e. an installer, or the self-contained
jar. There should be no problem running the common build tasks if you do not
have these external tools.
=== 2. Maven

Building WebScarab can be done via the Apache Maven build tool.
Simply do:
mvn clean install
will get you the one-jar JAR under the target directory.

The WebScarab installer can be built via:
mvn clean install -Pinstaller

// end of $Source: /cvsroot/owasp/webscarab/INSTALL,v $

=== 3. Ant

WebScarab can also be built via the Apache Ant build tool.
Prior to building WebScarab via Ant, you should download the various
libraries that it depends on. You can make Apache Maven to download the
various required libraries via:
mvn package -Pant

WebScarab uses the Apache Ant build tool. In order to build WebScarab, you
should use a reasonably recent version of Ant.
7 changes: 6 additions & 1 deletion izpack/install.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@
<appname>WebScarab</appname>
<appversion>${project.version}</appversion>
<javaversion>1.6</javaversion>
<url>https://www.owasp.org/index.php/Category:OWASP_WebScarab_Project</url>
<uninstaller name="WebScarab-${project.version}-uninstaller.jar"/>
<requiresjdk>true</requiresjdk>
<run-privileged condition="izpack.windowsinstall.7|izpack.windowsinstall.vista"/>
</info>

<locale>
Expand Down Expand Up @@ -37,6 +41,7 @@
</natives>

<resources>
<res src="staging/shortcutSpec.xml" id="shortcutSpec.xml"/>
<res id="shortcutSpec.xml" src="staging/shortcutSpec.xml"/>
<res id="Installer.image" src="webscarab_logo.gif"/>
</resources>
</installation>
2 changes: 1 addition & 1 deletion izpack/shortcutSpec.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
startMenu="no"
startup="no"
target="java"
commandLine="-jar &quot;$INSTALL_PATH/Uninstaller/uninstaller.jar&quot;"
commandLine="-jar &quot;$INSTALL_PATH/Uninstaller/WebScarab-${project.version}-uninstaller.jar&quot;"
type="Application"
encoding="UTF-8"
description="WebScarab uninstaller">
Expand Down
Binary file removed lib/bcpkix-jdk15on-148.jar
View file
Open in desktop
Binary file not shown.
Binary file removed lib/bcprov-jdk15on-148.jar
View file
Open in desktop
Binary file not shown.
Binary file removed lib/bsf-2.3.0.jar
View file
Open in desktop
Binary file not shown.
Binary file removed lib/bsh-2.0b1.jar
View file
Open in desktop
Binary file not shown.
Binary file removed lib/chardet.jar
View file
Open in desktop
Binary file not shown.
Binary file removed lib/commons-logging-1.0.4.jar
View file
Open in desktop
Binary file not shown.
Binary file removed lib/concurrent.jar
View file
Open in desktop
Binary file not shown.
Binary file removed lib/flex-messaging-common.jar
View file
Open in desktop
Binary file not shown.
Binary file removed lib/flex-messaging-core.jar
View file
Open in desktop
Binary file not shown.
Binary file removed lib/flex-messaging-remoting.jar
View file
Open in desktop
Binary file not shown.
Binary file removed lib/htmlparser.jar
View file
Open in desktop
Binary file not shown.
Binary file removed lib/jcifs-1.3.14.jar
View file
Open in desktop
Binary file not shown.
Binary file removed lib/jcommon-1.0.16.jar
View file
Open in desktop
Binary file not shown.
Binary file removed lib/jfreechart-1.0.13.jar
View file
Open in desktop
Binary file not shown.
Binary file removed lib/jhall-2.0_02.jar
View file
Open in desktop
Binary file not shown.
Binary file removed lib/joda-time-2.1.jar
View file
Open in desktop
Binary file not shown.
Binary file removed lib/openid4java-0.9.7.jar
View file
Open in desktop
Binary file not shown.
Binary file removed lib/tagsoup-1.0rc2.jar
View file
Open in desktop
Binary file not shown.
Binary file removed lib/xalan-2.7.1.jar
View file
Open in desktop
Binary file not shown.
Binary file removed lib/xmlsec-1.4.3.jar
View file
Open in desktop
Binary file not shown.
58 changes: 57 additions & 1 deletion pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,15 @@
</executions>
</plugin>
</plugins>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-install-plugin</artifactId>
<version>2.4</version>
</plugin>
</plugins>
</pluginManagement>
</build>
<profiles>
<profile>
Expand All @@ -85,6 +94,14 @@
<targetPath>${project.build.directory}/staging</targetPath>
<filtering>true</filtering>
</resource>
<resource>
<targetPath>${project.build.directory}</targetPath>
<filtering>false</filtering>
<directory>${basedir}</directory>
<includes>
<include>webscarab_logo.gif</include>
</includes>
</resource>
</resources>
<plugins>
<plugin>
Expand All @@ -109,8 +126,37 @@
</plugins>
</build>
</profile>
<profile>
<id>ant</id>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<version>2.7</version>
<executions>
<execution>
<id>copy-lib</id>
<phase>package</phase>
<goals>
<goal>copy-dependencies</goal>
</goals>
<configuration>
<outputDirectory>${basedir}/lib</outputDirectory>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>
<dependencies>
<dependency>
<groupId>org.codehaus.groovy</groupId>
<artifactId>groovy-jsr223</artifactId>
<version>2.0.0</version>
</dependency>
<dependency>
<groupId>org.apache.santuario</groupId>
<artifactId>xmlsec</artifactId>
Expand All @@ -131,6 +177,11 @@
<artifactId>flex-messaging-common</artifactId>
<version>1.0</version>
</dependency>
<dependency>
<groupId>amf</groupId>
<artifactId>flex-messaging-remoting</artifactId>
<version>1.0</version>
</dependency>
<dependency>
<groupId>org.samba.jcifs</groupId>
<artifactId>jcifs</artifactId>
Expand Down Expand Up @@ -211,6 +262,11 @@
<artifactId>commons-codec</artifactId>
<version>1.5</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.4</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
Expand Down Expand Up @@ -248,7 +304,7 @@
<pluginRepositories>
<pluginRepository>
<id>dstovall.org</id>
<url>http://dstovall.org/maven2/</url>
<url>http://onejar-maven-plugin.googlecode.com/svn/mavenrepo</url>
</pluginRepository>
</pluginRepositories>
</project>
9 changes: 6 additions & 3 deletions src/org/owasp/webscarab/WebScarab.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -141,9 +141,12 @@ public void run() {
frame.toFront();
frame.requestFocus();
splash.close();
if (session != null && session.isDirectory())
ui.loadSession(session);
}
if (session != null && session.isDirectory())
ui.loadSession(session);
else
ui.createTemporarySession();

}
});
ui.run();
} catch (Exception e) {
Expand Down
33 changes: 24 additions & 9 deletions src/org/owasp/webscarab/httpclient/AbstractCertificateRepository.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,24 +30,28 @@ public abstract class AbstractCertificateRepository implements CertificateReposi

protected Logger _logger = Logger.getLogger(getClass().getName());
private String _defaultKey = null;
private Map _aliasPasswords = new HashMap();
protected List _keyStores = new ArrayList();
protected Map _keyStoreDescriptions = new HashMap();
private Map<KeyStore, Map<String, String>> _aliasPasswords = new HashMap<KeyStore, Map<String, String>>();
protected List<KeyStore> _keyStores = new ArrayList<KeyStore>();
protected Map<KeyStore, String> _keyStoreDescriptions = new HashMap();

@Override
public int getKeyStoreCount() {
return _keyStores.size();
}

@Override
public String getKeyStoreDescription(int keystoreIndex) {
return (String) _keyStoreDescriptions.get(_keyStores.get(keystoreIndex));
return _keyStoreDescriptions.get(_keyStores.get(keystoreIndex));
}

@Override
public int getAliasCount(int keystoreIndex) {
return getAliases((KeyStore) _keyStores.get(keystoreIndex)).length;
return getAliases(_keyStores.get(keystoreIndex)).length;
}

@Override
public String getAliasAt(int keystoreIndex, int aliasIndex) {
return getAliases((KeyStore) _keyStores.get(keystoreIndex))[aliasIndex];
return getAliases(_keyStores.get(keystoreIndex))[aliasIndex];
}

private String[] getAliases(KeyStore ks) {
Expand All @@ -66,16 +70,18 @@ private String[] getAliases(KeyStore ks) {
return (String[]) aliases.toArray(new String[0]);
}

@Override
public Certificate getCertificate(int keystoreIndex, int aliasIndex) {
try {
KeyStore ks = (KeyStore) _keyStores.get(keystoreIndex);
KeyStore ks = _keyStores.get(keystoreIndex);
String alias = getAliasAt(keystoreIndex, aliasIndex);
return ks.getCertificate(alias);
} catch (Exception e) {
return null;
}
}

@Override
public String getFingerPrint(Certificate cert) throws KeyStoreException {
if (!(cert instanceof X509Certificate)) {
return null;
Expand All @@ -96,6 +102,7 @@ public String getFingerPrint(Certificate cert) throws KeyStoreException {
return buff.toString().toUpperCase() + " " + dn;
}

@Override
public boolean isProviderAvailable(String type) {
try {
if (type.equals("PKCS11")) {
Expand All @@ -107,8 +114,13 @@ public boolean isProviderAvailable(String type) {
return true;
}

@Override
public boolean isKeyUnlocked(int keystoreIndex, int aliasIndex) {
KeyStore ks = (KeyStore) _keyStores.get(keystoreIndex);
if (ks.getType().equals("PKCS11")) {
// we use the callback mechanism here
return true;
}
String alias = getAliasAt(keystoreIndex, aliasIndex);

Map pwmap = (Map) _aliasPasswords.get(ks);
Expand All @@ -118,6 +130,7 @@ public boolean isKeyUnlocked(int keystoreIndex, int aliasIndex) {
return pwmap.containsKey(alias);
}

@Override
public void setDefaultKey(String fingerprint) {
_defaultKey = fingerprint;
}
Expand All @@ -136,7 +149,8 @@ private int addKeyStore(KeyStore ks, String description) {
return index;
}

public int initPKCS11(String name, String library, int slotListIndex, String kspassword) {
@Override
public int initPKCS11(String name, String library, int slotListIndex) {
try {
if (!isProviderAvailable("PKCS11")) {
return -1;
Expand All @@ -157,7 +171,7 @@ public int initPKCS11(String name, String library, int slotListIndex, String ksp

// init the key store
KeyStore ks = KeyStore.getInstance("PKCS11");
ks.load(null, kspassword == null ? null : kspassword.toCharArray());
ks.load(new Pkcs11LoadStoreParameter());
return addKeyStore(ks, name);
} catch (Exception e) {
System.err.println("Error instantiating the PKCS11 provider");
Expand All @@ -166,6 +180,7 @@ public int initPKCS11(String name, String library, int slotListIndex, String ksp
}
}

@Override
public int loadPKCS12Certificate(String filename, String ksPassword)
throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException {
// Open the file
Expand Down
16 changes: 14 additions & 2 deletions src/org/owasp/webscarab/httpclient/AliasKeyManager.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ public class AliasKeyManager implements X509KeyManager {
/**
* Creates a new instance of AliasKeyManager
* @param ks The KeyStore that contains the keypair to use
* @param password the password for the key (not the keystore)
* @param password the optional password for the key (not the keystore)
* @param alias the alias of the certificate to use
*/
public AliasKeyManager(KeyStore ks, String alias, String keyPassword) {
Expand All @@ -44,14 +44,17 @@ public AliasKeyManager(KeyStore ks, String alias, String keyPassword) {
_keyPassword = keyPassword;
}

@Override
public String chooseClientAlias(String[] str, Principal[] principal, Socket socket) {
return _alias;
}

@Override
public String chooseServerAlias(String str, Principal[] principal, Socket socket) {
return _alias;
}

@Override
public X509Certificate[] getCertificateChain(String alias) {
try {
Certificate[] certs = _ks.getCertificateChain(alias);
Expand All @@ -67,13 +70,21 @@ public X509Certificate[] getCertificateChain(String alias) {
}
}

@Override
public String[] getClientAliases(String str, Principal[] principal) {
return new String[] { _alias };
}

@Override
public PrivateKey getPrivateKey(String alias) {
try {
return (PrivateKey) _ks.getKey(alias, _keyPassword.toCharArray());
char [] password;
if (_keyPassword == null) {
password = null;
} else {
password = _keyPassword.toCharArray();
}
return (PrivateKey) _ks.getKey(alias, password);
} catch (KeyStoreException kse) {
kse.printStackTrace();
return null;
Expand All @@ -86,6 +97,7 @@ public PrivateKey getPrivateKey(String alias) {
}
}

@Override
public String[] getServerAliases(String str, Principal[] principal) {
return new String[] { _alias };
}
Expand Down
2 changes: 1 addition & 1 deletion src/org/owasp/webscarab/httpclient/CertificateRepository.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ int loadPKCS12Certificate(String filename, String ksPassword)

String getKeyStoreDescription(int keystoreIndex);

int initPKCS11(String name, String library, int slotListIndex, String kspassword);
int initPKCS11(String name, String library, int slotListIndex);

int getKeyStoreCount();

Expand Down
Loading