The following document contains the results of Rat (Release Audit Tool).
*****************************************************
Summary
-------
Generated at: 2017-03-12T00:13:33-05:00
Notes: 0
Binaries: 0
Archives: 0
Standards: 25
Apache Licensed: 17
Generated Documents: 0
JavaDocs are generated, thus a license header is optional.
Generated files do not require license headers.
7 Unknown Licenses
*****************************************************
Files with unapproved licenses:
C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/pom.xml
C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/java/org/miloss/fgsms/common/AES.java
C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/java/org/miloss/fgsms/common/aes256.key
C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/java/org/miloss/fgsms/common/Constants.java
C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/java/org/miloss/fgsms/common/Logger.java
C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/java/org/miloss/fgsms/tomcat/jdbcp/EncryptedConnectionFactory.java
C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/resources/fgsms-aes128.key
*****************************************************
*****************************************************
Files with Apache License headers will be marked AL
Binary files (which do not require any license headers) will be marked B
Compressed archives will be marked A
Notices, licenses etc. will be marked N
!????? C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/pom.xml
!????? C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/java/org/miloss/fgsms/common/AES.java
!????? C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/java/org/miloss/fgsms/common/aes256.key
MIT C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/java/org/miloss/fgsms/common/AesCbcWithIntegrity.java
AL C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/java/org/miloss/fgsms/common/codec/Base64.java
AL C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/java/org/miloss/fgsms/common/codec/BaseNCodec.java
AL C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/java/org/miloss/fgsms/common/codec/BinaryCodec.java
AL C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/java/org/miloss/fgsms/common/codec/BinaryDecoder.java
AL C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/java/org/miloss/fgsms/common/codec/BinaryEncoder.java
AL C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/java/org/miloss/fgsms/common/codec/CharEncoding.java
AL C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/java/org/miloss/fgsms/common/codec/CharSequenceUtils.java
AL C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/java/org/miloss/fgsms/common/codec/Charsets.java
AL C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/java/org/miloss/fgsms/common/codec/Decoder.java
AL C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/java/org/miloss/fgsms/common/codec/DecoderException.java
AL C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/java/org/miloss/fgsms/common/codec/Encoder.java
AL C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/java/org/miloss/fgsms/common/codec/EncoderException.java
AL C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/java/org/miloss/fgsms/common/codec/Hex.java
AL C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/java/org/miloss/fgsms/common/codec/StringDecoder.java
AL C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/java/org/miloss/fgsms/common/codec/StringEncoder.java
AL C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/java/org/miloss/fgsms/common/codec/StringEncoderComparator.java
AL C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/java/org/miloss/fgsms/common/codec/StringUtils.java
!????? C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/java/org/miloss/fgsms/common/Constants.java
!????? C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/java/org/miloss/fgsms/common/Logger.java
!????? C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/java/org/miloss/fgsms/tomcat/jdbcp/EncryptedConnectionFactory.java
!????? C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/resources/fgsms-aes128.key
*****************************************************
Printing headers for text files without a valid license header...
=====================================================
== File: C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/pom.xml
=====================================================
<?xml version="1.0" encoding="UTF-8"?>
<!--
This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0. If a copy of the MPL was not distributed with this
file, You can obtain one at http://mozilla.org/MPL/2.0/.
If it is not possible or desirable to put the notice in a particular
file, then You may include the notice in a location (such as a LICENSE
file in a relevant directory) where a recipient would be likely to look
for such a notice.
U.S. Government, Department of the Army
Army Materiel Command
Research Development Engineering Command
Communications Electronics Research Development and Engineering Center
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.mil-oss</groupId>
<artifactId>fgsms-server</artifactId>
<version>7.0.0</version>
</parent>
<artifactId>fgsms-tomcat-jdbc</artifactId>
<packaging>bundle</packaging>
<name>fgsms Tomcat JDCP Encryption Connection</name>
<description>Supports the encryption of jdbc database credentials for tomcat</description>
<dependencies>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<scope>provided</scope>
<!-- included in tomcat's lib directory already -->
</dependency>
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-dbcp</artifactId>
<version>7.0.73</version>
<scope>provided</scope>
<type>jar</type>
<!-- included in tomcat's lib directory already -->
</dependency>
</dependencies>
<build>
=====================================================
== File: C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/java/org/miloss/fgsms/common/AES.java
=====================================================
/**
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* If it is not possible or desirable to put the notice in a particular
* file, then You may include the notice in a location (such as a LICENSE
* file in a relevant directory) where a recipient would be likely to look
* for such a notice.
*
*
*/
/* ---------------------------------------------------------------------------
* U.S. Government, Department of the Army
* Army Materiel Command
* Research Development Engineering Command
* Communications Electronics Research Development and Engineering Center
* ---------------------------------------------------------------------------
*/
package org.miloss.fgsms.common;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.io.*;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.GeneralSecurityException;
import org.apache.log4j.Level;
import org.miloss.fgsms.common.Logger;
import org.miloss.fgsms.common.codec.Base64;
;
/**
* This program uses a AES key, retrieves its raw bytes, and then reinstantiates
* a AES key from the key bytes. The reinstantiated key is used to initialize a
* AES cipher for encryption and decryption. source :
* http://java.sun.com/developer/technicalArticles/Security/AES/AES_v1.html
*
* This is the encryption/decryption module of fgsms. used for passwords and
* certain database columns
*/
public class AES {
public final static boolean isJCEInstalled;
public static final String logname = "fgsms.Utility";
public static final Logger log = Logger.getLogger(logname);
=====================================================
== File: C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/java/org/miloss/fgsms/common/aes256.key
=====================================================
dde284c781d60ca0b56c4b23eec85217951dc99869402abd42c7dcc9080d60aa
=====================================================
== File: C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/java/org/miloss/fgsms/common/Constants.java
=====================================================
/**
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* If it is not possible or desirable to put the notice in a particular
* file, then You may include the notice in a location (such as a LICENSE
* file in a relevant directory) where a recipient would be likely to look
* for such a notice.
*
*/
/* ---------------------------------------------------------------------------
* U.S. Government, Department of the Army
* Army Materiel Command
* Research Development Engineering Command
* Communications Electronics Research Development and Engineering Center
* ---------------------------------------------------------------------------
*/
package org.miloss.fgsms.common;
/**
* A collection of constants, also versioning information
*
* @author AO
*/
public class Constants {
public static final String CHARSET="UTF-8";
/**
* Used for OS Agent Property Pair callbacks
* @since 6.3
*/
public static final String PROPERTYPAIR_OS_AGENT_CALLBACK_URL = "org.miloss.fgsms.osagent.callbackaddress";
/**
* @since 6.3
*/
public static final String PROPERTYPAIR_OS_AGENT_STARTED = "org.miloss.fgsms.osagent.startedat.epoch";
public static final String oneway = "fgsms.oneway";
public static final String DAS_META = "DASv8.wsdl";
public static final String DCS_META = "DCS8.wsdl";
public static final String PCS_META = "PCS8.wsdl";
public static final String RS_META = "RSv6.wsdl";
public static final String SS_META = "Statusv6.wsdl";
public static final String ARS_META = "ARSv1.wsdl";
public static final String ACS_META = "AgentConf.wsdl";
public static final String ACSA_META = "AgentConfAdmin.wsdl";
/**
* @since 6.3
*/
=====================================================
== File: C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/java/org/miloss/fgsms/common/Logger.java
=====================================================
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package org.miloss.fgsms.common;
import java.util.Enumeration;
import java.util.ResourceBundle;
import org.apache.log4j.Appender;
import org.apache.log4j.Category;
import org.apache.log4j.Level;
import org.apache.log4j.Priority;
import org.apache.log4j.spi.LoggerFactory;
import org.apache.log4j.spi.LoggingEvent;
/**
* Mirrors Apache Log4j and acts as a wrapper. Modeled after the OWASP
* Enterprise Security API ESAPI
*
* Primary function, protect against log forging
*
* @author alex.oree
*/
public class Logger {
final static String CHAR_WHITELIST = "[^A-Za-z0-9 \\?\\\\\\!@#\\$%\\^&\\*\\(\\)\\;\\:/\\.,\\+\\<\\>\\-_\\=\\{\\}\\|'\"\\[\\]]";
/**
* this is the method that provides log forging prevention, basically,
* remove new lines from the log message, stack traces are excluded
* @param message
* @return
*/
private static String protect(Object message) {
if (message == null) {
return null;
}
String content = message.toString();
if (content != null) {
return content.replaceAll(CHAR_WHITELIST,"");//('\n', '_').replace('\r', '_');
} else {
return null;
}
}
final org.apache.log4j.Logger parent;
protected Logger(String name) {
parent = org.apache.log4j.Logger.getLogger(name);
}
=====================================================
== File: C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/java/org/miloss/fgsms/tomcat/jdbcp/EncryptedConnectionFactory.java
=====================================================
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package org.miloss.fgsms.tomcat.jdbcp;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.Name;
import org.apache.tomcat.dbcp.dbcp.BasicDataSource;
import org.miloss.fgsms.common.AES;
/**
* Automagically decrypts passwords for JDBC connections
* @author alex.oree
*/
public class EncryptedConnectionFactory extends org.apache.tomcat.dbcp.dbcp.BasicDataSourceFactory {
@Override
public Object getObjectInstance(Object obj, Name name, Context nameCtx, Hashtable environment) throws Exception {
Object o = super.getObjectInstance(obj, name, nameCtx, environment);
if (o != null) {
BasicDataSource ds = (BasicDataSource) o;
if (ds.getPassword() != null && ds.getPassword().length() > 0) {
ds.setPassword(AES.DE(ds.getPassword()));
}
return ds;
} else {
return null;
}
}
}
=====================================================
== File: C:/projects/fgsms/fgsms-server/fgsms-tomcat-jdbc/src/main/resources/fgsms-aes128.key
=====================================================
m0b3b70CH0P4Ua7rxksnRw==:o1QNVJ/KY453VEB3VsQn39tQpu5yKovGAH/LQvyzawI=