summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMalarvizhi <malarvizhi.44@wipro.com>2021-03-09 23:27:01 -0800
committerMalarvizhi <malarvizhi.44@wipro.com>2021-03-09 23:27:01 -0800
commitf11165e00b6633187f8ab0b002ed6f7e196260d5 (patch)
tree91ebc05684bca4331d06ad958cbdbc77c14a6bb8
parent6403adcbac7bd6350310fe0eb7562a378a253b4a (diff)
Fix weak cryptography issues2.3.2
Issue-ID: OPTFRA-927 Signed-off-by: Malarvizhi Paramasivam <malarvizhi.44@wipro.com> Change-Id: I2ae9a114b9825c3d3e6faa31afb72a54cdf0c423
-rw-r--r--cmso-database/pom.xml2
-rw-r--r--cmso-logger/pom.xml2
-rw-r--r--cmso-optimizer/pom.xml2
-rw-r--r--cmso-optimizer/src/main/java/org/onap/optf/cmso/optimizer/common/PropertiesManagement.java28
-rw-r--r--cmso-optimizer/src/main/resources/META-INF/resources/swagger/swagger.json2
-rw-r--r--cmso-robot/pom.xml2
-rw-r--r--cmso-service/pom.xml2
-rw-r--r--cmso-service/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java24
-rw-r--r--cmso-service/src/main/resources/META-INF/resources/swagger/swagger.json30
-rw-r--r--cmso-sonar/pom.xml2
-rw-r--r--cmso-ticketmgt/pom.xml2
-rw-r--r--cmso-ticketmgt/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java26
-rw-r--r--cmso-ticketmgt/src/main/resources/META-INF/resources/swagger/swagger.json2
-rw-r--r--cmso-topology/pom.xml2
-rw-r--r--cmso-topology/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java24
-rw-r--r--cmso-topology/src/main/resources/META-INF/resources/swagger/swagger.json2
-rw-r--r--pom.xml2
-rw-r--r--version.properties2
18 files changed, 94 insertions, 64 deletions
diff --git a/cmso-database/pom.xml b/cmso-database/pom.xml
index c576d1f..190845e 100644
--- a/cmso-database/pom.xml
+++ b/cmso-database/pom.xml
@@ -36,7 +36,7 @@
<parent>
<groupId>org.onap.optf.cmso</groupId>
<artifactId>cmso</artifactId>
- <version>2.3.1-SNAPSHOT</version>
+ <version>2.3.2-SNAPSHOT</version>
</parent>
<groupId>org.onap.optf.cmso</groupId>
diff --git a/cmso-logger/pom.xml b/cmso-logger/pom.xml
index 0079f6f..d857eb2 100644
--- a/cmso-logger/pom.xml
+++ b/cmso-logger/pom.xml
@@ -5,7 +5,7 @@
<parent>
<artifactId>cmso</artifactId>
<groupId>org.onap.optf.cmso</groupId>
- <version>2.3.1-SNAPSHOT</version>
+ <version>2.3.2-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/cmso-optimizer/pom.xml b/cmso-optimizer/pom.xml
index 32a5546..1cca4ad 100644
--- a/cmso-optimizer/pom.xml
+++ b/cmso-optimizer/pom.xml
@@ -19,7 +19,7 @@
<parent>
<groupId>org.onap.optf.cmso</groupId>
<artifactId>cmso</artifactId>
- <version>2.3.1-SNAPSHOT</version>
+ <version>2.3.2-SNAPSHOT</version>
</parent>
<groupId>org.onap.optf.cmso.optimizer</groupId>
diff --git a/cmso-optimizer/src/main/java/org/onap/optf/cmso/optimizer/common/PropertiesManagement.java b/cmso-optimizer/src/main/java/org/onap/optf/cmso/optimizer/common/PropertiesManagement.java
index 12da757..6bf0ee8 100644
--- a/cmso-optimizer/src/main/java/org/onap/optf/cmso/optimizer/common/PropertiesManagement.java
+++ b/cmso-optimizer/src/main/java/org/onap/optf/cmso/optimizer/common/PropertiesManagement.java
@@ -35,7 +35,7 @@ import javax.crypto.spec.SecretKeySpec;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Component;
-
+import java.security.SecureRandom;
/**
* The Class PropertiesManagement.
*/
@@ -47,14 +47,15 @@ public class PropertiesManagement {
private static final String algorithm = "AES";
- private static final String cipherMode = "CBC";
+ private static final String cipherMode = "GCM";
- private static final String paddingScheme = "PKCS5Padding";
+ private static final String paddingScheme = "NoPadding";
private static final String transformation = algorithm + "/" + cipherMode + "/" + paddingScheme;
- private static final String initVector = "ONAPCMSOVECTORIV"; // 16 bytes IV
-
+ private static final SecureRandom random = new SecureRandom();
+
+
@Autowired
Environment env;
@@ -80,7 +81,7 @@ public class PropertiesManagement {
public static String getDecryptedValue(String value) {
if (value.startsWith("enc:")) {
String secret = getSecret();
- value = decrypt(secret, initVector, value.substring(4));
+ value = decrypt(secret, value.substring(4));
}
return value;
}
@@ -93,13 +94,16 @@ public class PropertiesManagement {
*/
public static String getEncryptedValue(String value) {
String secret = getSecret();
- value = encrypt(secret, initVector, value);
+ value = encrypt(secret, value);
return value;
}
- private static final String encrypt(String key, String initVector, String value) {
+ private static final String encrypt(String key, String value) {
try {
- IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
+
+ byte[] bytesIV = new byte[16];
+ random.nextBytes(bytesIV);
+ IvParameterSpec iv = new IvParameterSpec(bytesIV);
SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
Cipher cipher = Cipher.getInstance(transformation);
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);
@@ -113,9 +117,11 @@ public class PropertiesManagement {
return null;
}
- private static final String decrypt(String key, String initVector, String encrypted) {
+ private static final String decrypt(String key, String encrypted) {
try {
- IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
+ byte[] bytesIV = new byte[16];
+ random.nextBytes(bytesIV);
+ IvParameterSpec iv = new IvParameterSpec(bytesIV);
SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
Cipher cipher = Cipher.getInstance(transformation);
cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);
diff --git a/cmso-optimizer/src/main/resources/META-INF/resources/swagger/swagger.json b/cmso-optimizer/src/main/resources/META-INF/resources/swagger/swagger.json
index cdac14e..f260bb1 100644
--- a/cmso-optimizer/src/main/resources/META-INF/resources/swagger/swagger.json
+++ b/cmso-optimizer/src/main/resources/META-INF/resources/swagger/swagger.json
@@ -1,7 +1,7 @@
{
"swagger" : "2.0",
"info" : {
- "version" : "2.3.0-SNAPSHOT",
+ "version" : "2.3.1-SNAPSHOT",
"title" : "cmso-optimizer"
},
"basePath" : "/optimizer",
diff --git a/cmso-robot/pom.xml b/cmso-robot/pom.xml
index b9a06bd..4fd1e6a 100644
--- a/cmso-robot/pom.xml
+++ b/cmso-robot/pom.xml
@@ -24,7 +24,7 @@
<parent>
<groupId>org.onap.optf.cmso</groupId>
<artifactId>cmso</artifactId>
- <version>2.3.1-SNAPSHOT</version>
+ <version>2.3.2-SNAPSHOT</version>
</parent>
<groupId>org.onap.optf.cmso</groupId>
diff --git a/cmso-service/pom.xml b/cmso-service/pom.xml
index 37be396..c642a59 100644
--- a/cmso-service/pom.xml
+++ b/cmso-service/pom.xml
@@ -30,7 +30,7 @@
<parent>
<groupId>org.onap.optf.cmso</groupId>
<artifactId>cmso</artifactId>
- <version>2.3.1-SNAPSHOT</version>
+ <version>2.3.2-SNAPSHOT</version>
</parent>
<groupId>org.onap.optf.cmso.service</groupId>
diff --git a/cmso-service/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java b/cmso-service/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java
index b16c52a..3f7a808 100644
--- a/cmso-service/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java
+++ b/cmso-service/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java
@@ -40,7 +40,7 @@ import javax.crypto.spec.SecretKeySpec;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Component;
-
+import java.security.SecureRandom;
/**
* The Class PropertiesManagement.
*/
@@ -51,10 +51,10 @@ public class PropertiesManagement {
private static EELFLogger errors = EELFManager.getInstance().getErrorLogger();
private static final String algorithm = "AES";
- private static final String cipherMode = "CBC";
- private static final String paddingScheme = "PKCS5Padding";
+ private static final String cipherMode = "GCM";
+ private static final String paddingScheme = "NoPadding";
private static final String transformation = algorithm + "/" + cipherMode + "/" + paddingScheme;
- private static final String initVector = "ONAPCMSOVECTORIV"; // 16 bytes IV
+ private static final SecureRandom random = new SecureRandom();
@Autowired
Environment env;
@@ -81,7 +81,7 @@ public class PropertiesManagement {
public static String getDecryptedValue(String value) {
if (value.startsWith("enc:")) {
String secret = getSecret();
- value = decrypt(secret, initVector, value.substring(4));
+ value = decrypt(secret, value.substring(4));
}
return value;
}
@@ -94,13 +94,15 @@ public class PropertiesManagement {
*/
public static String getEncryptedValue(String value) {
String secret = getSecret();
- value = encrypt(secret, initVector, value);
+ value = encrypt(secret, value);
return value;
}
- private static final String encrypt(String key, String initVector, String value) {
+ private static final String encrypt(String key, String value) {
try {
- IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
+ byte[] bytesIV = new byte[16];
+ random.nextBytes(bytesIV);
+ IvParameterSpec iv = new IvParameterSpec(bytesIV);
SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
Cipher cipher = Cipher.getInstance(transformation);
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);
@@ -114,9 +116,11 @@ public class PropertiesManagement {
return null;
}
- private static final String decrypt(String key, String initVector, String encrypted) {
+ private static final String decrypt(String key, String encrypted) {
try {
- IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
+ byte[] bytesIV = new byte[16];
+ random.nextBytes(bytesIV);
+ IvParameterSpec iv = new IvParameterSpec(bytesIV);
SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
Cipher cipher = Cipher.getInstance(transformation);
cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);
diff --git a/cmso-service/src/main/resources/META-INF/resources/swagger/swagger.json b/cmso-service/src/main/resources/META-INF/resources/swagger/swagger.json
index 932e117..eb563ad 100644
--- a/cmso-service/src/main/resources/META-INF/resources/swagger/swagger.json
+++ b/cmso-service/src/main/resources/META-INF/resources/swagger/swagger.json
@@ -1,7 +1,7 @@
{
"swagger" : "2.0",
"info" : {
- "version" : "2.3.0-SNAPSHOT",
+ "version" : "2.3.1-SNAPSHOT",
"title" : "cmso-service"
},
"basePath" : "/cmso",
@@ -774,15 +774,25 @@
"format" : "int32",
"description" : "Maximum number of VNF changes to schedule concurrently"
},
- "policyId" : {
- "type" : "string",
- "description" : "Name of schedule optimization policy used by the change management cmso optimizer to determine available time slot"
+ "changeWindows" : {
+ "type" : "array",
+ "description" : "Lists of desired change windows to schedule the elements.",
+ "items" : {
+ "$ref" : "#/definitions/Change Window"
+ }
+ },
+ "policies" : {
+ "type" : "array",
+ "description" : "List of the policies to control optimization.",
+ "items" : {
+ "$ref" : "#/definitions/Supported Policy Information"
+ }
},
- "vnfDetails" : {
+ "elements" : {
"type" : "array",
"description" : "Lists of the VNFs to be changed and the desired change windows",
"items" : {
- "$ref" : "#/definitions/VNF Details"
+ "$ref" : "#/definitions/Optimizer Element"
}
}
},
@@ -793,14 +803,16 @@
"properties" : {
"startTime" : {
"type" : "string",
- "description" : "Earliest time that a set of changes may begin."
+ "format" : "date-time",
+ "description" : "Earliest time for which changes may begin."
},
"endTime" : {
"type" : "string",
- "description" : "Latest time by which all changes must be completed"
+ "format" : "date-time",
+ "description" : "Latest time by which all changes must be completed."
}
},
- "description" : "Time window within which the scheduler optimizer can schedule the changes for the group of NVFs"
+ "description" : "Time window for which tickets are to returned"
},
"CmDetailsMessage" : {
"type" : "object",
diff --git a/cmso-sonar/pom.xml b/cmso-sonar/pom.xml
index 6a925de..4b5052b 100644
--- a/cmso-sonar/pom.xml
+++ b/cmso-sonar/pom.xml
@@ -24,7 +24,7 @@
<parent>
<groupId>org.onap.optf.cmso</groupId>
<artifactId>cmso</artifactId>
- <version>2.3.1-SNAPSHOT</version>
+ <version>2.3.2-SNAPSHOT</version>
</parent>
<groupId>org.onap.optf.cmso.sonar</groupId>
diff --git a/cmso-ticketmgt/pom.xml b/cmso-ticketmgt/pom.xml
index e98e910..922cdad 100644
--- a/cmso-ticketmgt/pom.xml
+++ b/cmso-ticketmgt/pom.xml
@@ -19,7 +19,7 @@
<parent>
<groupId>org.onap.optf.cmso</groupId>
<artifactId>cmso</artifactId>
- <version>2.3.1-SNAPSHOT</version>
+ <version>2.3.2-SNAPSHOT</version>
</parent>
<groupId>org.onap.optf.cmso.ticketmgt</groupId>
diff --git a/cmso-ticketmgt/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java b/cmso-ticketmgt/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java
index 8d739ee..c36a587 100644
--- a/cmso-ticketmgt/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java
+++ b/cmso-ticketmgt/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java
@@ -40,7 +40,7 @@ import javax.crypto.spec.SecretKeySpec;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Component;
-
+import java.security.SecureRandom;
/**
* The Class PropertiesManagement.
*/
@@ -51,11 +51,10 @@ public class PropertiesManagement {
private static EELFLogger errors = EELFManager.getInstance().getErrorLogger();
private static final String algorithm = "AES";
- private static final String cipherMode = "CBC";
- private static final String paddingScheme = "PKCS5Padding";
+ private static final String cipherMode = "GCM";
+ private static final String paddingScheme = "NoPadding";
private static final String transformation = algorithm + "/" + cipherMode + "/" + paddingScheme;
-
- private static final String initVector = "ONAPCMSOVECTORIV"; // 16 bytes IV
+ private static final SecureRandom random = new SecureRandom();
@Autowired
Environment env;
@@ -82,7 +81,7 @@ public class PropertiesManagement {
public static String getDecryptedValue(String value) {
if (value.startsWith("enc:")) {
String secret = getSecret();
- value = decrypt(secret, initVector, value.substring(4));
+ value = decrypt(secret,value.substring(4));
}
return value;
}
@@ -95,13 +94,15 @@ public class PropertiesManagement {
*/
public static String getEncryptedValue(String value) {
String secret = getSecret();
- value = encrypt(secret, initVector, value);
+ value = encrypt(secret, value);
return value;
}
- private static final String encrypt(String key, String initVector, String value) {
+ private static final String encrypt(String key, String value) {
try {
- IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
+ byte[] bytesIV = new byte[16];
+ random.nextBytes(bytesIV);
+ IvParameterSpec iv = new IvParameterSpec(bytesIV);
SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
Cipher cipher = Cipher.getInstance(transformation);
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);
@@ -115,9 +116,12 @@ public class PropertiesManagement {
return null;
}
- private static final String decrypt(String key, String initVector, String encrypted) {
+ private static final String decrypt(String key, String encrypted) {
try {
- IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
+
+ byte[] bytesIV = new byte[16];
+ random.nextBytes(bytesIV);
+ IvParameterSpec iv = new IvParameterSpec(bytesIV);
SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
Cipher cipher = Cipher.getInstance(transformation);
cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);
diff --git a/cmso-ticketmgt/src/main/resources/META-INF/resources/swagger/swagger.json b/cmso-ticketmgt/src/main/resources/META-INF/resources/swagger/swagger.json
index 0b4ad51..3cac0bb 100644
--- a/cmso-ticketmgt/src/main/resources/META-INF/resources/swagger/swagger.json
+++ b/cmso-ticketmgt/src/main/resources/META-INF/resources/swagger/swagger.json
@@ -1,7 +1,7 @@
{
"swagger" : "2.0",
"info" : {
- "version" : "2.3.0-SNAPSHOT",
+ "version" : "2.3.1-SNAPSHOT",
"title" : "cmso-ticketmgt"
},
"basePath" : "/ticketmgt",
diff --git a/cmso-topology/pom.xml b/cmso-topology/pom.xml
index 9e8853f..ec63f46 100644
--- a/cmso-topology/pom.xml
+++ b/cmso-topology/pom.xml
@@ -19,7 +19,7 @@
<parent>
<groupId>org.onap.optf.cmso</groupId>
<artifactId>cmso</artifactId>
- <version>2.3.1-SNAPSHOT</version>
+ <version>2.3.2-SNAPSHOT</version>
</parent>
<groupId>org.onap.optf.cmso.topology</groupId>
diff --git a/cmso-topology/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java b/cmso-topology/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java
index fadad45..8af1aea 100644
--- a/cmso-topology/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java
+++ b/cmso-topology/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java
@@ -35,6 +35,7 @@ import javax.crypto.spec.SecretKeySpec;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Component;
+import java.security.SecureRandom;
@Component
public class PropertiesManagement {
@@ -43,11 +44,10 @@ public class PropertiesManagement {
private static EELFLogger errors = EELFManager.getInstance().getErrorLogger();
private static final String algorithm = "AES";
- private static final String cipherMode = "CBC";
- private static final String paddingScheme = "PKCS5Padding";
+ private static final String cipherMode = "GCM";
+ private static final String paddingScheme = "NoPadding";
private static final String transformation = algorithm + "/" + cipherMode + "/" + paddingScheme;
-
- private static final String initVector = "ONAPCMSOVECTORIV"; // 16 bytes IV
+ private static final SecureRandom random = new SecureRandom();
@Autowired
Environment env;
@@ -74,7 +74,7 @@ public class PropertiesManagement {
public static String getDecryptedValue(String value) {
if (value.startsWith("enc:")) {
String secret = getSecret();
- value = decrypt(secret, initVector, value.substring(4));
+ value = decrypt(secret, value.substring(4));
}
return value;
}
@@ -87,13 +87,15 @@ public class PropertiesManagement {
*/
public static String getEncryptedValue(String value) {
String secret = getSecret();
- value = encrypt(secret, initVector, value);
+ value = encrypt(secret, value);
return value;
}
- private static final String encrypt(String key, String initVector, String value) {
+ private static final String encrypt(String key, String value) {
try {
- IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
+ byte[] bytesIV = new byte[16];
+ random.nextBytes(bytesIV);
+ IvParameterSpec iv = new IvParameterSpec(bytesIV);
SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
Cipher cipher = Cipher.getInstance(transformation);
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);
@@ -107,9 +109,11 @@ public class PropertiesManagement {
return null;
}
- private static final String decrypt(String key, String initVector, String encrypted) {
+ private static final String decrypt(String key, String encrypted) {
try {
- IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
+ byte[] bytesIV = new byte[16];
+ random.nextBytes(bytesIV);
+ IvParameterSpec iv = new IvParameterSpec(bytesIV);
SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
Cipher cipher = Cipher.getInstance(transformation);
cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);
diff --git a/cmso-topology/src/main/resources/META-INF/resources/swagger/swagger.json b/cmso-topology/src/main/resources/META-INF/resources/swagger/swagger.json
index 1168133..c6aeba7 100644
--- a/cmso-topology/src/main/resources/META-INF/resources/swagger/swagger.json
+++ b/cmso-topology/src/main/resources/META-INF/resources/swagger/swagger.json
@@ -1,7 +1,7 @@
{
"swagger" : "2.0",
"info" : {
- "version" : "2.3.0-SNAPSHOT",
+ "version" : "2.3.1-SNAPSHOT",
"title" : "cmso-topology"
},
"basePath" : "/topology",
diff --git a/pom.xml b/pom.xml
index d8dcb2f..2fc9f83 100644
--- a/pom.xml
+++ b/pom.xml
@@ -43,7 +43,7 @@
<groupId>org.onap.optf.cmso</groupId>
<artifactId>cmso</artifactId>
- <version>2.3.1-SNAPSHOT</version>
+ <version>2.3.2-SNAPSHOT</version>
<packaging>pom</packaging>
<name>optf-cmso</name>
diff --git a/version.properties b/version.properties
index c1a568d..2af7a4f 100644
--- a/version.properties
+++ b/version.properties
@@ -27,7 +27,7 @@
major=2
minor=3
-patch=1
+patch=2
base_version=${major}.${minor}.${patch}