diff options
author | Malarvizhi <malarvizhi.44@wipro.com> | 2021-03-09 23:27:01 -0800 |
---|---|---|
committer | Malarvizhi <malarvizhi.44@wipro.com> | 2021-03-09 23:27:01 -0800 |
commit | f11165e00b6633187f8ab0b002ed6f7e196260d5 (patch) | |
tree | 91ebc05684bca4331d06ad958cbdbc77c14a6bb8 | |
parent | 6403adcbac7bd6350310fe0eb7562a378a253b4a (diff) |
Fix weak cryptography issues2.3.2
Issue-ID: OPTFRA-927
Signed-off-by: Malarvizhi Paramasivam <malarvizhi.44@wipro.com>
Change-Id: I2ae9a114b9825c3d3e6faa31afb72a54cdf0c423
18 files changed, 94 insertions, 64 deletions
diff --git a/cmso-database/pom.xml b/cmso-database/pom.xml index c576d1f..190845e 100644 --- a/cmso-database/pom.xml +++ b/cmso-database/pom.xml @@ -36,7 +36,7 @@ <parent>
<groupId>org.onap.optf.cmso</groupId>
<artifactId>cmso</artifactId>
- <version>2.3.1-SNAPSHOT</version>
+ <version>2.3.2-SNAPSHOT</version>
</parent>
<groupId>org.onap.optf.cmso</groupId>
diff --git a/cmso-logger/pom.xml b/cmso-logger/pom.xml index 0079f6f..d857eb2 100644 --- a/cmso-logger/pom.xml +++ b/cmso-logger/pom.xml @@ -5,7 +5,7 @@ <parent> <artifactId>cmso</artifactId> <groupId>org.onap.optf.cmso</groupId> - <version>2.3.1-SNAPSHOT</version> + <version>2.3.2-SNAPSHOT</version> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/cmso-optimizer/pom.xml b/cmso-optimizer/pom.xml index 32a5546..1cca4ad 100644 --- a/cmso-optimizer/pom.xml +++ b/cmso-optimizer/pom.xml @@ -19,7 +19,7 @@ <parent> <groupId>org.onap.optf.cmso</groupId> <artifactId>cmso</artifactId> - <version>2.3.1-SNAPSHOT</version> + <version>2.3.2-SNAPSHOT</version> </parent> <groupId>org.onap.optf.cmso.optimizer</groupId> diff --git a/cmso-optimizer/src/main/java/org/onap/optf/cmso/optimizer/common/PropertiesManagement.java b/cmso-optimizer/src/main/java/org/onap/optf/cmso/optimizer/common/PropertiesManagement.java index 12da757..6bf0ee8 100644 --- a/cmso-optimizer/src/main/java/org/onap/optf/cmso/optimizer/common/PropertiesManagement.java +++ b/cmso-optimizer/src/main/java/org/onap/optf/cmso/optimizer/common/PropertiesManagement.java @@ -35,7 +35,7 @@ import javax.crypto.spec.SecretKeySpec; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.core.env.Environment; import org.springframework.stereotype.Component; - +import java.security.SecureRandom; /** * The Class PropertiesManagement. */ @@ -47,14 +47,15 @@ public class PropertiesManagement { private static final String algorithm = "AES"; - private static final String cipherMode = "CBC"; + private static final String cipherMode = "GCM"; - private static final String paddingScheme = "PKCS5Padding"; + private static final String paddingScheme = "NoPadding"; private static final String transformation = algorithm + "/" + cipherMode + "/" + paddingScheme; - private static final String initVector = "ONAPCMSOVECTORIV"; // 16 bytes IV - + private static final SecureRandom random = new SecureRandom(); + + @Autowired Environment env; @@ -80,7 +81,7 @@ public class PropertiesManagement { public static String getDecryptedValue(String value) { if (value.startsWith("enc:")) { String secret = getSecret(); - value = decrypt(secret, initVector, value.substring(4)); + value = decrypt(secret, value.substring(4)); } return value; } @@ -93,13 +94,16 @@ public class PropertiesManagement { */ public static String getEncryptedValue(String value) { String secret = getSecret(); - value = encrypt(secret, initVector, value); + value = encrypt(secret, value); return value; } - private static final String encrypt(String key, String initVector, String value) { + private static final String encrypt(String key, String value) { try { - IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8")); + + byte[] bytesIV = new byte[16]; + random.nextBytes(bytesIV); + IvParameterSpec iv = new IvParameterSpec(bytesIV); SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES"); Cipher cipher = Cipher.getInstance(transformation); cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv); @@ -113,9 +117,11 @@ public class PropertiesManagement { return null; } - private static final String decrypt(String key, String initVector, String encrypted) { + private static final String decrypt(String key, String encrypted) { try { - IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8")); + byte[] bytesIV = new byte[16]; + random.nextBytes(bytesIV); + IvParameterSpec iv = new IvParameterSpec(bytesIV); SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES"); Cipher cipher = Cipher.getInstance(transformation); cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv); diff --git a/cmso-optimizer/src/main/resources/META-INF/resources/swagger/swagger.json b/cmso-optimizer/src/main/resources/META-INF/resources/swagger/swagger.json index cdac14e..f260bb1 100644 --- a/cmso-optimizer/src/main/resources/META-INF/resources/swagger/swagger.json +++ b/cmso-optimizer/src/main/resources/META-INF/resources/swagger/swagger.json @@ -1,7 +1,7 @@ { "swagger" : "2.0", "info" : { - "version" : "2.3.0-SNAPSHOT", + "version" : "2.3.1-SNAPSHOT", "title" : "cmso-optimizer" }, "basePath" : "/optimizer", diff --git a/cmso-robot/pom.xml b/cmso-robot/pom.xml index b9a06bd..4fd1e6a 100644 --- a/cmso-robot/pom.xml +++ b/cmso-robot/pom.xml @@ -24,7 +24,7 @@ <parent>
<groupId>org.onap.optf.cmso</groupId>
<artifactId>cmso</artifactId>
- <version>2.3.1-SNAPSHOT</version>
+ <version>2.3.2-SNAPSHOT</version>
</parent>
<groupId>org.onap.optf.cmso</groupId>
diff --git a/cmso-service/pom.xml b/cmso-service/pom.xml index 37be396..c642a59 100644 --- a/cmso-service/pom.xml +++ b/cmso-service/pom.xml @@ -30,7 +30,7 @@ <parent>
<groupId>org.onap.optf.cmso</groupId>
<artifactId>cmso</artifactId>
- <version>2.3.1-SNAPSHOT</version>
+ <version>2.3.2-SNAPSHOT</version>
</parent>
<groupId>org.onap.optf.cmso.service</groupId>
diff --git a/cmso-service/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java b/cmso-service/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java index b16c52a..3f7a808 100644 --- a/cmso-service/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java +++ b/cmso-service/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java @@ -40,7 +40,7 @@ import javax.crypto.spec.SecretKeySpec; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Component;
-
+import java.security.SecureRandom;
/**
* The Class PropertiesManagement.
*/
@@ -51,10 +51,10 @@ public class PropertiesManagement { private static EELFLogger errors = EELFManager.getInstance().getErrorLogger();
private static final String algorithm = "AES";
- private static final String cipherMode = "CBC";
- private static final String paddingScheme = "PKCS5Padding";
+ private static final String cipherMode = "GCM";
+ private static final String paddingScheme = "NoPadding";
private static final String transformation = algorithm + "/" + cipherMode + "/" + paddingScheme;
- private static final String initVector = "ONAPCMSOVECTORIV"; // 16 bytes IV
+ private static final SecureRandom random = new SecureRandom();
@Autowired
Environment env;
@@ -81,7 +81,7 @@ public class PropertiesManagement { public static String getDecryptedValue(String value) {
if (value.startsWith("enc:")) {
String secret = getSecret();
- value = decrypt(secret, initVector, value.substring(4));
+ value = decrypt(secret, value.substring(4));
}
return value;
}
@@ -94,13 +94,15 @@ public class PropertiesManagement { */
public static String getEncryptedValue(String value) {
String secret = getSecret();
- value = encrypt(secret, initVector, value);
+ value = encrypt(secret, value);
return value;
}
- private static final String encrypt(String key, String initVector, String value) {
+ private static final String encrypt(String key, String value) {
try {
- IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
+ byte[] bytesIV = new byte[16];
+ random.nextBytes(bytesIV);
+ IvParameterSpec iv = new IvParameterSpec(bytesIV);
SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
Cipher cipher = Cipher.getInstance(transformation);
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);
@@ -114,9 +116,11 @@ public class PropertiesManagement { return null;
}
- private static final String decrypt(String key, String initVector, String encrypted) {
+ private static final String decrypt(String key, String encrypted) {
try {
- IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
+ byte[] bytesIV = new byte[16];
+ random.nextBytes(bytesIV);
+ IvParameterSpec iv = new IvParameterSpec(bytesIV);
SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
Cipher cipher = Cipher.getInstance(transformation);
cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);
diff --git a/cmso-service/src/main/resources/META-INF/resources/swagger/swagger.json b/cmso-service/src/main/resources/META-INF/resources/swagger/swagger.json index 932e117..eb563ad 100644 --- a/cmso-service/src/main/resources/META-INF/resources/swagger/swagger.json +++ b/cmso-service/src/main/resources/META-INF/resources/swagger/swagger.json @@ -1,7 +1,7 @@ { "swagger" : "2.0", "info" : { - "version" : "2.3.0-SNAPSHOT", + "version" : "2.3.1-SNAPSHOT", "title" : "cmso-service" }, "basePath" : "/cmso", @@ -774,15 +774,25 @@ "format" : "int32", "description" : "Maximum number of VNF changes to schedule concurrently" }, - "policyId" : { - "type" : "string", - "description" : "Name of schedule optimization policy used by the change management cmso optimizer to determine available time slot" + "changeWindows" : { + "type" : "array", + "description" : "Lists of desired change windows to schedule the elements.", + "items" : { + "$ref" : "#/definitions/Change Window" + } + }, + "policies" : { + "type" : "array", + "description" : "List of the policies to control optimization.", + "items" : { + "$ref" : "#/definitions/Supported Policy Information" + } }, - "vnfDetails" : { + "elements" : { "type" : "array", "description" : "Lists of the VNFs to be changed and the desired change windows", "items" : { - "$ref" : "#/definitions/VNF Details" + "$ref" : "#/definitions/Optimizer Element" } } }, @@ -793,14 +803,16 @@ "properties" : { "startTime" : { "type" : "string", - "description" : "Earliest time that a set of changes may begin." + "format" : "date-time", + "description" : "Earliest time for which changes may begin." }, "endTime" : { "type" : "string", - "description" : "Latest time by which all changes must be completed" + "format" : "date-time", + "description" : "Latest time by which all changes must be completed." } }, - "description" : "Time window within which the scheduler optimizer can schedule the changes for the group of NVFs" + "description" : "Time window for which tickets are to returned" }, "CmDetailsMessage" : { "type" : "object", diff --git a/cmso-sonar/pom.xml b/cmso-sonar/pom.xml index 6a925de..4b5052b 100644 --- a/cmso-sonar/pom.xml +++ b/cmso-sonar/pom.xml @@ -24,7 +24,7 @@ <parent>
<groupId>org.onap.optf.cmso</groupId>
<artifactId>cmso</artifactId>
- <version>2.3.1-SNAPSHOT</version>
+ <version>2.3.2-SNAPSHOT</version>
</parent>
<groupId>org.onap.optf.cmso.sonar</groupId>
diff --git a/cmso-ticketmgt/pom.xml b/cmso-ticketmgt/pom.xml index e98e910..922cdad 100644 --- a/cmso-ticketmgt/pom.xml +++ b/cmso-ticketmgt/pom.xml @@ -19,7 +19,7 @@ <parent> <groupId>org.onap.optf.cmso</groupId> <artifactId>cmso</artifactId> - <version>2.3.1-SNAPSHOT</version> + <version>2.3.2-SNAPSHOT</version> </parent> <groupId>org.onap.optf.cmso.ticketmgt</groupId> diff --git a/cmso-ticketmgt/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java b/cmso-ticketmgt/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java index 8d739ee..c36a587 100644 --- a/cmso-ticketmgt/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java +++ b/cmso-ticketmgt/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java @@ -40,7 +40,7 @@ import javax.crypto.spec.SecretKeySpec; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.core.env.Environment; import org.springframework.stereotype.Component; - +import java.security.SecureRandom; /** * The Class PropertiesManagement. */ @@ -51,11 +51,10 @@ public class PropertiesManagement { private static EELFLogger errors = EELFManager.getInstance().getErrorLogger(); private static final String algorithm = "AES"; - private static final String cipherMode = "CBC"; - private static final String paddingScheme = "PKCS5Padding"; + private static final String cipherMode = "GCM"; + private static final String paddingScheme = "NoPadding"; private static final String transformation = algorithm + "/" + cipherMode + "/" + paddingScheme; - - private static final String initVector = "ONAPCMSOVECTORIV"; // 16 bytes IV + private static final SecureRandom random = new SecureRandom(); @Autowired Environment env; @@ -82,7 +81,7 @@ public class PropertiesManagement { public static String getDecryptedValue(String value) { if (value.startsWith("enc:")) { String secret = getSecret(); - value = decrypt(secret, initVector, value.substring(4)); + value = decrypt(secret,value.substring(4)); } return value; } @@ -95,13 +94,15 @@ public class PropertiesManagement { */ public static String getEncryptedValue(String value) { String secret = getSecret(); - value = encrypt(secret, initVector, value); + value = encrypt(secret, value); return value; } - private static final String encrypt(String key, String initVector, String value) { + private static final String encrypt(String key, String value) { try { - IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8")); + byte[] bytesIV = new byte[16]; + random.nextBytes(bytesIV); + IvParameterSpec iv = new IvParameterSpec(bytesIV); SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES"); Cipher cipher = Cipher.getInstance(transformation); cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv); @@ -115,9 +116,12 @@ public class PropertiesManagement { return null; } - private static final String decrypt(String key, String initVector, String encrypted) { + private static final String decrypt(String key, String encrypted) { try { - IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8")); + + byte[] bytesIV = new byte[16]; + random.nextBytes(bytesIV); + IvParameterSpec iv = new IvParameterSpec(bytesIV); SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES"); Cipher cipher = Cipher.getInstance(transformation); cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv); diff --git a/cmso-ticketmgt/src/main/resources/META-INF/resources/swagger/swagger.json b/cmso-ticketmgt/src/main/resources/META-INF/resources/swagger/swagger.json index 0b4ad51..3cac0bb 100644 --- a/cmso-ticketmgt/src/main/resources/META-INF/resources/swagger/swagger.json +++ b/cmso-ticketmgt/src/main/resources/META-INF/resources/swagger/swagger.json @@ -1,7 +1,7 @@ { "swagger" : "2.0", "info" : { - "version" : "2.3.0-SNAPSHOT", + "version" : "2.3.1-SNAPSHOT", "title" : "cmso-ticketmgt" }, "basePath" : "/ticketmgt", diff --git a/cmso-topology/pom.xml b/cmso-topology/pom.xml index 9e8853f..ec63f46 100644 --- a/cmso-topology/pom.xml +++ b/cmso-topology/pom.xml @@ -19,7 +19,7 @@ <parent> <groupId>org.onap.optf.cmso</groupId> <artifactId>cmso</artifactId> - <version>2.3.1-SNAPSHOT</version> + <version>2.3.2-SNAPSHOT</version> </parent> <groupId>org.onap.optf.cmso.topology</groupId> diff --git a/cmso-topology/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java b/cmso-topology/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java index fadad45..8af1aea 100644 --- a/cmso-topology/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java +++ b/cmso-topology/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java @@ -35,6 +35,7 @@ import javax.crypto.spec.SecretKeySpec; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.core.env.Environment; import org.springframework.stereotype.Component; +import java.security.SecureRandom; @Component public class PropertiesManagement { @@ -43,11 +44,10 @@ public class PropertiesManagement { private static EELFLogger errors = EELFManager.getInstance().getErrorLogger(); private static final String algorithm = "AES"; - private static final String cipherMode = "CBC"; - private static final String paddingScheme = "PKCS5Padding"; + private static final String cipherMode = "GCM"; + private static final String paddingScheme = "NoPadding"; private static final String transformation = algorithm + "/" + cipherMode + "/" + paddingScheme; - - private static final String initVector = "ONAPCMSOVECTORIV"; // 16 bytes IV + private static final SecureRandom random = new SecureRandom(); @Autowired Environment env; @@ -74,7 +74,7 @@ public class PropertiesManagement { public static String getDecryptedValue(String value) { if (value.startsWith("enc:")) { String secret = getSecret(); - value = decrypt(secret, initVector, value.substring(4)); + value = decrypt(secret, value.substring(4)); } return value; } @@ -87,13 +87,15 @@ public class PropertiesManagement { */ public static String getEncryptedValue(String value) { String secret = getSecret(); - value = encrypt(secret, initVector, value); + value = encrypt(secret, value); return value; } - private static final String encrypt(String key, String initVector, String value) { + private static final String encrypt(String key, String value) { try { - IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8")); + byte[] bytesIV = new byte[16]; + random.nextBytes(bytesIV); + IvParameterSpec iv = new IvParameterSpec(bytesIV); SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES"); Cipher cipher = Cipher.getInstance(transformation); cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv); @@ -107,9 +109,11 @@ public class PropertiesManagement { return null; } - private static final String decrypt(String key, String initVector, String encrypted) { + private static final String decrypt(String key, String encrypted) { try { - IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8")); + byte[] bytesIV = new byte[16]; + random.nextBytes(bytesIV); + IvParameterSpec iv = new IvParameterSpec(bytesIV); SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES"); Cipher cipher = Cipher.getInstance(transformation); cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv); diff --git a/cmso-topology/src/main/resources/META-INF/resources/swagger/swagger.json b/cmso-topology/src/main/resources/META-INF/resources/swagger/swagger.json index 1168133..c6aeba7 100644 --- a/cmso-topology/src/main/resources/META-INF/resources/swagger/swagger.json +++ b/cmso-topology/src/main/resources/META-INF/resources/swagger/swagger.json @@ -1,7 +1,7 @@ { "swagger" : "2.0", "info" : { - "version" : "2.3.0-SNAPSHOT", + "version" : "2.3.1-SNAPSHOT", "title" : "cmso-topology" }, "basePath" : "/topology", @@ -43,7 +43,7 @@ <groupId>org.onap.optf.cmso</groupId> <artifactId>cmso</artifactId> - <version>2.3.1-SNAPSHOT</version> + <version>2.3.2-SNAPSHOT</version> <packaging>pom</packaging> <name>optf-cmso</name> diff --git a/version.properties b/version.properties index c1a568d..2af7a4f 100644 --- a/version.properties +++ b/version.properties @@ -27,7 +27,7 @@ major=2 minor=3 -patch=1 +patch=2 base_version=${major}.${minor}.${patch} |