Fix weak cryptography issues2.3.2

Issue-ID: OPTFRA-927 Signed-off-by: Malarvizhi Paramasivam <malarvizhi.44@wipro.com> Change-Id: I2ae9a114b9825c3d3e6faa31afb72a54cdf0c423
author: Malarvizhi <malarvizhi.44@wipro.com> 2021-03-09 23:27:01 -0800
committer: Malarvizhi <malarvizhi.44@wipro.com> 2021-03-09 23:27:01 -0800
commit: f11165e00b6633187f8ab0b002ed6f7e196260d5 (patch)
tree: 91ebc05684bca4331d06ad958cbdbc77c14a6bb8 /cmso-ticketmgt
parent: 6403adcbac7bd6350310fe0eb7562a378a253b4a (diff)
3 files changed, 17 insertions, 13 deletions
diff --git a/cmso-ticketmgt/pom.xml b/cmso-ticketmgt/pom.xml
index e98e910..922cdad 100644
--- a/cmso-ticketmgt/pom.xml
+++ b/cmso-ticketmgt/pom.xml
@@ -19,7 +19,7 @@
 	<parent>
 		<groupId>org.onap.optf.cmso</groupId>
 		<artifactId>cmso</artifactId>
-		<version>2.3.1-SNAPSHOT</version>
+		<version>2.3.2-SNAPSHOT</version>
 	</parent>
 
 	<groupId>org.onap.optf.cmso.ticketmgt</groupId>
diff --git a/cmso-ticketmgt/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java b/cmso-ticketmgt/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java
index 8d739ee..c36a587 100644
--- a/cmso-ticketmgt/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java
+++ b/cmso-ticketmgt/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java
@@ -40,7 +40,7 @@ import javax.crypto.spec.SecretKeySpec;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.env.Environment;
 import org.springframework.stereotype.Component;
-
+import java.security.SecureRandom;
 /**
  * The Class PropertiesManagement.
  */
@@ -51,11 +51,10 @@ public class PropertiesManagement {
     private static EELFLogger errors = EELFManager.getInstance().getErrorLogger();
 
     private static final  String algorithm = "AES";
-    private static final  String cipherMode = "CBC";
-    private static final  String paddingScheme = "PKCS5Padding";
+    private static final  String cipherMode = "GCM";
+    private static final  String paddingScheme = "NoPadding";
     private static final  String transformation = algorithm + "/" + cipherMode + "/" + paddingScheme;
-
-    private static final String initVector = "ONAPCMSOVECTORIV"; // 16 bytes IV
+    private static final  SecureRandom random = new SecureRandom();
 
     @Autowired
     Environment env;
@@ -82,7 +81,7 @@ public class PropertiesManagement {
     public static String getDecryptedValue(String value) {
         if (value.startsWith("enc:")) {
             String secret = getSecret();
-            value = decrypt(secret, initVector, value.substring(4));
+            value = decrypt(secret,value.substring(4));
         }
         return value;
     }
@@ -95,13 +94,15 @@ public class PropertiesManagement {
      */
     public static String getEncryptedValue(String value) {
         String secret = getSecret();
-        value = encrypt(secret, initVector, value);
+        value = encrypt(secret, value);
         return value;
     }
 
-    private static final String encrypt(String key, String initVector, String value) {
+    private static final String encrypt(String key, String value) {
         try {
-            IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
+	    byte[] bytesIV = new byte[16];
+	    random.nextBytes(bytesIV);
+    	    IvParameterSpec iv = new IvParameterSpec(bytesIV);
             SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
             Cipher cipher = Cipher.getInstance(transformation);
             cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);
@@ -115,9 +116,12 @@ public class PropertiesManagement {
         return null;
     }
 
-    private static final String decrypt(String key, String initVector, String encrypted) {
+    private static final String decrypt(String key, String encrypted) {
         try {
-            IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
+            
+            byte[] bytesIV = new byte[16];
+            random.nextBytes(bytesIV);
+            IvParameterSpec iv = new IvParameterSpec(bytesIV);
             SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
             Cipher cipher = Cipher.getInstance(transformation);
             cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);
diff --git a/cmso-ticketmgt/src/main/resources/META-INF/resources/swagger/swagger.json b/cmso-ticketmgt/src/main/resources/META-INF/resources/swagger/swagger.json
index 0b4ad51..3cac0bb 100644
--- a/cmso-ticketmgt/src/main/resources/META-INF/resources/swagger/swagger.json
+++ b/cmso-ticketmgt/src/main/resources/META-INF/resources/swagger/swagger.json
@@ -1,7 +1,7 @@
 {
   "swagger" : "2.0",
   "info" : {
-    "version" : "2.3.0-SNAPSHOT",
+    "version" : "2.3.1-SNAPSHOT",
     "title" : "cmso-ticketmgt"
   },
   "basePath" : "/ticketmgt",
author	Malarvizhi <malarvizhi.44@wipro.com>	2021-03-09 23:27:01 -0800
committer	Malarvizhi <malarvizhi.44@wipro.com>	2021-03-09 23:27:01 -0800
commit	f11165e00b6633187f8ab0b002ed6f7e196260d5 (patch)
tree	91ebc05684bca4331d06ad958cbdbc77c14a6bb8 /cmso-ticketmgt
parent	6403adcbac7bd6350310fe0eb7562a378a253b4a (diff)