From f11165e00b6633187f8ab0b002ed6f7e196260d5 Mon Sep 17 00:00:00 2001
From: Malarvizhi <malarvizhi.44@wipro.com>
Date: Tue, 9 Mar 2021 23:27:01 -0800
Subject: Fix weak cryptography issues

Issue-ID: OPTFRA-927
Signed-off-by: Malarvizhi Paramasivam <malarvizhi.44@wipro.com>
Change-Id: I2ae9a114b9825c3d3e6faa31afb72a54cdf0c423
---
 cmso-database/pom.xml                              |  2 +-
 cmso-logger/pom.xml                                |  2 +-
 cmso-optimizer/pom.xml                             |  2 +-
 .../optimizer/common/PropertiesManagement.java     | 28 ++++++++++++--------
 .../META-INF/resources/swagger/swagger.json        |  2 +-
 cmso-robot/pom.xml                                 |  2 +-
 cmso-service/pom.xml                               |  2 +-
 .../optf/cmso/common/PropertiesManagement.java     | 24 +++++++++--------
 .../META-INF/resources/swagger/swagger.json        | 30 +++++++++++++++-------
 cmso-sonar/pom.xml                                 |  2 +-
 cmso-ticketmgt/pom.xml                             |  2 +-
 .../optf/cmso/common/PropertiesManagement.java     | 26 +++++++++++--------
 .../META-INF/resources/swagger/swagger.json        |  2 +-
 cmso-topology/pom.xml                              |  2 +-
 .../optf/cmso/common/PropertiesManagement.java     | 24 +++++++++--------
 .../META-INF/resources/swagger/swagger.json        |  2 +-
 pom.xml                                            |  2 +-
 version.properties                                 |  2 +-
 18 files changed, 94 insertions(+), 64 deletions(-)

diff --git a/cmso-database/pom.xml b/cmso-database/pom.xml
index c576d1f..190845e 100644
--- a/cmso-database/pom.xml
+++ b/cmso-database/pom.xml
@@ -36,7 +36,7 @@
     <parent>
         <groupId>org.onap.optf.cmso</groupId>
         <artifactId>cmso</artifactId>
-        <version>2.3.1-SNAPSHOT</version>
+        <version>2.3.2-SNAPSHOT</version>
     </parent>
 
 	<groupId>org.onap.optf.cmso</groupId>
diff --git a/cmso-logger/pom.xml b/cmso-logger/pom.xml
index 0079f6f..d857eb2 100644
--- a/cmso-logger/pom.xml
+++ b/cmso-logger/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <artifactId>cmso</artifactId>
         <groupId>org.onap.optf.cmso</groupId>
-        <version>2.3.1-SNAPSHOT</version>
+        <version>2.3.2-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
diff --git a/cmso-optimizer/pom.xml b/cmso-optimizer/pom.xml
index 32a5546..1cca4ad 100644
--- a/cmso-optimizer/pom.xml
+++ b/cmso-optimizer/pom.xml
@@ -19,7 +19,7 @@
 	<parent>
 		<groupId>org.onap.optf.cmso</groupId>
 		<artifactId>cmso</artifactId>
-		<version>2.3.1-SNAPSHOT</version>
+		<version>2.3.2-SNAPSHOT</version>
 	</parent>
 
 	<groupId>org.onap.optf.cmso.optimizer</groupId>
diff --git a/cmso-optimizer/src/main/java/org/onap/optf/cmso/optimizer/common/PropertiesManagement.java b/cmso-optimizer/src/main/java/org/onap/optf/cmso/optimizer/common/PropertiesManagement.java
index 12da757..6bf0ee8 100644
--- a/cmso-optimizer/src/main/java/org/onap/optf/cmso/optimizer/common/PropertiesManagement.java
+++ b/cmso-optimizer/src/main/java/org/onap/optf/cmso/optimizer/common/PropertiesManagement.java
@@ -35,7 +35,7 @@ import javax.crypto.spec.SecretKeySpec;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.env.Environment;
 import org.springframework.stereotype.Component;
-
+import java.security.SecureRandom;
 /**
  * The Class PropertiesManagement.
  */
@@ -47,14 +47,15 @@ public class PropertiesManagement {
 
     private static final String algorithm = "AES";
 
-    private static final String cipherMode = "CBC";
+    private static final String cipherMode = "GCM";
 
-    private static final String paddingScheme = "PKCS5Padding";
+    private static final String paddingScheme = "NoPadding";
 
     private static final String transformation = algorithm + "/" + cipherMode + "/" + paddingScheme;
 
-    private static final String initVector = "ONAPCMSOVECTORIV"; // 16 bytes IV
-
+    private static final SecureRandom random = new SecureRandom();
+   
+    
     @Autowired
     Environment env;
 
@@ -80,7 +81,7 @@ public class PropertiesManagement {
     public static String getDecryptedValue(String value) {
         if (value.startsWith("enc:")) {
             String secret = getSecret();
-            value = decrypt(secret, initVector, value.substring(4));
+            value = decrypt(secret, value.substring(4));
         }
         return value;
     }
@@ -93,13 +94,16 @@ public class PropertiesManagement {
      */
     public static String getEncryptedValue(String value) {
         String secret = getSecret();
-        value = encrypt(secret, initVector, value);
+        value = encrypt(secret, value);
         return value;
     }
 
-    private static final String encrypt(String key, String initVector, String value) {
+    private static final String encrypt(String key, String value) {
         try {
-            IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
+
+	    byte[] bytesIV = new byte[16];
+    	    random.nextBytes(bytesIV);
+            IvParameterSpec iv = new IvParameterSpec(bytesIV);
             SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
             Cipher cipher = Cipher.getInstance(transformation);
             cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);
@@ -113,9 +117,11 @@ public class PropertiesManagement {
         return null;
     }
 
-    private static final String decrypt(String key, String initVector, String encrypted) {
+    private static final String decrypt(String key, String encrypted) {
         try {
-            IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
+	    byte[] bytesIV = new byte[16];
+            random.nextBytes(bytesIV);
+            IvParameterSpec iv = new IvParameterSpec(bytesIV);
             SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
             Cipher cipher = Cipher.getInstance(transformation);
             cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);
diff --git a/cmso-optimizer/src/main/resources/META-INF/resources/swagger/swagger.json b/cmso-optimizer/src/main/resources/META-INF/resources/swagger/swagger.json
index cdac14e..f260bb1 100644
--- a/cmso-optimizer/src/main/resources/META-INF/resources/swagger/swagger.json
+++ b/cmso-optimizer/src/main/resources/META-INF/resources/swagger/swagger.json
@@ -1,7 +1,7 @@
 {
   "swagger" : "2.0",
   "info" : {
-    "version" : "2.3.0-SNAPSHOT",
+    "version" : "2.3.1-SNAPSHOT",
     "title" : "cmso-optimizer"
   },
   "basePath" : "/optimizer",
diff --git a/cmso-robot/pom.xml b/cmso-robot/pom.xml
index b9a06bd..4fd1e6a 100644
--- a/cmso-robot/pom.xml
+++ b/cmso-robot/pom.xml
@@ -24,7 +24,7 @@
 	<parent>
 		<groupId>org.onap.optf.cmso</groupId>
 		<artifactId>cmso</artifactId>
-		<version>2.3.1-SNAPSHOT</version>
+		<version>2.3.2-SNAPSHOT</version>
 	</parent>
 
 	<groupId>org.onap.optf.cmso</groupId>
diff --git a/cmso-service/pom.xml b/cmso-service/pom.xml
index 37be396..c642a59 100644
--- a/cmso-service/pom.xml
+++ b/cmso-service/pom.xml
@@ -30,7 +30,7 @@
 	<parent>
 		<groupId>org.onap.optf.cmso</groupId>
 		<artifactId>cmso</artifactId>
-		<version>2.3.1-SNAPSHOT</version>
+		<version>2.3.2-SNAPSHOT</version>
 	</parent>
 
 	<groupId>org.onap.optf.cmso.service</groupId>
diff --git a/cmso-service/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java b/cmso-service/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java
index b16c52a..3f7a808 100644
--- a/cmso-service/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java
+++ b/cmso-service/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java
@@ -40,7 +40,7 @@ import javax.crypto.spec.SecretKeySpec;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.env.Environment;
 import org.springframework.stereotype.Component;
-
+import java.security.SecureRandom;
 /**
  * The Class PropertiesManagement.
  */
@@ -51,10 +51,10 @@ public class PropertiesManagement {
     private static EELFLogger errors = EELFManager.getInstance().getErrorLogger();
 
     private static final String algorithm = "AES";
-    private static final String cipherMode = "CBC";
-    private static final String paddingScheme = "PKCS5Padding";
+    private static final String cipherMode = "GCM";
+    private static final String paddingScheme = "NoPadding";
     private static final String transformation = algorithm + "/" + cipherMode + "/" + paddingScheme;
-    private static final String initVector = "ONAPCMSOVECTORIV"; // 16 bytes IV
+    private static final SecureRandom random = new SecureRandom();
 
     @Autowired
     Environment env;
@@ -81,7 +81,7 @@ public class PropertiesManagement {
     public static String getDecryptedValue(String value) {
         if (value.startsWith("enc:")) {
             String secret = getSecret();
-            value = decrypt(secret, initVector, value.substring(4));
+            value = decrypt(secret, value.substring(4));
         }
         return value;
     }
@@ -94,13 +94,15 @@ public class PropertiesManagement {
      */
     public static String getEncryptedValue(String value) {
         String secret = getSecret();
-        value = encrypt(secret, initVector, value);
+        value = encrypt(secret, value);
         return value;
     }
 
-    private static final String encrypt(String key, String initVector, String value) {
+    private static final String encrypt(String key, String value) {
         try {
-            IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
+	    byte[] bytesIV = new byte[16];
+            random.nextBytes(bytesIV);
+            IvParameterSpec iv = new IvParameterSpec(bytesIV);
             SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
             Cipher cipher = Cipher.getInstance(transformation);
             cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);
@@ -114,9 +116,11 @@ public class PropertiesManagement {
         return null;
     }
 
-    private static final String decrypt(String key, String initVector, String encrypted) {
+    private static final String decrypt(String key, String encrypted) {
         try {
-            IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
+            byte[] bytesIV = new byte[16];
+            random.nextBytes(bytesIV);
+            IvParameterSpec iv = new IvParameterSpec(bytesIV);
             SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
             Cipher cipher = Cipher.getInstance(transformation);
             cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);
diff --git a/cmso-service/src/main/resources/META-INF/resources/swagger/swagger.json b/cmso-service/src/main/resources/META-INF/resources/swagger/swagger.json
index 932e117..eb563ad 100644
--- a/cmso-service/src/main/resources/META-INF/resources/swagger/swagger.json
+++ b/cmso-service/src/main/resources/META-INF/resources/swagger/swagger.json
@@ -1,7 +1,7 @@
 {
   "swagger" : "2.0",
   "info" : {
-    "version" : "2.3.0-SNAPSHOT",
+    "version" : "2.3.1-SNAPSHOT",
     "title" : "cmso-service"
   },
   "basePath" : "/cmso",
@@ -774,15 +774,25 @@
           "format" : "int32",
           "description" : "Maximum number of VNF changes to schedule concurrently"
         },
-        "policyId" : {
-          "type" : "string",
-          "description" : "Name of schedule optimization policy used by the change management cmso optimizer to determine available time slot"
+        "changeWindows" : {
+          "type" : "array",
+          "description" : "Lists of desired change windows to schedule the elements.",
+          "items" : {
+            "$ref" : "#/definitions/Change Window"
+          }
+        },
+        "policies" : {
+          "type" : "array",
+          "description" : "List of the policies to control optimization.",
+          "items" : {
+            "$ref" : "#/definitions/Supported Policy Information"
+          }
         },
-        "vnfDetails" : {
+        "elements" : {
           "type" : "array",
           "description" : "Lists of the VNFs to be changed and the desired change windows",
           "items" : {
-            "$ref" : "#/definitions/VNF Details"
+            "$ref" : "#/definitions/Optimizer Element"
           }
         }
       },
@@ -793,14 +803,16 @@
       "properties" : {
         "startTime" : {
           "type" : "string",
-          "description" : "Earliest time that a set of changes may begin."
+          "format" : "date-time",
+          "description" : "Earliest time for which changes may begin."
         },
         "endTime" : {
           "type" : "string",
-          "description" : "Latest time by which all changes must be completed"
+          "format" : "date-time",
+          "description" : "Latest time by which all changes must be completed."
         }
       },
-      "description" : "Time window within which the scheduler optimizer can schedule the changes for the  group of NVFs"
+      "description" : "Time window for which tickets are to returned"
     },
     "CmDetailsMessage" : {
       "type" : "object",
diff --git a/cmso-sonar/pom.xml b/cmso-sonar/pom.xml
index 6a925de..4b5052b 100644
--- a/cmso-sonar/pom.xml
+++ b/cmso-sonar/pom.xml
@@ -24,7 +24,7 @@
 	<parent>
 		<groupId>org.onap.optf.cmso</groupId>
 		<artifactId>cmso</artifactId>
-		<version>2.3.1-SNAPSHOT</version>
+		<version>2.3.2-SNAPSHOT</version>
 	</parent>
 
 	<groupId>org.onap.optf.cmso.sonar</groupId>
diff --git a/cmso-ticketmgt/pom.xml b/cmso-ticketmgt/pom.xml
index e98e910..922cdad 100644
--- a/cmso-ticketmgt/pom.xml
+++ b/cmso-ticketmgt/pom.xml
@@ -19,7 +19,7 @@
 	<parent>
 		<groupId>org.onap.optf.cmso</groupId>
 		<artifactId>cmso</artifactId>
-		<version>2.3.1-SNAPSHOT</version>
+		<version>2.3.2-SNAPSHOT</version>
 	</parent>
 
 	<groupId>org.onap.optf.cmso.ticketmgt</groupId>
diff --git a/cmso-ticketmgt/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java b/cmso-ticketmgt/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java
index 8d739ee..c36a587 100644
--- a/cmso-ticketmgt/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java
+++ b/cmso-ticketmgt/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java
@@ -40,7 +40,7 @@ import javax.crypto.spec.SecretKeySpec;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.env.Environment;
 import org.springframework.stereotype.Component;
-
+import java.security.SecureRandom;
 /**
  * The Class PropertiesManagement.
  */
@@ -51,11 +51,10 @@ public class PropertiesManagement {
     private static EELFLogger errors = EELFManager.getInstance().getErrorLogger();
 
     private static final  String algorithm = "AES";
-    private static final  String cipherMode = "CBC";
-    private static final  String paddingScheme = "PKCS5Padding";
+    private static final  String cipherMode = "GCM";
+    private static final  String paddingScheme = "NoPadding";
     private static final  String transformation = algorithm + "/" + cipherMode + "/" + paddingScheme;
-
-    private static final String initVector = "ONAPCMSOVECTORIV"; // 16 bytes IV
+    private static final  SecureRandom random = new SecureRandom();
 
     @Autowired
     Environment env;
@@ -82,7 +81,7 @@ public class PropertiesManagement {
     public static String getDecryptedValue(String value) {
         if (value.startsWith("enc:")) {
             String secret = getSecret();
-            value = decrypt(secret, initVector, value.substring(4));
+            value = decrypt(secret,value.substring(4));
         }
         return value;
     }
@@ -95,13 +94,15 @@ public class PropertiesManagement {
      */
     public static String getEncryptedValue(String value) {
         String secret = getSecret();
-        value = encrypt(secret, initVector, value);
+        value = encrypt(secret, value);
         return value;
     }
 
-    private static final String encrypt(String key, String initVector, String value) {
+    private static final String encrypt(String key, String value) {
         try {
-            IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
+	    byte[] bytesIV = new byte[16];
+	    random.nextBytes(bytesIV);
+    	    IvParameterSpec iv = new IvParameterSpec(bytesIV);
             SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
             Cipher cipher = Cipher.getInstance(transformation);
             cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);
@@ -115,9 +116,12 @@ public class PropertiesManagement {
         return null;
     }
 
-    private static final String decrypt(String key, String initVector, String encrypted) {
+    private static final String decrypt(String key, String encrypted) {
         try {
-            IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
+            
+            byte[] bytesIV = new byte[16];
+            random.nextBytes(bytesIV);
+            IvParameterSpec iv = new IvParameterSpec(bytesIV);
             SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
             Cipher cipher = Cipher.getInstance(transformation);
             cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);
diff --git a/cmso-ticketmgt/src/main/resources/META-INF/resources/swagger/swagger.json b/cmso-ticketmgt/src/main/resources/META-INF/resources/swagger/swagger.json
index 0b4ad51..3cac0bb 100644
--- a/cmso-ticketmgt/src/main/resources/META-INF/resources/swagger/swagger.json
+++ b/cmso-ticketmgt/src/main/resources/META-INF/resources/swagger/swagger.json
@@ -1,7 +1,7 @@
 {
   "swagger" : "2.0",
   "info" : {
-    "version" : "2.3.0-SNAPSHOT",
+    "version" : "2.3.1-SNAPSHOT",
     "title" : "cmso-ticketmgt"
   },
   "basePath" : "/ticketmgt",
diff --git a/cmso-topology/pom.xml b/cmso-topology/pom.xml
index 9e8853f..ec63f46 100644
--- a/cmso-topology/pom.xml
+++ b/cmso-topology/pom.xml
@@ -19,7 +19,7 @@
 	<parent>
 		<groupId>org.onap.optf.cmso</groupId>
 		<artifactId>cmso</artifactId>
-		<version>2.3.1-SNAPSHOT</version>
+		<version>2.3.2-SNAPSHOT</version>
 	</parent>
 
 	<groupId>org.onap.optf.cmso.topology</groupId>
diff --git a/cmso-topology/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java b/cmso-topology/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java
index fadad45..8af1aea 100644
--- a/cmso-topology/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java
+++ b/cmso-topology/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java
@@ -35,6 +35,7 @@ import javax.crypto.spec.SecretKeySpec;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.env.Environment;
 import org.springframework.stereotype.Component;
+import java.security.SecureRandom;
 
 @Component
 public class PropertiesManagement {
@@ -43,11 +44,10 @@ public class PropertiesManagement {
     private static EELFLogger errors = EELFManager.getInstance().getErrorLogger();
 
     private  static final String algorithm = "AES";
-    private  static final String cipherMode = "CBC";
-    private  static final String paddingScheme = "PKCS5Padding";
+    private  static final String cipherMode = "GCM";
+    private  static final String paddingScheme = "NoPadding";
     private  static final String transformation = algorithm + "/" + cipherMode + "/" + paddingScheme;
-
-    private static final String initVector = "ONAPCMSOVECTORIV"; // 16 bytes IV
+    private  static final SecureRandom random = new SecureRandom();
 
     @Autowired
     Environment env;
@@ -74,7 +74,7 @@ public class PropertiesManagement {
     public static String getDecryptedValue(String value) {
         if (value.startsWith("enc:")) {
             String secret = getSecret();
-            value = decrypt(secret, initVector, value.substring(4));
+            value = decrypt(secret, value.substring(4));
         }
         return value;
     }
@@ -87,13 +87,15 @@ public class PropertiesManagement {
      */
     public static String getEncryptedValue(String value) {
         String secret = getSecret();
-        value = encrypt(secret, initVector, value);
+        value = encrypt(secret, value);
         return value;
     }
 
-    private static final String encrypt(String key, String initVector, String value) {
+    private static final String encrypt(String key, String value) {
         try {
-            IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
+	    byte[] bytesIV = new byte[16];
+            random.nextBytes(bytesIV);
+            IvParameterSpec iv = new IvParameterSpec(bytesIV);
             SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
             Cipher cipher = Cipher.getInstance(transformation);
             cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);
@@ -107,9 +109,11 @@ public class PropertiesManagement {
         return null;
     }
 
-    private static final String decrypt(String key, String initVector, String encrypted) {
+    private static final String decrypt(String key, String encrypted) {
         try {
-            IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
+	    byte[] bytesIV = new byte[16];
+            random.nextBytes(bytesIV);
+            IvParameterSpec iv = new IvParameterSpec(bytesIV);
             SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
             Cipher cipher = Cipher.getInstance(transformation);
             cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);
diff --git a/cmso-topology/src/main/resources/META-INF/resources/swagger/swagger.json b/cmso-topology/src/main/resources/META-INF/resources/swagger/swagger.json
index 1168133..c6aeba7 100644
--- a/cmso-topology/src/main/resources/META-INF/resources/swagger/swagger.json
+++ b/cmso-topology/src/main/resources/META-INF/resources/swagger/swagger.json
@@ -1,7 +1,7 @@
 {
   "swagger" : "2.0",
   "info" : {
-    "version" : "2.3.0-SNAPSHOT",
+    "version" : "2.3.1-SNAPSHOT",
     "title" : "cmso-topology"
   },
   "basePath" : "/topology",
diff --git a/pom.xml b/pom.xml
index d8dcb2f..2fc9f83 100644
--- a/pom.xml
+++ b/pom.xml
@@ -43,7 +43,7 @@
 
 	<groupId>org.onap.optf.cmso</groupId>
 	<artifactId>cmso</artifactId>
-	<version>2.3.1-SNAPSHOT</version>
+	<version>2.3.2-SNAPSHOT</version>
 	<packaging>pom</packaging>
 	
 	<name>optf-cmso</name>
diff --git a/version.properties b/version.properties
index c1a568d..2af7a4f 100644
--- a/version.properties
+++ b/version.properties
@@ -27,7 +27,7 @@
 
 major=2
 minor=3
-patch=1
+patch=2
 
 base_version=${major}.${minor}.${patch}
 
-- 
cgit 1.2.3-korg