From ee02cbcfb07c7322b93399c80e50acd2b975ccbd Mon Sep 17 00:00:00 2001
From: malarvizhi <malarvizhi.44@wipro.com>
Date: Thu, 18 Mar 2021 00:40:11 -0700
Subject: Fix weak cryptography issues

Issue-ID: OPTFRA-927
Signed-off-by: Malarvizhi Paramasivam <malarvizhi.44@wipro.com>
Change-Id: I9e48f7313a7f76bd431e17cebfc3c52bc7f91bda
---
 .../java/org/onap/optf/cmso/common/PropertiesManagement.java  | 11 +++++------
 .../main/resources/META-INF/resources/swagger/swagger.json    |  2 +-
 2 files changed, 6 insertions(+), 7 deletions(-)

(limited to 'cmso-ticketmgt/src')

diff --git a/cmso-ticketmgt/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java b/cmso-ticketmgt/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java
index c36a587..e34a73d 100644
--- a/cmso-ticketmgt/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java
+++ b/cmso-ticketmgt/src/main/java/org/onap/optf/cmso/common/PropertiesManagement.java
@@ -100,9 +100,9 @@ public class PropertiesManagement {
 
     private static final String encrypt(String key, String value) {
         try {
-	    byte[] bytesIV = new byte[16];
-	    random.nextBytes(bytesIV);
-    	    IvParameterSpec iv = new IvParameterSpec(bytesIV);
+	    byte[] bytesIV = new byte[12];
+            random.nextBytes(bytesIV);
+  	    IvParameterSpec iv = new IvParameterSpec(bytesIV);
             SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
             Cipher cipher = Cipher.getInstance(transformation);
             cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);
@@ -118,9 +118,8 @@ public class PropertiesManagement {
 
     private static final String decrypt(String key, String encrypted) {
         try {
-            
-            byte[] bytesIV = new byte[16];
-            random.nextBytes(bytesIV);
+            byte[] bytesIV = new byte[12];
+    	    random.nextBytes(bytesIV);  
             IvParameterSpec iv = new IvParameterSpec(bytesIV);
             SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
             Cipher cipher = Cipher.getInstance(transformation);
diff --git a/cmso-ticketmgt/src/main/resources/META-INF/resources/swagger/swagger.json b/cmso-ticketmgt/src/main/resources/META-INF/resources/swagger/swagger.json
index 3cac0bb..0f077e0 100644
--- a/cmso-ticketmgt/src/main/resources/META-INF/resources/swagger/swagger.json
+++ b/cmso-ticketmgt/src/main/resources/META-INF/resources/swagger/swagger.json
@@ -1,7 +1,7 @@
 {
   "swagger" : "2.0",
   "info" : {
-    "version" : "2.3.1-SNAPSHOT",
+    "version" : "2.3.2-SNAPSHOT",
     "title" : "cmso-ticketmgt"
   },
   "basePath" : "/ticketmgt",
-- 
cgit 1.2.3-korg