diff options
author | Determe, Sebastien (sd378r) <sd378r@intl.att.com> | 2017-11-16 13:22:49 +0100 |
---|---|---|
committer | Determe, Sebastien (sd378r) <sd378r@intl.att.com> | 2017-11-16 13:42:47 +0100 |
commit | 34400eeebc299cbf8e4335a7bee937753554bed5 (patch) | |
tree | 3ed6036482f969d0ddc157cac4f324ad189a814e /src/main/java/org | |
parent | 677d218e4c337de6faca915723d47390ef4290d0 (diff) |
Rework CryptoUtils
CryptoUtils now takes the key from a file located in the resource not
in spring file
Change-Id: I002978d292550e6173efb4324cbb977f35d7e753
Issue-ID: CLAMP-74
Signed-off-by: Determe, Sebastien (sd378r) <sd378r@intl.att.com>
Diffstat (limited to 'src/main/java/org')
-rw-r--r-- | src/main/java/org/onap/clamp/clds/config/EncodedPasswordBasicDataSource.java | 11 | ||||
-rw-r--r-- | src/main/java/org/onap/clamp/clds/util/CryptoUtils.java | 102 |
2 files changed, 63 insertions, 50 deletions
diff --git a/src/main/java/org/onap/clamp/clds/config/EncodedPasswordBasicDataSource.java b/src/main/java/org/onap/clamp/clds/config/EncodedPasswordBasicDataSource.java index 3862a5ace..453689bea 100644 --- a/src/main/java/org/onap/clamp/clds/config/EncodedPasswordBasicDataSource.java +++ b/src/main/java/org/onap/clamp/clds/config/EncodedPasswordBasicDataSource.java @@ -28,25 +28,20 @@ import com.att.eelf.configuration.EELFManager; import java.security.GeneralSecurityException; +import org.apache.commons.codec.DecoderException; import org.apache.commons.dbcp.BasicDataSource; import org.onap.clamp.clds.util.CryptoUtils; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.DependsOn; -import org.springframework.stereotype.Component; /** * This class is an extension of the standard datasource, it will be used to * decode the encoded password defined in the application.properties. * */ -@Component("EncodedPasswordBasicDataSource") -@DependsOn(value = { "CryptoUtils" }) public class EncodedPasswordBasicDataSource extends BasicDataSource { protected static final EELFLogger logger = EELFManager.getInstance() .getLogger(EncodedPasswordBasicDataSource.class); protected static final EELFLogger metricsLogger = EELFManager.getInstance().getMetricsLogger(); - @Autowired - private CryptoUtils cryptoUtils; + private CryptoUtils cryptoUtils = new CryptoUtils(); /** * The default constructor calling the parent one. @@ -64,6 +59,8 @@ public class EncodedPasswordBasicDataSource extends BasicDataSource { this.password = cryptoUtils.decrypt(encodedPassword); } catch (GeneralSecurityException e) { logger.error("Unable to decrypt the DB password", e); + } catch (DecoderException e) { + logger.error("Exception caught when decoding the HEX String Key for encryption", e); } } }
\ No newline at end of file diff --git a/src/main/java/org/onap/clamp/clds/util/CryptoUtils.java b/src/main/java/org/onap/clamp/clds/util/CryptoUtils.java index 4b72c6fdd..8dbdc77d3 100644 --- a/src/main/java/org/onap/clamp/clds/util/CryptoUtils.java +++ b/src/main/java/org/onap/clamp/clds/util/CryptoUtils.java @@ -23,26 +23,54 @@ package org.onap.clamp.clds.util; +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; + +import java.io.IOException; +import java.io.UnsupportedEncodingException; import java.security.GeneralSecurityException; +import java.security.SecureRandom; +import java.util.Properties; import javax.crypto.Cipher; +import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; -import org.springframework.core.Ordered; -import org.springframework.core.annotation.Order; -import org.springframework.stereotype.Component; +import org.apache.commons.codec.DecoderException; +import org.apache.commons.codec.binary.Hex; +import org.apache.commons.lang3.ArrayUtils; /** * CryptoUtils for encrypting/decrypting string based on a Key defined in * application.properties (Spring config file). * */ -@Component("CryptoUtils") -@Order(Ordered.HIGHEST_PRECEDENCE) public final class CryptoUtils { - public static final String AES = "AES"; - public static final String KEY_PARAM = "org.onap.clamp.encryption.aes.key"; - private SecretKeySpec secretKeySpec = getSecretKeySpec("aa3871669d893c7fb8abbcda31b88b4f"); + protected static final EELFLogger logger = EELFManager.getInstance().getLogger(CryptoUtils.class); + // Openssl commands: + // Encrypt: echo -n "123456" | openssl aes-128-cbc -e -K <Private Hex key> + // -iv <16 Hex Bytes iv> | xxd -u -g100 + // Final result is to put in properties file is: IV + Outcome of openssl + // command + // ************************************************************ + // Decrypt: echo -n 'Encrypted string' | xxd -r -ps | openssl aes-128-cbc -d + // -K + // <Private Hex Key> -iv <16 Bytes IV extracted from Encrypted String> + private static final String ALGORITHM = "AES"; + private static final String ALGORYTHM_DETAILS = ALGORITHM + "/CBC/PKCS5PADDING"; + private static final int BLOCK_SIZE = 128; + private static final String KEY_PARAM = "org.onap.clamp.encryption.aes.key"; + private static SecretKeySpec secretKeySpec = null; + private IvParameterSpec ivspec; + static { + Properties props = new Properties(); + try { + props.load(ResourceFileUtil.getResourceAsStream("clds/key.properties")); + secretKeySpec = getSecretKeySpec(props.getProperty(KEY_PARAM)); + } catch (IOException | DecoderException e) { + logger.error("Exception occurred during the key reading", e); + } + } /** * Encrypt a value based on the Clamp Encryption Key. @@ -51,16 +79,21 @@ public final class CryptoUtils { * @return The encrypted string * @throws GeneralSecurityException * In case of issue with the encryption + * @throws UnsupportedEncodingException + * In case of issue with the charset conversion */ - public String encrypt(String value) throws GeneralSecurityException { - Cipher cipher = Cipher.getInstance(CryptoUtils.AES); - cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, cipher.getParameters()); - byte[] encrypted = cipher.doFinal(value.getBytes()); - return byteArrayToHexString(encrypted); + public String encrypt(String value) throws GeneralSecurityException, UnsupportedEncodingException { + Cipher cipher = Cipher.getInstance(CryptoUtils.ALGORYTHM_DETAILS, "SunJCE"); + SecureRandom r = SecureRandom.getInstance("SHA1PRNG"); + byte[] iv = new byte[BLOCK_SIZE / 8]; + r.nextBytes(iv); + ivspec = new IvParameterSpec(iv); + cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, ivspec); + return Hex.encodeHexString(ArrayUtils.addAll(iv, cipher.doFinal(value.getBytes("UTF-8")))); } /** - * Decrypt a value. + * Decrypt a value based on the Clamp Encryption Key * * @param message * The encrypted string that must be decrypted using the Clamp @@ -68,38 +101,21 @@ public final class CryptoUtils { * @return The String decrypted * @throws GeneralSecurityException * In case of issue with the encryption + * @throws DecoderException + * In case of issue to decode the HexString */ - public String decrypt(String message) throws GeneralSecurityException { - Cipher cipher = Cipher.getInstance(CryptoUtils.AES); - cipher.init(Cipher.DECRYPT_MODE, secretKeySpec); - byte[] decrypted = cipher.doFinal(hexStringToByteArray(message)); + public String decrypt(String message) throws GeneralSecurityException, DecoderException { + byte[] encryptedMessage = Hex.decodeHex(message.toCharArray()); + Cipher cipher = Cipher.getInstance(CryptoUtils.ALGORYTHM_DETAILS, "SunJCE"); + ivspec = new IvParameterSpec(ArrayUtils.subarray(encryptedMessage, 0, BLOCK_SIZE / 8)); + byte[] realData = ArrayUtils.subarray(encryptedMessage, BLOCK_SIZE / 8, encryptedMessage.length); + cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, ivspec); + byte[] decrypted = cipher.doFinal(realData); return new String(decrypted); } - private SecretKeySpec getSecretKeySpec(String keyString) { - byte[] key = hexStringToByteArray(keyString); - return new SecretKeySpec(key, CryptoUtils.AES); - } - - private String byteArrayToHexString(byte[] b) { - StringBuilder sb = new StringBuilder(b.length * 2); - for (int i = 0; i < b.length; i++) { - int v = b[i] & 0xff; - if (v < 16) { - sb.append('0'); - } - sb.append(Integer.toHexString(v)); - } - return sb.toString().toUpperCase(); - } - - private byte[] hexStringToByteArray(String s) { - byte[] b = new byte[s.length() / 2]; - for (int i = 0; i < b.length; i++) { - int index = i * 2; - int v = Integer.parseInt(s.substring(index, index + 2), 16); - b[i] = (byte) v; - } - return b; + private static SecretKeySpec getSecretKeySpec(String keyString) throws DecoderException { + byte[] key = Hex.decodeHex(keyString.toCharArray()); + return new SecretKeySpec(key, CryptoUtils.ALGORITHM); } } |