diff options
author | Jim Hahn <jrh3@att.com> | 2020-10-28 16:22:01 -0400 |
---|---|---|
committer | Jim Hahn <jrh3@att.com> | 2020-10-29 08:17:47 -0400 |
commit | f9c66e100522272543a550736cbe660cad4bfec5 (patch) | |
tree | 3368cf75fad013636e67b9d424bec54e8c02e0b9 /utils/src/test/java/org/onap/policy/common/utils/security/CryptoUtilsTest.java | |
parent | 923f85537b509bb0befc296c2c8d40807a326296 (diff) |
Fix sonar security issue in CryptoUtils
Sonar reports that CryptoUtils is using AES with CBC, which is known
to be insecure. Switched to "AES/GCM/NoPadding".
Note: values in any property files using encryption or the "enc:"
prefix will have to be re-encrypted.
Issue-ID: POLICY-2801
Change-Id: I41f00d4f3ee67a00b92135150120d1faa621655a
Signed-off-by: Jim Hahn <jrh3@att.com>
Diffstat (limited to 'utils/src/test/java/org/onap/policy/common/utils/security/CryptoUtilsTest.java')
-rw-r--r-- | utils/src/test/java/org/onap/policy/common/utils/security/CryptoUtilsTest.java | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/utils/src/test/java/org/onap/policy/common/utils/security/CryptoUtilsTest.java b/utils/src/test/java/org/onap/policy/common/utils/security/CryptoUtilsTest.java index ce9435d8..625fd1f5 100644 --- a/utils/src/test/java/org/onap/policy/common/utils/security/CryptoUtilsTest.java +++ b/utils/src/test/java/org/onap/policy/common/utils/security/CryptoUtilsTest.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * ONAP * ================================================================================ - * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -37,7 +37,7 @@ public class CryptoUtilsTest { private static Logger logger = LoggerFactory.getLogger(CryptoUtilsTest.class); private static final String PASS = "HelloWorld"; private static final String SECRET_KEY = "MTIzNDU2Nzg5MDEyMzQ1Ng=="; - private static final String ENCRYPTED_PASS = "enc:hcI2XVX+cxPz/6rlbebkWpCFF6WPbBtT7iJRr2VHUkA="; + private static final String ENCRYPTED_PASS = "enc:Z6QzirpPyDpwmIcNbE3U2iq6g/ubJBEdzssoigxGGChlQtdWOLD8y00O"; private static final String DECRYPTED_MSG = "encrypted value: {} decrypted value : {}"; private static final String ENCRYPTED_MSG = "original value : {} encrypted value: {}"; @@ -120,4 +120,4 @@ public class CryptoUtilsTest { String decryptedAgain = CryptoUtils.decrypt(decryptedValue, SECRET_KEY); assertEquals(decryptedValue, decryptedAgain); } -}
\ No newline at end of file +} |