aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--utils/src/main/java/org/onap/policy/common/utils/security/CryptoUtils.java17
-rw-r--r--utils/src/test/java/org/onap/policy/common/utils/security/CryptoUtilsTest.java2
2 files changed, 14 insertions, 5 deletions
diff --git a/utils/src/main/java/org/onap/policy/common/utils/security/CryptoUtils.java b/utils/src/main/java/org/onap/policy/common/utils/security/CryptoUtils.java
index 579eed9f..94b367ec 100644
--- a/utils/src/main/java/org/onap/policy/common/utils/security/CryptoUtils.java
+++ b/utils/src/main/java/org/onap/policy/common/utils/security/CryptoUtils.java
@@ -22,7 +22,7 @@ package org.onap.policy.common.utils.security;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
-import java.security.SecureRandom;
+import java.util.Random;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
@@ -54,11 +54,18 @@ public class CryptoUtils {
*/
private static final int IV_BLOCK_SIZE_IN_BYTES = IV_BLOCK_SIZE_IN_BITS / 8;
- private static int validSize = (2 * IV_BLOCK_SIZE_IN_BYTES) + 4;
+ /**
+ * Minimum length of an encrypted value.
+ */
+ private static final int MIN_VALUE_SIZE = (2 * IV_BLOCK_SIZE_IN_BYTES) + 4;
private SecretKeySpec secretKeySpec;
- private static final String RANDOM_NUMBER_GENERATOR = "SHA1PRNG";
+ /**
+ * Used to generate a random "iv". Strong randomness is not needed, as this is only
+ * used as a "salt".
+ */
+ private static final Random RANDOM = new Random();
/**
* CryptoUtils - encryption tool constructor.
@@ -115,7 +122,7 @@ public class CryptoUtils {
try {
Cipher cipher = Cipher.getInstance(ALGORITHM_DETAILS);
byte[] iv = new byte[IV_BLOCK_SIZE_IN_BYTES];
- SecureRandom.getInstance(RANDOM_NUMBER_GENERATOR).nextBytes(iv);
+ RANDOM.nextBytes(iv);
IvParameterSpec ivspec = new IvParameterSpec(iv);
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivspec);
@@ -164,7 +171,7 @@ public class CryptoUtils {
if (value == null || value.isEmpty() || !isEncrypted(value)) {
return value;
}
- if (value.length() < validSize) {
+ if (value.length() < MIN_VALUE_SIZE) {
throw new IllegalArgumentException("Invalid size on input value");
}
try {
diff --git a/utils/src/test/java/org/onap/policy/common/utils/security/CryptoUtilsTest.java b/utils/src/test/java/org/onap/policy/common/utils/security/CryptoUtilsTest.java
index 9a88918d..a9924152 100644
--- a/utils/src/test/java/org/onap/policy/common/utils/security/CryptoUtilsTest.java
+++ b/utils/src/test/java/org/onap/policy/common/utils/security/CryptoUtilsTest.java
@@ -22,6 +22,7 @@ package org.onap.policy.common.utils.security;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
import java.security.GeneralSecurityException;
import org.junit.Test;
@@ -46,6 +47,7 @@ public class CryptoUtilsTest {
CryptoUtils cryptoUtils = new CryptoUtils(SECRET_KEY);
String encryptedValue = cryptoUtils.encrypt(PASS);
logger.info(ENCRYPTED_MSG, PASS, encryptedValue);
+ assertTrue(encryptedValue.startsWith("enc:"));
String decryptedValue = cryptoUtils.decrypt(encryptedValue);
logger.info(DECRYPTED_MSG, encryptedValue, decryptedValue);