diff options
Diffstat (limited to 'utils/src/main/java/org/onap/policy/common/utils/security/CryptoUtils.java')
-rw-r--r-- | utils/src/main/java/org/onap/policy/common/utils/security/CryptoUtils.java | 49 |
1 files changed, 26 insertions, 23 deletions
diff --git a/utils/src/main/java/org/onap/policy/common/utils/security/CryptoUtils.java b/utils/src/main/java/org/onap/policy/common/utils/security/CryptoUtils.java index 416c73a6..a974f1e5 100644 --- a/utils/src/main/java/org/onap/policy/common/utils/security/CryptoUtils.java +++ b/utils/src/main/java/org/onap/policy/common/utils/security/CryptoUtils.java @@ -2,7 +2,8 @@ * ============LICENSE_START======================================================= * ONAP * ================================================================================ - * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved. + * Modifications Copyright (C) 2023 Nordix Foundation. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,12 +21,12 @@ package org.onap.policy.common.utils.security; +import jakarta.xml.bind.DatatypeConverter; import java.nio.charset.StandardCharsets; import java.util.Random; import javax.crypto.Cipher; -import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.GCMParameterSpec; import javax.crypto.spec.SecretKeySpec; -import javax.xml.bind.DatatypeConverter; import org.apache.commons.lang3.ArrayUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -44,7 +45,9 @@ public class CryptoUtils implements CryptoCoder { /** * Detailed definition of encryption algorithm. */ - private static final String ALGORITHM_DETAILS = ALGORITHM + "/CBC/PKCS5PADDING"; + private static final String ALGORITHM_DETAILS = ALGORITHM + "/GCM/NoPadding"; + + private static final int TAG_SIZE_IN_BITS = 128; private static final int IV_BLOCK_SIZE_IN_BITS = 128; @@ -62,14 +65,14 @@ public class CryptoUtils implements CryptoCoder { /** * Used to generate a random "iv". Strong randomness is not needed, as this is only - * used as a "salt". + * used as a "salt". (Thus sonar is disabled.) */ - private static final Random RANDOM = new Random(); + private static final Random RANDOM = new Random(); // NOSONAR /** * CryptoUtils - encryption tool constructor. * @param secretKeySpec - * AES supports 128, 192 or 256-bit long key size, it can be plain text or generated with key generator + * AES supports 128, 192 or 256-bit long key size, it can be plain text or generated with key generator */ public CryptoUtils(SecretKeySpec secretKeySpec) { this.secretKeySpec = secretKeySpec; @@ -87,7 +90,7 @@ public class CryptoUtils implements CryptoCoder { * <p>Final result is to put in properties file is: IV + Outcome of openssl command * * @param value - * The plain text string + * The plain text string * @return The encrypted String */ @Override @@ -98,13 +101,13 @@ public class CryptoUtils implements CryptoCoder { /** * Encrypt a value based on the Policy Encryption Key. * @param value - * The plain text string + * The plain text string * @param secretKey - * The secret key + * The secret key * @return The encrypted String */ public static String encrypt(String value, String secretKey) { - SecretKeySpec keySpec = readSecretKeySpec(secretKey); + var keySpec = readSecretKeySpec(secretKey); return encryptValue(value, keySpec); } @@ -117,10 +120,10 @@ public class CryptoUtils implements CryptoCoder { return value; } try { - Cipher cipher = Cipher.getInstance(ALGORITHM_DETAILS); - byte[] iv = new byte[IV_BLOCK_SIZE_IN_BYTES]; + var cipher = Cipher.getInstance(ALGORITHM_DETAILS); + var iv = new byte[IV_BLOCK_SIZE_IN_BYTES]; RANDOM.nextBytes(iv); - IvParameterSpec ivspec = new IvParameterSpec(iv); + var ivspec = new GCMParameterSpec(TAG_SIZE_IN_BITS, iv); cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivspec); return "enc:" + DatatypeConverter.printBase64Binary( @@ -137,7 +140,7 @@ public class CryptoUtils implements CryptoCoder { * -K PrivateHexKey -iv 16BytesIVFromEncryptedString * * @param value - * The encrypted string that must be decrypted using the Policy Encryption Key + * The encrypted string that must be decrypted using the Policy Encryption Key * @return The String decrypted if string begin with 'enc:' */ @Override @@ -149,13 +152,13 @@ public class CryptoUtils implements CryptoCoder { * Decrypt a value based on the Policy Encryption Key if string begin with 'enc:'. * * @param value - * The encrypted string that must be decrypted using the Policy Encryption Key + * The encrypted string that must be decrypted using the Policy Encryption Key * @param secretKey - * The secret key + * The secret key * @return The String decrypted if string begin with 'enc:' */ public static String decrypt(String value, String secretKey) { - SecretKeySpec keySpec = readSecretKeySpec(secretKey); + var keySpec = readSecretKeySpec(secretKey); if (keySpec != null) { return decryptValue(value, keySpec); } else { @@ -171,11 +174,11 @@ public class CryptoUtils implements CryptoCoder { throw new IllegalArgumentException("Invalid size on input value"); } try { - String pureValue = value.substring(4); + var pureValue = value.substring(4); byte[] encryptedValue = DatatypeConverter.parseBase64Binary(pureValue); - Cipher cipher = Cipher.getInstance(ALGORITHM_DETAILS); - IvParameterSpec ivspec = new IvParameterSpec( + var cipher = Cipher.getInstance(ALGORITHM_DETAILS); + var ivspec = new GCMParameterSpec(TAG_SIZE_IN_BITS, ArrayUtils.subarray(encryptedValue, 0, IV_BLOCK_SIZE_IN_BYTES)); byte[] realData = ArrayUtils.subarray(encryptedValue, IV_BLOCK_SIZE_IN_BYTES, encryptedValue.length); @@ -225,10 +228,10 @@ public class CryptoUtils implements CryptoCoder { * Check if string is encrypted by verify if string prefix with 'enc:'. * * @param value - * The encrypted string or plain text value + * The encrypted string or plain text value * @return boolean value indicate if string prefix with enc: or not */ - public static Boolean isEncrypted(String value) { + public static boolean isEncrypted(String value) { return (value != null && value.startsWith("enc:")); } |