1 files changed, 26 insertions, 23 deletions

diff --git a/utils/src/main/java/org/onap/policy/common/utils/security/CryptoUtils.java b/utils/src/main/java/org/onap/policy/common/utils/security/CryptoUtils.java
index 416c73a6..a974f1e5 100644
--- a/utils/src/main/java/org/onap/policy/common/utils/security/CryptoUtils.java
+++ b/utils/src/main/java/org/onap/policy/common/utils/security/CryptoUtils.java
@@ -2,7 +2,8 @@
  * ============LICENSE_START=======================================================
  * ONAP
  * ================================================================================
- * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved.
+ * Modifications Copyright (C) 2023 Nordix Foundation.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,12 +21,12 @@
 
 package org.onap.policy.common.utils.security;
 
+import jakarta.xml.bind.DatatypeConverter;
 import java.nio.charset.StandardCharsets;
 import java.util.Random;
 import javax.crypto.Cipher;
-import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.GCMParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
-import javax.xml.bind.DatatypeConverter;
 import org.apache.commons.lang3.ArrayUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -44,7 +45,9 @@ public class CryptoUtils implements CryptoCoder {
     /**
      * Detailed definition of encryption algorithm.
      */
-    private static final String ALGORITHM_DETAILS = ALGORITHM + "/CBC/PKCS5PADDING";
+    private static final String ALGORITHM_DETAILS = ALGORITHM + "/GCM/NoPadding";
+
+    private static final int TAG_SIZE_IN_BITS = 128;
 
     private static final int IV_BLOCK_SIZE_IN_BITS = 128;
 
@@ -62,14 +65,14 @@ public class CryptoUtils implements CryptoCoder {
 
     /**
      * Used to generate a random "iv". Strong randomness is not needed, as this is only
-     * used as a "salt".
+     * used as a "salt".  (Thus sonar is disabled.)
      */
-    private static final Random RANDOM = new Random();
+    private static final Random RANDOM = new Random();  // NOSONAR
 
     /**
      * CryptoUtils - encryption tool constructor.
      * @param secretKeySpec
-     *  AES supports 128, 192 or 256-bit long key size, it can be plain text or generated with key generator
+     *     AES supports 128, 192 or 256-bit long key size, it can be plain text or generated with key generator
      */
     public CryptoUtils(SecretKeySpec secretKeySpec) {
         this.secretKeySpec = secretKeySpec;
@@ -87,7 +90,7 @@ public class CryptoUtils implements CryptoCoder {
      * <p>Final result is to put in properties file is: IV + Outcome of openssl command
      *
      * @param value
-     *  The plain text string
+     *     The plain text string
      * @return The encrypted String
      */
     @Override
@@ -98,13 +101,13 @@ public class CryptoUtils implements CryptoCoder {
     /**
      * Encrypt a value based on the Policy Encryption Key.
      * @param value
-     *  The plain text string
+     *     The plain text string
      * @param secretKey
-     *  The secret key
+     *     The secret key
      * @return The encrypted String
      */
     public static String encrypt(String value, String secretKey) {
-        SecretKeySpec keySpec = readSecretKeySpec(secretKey);
+        var keySpec = readSecretKeySpec(secretKey);
         return encryptValue(value, keySpec);
     }
 
@@ -117,10 +120,10 @@ public class CryptoUtils implements CryptoCoder {
             return value;
         }
         try {
-            Cipher cipher = Cipher.getInstance(ALGORITHM_DETAILS);
-            byte[] iv = new byte[IV_BLOCK_SIZE_IN_BYTES];
+            var cipher = Cipher.getInstance(ALGORITHM_DETAILS);
+            var iv = new byte[IV_BLOCK_SIZE_IN_BYTES];
             RANDOM.nextBytes(iv);
-            IvParameterSpec ivspec = new IvParameterSpec(iv);
+            var ivspec = new GCMParameterSpec(TAG_SIZE_IN_BITS, iv);
             cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivspec);
 
             return "enc:" + DatatypeConverter.printBase64Binary(
@@ -137,7 +140,7 @@ public class CryptoUtils implements CryptoCoder {
      * -K PrivateHexKey -iv 16BytesIVFromEncryptedString
      *
      * @param value
-     *  The encrypted string that must be decrypted using the Policy Encryption Key
+     *     The encrypted string that must be decrypted using the Policy Encryption Key
      * @return The String decrypted if string begin with 'enc:'
      */
     @Override
@@ -149,13 +152,13 @@ public class CryptoUtils implements CryptoCoder {
      * Decrypt a value based on the Policy Encryption Key if string begin with 'enc:'.
      *
      * @param value
-     *  The encrypted string that must be decrypted using the Policy Encryption Key
+     *     The encrypted string that must be decrypted using the Policy Encryption Key
      * @param secretKey
-     *  The secret key
+     *     The secret key
      * @return The String decrypted if string begin with 'enc:'
      */
     public static String decrypt(String value, String secretKey) {
-        SecretKeySpec keySpec = readSecretKeySpec(secretKey);
+        var keySpec = readSecretKeySpec(secretKey);
         if (keySpec != null) {
             return decryptValue(value, keySpec);
         } else {
@@ -171,11 +174,11 @@ public class CryptoUtils implements CryptoCoder {
             throw new IllegalArgumentException("Invalid size on input value");
         }
         try {
-            String pureValue = value.substring(4);
+            var pureValue = value.substring(4);
             byte[] encryptedValue = DatatypeConverter.parseBase64Binary(pureValue);
 
-            Cipher cipher = Cipher.getInstance(ALGORITHM_DETAILS);
-            IvParameterSpec ivspec = new IvParameterSpec(
+            var cipher = Cipher.getInstance(ALGORITHM_DETAILS);
+            var ivspec = new GCMParameterSpec(TAG_SIZE_IN_BITS,
                     ArrayUtils.subarray(encryptedValue, 0, IV_BLOCK_SIZE_IN_BYTES));
             byte[] realData = ArrayUtils.subarray(encryptedValue, IV_BLOCK_SIZE_IN_BYTES, encryptedValue.length);
 
@@ -225,10 +228,10 @@ public class CryptoUtils implements CryptoCoder {
      * Check if string is encrypted by verify if string prefix with 'enc:'.
      *
      * @param value
-     *  The encrypted string or plain text value
+     *     The encrypted string or plain text value
      * @return boolean value indicate if string prefix with enc: or not
      */
-    public static Boolean isEncrypted(String value) {
+    public static boolean isEncrypted(String value) {
         return (value != null && value.startsWith("enc:"));
     }