summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorguangxingwang <gw1218@att.com>2018-01-30 20:18:31 -0600
committerPamela Dragosh <pdragosh@research.att.com>2018-02-05 17:39:47 +0000
commit549cafbb3b5b5c9298e8c7371835f5c58633349f (patch)
tree29d74de12292aeea1db140b105e0e708b63566c2
parentbdb9bf58d7a80f43c3ce558e6fe59c3bc0f6f8bd (diff)
Implement Encryption on Passwords
Fix Fortify scan issue - hardcoded password Issue-ID: POLICY-542 Change-Id: I722b9143fbddc48b67592bb35a44f36ed8b38aad Signed-off-by: guangxingwang <gw1218@att.com>
-rw-r--r--PolicyEngineUtils/src/main/java/org/onap/policy/utils/CryptoUtils.java256
-rw-r--r--PolicyEngineUtils/src/test/java/org/onap/policy/utils/test/CryptoUtilsTest.java128
2 files changed, 384 insertions, 0 deletions
diff --git a/PolicyEngineUtils/src/main/java/org/onap/policy/utils/CryptoUtils.java b/PolicyEngineUtils/src/main/java/org/onap/policy/utils/CryptoUtils.java
new file mode 100644
index 000000000..5496f0d87
--- /dev/null
+++ b/PolicyEngineUtils/src/main/java/org/onap/policy/utils/CryptoUtils.java
@@ -0,0 +1,256 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * PolicyEngineUtils
+ * ================================================================================
+ * Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.policy.utils;
+
+import java.nio.charset.StandardCharsets;
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.Key;
+import java.util.Base64;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.spec.SecretKeySpec;
+import javax.xml.bind.DatatypeConverter;
+
+import org.onap.policy.common.logging.flexlogger.FlexLogger;
+import org.onap.policy.common.logging.flexlogger.Logger;
+
+public class CryptoUtils {
+ private static final Logger LOGGER = FlexLogger.getLogger(CryptoUtils.class);
+ private static final String CIPHER_TYPE = "AES/CBC/PKCS5Padding";
+ private static Key mKey = null;
+ private static AlgorithmParameters mAlgParm = null;
+
+ static {
+ //the hadcoded key is to be removed in a future iteration
+ try {
+ String kval = "bmpybWJrbGN4dG9wbGF3Zg==";
+ String algp = "BBBpbml0VmVjVGhpc0lzVGhl";
+
+ byte[] kvalb = DatatypeConverter.parseBase64Binary(kval);
+ byte[] algb = DatatypeConverter.parseBase64Binary(algp);
+
+ mKey = new SecretKeySpec(kvalb, "AES");
+
+ mAlgParm = AlgorithmParameters.getInstance("AES");
+ mAlgParm.init(algb, "ASN.1");
+
+ } catch (Exception ex) {
+ throw new ExceptionInInitializerError(ex);
+ }
+ }
+
+ private CryptoUtils() {
+ // Private Constructor
+ }
+
+ /**
+ * Decrypt txt.
+ *
+ * @param encryptedTxt
+ * text to be decrypted, Base 64 UrlEncoded
+ * @return the byte[]
+ * @throws NoSuchAlgorithmException
+ * the no such algorithm exception
+ * @throws NoSuchPaddingException
+ * the no such padding exception
+ * @throws InvalidAlgorithmParameterException
+ * the invalid algorithm parameter exception
+ * @throws InvalidKeyException
+ * the invalid key exception
+ * @throws IllegalBlockSizeException
+ * the illegal block size exception
+ * @throws BadPaddingException
+ * the bad padding exception
+ */
+ public static byte[] decryptTxt(String encryptedTxt)
+ throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException,
+ InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
+ Cipher cipher = Cipher.getInstance(CIPHER_TYPE);
+ cipher.init(Cipher.DECRYPT_MODE, mKey, mAlgParm);
+
+ return cipher.doFinal(Base64.getUrlDecoder().decode(encryptedTxt.getBytes(StandardCharsets.UTF_8)));
+ }
+
+ /**
+ * Decrypt txt.
+ *
+ * @param encryptedTxt
+ * text to be decrypted, Base 64 UrlEncoded
+ * @param mKey
+ * the key as Base 64
+ * @return the byte[]
+ * @throws NoSuchAlgorithmException
+ * the no such algorithm exception
+ * @throws NoSuchPaddingException
+ * the no such padding exception
+ * @throws InvalidAlgorithmParameterException
+ * the invalid algorithm parameter exception
+ * @throws InvalidKeyException
+ * the invalid key exception
+ * @throws IllegalBlockSizeException
+ * the illegal block size exception
+ * @throws BadPaddingException
+ * the bad padding exception
+ */
+ public static byte[] decryptTxt(String encryptedTxt, String base64BinaryKey)
+ throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException,
+ InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
+
+ byte[] keyValueByte = DatatypeConverter.parseBase64Binary(base64BinaryKey);
+ Key paramKey = new SecretKeySpec(keyValueByte, "AES");
+ Cipher cipher = Cipher.getInstance(CIPHER_TYPE);
+ cipher.init(Cipher.DECRYPT_MODE, paramKey, mAlgParm);
+
+ return cipher.doFinal(Base64.getUrlDecoder().decode(encryptedTxt.getBytes(StandardCharsets.UTF_8)));
+ }
+
+ /**
+ * Decrypt txt, no exceptions thrown.
+ *
+ * @param encryptedTxt
+ * text to be decrypted, Base 64 UrlEncoded
+ * @return the decrypted text, or the original text if it could not be
+ * decrypted
+ */
+ public static byte[] decryptTxtNoEx(String encryptedTxt) {
+
+ try {
+ if (encryptedTxt == null || encryptedTxt.isEmpty()) {
+ LOGGER.error("decryptTxtNoEx: Input param encryptedTxt is not valid");
+ return new byte[0];
+ }
+ return decryptTxt(encryptedTxt);
+ } catch (Exception e) {
+ try {
+ LOGGER.error("decryptTxtNoEx: Exception while decryption : " + e);
+ return (encryptedTxt != null) ? encryptedTxt.getBytes(StandardCharsets.UTF_8) : new byte[0];
+ } catch (Exception e1) {
+ LOGGER.error("decryptTxtNoEx: Exception on sending default : " + e1);
+ return new byte[0];
+ }
+ }
+ }
+
+ /**
+ * Decrypt txt, no exceptions thrown.
+ *
+ * @param encryptedTxt
+ * text to be decrypted, Base 64 UrlEncoded
+ * @return the decrypted text, or the original text if it could not be
+ * decrypted
+ */
+ public static String decryptTxtNoExStr(String encryptedTxt) {
+ return new String(decryptTxtNoEx(encryptedTxt), StandardCharsets.UTF_8);
+ }
+
+ /**
+ * Encrypt txt.
+ *
+ * @param plainTxt
+ * the plain txt
+ * @return the encrypted string
+ * @throws NoSuchPaddingException
+ * the no such padding exception
+ * @throws InvalidAlgorithmParameterException
+ * the invalid algorithm parameter exception
+ * @throws NoSuchAlgorithmException
+ * the no such algorithm exception
+ * @throws InvalidKeyException
+ * the invalid key exception
+ * @throws IllegalBlockSizeException
+ * the illegal block size exception
+ * @throws BadPaddingException
+ * the bad padding exception
+ */
+ public static String encryptTxt(byte[] plainTxt)
+ throws NoSuchPaddingException, InvalidAlgorithmParameterException,
+ NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
+
+ Cipher cipher = Cipher.getInstance(CIPHER_TYPE);
+ cipher.init(Cipher.ENCRYPT_MODE, mKey, mAlgParm);
+
+ byte[] encryption = cipher.doFinal(plainTxt);
+ return new String(Base64.getUrlEncoder().encode(encryption), StandardCharsets.UTF_8);
+ }
+
+ /**
+ * Encrypt txt.
+ *
+ * @param plainTxt
+ * the plain txt to be encrypted
+ * @param base64BinaryKey
+ * the key as lexical representation of Base64 Binary
+ * @return the encrypted string
+ * @throws NoSuchPaddingException
+ * the no such padding exception
+ * @throws InvalidAlgorithmParameterException
+ * the invalid algorithm parameter exception
+ * @throws NoSuchAlgorithmException
+ * the no such algorithm exception
+ * @throws InvalidKeyException
+ * the invalid key exception
+ * @throws IllegalBlockSizeException
+ * the illegal block size exception
+ * @throws BadPaddingException
+ * the bad padding exception
+ */
+ public static String encryptTxt(byte[] plainTxt, String base64BinaryKey)
+ throws NoSuchPaddingException, InvalidAlgorithmParameterException,
+ NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
+
+ byte[] keyValueByte = DatatypeConverter.parseBase64Binary(base64BinaryKey);
+ Key paramKey = new SecretKeySpec(keyValueByte, "AES");
+ Cipher cipher = Cipher.getInstance(CIPHER_TYPE);
+ cipher.init(Cipher.ENCRYPT_MODE, paramKey, mAlgParm);
+
+ byte[] encryption = cipher.doFinal(plainTxt);
+ return new String(Base64.getMimeEncoder().encode(encryption), StandardCharsets.UTF_8);
+ }
+
+ /**
+ * Encrypt txt, no exceptions thrown
+ *
+ * @param plainTxt
+ * the plain txt to be encrypted
+ * @return the encrypted String , or the original text if it could not be
+ * encrypted
+ */
+ public static String encryptTxtNoEx(byte[] plainTxt) {
+
+ if (plainTxt == null || plainTxt.length == 0) {
+ LOGGER.error("encryptTxtNoEx: Input param plainTxt is not valid");
+ return "";
+ }
+
+ try {
+ return encryptTxt(plainTxt);
+ } catch (Exception e) {
+ LOGGER.error("encryptTxtNoEx: Exception while decryption : " + e);
+ return new String(plainTxt, StandardCharsets.UTF_8);
+ }
+ }
+
+} \ No newline at end of file
diff --git a/PolicyEngineUtils/src/test/java/org/onap/policy/utils/test/CryptoUtilsTest.java b/PolicyEngineUtils/src/test/java/org/onap/policy/utils/test/CryptoUtilsTest.java
new file mode 100644
index 000000000..e2ca78a06
--- /dev/null
+++ b/PolicyEngineUtils/src/test/java/org/onap/policy/utils/test/CryptoUtilsTest.java
@@ -0,0 +1,128 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * PolicyEngineUtils
+ * ================================================================================
+ * Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.policy.utils.test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertArrayEquals;
+
+import java.nio.charset.StandardCharsets;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+
+import org.junit.Test;
+import org.onap.policy.utils.CryptoUtils;
+
+public class CryptoUtilsTest {
+
+ @Test
+ public final void testDecryptTxt() throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
+ InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException
+ {
+ String decryptedTxt = new String(CryptoUtils.decryptTxt("g0uHKXCLyzJ6wSbpphNGsA=="), StandardCharsets.UTF_8);
+ assertEquals("mypass", decryptedTxt);
+ }
+
+ @Test
+ public final void testDecryptTxtWithKey() throws InvalidKeyException, NoSuchAlgorithmException,
+ NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException
+ {
+ String decryptedTxt = new String(CryptoUtils.decryptTxt("g0uHKXCLyzJ6wSbpphNGsA==", "bmpybWJrbGN4dG9wbGF3Zg=="),
+ StandardCharsets.UTF_8);
+ assertEquals("mypass", decryptedTxt);
+ }
+
+ @Test
+ public final void testDecryptTxtNoEx() {
+ String decryptedTxt = new String(CryptoUtils.decryptTxtNoEx("g0uHKXCLyzJ6wSbpphNGsA=="),
+ StandardCharsets.UTF_8);
+ assertEquals("mypass", decryptedTxt);
+
+ }
+
+ @Test
+ public final void testDecryptTxtNoExStr() {
+ assertEquals("mypass", CryptoUtils.decryptTxtNoExStr("g0uHKXCLyzJ6wSbpphNGsA=="));
+ }
+ @Test
+ public final void testDecryptTxtNoExInvalidInput() {
+ assertArrayEquals(new byte[0], CryptoUtils.decryptTxtNoEx(null));
+ assertArrayEquals(new byte[0], CryptoUtils.decryptTxtNoEx(""));
+ // ensure backward compatibility
+ assertEquals("bogus", new String(CryptoUtils.decryptTxtNoEx("bogus"), StandardCharsets.UTF_8));
+ assertEquals("admin123", CryptoUtils.decryptTxtNoExStr("admin123"));
+ assertEquals("password", CryptoUtils.decryptTxtNoExStr("password"));
+ }
+
+ @Test(expected = IllegalArgumentException.class)
+ public final void testDecryptTxtInvalidInput() throws InvalidKeyException, NoSuchAlgorithmException,
+ NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException
+ {
+ CryptoUtils.decryptTxt("bogus");
+ }
+
+ @Test
+ public final void testEncryptTxt() throws InvalidKeyException, NoSuchPaddingException,
+ InvalidAlgorithmParameterException, NoSuchAlgorithmException, IllegalBlockSizeException,
+ BadPaddingException {
+ String txtStr = "mypass";
+ byte[] txt = txtStr.getBytes(StandardCharsets.UTF_8);
+ assertEquals("g0uHKXCLyzJ6wSbpphNGsA==", CryptoUtils.encryptTxt(txt));
+ }
+
+ @Test
+ public final void testEncryptTxtWithKey() throws InvalidKeyException,
+ NoSuchPaddingException, InvalidAlgorithmParameterException, NoSuchAlgorithmException,
+ IllegalBlockSizeException, BadPaddingException {
+ String txtStr = "mypass";
+ byte[] txt = txtStr.getBytes(StandardCharsets.UTF_8);
+ assertEquals("g0uHKXCLyzJ6wSbpphNGsA==", CryptoUtils.encryptTxt(txt, "bmpybWJrbGN4dG9wbGF3Zg=="));
+ }
+
+ @Test
+ public final void testEncryptTxtNoEx() {
+ String txtStr = "mypass";
+ byte[] txt = txtStr.getBytes(StandardCharsets.UTF_8);
+ assertEquals("g0uHKXCLyzJ6wSbpphNGsA==", CryptoUtils.encryptTxtNoEx(txt));
+ }
+
+ @Test
+ public final void testEncryptTxtNoExInvalidInput() {
+ String txtStr = "";
+ byte[] txt = txtStr.getBytes(StandardCharsets.UTF_8);
+ assertEquals("", CryptoUtils.encryptTxtNoEx(txt));
+ assertEquals("", CryptoUtils.encryptTxtNoEx(null));
+ }
+
+ @Test(expected = InvalidKeyException.class)
+ public final void testEncryptTxtWithKeyInvalid() throws InvalidKeyException,
+ NoSuchPaddingException, InvalidAlgorithmParameterException, NoSuchAlgorithmException,
+ IllegalBlockSizeException, BadPaddingException {
+ String txtStr = "mypass";
+ byte[] txt = txtStr.getBytes(StandardCharsets.UTF_8);
+ CryptoUtils.encryptTxt(txt, "mykey");
+ }
+
+
+} \ No newline at end of file