diff options
author | st782s <statta@research.att.com> | 2017-11-22 11:41:10 -0500 |
---|---|---|
committer | Sunder Tattavarada <statta@research.att.com> | 2017-11-28 20:24:36 +0000 |
commit | ed07ebfbce4031ef4dfbd2f42147f6a7b351aeb8 (patch) | |
tree | ee4a6e53f01f15057f32b86f271c9b6d02b25615 /ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/CipherUtil.java | |
parent | 418d7273d6d8f6fed2698df89c9910be8498a677 (diff) |
Harden code
Issue-ID: PORTAL-145,PORTAL-119
Harden code to address SQL injecton, XSS vulnerabilities; Separate
docker images for portal, sdk app and DMaaPBC ui
Change-Id: I85fad4d3fcee3243207b8f0dfe21beaa41602204
Signed-off-by: st782s <statta@research.att.com>
Diffstat (limited to 'ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/CipherUtil.java')
-rw-r--r-- | ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/CipherUtil.java | 143 |
1 files changed, 132 insertions, 11 deletions
diff --git a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/CipherUtil.java b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/CipherUtil.java index 92d9ffc3..ba95d870 100644 --- a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/CipherUtil.java +++ b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/CipherUtil.java @@ -40,14 +40,17 @@ package org.onap.portalsdk.core.onboarding.util; import java.io.UnsupportedEncodingException; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; +import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; import org.apache.commons.codec.binary.Base64; +import org.apache.commons.lang.ArrayUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.onap.portalsdk.core.onboarding.exception.CipherUtilException; @@ -59,10 +62,19 @@ public class CipherUtil { /** * Default key. */ - private final static String key = "AGLDdG4D04BKm2IxIWEr8o==!"; + private static final String keyString = KeyProperties.getProperty(KeyConstants.CIPHER_ENCRYPTION_KEY); + + private static final String ALGORITHM = "AES"; + private static final String ALGORYTHM_DETAILS = ALGORITHM + "/CBC/PKCS5PADDING"; + private static final int BLOCK_SIZE = 128; + @SuppressWarnings("unused") + private static SecretKeySpec secretKeySpec; + private static IvParameterSpec ivspec; /** - * Encrypts the text using the specified secret key. + * @deprecated Please use {@link #encryptPKC(String)} to encrypt the text. + * + * Encrypts the text using the specified secret key. * * @param plainText * Text to encrypt @@ -71,7 +83,9 @@ public class CipherUtil { * @return encrypted version of plain text. * @throws CipherUtilException * if any encryption step fails + * */ + @Deprecated public static String encrypt(String plainText, String secretKey) throws CipherUtilException { String encryptedString = null; try { @@ -90,7 +104,8 @@ public class CipherUtil { } /** - * Encrypts the text using a default secret key. + * @deprecated Please use {@link #encryptPKC(String)} to encrypt the text. + * Encrypts the text using the secret key in key.properties file. * * @param plainText * Text to encrypt @@ -98,12 +113,29 @@ public class CipherUtil { * @throws CipherUtilException * if any decryption step fails */ + @Deprecated public static String encrypt(String plainText) throws CipherUtilException { - return CipherUtil.encrypt(plainText, key); + return CipherUtil.encrypt(plainText, keyString); } /** - * Decrypts the text using the specified secret key. + * Encrypts the text using a secret key. + * + * @param plainText + * Text to encrypt + * @return Encrypted Text + * @throws CipherUtilException + * if any decryption step fails + */ + public static String encryptPKC(String plainText) throws CipherUtilException { + return CipherUtil.encryptPKC(plainText, keyString); + } + + /** + * + * @deprecated Please use {@link #decryptPKC(String)} to Decryption the text. + * + * Decrypts the text using the specified secret key. * * @param encryptedText * Text to decrypt @@ -112,7 +144,9 @@ public class CipherUtil { * @return plain text version of encrypted text * @throws CipherUtilException * if any decryption step fails + * */ + @Deprecated public static String decrypt(String encryptedText, String secretKey) throws CipherUtilException { String encryptedString = null; try { @@ -130,8 +164,79 @@ public class CipherUtil { return encryptedString; } + private static SecretKeySpec getSecretKeySpec() { + byte[] key = Base64.decodeBase64(keyString); + return new SecretKeySpec(key, ALGORITHM); + } + + private static SecretKeySpec getSecretKeySpec(String keyString) { + byte[] key = Base64.decodeBase64(keyString); + return new SecretKeySpec(key, ALGORITHM); + } + /** - * Decrypts the text using a default secret key. + * Encrypt the text using the secret key in key.properties file + * + * @param value + * @return The encrypted string + * @throws BadPaddingException + * @throws CipherUtilException + * In case of issue with the encryption + */ + public static String encryptPKC(String value, String skey) throws CipherUtilException { + Cipher cipher = null; + byte[] iv = null, finalByte = null; + + try { + cipher = Cipher.getInstance(ALGORYTHM_DETAILS, "SunJCE"); + + SecureRandom r = SecureRandom.getInstance("SHA1PRNG"); + iv = new byte[BLOCK_SIZE / 8]; + r.nextBytes(iv); + ivspec = new IvParameterSpec(iv); + cipher.init(Cipher.ENCRYPT_MODE, getSecretKeySpec(skey), ivspec); + finalByte = cipher.doFinal(value.getBytes()); + + } catch (Exception ex) { + logger.error("encrypt failed", ex); + throw new CipherUtilException(ex); + } + return Base64.encodeBase64String(ArrayUtils.addAll(iv, finalByte)); + } + + /** + * Decrypts the text using the secret key in key.properties file. + * + * @param message + * The encrypted string that must be decrypted using the ecomp + * Encryption Key + * @return The String decrypted + * @throws CipherUtilException + * if any decryption step fails + */ + public static String decryptPKC(String message, String skey) throws CipherUtilException { + byte[] encryptedMessage = Base64.decodeBase64(message); + Cipher cipher; + byte[] decrypted = null; + try { + cipher = Cipher.getInstance(ALGORYTHM_DETAILS, "SunJCE"); + ivspec = new IvParameterSpec(ArrayUtils.subarray(encryptedMessage, 0, BLOCK_SIZE / 8)); + byte[] realData = ArrayUtils.subarray(encryptedMessage, BLOCK_SIZE / 8, encryptedMessage.length); + cipher.init(Cipher.DECRYPT_MODE, getSecretKeySpec(skey), ivspec); + decrypted = cipher.doFinal(realData); + + } catch (Exception ex) { + logger.error("decrypt failed", ex); + throw new CipherUtilException(ex); + } + + return new String(decrypted); + } + + /** + * @deprecated Please use {@link #decryptPKC(String)} to Decrypt the text. + * + * Decrypts the text using the secret key in key.properties file. * * @param encryptedText * Text to decrypt @@ -139,11 +244,26 @@ public class CipherUtil { * @throws CipherUtilException * if any decryption step fails */ + @Deprecated public static String decrypt(String encryptedText) throws CipherUtilException { - return CipherUtil.decrypt(encryptedText, key); + return CipherUtil.decrypt(encryptedText, keyString); + } + + /** + * + * Decrypts the text using the secret key in key.properties file. + * + * @param encryptedText + * Text to decrypt + * @return Decrypted text + * @throws CipherUtilException + * if any decryption step fails + */ + public static String decryptPKC(String encryptedText) throws CipherUtilException { + return CipherUtil.decryptPKC(encryptedText, keyString); } -/* public static void main(String[] args) throws CipherUtilException { + public static void main(String[] args) throws CipherUtilException { String testValue = "Welcome123"; String encrypted; @@ -152,9 +272,9 @@ public class CipherUtil { if (args.length != 2) { System.out.println("Default password testing... "); System.out.println("Plain password: " + testValue); - encrypted = encrypt(testValue); + encrypted = encryptPKC(testValue); System.out.println("Encrypted password: " + encrypted); - decrypted = decrypt(encrypted); + decrypted = decryptPKC(encrypted); System.out.println("Decrypted password: " + decrypted); } else { String whatToDo = args[0]; @@ -170,5 +290,6 @@ public class CipherUtil { System.out.println("Encrypted Text" + encrypted); } } - }*/ + } + } |