From 0e7aacdd1620cea42a9588702f99f2dc24d78112 Mon Sep 17 00:00:00 2001 From: Parshad Patel Date: Thu, 7 Mar 2019 11:44:21 +0900 Subject: Fix sonar issues in security-utils Fix Either log or rethrow this exception issue Fix Move this constructor to comply with Java Code Conventions Add Log.isWarnEnabled check Format string using formatter Issue-ID: SDC-1895 Change-Id: I54a6867a50ffafaf284be0e8e2e8ed3d1dac3f23 Signed-off-by: Parshad Patel --- .../java/org/openecomp/sdc/security/Passwords.java | 5 +- .../org/openecomp/sdc/security/SecurityUtil.java | 69 +++++++++++++++++----- 2 files changed, 58 insertions(+), 16 deletions(-) (limited to 'security-utils/src/main/java') diff --git a/security-utils/src/main/java/org/openecomp/sdc/security/Passwords.java b/security-utils/src/main/java/org/openecomp/sdc/security/Passwords.java index 5f5e00722e..f22bc481b4 100644 --- a/security-utils/src/main/java/org/openecomp/sdc/security/Passwords.java +++ b/security-utils/src/main/java/org/openecomp/sdc/security/Passwords.java @@ -54,7 +54,7 @@ public class Passwords { public static String hashPassword(String password) { if (password!=null){ byte[] salt = getNextSalt(); - byte byteData[] = hash(salt, password.getBytes()); + byte[] byteData = hash(salt, password.getBytes()); if (byteData != null) { return toHex(salt) + ":" + toHex(byteData); } @@ -105,7 +105,7 @@ public class Passwords { byte[] saltBytes = fromHex(salt); byte[] hashBytes = fromHex(hash); - byte byteData[] = hash(saltBytes, password.getBytes()); + byte[] byteData = hash(saltBytes, password.getBytes()); if (byteData != null) { return Arrays.equals(byteData, hashBytes); } @@ -148,6 +148,7 @@ public class Passwords { md.update(password); byteData = md.digest(); } catch (NoSuchAlgorithmException e) { + log.error("invalid algorithm name {}", e); System.out.println("invalid algorithm name"); } return byteData; diff --git a/security-utils/src/main/java/org/openecomp/sdc/security/SecurityUtil.java b/security-utils/src/main/java/org/openecomp/sdc/security/SecurityUtil.java index 76986c58aa..fbd93f9152 100644 --- a/security-utils/src/main/java/org/openecomp/sdc/security/SecurityUtil.java +++ b/security-utils/src/main/java/org/openecomp/sdc/security/SecurityUtil.java @@ -15,6 +15,7 @@ import java.security.InvalidKeyException; import java.security.Key; import java.security.NoSuchAlgorithmException; import java.util.Base64; +import java.util.Formatter; public class SecurityUtil { @@ -26,6 +27,8 @@ public class SecurityUtil { private static Key secKey = null ; + private SecurityUtil(){ super(); } + /** * * cmd commands >$PROGRAM_NAME decrypt "$ENCRYPTED_MSG" @@ -54,21 +57,26 @@ public class SecurityUtil { } } - private SecurityUtil(){ super(); } static { + Formatter formatter = new Formatter(); try{ secKey = generateKey( KEY, ALGORITHM ); } catch(Exception e){ - LOG.warn("cannot generate key for {}", ALGORITHM); + if(LOG.isWarnEnabled()) + { + LOG.warn(formatter.format("cannot generate key for %s", ALGORITHM).toString(), e); + } + }finally { + formatter.close(); } } - public static Key generateKey(final byte[] KEY, String algorithm){ - return new SecretKeySpec(KEY, algorithm); + public static Key generateKey(final byte[] key, String algorithm){ + return new SecretKeySpec(key, algorithm); } //obfuscates key prefix -> ********** @@ -93,8 +101,10 @@ public class SecurityUtil { * c. Encrypt the bytes using doFinal method */ public Either encrypt(String strDataToEncrypt){ + if (strDataToEncrypt != null ){ - try { + Formatter formatter = new Formatter(); + try{ LOG.debug("Encrypt key -> {}", secKey); Cipher aesCipherForEncryption = Cipher.getInstance("AES"); // Must specify the mode explicitly as most JCE providers default to ECB mode!! aesCipherForEncryption.init(Cipher.ENCRYPT_MODE, secKey); @@ -104,11 +114,23 @@ public class SecurityUtil { LOG.debug("Cipher Text generated using AES is {}", strCipherText); return Either.left(strCipherText); } catch( NoSuchAlgorithmException | UnsupportedEncodingException e){ - LOG.warn( "cannot encrypt data unknown algorithm or missing encoding for {}" ,secKey.getAlgorithm()); + if(LOG.isWarnEnabled()) + { + LOG.warn(formatter.format("cannot encrypt data unknown algorithm or missing encoding for %s",secKey.getAlgorithm()).toString(), e); + } } catch( InvalidKeyException e){ - LOG.warn( "invalid key recieved - > {} | {}" , java.util.Base64.getDecoder().decode( secKey.getEncoded() ), e.getMessage() ); + if(LOG.isWarnEnabled()) + { + LOG.warn(formatter.format("invalid key recieved - > %s", java.util.Base64.getDecoder().decode(secKey.getEncoded())).toString(), e); + } } catch( IllegalBlockSizeException | BadPaddingException | NoSuchPaddingException e){ - LOG.warn( "bad algorithm definition (Illegal Block Size or padding), please review you algorithm block&padding" , e.getMessage() ); + if(LOG.isWarnEnabled()) + { + LOG.warn("bad algorithm definition (Illegal Block Size or padding), please review you algorithm block&padding", e); + } + } + finally { + formatter.close(); } } return Either.right("Cannot encrypt "+strDataToEncrypt); @@ -124,32 +146,51 @@ public class SecurityUtil { public Either decrypt(byte[] byteCipherText , boolean isBase64Decoded){ if (byteCipherText != null){ byte[] alignedCipherText = byteCipherText; + Formatter formatter = new Formatter(); try{ if (isBase64Decoded) alignedCipherText = Base64.getDecoder().decode(byteCipherText); - LOG.debug("Decrypt key -> "+secKey.getEncoded()); + LOG.debug("Decrypt key -> {}", secKey.getEncoded()); Cipher aesCipherForDecryption = Cipher.getInstance("AES"); // Must specify the mode explicitly as most JCE providers default to ECB mode!! aesCipherForDecryption.init(Cipher.DECRYPT_MODE, secKey); byte[] byteDecryptedText = aesCipherForDecryption.doFinal(alignedCipherText); String strDecryptedText = new String(byteDecryptedText); - LOG.debug("Decrypted Text message is: {}" , obfuscateKey( strDecryptedText )); + String obfuscateKey = obfuscateKey( strDecryptedText ); + LOG.debug("Decrypted Text message is: {}" , obfuscateKey); return Either.left(strDecryptedText); } catch( NoSuchAlgorithmException e){ - LOG.warn( "cannot encrypt data unknown algorithm or missing encoding for {}" ,secKey.getAlgorithm()); + if(LOG.isWarnEnabled()) + { + LOG.warn(formatter.format("cannot encrypt data unknown algorithm or missing encoding for %s", secKey.getAlgorithm()).toString(), e); + } } catch( InvalidKeyException e){ - LOG.warn( "invalid key recieved - > {} | {}" , java.util.Base64.getDecoder().decode( secKey.getEncoded() ), e.getMessage() ); + if(LOG.isWarnEnabled()) + { + LOG.warn(formatter.format("invalid key recieved - > %s", java.util.Base64.getDecoder().decode(secKey.getEncoded())).toString(), e); + } } catch( IllegalBlockSizeException | BadPaddingException | NoSuchPaddingException e){ - LOG.warn( "bad algorithm definition (Illegal Block Size or padding), please review you algorithm block&padding" , e.getMessage() ); + if(LOG.isWarnEnabled()) + { + LOG.warn( "bad algorithm definition (Illegal Block Size or padding), please review you algorithm block&padding", e); + } + }finally { + formatter.close(); } } return Either.right("Decrypt FAILED"); } public Either decrypt(String byteCipherText){ + Formatter formatter = new Formatter(); try { return decrypt(byteCipherText.getBytes(CHARSET),true); } catch( UnsupportedEncodingException e ){ - LOG.warn( "Missing encoding for {} | {} " ,secKey.getAlgorithm() , e.getMessage()); + if(LOG.isWarnEnabled()) + { + LOG.warn(formatter.format("Missing encoding for %s",secKey.getAlgorithm()).toString(), e); + } + }finally { + formatter.close(); } return Either.right("Decrypt FAILED"); } -- cgit 1.2.3-korg