aboutsummaryrefslogtreecommitdiffstats
path: root/common/src/main/java/org/onap/so/utils/CryptoUtils.java
diff options
context:
space:
mode:
Diffstat (limited to 'common/src/main/java/org/onap/so/utils/CryptoUtils.java')
-rw-r--r--common/src/main/java/org/onap/so/utils/CryptoUtils.java66
1 files changed, 32 insertions, 34 deletions
diff --git a/common/src/main/java/org/onap/so/utils/CryptoUtils.java b/common/src/main/java/org/onap/so/utils/CryptoUtils.java
index 11d464a85c..c35ced531d 100644
--- a/common/src/main/java/org/onap/so/utils/CryptoUtils.java
+++ b/common/src/main/java/org/onap/so/utils/CryptoUtils.java
@@ -21,15 +21,15 @@
package org.onap.so.utils;
-
-import java.security.GeneralSecurityException;
-import java.security.NoSuchAlgorithmException;
+import org.onap.so.logger.MessageEnum;
+import org.onap.so.logger.MsoLogger;
import javax.crypto.Cipher;
+import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
-
-import org.onap.so.logger.MessageEnum;
-import org.onap.so.logger.MsoLogger;
+import java.security.GeneralSecurityException;
+import java.security.SecureRandom;
+import java.util.Arrays;
/**
@@ -40,8 +40,12 @@ public final class CryptoUtils {
private static final MsoLogger LOGGER = MsoLogger.getMsoLogger (MsoLogger.Catalog.RA, CryptoUtils.class);
- public static final String AES = "AES";
+ private static final String AES = "AES";
private static final String CLOUD_KEY = "aa3871669d893c7fb8abbcda31b88b4f";
+ private static final int GCM_TAG_LENGTH = 16;
+ private static final int GCM_IV_LENGTH = 12;
+ private static final String AES_GCM_NO_PADDING = "AES/GCM/NoPadding";
+
/**
* encrypt a value and generate a keyfile
* if the keyfile is not found then a new one is created
@@ -50,10 +54,16 @@ public final class CryptoUtils {
*/
public static String encrypt (String value, String keyString) throws GeneralSecurityException {
SecretKeySpec sks = getSecretKeySpec (keyString);
- Cipher cipher = Cipher.getInstance (CryptoUtils.AES);
- cipher.init (Cipher.ENCRYPT_MODE, sks, cipher.getParameters ());
- byte[] encrypted = cipher.doFinal (value.getBytes ());
- return byteArrayToHexString (encrypted);
+ Cipher cipher = Cipher.getInstance(AES_GCM_NO_PADDING);
+ byte[] initVector = new byte[GCM_IV_LENGTH];
+ (new SecureRandom()).nextBytes(initVector);
+ GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * java.lang.Byte.SIZE, initVector);
+ cipher.init(Cipher.ENCRYPT_MODE, sks, spec);
+ byte[] encoded = value.getBytes(java.nio.charset.StandardCharsets.UTF_8);
+ byte[] cipherText = new byte[initVector.length + cipher.getOutputSize(encoded.length)];
+ System.arraycopy(initVector, 0, cipherText, 0, initVector.length);
+ cipher.doFinal(encoded, 0, encoded.length, cipherText, initVector.length);
+ return byteArrayToHexString(cipherText);
}
/**
@@ -63,29 +73,18 @@ public final class CryptoUtils {
*/
public static String decrypt (String message, String keyString) throws GeneralSecurityException {
SecretKeySpec sks = getSecretKeySpec (keyString);
- Cipher cipher = Cipher.getInstance (CryptoUtils.AES);
- cipher.init (Cipher.DECRYPT_MODE, sks);
- byte[] decrypted = cipher.doFinal (hexStringToByteArray (message));
- return new String (decrypted);
+ byte[] cipherText = hexStringToByteArray(message);
+ Cipher cipher = Cipher.getInstance(AES_GCM_NO_PADDING);
+ byte[] initVector = Arrays.copyOfRange(cipherText, 0, GCM_IV_LENGTH);
+ GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * java.lang.Byte.SIZE, initVector);
+ cipher.init(Cipher.DECRYPT_MODE, sks, spec);
+ byte[] plaintext = cipher.doFinal(cipherText, GCM_IV_LENGTH, cipherText.length - GCM_IV_LENGTH);
+ return new String(plaintext);
}
-
- /**
- * decrypt a value or return defaultValue
- *
- */
- public static String decryptProperty (String prop, String defaultValue, String encryptionKey) {
- try {
- return CryptoUtils.decrypt(prop, encryptionKey);
- }
- catch (GeneralSecurityException e) {
- LOGGER.debug("Security exception", e);
- }
- return defaultValue;
- }
public static String encryptCloudConfigPassword(String message) {
try {
- return CryptoUtils.encrypt(message, CryptoUtils.CLOUD_KEY);
+ return CryptoUtils.encrypt(message, CLOUD_KEY);
} catch (GeneralSecurityException e) {
LOGGER.error (MessageEnum.RA_GENERAL_EXCEPTION, "", "", MsoLogger.ErrorCode.BusinessProcesssError, "Exception in encryptPassword", e);
return null;
@@ -93,16 +92,15 @@ public final class CryptoUtils {
}
public static String decryptCloudConfigPassword(String message) {
try {
- return CryptoUtils.decrypt(message, CryptoUtils.CLOUD_KEY);
+ return CryptoUtils.decrypt(message, CLOUD_KEY);
} catch (GeneralSecurityException e) {
LOGGER.error (MessageEnum.RA_GENERAL_EXCEPTION, "", "", MsoLogger.ErrorCode.BusinessProcesssError, "Exception in encryptPassword", e);
return null;
}
}
- private static SecretKeySpec getSecretKeySpec (String keyString) throws NoSuchAlgorithmException {
+ private static SecretKeySpec getSecretKeySpec (String keyString) {
byte[] key = hexStringToByteArray (keyString);
- SecretKeySpec sks = new SecretKeySpec (key, CryptoUtils.AES);
- return sks;
+ return new SecretKeySpec (key, AES);
}
public static String byteArrayToHexString (byte[] b) {