X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=PolicyEngineUtils%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fpolicy%2Futils%2FPeCryptoUtils.java;fp=PolicyEngineUtils%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fpolicy%2Futils%2FPeCryptoUtils.java;h=9863f03add446f5c025525b6a8f706a3fc1558d2;hb=c1b69dfb1297365d35f2ada8690f13f787d38b4f;hp=0000000000000000000000000000000000000000;hpb=c683a67fbf4a50e68bf8736517865b43db75ed4b;p=policy%2Fengine.git diff --git a/PolicyEngineUtils/src/main/java/org/onap/policy/utils/PeCryptoUtils.java b/PolicyEngineUtils/src/main/java/org/onap/policy/utils/PeCryptoUtils.java new file mode 100644 index 000000000..9863f03ad --- /dev/null +++ b/PolicyEngineUtils/src/main/java/org/onap/policy/utils/PeCryptoUtils.java @@ -0,0 +1,102 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP Policy Engine + * ================================================================================ + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.utils; + +import java.security.GeneralSecurityException; +import java.util.Map; +import java.util.concurrent.ConcurrentHashMap; +import org.apache.commons.lang3.StringUtils; +import org.onap.policy.common.logging.flexlogger.FlexLogger; +import org.onap.policy.common.logging.flexlogger.Logger; +import org.onap.policy.common.utils.security.CryptoUtils; + +public class PeCryptoUtils { + + private static Logger logger = FlexLogger.getLogger(PeCryptoUtils.class); + private static final String PROP_AES_KEY = "org.onap.policy.encryption.aes.key"; + private static CryptoUtils cryptoUtils = null; + private static String secretKey = System.getenv("AES_ENCRYPTION_KEY"); + private static final Map decryptCache = new ConcurrentHashMap<>(); + private static final Map encryptCache = new ConcurrentHashMap<>(); + + + private PeCryptoUtils() {} + + /** + * Inits the aes key. + * + * @param theSecretKey the the secret key + */ + public static synchronized void initAesKey(String theSecretKey) { + String secKey = theSecretKey; + if (cryptoUtils == null) { + if (StringUtils.isBlank(secKey)) { + secKey = System.getProperty(PROP_AES_KEY); + } + if (StringUtils.isBlank(secKey)) { + secKey = secretKey; + } + cryptoUtils = new CryptoUtils(secKey); + } + } + + /** + * Encrypt a value based on the Policy Encryption Key. + * + * @param value The plain text string + * @return The encrypted String + */ + public static String encrypt(String value) { + + if (cryptoUtils == null || StringUtils.isBlank(value)) { + return value; + } + + return encryptCache.computeIfAbsent(value, k -> { + try { + return cryptoUtils.encrypt(k); + } catch (GeneralSecurityException e) { + logger.error("Could not decrypt value - exception: ", e); + return value; + } + }); + } + + /** + * Decrypt a value based on the Policy Encryption Key if string begin with 'enc:'. + * + * @param value The encrypted string that must be decrypted using the Policy Encryption Key + * @return The String decrypted if string begin with 'enc:' + */ + public static String decrypt(String value) { + if (cryptoUtils == null || StringUtils.isBlank(value)) { + return value; + } + return decryptCache.computeIfAbsent(value, k -> { + try { + return cryptoUtils.decrypt(k); + } catch (GeneralSecurityException e) { + logger.error("Could not decrypt value - exception: ", e); + return value; + } + }); + } +}