X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=src%2Fmain%2Fjava%2Forg%2Fonap%2Fclamp%2Fclds%2Futil%2FCryptoUtils.java;h=07c4147b9fe2bca0ccfdd388a25a279024d005db;hb=7a58af870eb9934dfec4b5353672d7c428208116;hp=120ac1d009bb777a882430e50d1e08cad09724a4;hpb=70094ae98a374550b8fd4686cf58f7f629c062f2;p=clamp.git

diff --git a/src/main/java/org/onap/clamp/clds/util/CryptoUtils.java b/src/main/java/org/onap/clamp/clds/util/CryptoUtils.java
index 120ac1d0..07c4147b 100644
--- a/src/main/java/org/onap/clamp/clds/util/CryptoUtils.java
+++ b/src/main/java/org/onap/clamp/clds/util/CryptoUtils.java
@@ -18,7 +18,7 @@
  * limitations under the License.
  * ============LICENSE_END============================================
  * ===================================================================
- * ECOMPÂ isÂ aÂ trademarkÂ andÂ serviceÂ markÂ ofÂ AT&TÂ IntellectualÂ Property.
+ * 
  */
 
 package org.onap.clamp.clds.util;
@@ -53,23 +53,33 @@ public final class CryptoUtils {
     private static final EELFLogger logger = EELFManager.getInstance().getLogger(CryptoUtils.class);
     // Openssl commands:
     // Encrypt: echo -n "123456" | openssl aes-128-cbc -e -K <Private Hex key>
-    // -iv <16 Hex Bytes iv> | xxd -u -g100
+    // -iv <16 Bytes iv (HEX), be careful it's 32 Hex Chars> | xxd -u -g100
     // Final result is to put in properties file is: IV + Outcome of openssl
     // command
     // ************************************************************
     // Decrypt: echo -n 'Encrypted string' | xxd -r -ps | openssl aes-128-cbc -d
     // -K
-    // <Private Hex Key> -iv <16 Bytes IV extracted from Encrypted String>
+    // <Private Hex Key> -iv <16 Bytes IV extracted from Encrypted String, be
+    // careful it's 32 Hex Chars>
     /**
      * Definition of encryption algorithm.
      */
     private static final String ALGORITHM = "AES";
+    
+    /**
+     * AES Encryption Key environment variable for external configuration
+     */
+    private static final String AES_ENCRYPTION_KEY = "AES_ENCRYPTION_KEY";
+    
     /**
      * Detailed definition of encryption algorithm.
      */
     private static final String ALGORITHM_DETAILS = ALGORITHM + "/CBC/PKCS5PADDING";
-    private static final int BLOCK_SIZE_IN_BITS = 128;
-    private static final int BLOCK_SIZE_IN_BYTES = BLOCK_SIZE_IN_BITS / 8;
+    private static final int IV_BLOCK_SIZE_IN_BITS = 128;
+    /**
+     * An Initial Vector of 16 Bytes, so 32 Hexadecimal Chars.
+     */
+    private static final int IV_BLOCK_SIZE_IN_BYTES = IV_BLOCK_SIZE_IN_BITS / 8;
     /**
      * Key to read in the key.properties file.
      */
@@ -97,9 +107,9 @@ public final class CryptoUtils {
      * @throws UnsupportedEncodingException
      *             In case of issue with the charset conversion
      */
-    public static String encrypt(String value) throws GeneralSecurityException, UnsupportedEncodingException {
+    public static String encrypt(String value) throws GeneralSecurityException {
         Cipher cipher = Cipher.getInstance(ALGORITHM_DETAILS, "SunJCE");
-        byte[] iv = new byte[BLOCK_SIZE_IN_BYTES];
+        byte[] iv = new byte[IV_BLOCK_SIZE_IN_BYTES];
         SecureRandom.getInstance("SHA1PRNG").nextBytes(iv);
         IvParameterSpec ivspec = new IvParameterSpec(iv);
         cipher.init(Cipher.ENCRYPT_MODE, SECRET_KEY_SPEC, ivspec);
@@ -121,8 +131,8 @@ public final class CryptoUtils {
     public static String decrypt(String message) throws GeneralSecurityException, DecoderException {
         byte[] encryptedMessage = Hex.decodeHex(message.toCharArray());
         Cipher cipher = Cipher.getInstance(ALGORITHM_DETAILS, "SunJCE");
-        IvParameterSpec ivspec = new IvParameterSpec(ArrayUtils.subarray(encryptedMessage, 0, BLOCK_SIZE_IN_BYTES));
-        byte[] realData = ArrayUtils.subarray(encryptedMessage, BLOCK_SIZE_IN_BYTES, encryptedMessage.length);
+        IvParameterSpec ivspec = new IvParameterSpec(ArrayUtils.subarray(encryptedMessage, 0, IV_BLOCK_SIZE_IN_BYTES));
+        byte[] realData = ArrayUtils.subarray(encryptedMessage, IV_BLOCK_SIZE_IN_BYTES, encryptedMessage.length);
         cipher.init(Cipher.DECRYPT_MODE, SECRET_KEY_SPEC, ivspec);
         byte[] decrypted = cipher.doFinal(realData);
         return new String(decrypted);
@@ -152,8 +162,15 @@ public final class CryptoUtils {
     private static SecretKeySpec readSecretKeySpec(String propertiesFileName) {
         Properties props = new Properties();
         try {
-            props.load(ResourceFileUtil.getResourceAsStream(propertiesFileName));
-            return getSecretKeySpec(props.getProperty(KEY_PARAM));
+        	//Workaround fix to make encryption key configurable.
+        	//System environment variable takes precedence for over clds/key.properties
+        	String encryptionKey = System.getenv(AES_ENCRYPTION_KEY);
+        	if(encryptionKey != null && encryptionKey.trim().length() > 0) {
+        		return getSecretKeySpec(encryptionKey);
+        	} else {
+        		props.load(ResourceFileUtil.getResourceAsStream(propertiesFileName));
+                return getSecretKeySpec(props.getProperty(KEY_PARAM));
+        	}
         } catch (IOException | DecoderException e) {
             logger.error("Exception occurred during the key reading", e);
             return null;
