import java.security.GeneralSecurityException;
+import org.apache.commons.codec.DecoderException;
import org.apache.commons.dbcp.BasicDataSource;
import org.onap.clamp.clds.util.CryptoUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.DependsOn;
-import org.springframework.stereotype.Component;
/**
* This class is an extension of the standard datasource, it will be used to
* decode the encoded password defined in the application.properties.
*
*/
-@Component("EncodedPasswordBasicDataSource")
-@DependsOn(value = { "CryptoUtils" })
public class EncodedPasswordBasicDataSource extends BasicDataSource {
protected static final EELFLogger logger = EELFManager.getInstance()
.getLogger(EncodedPasswordBasicDataSource.class);
protected static final EELFLogger metricsLogger = EELFManager.getInstance().getMetricsLogger();
- @Autowired
- private CryptoUtils cryptoUtils;
+ private CryptoUtils cryptoUtils = new CryptoUtils();
/**
* The default constructor calling the parent one.
this.password = cryptoUtils.decrypt(encodedPassword);
} catch (GeneralSecurityException e) {
logger.error("Unable to decrypt the DB password", e);
+ } catch (DecoderException e) {
+ logger.error("Exception caught when decoding the HEX String Key for encryption", e);
}
}
}
\ No newline at end of file
package org.onap.clamp.clds.util;
+import com.att.eelf.configuration.EELFLogger;
+import com.att.eelf.configuration.EELFManager;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
+import java.security.SecureRandom;
+import java.util.Properties;
import javax.crypto.Cipher;
+import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
-import org.springframework.core.Ordered;
-import org.springframework.core.annotation.Order;
-import org.springframework.stereotype.Component;
+import org.apache.commons.codec.DecoderException;
+import org.apache.commons.codec.binary.Hex;
+import org.apache.commons.lang3.ArrayUtils;
/**
* CryptoUtils for encrypting/decrypting string based on a Key defined in
* application.properties (Spring config file).
*
*/
-@Component("CryptoUtils")
-@Order(Ordered.HIGHEST_PRECEDENCE)
public final class CryptoUtils {
- public static final String AES = "AES";
- public static final String KEY_PARAM = "org.onap.clamp.encryption.aes.key";
- private SecretKeySpec secretKeySpec = getSecretKeySpec("aa3871669d893c7fb8abbcda31b88b4f");
+ protected static final EELFLogger logger = EELFManager.getInstance().getLogger(CryptoUtils.class);
+ // Openssl commands:
+ // Encrypt: echo -n "123456" | openssl aes-128-cbc -e -K <Private Hex key>
+ // -iv <16 Hex Bytes iv> | xxd -u -g100
+ // Final result is to put in properties file is: IV + Outcome of openssl
+ // command
+ // ************************************************************
+ // Decrypt: echo -n 'Encrypted string' | xxd -r -ps | openssl aes-128-cbc -d
+ // -K
+ // <Private Hex Key> -iv <16 Bytes IV extracted from Encrypted String>
+ private static final String ALGORITHM = "AES";
+ private static final String ALGORYTHM_DETAILS = ALGORITHM + "/CBC/PKCS5PADDING";
+ private static final int BLOCK_SIZE = 128;
+ private static final String KEY_PARAM = "org.onap.clamp.encryption.aes.key";
+ private static SecretKeySpec secretKeySpec = null;
+ private IvParameterSpec ivspec;
+ static {
+ Properties props = new Properties();
+ try {
+ props.load(ResourceFileUtil.getResourceAsStream("clds/key.properties"));
+ secretKeySpec = getSecretKeySpec(props.getProperty(KEY_PARAM));
+ } catch (IOException | DecoderException e) {
+ logger.error("Exception occurred during the key reading", e);
+ }
+ }
/**
* Encrypt a value based on the Clamp Encryption Key.
* @return The encrypted string
* @throws GeneralSecurityException
* In case of issue with the encryption
+ * @throws UnsupportedEncodingException
+ * In case of issue with the charset conversion
*/
- public String encrypt(String value) throws GeneralSecurityException {
- Cipher cipher = Cipher.getInstance(CryptoUtils.AES);
- cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, cipher.getParameters());
- byte[] encrypted = cipher.doFinal(value.getBytes());
- return byteArrayToHexString(encrypted);
+ public String encrypt(String value) throws GeneralSecurityException, UnsupportedEncodingException {
+ Cipher cipher = Cipher.getInstance(CryptoUtils.ALGORYTHM_DETAILS, "SunJCE");
+ SecureRandom r = SecureRandom.getInstance("SHA1PRNG");
+ byte[] iv = new byte[BLOCK_SIZE / 8];
+ r.nextBytes(iv);
+ ivspec = new IvParameterSpec(iv);
+ cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, ivspec);
+ return Hex.encodeHexString(ArrayUtils.addAll(iv, cipher.doFinal(value.getBytes("UTF-8"))));
}
/**
- * Decrypt a value.
+ * Decrypt a value based on the Clamp Encryption Key
*
* @param message
* The encrypted string that must be decrypted using the Clamp
* @return The String decrypted
* @throws GeneralSecurityException
* In case of issue with the encryption
+ * @throws DecoderException
+ * In case of issue to decode the HexString
*/
- public String decrypt(String message) throws GeneralSecurityException {
- Cipher cipher = Cipher.getInstance(CryptoUtils.AES);
- cipher.init(Cipher.DECRYPT_MODE, secretKeySpec);
- byte[] decrypted = cipher.doFinal(hexStringToByteArray(message));
+ public String decrypt(String message) throws GeneralSecurityException, DecoderException {
+ byte[] encryptedMessage = Hex.decodeHex(message.toCharArray());
+ Cipher cipher = Cipher.getInstance(CryptoUtils.ALGORYTHM_DETAILS, "SunJCE");
+ ivspec = new IvParameterSpec(ArrayUtils.subarray(encryptedMessage, 0, BLOCK_SIZE / 8));
+ byte[] realData = ArrayUtils.subarray(encryptedMessage, BLOCK_SIZE / 8, encryptedMessage.length);
+ cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, ivspec);
+ byte[] decrypted = cipher.doFinal(realData);
return new String(decrypted);
}
- private SecretKeySpec getSecretKeySpec(String keyString) {
- byte[] key = hexStringToByteArray(keyString);
- return new SecretKeySpec(key, CryptoUtils.AES);
- }
-
- private String byteArrayToHexString(byte[] b) {
- StringBuilder sb = new StringBuilder(b.length * 2);
- for (int i = 0; i < b.length; i++) {
- int v = b[i] & 0xff;
- if (v < 16) {
- sb.append('0');
- }
- sb.append(Integer.toHexString(v));
- }
- return sb.toString().toUpperCase();
- }
-
- private byte[] hexStringToByteArray(String s) {
- byte[] b = new byte[s.length() / 2];
- for (int i = 0; i < b.length; i++) {
- int index = i * 2;
- int v = Integer.parseInt(s.substring(index, index + 2), 16);
- b[i] = (byte) v;
- }
- return b;
+ private static SecretKeySpec getSecretKeySpec(String keyString) throws DecoderException {
+ byte[] key = Hex.decodeHex(keyString.toCharArray());
+ return new SecretKeySpec(key, CryptoUtils.ALGORITHM);
}
}
spring.datasource.camunda.driverClassName=org.mariadb.jdbc.Driver\r
spring.datasource.camunda.url=jdbc:mariadb:sequential://localhost:${docker.mariadb.port.host}/camundabpm?autoReconnect=true&retriesAllDown=2147483647&failoverLoopRetries=2147483647\r
spring.datasource.camunda.username=camunda\r
-spring.datasource.camunda.password=D75B89195FD913848EA11416F755390E\r
+spring.datasource.camunda.password=e1bb2a8381d1aa6c09879bd627db3bb560ad29e8a3343fe6aa7e6a7ba622da4e\r
spring.datasource.camunda.validationQuery=SELECT 1\r
spring.datasource.camunda.validationQueryTimeout=20000\r
spring.datasource.camunda.validationInterval=30000\r
spring.datasource.cldsdb.driverClassName=org.mariadb.jdbc.Driver\r
spring.datasource.cldsdb.url=jdbc:mariadb:sequential://localhost:${docker.mariadb.port.host}/cldsdb4?autoReconnect=true&retriesAllDown=2147483647&failoverLoopRetries=2147483647\r
spring.datasource.cldsdb.username=clds\r
-spring.datasource.cldsdb.password=035F8819FEBB754F3C99ECCCC1259850\r
+spring.datasource.cldsdb.password=4c90a0b48204383f4283448d23e0b885a47237b2a23588e7c4651604f51c1067\r
spring.datasource.cldsdb.validationQuery=SELECT 1\r
spring.datasource.cldsdb.validationQueryTimeout=20000\r
spring.datasource.cldsdb.validationInterval=30000\r
org.onap.clamp.config.files.cldsPolicyConfig=classpath:/clds/clds-policy-config.properties\r
org.onap.clamp.config.files.cldsUsers=classpath:/clds/clds-users.json\r
org.onap.clamp.config.files.globalClds=classpath:/clds/globalClds.properties\r
-org.onap.clamp.encryption.aes.key=aa3871669d893c7fb8abbcda31b88b4f\r
\r
#Define user permission related parameters, the permission type can be changed but MUST be redefined in clds-users.properties in that case !\r
CLDS_PERMISSION_TYPE_CL=permission-type-cl\r
# ===================================================================
# ECOMP is a trademark and service mark of AT&T Intellectual Property.
###
+
# Configuration Settings for Policy Engine Components
PDP_URL1=http://vm1.policy.simpledemo.onap.org:8081/pdp/ , testpdp, alpha123
PDP_URL2=http://vm1.policy.simpledemo.onap.org:8081/pdp/ , testpdp, alpha123
NOTIFICATION_TOPIC=
CLIENT_ID=myclientid
# base64 encoding
-CLIENT_KEY=ChlakDuk
+#CLIENT_KEY=ChlakDuk
+CLIENT_KEY=5CE79532B3A2CB4D132FC0C04BF916A7
#DEVL for development
#TEST for Test environments
#PROD for prod environments
sdc.hostUrl=http://sdc.api.simpledemo.onap.org:8080
sdc.serviceUrl=http://sdc.api.simpledemo.onap.org:8080/sdc/v1/catalog/services
sdc.serviceUsername=test\r
-sdc.servicePassword=A7CADD84A22398C980847A54D23E24E9\r
+sdc.servicePassword=aa2871669d793c7fb7abbcda31b88b4c29bf2982755b25f08f8d0130539c11b0\r
sdc.artifactLabel=blueprintclampcockpit\r
sdc.sdcX-InstanceID=CLAMP\r
sdc.artifactType=DCAE_INVENTORY_BLUEPRINT\r
sdc.locationArtifactLabel=locationclampcockpit\r
sdc.locationArtifactType=DCAE_INVENTORY_JSON\r
sdc.InstanceID=X-ECOMP-InstanceID\r
-#\r
+sdc.header.requestId = X-ECOMP-RequestID\r
#\r
#\r
ui.location.default={"DC1":"Data Center 1","DC2":"Data Center 2","DC3":"Data Center 3"}\r
DCAE_INVENTORY_URL = https://dcae.api.simpledemo.onap.org:8080
\r
#DCAE Dispatcher Url Properties\r
-DCAE_DISPATCHER_URL = https://dcae.api.simpledemo.onap.org:8443
+DCAE_DISPATCHER_URL = https://dcae.api.simpledemo.onap.org:8443\r
+dcae.header.requestId = "X-ECOMP-RequestID"
\r
--- /dev/null
+org.onap.clamp.encryption.aes.key=aa3871669d893c7fb8abbcda31b88b4f
\ No newline at end of file
* ECOMP is a trademark and service mark of AT&T Intellectual Property.
*/
-package org.onap.clamp.clds.it;
+package org.onap.clamp.clds.util;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotEquals;
import static org.junit.Assert.assertNotNull;
+import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
+import org.apache.commons.codec.DecoderException;
+import org.apache.commons.codec.binary.Hex;
+import org.apache.commons.lang3.ArrayUtils;
import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.onap.clamp.clds.util.CryptoUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.test.context.TestPropertySource;
-import org.springframework.test.context.junit4.SpringRunner;
/**
* Test Crypto Utils with Spring.
*/
-@RunWith(SpringRunner.class)
-@SpringBootTest
-@TestPropertySource(locations = "classpath:application-no-camunda.properties")
-public class CryptoUtilsItCase {
- @Autowired
- private CryptoUtils cryptoUtils;
+public class CryptoUtilsTest {
+ private CryptoUtils cryptoUtils = new CryptoUtils();
+ final String data = "This is a test string";
/**
* This method tests encryption.
*
* @throws GeneralSecurityException
+ * @throws DecoderException
+ * @throws UnsupportedEncodingException
*/
@Test
- public final void testEncryption() throws GeneralSecurityException {
- final String testData = "This is a test string";
- final String encodedStringExpected = "A5CB112C9F608A220B35AFED08024D98B9653333AF4C9527C2E934DE473F6145";
- String encodedString = cryptoUtils.encrypt(testData);
+ public final void testEncryption() throws GeneralSecurityException, DecoderException, UnsupportedEncodingException {
+ String encodedString = cryptoUtils.encrypt(data);
assertNotNull(encodedString);
- assertEquals(encodedStringExpected, encodedString);
+ assertEquals(data, cryptoUtils.decrypt(encodedString));
}
/**
- * This method tests decryption.
+ * This method tests encryption.
*
* @throws GeneralSecurityException
+ * @throws DecoderException
+ * @throws UnsupportedEncodingException
*/
@Test
- public final void testDecryption() throws GeneralSecurityException {
- final String decodedStringExpected = "This is a test string";
- final String encodedString = "A5CB112C9F608A220B35AFED08024D98B9653333AF4C9527C2E934DE473F6145";
- String decryptedString = cryptoUtils.decrypt(encodedString);
- assertNotNull(decryptedString);
- assertEquals(decodedStringExpected, decryptedString);
+ public final void testEncryptedStringIsDifferent()
+ throws GeneralSecurityException, DecoderException, UnsupportedEncodingException {
+ String encodedString1 = cryptoUtils.encrypt(data);
+ String encodedString2 = cryptoUtils.encrypt(data);
+ byte[] encryptedMessage1 = Hex.decodeHex(encodedString1.toCharArray());
+ byte[] encryptedMessage2 = Hex.decodeHex(encodedString2.toCharArray());
+ assertNotNull(encryptedMessage1);
+ assertNotNull(encryptedMessage2);
+ assertNotEquals(encryptedMessage1, encryptedMessage2);
+ byte[] subData1 = ArrayUtils.subarray(encryptedMessage1, 16, encryptedMessage1.length);
+ byte[] subData2 = ArrayUtils.subarray(encryptedMessage2, 16, encryptedMessage2.length);
+ assertNotEquals(subData1, subData2);
}
}
\ No newline at end of file
spring.datasource.camunda.driverClassName=org.mariadb.jdbc.Driver
spring.datasource.camunda.url=jdbc:mariadb:sequential://localhost:${docker.mariadb.port.host}/camundabpm?autoReconnect=true&retriesAllDown=2147483647&failoverLoopRetries=2147483647
spring.datasource.camunda.username=camunda
-spring.datasource.camunda.password=D75B89195FD913848EA11416F755390E
+spring.datasource.camunda.password=e1bb2a8381d1aa6c09879bd627db3bb560ad29e8a3343fe6aa7e6a7ba622da4e
spring.datasource.camunda.validationQuery=SELECT 1
spring.datasource.camunda.validationQueryTimeout=20000
spring.datasource.camunda.validationInterval=30000
spring.datasource.cldsdb.driverClassName=org.mariadb.jdbc.Driver
spring.datasource.cldsdb.url=jdbc:mariadb:sequential://localhost:${docker.mariadb.port.host}/cldsdb4?autoReconnect=true&retriesAllDown=2147483647&failoverLoopRetries=2147483647
spring.datasource.cldsdb.username=clds
-spring.datasource.cldsdb.password=035F8819FEBB754F3C99ECCCC1259850
+spring.datasource.cldsdb.password=4c90a0b48204383f4283448d23e0b885a47237b2a23588e7c4651604f51c1067
spring.datasource.cldsdb.validationQuery=SELECT 1
spring.datasource.cldsdb.validationQueryTimeout=20000
spring.datasource.cldsdb.validationInterval=30000
org.onap.clamp.config.files.cldsPolicyConfig=classpath:/clds/clds-policy-config.properties
org.onap.clamp.config.files.cldsUsers=classpath:/clds/clds-users.json
org.onap.clamp.config.files.globalClds=classpath:/clds/globalClds.properties
-org.onap.clamp.encryption.aes.key=aa3871669d893c7fb8abbcda31b88b4f
+
#Define user permission related parameters, the permission type can be changed but MUST be redefined in clds-users.properties in that case !
CLDS_PERMISSION_TYPE_CL=permission-type-cl
sdc.hostUrl=http://127.0.0.1:8080\r
sdc.serviceUrl=http://127.0.0.1:8080/sdc/v1/catalog/services\r
sdc.serviceUsername=test\r
-sdc.servicePassword=123456\r
+sdc.servicePassword=aa2871669d793c7fb7abbcda31b88b4c29bf2982755b25f08f8d0130539c11b0\r
sdc.artifactLabel=blueprintclampcockpit\r
sdc.sdcX-InstanceID=CLAMP\r
sdc.artifactType=DCAE_INVENTORY_BLUEPRINT\r
sdc.locationArtifactLabel=LocationClampCockpit\r
sdc.locationArtifactType=DCAE_INVENTORY_JSON\r
sdc.InstanceID=X-ONAP-InstanceID\r
+sdc.header.requestId = X-ECOMP-RequestID\r
#\r
#\r
#\r
--- /dev/null
+org.onap.clamp.encryption.aes.key=aa3871669d893c7fb8abbcda31b88b4f
\ No newline at end of file
spring.datasource.camunda.driverClassName=org.mariadb.jdbc.Driver
spring.datasource.camunda.url=jdbc:mariadb:sequential://localhost:${docker.mariadb.port.host}/camundabpm?autoReconnect=true&retriesAllDown=2147483647&failoverLoopRetries=2147483647\r
spring.datasource.camunda.username=camunda
-spring.datasource.camunda.password=D75B89195FD913848EA11416F755390E\r
+spring.datasource.camunda.password=e1bb2a8381d1aa6c09879bd627db3bb560ad29e8a3343fe6aa7e6a7ba622da4e\r
spring.datasource.camunda.validationQuery=SELECT 1
spring.datasource.camunda.validationQueryTimeout=20000
spring.datasource.camunda.validationInterval=30000
spring.datasource.cldsdb.driverClassName=org.mariadb.jdbc.Driver
spring.datasource.cldsdb.url=jdbc:mariadb:sequential://localhost:${docker.mariadb.port.host}/cldsdb4?autoReconnect=true&retriesAllDown=2147483647&failoverLoopRetries=2147483647\r
spring.datasource.cldsdb.username=clds
-spring.datasource.cldsdb.password=035F8819FEBB754F3C99ECCCC1259850\r
+spring.datasource.cldsdb.password=4c90a0b48204383f4283448d23e0b885a47237b2a23588e7c4651604f51c1067\r
spring.datasource.cldsdb.validationQuery=SELECT 1
spring.datasource.cldsdb.validationQueryTimeout=20000
spring.datasource.cldsdb.validationInterval=30000
org.onap.clamp.config.files.cldsPolicyConfig=classpath:/clds/clds-policy-config.properties
org.onap.clamp.config.files.cldsUsers=classpath:/clds/clds-users.json
org.onap.clamp.config.files.globalClds=classpath:/clds/globalClds.properties
-org.onap.clamp.encryption.aes.key=aa3871669d893c7fb8abbcda31b88b4f
#Define user permission related parameters, the permission type can be changed but MUST be redefined in clds-users.properties in that case !
CLDS_PERMISSION_TYPE_CL=permission-type-cl
Code Review / policy / clamp.git / commitdiff