import java.nio.charset.StandardCharsets;
import java.util.Random;
import javax.crypto.Cipher;
-import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
import org.apache.commons.lang3.ArrayUtils;
/**
* Detailed definition of encryption algorithm.
*/
- private static final String ALGORITHM_DETAILS = ALGORITHM + "/CBC/PKCS5PADDING";
+ private static final String ALGORITHM_DETAILS = ALGORITHM + "/GCM/NoPadding";
+
+ private static final int TAG_SIZE_IN_BITS = 128;
private static final int IV_BLOCK_SIZE_IN_BITS = 128;
Cipher cipher = Cipher.getInstance(ALGORITHM_DETAILS);
byte[] iv = new byte[IV_BLOCK_SIZE_IN_BYTES];
RANDOM.nextBytes(iv);
- IvParameterSpec ivspec = new IvParameterSpec(iv);
+ GCMParameterSpec ivspec = new GCMParameterSpec(TAG_SIZE_IN_BITS, iv);
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivspec);
return "enc:" + DatatypeConverter.printBase64Binary(
byte[] encryptedValue = DatatypeConverter.parseBase64Binary(pureValue);
Cipher cipher = Cipher.getInstance(ALGORITHM_DETAILS);
- IvParameterSpec ivspec = new IvParameterSpec(
+ GCMParameterSpec ivspec = new GCMParameterSpec(TAG_SIZE_IN_BITS,
ArrayUtils.subarray(encryptedValue, 0, IV_BLOCK_SIZE_IN_BYTES));
byte[] realData = ArrayUtils.subarray(encryptedValue, IV_BLOCK_SIZE_IN_BYTES, encryptedValue.length);
public class PropertyCoderTest {
private PropertyCoder propertyCoder = null;
private static final String AES_ENCRYPTION_KEY = "aes_encryption_key";
+
+ /*
+ * Note: to generate the encrypted values, invoke CryptoUtils passing both the value
+ * to be encrypted and the secret key.
+ *
+ * The secret key should typically be 32 characters long, resulting in a 256-bit
+ * key, and is placed in "aes_encryption_key".
+ *
+ * For "xacml.pdp.rest.password", the encrypted value was generated via:
+ * java org.onap.policy.common.utils.security.CryptoUtils enc alpha abcdefghijklmnopqrstuvwxyzabcdef
+ *
+ * For "pass", the encrypted value was generated via:
+ * java org.onap.policy.common.utils.security.CryptoUtils enc hello abcdefghijklmnopqrstuvwxyzabcdef
+ */
private static final String json =
("{'aes_encryption_key':'abcdefghijklmnopqrstuvwxyzabcdef'"
- + ",'xacml.pdp.rest.password':'enc:YZ8EqzsxIOzIuK416SWAdrv+0cKKkqsQt/NYH9+uxwI='"
+ + ",'xacml.pdp.rest.password':'enc:FSfOhDygtmnX3gkMSfTFMoBFW+AG5k6goNj2KZgQmeF0DqgcMg=='"
+ ",'xacml.pdp.rest.user':'testpdp'"
+ ",'xacml.pdp.rest.client.user':'policy'"
+ ",'xacml.pdp.rest.client.password':'policy'"
+ ",'xacml.pdp.rest.environment':'TEST'"
+ ",'servers':[{'name':'server1','port':'10',"
- + "'pass':'enc:KXIY94KcAapOAAeFbtjQL4kBPB4k+NJfwdP+GpG3LWQ='}"
+ + "'pass':'enc:08Fj6tLhmWjkZkf52O2A2ZNT8PpL80yEOEKXlbV/gnm0lkR9OA=='}"
+ ",{'name':'server2','port':'20','pass':'plaintext'}]"
+ "}").replace('\'', '"');
* ============LICENSE_START=======================================================
* ONAP
* ================================================================================
- * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
private static Logger logger = LoggerFactory.getLogger(CryptoUtilsTest.class);
private static final String PASS = "HelloWorld";
private static final String SECRET_KEY = "MTIzNDU2Nzg5MDEyMzQ1Ng==";
- private static final String ENCRYPTED_PASS = "enc:hcI2XVX+cxPz/6rlbebkWpCFF6WPbBtT7iJRr2VHUkA=";
+ private static final String ENCRYPTED_PASS = "enc:Z6QzirpPyDpwmIcNbE3U2iq6g/ubJBEdzssoigxGGChlQtdWOLD8y00O";
private static final String DECRYPTED_MSG = "encrypted value: {} decrypted value : {}";
private static final String ENCRYPTED_MSG = "original value : {} encrypted value: {}";
String decryptedAgain = CryptoUtils.decrypt(decryptedValue, SECRET_KEY);
assertEquals(decryptedValue, decryptedAgain);
}
-}
\ No newline at end of file
+}
Code Review / policy / common.git / commitdiff