import com.att.eelf.configuration.EELFLogger;
import com.att.eelf.configuration.EELFManager;
import com.google.common.base.Charsets;
-
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.util.Properties;
-
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
-
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.lang3.ArrayUtils;
* Definition of encryption algorithm.
*/
private static final String ALGORITHM = "AES";
+
+ /**
+ * AES Encryption Key environment variable for external configuration.
+ */
+ private static final String AES_ENCRYPTION_KEY = "AES_ENCRYPTION_KEY";
+
/**
* Detailed definition of encryption algorithm.
*/
/**
* Encrypt a value based on the Clamp Encryption Key.
*
- * @param value
- * The value to encrypt
+ * @param value The value to encrypt
* @return The encrypted string
- * @throws GeneralSecurityException
- * In case of issue with the encryption
- * @throws UnsupportedEncodingException
- * In case of issue with the charset conversion
+ * @throws GeneralSecurityException In case of issue with the encryption
+ * @throws UnsupportedEncodingException In case of issue with the charset
+ * conversion
*/
public static String encrypt(String value) throws GeneralSecurityException {
Cipher cipher = Cipher.getInstance(ALGORITHM_DETAILS, "SunJCE");
/**
* Decrypt a value based on the Clamp Encryption Key.
*
- * @param message
- * The encrypted string that must be decrypted using the Clamp
- * Encryption Key
+ * @param message The encrypted string that must be decrypted using the Clamp
+ * Encryption Key
* @return The String decrypted
- * @throws GeneralSecurityException
- * In case of issue with the encryption
- * @throws DecoderException
- * In case of issue to decode the HexString
+ * @throws GeneralSecurityException In case of issue with the encryption
+ * @throws DecoderException In case of issue to decode the HexString
*/
public static String decrypt(String message) throws GeneralSecurityException, DecoderException {
byte[] encryptedMessage = Hex.decodeHex(message.toCharArray());
/**
* Method used to generate the SecretKeySpec from a Base64 String.
*
- * @param keyString
- * The key as a string in Base 64
+ * @param keyString The key as a string in Base 64
* @return The SecretKeySpec created
- * @throws DecoderException
- * In case of issues with the decoding of Base64
+ * @throws DecoderException In case of issues with the decoding of Base64
*/
private static SecretKeySpec getSecretKeySpec(String keyString) throws DecoderException {
byte[] key = Hex.decodeHex(keyString.toCharArray());
}
/**
- * Reads SecretKeySpec from file specified by propertiesFileName
+ * Reads SecretKeySpec from file specified by propertiesFileName.
*
- * @param propertiesFileName
- * File name with properties
+ * @param propertiesFileName File name with properties
* @return SecretKeySpec secret key spec read from propertiesFileName
*/
private static SecretKeySpec readSecretKeySpec(String propertiesFileName) {
Properties props = new Properties();
try {
- props.load(ResourceFileUtil.getResourceAsStream(propertiesFileName));
- return getSecretKeySpec(props.getProperty(KEY_PARAM));
+ // Workaround fix to make encryption key configurable
+ // System environment variable takes precedence for over clds/key.properties
+ String encryptionKey = System.getenv(AES_ENCRYPTION_KEY);
+ if (encryptionKey != null && encryptionKey.trim().length() > 0) {
+ return getSecretKeySpec(encryptionKey);
+ } else {
+ props.load(ResourceFileUtils.getResourceAsStream(propertiesFileName));
+ return getSecretKeySpec(props.getProperty(KEY_PARAM));
+ }
} catch (IOException | DecoderException e) {
logger.error("Exception occurred during the key reading", e);
return null;
Code Review / clamp.git / blobdiff