From 549cafbb3b5b5c9298e8c7371835f5c58633349f Mon Sep 17 00:00:00 2001
From: guangxingwang <gw1218@att.com>
Date: Tue, 30 Jan 2018 20:18:31 -0600
Subject: [PATCH] Implement Encryption on Passwords

Fix Fortify scan issue - hardcoded password

Issue-ID: POLICY-542
Change-Id: I722b9143fbddc48b67592bb35a44f36ed8b38aad
Signed-off-by: guangxingwang <gw1218@att.com>
---
 .../java/org/onap/policy/utils/CryptoUtils.java    | 256 +++++++++++++++++++++
 .../onap/policy/utils/test/CryptoUtilsTest.java    | 128 +++++++++++
 2 files changed, 384 insertions(+)
 create mode 100644 PolicyEngineUtils/src/main/java/org/onap/policy/utils/CryptoUtils.java
 create mode 100644 PolicyEngineUtils/src/test/java/org/onap/policy/utils/test/CryptoUtilsTest.java

diff --git a/PolicyEngineUtils/src/main/java/org/onap/policy/utils/CryptoUtils.java b/PolicyEngineUtils/src/main/java/org/onap/policy/utils/CryptoUtils.java
new file mode 100644
index 000000000..5496f0d87
--- /dev/null
+++ b/PolicyEngineUtils/src/main/java/org/onap/policy/utils/CryptoUtils.java
@@ -0,0 +1,256 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * PolicyEngineUtils
+ * ================================================================================
+ * Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.policy.utils;
+
+import java.nio.charset.StandardCharsets;
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.Key;
+import java.util.Base64;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.spec.SecretKeySpec;
+import javax.xml.bind.DatatypeConverter;
+
+import org.onap.policy.common.logging.flexlogger.FlexLogger;
+import org.onap.policy.common.logging.flexlogger.Logger;
+
+public class CryptoUtils {
+	private static final Logger LOGGER = FlexLogger.getLogger(CryptoUtils.class);
+	private static final String CIPHER_TYPE = "AES/CBC/PKCS5Padding";
+	private static Key mKey = null;
+	private static AlgorithmParameters mAlgParm = null;
+
+	static {
+		//the hadcoded key is to be removed in a future iteration
+		try {
+			String kval = "bmpybWJrbGN4dG9wbGF3Zg==";
+			String algp = "BBBpbml0VmVjVGhpc0lzVGhl";
+
+			byte[] kvalb = DatatypeConverter.parseBase64Binary(kval);
+			byte[] algb = DatatypeConverter.parseBase64Binary(algp);
+
+			mKey = new SecretKeySpec(kvalb, "AES");
+
+			mAlgParm = AlgorithmParameters.getInstance("AES");
+			mAlgParm.init(algb, "ASN.1");
+
+		} catch (Exception ex) {
+			throw new ExceptionInInitializerError(ex);
+		}
+	}
+
+	private CryptoUtils() {
+		// Private Constructor
+	}
+
+	/**
+	 * Decrypt txt.
+	 *
+	 * @param encryptedTxt
+	 *            text to be decrypted, Base 64 UrlEncoded
+	 * @return the byte[]
+	 * @throws NoSuchAlgorithmException
+	 *             the no such algorithm exception
+	 * @throws NoSuchPaddingException
+	 *             the no such padding exception
+	 * @throws InvalidAlgorithmParameterException
+	 *             the invalid algorithm parameter exception
+	 * @throws InvalidKeyException
+	 *             the invalid key exception
+	 * @throws IllegalBlockSizeException
+	 *             the illegal block size exception
+	 * @throws BadPaddingException
+	 *             the bad padding exception
+	 */
+	public static byte[] decryptTxt(String encryptedTxt)
+			throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException,
+			InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
+		Cipher cipher = Cipher.getInstance(CIPHER_TYPE);
+		cipher.init(Cipher.DECRYPT_MODE, mKey, mAlgParm);
+
+		return cipher.doFinal(Base64.getUrlDecoder().decode(encryptedTxt.getBytes(StandardCharsets.UTF_8)));
+	}
+
+	/**
+	 * Decrypt txt.
+	 *
+	 * @param encryptedTxt
+	 *            text to be decrypted, Base 64 UrlEncoded
+	 * @param mKey
+	 *            the key as Base 64
+	 * @return the byte[]
+	 * @throws NoSuchAlgorithmException
+	 *             the no such algorithm exception
+	 * @throws NoSuchPaddingException
+	 *             the no such padding exception
+	 * @throws InvalidAlgorithmParameterException
+	 *             the invalid algorithm parameter exception
+	 * @throws InvalidKeyException
+	 *             the invalid key exception
+	 * @throws IllegalBlockSizeException
+	 *             the illegal block size exception
+	 * @throws BadPaddingException
+	 *             the bad padding exception
+	 */
+	public static byte[] decryptTxt(String encryptedTxt, String base64BinaryKey)
+			throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException,
+			InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
+
+		byte[] keyValueByte = DatatypeConverter.parseBase64Binary(base64BinaryKey);
+		Key paramKey = new SecretKeySpec(keyValueByte, "AES");
+		Cipher cipher = Cipher.getInstance(CIPHER_TYPE);
+		cipher.init(Cipher.DECRYPT_MODE, paramKey, mAlgParm);
+
+		return cipher.doFinal(Base64.getUrlDecoder().decode(encryptedTxt.getBytes(StandardCharsets.UTF_8)));
+	}
+
+	/**
+	 * Decrypt txt, no exceptions thrown.
+	 *
+	 * @param encryptedTxt
+	 *            text to be decrypted, Base 64 UrlEncoded
+	 * @return the decrypted text, or the original text if it could not be
+	 *         decrypted
+	 */
+	public static byte[] decryptTxtNoEx(String encryptedTxt) {
+
+		try {
+			if (encryptedTxt == null || encryptedTxt.isEmpty()) {
+				LOGGER.error("decryptTxtNoEx: Input param encryptedTxt is not valid");
+				return new byte[0];
+			}
+			return decryptTxt(encryptedTxt);
+		} catch (Exception e) {
+			try {
+				LOGGER.error("decryptTxtNoEx: Exception while decryption : " + e);
+				return (encryptedTxt != null) ? encryptedTxt.getBytes(StandardCharsets.UTF_8) : new byte[0];
+			} catch (Exception e1) {
+				LOGGER.error("decryptTxtNoEx: Exception on sending default : " + e1);
+				return new byte[0];
+			}
+		}
+	}
+	
+	/**
+	 * Decrypt txt, no exceptions thrown.
+	 *
+	 * @param encryptedTxt
+	 *            text to be decrypted, Base 64 UrlEncoded
+	 * @return the decrypted text, or the original text if it could not be
+	 *         decrypted
+	 */
+	public static String decryptTxtNoExStr(String encryptedTxt) {
+			return new String(decryptTxtNoEx(encryptedTxt), StandardCharsets.UTF_8);
+	}
+
+	/**
+	 * Encrypt txt.
+	 *
+	 * @param plainTxt
+	 *            the plain txt
+	 * @return the encrypted string
+	 * @throws NoSuchPaddingException
+	 *             the no such padding exception
+	 * @throws InvalidAlgorithmParameterException
+	 *             the invalid algorithm parameter exception
+	 * @throws NoSuchAlgorithmException
+	 *             the no such algorithm exception
+	 * @throws InvalidKeyException
+	 *             the invalid key exception
+	 * @throws IllegalBlockSizeException
+	 *             the illegal block size exception
+	 * @throws BadPaddingException
+	 *             the bad padding exception
+	 */
+	public static String encryptTxt(byte[] plainTxt)
+			throws NoSuchPaddingException, InvalidAlgorithmParameterException,
+			NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
+
+		Cipher cipher = Cipher.getInstance(CIPHER_TYPE);
+		cipher.init(Cipher.ENCRYPT_MODE, mKey, mAlgParm);
+
+		byte[] encryption = cipher.doFinal(plainTxt);
+		return new String(Base64.getUrlEncoder().encode(encryption), StandardCharsets.UTF_8);
+	}
+
+	/**
+	 * Encrypt txt.
+	 *
+	 * @param plainTxt
+	 *            the plain txt to be encrypted
+	 * @param base64BinaryKey
+	 *            the key as lexical representation of Base64 Binary
+	 * @return the encrypted string
+	 * @throws NoSuchPaddingException
+	 *             the no such padding exception
+	 * @throws InvalidAlgorithmParameterException
+	 *             the invalid algorithm parameter exception
+	 * @throws NoSuchAlgorithmException
+	 *             the no such algorithm exception
+	 * @throws InvalidKeyException
+	 *             the invalid key exception
+	 * @throws IllegalBlockSizeException
+	 *             the illegal block size exception
+	 * @throws BadPaddingException
+	 *             the bad padding exception
+	 */
+	public static String encryptTxt(byte[] plainTxt, String base64BinaryKey)
+			throws NoSuchPaddingException, InvalidAlgorithmParameterException,
+			NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
+
+		byte[] keyValueByte = DatatypeConverter.parseBase64Binary(base64BinaryKey);
+		Key paramKey = new SecretKeySpec(keyValueByte, "AES");
+		Cipher cipher = Cipher.getInstance(CIPHER_TYPE);
+		cipher.init(Cipher.ENCRYPT_MODE, paramKey, mAlgParm);
+
+		byte[] encryption = cipher.doFinal(plainTxt);
+		return new String(Base64.getMimeEncoder().encode(encryption), StandardCharsets.UTF_8);
+	}
+
+	/**
+	 * Encrypt txt, no exceptions thrown
+	 *
+	 * @param plainTxt
+	 *            the plain txt to be encrypted
+	 * @return the encrypted String , or the original text if it could not be
+	 *         encrypted
+	 */
+	public static String encryptTxtNoEx(byte[] plainTxt) {
+
+		if (plainTxt == null || plainTxt.length == 0) {
+			LOGGER.error("encryptTxtNoEx: Input param plainTxt is not valid");
+			return "";
+		}
+
+		try {
+			return encryptTxt(plainTxt);
+		} catch (Exception e) {
+			LOGGER.error("encryptTxtNoEx: Exception while decryption : " + e);
+			return new String(plainTxt, StandardCharsets.UTF_8);
+		}
+	}
+
+}
\ No newline at end of file
diff --git a/PolicyEngineUtils/src/test/java/org/onap/policy/utils/test/CryptoUtilsTest.java b/PolicyEngineUtils/src/test/java/org/onap/policy/utils/test/CryptoUtilsTest.java
new file mode 100644
index 000000000..e2ca78a06
--- /dev/null
+++ b/PolicyEngineUtils/src/test/java/org/onap/policy/utils/test/CryptoUtilsTest.java
@@ -0,0 +1,128 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * PolicyEngineUtils
+ * ================================================================================
+ * Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.policy.utils.test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertArrayEquals;
+
+import java.nio.charset.StandardCharsets;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+
+import org.junit.Test;
+import org.onap.policy.utils.CryptoUtils;
+
+public class CryptoUtilsTest {
+
+	@Test
+	public final void testDecryptTxt() throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
+			InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException
+			 {
+		String decryptedTxt = new String(CryptoUtils.decryptTxt("g0uHKXCLyzJ6wSbpphNGsA=="), StandardCharsets.UTF_8);
+		assertEquals("mypass", decryptedTxt);
+	}
+
+	@Test
+	public final void testDecryptTxtWithKey() throws InvalidKeyException, NoSuchAlgorithmException,
+			NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException
+			 {
+		String decryptedTxt = new String(CryptoUtils.decryptTxt("g0uHKXCLyzJ6wSbpphNGsA==", "bmpybWJrbGN4dG9wbGF3Zg=="),
+				StandardCharsets.UTF_8);
+		assertEquals("mypass", decryptedTxt);
+	}
+
+	@Test
+	public final void testDecryptTxtNoEx() {
+		String decryptedTxt = new String(CryptoUtils.decryptTxtNoEx("g0uHKXCLyzJ6wSbpphNGsA=="),
+				StandardCharsets.UTF_8);
+		assertEquals("mypass", decryptedTxt);
+
+	}
+
+	@Test
+	public final void testDecryptTxtNoExStr() {
+		assertEquals("mypass", CryptoUtils.decryptTxtNoExStr("g0uHKXCLyzJ6wSbpphNGsA=="));
+	}
+	@Test
+	public final void testDecryptTxtNoExInvalidInput() {
+		assertArrayEquals(new byte[0], CryptoUtils.decryptTxtNoEx(null));
+		assertArrayEquals(new byte[0], CryptoUtils.decryptTxtNoEx(""));
+		// ensure backward compatibility
+		assertEquals("bogus", new String(CryptoUtils.decryptTxtNoEx("bogus"), StandardCharsets.UTF_8));
+		assertEquals("admin123", CryptoUtils.decryptTxtNoExStr("admin123"));
+		assertEquals("password", CryptoUtils.decryptTxtNoExStr("password"));
+	}
+
+	@Test(expected = IllegalArgumentException.class)
+	public final void testDecryptTxtInvalidInput() throws InvalidKeyException, NoSuchAlgorithmException,
+			NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException
+			 {
+		CryptoUtils.decryptTxt("bogus");
+	}
+
+	@Test
+	public final void testEncryptTxt() throws InvalidKeyException, NoSuchPaddingException,
+			InvalidAlgorithmParameterException, NoSuchAlgorithmException, IllegalBlockSizeException,
+			BadPaddingException {
+		String txtStr = "mypass";
+		byte[] txt = txtStr.getBytes(StandardCharsets.UTF_8);
+		assertEquals("g0uHKXCLyzJ6wSbpphNGsA==", CryptoUtils.encryptTxt(txt));
+	}
+
+	@Test
+	public final void testEncryptTxtWithKey() throws InvalidKeyException,
+			NoSuchPaddingException, InvalidAlgorithmParameterException, NoSuchAlgorithmException,
+			IllegalBlockSizeException, BadPaddingException {
+		String txtStr = "mypass";
+		byte[] txt = txtStr.getBytes(StandardCharsets.UTF_8);
+		assertEquals("g0uHKXCLyzJ6wSbpphNGsA==", CryptoUtils.encryptTxt(txt, "bmpybWJrbGN4dG9wbGF3Zg=="));
+	}
+
+	@Test
+	public final void testEncryptTxtNoEx() {
+		String txtStr = "mypass";
+		byte[] txt = txtStr.getBytes(StandardCharsets.UTF_8);
+		assertEquals("g0uHKXCLyzJ6wSbpphNGsA==", CryptoUtils.encryptTxtNoEx(txt));
+	}
+
+	@Test
+	public final void testEncryptTxtNoExInvalidInput() {
+		String txtStr = "";
+		byte[] txt = txtStr.getBytes(StandardCharsets.UTF_8);
+		assertEquals("", CryptoUtils.encryptTxtNoEx(txt));
+		assertEquals("", CryptoUtils.encryptTxtNoEx(null));
+	}
+
+	@Test(expected = InvalidKeyException.class)
+	public final void testEncryptTxtWithKeyInvalid() throws InvalidKeyException,
+			NoSuchPaddingException, InvalidAlgorithmParameterException, NoSuchAlgorithmException,
+			IllegalBlockSizeException, BadPaddingException {
+		String txtStr = "mypass";
+		byte[] txt = txtStr.getBytes(StandardCharsets.UTF_8);
+		CryptoUtils.encryptTxt(txt, "mykey");
+	}
+
+
+}
\ No newline at end of file
-- 
2.16.6