mirror of
https://github.com/apache/cloudstack.git
synced 2025-11-04 20:29:27 +01:00
console proxy: use AeadBase64Encryptor instead of AES/CBC/PKCS5Padding (#7237)
This commit is contained in:
Wei Zhou
GitHub
parent
5e5d194d77
commit
3e04779f60
@ -16,23 +16,15 @@
|
||||
// under the License.
|
||||
package com.cloud.servlet;
|
||||
|
||||
import java.security.InvalidAlgorithmParameterException;
|
||||
import java.security.InvalidKeyException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
|
||||
import javax.crypto.BadPaddingException;
|
||||
import javax.crypto.Cipher;
|
||||
import javax.crypto.IllegalBlockSizeException;
|
||||
import javax.crypto.NoSuchPaddingException;
|
||||
import javax.crypto.spec.IvParameterSpec;
|
||||
import javax.crypto.spec.SecretKeySpec;
|
||||
|
||||
import org.apache.commons.codec.binary.Base64;
|
||||
import org.apache.log4j.Logger;
|
||||
|
||||
import com.google.gson.Gson;
|
||||
import com.google.gson.GsonBuilder;
|
||||
|
||||
import com.cloud.utils.crypt.AeadBase64Encryptor;
|
||||
import com.cloud.utils.crypt.Base64Encryptor;
|
||||
|
||||
// To maintain independency of console proxy project, we duplicate this class from console proxy project
|
||||
public class ConsoleProxyPasswordBasedEncryptor {
|
||||
private static final Logger s_logger = Logger.getLogger(ConsoleProxyPasswordBasedEncryptor.class);
|
||||
@ -51,65 +43,16 @@ public class ConsoleProxyPasswordBasedEncryptor {
|
||||
if (text == null || text.isEmpty())
|
||||
return text;
|
||||
|
||||
try {
|
||||
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
|
||||
SecretKeySpec keySpec = new SecretKeySpec(keyIvPair.getKeyBytes(), "AES");
|
||||
|
||||
cipher.init(Cipher.ENCRYPT_MODE, keySpec, new IvParameterSpec(keyIvPair.getIvBytes()));
|
||||
|
||||
byte[] encryptedBytes = cipher.doFinal(text.getBytes());
|
||||
return Base64.encodeBase64URLSafeString(encryptedBytes);
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (NoSuchPaddingException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (IllegalBlockSizeException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (BadPaddingException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (InvalidKeyException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (InvalidAlgorithmParameterException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
}
|
||||
Base64Encryptor encryptor = new AeadBase64Encryptor(keyIvPair.getKeyBytes(), keyIvPair.getIvBytes());
|
||||
return encryptor.encrypt(text);
|
||||
}
|
||||
|
||||
public String decryptText(String encryptedText) {
|
||||
if (encryptedText == null || encryptedText.isEmpty())
|
||||
return encryptedText;
|
||||
|
||||
try {
|
||||
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
|
||||
SecretKeySpec keySpec = new SecretKeySpec(keyIvPair.getKeyBytes(), "AES");
|
||||
cipher.init(Cipher.DECRYPT_MODE, keySpec, new IvParameterSpec(keyIvPair.getIvBytes()));
|
||||
|
||||
byte[] encryptedBytes = Base64.decodeBase64(encryptedText);
|
||||
return new String(cipher.doFinal(encryptedBytes));
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (NoSuchPaddingException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (IllegalBlockSizeException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (BadPaddingException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (InvalidKeyException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (InvalidAlgorithmParameterException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
}
|
||||
Base64Encryptor encryptor = new AeadBase64Encryptor(keyIvPair.getKeyBytes(), keyIvPair.getIvBytes());
|
||||
return encryptor.decrypt(encryptedText);
|
||||
}
|
||||
|
||||
public <T> String encryptObject(Class<?> clz, T obj) {
|
||||
|
||||
@ -16,30 +16,15 @@
|
||||
// under the License.
|
||||
package com.cloud.consoleproxy;
|
||||
|
||||
import java.security.InvalidAlgorithmParameterException;
|
||||
import java.security.InvalidKeyException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
|
||||
import javax.crypto.BadPaddingException;
|
||||
import javax.crypto.Cipher;
|
||||
import javax.crypto.IllegalBlockSizeException;
|
||||
import javax.crypto.NoSuchPaddingException;
|
||||
import javax.crypto.spec.IvParameterSpec;
|
||||
import javax.crypto.spec.SecretKeySpec;
|
||||
|
||||
import org.apache.commons.codec.binary.Base64;
|
||||
import org.apache.log4j.Logger;
|
||||
|
||||
import com.google.gson.Gson;
|
||||
import com.google.gson.GsonBuilder;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Kelven Yang
|
||||
* A simple password based encyrptor based on AES/CBC. It can serialize simple POJO object into URL safe string
|
||||
* and deserialize it back.
|
||||
*
|
||||
*/
|
||||
import com.cloud.utils.crypt.AeadBase64Encryptor;
|
||||
import com.cloud.utils.crypt.Base64Encryptor;
|
||||
|
||||
public class ConsoleProxyPasswordBasedEncryptor {
|
||||
private static final Logger s_logger = Logger.getLogger(ConsoleProxyPasswordBasedEncryptor.class);
|
||||
|
||||
@ -57,65 +42,16 @@ public class ConsoleProxyPasswordBasedEncryptor {
|
||||
if (text == null || text.isEmpty())
|
||||
return text;
|
||||
|
||||
try {
|
||||
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
|
||||
SecretKeySpec keySpec = new SecretKeySpec(keyIvPair.getKeyBytes(), "AES");
|
||||
|
||||
cipher.init(Cipher.ENCRYPT_MODE, keySpec, new IvParameterSpec(keyIvPair.getIvBytes()));
|
||||
|
||||
byte[] encryptedBytes = cipher.doFinal(text.getBytes());
|
||||
return Base64.encodeBase64URLSafeString(encryptedBytes);
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (NoSuchPaddingException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (IllegalBlockSizeException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (BadPaddingException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (InvalidKeyException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (InvalidAlgorithmParameterException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
}
|
||||
Base64Encryptor encryptor = new AeadBase64Encryptor(keyIvPair.getKeyBytes(), keyIvPair.getIvBytes());
|
||||
return encryptor.encrypt(text);
|
||||
}
|
||||
|
||||
public String decryptText(String encryptedText) {
|
||||
if (encryptedText == null || encryptedText.isEmpty())
|
||||
return encryptedText;
|
||||
|
||||
try {
|
||||
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
|
||||
SecretKeySpec keySpec = new SecretKeySpec(keyIvPair.getKeyBytes(), "AES");
|
||||
cipher.init(Cipher.DECRYPT_MODE, keySpec, new IvParameterSpec(keyIvPair.getIvBytes()));
|
||||
|
||||
byte[] encryptedBytes = Base64.decodeBase64(encryptedText);
|
||||
return new String(cipher.doFinal(encryptedBytes));
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (NoSuchPaddingException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (IllegalBlockSizeException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (BadPaddingException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (InvalidKeyException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
} catch (InvalidAlgorithmParameterException e) {
|
||||
s_logger.error("Unexpected exception ", e);
|
||||
return null;
|
||||
}
|
||||
Base64Encryptor encryptor = new AeadBase64Encryptor(keyIvPair.getKeyBytes(), keyIvPair.getIvBytes());
|
||||
return encryptor.decrypt(encryptedText);
|
||||
}
|
||||
|
||||
public <T> String encryptObject(Class<?> clz, T obj) {
|
||||
|
||||
@ -29,9 +29,9 @@ import java.util.Base64;
|
||||
|
||||
public class AeadBase64Encryptor implements Base64Encryptor {
|
||||
Aead aead = null;
|
||||
private final byte[] aad = new byte[]{};
|
||||
private byte[] aad = new byte[]{};
|
||||
|
||||
public AeadBase64Encryptor(byte[] key) {
|
||||
private void initEncryptor(byte[] key) {
|
||||
try {
|
||||
AeadConfig.register();
|
||||
MessageDigest digest = MessageDigest.getInstance("SHA-256");
|
||||
@ -42,6 +42,15 @@ public class AeadBase64Encryptor implements Base64Encryptor {
|
||||
}
|
||||
}
|
||||
|
||||
public AeadBase64Encryptor(byte[] key) {
|
||||
initEncryptor(key);
|
||||
}
|
||||
|
||||
public AeadBase64Encryptor(byte[] key, byte[] aad) {
|
||||
initEncryptor(key);
|
||||
this.aad = aad;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String encrypt(String plain) {
|
||||
try {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user