PKCS5Padding (#7237)

dahn Wed, 05 Jul 2023 02:01:44 -0700

This is an automated email from the ASF dual-hosted git repository.

dahn pushed a commit to branch 4.18
in repository https://gitbox.apache.org/repos/asf/cloudstack.git



The following commit(s) were added to refs/heads/4.18 by this push:
     new 3e04779f606 console proxy: use AeadBase64Encryptor instead of 
AES/CBC/PKCS5Padding (#7237)
3e04779f606 is described below

commit 3e04779f6066cb8de9cfc86fc99bd5ca4408b924
Author: Wei Zhou <[email protected]>
AuthorDate: Wed Jul 5 11:01:32 2023 +0200

    console proxy: use AeadBase64Encryptor instead of AES/CBC/PKCS5Padding 
(#7237)
---
 .../ConsoleProxyPasswordBasedEncryptor.java        | 71 ++------------------
 .../ConsoleProxyPasswordBasedEncryptor.java        | 78 ++--------------------
 .../com/cloud/utils/crypt/AeadBase64Encryptor.java | 13 +++-
 3 files changed, 25 insertions(+), 137 deletions(-)

diff --git 
a/server/src/main/java/com/cloud/servlet/ConsoleProxyPasswordBasedEncryptor.java
 
b/server/src/main/java/com/cloud/servlet/ConsoleProxyPasswordBasedEncryptor.java
index 9d874e0844a..8f469e40024 100644
--- 
a/server/src/main/java/com/cloud/servlet/ConsoleProxyPasswordBasedEncryptor.java
+++ 
b/server/src/main/java/com/cloud/servlet/ConsoleProxyPasswordBasedEncryptor.java
@@ -16,23 +16,15 @@
 // under the License.
 package com.cloud.servlet;
 
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.SecretKeySpec;
-
 import org.apache.commons.codec.binary.Base64;
 import org.apache.log4j.Logger;
 
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
 
+import com.cloud.utils.crypt.AeadBase64Encryptor;
+import com.cloud.utils.crypt.Base64Encryptor;
+
 // To maintain independency of console proxy project, we duplicate this class 
from console proxy project
 public class ConsoleProxyPasswordBasedEncryptor {
     private static final Logger s_logger = 
Logger.getLogger(ConsoleProxyPasswordBasedEncryptor.class);
@@ -51,65 +43,16 @@ public class ConsoleProxyPasswordBasedEncryptor {
         if (text == null || text.isEmpty())
             return text;
 
-        try {
-            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
-            SecretKeySpec keySpec = new SecretKeySpec(keyIvPair.getKeyBytes(), 
"AES");
-
-            cipher.init(Cipher.ENCRYPT_MODE, keySpec, new 
IvParameterSpec(keyIvPair.getIvBytes()));
-
-            byte[] encryptedBytes = cipher.doFinal(text.getBytes());
-            return Base64.encodeBase64URLSafeString(encryptedBytes);
-        } catch (NoSuchAlgorithmException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (NoSuchPaddingException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (IllegalBlockSizeException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (BadPaddingException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (InvalidKeyException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (InvalidAlgorithmParameterException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        }
+        Base64Encryptor encryptor = new 
AeadBase64Encryptor(keyIvPair.getKeyBytes(), keyIvPair.getIvBytes());
+        return encryptor.encrypt(text);
     }
 
     public String decryptText(String encryptedText) {
         if (encryptedText == null || encryptedText.isEmpty())
             return encryptedText;
 
-        try {
-            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
-            SecretKeySpec keySpec = new SecretKeySpec(keyIvPair.getKeyBytes(), 
"AES");
-            cipher.init(Cipher.DECRYPT_MODE, keySpec, new 
IvParameterSpec(keyIvPair.getIvBytes()));
-
-            byte[] encryptedBytes = Base64.decodeBase64(encryptedText);
-            return new String(cipher.doFinal(encryptedBytes));
-        } catch (NoSuchAlgorithmException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (NoSuchPaddingException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (IllegalBlockSizeException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (BadPaddingException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (InvalidKeyException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (InvalidAlgorithmParameterException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        }
+        Base64Encryptor encryptor = new 
AeadBase64Encryptor(keyIvPair.getKeyBytes(), keyIvPair.getIvBytes());
+        return encryptor.decrypt(encryptedText);
     }
 
     public <T> String encryptObject(Class<?> clz, T obj) {
diff --git 
a/services/console-proxy/server/src/main/java/com/cloud/consoleproxy/ConsoleProxyPasswordBasedEncryptor.java
 
b/services/console-proxy/server/src/main/java/com/cloud/consoleproxy/ConsoleProxyPasswordBasedEncryptor.java
index c623aff1aa2..4fc85607b79 100644
--- 
a/services/console-proxy/server/src/main/java/com/cloud/consoleproxy/ConsoleProxyPasswordBasedEncryptor.java
+++ 
b/services/console-proxy/server/src/main/java/com/cloud/consoleproxy/ConsoleProxyPasswordBasedEncryptor.java
@@ -16,30 +16,15 @@
 // under the License.
 package com.cloud.consoleproxy;
 
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-
-import javax.crypto.BadPaddingException;
-import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.SecretKeySpec;
-
 import org.apache.commons.codec.binary.Base64;
 import org.apache.log4j.Logger;
 
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
 
-/**
- *
- * @author Kelven Yang
- * A simple password based encyrptor based on AES/CBC. It can serialize simple 
POJO object into URL safe string
- * and deserialize it back.
- *
- */
+import com.cloud.utils.crypt.AeadBase64Encryptor;
+import com.cloud.utils.crypt.Base64Encryptor;
+
 public class ConsoleProxyPasswordBasedEncryptor {
     private static final Logger s_logger = 
Logger.getLogger(ConsoleProxyPasswordBasedEncryptor.class);
 
@@ -57,65 +42,16 @@ public class ConsoleProxyPasswordBasedEncryptor {
         if (text == null || text.isEmpty())
             return text;
 
-        try {
-            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
-            SecretKeySpec keySpec = new SecretKeySpec(keyIvPair.getKeyBytes(), 
"AES");
-
-            cipher.init(Cipher.ENCRYPT_MODE, keySpec, new 
IvParameterSpec(keyIvPair.getIvBytes()));
-
-            byte[] encryptedBytes = cipher.doFinal(text.getBytes());
-            return Base64.encodeBase64URLSafeString(encryptedBytes);
-        } catch (NoSuchAlgorithmException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (NoSuchPaddingException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (IllegalBlockSizeException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (BadPaddingException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (InvalidKeyException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (InvalidAlgorithmParameterException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        }
+        Base64Encryptor encryptor = new 
AeadBase64Encryptor(keyIvPair.getKeyBytes(), keyIvPair.getIvBytes());
+        return encryptor.encrypt(text);
     }
 
     public String decryptText(String encryptedText) {
         if (encryptedText == null || encryptedText.isEmpty())
             return encryptedText;
 
-        try {
-            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
-            SecretKeySpec keySpec = new SecretKeySpec(keyIvPair.getKeyBytes(), 
"AES");
-            cipher.init(Cipher.DECRYPT_MODE, keySpec, new 
IvParameterSpec(keyIvPair.getIvBytes()));
-
-            byte[] encryptedBytes = Base64.decodeBase64(encryptedText);
-            return new String(cipher.doFinal(encryptedBytes));
-        } catch (NoSuchAlgorithmException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (NoSuchPaddingException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (IllegalBlockSizeException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (BadPaddingException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (InvalidKeyException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        } catch (InvalidAlgorithmParameterException e) {
-            s_logger.error("Unexpected exception ", e);
-            return null;
-        }
+        Base64Encryptor encryptor = new 
AeadBase64Encryptor(keyIvPair.getKeyBytes(), keyIvPair.getIvBytes());
+        return encryptor.decrypt(encryptedText);
     }
 
     public <T> String encryptObject(Class<?> clz, T obj) {
diff --git a/utils/src/main/java/com/cloud/utils/crypt/AeadBase64Encryptor.java 
b/utils/src/main/java/com/cloud/utils/crypt/AeadBase64Encryptor.java
index f62dff7c6fe..d836456513b 100644
--- a/utils/src/main/java/com/cloud/utils/crypt/AeadBase64Encryptor.java
+++ b/utils/src/main/java/com/cloud/utils/crypt/AeadBase64Encryptor.java
@@ -29,9 +29,9 @@ import java.util.Base64;
 
 public class AeadBase64Encryptor implements Base64Encryptor {
     Aead aead = null;
-    private final byte[] aad = new byte[]{};
+    private byte[] aad = new byte[]{};
 
-    public AeadBase64Encryptor(byte[] key) {
+    private void initEncryptor(byte[] key) {
         try {
             AeadConfig.register();
             MessageDigest digest = MessageDigest.getInstance("SHA-256");
@@ -42,6 +42,15 @@ public class AeadBase64Encryptor implements Base64Encryptor {
         }
     }
 
+    public AeadBase64Encryptor(byte[] key) {
+        initEncryptor(key);
+    }
+
+    public AeadBase64Encryptor(byte[] key, byte[] aad) {
+        initEncryptor(key);
+        this.aad = aad;
+    }
+
     @Override
     public String encrypt(String plain) {
         try {

[cloudstack] branch 4.18 updated: console proxy: use AeadBase64Encryptor instead of AES/CBC/PKCS5Padding (#7237)

Reply via email to