This is an automated email from the ASF dual-hosted git repository. joewitt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push: new 62c66a12d1 NIFI-13525 Removed unused classes from nifi-security-crypto-key This closes #9057 62c66a12d1 is described below commit 62c66a12d191b82d6aadf527637bd5021fb05e0f Author: exceptionfactory <exceptionfact...@apache.org> AuthorDate: Sat Jul 6 11:16:51 2024 -0500 NIFI-13525 Removed unused classes from nifi-security-crypto-key This closes #9057 - Removed Derived Key Parameter Reader and implementations - Removed bcrypt and scrypt Derived Key Providers - Removed unused dependency from nifi-cipher-processors Signed-off-by: Joseph Witt <joew...@apache.org> --- .../crypto/key/DerivedKeyParameterSpecReader.java | 30 ------ .../Argon2DerivedKeyParameterSpecReader.java | 80 --------------- .../crypto/key/bcrypt/BcryptBase64Decoder.java | 76 -------------- .../key/bcrypt/BcryptDerivedKeyParameterSpec.java | 51 ---------- .../BcryptDerivedKeyParameterSpecReader.java | 65 ------------ .../key/bcrypt/BcryptDerivedKeyProvider.java | 83 --------------- .../DetectedDerivedKeyParameterSpecReader.java | 76 -------------- .../key/detection/DetectedDerivedKeyProvider.java | 76 -------------- .../security/crypto/key/io/ByteBufferSearch.java | 51 ---------- .../Pbkdf2DerivedKeyParameterSpecReader.java | 40 -------- .../key/scrypt/ScryptDerivedKeyParameterSpec.java | 69 ------------- .../ScryptDerivedKeyParameterSpecReader.java | 82 --------------- .../key/scrypt/ScryptDerivedKeyProvider.java | 96 ------------------ .../Argon2DerivedKeyParameterSpecReaderTest.java | 86 ---------------- .../BcryptDerivedKeyParameterSpecReaderTest.java | 79 --------------- .../key/bcrypt/BcryptDerivedKeyProviderTest.java | 97 ------------------ .../DetectedDerivedKeyParameterSpecReaderTest.java | 75 -------------- .../detection/DetectedDerivedKeyProviderTest.java | 112 --------------------- .../Pbkdf2DerivedKeyParameterSpecReaderTest.java | 48 --------- .../ScryptDerivedKeyParameterSpecReaderTest.java | 88 ---------------- .../key/scrypt/ScryptDerivedKeyProviderTest.java | 80 --------------- .../nifi-cipher-processors/pom.xml | 5 - 22 files changed, 1545 deletions(-) diff --git a/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/DerivedKeyParameterSpecReader.java b/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/DerivedKeyParameterSpecReader.java deleted file mode 100644 index c198643c96..0000000000 --- a/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/DerivedKeyParameterSpecReader.java +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.security.crypto.key; - -/** - * Abstraction for reading Derived Key Parameter Specifications from serialized parameters - */ -public interface DerivedKeyParameterSpecReader<T extends DerivedKeyParameterSpec> { - /** - * Read serialized parameters and return Derived Key Parameter Specification - * - * @param serializedParameters Serialized parameters - * @return Derived Key Parameter Specification - */ - T read(byte[] serializedParameters); -} diff --git a/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/argon2/Argon2DerivedKeyParameterSpecReader.java b/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/argon2/Argon2DerivedKeyParameterSpecReader.java deleted file mode 100644 index 78ee04bdc6..0000000000 --- a/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/argon2/Argon2DerivedKeyParameterSpecReader.java +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.security.crypto.key.argon2; - -import org.apache.nifi.security.crypto.key.DerivedKeyParameterSpecReader; - -import java.nio.charset.Charset; -import java.nio.charset.StandardCharsets; -import java.util.Base64; -import java.util.Objects; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -/** - * Argon2 implementation reads a US-ASCII string of bytes using the Password-Hashing-Competition String Format specification - */ -public class Argon2DerivedKeyParameterSpecReader implements DerivedKeyParameterSpecReader<Argon2DerivedKeyParameterSpec> { - /** Argon2id hybrid with version 1.3 and 22 character Base64 encoded salt with optional trailing hash parameter */ - private static final Pattern PHC_STRING_FORMAT = Pattern.compile("^\\$argon2id\\$v=19\\$m=(\\d+),t=(\\d+),p=(\\d+)\\$([\\w/+]{22})(\\$[\\w/+]+)?$"); - - private static final int MEMORY_GROUP = 1; - - private static final int ITERATIONS_GROUP = 2; - - private static final int PARALLELISM_GROUP = 3; - - private static final int SALT_GROUP = 4; - - private static final Charset PARAMETERS_CHARACTER_SET = StandardCharsets.US_ASCII; - - private static final Base64.Decoder decoder = Base64.getDecoder(); - - /** - * Read serialized parameters parsed from US-ASCII string of bytes - * - * @param serializedParameters Serialized parameters - * @return Argon2 Parameter Specification - */ - @Override - public Argon2DerivedKeyParameterSpec read(final byte[] serializedParameters) { - Objects.requireNonNull(serializedParameters, "Parameters required"); - final String parameters = new String(serializedParameters, PARAMETERS_CHARACTER_SET); - - final Matcher matcher = PHC_STRING_FORMAT.matcher(parameters); - if (matcher.matches()) { - final String memoryGroup = matcher.group(MEMORY_GROUP); - final String iterationsGroup = matcher.group(ITERATIONS_GROUP); - final String parallelismGroup = matcher.group(PARALLELISM_GROUP); - final String saltGroup = matcher.group(SALT_GROUP); - - final int memory = Integer.parseInt(memoryGroup); - final int iterations = Integer.parseInt(iterationsGroup); - final int parallelism = Integer.parseInt(parallelismGroup); - final byte[] salt = decoder.decode(saltGroup); - return new Argon2DerivedKeyParameterSpec( - memory, - iterations, - parallelism, - salt - ); - } else { - final String message = String.format("Argon2 serialized parameters [%s] format not matched", parameters); - throw new IllegalArgumentException(message); - } - } -} diff --git a/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/bcrypt/BcryptBase64Decoder.java b/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/bcrypt/BcryptBase64Decoder.java deleted file mode 100644 index 1c0a439a2f..0000000000 --- a/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/bcrypt/BcryptBase64Decoder.java +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.security.crypto.key.bcrypt; - -import java.util.Base64; -import java.util.LinkedHashMap; -import java.util.Map; - -/** - * Base64 Decoder translates from bcrypt Base64 characters to RFC 4648 characters - */ -class BcryptBase64Decoder { - /** Alphabet of shared characters following common ordering */ - private static final String SHARED_ALPHABET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; - - /** bcrypt alphabet defined according to the OpenBSD bcrypt function beginning with control characters */ - private static final String BCRYPT_ALPHABET = String.format("./%s", SHARED_ALPHABET); - - /** Standard alphabet defined according to RFC 4648 ending with control characters */ - private static final String STANDARD_ALPHABET = String.format("%s+/", SHARED_ALPHABET); - - private static final Map<Character, Character> BCRYPT_STANDARD_CHARACTERS = new LinkedHashMap<>(); - - private static final Base64.Decoder decoder = Base64.getDecoder(); - - static { - final char[] bcryptCharacters = BCRYPT_ALPHABET.toCharArray(); - final char[] standardCharacters = STANDARD_ALPHABET.toCharArray(); - - for (int i = 0; i < bcryptCharacters.length; i++) { - final char bcryptCharacter = bcryptCharacters[i]; - final char standardCharacter = standardCharacters[i]; - BCRYPT_STANDARD_CHARACTERS.put(bcryptCharacter, standardCharacter); - } - } - - /** - * Decode bcrypt Base64 encoded ASCII characters to support reading salt and hash strings - * - * @param encoded ASCII string of characters encoded using bcrypt Base64 characters - * @return Decoded bytes - */ - static byte[] decode(final String encoded) { - final int encodedLength = encoded.length(); - final byte[] converted = new byte[encodedLength]; - for (int i = 0; i < encodedLength; i++) { - final char encodedCharacter = encoded.charAt(i); - final char standardCharacter = getStandardCharacter(encodedCharacter); - converted[i] = (byte) standardCharacter; - } - return decoder.decode(converted); - } - - private static char getStandardCharacter(final char encodedCharacter) { - final Character standardCharacter = BCRYPT_STANDARD_CHARACTERS.get(encodedCharacter); - if (standardCharacter == null) { - final String message = String.format("Encoded character [%c] not supported for bcrypt Base64 decoding", encodedCharacter); - throw new IllegalArgumentException(message); - } - return standardCharacter; - } -} diff --git a/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/bcrypt/BcryptDerivedKeyParameterSpec.java b/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/bcrypt/BcryptDerivedKeyParameterSpec.java deleted file mode 100644 index 6d11deda2c..0000000000 --- a/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/bcrypt/BcryptDerivedKeyParameterSpec.java +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.security.crypto.key.bcrypt; - -import org.apache.nifi.security.crypto.key.DerivedKeyParameterSpec; - -/** - * bcrypt key derivation function parameter specification - */ -public class BcryptDerivedKeyParameterSpec implements DerivedKeyParameterSpec { - private final int cost; - - private final byte[] salt; - - /** - * bcrypt Parameter Specification constructor with required properties - * - * @param cost Cost parameter - * @param salt Array of random salt bytes - */ - public BcryptDerivedKeyParameterSpec( - final int cost, - final byte[] salt - ) { - this.cost = cost; - this.salt = salt; - } - - @Override - public byte[] getSalt() { - return salt; - } - - public int getCost() { - return cost; - } -} diff --git a/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/bcrypt/BcryptDerivedKeyParameterSpecReader.java b/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/bcrypt/BcryptDerivedKeyParameterSpecReader.java deleted file mode 100644 index 9ca69b4bef..0000000000 --- a/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/bcrypt/BcryptDerivedKeyParameterSpecReader.java +++ /dev/null @@ -1,65 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.security.crypto.key.bcrypt; - -import org.apache.nifi.security.crypto.key.DerivedKeyParameterSpecReader; - -import java.nio.charset.Charset; -import java.nio.charset.StandardCharsets; -import java.util.Objects; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -/** - * bcrypt implementation reads a US-ASCII string of bytes using the Modular Crypt Format specification as added in NiFi 0.5.0 - */ -public class BcryptDerivedKeyParameterSpecReader implements DerivedKeyParameterSpecReader<BcryptDerivedKeyParameterSpec> { - /** Modular Crypt Format containing the cost as a zero-padded number with a trailing bcrypt-Base64 encoded 16 byte salt and optional hash */ - private static final Pattern MODULAR_CRYPT_FORMAT = Pattern.compile("^\\$2[abxy]\\$(\\d{2})\\$([\\w/.]{22})([\\w/.]{31})?$"); - - private static final int COST_GROUP = 1; - - private static final int SALT_GROUP = 2; - - private static final Charset PARAMETERS_CHARACTER_SET = StandardCharsets.US_ASCII; - - /** - * Read serialized parameters parsed from US-ASCII string of bytes - * - * @param serializedParameters Serialized parameters - * @return bcrypt Parameter Specification - */ - @Override - public BcryptDerivedKeyParameterSpec read(final byte[] serializedParameters) { - Objects.requireNonNull(serializedParameters, "Parameters required"); - final String parameters = new String(serializedParameters, PARAMETERS_CHARACTER_SET); - - final Matcher matcher = MODULAR_CRYPT_FORMAT.matcher(parameters); - if (matcher.matches()) { - final String costGroup = matcher.group(COST_GROUP); - final String saltGroup = matcher.group(SALT_GROUP); - - final int cost = Integer.parseInt(costGroup); - final byte[] salt = BcryptBase64Decoder.decode(saltGroup); - - return new BcryptDerivedKeyParameterSpec(cost, salt); - } else { - final String message = String.format("bcrypt serialized parameters [%s] format not matched", parameters); - throw new IllegalArgumentException(message); - } - } -} diff --git a/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/bcrypt/BcryptDerivedKeyProvider.java b/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/bcrypt/BcryptDerivedKeyProvider.java deleted file mode 100644 index 94ed1cda54..0000000000 --- a/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/bcrypt/BcryptDerivedKeyProvider.java +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.security.crypto.key.bcrypt; - -import org.apache.nifi.security.crypto.key.DerivedKey; -import org.apache.nifi.security.crypto.key.DerivedKeyProvider; -import org.apache.nifi.security.crypto.key.DerivedKeySpec; -import org.apache.nifi.security.crypto.key.DerivedSecretKey; -import org.bouncycastle.crypto.generators.OpenBSDBCrypt; - -import java.nio.charset.Charset; -import java.nio.charset.StandardCharsets; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.util.Arrays; - -/** - * bcrypt implementation of Derived Key Provider based on Bouncy Castle bcrypt components with SHA-512 digest for derived key - */ -public class BcryptDerivedKeyProvider implements DerivedKeyProvider<BcryptDerivedKeyParameterSpec> { - private static final Charset SERIALIZED_CHARACTER_SET = StandardCharsets.US_ASCII; - - private static final int SERIALIZED_HASH_START_INDEX = 29; - - private static final String DIGEST_ALGORITHM = "SHA-512"; - - private static final String BCRYPT_VERSION = "2a"; - - /** - * Get Derived Key using bcrypt version 2a and provided specification with SHA-512 digest of encoded raw hash bytes - * - * @param derivedKeySpec Derived Key Specification - * @return Derived Secret Key - */ - @Override - public DerivedKey getDerivedKey(final DerivedKeySpec<BcryptDerivedKeyParameterSpec> derivedKeySpec) { - final String serialized = getHashMessage(derivedKeySpec); - final byte[] hashMessage = serialized.getBytes(SERIALIZED_CHARACTER_SET); - - final byte[] encodedRawHash = Arrays.copyOfRange(hashMessage, SERIALIZED_HASH_START_INDEX, hashMessage.length); - final byte[] derivedKeyBytes = getDerivedKeyBytes(encodedRawHash, derivedKeySpec.getDerivedKeyLength()); - return new DerivedSecretKey(derivedKeyBytes, derivedKeySpec.getAlgorithm(), serialized); - } - - private String getHashMessage(final DerivedKeySpec<BcryptDerivedKeyParameterSpec> derivedKeySpec) { - final BcryptDerivedKeyParameterSpec parameterSpec = derivedKeySpec.getParameterSpec(); - - final int cost = parameterSpec.getCost(); - final byte[] salt = parameterSpec.getSalt(); - - final char[] password = derivedKeySpec.getPassword(); - - return OpenBSDBCrypt.generate(BCRYPT_VERSION, password, salt, cost); - } - - private byte[] getDerivedKeyBytes(final byte[] hash, final int derivedKeyLength) { - final MessageDigest messageDigest = getMessageDigest(); - final byte[] digested = messageDigest.digest(hash); - return Arrays.copyOf(digested, derivedKeyLength); - } - - private MessageDigest getMessageDigest() { - try { - return MessageDigest.getInstance(DIGEST_ALGORITHM); - } catch (final NoSuchAlgorithmException e) { - throw new UnsupportedOperationException(DIGEST_ALGORITHM, e); - } - } -} diff --git a/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/detection/DetectedDerivedKeyParameterSpecReader.java b/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/detection/DetectedDerivedKeyParameterSpecReader.java deleted file mode 100644 index 85c573a3ce..0000000000 --- a/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/detection/DetectedDerivedKeyParameterSpecReader.java +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.security.crypto.key.detection; - -import org.apache.nifi.security.crypto.key.DerivedKeyParameterSpec; -import org.apache.nifi.security.crypto.key.DerivedKeyParameterSpecReader; -import org.apache.nifi.security.crypto.key.argon2.Argon2DerivedKeyParameterSpecReader; -import org.apache.nifi.security.crypto.key.bcrypt.BcryptDerivedKeyParameterSpecReader; -import org.apache.nifi.security.crypto.key.io.ByteBufferSearch; -import org.apache.nifi.security.crypto.key.pbkdf2.Pbkdf2DerivedKeyParameterSpecReader; -import org.apache.nifi.security.crypto.key.scrypt.ScryptDerivedKeyParameterSpecReader; - -import java.nio.ByteBuffer; - -/** - * Delegating implementation capable of selecting a reader based on detected header bytes of serialized parameters - */ -public class DetectedDerivedKeyParameterSpecReader implements DerivedKeyParameterSpecReader<DerivedKeyParameterSpec> { - /** Argon2id header as implemented in NiFi 1.12.0 */ - private static final byte[] ARGON2_ID_DELIMITER = {'$', 'a', 'r', 'g', 'o', 'n', '2', 'i', 'd', '$'}; - - /** bcrypt 2a header as implemented in NiFi 0.5.0 */ - private static final byte[] BCRYPT_2A_DELIMITER = {'$', '2', 'a', '$'}; - - /** scrypt header as implemented in NiFi 0.5.0 */ - private static final byte[] SCRYPT_DELIMITER = {'$', 's', '0', '$'}; - - private static final Argon2DerivedKeyParameterSpecReader argon2Reader = new Argon2DerivedKeyParameterSpecReader(); - - private static final BcryptDerivedKeyParameterSpecReader bcryptReader = new BcryptDerivedKeyParameterSpecReader(); - - private static final ScryptDerivedKeyParameterSpecReader scryptReader = new ScryptDerivedKeyParameterSpecReader(); - - private static final Pbkdf2DerivedKeyParameterSpecReader pbkdf2Reader = new Pbkdf2DerivedKeyParameterSpecReader(); - - /** - * Read Parameter Specification selects a Reader based on header bytes defaulting to PBKDF2 in absence of a matched pattern - * - * @param serializedParameters Serialized parameters - * @return Derived Key Parameter Specification read from serialized parameters - */ - @Override - public DerivedKeyParameterSpec read(final byte[] serializedParameters) { - final ByteBuffer buffer = ByteBuffer.wrap(serializedParameters); - final DerivedKeyParameterSpecReader<? extends DerivedKeyParameterSpec> reader = getReader(buffer); - return reader.read(serializedParameters); - } - - private DerivedKeyParameterSpecReader<? extends DerivedKeyParameterSpec> getReader(final ByteBuffer buffer) { - final DerivedKeyParameterSpecReader<? extends DerivedKeyParameterSpec> reader; - if (ByteBufferSearch.indexOf(buffer, ARGON2_ID_DELIMITER) == 0) { - reader = argon2Reader; - } else if (ByteBufferSearch.indexOf(buffer, BCRYPT_2A_DELIMITER) == 0) { - reader = bcryptReader; - } else if (ByteBufferSearch.indexOf(buffer, SCRYPT_DELIMITER) == 0) { - reader = scryptReader; - } else { - reader = pbkdf2Reader; - } - return reader; - } -} diff --git a/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/detection/DetectedDerivedKeyProvider.java b/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/detection/DetectedDerivedKeyProvider.java deleted file mode 100644 index d60c13eda4..0000000000 --- a/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/detection/DetectedDerivedKeyProvider.java +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.security.crypto.key.detection; - -import org.apache.nifi.security.crypto.key.DerivedKey; -import org.apache.nifi.security.crypto.key.DerivedKeyParameterSpec; -import org.apache.nifi.security.crypto.key.DerivedKeyProvider; -import org.apache.nifi.security.crypto.key.DerivedKeySpec; -import org.apache.nifi.security.crypto.key.argon2.Argon2DerivedKeyParameterSpec; -import org.apache.nifi.security.crypto.key.argon2.Argon2DerivedKeyProvider; -import org.apache.nifi.security.crypto.key.bcrypt.BcryptDerivedKeyParameterSpec; -import org.apache.nifi.security.crypto.key.bcrypt.BcryptDerivedKeyProvider; -import org.apache.nifi.security.crypto.key.pbkdf2.Pbkdf2DerivedKeyParameterSpec; -import org.apache.nifi.security.crypto.key.pbkdf2.Pbkdf2DerivedKeyProvider; -import org.apache.nifi.security.crypto.key.scrypt.ScryptDerivedKeyParameterSpec; -import org.apache.nifi.security.crypto.key.scrypt.ScryptDerivedKeyProvider; - -import java.util.LinkedHashMap; -import java.util.Map; -import java.util.Objects; - -/** - * Provider delegating to configured implementations based on Parameter Specification class - */ -public class DetectedDerivedKeyProvider implements DerivedKeyProvider<DerivedKeyParameterSpec> { - private static final Map<Class<? extends DerivedKeyParameterSpec>, DerivedKeyProvider<? extends DerivedKeyParameterSpec>> providers = new LinkedHashMap<>(); - - static { - providers.put(Argon2DerivedKeyParameterSpec.class, new Argon2DerivedKeyProvider()); - providers.put(BcryptDerivedKeyParameterSpec.class, new BcryptDerivedKeyProvider()); - providers.put(ScryptDerivedKeyParameterSpec.class, new ScryptDerivedKeyProvider()); - providers.put(Pbkdf2DerivedKeyParameterSpec.class, new Pbkdf2DerivedKeyProvider()); - } - - /** - * Get Derived Key using implementation selected based on assignable Parameter Specification class mapped to Provider - * - * @param derivedKeySpec Derived Key Specification - * @return Derived Key - */ - @Override - public DerivedKey getDerivedKey(final DerivedKeySpec<DerivedKeyParameterSpec> derivedKeySpec) { - Objects.requireNonNull(derivedKeySpec, "Specification required"); - - final Class<? extends DerivedKeyParameterSpec> parameterSpecClass = derivedKeySpec.getParameterSpec().getClass(); - final DerivedKeyProvider<DerivedKeyParameterSpec> derivedKeyProvider = findProvider(parameterSpecClass); - - return derivedKeyProvider.getDerivedKey(derivedKeySpec); - } - - @SuppressWarnings("unchecked") - private DerivedKeyProvider<DerivedKeyParameterSpec> findProvider(final Class<? extends DerivedKeyParameterSpec> parameterSpecClass) { - final Class<? extends DerivedKeyParameterSpec> foundSpecClass = providers.keySet() - .stream() - .filter(specClass -> specClass.isAssignableFrom(parameterSpecClass)) - .findFirst() - .orElseThrow(() -> new UnsupportedOperationException(String.format("Parameter Specification [%s] not supported", parameterSpecClass))); - - final DerivedKeyProvider<? extends DerivedKeyParameterSpec> derivedKeyProvider = providers.get(foundSpecClass); - return (DerivedKeyProvider<DerivedKeyParameterSpec>) derivedKeyProvider; - } -} diff --git a/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/io/ByteBufferSearch.java b/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/io/ByteBufferSearch.java deleted file mode 100644 index 512adb9015..0000000000 --- a/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/io/ByteBufferSearch.java +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.security.crypto.key.io; - -import java.nio.ByteBuffer; - -/** - * Byte Buffer Search utilities - */ -public class ByteBufferSearch { - - private static final int END_OF_FILE = -1; - - /** - * Get starting index of delimiter in buffer - * - * @param buffer Byte Buffer to be searched - * @param delimiter Delimiter - * @return Starting index of delimiter or -1 when not found - */ - public static int indexOf(final ByteBuffer buffer, final byte[] delimiter) { - final int bufferSearchLength = buffer.limit() - delimiter.length + 1; - bufferSearch: - for (int i = 0; i < bufferSearchLength; i++) { - for (int j = 0; j < delimiter.length; j++) { - final int bufferIndex = i + j; - final byte indexByte = buffer.get(bufferIndex); - final byte delimiterByte = delimiter[j]; - if (indexByte != delimiterByte) { - continue bufferSearch; - } - } - return i; - } - return END_OF_FILE; - } -} diff --git a/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/pbkdf2/Pbkdf2DerivedKeyParameterSpecReader.java b/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/pbkdf2/Pbkdf2DerivedKeyParameterSpecReader.java deleted file mode 100644 index 812ef4e5f7..0000000000 --- a/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/pbkdf2/Pbkdf2DerivedKeyParameterSpecReader.java +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.security.crypto.key.pbkdf2; - -import org.apache.nifi.security.crypto.key.DerivedKeyParameterSpecReader; - -import java.util.Objects; - -/** - * PBKDF2 implementation uses the serialized parameters as the salt with a hard-coded number of iterations as defined in NiFi 0.5.0 - */ -public class Pbkdf2DerivedKeyParameterSpecReader implements DerivedKeyParameterSpecReader<Pbkdf2DerivedKeyParameterSpec> { - protected static final int VERSION_0_5_0_ITERATIONS = 160000; - - /** - * Read serialized parameters and return as salt bytes with 160,000 iterations as defined in NiFi 0.5.0 - * - * @param serializedParameters Serialized parameters - * @return PBKDF2 Parameter Specification - */ - @Override - public Pbkdf2DerivedKeyParameterSpec read(final byte[] serializedParameters) { - Objects.requireNonNull(serializedParameters, "Parameters required"); - return new Pbkdf2DerivedKeyParameterSpec(VERSION_0_5_0_ITERATIONS, serializedParameters); - } -} diff --git a/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/scrypt/ScryptDerivedKeyParameterSpec.java b/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/scrypt/ScryptDerivedKeyParameterSpec.java deleted file mode 100644 index b0f0d8f2f7..0000000000 --- a/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/scrypt/ScryptDerivedKeyParameterSpec.java +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.security.crypto.key.scrypt; - -import org.apache.nifi.security.crypto.key.DerivedKeyParameterSpec; - -/** - * scrypt key derivation function parameter specification - */ -public class ScryptDerivedKeyParameterSpec implements DerivedKeyParameterSpec { - private final int cost; - - private final int blockSize; - - private final int parallelization; - - private final byte[] salt; - - /** - * scrypt Parameter Specification constructor with required properties - * - * @param cost CPU and memory cost parameter - * @param blockSize Block size parameter - * @param parallelization Parallelization parameter - * @param salt Array of random salt bytes - */ - public ScryptDerivedKeyParameterSpec( - final int cost, - final int blockSize, - final int parallelization, - final byte[] salt - ) { - this.cost = cost; - this.blockSize = blockSize; - this.parallelization = parallelization; - this.salt = salt; - } - - @Override - public byte[] getSalt() { - return salt; - } - - public int getCost() { - return cost; - } - - public int getBlockSize() { - return blockSize; - } - - public int getParallelization() { - return parallelization; - } -} diff --git a/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/scrypt/ScryptDerivedKeyParameterSpecReader.java b/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/scrypt/ScryptDerivedKeyParameterSpecReader.java deleted file mode 100644 index a59522b292..0000000000 --- a/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/scrypt/ScryptDerivedKeyParameterSpecReader.java +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.security.crypto.key.scrypt; - -import org.apache.nifi.security.crypto.key.DerivedKeyParameterSpecReader; - -import java.nio.charset.Charset; -import java.nio.charset.StandardCharsets; -import java.util.Base64; -import java.util.Objects; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -/** - * scrypt implementation reads a US-ASCII string of bytes using a Modular Crypt Format defined according to the com.lambdaworks:scrypt library - */ -public class ScryptDerivedKeyParameterSpecReader implements DerivedKeyParameterSpecReader<ScryptDerivedKeyParameterSpec> { - /** Modular Crypt Format containing the parameters encoded as a 32-bit hexadecimal number with a trailing Base64 encoded salt and optional hash */ - private static final Pattern MODULAR_CRYPT_FORMAT = Pattern.compile("^\\$s0\\$([a-f0-9]{5,})\\$([\\w/=+]{11,64})\\$?([\\w/=+]{1,256})?$"); - - private static final int PARAMETERS_GROUP = 1; - - private static final int SALT_GROUP = 2; - - private static final Charset PARAMETERS_CHARACTER_SET = StandardCharsets.US_ASCII; - - private static final int HEXADECIMAL_RADIX = 16; - - private static final int LOG_BASE_2 = 2; - - private static final int COST_BITS = 16; - - private static final int SIZE_BITS = 8; - - private static final int SIXTEEN_BIT_SHIFT = 0xffff; - - private static final int EIGHT_BIT_SHIFT = 0xff; - - private static final Base64.Decoder decoder = Base64.getDecoder(); - - @Override - public ScryptDerivedKeyParameterSpec read(final byte[] serializedParameters) { - Objects.requireNonNull(serializedParameters, "Parameters required"); - final String parameters = new String(serializedParameters, PARAMETERS_CHARACTER_SET); - - final Matcher matcher = MODULAR_CRYPT_FORMAT.matcher(parameters); - if (matcher.matches()) { - final String parametersGroup = matcher.group(PARAMETERS_GROUP); - final String saltGroup = matcher.group(SALT_GROUP); - return readParameters(parametersGroup, saltGroup); - } else { - final String message = String.format("scrypt serialized parameters [%s] format not matched", parameters); - throw new IllegalArgumentException(message); - } - } - - private ScryptDerivedKeyParameterSpec readParameters(final String parametersEncoded, final String saltEncoded) { - final long parameters = Long.parseLong(parametersEncoded, HEXADECIMAL_RADIX); - final long costExponent = parameters >> COST_BITS & SIXTEEN_BIT_SHIFT; - - final int cost = (int) Math.pow(LOG_BASE_2, costExponent); - final int blockSize = (int) parameters >> SIZE_BITS & EIGHT_BIT_SHIFT; - final int parallelization = (int) parameters & EIGHT_BIT_SHIFT; - - final byte[] salt = decoder.decode(saltEncoded); - return new ScryptDerivedKeyParameterSpec(cost, blockSize, parallelization, salt); - } -} diff --git a/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/scrypt/ScryptDerivedKeyProvider.java b/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/scrypt/ScryptDerivedKeyProvider.java deleted file mode 100644 index 46dd20a731..0000000000 --- a/nifi-commons/nifi-security-crypto-key/src/main/java/org/apache/nifi/security/crypto/key/scrypt/ScryptDerivedKeyProvider.java +++ /dev/null @@ -1,96 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.security.crypto.key.scrypt; - -import org.apache.nifi.security.crypto.key.DerivedKey; -import org.apache.nifi.security.crypto.key.DerivedKeyProvider; -import org.apache.nifi.security.crypto.key.DerivedKeySpec; -import org.apache.nifi.security.crypto.key.DerivedSecretKey; -import org.bouncycastle.crypto.generators.SCrypt; - -import java.nio.charset.Charset; -import java.nio.charset.StandardCharsets; -import java.util.Base64; - -/** - * scrypt implementation of Derived Key Provider based on Bouncy Castle scrypt components described in RFC 7914 - */ -public class ScryptDerivedKeyProvider implements DerivedKeyProvider<ScryptDerivedKeyParameterSpec> { - private static final String SERIALIZED_FORMAT = "$s0$%s$%s$%s"; - - private static final int HEXADECIMAL_RADIX = 16; - - private static final int LOG_BASE_2 = 2; - - private static final int COST_BITS = 16; - - private static final int SIZE_BITS = 8; - - private static final Charset PASSWORD_CHARACTER_SET = StandardCharsets.UTF_8; - - private static final Base64.Encoder encoder = Base64.getEncoder().withoutPadding(); - - /** - * Get Derived Key using scrypt and provided specification - * - * @param derivedKeySpec Derived Key Specification - * @return Derived Secret Key - */ - @Override - public DerivedKey getDerivedKey(final DerivedKeySpec<ScryptDerivedKeyParameterSpec> derivedKeySpec) { - final byte[] password = new String(derivedKeySpec.getPassword()).getBytes(PASSWORD_CHARACTER_SET); - - final ScryptDerivedKeyParameterSpec parameterSpec = derivedKeySpec.getParameterSpec(); - final byte[] salt = parameterSpec.getSalt(); - final int cost = parameterSpec.getCost(); - final int blockSize = parameterSpec.getBlockSize(); - final int parallelization = parameterSpec.getParallelization(); - final int derivedKeyLength = derivedKeySpec.getDerivedKeyLength(); - - final byte[] derivedKeyBytes = SCrypt.generate(password, salt, cost, blockSize, parallelization, derivedKeyLength); - - final String serialized = getSerialized(derivedKeyBytes, parameterSpec); - return new DerivedSecretKey(derivedKeyBytes, derivedKeySpec.getAlgorithm(), serialized); - } - - private String getSerialized(final byte[] derivedKeyBytes, final ScryptDerivedKeyParameterSpec parameterSpec) { - final String parametersEncoded = getParametersEncoded(parameterSpec); - final String derivedKeyEncoded = encoder.encodeToString(derivedKeyBytes); - final String saltEncoded = encoder.encodeToString(parameterSpec.getSalt()); - return String.format( - SERIALIZED_FORMAT, - parametersEncoded, - saltEncoded, - derivedKeyEncoded - ); - } - - private String getParametersEncoded(final ScryptDerivedKeyParameterSpec parameterSpec) { - final long cost = log2(parameterSpec.getCost()) << COST_BITS; - final long blockSize = parameterSpec.getBlockSize() << SIZE_BITS; - final long parallelization = parameterSpec.getParallelization(); - final long parameters = cost | blockSize | parallelization; - return Long.toString(parameters, HEXADECIMAL_RADIX); - } - - private long log2(final int number) { - final double log = Math.log(number); - final double logBase2 = Math.log(LOG_BASE_2); - final double log2 = log / logBase2; - return Math.round(log2); - } -} diff --git a/nifi-commons/nifi-security-crypto-key/src/test/java/org/apache/nifi/security/crypto/key/argon2/Argon2DerivedKeyParameterSpecReaderTest.java b/nifi-commons/nifi-security-crypto-key/src/test/java/org/apache/nifi/security/crypto/key/argon2/Argon2DerivedKeyParameterSpecReaderTest.java deleted file mode 100644 index 7da2bdaa99..0000000000 --- a/nifi-commons/nifi-security-crypto-key/src/test/java/org/apache/nifi/security/crypto/key/argon2/Argon2DerivedKeyParameterSpecReaderTest.java +++ /dev/null @@ -1,86 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.security.crypto.key.argon2; - -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; - -import java.nio.charset.StandardCharsets; -import java.util.Base64; - -import static org.junit.jupiter.api.Assertions.assertArrayEquals; -import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertNotNull; -import static org.junit.jupiter.api.Assertions.assertThrows; - -class Argon2DerivedKeyParameterSpecReaderTest { - private static final byte[] STRING_PARAMETERS = String.class.getSimpleName().getBytes(StandardCharsets.US_ASCII); - - private static final int MEMORY = 65536; - - private static final int ITERATIONS = 2; - - private static final int PARALLELISM = 1; - - private static final String ARGON2_SALT_STRING = "QXJnb24yU2FsdFN0cmluZw"; - - private static final String PARAMETERS = String.format("$argon2id$v=19$m=%d,t=%d,p=%d$%s", MEMORY, ITERATIONS, PARALLELISM, ARGON2_SALT_STRING); - - private static final String PARAMETERS_HASH = String.format("%s$6LOmoOXYJV0tXBJtxtD1Mg", PARAMETERS); - - Base64.Decoder decoder = Base64.getDecoder(); - - Argon2DerivedKeyParameterSpecReader reader; - - @BeforeEach - void setReader() { - reader = new Argon2DerivedKeyParameterSpecReader(); - } - - @Test - void testReadException() { - assertThrows(IllegalArgumentException.class, () -> reader.read(STRING_PARAMETERS)); - } - - @Test - void testRead() { - final byte[] serializedParameters = PARAMETERS.getBytes(StandardCharsets.US_ASCII); - - final Argon2DerivedKeyParameterSpec parameterSpec = reader.read(serializedParameters); - - assertParameterSpecEquals(parameterSpec); - } - - @Test - void testReadHash() { - final byte[] serializedParameters = PARAMETERS_HASH.getBytes(StandardCharsets.US_ASCII); - - final Argon2DerivedKeyParameterSpec parameterSpec = reader.read(serializedParameters); - - assertParameterSpecEquals(parameterSpec); - } - - private void assertParameterSpecEquals(final Argon2DerivedKeyParameterSpec parameterSpec) { - assertNotNull(parameterSpec); - assertEquals(MEMORY, parameterSpec.getMemory()); - assertEquals(ITERATIONS, parameterSpec.getIterations()); - assertEquals(PARALLELISM, parameterSpec.getParallelism()); - - final byte[] salt = decoder.decode(ARGON2_SALT_STRING); - assertArrayEquals(salt, parameterSpec.getSalt()); - } -} diff --git a/nifi-commons/nifi-security-crypto-key/src/test/java/org/apache/nifi/security/crypto/key/bcrypt/BcryptDerivedKeyParameterSpecReaderTest.java b/nifi-commons/nifi-security-crypto-key/src/test/java/org/apache/nifi/security/crypto/key/bcrypt/BcryptDerivedKeyParameterSpecReaderTest.java deleted file mode 100644 index 3241fe521f..0000000000 --- a/nifi-commons/nifi-security-crypto-key/src/test/java/org/apache/nifi/security/crypto/key/bcrypt/BcryptDerivedKeyParameterSpecReaderTest.java +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.security.crypto.key.bcrypt; - -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; - -import java.nio.charset.StandardCharsets; - -import static org.junit.jupiter.api.Assertions.assertArrayEquals; -import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertNotNull; -import static org.junit.jupiter.api.Assertions.assertThrows; - -class BcryptDerivedKeyParameterSpecReaderTest { - private static final byte[] STRING_PARAMETERS = String.class.getSimpleName().getBytes(StandardCharsets.US_ASCII); - - private static final int COST = 12; - - private static final String SALT_ENCODED = "R9h/cIPz0gi.URNNX3kh2O"; - - private static final String HASH = "PST9/PgBkqquzi.Ss7KIUgO2t0jWMUW"; - - private static final String SERIALIZED = String.format("$2a$%d$%s", COST, SALT_ENCODED); - - private static final String SERIALIZED_HASH = String.format("%s%s", SERIALIZED, HASH); - - BcryptDerivedKeyParameterSpecReader reader; - - @BeforeEach - void setReader() { - reader = new BcryptDerivedKeyParameterSpecReader(); - } - - @Test - void testReadException() { - assertThrows(IllegalArgumentException.class, () -> reader.read(STRING_PARAMETERS)); - } - - @Test - void testRead() { - final byte[] serializedParameters = SERIALIZED.getBytes(StandardCharsets.US_ASCII); - - final BcryptDerivedKeyParameterSpec parameterSpec = reader.read(serializedParameters); - - assertParameterSpecEquals(parameterSpec); - } - - @Test - void testReadHash() { - final byte[] serializedParameters = SERIALIZED_HASH.getBytes(StandardCharsets.US_ASCII); - - final BcryptDerivedKeyParameterSpec parameterSpec = reader.read(serializedParameters); - - assertParameterSpecEquals(parameterSpec); - } - - private void assertParameterSpecEquals(final BcryptDerivedKeyParameterSpec parameterSpec) { - assertNotNull(parameterSpec); - assertEquals(COST, parameterSpec.getCost()); - - final byte[] salt = BcryptBase64Decoder.decode(SALT_ENCODED); - assertArrayEquals(salt, parameterSpec.getSalt()); - } -} diff --git a/nifi-commons/nifi-security-crypto-key/src/test/java/org/apache/nifi/security/crypto/key/bcrypt/BcryptDerivedKeyProviderTest.java b/nifi-commons/nifi-security-crypto-key/src/test/java/org/apache/nifi/security/crypto/key/bcrypt/BcryptDerivedKeyProviderTest.java deleted file mode 100644 index 225c0872aa..0000000000 --- a/nifi-commons/nifi-security-crypto-key/src/test/java/org/apache/nifi/security/crypto/key/bcrypt/BcryptDerivedKeyProviderTest.java +++ /dev/null @@ -1,97 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.security.crypto.key.bcrypt; - -import org.apache.nifi.security.crypto.key.DerivedKey; -import org.apache.nifi.security.crypto.key.DerivedKeySpec; -import org.apache.nifi.security.crypto.key.StandardDerivedKeySpec; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; - -import java.nio.charset.Charset; -import java.nio.charset.StandardCharsets; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.util.Arrays; - -import static org.junit.jupiter.api.Assertions.assertArrayEquals; -import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertNotNull; - -class BcryptDerivedKeyProviderTest { - private static final String PASSWORD = "abc123xyz"; - - private static final int COST = 12; - - private static final String SALT_ENCODED = "R9h/cIPz0gi.URNNX3kh2O"; - - private static final String HASH = "PST9/PgBkqquzi.Ss7KIUgO2t0jWMUW"; - - private static final String SERIALIZED = String.format("$2a$%d$%s%s", COST, SALT_ENCODED, HASH); - - private static final Charset SERIALIZED_CHARACTER_SET = StandardCharsets.US_ASCII; - - private static final int DERIVED_KEY_LENGTH = 16; - - private static final String ALGORITHM = "AES"; - - private static final String DIGEST_ALGORITHM = "SHA-512"; - - BcryptDerivedKeyProvider provider; - - @BeforeEach - void setProvider() { - provider = new BcryptDerivedKeyProvider(); - } - - @Test - void testGetDerivedKey() { - final byte[] salt = BcryptBase64Decoder.decode(SALT_ENCODED); - final BcryptDerivedKeyParameterSpec parameterSpec = new BcryptDerivedKeyParameterSpec(COST, salt); - - final DerivedKeySpec<BcryptDerivedKeyParameterSpec> derivedKeySpec = new StandardDerivedKeySpec<>( - PASSWORD.toCharArray(), - DERIVED_KEY_LENGTH, - ALGORITHM, - parameterSpec - ); - - final DerivedKey derivedKey = provider.getDerivedKey(derivedKeySpec); - - assertNotNull(derivedKey); - assertEquals(ALGORITHM, derivedKey.getAlgorithm()); - assertEquals(SERIALIZED, derivedKey.getSerialized()); - - final byte[] encodedHashBytes = HASH.getBytes(SERIALIZED_CHARACTER_SET); - final byte[] digestedDerivedKey = getDerivedKeyBytes(encodedHashBytes); - assertArrayEquals(digestedDerivedKey, derivedKey.getEncoded()); - } - - private byte[] getDerivedKeyBytes(final byte[] hash) { - final MessageDigest messageDigest = getMessageDigest(); - final byte[] digested = messageDigest.digest(hash); - return Arrays.copyOf(digested, DERIVED_KEY_LENGTH); - } - - private MessageDigest getMessageDigest() { - try { - return MessageDigest.getInstance(DIGEST_ALGORITHM); - } catch (final NoSuchAlgorithmException e) { - throw new UnsupportedOperationException(DIGEST_ALGORITHM, e); - } - } -} diff --git a/nifi-commons/nifi-security-crypto-key/src/test/java/org/apache/nifi/security/crypto/key/detection/DetectedDerivedKeyParameterSpecReaderTest.java b/nifi-commons/nifi-security-crypto-key/src/test/java/org/apache/nifi/security/crypto/key/detection/DetectedDerivedKeyParameterSpecReaderTest.java deleted file mode 100644 index 59323d4cae..0000000000 --- a/nifi-commons/nifi-security-crypto-key/src/test/java/org/apache/nifi/security/crypto/key/detection/DetectedDerivedKeyParameterSpecReaderTest.java +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.security.crypto.key.detection; - -import org.apache.nifi.security.crypto.key.DerivedKeyParameterSpec; -import org.apache.nifi.security.crypto.key.argon2.Argon2DerivedKeyParameterSpec; -import org.apache.nifi.security.crypto.key.bcrypt.BcryptDerivedKeyParameterSpec; -import org.apache.nifi.security.crypto.key.pbkdf2.Pbkdf2DerivedKeyParameterSpec; -import org.apache.nifi.security.crypto.key.scrypt.ScryptDerivedKeyParameterSpec; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; - -import java.nio.charset.StandardCharsets; - -import static org.junit.jupiter.api.Assertions.assertInstanceOf; - -class DetectedDerivedKeyParameterSpecReaderTest { - - private static final String UNSPECIFIED_PARAMETERS = "unspecified"; - - private static final String ARGON2_PARAMETERS = "$argon2id$v=19$m=65536,t=2,p=1$QXJnb24yU2FsdFN0cmluZw"; - - private static final String BCRYPT_PARAMETERS = "$2a$12$R9h/cIPz0gi.URNNX3kh2O"; - - private static final String SCRYPT_PARAMETERS = "$s0$e0801$epIxT/h6HbbwHaehFnh/bw"; - - DetectedDerivedKeyParameterSpecReader reader; - - @BeforeEach - void setReader() { - reader = new DetectedDerivedKeyParameterSpecReader(); - } - - @Test - void testArgon2() { - assertParameterSpecInstanceOf(Argon2DerivedKeyParameterSpec.class, ARGON2_PARAMETERS); - } - - @Test - void testBcrypt() { - assertParameterSpecInstanceOf(BcryptDerivedKeyParameterSpec.class, BCRYPT_PARAMETERS); - } - - @Test - void testScrypt() { - assertParameterSpecInstanceOf(ScryptDerivedKeyParameterSpec.class, SCRYPT_PARAMETERS); - } - - @Test - void testPbkdf2() { - assertParameterSpecInstanceOf(Pbkdf2DerivedKeyParameterSpec.class, UNSPECIFIED_PARAMETERS); - } - - private void assertParameterSpecInstanceOf(final Class<? extends DerivedKeyParameterSpec> parameterSpecClass, final String parameters) { - final byte[] serializedParameters = parameters.getBytes(StandardCharsets.UTF_8); - - final DerivedKeyParameterSpec parameterSpec = reader.read(serializedParameters); - - assertInstanceOf(parameterSpecClass, parameterSpec); - } -} diff --git a/nifi-commons/nifi-security-crypto-key/src/test/java/org/apache/nifi/security/crypto/key/detection/DetectedDerivedKeyProviderTest.java b/nifi-commons/nifi-security-crypto-key/src/test/java/org/apache/nifi/security/crypto/key/detection/DetectedDerivedKeyProviderTest.java deleted file mode 100644 index 3f6b87eacd..0000000000 --- a/nifi-commons/nifi-security-crypto-key/src/test/java/org/apache/nifi/security/crypto/key/detection/DetectedDerivedKeyProviderTest.java +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.security.crypto.key.detection; - -import org.apache.nifi.security.crypto.key.DerivedKey; -import org.apache.nifi.security.crypto.key.DerivedKeyParameterSpec; -import org.apache.nifi.security.crypto.key.DerivedKeySpec; -import org.apache.nifi.security.crypto.key.StandardDerivedKeySpec; -import org.apache.nifi.security.crypto.key.argon2.Argon2DerivedKeyParameterSpec; -import org.apache.nifi.security.crypto.key.bcrypt.BcryptDerivedKeyParameterSpec; -import org.apache.nifi.security.crypto.key.pbkdf2.Pbkdf2DerivedKeyParameterSpec; -import org.apache.nifi.security.crypto.key.scrypt.ScryptDerivedKeyParameterSpec; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.extension.ExtendWith; -import org.mockito.Mock; -import org.mockito.junit.jupiter.MockitoExtension; - -import static org.junit.jupiter.api.Assertions.assertNotNull; -import static org.junit.jupiter.api.Assertions.assertThrows; - -@ExtendWith(MockitoExtension.class) -class DetectedDerivedKeyProviderTest { - - private static final char[] PASSWORD = {'w', 'o', 'r', 'd'}; - - private static final int DERIVED_KEY_LENGTH = 16; - - private static final String ALGORITHM = "AES"; - - private static final byte[] SALT = {'N', 'i', 'F', 'i', 'S', 'A', 'L', 'T'}; - - private static final int MINIMUM_ITERATIONS = 1; - - private static final int MINIMUM_ARGON2_MEMORY = 2; - - private static final int MINIMUM_PARALLELISM = 1; - - private static final int MINIMUM_BCRYPT_COST = 4; - - private static final byte[] BCRYPT_SALT = {'S', 'I', 'X', 'T', 'E', 'E', 'N', 'B', 'Y', 'T', 'E', 'S', 'S', 'A', 'L', 'T'}; - - private static final int MINIMUM_SCRYPT_COST = 2; - - private static final int SCRYPT_BLOCK_SIZE = 16; - - @Mock - DerivedKeyParameterSpec unsupportedDerivedKeyParameterSpec; - - DetectedDerivedKeyProvider provider; - - @BeforeEach - void setProvider() { - provider = new DetectedDerivedKeyProvider(); - } - - @Test - void testArgon2() { - final Argon2DerivedKeyParameterSpec parameterSpec = new Argon2DerivedKeyParameterSpec(MINIMUM_ARGON2_MEMORY, MINIMUM_ITERATIONS, MINIMUM_PARALLELISM, SALT); - assertDerivedKey(parameterSpec); - } - - @Test - void testBcrypt() { - final BcryptDerivedKeyParameterSpec parameterSpec = new BcryptDerivedKeyParameterSpec(MINIMUM_BCRYPT_COST, BCRYPT_SALT); - assertDerivedKey(parameterSpec); - } - - @Test - void testPbkdf2() { - final Pbkdf2DerivedKeyParameterSpec parameterSpec = new Pbkdf2DerivedKeyParameterSpec(MINIMUM_ITERATIONS, SALT); - assertDerivedKey(parameterSpec); - } - - @Test - void testScrypt() { - final ScryptDerivedKeyParameterSpec parameterSpec = new ScryptDerivedKeyParameterSpec(MINIMUM_SCRYPT_COST, SCRYPT_BLOCK_SIZE, MINIMUM_PARALLELISM, SALT); - assertDerivedKey(parameterSpec); - } - - @Test - void testUnsupported() { - final DerivedKeySpec<DerivedKeyParameterSpec> derivedKeySpec = getDerivedKeySpec(unsupportedDerivedKeyParameterSpec); - assertThrows(UnsupportedOperationException.class, () -> provider.getDerivedKey(derivedKeySpec)); - } - - private <T extends DerivedKeyParameterSpec> DerivedKeySpec<T> getDerivedKeySpec(final T parameterSpec) { - return new StandardDerivedKeySpec<>(PASSWORD, DERIVED_KEY_LENGTH, ALGORITHM, parameterSpec); - } - - private <T extends DerivedKeyParameterSpec> void assertDerivedKey(final T parameterSpec) { - final DerivedKeySpec<DerivedKeyParameterSpec> derivedKeySpec = getDerivedKeySpec(parameterSpec); - - final DerivedKey derivedKey = provider.getDerivedKey(derivedKeySpec); - - assertNotNull(derivedKey); - } -} diff --git a/nifi-commons/nifi-security-crypto-key/src/test/java/org/apache/nifi/security/crypto/key/pbkdf2/Pbkdf2DerivedKeyParameterSpecReaderTest.java b/nifi-commons/nifi-security-crypto-key/src/test/java/org/apache/nifi/security/crypto/key/pbkdf2/Pbkdf2DerivedKeyParameterSpecReaderTest.java deleted file mode 100644 index c88868dc1c..0000000000 --- a/nifi-commons/nifi-security-crypto-key/src/test/java/org/apache/nifi/security/crypto/key/pbkdf2/Pbkdf2DerivedKeyParameterSpecReaderTest.java +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.security.crypto.key.pbkdf2; - -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; - -import java.nio.charset.StandardCharsets; - -import static org.junit.jupiter.api.Assertions.assertArrayEquals; -import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertNotNull; - -class Pbkdf2DerivedKeyParameterSpecReaderTest { - private static final String STRING_PARAMETERS = String.class.getName(); - - Pbkdf2DerivedKeyParameterSpecReader reader; - - @BeforeEach - void setReader() { - reader = new Pbkdf2DerivedKeyParameterSpecReader(); - } - - @Test - void testRead() { - final byte[] serializedParameters = STRING_PARAMETERS.getBytes(StandardCharsets.US_ASCII); - - final Pbkdf2DerivedKeyParameterSpec parameterSpec = reader.read(serializedParameters); - - assertNotNull(parameterSpec); - assertEquals(Pbkdf2DerivedKeyParameterSpecReader.VERSION_0_5_0_ITERATIONS, parameterSpec.getIterations()); - assertArrayEquals(serializedParameters, parameterSpec.getSalt()); - } -} diff --git a/nifi-commons/nifi-security-crypto-key/src/test/java/org/apache/nifi/security/crypto/key/scrypt/ScryptDerivedKeyParameterSpecReaderTest.java b/nifi-commons/nifi-security-crypto-key/src/test/java/org/apache/nifi/security/crypto/key/scrypt/ScryptDerivedKeyParameterSpecReaderTest.java deleted file mode 100644 index 2c82d578b0..0000000000 --- a/nifi-commons/nifi-security-crypto-key/src/test/java/org/apache/nifi/security/crypto/key/scrypt/ScryptDerivedKeyParameterSpecReaderTest.java +++ /dev/null @@ -1,88 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.security.crypto.key.scrypt; - -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; - -import java.nio.charset.StandardCharsets; -import java.util.Base64; - -import static org.junit.jupiter.api.Assertions.assertArrayEquals; -import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertNotNull; -import static org.junit.jupiter.api.Assertions.assertThrows; - -class ScryptDerivedKeyParameterSpecReaderTest { - private static final byte[] STRING_PARAMETERS = String.class.getSimpleName().getBytes(StandardCharsets.US_ASCII); - - private static final int COST = 16384; - - private static final int BLOCK_SIZE = 8; - - private static final int PARALLELIZATION = 1; - - private static final String SALT_ENCODED = "epIxT/h6HbbwHaehFnh/bw"; - - private static final String HASH = "7H0vsXlY8UxxyW/BWx/9GuY7jEvGjT71GFd6O4SZND0"; - - private static final String SERIALIZED = String.format("$s0$e0801$%s", SALT_ENCODED); - - private static final String SERIALIZED_HASH = String.format("%s$%s", SERIALIZED, HASH); - - private static final Base64.Decoder decoder = Base64.getDecoder(); - - ScryptDerivedKeyParameterSpecReader reader; - - @BeforeEach - void setReader() { - reader = new ScryptDerivedKeyParameterSpecReader(); - } - - @Test - void testReadException() { - assertThrows(IllegalArgumentException.class, () -> reader.read(STRING_PARAMETERS)); - } - - @Test - void testRead() { - final byte[] serializedParameters = SERIALIZED.getBytes(StandardCharsets.US_ASCII); - - final ScryptDerivedKeyParameterSpec parameterSpec = reader.read(serializedParameters); - - assertParameterSpecEquals(parameterSpec); - } - - @Test - void testReadHash() { - final byte[] serializedParameters = SERIALIZED_HASH.getBytes(StandardCharsets.US_ASCII); - - final ScryptDerivedKeyParameterSpec parameterSpec = reader.read(serializedParameters); - - assertParameterSpecEquals(parameterSpec); - } - - private void assertParameterSpecEquals(final ScryptDerivedKeyParameterSpec parameterSpec) { - assertNotNull(parameterSpec); - assertEquals(COST, parameterSpec.getCost()); - assertEquals(BLOCK_SIZE, parameterSpec.getBlockSize()); - assertEquals(PARALLELIZATION, parameterSpec.getParallelization()); - - final byte[] salt = decoder.decode(SALT_ENCODED); - assertArrayEquals(salt, parameterSpec.getSalt()); - } -} diff --git a/nifi-commons/nifi-security-crypto-key/src/test/java/org/apache/nifi/security/crypto/key/scrypt/ScryptDerivedKeyProviderTest.java b/nifi-commons/nifi-security-crypto-key/src/test/java/org/apache/nifi/security/crypto/key/scrypt/ScryptDerivedKeyProviderTest.java deleted file mode 100644 index 94f846111c..0000000000 --- a/nifi-commons/nifi-security-crypto-key/src/test/java/org/apache/nifi/security/crypto/key/scrypt/ScryptDerivedKeyProviderTest.java +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.security.crypto.key.scrypt; - -import org.apache.nifi.security.crypto.key.DerivedKey; -import org.apache.nifi.security.crypto.key.DerivedKeySpec; -import org.apache.nifi.security.crypto.key.StandardDerivedKeySpec; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; - -import java.util.Base64; - -import static org.junit.jupiter.api.Assertions.assertArrayEquals; -import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertNotNull; - -class ScryptDerivedKeyProviderTest { - private static final String PASSWORD = "secret"; - - private static final int COST = 16384; - - private static final int BLOCK_SIZE = 8; - - private static final int PARALLELIZATION = 1; - - private static final String SALT_ENCODED = "epIxT/h6HbbwHaehFnh/bw"; - - private static final String HASH = "7H0vsXlY8UxxyW/BWx/9GuY7jEvGjT71GFd6O4SZND0"; - - private static final String SERIALIZED = String.format("$s0$e0801$%s$%s", SALT_ENCODED, HASH); - - private static final int DERIVED_KEY_LENGTH = 32; - - private static final String ALGORITHM = "AES"; - - private static final Base64.Decoder decoder = Base64.getDecoder(); - - ScryptDerivedKeyProvider provider; - - @BeforeEach - void setProvider() { - provider = new ScryptDerivedKeyProvider(); - } - - @Test - void testGetDerivedKey() { - final byte[] salt = decoder.decode(SALT_ENCODED); - final ScryptDerivedKeyParameterSpec parameterSpec = new ScryptDerivedKeyParameterSpec(COST, BLOCK_SIZE, PARALLELIZATION, salt); - - final DerivedKeySpec<ScryptDerivedKeyParameterSpec> derivedKeySpec = new StandardDerivedKeySpec<>( - PASSWORD.toCharArray(), - DERIVED_KEY_LENGTH, - ALGORITHM, - parameterSpec - ); - - final DerivedKey derivedKey = provider.getDerivedKey(derivedKeySpec); - - assertNotNull(derivedKey); - assertEquals(ALGORITHM, derivedKey.getAlgorithm()); - assertEquals(SERIALIZED, derivedKey.getSerialized()); - - final byte[] hashBytes = decoder.decode(HASH); - assertArrayEquals(hashBytes, derivedKey.getEncoded()); - } -} diff --git a/nifi-extension-bundles/nifi-cipher-bundle/nifi-cipher-processors/pom.xml b/nifi-extension-bundles/nifi-cipher-bundle/nifi-cipher-processors/pom.xml index 088deae4dc..cd8ec026c4 100644 --- a/nifi-extension-bundles/nifi-cipher-bundle/nifi-cipher-processors/pom.xml +++ b/nifi-extension-bundles/nifi-cipher-bundle/nifi-cipher-processors/pom.xml @@ -30,11 +30,6 @@ <groupId>org.apache.nifi</groupId> <artifactId>nifi-utils</artifactId> </dependency> - <dependency> - <groupId>org.apache.nifi</groupId> - <artifactId>nifi-security-crypto-key</artifactId> - <version>2.0.0-SNAPSHOT</version> - </dependency> <dependency> <groupId>org.opentest4j</groupId> <artifactId>opentest4j</artifactId>