[camel] branch master updated: CAMEL-14160 - Remove default encryption algorithm for the Crypto DataFormat

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[camel] branch master updated: CAMEL-14160 - Remove default encryption algorithm for the Crypto DataFormat

coheigea
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git


The following commit(s) were added to refs/heads/master by this push:
     new d865f36  CAMEL-14160 - Remove default encryption algorithm for the Crypto DataFormat
d865f36 is described below

commit d865f368f03f038db0cd896cadf6829a6ebc9777
Author: Colm O hEigeartaigh <[hidden email]>
AuthorDate: Fri Nov 8 16:01:05 2019 +0000

    CAMEL-14160 - Remove default encryption algorithm for the Crypto DataFormat
---
 .../src/main/docs/crypto-component.adoc            |  2 +-
 .../src/main/docs/crypto-dataformat.adoc           |  4 +-
 .../camel/converter/crypto/CryptoDataFormat.java   |  2 +-
 .../converter/crypto/CryptoDataFormatTest.java     | 81 +++++++++++++++++++---
 .../crypto/SpringCryptoDataFormatTest.java         | 13 +++-
 .../crypto/SpringCryptoDataFormatTest.xml          | 21 ++++++
 .../camel/model/dataformat/CryptoDataFormat.java   |  2 -
 .../ROOT/pages/camel-3-migration-guide.adoc        |  6 ++
 .../springboot/CryptoDataFormatConfiguration.java  |  4 +-
 9 files changed, 114 insertions(+), 21 deletions(-)

diff --git a/components/camel-crypto/src/main/docs/crypto-component.adoc b/components/camel-crypto/src/main/docs/crypto-component.adoc
index 25c4d3f..ffd8b90 100644
--- a/components/camel-crypto/src/main/docs/crypto-component.adoc
+++ b/components/camel-crypto/src/main/docs/crypto-component.adoc
@@ -187,7 +187,7 @@ The component supports 33 options, which are listed below.
 | *camel.component.crypto.configuration.secure-random-name* | Sets the reference name for a SecureRandom that can be found in the registry. |  | String
 | *camel.component.crypto.configuration.signature-header-name* | Set the name of the message header that should be used to store the base64 encoded signature. This defaults to 'CamelDigitalSignature' |  | String
 | *camel.component.crypto.enabled* | Enable crypto component | true | Boolean
-| *camel.dataformat.crypto.algorithm* | The JCE algorithm name indicating the cryptographic algorithm that will be used. Is by default DES/CBC/PKCS5Padding. | DES/CBC/PKCS5Padding | String
+| *camel.dataformat.crypto.algorithm* | The JCE algorithm name indicating the cryptographic algorithm that will be used. |  | String
 | *camel.dataformat.crypto.algorithm-parameter-ref* | A JCE AlgorithmParameterSpec used to initialize the Cipher. Will lookup the type using the given name as a java.security.spec.AlgorithmParameterSpec type. |  | String
 | *camel.dataformat.crypto.buffersize* | The size of the buffer used in the signature process. |  | Integer
 | *camel.dataformat.crypto.content-type-header* | Whether the data format should set the Content-Type header with the type from the data format if the data format is capable of doing so. For example application/xml for data formats marshalling to XML, or application/json for data formats marshalling to JSon etc. | false | Boolean
diff --git a/components/camel-crypto/src/main/docs/crypto-dataformat.adoc b/components/camel-crypto/src/main/docs/crypto-dataformat.adoc
index 5f61deb..29705ac 100644
--- a/components/camel-crypto/src/main/docs/crypto-dataformat.adoc
+++ b/components/camel-crypto/src/main/docs/crypto-dataformat.adoc
@@ -21,7 +21,7 @@ The Crypto (Java Cryptographic Extension) dataformat supports 10 options, which
 [width="100%",cols="2s,1m,1m,6",options="header"]
 |===
 | Name | Default | Java Type | Description
-| algorithm | DES/CBC/PKCS5Padding | String | The JCE algorithm name indicating the cryptographic algorithm that will be used. Is by default DES/CBC/PKCS5Padding.
+| algorithm |  | String | The JCE algorithm name indicating the cryptographic algorithm that will be used.
 | cryptoProvider |  | String | The name of the JCE Security Provider that should be used.
 | keyRef |  | String | Refers to the secret key to lookup from the register to use.
 | initVectorRef |  | String | Refers to a byte array containing the Initialization Vector that will be used to initialize the Cipher.
@@ -78,7 +78,7 @@ The component supports 33 options, which are listed below.
 | *camel.component.crypto.configuration.secure-random-name* | Sets the reference name for a SecureRandom that can be found in the registry. |  | String
 | *camel.component.crypto.configuration.signature-header-name* | Set the name of the message header that should be used to store the base64 encoded signature. This defaults to 'CamelDigitalSignature' |  | String
 | *camel.component.crypto.enabled* | Enable crypto component | true | Boolean
-| *camel.dataformat.crypto.algorithm* | The JCE algorithm name indicating the cryptographic algorithm that will be used. Is by default DES/CBC/PKCS5Padding. | DES/CBC/PKCS5Padding | String
+| *camel.dataformat.crypto.algorithm* | The JCE algorithm name indicating the cryptographic algorithm that will be used. |  | String
 | *camel.dataformat.crypto.algorithm-parameter-ref* | A JCE AlgorithmParameterSpec used to initialize the Cipher. Will lookup the type using the given name as a java.security.spec.AlgorithmParameterSpec type. |  | String
 | *camel.dataformat.crypto.buffersize* | The size of the buffer used in the signature process. |  | Integer
 | *camel.dataformat.crypto.content-type-header* | Whether the data format should set the Content-Type header with the type from the data format if the data format is capable of doing so. For example application/xml for data formats marshalling to XML, or application/json for data formats marshalling to JSon etc. | false | Boolean
diff --git a/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/CryptoDataFormat.java b/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/CryptoDataFormat.java
index 695276c4..abd6dca 100644
--- a/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/CryptoDataFormat.java
+++ b/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/CryptoDataFormat.java
@@ -76,7 +76,7 @@ public class CryptoDataFormat extends ServiceSupport implements DataFormat, Data
 
     private static final Logger LOG = LoggerFactory.getLogger(CryptoDataFormat.class);
     private static final String INIT_VECTOR = "CamelCryptoInitVector";
-    private String algorithm = "DES/CBC/PKCS5Padding";
+    private String algorithm;
     private String cryptoProvider;
     private Key configuredkey;
     private int bufferSize = 4096;
diff --git a/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/CryptoDataFormatTest.java b/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/CryptoDataFormatTest.java
index 2688964..540fb6d 100644
--- a/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/CryptoDataFormatTest.java
+++ b/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/CryptoDataFormatTest.java
@@ -18,6 +18,7 @@ package org.apache.camel.converter.crypto;
 
 import java.io.ByteArrayInputStream;
 import java.security.Key;
+import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
 import java.util.Collections;
 import java.util.Map;
@@ -25,9 +26,11 @@ import java.util.Map;
 import javax.crypto.Cipher;
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
+import javax.crypto.spec.GCMParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
 
 import org.apache.camel.CamelContext;
+import org.apache.camel.CamelExecutionException;
 import org.apache.camel.Exchange;
 import org.apache.camel.Processor;
 import org.apache.camel.builder.RouteBuilder;
@@ -36,7 +39,7 @@ import org.apache.camel.test.junit4.CamelTestSupport;
 import org.junit.Test;
 
 public class CryptoDataFormatTest extends CamelTestSupport {
-    
+
     @Test
     public void testBasicSymmetric() throws Exception {
         doRoundTripEncryptionTests("direct:basic-encryption");
@@ -61,12 +64,12 @@ public class CryptoDataFormatTest extends CamelTestSupport {
     public void testSymmetricWithMD5HMAC() throws Exception {
         doRoundTripEncryptionTests("direct:hmac-algorithm");
     }
-    
+
     @Test
     public void testSymmetricWithSHA256HMAC() throws Exception {
         doRoundTripEncryptionTests("direct:hmac-sha-256-algorithm");
     }
-    
+
     @Test
     public void testKeySuppliedAsHeader() throws Exception {
         KeyGenerator generator = KeyGenerator.getInstance("DES");
@@ -89,17 +92,17 @@ public class CryptoDataFormatTest extends CamelTestSupport {
         Exchange received = mock.getReceivedExchanges().get(0);
         validateHeaderIsCleared(received);
     }
-    
+
     @Test
     public void test3DESECBSymmetric() throws Exception {
         doRoundTripEncryptionTests("direct:3des-ecb-encryption");
     }
-    
+
     @Test
     public void test3DESCBCSymmetric() throws Exception {
         doRoundTripEncryptionTests("direct:3des-cbc-encryption");
     }
-    
+
     @Test
     public void testAES128ECBSymmetric() throws Exception {
         if (checkUnrestrictedPoliciesInstalled()) {
@@ -107,6 +110,23 @@ public class CryptoDataFormatTest extends CamelTestSupport {
         }
     }
 
+    @Test
+    public void testAES128GCMSymmetric() throws Exception {
+        if (checkUnrestrictedPoliciesInstalled()) {
+            doRoundTripEncryptionTests("direct:aes-gcm-encryption");
+        }
+    }
+
+    @Test
+    public void testNoAlgorithm() throws Exception {
+        try {
+            doRoundTripEncryptionTests("direct:no-algorithm");
+            fail("Failure expected on no algorithm specified");
+        } catch (CamelExecutionException ex) {
+            assertTrue(ex.getCause() instanceof NoSuchAlgorithmException);
+        }
+    }
+
     private void validateHeaderIsCleared(Exchange ex) {
         Object header = ex.getIn().getHeader(CryptoDataFormat.KEY);
         assertTrue(!ex.getIn().getHeaders().containsKey(CryptoDataFormat.KEY) || "".equals(header) || header == null);
@@ -269,7 +289,7 @@ public class CryptoDataFormatTest extends CamelTestSupport {
                 KeyGenerator generator = KeyGenerator.getInstance("DESede");
 
                 CryptoDataFormat cryptoFormat = new CryptoDataFormat("DESede/ECB/PKCS5Padding", generator.generateKey());
-                
+
                 from("direct:3des-ecb-encryption")
                     .marshal(cryptoFormat)
                     .to("mock:encrypted")
@@ -289,10 +309,10 @@ public class CryptoDataFormatTest extends CamelTestSupport {
                 CryptoDataFormat encCryptoFormat = new CryptoDataFormat("DES/CBC/PKCS5Padding", key);
                 encCryptoFormat.setInitializationVector(iv);
                 encCryptoFormat.setShouldInlineInitializationVector(true);
-                
+
                 CryptoDataFormat decCryptoFormat = new CryptoDataFormat("DES/CBC/PKCS5Padding", key);
                 decCryptoFormat.setShouldInlineInitializationVector(true);
-                
+
                 from("direct:3des-cbc-encryption")
                     .marshal(encCryptoFormat)
                     .to("mock:encrypted")
@@ -306,7 +326,7 @@ public class CryptoDataFormatTest extends CamelTestSupport {
                 KeyGenerator generator = KeyGenerator.getInstance("AES");
 
                 CryptoDataFormat cryptoFormat = new CryptoDataFormat("AES/ECB/PKCS5Padding", generator.generateKey());
-                
+
                 from("direct:aes-128-ecb-encryption")
                     .marshal(cryptoFormat)
                     .to("mock:encrypted")
@@ -314,6 +334,45 @@ public class CryptoDataFormatTest extends CamelTestSupport {
                     .to("mock:unencrypted");
                 // END SNIPPET: AES-128-ECB
             }
+        }, new RouteBuilder() {
+            public void configure() throws Exception {
+                KeyGenerator generator = KeyGenerator.getInstance("AES");
+                generator.init(128);
+
+                SecureRandom random = new SecureRandom();
+                byte[] iv = new byte[12];
+                random.nextBytes(iv);
+
+                GCMParameterSpec paramSpec = new GCMParameterSpec(128, iv);
+
+                CryptoDataFormat cryptoFormat = new CryptoDataFormat("AES/GCM/NoPadding", generator.generateKey());
+                cryptoFormat.setAlgorithmParameterSpec(paramSpec);
+
+                from("direct:aes-gcm-encryption")
+                    .marshal(cryptoFormat)
+                    .to("mock:encrypted")
+                    .unmarshal(cryptoFormat)
+                    .to("mock:unencrypted");
+            }
+        }, new RouteBuilder() {
+            public void configure() throws Exception {
+                KeyGenerator generator = KeyGenerator.getInstance("DES");
+
+                byte[] iv = new byte[8];
+                SecureRandom random = new SecureRandom();
+                random.nextBytes(iv);
+
+                CryptoDataFormat cryptoFormat = new CryptoDataFormat();
+                cryptoFormat.setKey(generator.generateKey());
+                cryptoFormat.setInitializationVector(iv);
+                // cryptoFormat.setAlgorithm("DES/CBC/PKCS5Padding");
+
+                from("direct:no-algorithm")
+                    .marshal(cryptoFormat)
+                    .to("mock:encrypted")
+                    .unmarshal(cryptoFormat)
+                    .to("mock:unencrypted");
+            }
         }};
     }
 
@@ -326,7 +385,7 @@ public class CryptoDataFormatTest extends CamelTestSupport {
         mockEp.expectedMessageCount(expected);
         return mockEp;
     }
-    
+
     public static boolean checkUnrestrictedPoliciesInstalled() {
         try {
             byte[] data = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
diff --git a/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/SpringCryptoDataFormatTest.java b/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/SpringCryptoDataFormatTest.java
index 800e2b1..a1fd2c2 100644
--- a/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/SpringCryptoDataFormatTest.java
+++ b/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/SpringCryptoDataFormatTest.java
@@ -17,8 +17,10 @@
 package org.apache.camel.converter.crypto;
 
 import java.security.Key;
+import java.security.SecureRandom;
 
 import javax.crypto.KeyGenerator;
+import javax.crypto.spec.GCMParameterSpec;
 
 import org.apache.camel.CamelContext;
 import org.apache.camel.builder.RouteBuilder;
@@ -51,11 +53,11 @@ public class SpringCryptoDataFormatTest extends CryptoDataFormatTest {
     public static Key getDesKey() {
         return deskey;
     }
-    
+
     public static Key getDesEdeKey() {
         return desEdekey;
     }
-    
+
     public static Key getAESKey() {
         return aeskey;
     }
@@ -64,4 +66,11 @@ public class SpringCryptoDataFormatTest extends CryptoDataFormatTest {
         return new byte[] {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
     }
 
+    public static GCMParameterSpec getGCMParameterSpec() {
+        byte[] iv = new byte[12];
+        SecureRandom random = new SecureRandom();
+        random.nextBytes(iv);
+
+        return new GCMParameterSpec(128, iv);
+    }
 }
diff --git a/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/SpringCryptoDataFormatTest.xml b/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/SpringCryptoDataFormatTest.xml
index 0701aa0..833c2ce 100644
--- a/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/SpringCryptoDataFormatTest.xml
+++ b/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/SpringCryptoDataFormatTest.xml
@@ -66,6 +66,10 @@
       <!-- START SNIPPET: aes-128-ecb-encryption -->
       <crypto id="aes-128-ecb-encryption" algorithm="AES/ECB/PKCS5Padding" keyRef="aesKey" />
       <!-- END SNIPPET: aes-128-ecb-encryption -->
+      
+      <crypto id="aes-gcm-encryption" algorithm="AES/GCM/NoPadding" keyRef="aesKey" algorithmParameterRef="gcmParamSpec" />
+      
+      <crypto id="des-no-algorithm" keyRef="desKey" initVectorRef="initializationVector" />
     </dataFormats>
     
     <route>
@@ -158,11 +162,28 @@
       <to uri="mock:unencrypted" />
     </route>
     
+    <route>
+      <from uri="direct:aes-gcm-encryption" />
+      <marshal><custom ref="aes-gcm-encryption" /></marshal>
+      <to uri="mock:encrypted" />
+      <unmarshal><custom ref="aes-gcm-encryption" /></unmarshal>
+      <to uri="mock:unencrypted" />
+    </route>
+    
+    <route>
+      <from uri="direct:no-algorithm" />
+      <marshal><custom ref="des-no-algorithm" /></marshal>
+      <to uri="mock:encrypted" />
+      <unmarshal><custom ref="des-no-algorithm" /></unmarshal>
+      <to uri="mock:unencrypted" />
+    </route>
+    
   </camelContext>
   
   <bean id="desKey" class="org.apache.camel.converter.crypto.SpringCryptoDataFormatTest" factory-method="getDesKey" />
   <bean id="desEdeKey" class="org.apache.camel.converter.crypto.SpringCryptoDataFormatTest" factory-method="getDesEdeKey" />
   <bean id="aesKey" class="org.apache.camel.converter.crypto.SpringCryptoDataFormatTest" factory-method="getAESKey" />
   <bean id="initializationVector" class="org.apache.camel.converter.crypto.SpringCryptoDataFormatTest" factory-method="getIV" />
+  <bean id="gcmParamSpec" class="org.apache.camel.converter.crypto.SpringCryptoDataFormatTest" factory-method="getGCMParameterSpec" />
   
 </beans>
\ No newline at end of file
diff --git a/core/camel-core-engine/src/main/java/org/apache/camel/model/dataformat/CryptoDataFormat.java b/core/camel-core-engine/src/main/java/org/apache/camel/model/dataformat/CryptoDataFormat.java
index aa22573..f6fab9d 100644
--- a/core/camel-core-engine/src/main/java/org/apache/camel/model/dataformat/CryptoDataFormat.java
+++ b/core/camel-core-engine/src/main/java/org/apache/camel/model/dataformat/CryptoDataFormat.java
@@ -33,7 +33,6 @@ import org.apache.camel.spi.Metadata;
 @XmlAccessorType(XmlAccessType.FIELD)
 public class CryptoDataFormat extends DataFormatDefinition {
     @XmlAttribute
-    @Metadata(defaultValue = "DES/CBC/PKCS5Padding")
     private String algorithm;
     @XmlAttribute
     private String cryptoProvider;
@@ -65,7 +64,6 @@ public class CryptoDataFormat extends DataFormatDefinition {
      * The JCE algorithm name indicating the cryptographic algorithm that will
      * be used.
      * <p/>
-     * Is by default DES/CBC/PKCS5Padding.
      */
     public void setAlgorithm(String algorithm) {
         this.algorithm = algorithm;
diff --git a/docs/user-manual/modules/ROOT/pages/camel-3-migration-guide.adoc b/docs/user-manual/modules/ROOT/pages/camel-3-migration-guide.adoc
index 52fd846..08a7c57 100644
--- a/docs/user-manual/modules/ROOT/pages/camel-3-migration-guide.adoc
+++ b/docs/user-manual/modules/ROOT/pages/camel-3-migration-guide.adoc
@@ -328,6 +328,12 @@ also been deprecated in Camel 2.x. In Camel 3 we have removed the remaining code
 The default signature algorithm has changed for the Crypto (JCE) Component - it
 is now SHA256withRSA (before it was SHA1WithDSA).
 
+=== Crypto DataFormat
+
+The default encryption algorithm has changed for the Crypto (JCE) DataFormat -
+it is now required to set a value for it (meaning that the default is null).
+Before the default value was "DES/CBC/PKCS5Padding".
+
 === JSon DataFormat
 
 The default JSon library with the JSon dataformat has changed from `XStream` to `Jackson`.
diff --git a/platforms/spring-boot/components-starter/camel-crypto-starter/src/main/java/org/apache/camel/converter/crypto/springboot/CryptoDataFormatConfiguration.java b/platforms/spring-boot/components-starter/camel-crypto-starter/src/main/java/org/apache/camel/converter/crypto/springboot/CryptoDataFormatConfiguration.java
index 4b33766..eda457f 100644
--- a/platforms/spring-boot/components-starter/camel-crypto-starter/src/main/java/org/apache/camel/converter/crypto/springboot/CryptoDataFormatConfiguration.java
+++ b/platforms/spring-boot/components-starter/camel-crypto-starter/src/main/java/org/apache/camel/converter/crypto/springboot/CryptoDataFormatConfiguration.java
@@ -39,9 +39,9 @@ public class CryptoDataFormatConfiguration
     private Boolean enabled;
     /**
      * The JCE algorithm name indicating the cryptographic algorithm that will
-     * be used. Is by default DES/CBC/PKCS5Padding.
+     * be used.
      */
-    private String algorithm = "DES/CBC/PKCS5Padding";
+    private String algorithm;
     /**
      * The name of the JCE Security Provider that should be used.
      */