(camel) branch camel-4.4.x updated: CAMEL-21423: camel-crypto - Check IvParameterSpec at first when initializing the cipher (#16195)

Fri, 08 Nov 2024 23:57:13 -0800 

This is an automated email from the ASF dual-hosted git repository.

davsclaus pushed a commit to branch camel-4.4.x
in repository https://gitbox.apache.org/repos/asf/camel.git


The following commit(s) were added to refs/heads/camel-4.4.x by this push:
     new 4338636b89f CAMEL-21423: camel-crypto - Check IvParameterSpec at first 
when initializing the cipher (#16195)
4338636b89f is described below

commit 4338636b89f49d8bc37dea0bc93abdb825af892c
Author: Zheng Feng <[email protected]>
AuthorDate: Sat Nov 9 15:56:09 2024 +0800

    CAMEL-21423: camel-crypto - Check IvParameterSpec at first when 
initializing the cipher (#16195)
---
 .../camel/converter/crypto/CryptoDataFormat.java   |  6 ++---
 .../converter/crypto/CryptoDataFormatTest.java     | 29 ++++++++++++++++++++++
 .../crypto/SpringCryptoDataFormatTest.xml          |  9 +++++++
 3 files changed, 41 insertions(+), 3 deletions(-)

diff --git 
a/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/CryptoDataFormat.java
 
b/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/CryptoDataFormat.java
index d744a3589e2..b5f9ac1f085 100644
--- 
a/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/CryptoDataFormat.java
+++ 
b/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/CryptoDataFormat.java
@@ -110,10 +110,10 @@ public class CryptoDataFormat extends ServiceSupport 
implements DataFormat, Data
         }
 
         if (mode == ENCRYPT_MODE || mode == DECRYPT_MODE) {
-            if (iv != null) {
-                cipher.init(mode, key, new IvParameterSpec(iv));
-            } else if (parameterSpec != null) {
+            if (parameterSpec != null) {
                 cipher.init(mode, key, parameterSpec);
+            } else if (iv != null) {
+                cipher.init(mode, key, new IvParameterSpec(iv));
             } else {
                 cipher.init(mode, key);
             }
diff --git 
a/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/CryptoDataFormatTest.java
 
b/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/CryptoDataFormatTest.java
index 1b103c78190..f8c31663c33 100644
--- 
a/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/CryptoDataFormatTest.java
+++ 
b/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/CryptoDataFormatTest.java
@@ -122,6 +122,13 @@ public class CryptoDataFormatTest extends CamelTestSupport 
{
         }
     }
 
+    @Test
+    void testInlineAES128GCMSymmetric() throws Exception {
+        if (checkUnrestrictedPoliciesInstalled()) {
+            doRoundTripEncryptionTests("direct:inline-aes-gcm-encryption");
+        }
+    }
+
     @Test
     void testNoAlgorithm() throws Exception {
         try {
@@ -357,6 +364,28 @@ public class CryptoDataFormatTest extends CamelTestSupport 
{
                         .unmarshal(cryptoFormat)
                         .to("mock:unencrypted");
             }
+        }, new RouteBuilder() {
+            public void configure() throws Exception {
+                KeyGenerator generator = KeyGenerator.getInstance("AES");
+                generator.init(128);
+
+                SecureRandom random = new SecureRandom();
+                byte[] iv = new byte[12];
+                random.nextBytes(iv);
+
+                GCMParameterSpec paramSpec = new GCMParameterSpec(128, iv);
+
+                CryptoDataFormat cryptoFormat = new 
CryptoDataFormat("AES/GCM/NoPadding", generator.generateKey());
+                cryptoFormat.setInitializationVector(iv);
+                cryptoFormat.setShouldInlineInitializationVector(true);
+                cryptoFormat.setAlgorithmParameterSpec(paramSpec);
+
+                from("direct:inline-aes-gcm-encryption")
+                        .marshal(cryptoFormat)
+                        .to("mock:encrypted")
+                        .unmarshal(cryptoFormat)
+                        .to("mock:unencrypted");
+            }
         }, new RouteBuilder() {
             public void configure() throws Exception {
                 KeyGenerator generator = KeyGenerator.getInstance("DES");
diff --git 
a/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/SpringCryptoDataFormatTest.xml
 
b/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/SpringCryptoDataFormatTest.xml
index 833c2ce23d0..3c3899bd323 100644
--- 
a/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/SpringCryptoDataFormatTest.xml
+++ 
b/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/SpringCryptoDataFormatTest.xml
@@ -68,6 +68,7 @@
       <!-- END SNIPPET: aes-128-ecb-encryption -->
       
       <crypto id="aes-gcm-encryption" algorithm="AES/GCM/NoPadding" 
keyRef="aesKey" algorithmParameterRef="gcmParamSpec" />
+      <crypto id="inline-aes-gcm-encryption" algorithm="AES/GCM/NoPadding" 
keyRef="aesKey" algorithmParameterRef="gcmParamSpec" 
initVectorRef="initializationVector" inline="true"/>
       
       <crypto id="des-no-algorithm" keyRef="desKey" 
initVectorRef="initializationVector" />
     </dataFormats>
@@ -170,6 +171,14 @@
       <to uri="mock:unencrypted" />
     </route>
     
+    <route>
+      <from uri="direct:inline-aes-gcm-encryption" />
+      <marshal><custom ref="inline-aes-gcm-encryption" /></marshal>
+      <to uri="mock:encrypted" />
+      <unmarshal><custom ref="inline-aes-gcm-encryption" /></unmarshal>
+      <to uri="mock:unencrypted" />
+    </route>
+
     <route>
       <from uri="direct:no-algorithm" />
       <marshal><custom ref="des-no-algorithm" /></marshal>

Reply via email to