This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/master by this push: new d865f36 CAMEL-14160 - Remove default encryption algorithm for the Crypto DataFormat d865f36 is described below commit d865f368f03f038db0cd896cadf6829a6ebc9777 Author: Colm O hEigeartaigh <cohei...@apache.org> AuthorDate: Fri Nov 8 16:01:05 2019 +0000 CAMEL-14160 - Remove default encryption algorithm for the Crypto DataFormat --- .../src/main/docs/crypto-component.adoc | 2 +- .../src/main/docs/crypto-dataformat.adoc | 4 +- .../camel/converter/crypto/CryptoDataFormat.java | 2 +- .../converter/crypto/CryptoDataFormatTest.java | 81 +++++++++++++++++++--- .../crypto/SpringCryptoDataFormatTest.java | 13 +++- .../crypto/SpringCryptoDataFormatTest.xml | 21 ++++++ .../camel/model/dataformat/CryptoDataFormat.java | 2 - .../ROOT/pages/camel-3-migration-guide.adoc | 6 ++ .../springboot/CryptoDataFormatConfiguration.java | 4 +- 9 files changed, 114 insertions(+), 21 deletions(-) diff --git a/components/camel-crypto/src/main/docs/crypto-component.adoc b/components/camel-crypto/src/main/docs/crypto-component.adoc index 25c4d3f..ffd8b90 100644 --- a/components/camel-crypto/src/main/docs/crypto-component.adoc +++ b/components/camel-crypto/src/main/docs/crypto-component.adoc @@ -187,7 +187,7 @@ The component supports 33 options, which are listed below. | *camel.component.crypto.configuration.secure-random-name* | Sets the reference name for a SecureRandom that can be found in the registry. | | String | *camel.component.crypto.configuration.signature-header-name* | Set the name of the message header that should be used to store the base64 encoded signature. This defaults to 'CamelDigitalSignature' | | String | *camel.component.crypto.enabled* | Enable crypto component | true | Boolean -| *camel.dataformat.crypto.algorithm* | The JCE algorithm name indicating the cryptographic algorithm that will be used. Is by default DES/CBC/PKCS5Padding. | DES/CBC/PKCS5Padding | String +| *camel.dataformat.crypto.algorithm* | The JCE algorithm name indicating the cryptographic algorithm that will be used. | | String | *camel.dataformat.crypto.algorithm-parameter-ref* | A JCE AlgorithmParameterSpec used to initialize the Cipher. Will lookup the type using the given name as a java.security.spec.AlgorithmParameterSpec type. | | String | *camel.dataformat.crypto.buffersize* | The size of the buffer used in the signature process. | | Integer | *camel.dataformat.crypto.content-type-header* | Whether the data format should set the Content-Type header with the type from the data format if the data format is capable of doing so. For example application/xml for data formats marshalling to XML, or application/json for data formats marshalling to JSon etc. | false | Boolean diff --git a/components/camel-crypto/src/main/docs/crypto-dataformat.adoc b/components/camel-crypto/src/main/docs/crypto-dataformat.adoc index 5f61deb..29705ac 100644 --- a/components/camel-crypto/src/main/docs/crypto-dataformat.adoc +++ b/components/camel-crypto/src/main/docs/crypto-dataformat.adoc @@ -21,7 +21,7 @@ The Crypto (Java Cryptographic Extension) dataformat supports 10 options, which [width="100%",cols="2s,1m,1m,6",options="header"] |=== | Name | Default | Java Type | Description -| algorithm | DES/CBC/PKCS5Padding | String | The JCE algorithm name indicating the cryptographic algorithm that will be used. Is by default DES/CBC/PKCS5Padding. +| algorithm | | String | The JCE algorithm name indicating the cryptographic algorithm that will be used. | cryptoProvider | | String | The name of the JCE Security Provider that should be used. | keyRef | | String | Refers to the secret key to lookup from the register to use. | initVectorRef | | String | Refers to a byte array containing the Initialization Vector that will be used to initialize the Cipher. @@ -78,7 +78,7 @@ The component supports 33 options, which are listed below. | *camel.component.crypto.configuration.secure-random-name* | Sets the reference name for a SecureRandom that can be found in the registry. | | String | *camel.component.crypto.configuration.signature-header-name* | Set the name of the message header that should be used to store the base64 encoded signature. This defaults to 'CamelDigitalSignature' | | String | *camel.component.crypto.enabled* | Enable crypto component | true | Boolean -| *camel.dataformat.crypto.algorithm* | The JCE algorithm name indicating the cryptographic algorithm that will be used. Is by default DES/CBC/PKCS5Padding. | DES/CBC/PKCS5Padding | String +| *camel.dataformat.crypto.algorithm* | The JCE algorithm name indicating the cryptographic algorithm that will be used. | | String | *camel.dataformat.crypto.algorithm-parameter-ref* | A JCE AlgorithmParameterSpec used to initialize the Cipher. Will lookup the type using the given name as a java.security.spec.AlgorithmParameterSpec type. | | String | *camel.dataformat.crypto.buffersize* | The size of the buffer used in the signature process. | | Integer | *camel.dataformat.crypto.content-type-header* | Whether the data format should set the Content-Type header with the type from the data format if the data format is capable of doing so. For example application/xml for data formats marshalling to XML, or application/json for data formats marshalling to JSon etc. | false | Boolean diff --git a/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/CryptoDataFormat.java b/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/CryptoDataFormat.java index 695276c4..abd6dca 100644 --- a/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/CryptoDataFormat.java +++ b/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/CryptoDataFormat.java @@ -76,7 +76,7 @@ public class CryptoDataFormat extends ServiceSupport implements DataFormat, Data private static final Logger LOG = LoggerFactory.getLogger(CryptoDataFormat.class); private static final String INIT_VECTOR = "CamelCryptoInitVector"; - private String algorithm = "DES/CBC/PKCS5Padding"; + private String algorithm; private String cryptoProvider; private Key configuredkey; private int bufferSize = 4096; diff --git a/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/CryptoDataFormatTest.java b/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/CryptoDataFormatTest.java index 2688964..540fb6d 100644 --- a/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/CryptoDataFormatTest.java +++ b/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/CryptoDataFormatTest.java @@ -18,6 +18,7 @@ package org.apache.camel.converter.crypto; import java.io.ByteArrayInputStream; import java.security.Key; +import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.util.Collections; import java.util.Map; @@ -25,9 +26,11 @@ import java.util.Map; import javax.crypto.Cipher; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; +import javax.crypto.spec.GCMParameterSpec; import javax.crypto.spec.SecretKeySpec; import org.apache.camel.CamelContext; +import org.apache.camel.CamelExecutionException; import org.apache.camel.Exchange; import org.apache.camel.Processor; import org.apache.camel.builder.RouteBuilder; @@ -36,7 +39,7 @@ import org.apache.camel.test.junit4.CamelTestSupport; import org.junit.Test; public class CryptoDataFormatTest extends CamelTestSupport { - + @Test public void testBasicSymmetric() throws Exception { doRoundTripEncryptionTests("direct:basic-encryption"); @@ -61,12 +64,12 @@ public class CryptoDataFormatTest extends CamelTestSupport { public void testSymmetricWithMD5HMAC() throws Exception { doRoundTripEncryptionTests("direct:hmac-algorithm"); } - + @Test public void testSymmetricWithSHA256HMAC() throws Exception { doRoundTripEncryptionTests("direct:hmac-sha-256-algorithm"); } - + @Test public void testKeySuppliedAsHeader() throws Exception { KeyGenerator generator = KeyGenerator.getInstance("DES"); @@ -89,17 +92,17 @@ public class CryptoDataFormatTest extends CamelTestSupport { Exchange received = mock.getReceivedExchanges().get(0); validateHeaderIsCleared(received); } - + @Test public void test3DESECBSymmetric() throws Exception { doRoundTripEncryptionTests("direct:3des-ecb-encryption"); } - + @Test public void test3DESCBCSymmetric() throws Exception { doRoundTripEncryptionTests("direct:3des-cbc-encryption"); } - + @Test public void testAES128ECBSymmetric() throws Exception { if (checkUnrestrictedPoliciesInstalled()) { @@ -107,6 +110,23 @@ public class CryptoDataFormatTest extends CamelTestSupport { } } + @Test + public void testAES128GCMSymmetric() throws Exception { + if (checkUnrestrictedPoliciesInstalled()) { + doRoundTripEncryptionTests("direct:aes-gcm-encryption"); + } + } + + @Test + public void testNoAlgorithm() throws Exception { + try { + doRoundTripEncryptionTests("direct:no-algorithm"); + fail("Failure expected on no algorithm specified"); + } catch (CamelExecutionException ex) { + assertTrue(ex.getCause() instanceof NoSuchAlgorithmException); + } + } + private void validateHeaderIsCleared(Exchange ex) { Object header = ex.getIn().getHeader(CryptoDataFormat.KEY); assertTrue(!ex.getIn().getHeaders().containsKey(CryptoDataFormat.KEY) || "".equals(header) || header == null); @@ -269,7 +289,7 @@ public class CryptoDataFormatTest extends CamelTestSupport { KeyGenerator generator = KeyGenerator.getInstance("DESede"); CryptoDataFormat cryptoFormat = new CryptoDataFormat("DESede/ECB/PKCS5Padding", generator.generateKey()); - + from("direct:3des-ecb-encryption") .marshal(cryptoFormat) .to("mock:encrypted") @@ -289,10 +309,10 @@ public class CryptoDataFormatTest extends CamelTestSupport { CryptoDataFormat encCryptoFormat = new CryptoDataFormat("DES/CBC/PKCS5Padding", key); encCryptoFormat.setInitializationVector(iv); encCryptoFormat.setShouldInlineInitializationVector(true); - + CryptoDataFormat decCryptoFormat = new CryptoDataFormat("DES/CBC/PKCS5Padding", key); decCryptoFormat.setShouldInlineInitializationVector(true); - + from("direct:3des-cbc-encryption") .marshal(encCryptoFormat) .to("mock:encrypted") @@ -306,7 +326,7 @@ public class CryptoDataFormatTest extends CamelTestSupport { KeyGenerator generator = KeyGenerator.getInstance("AES"); CryptoDataFormat cryptoFormat = new CryptoDataFormat("AES/ECB/PKCS5Padding", generator.generateKey()); - + from("direct:aes-128-ecb-encryption") .marshal(cryptoFormat) .to("mock:encrypted") @@ -314,6 +334,45 @@ public class CryptoDataFormatTest extends CamelTestSupport { .to("mock:unencrypted"); // END SNIPPET: AES-128-ECB } + }, new RouteBuilder() { + public void configure() throws Exception { + KeyGenerator generator = KeyGenerator.getInstance("AES"); + generator.init(128); + + SecureRandom random = new SecureRandom(); + byte[] iv = new byte[12]; + random.nextBytes(iv); + + GCMParameterSpec paramSpec = new GCMParameterSpec(128, iv); + + CryptoDataFormat cryptoFormat = new CryptoDataFormat("AES/GCM/NoPadding", generator.generateKey()); + cryptoFormat.setAlgorithmParameterSpec(paramSpec); + + from("direct:aes-gcm-encryption") + .marshal(cryptoFormat) + .to("mock:encrypted") + .unmarshal(cryptoFormat) + .to("mock:unencrypted"); + } + }, new RouteBuilder() { + public void configure() throws Exception { + KeyGenerator generator = KeyGenerator.getInstance("DES"); + + byte[] iv = new byte[8]; + SecureRandom random = new SecureRandom(); + random.nextBytes(iv); + + CryptoDataFormat cryptoFormat = new CryptoDataFormat(); + cryptoFormat.setKey(generator.generateKey()); + cryptoFormat.setInitializationVector(iv); + // cryptoFormat.setAlgorithm("DES/CBC/PKCS5Padding"); + + from("direct:no-algorithm") + .marshal(cryptoFormat) + .to("mock:encrypted") + .unmarshal(cryptoFormat) + .to("mock:unencrypted"); + } }}; } @@ -326,7 +385,7 @@ public class CryptoDataFormatTest extends CamelTestSupport { mockEp.expectedMessageCount(expected); return mockEp; } - + public static boolean checkUnrestrictedPoliciesInstalled() { try { byte[] data = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07}; diff --git a/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/SpringCryptoDataFormatTest.java b/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/SpringCryptoDataFormatTest.java index 800e2b1..a1fd2c2 100644 --- a/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/SpringCryptoDataFormatTest.java +++ b/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/SpringCryptoDataFormatTest.java @@ -17,8 +17,10 @@ package org.apache.camel.converter.crypto; import java.security.Key; +import java.security.SecureRandom; import javax.crypto.KeyGenerator; +import javax.crypto.spec.GCMParameterSpec; import org.apache.camel.CamelContext; import org.apache.camel.builder.RouteBuilder; @@ -51,11 +53,11 @@ public class SpringCryptoDataFormatTest extends CryptoDataFormatTest { public static Key getDesKey() { return deskey; } - + public static Key getDesEdeKey() { return desEdekey; } - + public static Key getAESKey() { return aeskey; } @@ -64,4 +66,11 @@ public class SpringCryptoDataFormatTest extends CryptoDataFormatTest { return new byte[] {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07}; } + public static GCMParameterSpec getGCMParameterSpec() { + byte[] iv = new byte[12]; + SecureRandom random = new SecureRandom(); + random.nextBytes(iv); + + return new GCMParameterSpec(128, iv); + } } diff --git a/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/SpringCryptoDataFormatTest.xml b/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/SpringCryptoDataFormatTest.xml index 0701aa0..833c2ce 100644 --- a/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/SpringCryptoDataFormatTest.xml +++ b/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/SpringCryptoDataFormatTest.xml @@ -66,6 +66,10 @@ <!-- START SNIPPET: aes-128-ecb-encryption --> <crypto id="aes-128-ecb-encryption" algorithm="AES/ECB/PKCS5Padding" keyRef="aesKey" /> <!-- END SNIPPET: aes-128-ecb-encryption --> + + <crypto id="aes-gcm-encryption" algorithm="AES/GCM/NoPadding" keyRef="aesKey" algorithmParameterRef="gcmParamSpec" /> + + <crypto id="des-no-algorithm" keyRef="desKey" initVectorRef="initializationVector" /> </dataFormats> <route> @@ -158,11 +162,28 @@ <to uri="mock:unencrypted" /> </route> + <route> + <from uri="direct:aes-gcm-encryption" /> + <marshal><custom ref="aes-gcm-encryption" /></marshal> + <to uri="mock:encrypted" /> + <unmarshal><custom ref="aes-gcm-encryption" /></unmarshal> + <to uri="mock:unencrypted" /> + </route> + + <route> + <from uri="direct:no-algorithm" /> + <marshal><custom ref="des-no-algorithm" /></marshal> + <to uri="mock:encrypted" /> + <unmarshal><custom ref="des-no-algorithm" /></unmarshal> + <to uri="mock:unencrypted" /> + </route> + </camelContext> <bean id="desKey" class="org.apache.camel.converter.crypto.SpringCryptoDataFormatTest" factory-method="getDesKey" /> <bean id="desEdeKey" class="org.apache.camel.converter.crypto.SpringCryptoDataFormatTest" factory-method="getDesEdeKey" /> <bean id="aesKey" class="org.apache.camel.converter.crypto.SpringCryptoDataFormatTest" factory-method="getAESKey" /> <bean id="initializationVector" class="org.apache.camel.converter.crypto.SpringCryptoDataFormatTest" factory-method="getIV" /> + <bean id="gcmParamSpec" class="org.apache.camel.converter.crypto.SpringCryptoDataFormatTest" factory-method="getGCMParameterSpec" /> </beans> \ No newline at end of file diff --git a/core/camel-core-engine/src/main/java/org/apache/camel/model/dataformat/CryptoDataFormat.java b/core/camel-core-engine/src/main/java/org/apache/camel/model/dataformat/CryptoDataFormat.java index aa22573..f6fab9d 100644 --- a/core/camel-core-engine/src/main/java/org/apache/camel/model/dataformat/CryptoDataFormat.java +++ b/core/camel-core-engine/src/main/java/org/apache/camel/model/dataformat/CryptoDataFormat.java @@ -33,7 +33,6 @@ import org.apache.camel.spi.Metadata; @XmlAccessorType(XmlAccessType.FIELD) public class CryptoDataFormat extends DataFormatDefinition { @XmlAttribute - @Metadata(defaultValue = "DES/CBC/PKCS5Padding") private String algorithm; @XmlAttribute private String cryptoProvider; @@ -65,7 +64,6 @@ public class CryptoDataFormat extends DataFormatDefinition { * The JCE algorithm name indicating the cryptographic algorithm that will * be used. * <p/> - * Is by default DES/CBC/PKCS5Padding. */ public void setAlgorithm(String algorithm) { this.algorithm = algorithm; diff --git a/docs/user-manual/modules/ROOT/pages/camel-3-migration-guide.adoc b/docs/user-manual/modules/ROOT/pages/camel-3-migration-guide.adoc index 52fd846..08a7c57 100644 --- a/docs/user-manual/modules/ROOT/pages/camel-3-migration-guide.adoc +++ b/docs/user-manual/modules/ROOT/pages/camel-3-migration-guide.adoc @@ -328,6 +328,12 @@ also been deprecated in Camel 2.x. In Camel 3 we have removed the remaining code The default signature algorithm has changed for the Crypto (JCE) Component - it is now SHA256withRSA (before it was SHA1WithDSA). +=== Crypto DataFormat + +The default encryption algorithm has changed for the Crypto (JCE) DataFormat - +it is now required to set a value for it (meaning that the default is null). +Before the default value was "DES/CBC/PKCS5Padding". + === JSon DataFormat The default JSon library with the JSon dataformat has changed from `XStream` to `Jackson`. diff --git a/platforms/spring-boot/components-starter/camel-crypto-starter/src/main/java/org/apache/camel/converter/crypto/springboot/CryptoDataFormatConfiguration.java b/platforms/spring-boot/components-starter/camel-crypto-starter/src/main/java/org/apache/camel/converter/crypto/springboot/CryptoDataFormatConfiguration.java index 4b33766..eda457f 100644 --- a/platforms/spring-boot/components-starter/camel-crypto-starter/src/main/java/org/apache/camel/converter/crypto/springboot/CryptoDataFormatConfiguration.java +++ b/platforms/spring-boot/components-starter/camel-crypto-starter/src/main/java/org/apache/camel/converter/crypto/springboot/CryptoDataFormatConfiguration.java @@ -39,9 +39,9 @@ public class CryptoDataFormatConfiguration private Boolean enabled; /** * The JCE algorithm name indicating the cryptographic algorithm that will - * be used. Is by default DES/CBC/PKCS5Padding. + * be used. */ - private String algorithm = "DES/CBC/PKCS5Padding"; + private String algorithm; /** * The name of the JCE Security Provider that should be used. */