This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/master by this push:
new d865f36 CAMEL-14160 - Remove default encryption algorithm for the
Crypto DataFormat
d865f36 is described below
commit d865f368f03f038db0cd896cadf6829a6ebc9777
Author: Colm O hEigeartaigh <cohei...@apache.org>
AuthorDate: Fri Nov 8 16:01:05 2019 +0000
CAMEL-14160 - Remove default encryption algorithm for the Crypto DataFormat
---
.../src/main/docs/crypto-component.adoc | 2 +-
.../src/main/docs/crypto-dataformat.adoc | 4 +-
.../camel/converter/crypto/CryptoDataFormat.java | 2 +-
.../converter/crypto/CryptoDataFormatTest.java | 81 +++++++++++++++++++---
.../crypto/SpringCryptoDataFormatTest.java | 13 +++-
.../crypto/SpringCryptoDataFormatTest.xml | 21 ++++++
.../camel/model/dataformat/CryptoDataFormat.java | 2 -
.../ROOT/pages/camel-3-migration-guide.adoc | 6 ++
.../springboot/CryptoDataFormatConfiguration.java | 4 +-
9 files changed, 114 insertions(+), 21 deletions(-)
diff --git a/components/camel-crypto/src/main/docs/crypto-component.adoc
b/components/camel-crypto/src/main/docs/crypto-component.adoc
index 25c4d3f..ffd8b90 100644
--- a/components/camel-crypto/src/main/docs/crypto-component.adoc
+++ b/components/camel-crypto/src/main/docs/crypto-component.adoc
@@ -187,7 +187,7 @@ The component supports 33 options, which are listed below.
| *camel.component.crypto.configuration.secure-random-name* | Sets the
reference name for a SecureRandom that can be found in the registry. | | String
| *camel.component.crypto.configuration.signature-header-name* | Set the name
of the message header that should be used to store the base64 encoded
signature. This defaults to 'CamelDigitalSignature' | | String
| *camel.component.crypto.enabled* | Enable crypto component | true | Boolean
-| *camel.dataformat.crypto.algorithm* | The JCE algorithm name indicating the
cryptographic algorithm that will be used. Is by default DES/CBC/PKCS5Padding.
| DES/CBC/PKCS5Padding | String
+| *camel.dataformat.crypto.algorithm* | The JCE algorithm name indicating the
cryptographic algorithm that will be used. | | String
| *camel.dataformat.crypto.algorithm-parameter-ref* | A JCE
AlgorithmParameterSpec used to initialize the Cipher. Will lookup the type
using the given name as a java.security.spec.AlgorithmParameterSpec type. | |
String
| *camel.dataformat.crypto.buffersize* | The size of the buffer used in the
signature process. | | Integer
| *camel.dataformat.crypto.content-type-header* | Whether the data format
should set the Content-Type header with the type from the data format if the
data format is capable of doing so. For example application/xml for data
formats marshalling to XML, or application/json for data formats marshalling to
JSon etc. | false | Boolean
diff --git a/components/camel-crypto/src/main/docs/crypto-dataformat.adoc
b/components/camel-crypto/src/main/docs/crypto-dataformat.adoc
index 5f61deb..29705ac 100644
--- a/components/camel-crypto/src/main/docs/crypto-dataformat.adoc
+++ b/components/camel-crypto/src/main/docs/crypto-dataformat.adoc
@@ -21,7 +21,7 @@ The Crypto (Java Cryptographic Extension) dataformat supports
10 options, which
[width="100%",cols="2s,1m,1m,6",options="header"]
|===
| Name | Default | Java Type | Description
-| algorithm | DES/CBC/PKCS5Padding | String | The JCE algorithm name
indicating the cryptographic algorithm that will be used. Is by default
DES/CBC/PKCS5Padding.
+| algorithm | | String | The JCE algorithm name indicating the cryptographic
algorithm that will be used.
| cryptoProvider | | String | The name of the JCE Security Provider that
should be used.
| keyRef | | String | Refers to the secret key to lookup from the register to
use.
| initVectorRef | | String | Refers to a byte array containing the
Initialization Vector that will be used to initialize the Cipher.
@@ -78,7 +78,7 @@ The component supports 33 options, which are listed below.
| *camel.component.crypto.configuration.secure-random-name* | Sets the
reference name for a SecureRandom that can be found in the registry. | | String
| *camel.component.crypto.configuration.signature-header-name* | Set the name
of the message header that should be used to store the base64 encoded
signature. This defaults to 'CamelDigitalSignature' | | String
| *camel.component.crypto.enabled* | Enable crypto component | true | Boolean
-| *camel.dataformat.crypto.algorithm* | The JCE algorithm name indicating the
cryptographic algorithm that will be used. Is by default DES/CBC/PKCS5Padding.
| DES/CBC/PKCS5Padding | String
+| *camel.dataformat.crypto.algorithm* | The JCE algorithm name indicating the
cryptographic algorithm that will be used. | | String
| *camel.dataformat.crypto.algorithm-parameter-ref* | A JCE
AlgorithmParameterSpec used to initialize the Cipher. Will lookup the type
using the given name as a java.security.spec.AlgorithmParameterSpec type. | |
String
| *camel.dataformat.crypto.buffersize* | The size of the buffer used in the
signature process. | | Integer
| *camel.dataformat.crypto.content-type-header* | Whether the data format
should set the Content-Type header with the type from the data format if the
data format is capable of doing so. For example application/xml for data
formats marshalling to XML, or application/json for data formats marshalling to
JSon etc. | false | Boolean
diff --git
a/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/CryptoDataFormat.java
b/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/CryptoDataFormat.java
index 695276c4..abd6dca 100644
---
a/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/CryptoDataFormat.java
+++
b/components/camel-crypto/src/main/java/org/apache/camel/converter/crypto/CryptoDataFormat.java
@@ -76,7 +76,7 @@ public class CryptoDataFormat extends ServiceSupport
implements DataFormat, Data
private static final Logger LOG =
LoggerFactory.getLogger(CryptoDataFormat.class);
private static final String INIT_VECTOR = "CamelCryptoInitVector";
- private String algorithm = "DES/CBC/PKCS5Padding";
+ private String algorithm;
private String cryptoProvider;
private Key configuredkey;
private int bufferSize = 4096;
diff --git
a/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/CryptoDataFormatTest.java
b/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/CryptoDataFormatTest.java
index 2688964..540fb6d 100644
---
a/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/CryptoDataFormatTest.java
+++
b/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/CryptoDataFormatTest.java
@@ -18,6 +18,7 @@ package org.apache.camel.converter.crypto;
import java.io.ByteArrayInputStream;
import java.security.Key;
+import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Collections;
import java.util.Map;
@@ -25,9 +26,11 @@ import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
+import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.camel.CamelContext;
+import org.apache.camel.CamelExecutionException;
import org.apache.camel.Exchange;
import org.apache.camel.Processor;
import org.apache.camel.builder.RouteBuilder;
@@ -36,7 +39,7 @@ import org.apache.camel.test.junit4.CamelTestSupport;
import org.junit.Test;
public class CryptoDataFormatTest extends CamelTestSupport {
-
+
@Test
public void testBasicSymmetric() throws Exception {
doRoundTripEncryptionTests("direct:basic-encryption");
@@ -61,12 +64,12 @@ public class CryptoDataFormatTest extends CamelTestSupport {
public void testSymmetricWithMD5HMAC() throws Exception {
doRoundTripEncryptionTests("direct:hmac-algorithm");
}
-
+
@Test
public void testSymmetricWithSHA256HMAC() throws Exception {
doRoundTripEncryptionTests("direct:hmac-sha-256-algorithm");
}
-
+
@Test
public void testKeySuppliedAsHeader() throws Exception {
KeyGenerator generator = KeyGenerator.getInstance("DES");
@@ -89,17 +92,17 @@ public class CryptoDataFormatTest extends CamelTestSupport {
Exchange received = mock.getReceivedExchanges().get(0);
validateHeaderIsCleared(received);
}
-
+
@Test
public void test3DESECBSymmetric() throws Exception {
doRoundTripEncryptionTests("direct:3des-ecb-encryption");
}
-
+
@Test
public void test3DESCBCSymmetric() throws Exception {
doRoundTripEncryptionTests("direct:3des-cbc-encryption");
}
-
+
@Test
public void testAES128ECBSymmetric() throws Exception {
if (checkUnrestrictedPoliciesInstalled()) {
@@ -107,6 +110,23 @@ public class CryptoDataFormatTest extends CamelTestSupport
{
}
}
+ @Test
+ public void testAES128GCMSymmetric() throws Exception {
+ if (checkUnrestrictedPoliciesInstalled()) {
+ doRoundTripEncryptionTests("direct:aes-gcm-encryption");
+ }
+ }
+
+ @Test
+ public void testNoAlgorithm() throws Exception {
+ try {
+ doRoundTripEncryptionTests("direct:no-algorithm");
+ fail("Failure expected on no algorithm specified");
+ } catch (CamelExecutionException ex) {
+ assertTrue(ex.getCause() instanceof NoSuchAlgorithmException);
+ }
+ }
+
private void validateHeaderIsCleared(Exchange ex) {
Object header = ex.getIn().getHeader(CryptoDataFormat.KEY);
assertTrue(!ex.getIn().getHeaders().containsKey(CryptoDataFormat.KEY)
|| "".equals(header) || header == null);
@@ -269,7 +289,7 @@ public class CryptoDataFormatTest extends CamelTestSupport {
KeyGenerator generator = KeyGenerator.getInstance("DESede");
CryptoDataFormat cryptoFormat = new
CryptoDataFormat("DESede/ECB/PKCS5Padding", generator.generateKey());
-
+
from("direct:3des-ecb-encryption")
.marshal(cryptoFormat)
.to("mock:encrypted")
@@ -289,10 +309,10 @@ public class CryptoDataFormatTest extends
CamelTestSupport {
CryptoDataFormat encCryptoFormat = new
CryptoDataFormat("DES/CBC/PKCS5Padding", key);
encCryptoFormat.setInitializationVector(iv);
encCryptoFormat.setShouldInlineInitializationVector(true);
-
+
CryptoDataFormat decCryptoFormat = new
CryptoDataFormat("DES/CBC/PKCS5Padding", key);
decCryptoFormat.setShouldInlineInitializationVector(true);
-
+
from("direct:3des-cbc-encryption")
.marshal(encCryptoFormat)
.to("mock:encrypted")
@@ -306,7 +326,7 @@ public class CryptoDataFormatTest extends CamelTestSupport {
KeyGenerator generator = KeyGenerator.getInstance("AES");
CryptoDataFormat cryptoFormat = new
CryptoDataFormat("AES/ECB/PKCS5Padding", generator.generateKey());
-
+
from("direct:aes-128-ecb-encryption")
.marshal(cryptoFormat)
.to("mock:encrypted")
@@ -314,6 +334,45 @@ public class CryptoDataFormatTest extends CamelTestSupport
{
.to("mock:unencrypted");
// END SNIPPET: AES-128-ECB
}
+ }, new RouteBuilder() {
+ public void configure() throws Exception {
+ KeyGenerator generator = KeyGenerator.getInstance("AES");
+ generator.init(128);
+
+ SecureRandom random = new SecureRandom();
+ byte[] iv = new byte[12];
+ random.nextBytes(iv);
+
+ GCMParameterSpec paramSpec = new GCMParameterSpec(128, iv);
+
+ CryptoDataFormat cryptoFormat = new
CryptoDataFormat("AES/GCM/NoPadding", generator.generateKey());
+ cryptoFormat.setAlgorithmParameterSpec(paramSpec);
+
+ from("direct:aes-gcm-encryption")
+ .marshal(cryptoFormat)
+ .to("mock:encrypted")
+ .unmarshal(cryptoFormat)
+ .to("mock:unencrypted");
+ }
+ }, new RouteBuilder() {
+ public void configure() throws Exception {
+ KeyGenerator generator = KeyGenerator.getInstance("DES");
+
+ byte[] iv = new byte[8];
+ SecureRandom random = new SecureRandom();
+ random.nextBytes(iv);
+
+ CryptoDataFormat cryptoFormat = new CryptoDataFormat();
+ cryptoFormat.setKey(generator.generateKey());
+ cryptoFormat.setInitializationVector(iv);
+ // cryptoFormat.setAlgorithm("DES/CBC/PKCS5Padding");
+
+ from("direct:no-algorithm")
+ .marshal(cryptoFormat)
+ .to("mock:encrypted")
+ .unmarshal(cryptoFormat)
+ .to("mock:unencrypted");
+ }
}};
}
@@ -326,7 +385,7 @@ public class CryptoDataFormatTest extends CamelTestSupport {
mockEp.expectedMessageCount(expected);
return mockEp;
}
-
+
public static boolean checkUnrestrictedPoliciesInstalled() {
try {
byte[] data = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
diff --git
a/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/SpringCryptoDataFormatTest.java
b/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/SpringCryptoDataFormatTest.java
index 800e2b1..a1fd2c2 100644
---
a/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/SpringCryptoDataFormatTest.java
+++
b/components/camel-crypto/src/test/java/org/apache/camel/converter/crypto/SpringCryptoDataFormatTest.java
@@ -17,8 +17,10 @@
package org.apache.camel.converter.crypto;
import java.security.Key;
+import java.security.SecureRandom;
import javax.crypto.KeyGenerator;
+import javax.crypto.spec.GCMParameterSpec;
import org.apache.camel.CamelContext;
import org.apache.camel.builder.RouteBuilder;
@@ -51,11 +53,11 @@ public class SpringCryptoDataFormatTest extends
CryptoDataFormatTest {
public static Key getDesKey() {
return deskey;
}
-
+
public static Key getDesEdeKey() {
return desEdekey;
}
-
+
public static Key getAESKey() {
return aeskey;
}
@@ -64,4 +66,11 @@ public class SpringCryptoDataFormatTest extends
CryptoDataFormatTest {
return new byte[] {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
}
+ public static GCMParameterSpec getGCMParameterSpec() {
+ byte[] iv = new byte[12];
+ SecureRandom random = new SecureRandom();
+ random.nextBytes(iv);
+
+ return new GCMParameterSpec(128, iv);
+ }
}
diff --git
a/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/SpringCryptoDataFormatTest.xml
b/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/SpringCryptoDataFormatTest.xml
index 0701aa0..833c2ce 100644
---
a/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/SpringCryptoDataFormatTest.xml
+++
b/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/SpringCryptoDataFormatTest.xml
@@ -66,6 +66,10 @@
<!-- START SNIPPET: aes-128-ecb-encryption -->
<crypto id="aes-128-ecb-encryption" algorithm="AES/ECB/PKCS5Padding"
keyRef="aesKey" />
<!-- END SNIPPET: aes-128-ecb-encryption -->
+
+ <crypto id="aes-gcm-encryption" algorithm="AES/GCM/NoPadding"
keyRef="aesKey" algorithmParameterRef="gcmParamSpec" />
+
+ <crypto id="des-no-algorithm" keyRef="desKey"
initVectorRef="initializationVector" />
</dataFormats>
<route>
@@ -158,11 +162,28 @@
<to uri="mock:unencrypted" />
</route>
+ <route>
+ <from uri="direct:aes-gcm-encryption" />
+ <marshal><custom ref="aes-gcm-encryption" /></marshal>
+ <to uri="mock:encrypted" />
+ <unmarshal><custom ref="aes-gcm-encryption" /></unmarshal>
+ <to uri="mock:unencrypted" />
+ </route>
+
+ <route>
+ <from uri="direct:no-algorithm" />
+ <marshal><custom ref="des-no-algorithm" /></marshal>
+ <to uri="mock:encrypted" />
+ <unmarshal><custom ref="des-no-algorithm" /></unmarshal>
+ <to uri="mock:unencrypted" />
+ </route>
+
</camelContext>
<bean id="desKey"
class="org.apache.camel.converter.crypto.SpringCryptoDataFormatTest"
factory-method="getDesKey" />
<bean id="desEdeKey"
class="org.apache.camel.converter.crypto.SpringCryptoDataFormatTest"
factory-method="getDesEdeKey" />
<bean id="aesKey"
class="org.apache.camel.converter.crypto.SpringCryptoDataFormatTest"
factory-method="getAESKey" />
<bean id="initializationVector"
class="org.apache.camel.converter.crypto.SpringCryptoDataFormatTest"
factory-method="getIV" />
+ <bean id="gcmParamSpec"
class="org.apache.camel.converter.crypto.SpringCryptoDataFormatTest"
factory-method="getGCMParameterSpec" />
</beans>
\ No newline at end of file
diff --git
a/core/camel-core-engine/src/main/java/org/apache/camel/model/dataformat/CryptoDataFormat.java
b/core/camel-core-engine/src/main/java/org/apache/camel/model/dataformat/CryptoDataFormat.java
index aa22573..f6fab9d 100644
---
a/core/camel-core-engine/src/main/java/org/apache/camel/model/dataformat/CryptoDataFormat.java
+++
b/core/camel-core-engine/src/main/java/org/apache/camel/model/dataformat/CryptoDataFormat.java
@@ -33,7 +33,6 @@ import org.apache.camel.spi.Metadata;
@XmlAccessorType(XmlAccessType.FIELD)
public class CryptoDataFormat extends DataFormatDefinition {
@XmlAttribute
- @Metadata(defaultValue = "DES/CBC/PKCS5Padding")
private String algorithm;
@XmlAttribute
private String cryptoProvider;
@@ -65,7 +64,6 @@ public class CryptoDataFormat extends DataFormatDefinition {
* The JCE algorithm name indicating the cryptographic algorithm that will
* be used.
* <p/>
- * Is by default DES/CBC/PKCS5Padding.
*/
public void setAlgorithm(String algorithm) {
this.algorithm = algorithm;
diff --git a/docs/user-manual/modules/ROOT/pages/camel-3-migration-guide.adoc
b/docs/user-manual/modules/ROOT/pages/camel-3-migration-guide.adoc
index 52fd846..08a7c57 100644
--- a/docs/user-manual/modules/ROOT/pages/camel-3-migration-guide.adoc
+++ b/docs/user-manual/modules/ROOT/pages/camel-3-migration-guide.adoc
@@ -328,6 +328,12 @@ also been deprecated in Camel 2.x. In Camel 3 we have
removed the remaining code
The default signature algorithm has changed for the Crypto (JCE) Component - it
is now SHA256withRSA (before it was SHA1WithDSA).
+=== Crypto DataFormat
+
+The default encryption algorithm has changed for the Crypto (JCE) DataFormat -
+it is now required to set a value for it (meaning that the default is null).
+Before the default value was "DES/CBC/PKCS5Padding".
+
=== JSon DataFormat
The default JSon library with the JSon dataformat has changed from `XStream`
to `Jackson`.
diff --git
a/platforms/spring-boot/components-starter/camel-crypto-starter/src/main/java/org/apache/camel/converter/crypto/springboot/CryptoDataFormatConfiguration.java
b/platforms/spring-boot/components-starter/camel-crypto-starter/src/main/java/org/apache/camel/converter/crypto/springboot/CryptoDataFormatConfiguration.java
index 4b33766..eda457f 100644
---
a/platforms/spring-boot/components-starter/camel-crypto-starter/src/main/java/org/apache/camel/converter/crypto/springboot/CryptoDataFormatConfiguration.java
+++
b/platforms/spring-boot/components-starter/camel-crypto-starter/src/main/java/org/apache/camel/converter/crypto/springboot/CryptoDataFormatConfiguration.java
@@ -39,9 +39,9 @@ public class CryptoDataFormatConfiguration
private Boolean enabled;
/**
* The JCE algorithm name indicating the cryptographic algorithm that will
- * be used. Is by default DES/CBC/PKCS5Padding.
+ * be used.
*/
- private String algorithm = "DES/CBC/PKCS5Padding";
+ private String algorithm;
/**
* The name of the JCE Security Provider that should be used.
*/
