[nifi] branch main updated: NIFI-8465 Handle bcrypt legacy decrypt failures in testing

Mon, 26 Apr 2021 09:34:52 -0700 

This is an automated email from the ASF dual-hosted git repository.

exceptionfactory pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git


The following commit(s) were added to refs/heads/main by this push:
     new 835f50c  NIFI-8465 Handle bcrypt legacy decrypt failures in testing
835f50c is described below

commit 835f50c83a9b2ed89374da127893cb40db5b3c79
Author: Paul Grey <[email protected]>
AuthorDate: Mon Apr 26 11:05:02 2021 -0400

    NIFI-8465 Handle bcrypt legacy decrypt failures in testing
    
    This closes #5029
    
    Signed-off-by: David Handermann <[email protected]>
---
 .../util/crypto/PasswordBasedEncryptorGroovyTest.groovy     | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git 
a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/groovy/org/apache/nifi/security/util/crypto/PasswordBasedEncryptorGroovyTest.groovy
 
b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/groovy/org/apache/nifi/security/util/crypto/PasswordBasedEncryptorGroovyTest.groovy
index ce88368..b4376ed 100644
--- 
a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/groovy/org/apache/nifi/security/util/crypto/PasswordBasedEncryptorGroovyTest.groovy
+++ 
b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/groovy/org/apache/nifi/security/util/crypto/PasswordBasedEncryptorGroovyTest.groovy
@@ -442,7 +442,18 @@ class PasswordBasedEncryptorGroovyTest {
         String recovered = new String(recoveredBytes, StandardCharsets.UTF_8)
         logger.info("Plaintext (${recoveredBytes.size()}): ${recovered}")
 
-        assert recovered == PLAINTEXT
+        // handle reader logic error (PKCS7 padding false positive) by 
explicitly testing legacy key derivation
+        if (PLAINTEXT != recovered) {
+            logger.warn("Explicit test of legacy key derivation logic.")
+            InputStream inputStreamLegacy = new 
ByteArrayInputStream(cipherBytes)
+            OutputStream outputStreamLegacy = new ByteArrayOutputStream()
+            byte[] salt = bcryptCipherProvider.readSalt(inputStreamLegacy)
+            byte[] iv = bcryptCipherProvider.readIV(inputStreamLegacy)
+            Cipher cipherLegacy = 
bcryptCipherProvider.getLegacyDecryptCipher(encryptionMethod, PASSWORD, salt, 
iv, keyLength)
+            CipherUtility.processStreams(cipherLegacy, inputStreamLegacy, 
outputStreamLegacy)
+            String recoveredLegacy = new 
String(outputStreamLegacy.toByteArray(), StandardCharsets.UTF_8)
+            assert recoveredLegacy == PLAINTEXT
+        }
     }
 
     /**

Reply via email to