Repository: syncope Updated Branches: refs/heads/2_0_X e21971bf5 -> 852dec694
SYNCOPE-1168 - Encryptor pads short secret keys with "0" instead of random characters Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/852dec69 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/852dec69 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/852dec69 Branch: refs/heads/2_0_X Commit: 852dec6946813ac4756b8868988e145316bd6f94 Parents: e21971b Author: Colm O hEigeartaigh <[email protected]> Authored: Tue Jul 18 11:02:40 2017 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Tue Jul 18 12:02:32 2017 +0100 ---------------------------------------------------------------------- .../apache/syncope/core/spring/security/Encryptor.java | 11 +++++++---- .../syncope/core/spring/security/EncryptorTest.java | 13 +++++++++++-- 2 files changed, 18 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/syncope/blob/852dec69/core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java ---------------------------------------------------------------------- diff --git a/core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java b/core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java index af64177..a97094a 100644 --- a/core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java +++ b/core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java @@ -154,11 +154,14 @@ public final class Encryptor { String actualKey = secretKey; if (actualKey.length() < 16) { StringBuilder actualKeyPadding = new StringBuilder(actualKey); - for (int i = 0; i < 16 - actualKey.length(); i++) { - actualKeyPadding.append('0'); - } + int length = 16 - actualKey.length(); + String randomChars = SecureRandomUtils.generateRandomPassword(length); + + actualKeyPadding.append(randomChars); actualKey = actualKeyPadding.toString(); - LOG.debug("actualKey too short, adding some random characters"); + LOG.warn("The secret key is too short (< 16), adding some random characters. " + + "Passwords encrypted with AES and this key will not be recoverable " + + "as a result if the container is restarted."); } try { http://git-wip-us.apache.org/repos/asf/syncope/blob/852dec69/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java ---------------------------------------------------------------------- diff --git a/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java b/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java index 98c3f16..064d970 100644 --- a/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java +++ b/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java @@ -61,7 +61,16 @@ public class EncryptorTest { @Test public void testDecodeDefaultAESKey() throws Exception { - String password = encryptor.decode("9Pav+xl+UyHt02H9ZBytiA==", CipherAlgorithm.AES); - assertEquals("password", password); + String decPassword = encryptor.decode("9Pav+xl+UyHt02H9ZBytiA==", CipherAlgorithm.AES); + assertEquals(password, decPassword); } + + @Test + public void testSmallKey() throws Exception { + Encryptor smallKeyEncryptor = Encryptor.getInstance("123"); + String encPassword = smallKeyEncryptor.encode(password, CipherAlgorithm.AES); + String decPassword = smallKeyEncryptor.decode(encPassword, CipherAlgorithm.AES); + assertEquals(password, decPassword); + } + }
