SYNCOPE-1168 - Encryptor pads short secret keys with "0" instead of random characters
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/d4edbaa8 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/d4edbaa8 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/d4edbaa8 Branch: refs/heads/1_2_X Commit: d4edbaa814bd50e0a7c8373c8624eb5e4b02763c Parents: ea68755 Author: Colm O hEigeartaigh <[email protected]> Authored: Tue Jul 18 11:02:40 2017 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Tue Jul 18 13:21:13 2017 +0100 ---------------------------------------------------------------------- .../java/org/apache/syncope/core/util/Encryptor.java | 11 +++++++---- .../org/apache/syncope/core/security/EncryptorTest.java | 12 ++++++++++-- 2 files changed, 17 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/syncope/blob/d4edbaa8/core/src/main/java/org/apache/syncope/core/util/Encryptor.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/syncope/core/util/Encryptor.java b/core/src/main/java/org/apache/syncope/core/util/Encryptor.java index 270f2f8..2e8c111 100644 --- a/core/src/main/java/org/apache/syncope/core/util/Encryptor.java +++ b/core/src/main/java/org/apache/syncope/core/util/Encryptor.java @@ -172,11 +172,14 @@ public final class Encryptor { String actualKey = secretKey; if (actualKey.length() < 16) { StringBuilder actualKeyPadding = new StringBuilder(actualKey); - for (int i = 0; i < 16 - actualKey.length(); i++) { - actualKeyPadding.append('0'); - } + int length = 16 - actualKey.length(); + String randomChars = SecureRandomUtil.generateRandomPassword(length); + + actualKeyPadding.append(randomChars); actualKey = actualKeyPadding.toString(); - LOG.debug("actualKey too short, adding some random characters"); + LOG.warn("The secret key is too short (< 16), adding some random characters. " + + "Passwords encrypted with AES and this key will not be recoverable " + + "as a result if the container is restarted."); } try { http://git-wip-us.apache.org/repos/asf/syncope/blob/d4edbaa8/core/src/test/java/org/apache/syncope/core/security/EncryptorTest.java ---------------------------------------------------------------------- diff --git a/core/src/test/java/org/apache/syncope/core/security/EncryptorTest.java b/core/src/test/java/org/apache/syncope/core/security/EncryptorTest.java index 626416f..c7fed5c 100644 --- a/core/src/test/java/org/apache/syncope/core/security/EncryptorTest.java +++ b/core/src/test/java/org/apache/syncope/core/security/EncryptorTest.java @@ -60,7 +60,15 @@ public class EncryptorTest { @Test public void testDecodeDefaultAESKey() throws Exception { - String password = encryptor.decode("9Pav+xl+UyHt02H9ZBytiA==", CipherAlgorithm.AES); - assertEquals("password", password); + String decPassword = encryptor.decode("9Pav+xl+UyHt02H9ZBytiA==", CipherAlgorithm.AES); + assertEquals(password, decPassword); + } + + @Test + public void testSmallKey() throws Exception { + Encryptor smallKeyEncryptor = Encryptor.getInstance("123"); + String encPassword = smallKeyEncryptor.encode(password, CipherAlgorithm.AES); + String decPassword = smallKeyEncryptor.decode(encPassword, CipherAlgorithm.AES); + assertEquals(password, decPassword); } }
