Alon Bar-Lev has posted comments on this change.

Change subject: pki: introduce the EngineEncryptionUtils
......................................................................


Patch Set 1: (3 inline comments)

....................................................
File 
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/provider/ImportProviderCertificateChainCommand.java
Line 60:         if (chain != null && chain.size() > 0) {
Line 61:             KeyStore ks = null;
Line 62:             try {
Line 63:                 ks = ExternalTrustStoreInitializer.getTrustStore();
Line 64:             } catch (RuntimeException e) {
Done
Line 65:                 handleException(e);
Line 66:             }
Line 67: 
Line 68:             try {


....................................................
File 
backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/crypt/EngineEncryptionUtils.java
Line 62:             );
Line 63:         } finally {
Line 64:             if (in != null) {
Line 65:                 try {
Line 66:                     in.close();
soon, I will go over all sources I maintain and do this in one patch.
Line 67:                 } catch (IOException e) {
Line 68:                     log.error("Cannot close key store", e);
Line 69:                 }
Line 70:             }


Line 143:         if (source == null || source.trim().length() == 0) {
Line 144:             return "";
Line 145:         }
Line 146:         else {
Line 147:             Cipher rsa = Cipher.getInstance("RSA");
Even this use of RSA is invalid... in future we should use AES/CBC/PKCS5Padding 
and then encrypt the symmetric key using RSA/ECB/OAEPWithSHA-1AndMGF1Padding
Line 148:             rsa.init(Cipher.ENCRYPT_MODE, 
getCertificate().getPublicKey());
Line 149:             return new Base64(0).encodeToString(
Line 150:                 
rsa.doFinal(source.trim().getBytes(Charset.forName("UTF-8")))
Line 151:             );


-- 
To view, visit http://gerrit.ovirt.org/16088
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I10af516c2f35bb853ccae42a03e3ec4b98ce5efb
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev <[email protected]>
Gerrit-Reviewer: Allon Mureinik <[email protected]>
Gerrit-Reviewer: Alon Bar-Lev <[email protected]>
Gerrit-Reviewer: Oved Ourfali <[email protected]>
Gerrit-Reviewer: Yair Zaslavsky <[email protected]>
Gerrit-Reviewer: Yaniv Bronhaim <[email protected]>
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to