joewitt commented on a change in pull request #4427:
URL: https://github.com/apache/nifi/pull/4427#discussion_r460253175
##########
File path:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/encrypt/StringEncryptor.java
##########
@@ -408,27 +468,34 @@ public String decrypt(String cipherText) throws
EncryptionException {
private byte[] decryptPBE(byte[] cipherBytes) {
PBECipherProvider pbecp = (PBECipherProvider) cipherProvider;
- final EncryptionMethod encryptionMethod =
EncryptionMethod.forAlgorithm(algorithm);
+ final EncryptionMethod encryptionMethod =
getEncryptionMethodForAlgorithm(algorithm);
// Extract salt
- int saltLength = CipherUtility.getSaltLengthForAlgorithm(algorithm);
+ int saltLength = determineSaltLength(algorithm);
byte[] salt = new byte[saltLength];
System.arraycopy(cipherBytes, 0, salt, 0, saltLength);
- byte[] actualCipherBytes = Arrays.copyOfRange(cipherBytes, saltLength,
cipherBytes.length);
+ // Read IV if necessary (allows for future use of Argon2, PBKDF2,
Bcrypt, or Scrypt)
+ byte[] ivBytes = new byte[0];
Review comment:
maybe it isn't worth the effort. by preallocating a 16 byte array to
reuse over and over seems like it would perform quite well and relax GC
pressure particularly in the event of larger objects. am I overthinking that
one?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
