[GitHub] [nifi] greyp9 commented on a diff in pull request #6939: NIFI-11161 Simplify KeyedCipherPropertyEncryptor

Mon, 27 Feb 2023 15:13:40 -0800 


greyp9 commented on code in PR #6939:
URL: https://github.com/apache/nifi/pull/6939#discussion_r1119403187


##########
nifi-commons/nifi-property-encryptor/src/main/java/org/apache/nifi/encrypt/KeyedCipherPropertyEncryptor.java:
##########
@@ -16,47 +16,36 @@
  */
 package org.apache.nifi.encrypt;
 
-import org.apache.nifi.security.util.EncryptionMethod;
-import org.apache.nifi.security.util.crypto.KeyedCipherProvider;
-
 import javax.crypto.Cipher;
 import javax.crypto.SecretKey;
+import javax.crypto.spec.GCMParameterSpec;
 import java.security.SecureRandom;
 import java.util.Arrays;
 import java.util.Objects;
 
 /**
- * Property Encryptor implementation using Keyed Cipher Provider
+ * Property Encryptor implementation using AES-GCM
  */
 class KeyedCipherPropertyEncryptor extends CipherPropertyEncryptor {
     private static final int INITIALIZATION_VECTOR_LENGTH = 16;
 
-    private static final int ARRAY_START = 0;
-
-    private static final boolean ENCRYPT = true;
+    private static final int GCM_TAG_LENGTH_BITS = 128;
 
-    private static final boolean DECRYPT = false;
-
-    private final KeyedCipherProvider cipherProvider;
+    private static final int ARRAY_START = 0;
 
-    private final EncryptionMethod encryptionMethod;
+    private static final String CIPHER_ALGORITHM = "AES/GCM/NoPadding";

Review Comment:
   The IV length, tag length, and algorithm are each declared multiple times in 
the code base.  Do you envision consolidating those usages at some point in the 
future?



##########
nifi-commons/nifi-property-encryptor/src/test/java/org/apache/nifi/encrypt/KeyedCipherPropertyEncryptorTest.java:
##########
@@ -77,26 +70,26 @@ public void testEncryptHexadecimalEncoded() throws 
DecoderException {
     @Test
     public void testDecryptEncryptionException() {
         final String encodedProperty = 
Hex.encodeHexString(PROPERTY.getBytes(DEFAULT_CHARSET));
-        assertThrows(EncryptionException.class, () -> 
encryptor.decrypt(encodedProperty));
+        assertThrows(Exception.class, () -> 
encryptor.decrypt(encodedProperty));

Review Comment:
   Why not retain the more specific exception type here?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to