[
https://issues.apache.org/jira/browse/NIFI-2961?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15724324#comment-15724324
]
ASF GitHub Bot commented on NIFI-2961:
--------------------------------------
Github user alopresto commented on a diff in the pull request:
https://github.com/apache/nifi/pull/1294#discussion_r91010258
--- Diff:
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestEncryptAttributes.java
---
@@ -0,0 +1,161 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.nifi.processors.standard;
+
+import org.apache.nifi.flowfile.FlowFile;
+import org.apache.nifi.flowfile.attributes.CoreAttributes;
+import org.apache.nifi.processor.ProcessSession;
+import org.apache.nifi.security.util.EncryptionMethod;
+import org.apache.nifi.security.util.KeyDerivationFunction;
+import org.apache.nifi.util.MockFlowFile;
+import org.apache.nifi.util.TestRunner;
+import org.apache.nifi.util.TestRunners;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.security.Security;
+import java.util.Map;
+
+public class TestEncryptAttributes {
+
+ private static final Logger logger =
LoggerFactory.getLogger(TestEncryptAttributes.class);
+
+ // Initialize some common property values which will be used for
setting up processor
+ private static final EncryptionMethod[] ENCRYPTION_METHODS =
EncryptionMethod.values();
+ final String RAW_HEX_KEY= "abababababababababababababababab";
+ private static final String PRIVATE_KEYRING =
"src/test/resources/TestEncryptContent/secring.gpg";
+ private static final String PUBLIC_KEYRING =
"src/test/resources/TestEncryptContent/pubring.gpg";
+ private static final String PRIVATE_KEYRING_PASSPHRASE = "PASSWORD";
+ private static final String FILENAME_ATTR_KEY =
CoreAttributes.FILENAME.key();
+ private static final String UUID_ATTR_KEY = CoreAttributes.UUID.key();
+
+
+ @Before
+ public void setUp() {
+ Security.addProvider(new BouncyCastleProvider());
+ }
+
+
+ @Test
+ public void testRoundTrip() {
+ final TestRunner testRunner = TestRunners.newTestRunner(new
EncryptAttributes());
+
+ for (final EncryptionMethod encryptionMethod : ENCRYPTION_METHODS)
{
+ if (encryptionMethod.isUnlimitedStrength())
+ continue;
+ if (encryptionMethod.isKeyedCipher()){
+ testRunner.setProperty(EncryptAttributes.RAW_KEY_HEX,
RAW_HEX_KEY);
+
testRunner.setProperty(EncryptAttributes.KEY_DERIVATION_FUNCTION,
KeyDerivationFunction.NONE.name());
+ } else {
+ testRunner.setProperty(EncryptAttributes.PASSWORD,
"short");
+
testRunner.setProperty(EncryptAttributes.KEY_DERIVATION_FUNCTION,
KeyDerivationFunction.OPENSSL_EVP_BYTES_TO_KEY.name());
+
testRunner.setProperty(EncryptAttributes.ALLOW_WEAK_CRYPTO,
EncryptAttributes.WEAK_CRYPTO_ALLOWED_NAME);
+ }
+
+ logger.info("Attempting {}", encryptionMethod.name());
+ testRunner.setProperty(EncryptAttributes.ENCRYPTION_ALGORITHM,
encryptionMethod.name());
+ testRunner.setProperty(EncryptAttributes.MODE,
EncryptAttributes.ENCRYPT_MODE);
+
+ //create FlowFile and pass it to processor
+ ProcessSession session =
testRunner.getProcessSessionFactory().createSession();
+ FlowFile ff = session.create();
--- End diff --
The only attribute generated here that will be encrypted is `path`. Why is
`path` not treated as a core attribute like `filename` and `uuid`?
> Create EncryptAttribute processor
> ---------------------------------
>
> Key: NIFI-2961
> URL: https://issues.apache.org/jira/browse/NIFI-2961
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions
> Affects Versions: 1.0.0
> Reporter: Andy LoPresto
> Labels: attributes, encryption, security
>
> Similar to {{EncryptContent}}, the {{EncryptAttribute}} processor would allow
> individual (and multiple) flowfile attributes to be encrypted (either
> in-place or to a new attribute key) with various encryption algorithms (AES,
> RSA, PBE, and PGP).
> Specific compatibility with the {{OpenSSL EVP_BytesToKey}}, {{PBKDF2}},
> {{scrypt}}, and {{bcrypt}} key derivation functions should be included.
> The processor should provide the boolean option to encrypt or decrypt (only
> one operation per instance of the processor). The processor should also allow
> Base64 encoding (aka ASCII armor) for the encrypted attributes to prevent
> byte escaping/data loss.
> If [dangerous processor
> annotations|https://cwiki.apache.org/confluence/display/NIFI/Security+Feature+Roadmap]
> are introduced, this processor should be marked as such and the
> corresponding attribute protection (i.e. provenance before/after, etc.)
> should be applied.
> Originally requested in this [Stack Overflow
> question|https://stackoverflow.com/questions/40294945/nifi-encrypt-json].
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
