MuktiKrishnan commented on pull request #1658:
URL: https://github.com/apache/zookeeper/pull/1658#issuecomment-809415635
> > > I think the idea makes sense to me. Would you please provide a real
life example of a `Crypt` class that could be used in production with your
patch?
> >
> >
> > I think it is not good to add any concrete implementation otherwise
there will be too many security concerns. I can add a reference implementation
in test class, but for that I need to add test dependencies
>
> You don't need to add it to the code. Just paste it here.
// An implementation of Crypt class.
public class DemoCrypt implements Crypt {
private static final byte[] AES_IV = { 23, 37, -3, 20, -42, 19, 77, -6,
-12, 8, -12, 1, 3, -14, 39, -25 };
private static String AES_KEY_IN_HEX =
"9665189195944541061733242962480165010686234024933581821496679159916027000716725228235751093878445517";
private static byte[] AES_KEY;
private static final String AES_ALGORITHM = "AES";
private static final String AES_PADDING = "AES/CBC/PKCS5Padding";
/** Config for encrypt and decrypt key offset */
public static final String ENCRYPT_DECRYPT_KEY_OFFSET =
"zookeeeper.config.encrypt.decrypt.key.offset";
static {
int keyOffset = 0;
String offset = System.getProperty(ENCRYPT_DECRYPT_KEY_OFFSET);
if (offset != null && !offset.isEmpty()) {
keyOffset = Integer.valueOf(offset.trim());
}
String userRequestedKey;
try {
userRequestedKey = AES_KEY_IN_HEX.substring(keyOffset,
keyOffset + 32);
} catch (IndexOutOfBoundsException e) {
throw new IllegalArgumentException("Supported value for "
+ ENCRYPT_DECRYPT_KEY_OFFSET + " is only between 0 to
68");
}
int len = userRequestedKey.length();
byte[] data = new byte[len / 2];
for (int i = 0; i < len; i += 2) {
data[i / 2] = (byte)
((Character.digit(userRequestedKey.charAt(i),
16) << 4) + Character.digit(userRequestedKey.charAt(i +
1),
16));
}
AES_KEY = data;
}
public String encrypt(String plainText) throws Exception {
if (null == plainText || plainText.trim().length() == 0) {
throw new IllegalArgumentException(
"The specified string to be encrypted[" + plainText
+ "] is either null or empty");
}
IvParameterSpec ivParamSpec = new IvParameterSpec(AES_IV);
SecretKeySpec secretKeySpec = new SecretKeySpec(AES_KEY,
AES_ALGORITHM);
Cipher cipher = Cipher.getInstance(AES_PADDING);
cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, ivParamSpec);
return new String(Base64.encodeBase64(cipher.doFinal(plainText
.getBytes())));
}
@Override
public String decrypt(String cipherText) throws Exception {
if (null == cipherText || cipherText.trim().length() == 0) {
throw new IllegalArgumentException(
"The specified string to be decrypted[" + cipherText
+ "] is either null or empty");
}
IvParameterSpec ivParamSpec = new IvParameterSpec(AES_IV);
SecretKeySpec secretKeySpec = new SecretKeySpec(AES_KEY,
AES_ALGORITHM);
Cipher cipher = Cipher.getInstance(AES_PADDING);
cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, ivParamSpec);
return new String(cipher.doFinal(Base64.decodeBase64(cipherText
.getBytes())));
}
}
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
