You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by jo...@apache.org on 2020/01/31 14:04:50 UTC
[nifi] 02/02: NIFI-7079 Cleaned up formatting and comments.
This is an automated email from the ASF dual-hosted git repository.
joewitt pushed a commit to branch support/nifi-1.11.x
in repository https://gitbox.apache.org/repos/asf/nifi.git
commit 69c46f0197645a7d14bed4c751eddc540d3233f8
Author: Andy LoPresto <al...@apache.org>
AuthorDate: Thu Jan 30 22:46:42 2020 -0800
NIFI-7079 Cleaned up formatting and comments.
---
.../apache/nifi/security/util/crypto/Argon2SecureHasher.java | 11 +++++------
.../nifi-security-utils/src/test/resources/logback-test.xml | 2 +-
.../java/org/apache/nifi/fingerprint/FingerprintFactory.java | 7 ++-----
3 files changed, 8 insertions(+), 12 deletions(-)
diff --git a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/Argon2SecureHasher.java b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/Argon2SecureHasher.java
index c152759..0697f3d 100644
--- a/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/Argon2SecureHasher.java
+++ b/nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/Argon2SecureHasher.java
@@ -42,7 +42,6 @@ import org.slf4j.LoggerFactory;
public class Argon2SecureHasher implements SecureHasher {
private static final Logger logger = LoggerFactory.getLogger(Argon2SecureHasher.class);
- private static final int DEFAULT_SALT_LENGTH = 16;
private static final int DEFAULT_HASH_LENGTH = 32;
private static final int DEFAULT_PARALLELISM = 1;
private static final int DEFAULT_MEMORY = 1 << 12;
@@ -74,7 +73,7 @@ public class Argon2SecureHasher implements SecureHasher {
* Instantiates an Argon2 secure hasher using the provided cost parameters. A unique
* {@link #DEFAULT_SALT_LENGTH} byte salt will be generated on every hash request.
*
- * @param hashLength the output length in bytes ({@code 4 to 2^32 -1})
+ * @param hashLength the output length in bytes ({@code 4 to 2^32 - 1})
* @param memory the integer number of KB used ({@code 8p to 2^32 - 1})
* @param parallelism degree of parallelism ({@code 1 to 2^24 - 1})
* @param iterations number of iterations ({@code 1 to 2^32 - 1})
@@ -87,7 +86,7 @@ public class Argon2SecureHasher implements SecureHasher {
* Instantiates an Argon2 secure hasher using the provided cost parameters. A unique
* salt of the specified length will be generated on every hash request.
*
- * @param hashLength the output length in bytes ({@code 4 to 2^32 -1})
+ * @param hashLength the output length in bytes ({@code 4 to 2^32 - 1})
* @param memory the integer number of KB used ({@code 8p to 2^32 - 1})
* @param parallelism degree of parallelism ({@code 1 to 2^24 - 1})
* @param iterations number of iterations ({@code 1 to 2^32 - 1})
@@ -137,7 +136,7 @@ public class Argon2SecureHasher implements SecureHasher {
}
/**
- * Returns a String representation of {@code CHF(input)} in hex-encoded format.
+ * Returns a String representation of {@code Argon2(input)} in hex-encoded format.
*
* @param input the input
* @return the hex-encoded hash
@@ -153,7 +152,7 @@ public class Argon2SecureHasher implements SecureHasher {
}
/**
- * Returns a String representation of {@code CHF(input)} in Base 64-encoded format.
+ * Returns a String representation of {@code Argon2(input)} in Base 64-encoded format.
*
* @param input the input
* @return the Base 64-encoded hash
@@ -169,7 +168,7 @@ public class Argon2SecureHasher implements SecureHasher {
}
/**
- * Returns a byte[] representation of {@code CHF(input)}.
+ * Returns a byte[] representation of {@code Argon2(input)}.
*
* @param input the input
* @return the hash
diff --git a/nifi-commons/nifi-security-utils/src/test/resources/logback-test.xml b/nifi-commons/nifi-security-utils/src/test/resources/logback-test.xml
index d8e72bd..b5036d4 100644
--- a/nifi-commons/nifi-security-utils/src/test/resources/logback-test.xml
+++ b/nifi-commons/nifi-security-utils/src/test/resources/logback-test.xml
@@ -32,7 +32,7 @@
<logger name="org.apache.nifi" level="INFO"/>
<logger name="org.apache.nifi.security.util.crypto" level="DEBUG"/>
- <root level="DEBUG">
+ <root level="INFO">
<appender-ref ref="CONSOLE"/>
</root>
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/fingerprint/FingerprintFactory.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/fingerprint/FingerprintFactory.java
index 15e1635..dea010a 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/fingerprint/FingerprintFactory.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/fingerprint/FingerprintFactory.java
@@ -342,7 +342,7 @@ public class FingerprintFactory {
// append value
if (isEncrypted(value)) {
- // propValue is non null, no need to use getValue
+ // Get a secure, deterministic, loggable representation of this value
builder.append(getLoggableRepresentationOfSensitiveValue(value));
} else {
builder.append(getValue(value, NO_VALUE));
@@ -557,15 +557,12 @@ public class FingerprintFactory {
* @return a deterministic string value which represents this input but is safe to print in a log
*/
private String getLoggableRepresentationOfSensitiveValue(String encryptedPropertyValue) {
- // TODO: Implement Scrypt or Argon2 secure hash of decrypted value
-
// TODO: Use DI/IoC to inject this implementation in the constructor of the FingerprintFactory
// There is little initialization cost, so it doesn't make sense to cache this as a field
SecureHasher secureHasher = new Argon2SecureHasher();
// TODO: Extend {@link StringEncryptor} with secure hashing capability and inject?
- String hexEncodedHash = secureHasher.hashHex(decrypt(encryptedPropertyValue));
- return hexEncodedHash;
+ return secureHasher.hashHex(decrypt(encryptedPropertyValue));
}
private StringBuilder addPortFingerprint(final StringBuilder builder, final Element portElem) throws FingerprintException {