You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@shardingsphere.apache.org by du...@apache.org on 2023/06/09 09:19:13 UTC
[shardingsphere] branch master updated: Use custom digest to create AES secret key. (#26213)
This is an automated email from the ASF dual-hosted git repository.
duanzhengqiang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shardingsphere.git
The following commit(s) were added to refs/heads/master by this push:
new 570b41e1a10 Use custom digest to create AES secret key. (#26213)
570b41e1a10 is described below
commit 570b41e1a1044d44a5d60d4d72ffced899a591fe
Author: Cong Hu <ia...@qq.com>
AuthorDate: Fri Jun 9 17:19:03 2023 +0800
Use custom digest to create AES secret key. (#26213)
* Use custom digest to create AES secret key.
* Use custom digest to create AES secret key.
---
.../common-config/builtin-algorithm/encrypt.cn.md | 7 +++---
.../common-config/builtin-algorithm/encrypt.en.md | 7 +++---
.../algorithm/standard/AESEncryptAlgorithm.java | 6 +++++-
.../standard/AESEncryptAlgorithmTest.java | 25 ++++++++++++++++++++++
4 files changed, 38 insertions(+), 7 deletions(-)
diff --git a/docs/document/content/user-manual/common-config/builtin-algorithm/encrypt.cn.md b/docs/document/content/user-manual/common-config/builtin-algorithm/encrypt.cn.md
index fcfb5465fa6..a69fafd2aa4 100644
--- a/docs/document/content/user-manual/common-config/builtin-algorithm/encrypt.cn.md
+++ b/docs/document/content/user-manual/common-config/builtin-algorithm/encrypt.cn.md
@@ -17,9 +17,10 @@ weight = 5
可配置属性:
-| *名称* | *数据类型* | *说明* |
-|---------------|--------|-------------|
-| aes-key-value | String | AES 使用的 KEY |
+| *名称* | *数据类型* | *说明* |
+|-----------------------|--------|------------------------------|
+| aes-key-value | String | AES 使用的 KEY |
+| digest-algorithm-name | String | AES KEY 的摘要算法 (可选,默认值:SHA-1) |
#### RC4 加密算法
diff --git a/docs/document/content/user-manual/common-config/builtin-algorithm/encrypt.en.md b/docs/document/content/user-manual/common-config/builtin-algorithm/encrypt.en.md
index a15859bf3fd..7a03d111c06 100644
--- a/docs/document/content/user-manual/common-config/builtin-algorithm/encrypt.en.md
+++ b/docs/document/content/user-manual/common-config/builtin-algorithm/encrypt.en.md
@@ -17,9 +17,10 @@ Type: AES
Attributes:
-| *Name* | *DataType* | *Description* |
-|---------------|------------|---------------|
-| aes-key-value | String | AES KEY |
+| *Name* | *DataType* | *Description* |
+|-----------------------|------------|-----------------------------------------------------|
+| aes-key-value | String | AES KEY |
+| digest-algorithm-name | String | AES KEY DIGEST ALGORITHM (optional, default: SHA-1) |
#### RC4 Encrypt Algorithm
diff --git a/features/encrypt/core/src/main/java/org/apache/shardingsphere/encrypt/algorithm/standard/AESEncryptAlgorithm.java b/features/encrypt/core/src/main/java/org/apache/shardingsphere/encrypt/algorithm/standard/AESEncryptAlgorithm.java
index 86f8d3281c7..17068953360 100644
--- a/features/encrypt/core/src/main/java/org/apache/shardingsphere/encrypt/algorithm/standard/AESEncryptAlgorithm.java
+++ b/features/encrypt/core/src/main/java/org/apache/shardingsphere/encrypt/algorithm/standard/AESEncryptAlgorithm.java
@@ -20,6 +20,7 @@ package org.apache.shardingsphere.encrypt.algorithm.standard;
import com.google.common.base.Strings;
import lombok.SneakyThrows;
import org.apache.commons.codec.digest.DigestUtils;
+import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.apache.shardingsphere.encrypt.api.encrypt.standard.StandardEncryptAlgorithm;
import org.apache.shardingsphere.encrypt.exception.algorithm.EncryptAlgorithmInitializationException;
import org.apache.shardingsphere.encrypt.api.context.EncryptContext;
@@ -43,6 +44,8 @@ public final class AESEncryptAlgorithm implements StandardEncryptAlgorithm<Objec
private static final String AES_KEY = "aes-key-value";
+ private static final String DIGEST_ALGORITHM_NAME = "digest-algorithm-name";
+
private byte[] secretKey;
@Override
@@ -54,7 +57,8 @@ public final class AESEncryptAlgorithm implements StandardEncryptAlgorithm<Objec
String aesKey = props.getProperty(AES_KEY);
ShardingSpherePreconditions.checkState(!Strings.isNullOrEmpty(aesKey),
() -> new EncryptAlgorithmInitializationException(getType(), String.format("%s can not be null or empty", AES_KEY)));
- return Arrays.copyOf(DigestUtils.sha1(aesKey), 16);
+ String digestAlgorithm = props.getProperty(DIGEST_ALGORITHM_NAME, MessageDigestAlgorithms.SHA_1);
+ return Arrays.copyOf(DigestUtils.getDigest(digestAlgorithm.toUpperCase()).digest(aesKey.getBytes(StandardCharsets.UTF_8)), 16);
}
@SneakyThrows(GeneralSecurityException.class)
diff --git a/features/encrypt/core/src/test/java/org/apache/shardingsphere/encrypt/algorithm/standard/AESEncryptAlgorithmTest.java b/features/encrypt/core/src/test/java/org/apache/shardingsphere/encrypt/algorithm/standard/AESEncryptAlgorithmTest.java
index a0dcc8b63c8..9f25855c98d 100644
--- a/features/encrypt/core/src/test/java/org/apache/shardingsphere/encrypt/algorithm/standard/AESEncryptAlgorithmTest.java
+++ b/features/encrypt/core/src/test/java/org/apache/shardingsphere/encrypt/algorithm/standard/AESEncryptAlgorithmTest.java
@@ -17,6 +17,7 @@
package org.apache.shardingsphere.encrypt.algorithm.standard;
+import org.apache.commons.codec.digest.DigestUtils;
import org.apache.shardingsphere.encrypt.api.encrypt.standard.StandardEncryptAlgorithm;
import org.apache.shardingsphere.encrypt.exception.algorithm.EncryptAlgorithmInitializationException;
import org.apache.shardingsphere.encrypt.spi.EncryptAlgorithm;
@@ -26,12 +27,18 @@ import org.apache.shardingsphere.test.util.PropertiesBuilder;
import org.apache.shardingsphere.test.util.PropertiesBuilder.Property;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
+import org.mockito.MockedStatic;
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.mockStatic;
+import static org.mockito.Mockito.times;
class AESEncryptAlgorithmTest {
@@ -43,6 +50,24 @@ class AESEncryptAlgorithmTest {
encryptAlgorithm = (StandardEncryptAlgorithm<Object, String>) TypedSPILoader.getService(EncryptAlgorithm.class, "AES", PropertiesBuilder.build(new Property("aes-key-value", "test")));
}
+ @Test
+ void assertDefaultDigestAlgorithm() throws NoSuchAlgorithmException {
+ MockedStatic<DigestUtils> digestUtilsMockedStatic = mockStatic(DigestUtils.class);
+ digestUtilsMockedStatic.when(() -> DigestUtils.getDigest("SHA-1")).thenReturn(MessageDigest.getInstance("SHA-1"));
+ TypedSPILoader.getService(EncryptAlgorithm.class, "AES", PropertiesBuilder.build(new Property("aes-key-value", "test")));
+ digestUtilsMockedStatic.verify(() -> DigestUtils.getDigest("SHA-1"), times(1));
+ digestUtilsMockedStatic.close();
+ }
+
+ @Test
+ void assertSHA512DigestAlgorithm() throws NoSuchAlgorithmException {
+ MockedStatic<DigestUtils> digestUtilsMockedStatic = mockStatic(DigestUtils.class);
+ digestUtilsMockedStatic.when(() -> DigestUtils.getDigest("SHA-512")).thenReturn(MessageDigest.getInstance("SHA-512"));
+ TypedSPILoader.getService(EncryptAlgorithm.class, "AES", PropertiesBuilder.build(new Property("aes-key-value", "test"), new Property("digest-algorithm-name", "SHA-512")));
+ digestUtilsMockedStatic.verify(() -> DigestUtils.getDigest("SHA-512"), times(1));
+ digestUtilsMockedStatic.close();
+ }
+
@Test
void assertCreateNewInstanceWithoutAESKey() {
assertThrows(EncryptAlgorithmInitializationException.class, () -> TypedSPILoader.getService(EncryptAlgorithm.class, "AES"));