You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by ex...@apache.org on 2021/04/26 16:34:47 UTC

[nifi] branch main updated: NIFI-8465 Handle bcrypt legacy decrypt failures in testing

This is an automated email from the ASF dual-hosted git repository.

exceptionfactory pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git


The following commit(s) were added to refs/heads/main by this push:
     new 835f50c  NIFI-8465 Handle bcrypt legacy decrypt failures in testing
835f50c is described below

commit 835f50c83a9b2ed89374da127893cb40db5b3c79
Author: Paul Grey <gr...@yahoo.com>
AuthorDate: Mon Apr 26 11:05:02 2021 -0400

    NIFI-8465 Handle bcrypt legacy decrypt failures in testing
    
    This closes #5029
    
    Signed-off-by: David Handermann <ex...@apache.org>
---
 .../util/crypto/PasswordBasedEncryptorGroovyTest.groovy     | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/groovy/org/apache/nifi/security/util/crypto/PasswordBasedEncryptorGroovyTest.groovy b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/groovy/org/apache/nifi/security/util/crypto/PasswordBasedEncryptorGroovyTest.groovy
index ce88368..b4376ed 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/groovy/org/apache/nifi/security/util/crypto/PasswordBasedEncryptorGroovyTest.groovy
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/groovy/org/apache/nifi/security/util/crypto/PasswordBasedEncryptorGroovyTest.groovy
@@ -442,7 +442,18 @@ class PasswordBasedEncryptorGroovyTest {
         String recovered = new String(recoveredBytes, StandardCharsets.UTF_8)
         logger.info("Plaintext (${recoveredBytes.size()}): ${recovered}")
 
-        assert recovered == PLAINTEXT
+        // handle reader logic error (PKCS7 padding false positive) by explicitly testing legacy key derivation
+        if (PLAINTEXT != recovered) {
+            logger.warn("Explicit test of legacy key derivation logic.")
+            InputStream inputStreamLegacy = new ByteArrayInputStream(cipherBytes)
+            OutputStream outputStreamLegacy = new ByteArrayOutputStream()
+            byte[] salt = bcryptCipherProvider.readSalt(inputStreamLegacy)
+            byte[] iv = bcryptCipherProvider.readIV(inputStreamLegacy)
+            Cipher cipherLegacy = bcryptCipherProvider.getLegacyDecryptCipher(encryptionMethod, PASSWORD, salt, iv, keyLength)
+            CipherUtility.processStreams(cipherLegacy, inputStreamLegacy, outputStreamLegacy)
+            String recoveredLegacy = new String(outputStreamLegacy.toByteArray(), StandardCharsets.UTF_8)
+            assert recoveredLegacy == PLAINTEXT
+        }
     }
 
     /**