You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by ex...@apache.org on 2021/04/26 16:34:47 UTC
[nifi] branch main updated: NIFI-8465 Handle bcrypt legacy decrypt
failures in testing
This is an automated email from the ASF dual-hosted git repository.
exceptionfactory pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new 835f50c NIFI-8465 Handle bcrypt legacy decrypt failures in testing
835f50c is described below
commit 835f50c83a9b2ed89374da127893cb40db5b3c79
Author: Paul Grey <gr...@yahoo.com>
AuthorDate: Mon Apr 26 11:05:02 2021 -0400
NIFI-8465 Handle bcrypt legacy decrypt failures in testing
This closes #5029
Signed-off-by: David Handermann <ex...@apache.org>
---
.../util/crypto/PasswordBasedEncryptorGroovyTest.groovy | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/groovy/org/apache/nifi/security/util/crypto/PasswordBasedEncryptorGroovyTest.groovy b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/groovy/org/apache/nifi/security/util/crypto/PasswordBasedEncryptorGroovyTest.groovy
index ce88368..b4376ed 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/groovy/org/apache/nifi/security/util/crypto/PasswordBasedEncryptorGroovyTest.groovy
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/groovy/org/apache/nifi/security/util/crypto/PasswordBasedEncryptorGroovyTest.groovy
@@ -442,7 +442,18 @@ class PasswordBasedEncryptorGroovyTest {
String recovered = new String(recoveredBytes, StandardCharsets.UTF_8)
logger.info("Plaintext (${recoveredBytes.size()}): ${recovered}")
- assert recovered == PLAINTEXT
+ // handle reader logic error (PKCS7 padding false positive) by explicitly testing legacy key derivation
+ if (PLAINTEXT != recovered) {
+ logger.warn("Explicit test of legacy key derivation logic.")
+ InputStream inputStreamLegacy = new ByteArrayInputStream(cipherBytes)
+ OutputStream outputStreamLegacy = new ByteArrayOutputStream()
+ byte[] salt = bcryptCipherProvider.readSalt(inputStreamLegacy)
+ byte[] iv = bcryptCipherProvider.readIV(inputStreamLegacy)
+ Cipher cipherLegacy = bcryptCipherProvider.getLegacyDecryptCipher(encryptionMethod, PASSWORD, salt, iv, keyLength)
+ CipherUtility.processStreams(cipherLegacy, inputStreamLegacy, outputStreamLegacy)
+ String recoveredLegacy = new String(outputStreamLegacy.toByteArray(), StandardCharsets.UTF_8)
+ assert recoveredLegacy == PLAINTEXT
+ }
}
/**