You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@streampark.apache.org by GitBox <gi...@apache.org> on 2023/01/08 07:00:23 UTC
[GitHub] [incubator-streampark] wolfboys opened a new pull request, #2242: [Improve] DES cryptographic algorithm change to AES
wolfboys opened a new pull request, #2242:
URL: https://github.com/apache/incubator-streampark/pull/2242
## DES cryptographic algorithm change to AES
The DES encryption algorithm is used in EncryptUtils, which is an older algorithm that is now considered weak. should be use AES encryption algorithm, which is a strong modern algorithm.
## What changes were proposed in this pull request
Issue Number: close #2241
<!--(For example: This pull request proposed to add checkstyle plugin).-->
## Brief change log
<!--*(for example:)*
- *Add maven-checkstyle-plugin to root pom.xml*
-->
## Verifying this change
<!--*(Please pick either of the following options)*-->
This change is a trivial rework / code cleanup without any test coverage.
*(or)*
This change is already covered by existing tests, such as *(please describe tests)*.
*(or)*
This change added tests and can be verified as follows:
<!--*(example:)*
- *Added integration tests for end-to-end.*
- *Added *Test to verify the change.*
- *Manually verified the change by testing locally.* -->
## Does this pull request potentially affect one of the following parts
- Dependencies (does it add or upgrade a dependency): (yes / no)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@streampark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-streampark] wolfboys commented on pull request #2242: [Improve] DES cryptographic algorithm change to AES
Posted by GitBox <gi...@apache.org>.
wolfboys commented on PR #2242:
URL: https://github.com/apache/incubator-streampark/pull/2242#issuecomment-1374792690
> @wolfboys , thanks for your contribution, I have left some comments, please take a look in your free time, thanks!
thanks for your review. done.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@streampark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-streampark] wolfboys commented on pull request #2242: [Improve] DES cryptographic algorithm change to AES
Posted by GitBox <gi...@apache.org>.
wolfboys commented on PR #2242:
URL: https://github.com/apache/incubator-streampark/pull/2242#issuecomment-1374742141
cc @1996fanrui PTAL, thanks
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@streampark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-streampark] 1996fanrui commented on a diff in pull request #2242: [Improve] DES cryptographic algorithm change to AES
Posted by GitBox <gi...@apache.org>.
1996fanrui commented on code in PR #2242:
URL: https://github.com/apache/incubator-streampark/pull/2242#discussion_r1064115375
##########
streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/base/util/EncryptUtils.java:
##########
@@ -17,86 +17,64 @@
package org.apache.streampark.console.base.util;
+import org.apache.commons.codec.digest.DigestUtils;
+
import javax.crypto.Cipher;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
-import java.security.Key;
+import java.nio.charset.StandardCharsets;
+import java.security.SecureRandom;
+import java.util.Base64;
public class EncryptUtils {
- private static final String DEFAULT_KEY = "defaultKey";
- private Cipher encryptCipher = null;
- private Cipher decryptCipher = null;
-
- private static String byteArr2HexStr(byte[] arrB) {
- int iLen = arrB.length;
- StringBuilder sb = new StringBuilder(iLen * 2);
- for (byte anArrB : arrB) {
- int intTmp = anArrB;
- while (intTmp < 0) {
- intTmp = intTmp + 256;
- }
- if (intTmp < 16) {
- sb.append("0");
- }
- sb.append(Integer.toString(intTmp, 16));
- }
- return sb.toString();
- }
+ private static final int KEY_SIZE = 128;
- private static byte[] hexStr2ByteArr(String strIn) {
- byte[] arrB = strIn.getBytes();
- int iLen = arrB.length;
+ private static final String DEFAULT_KEY = DigestUtils.md5Hex("ApacheStreamPark");
- byte[] arrOut = new byte[iLen / 2];
- for (int i = 0; i < iLen; i = i + 2) {
- String strTmp = new String(arrB, i, 2);
- arrOut[i / 2] = (byte) Integer.parseInt(strTmp, 16);
- }
- return arrOut;
- }
+ private static final String ALGORITHM = "AES";
- public EncryptUtils() throws Exception {
- this(DEFAULT_KEY);
- }
+ private static final String RNG_ALGORITHM = "SHA1PRNG";
- EncryptUtils(String strKey) throws Exception {
- /*
- * Security.addProvider(new com.sun.crypto.provider.SunJCE());
- */
- Key key = getKey(strKey.getBytes());
+ private EncryptUtils() {}
- encryptCipher = Cipher.getInstance("DES");
- encryptCipher.init(Cipher.ENCRYPT_MODE, key);
+ public static String encrypt(String content) throws Exception {
+ return encrypt(content, DEFAULT_KEY);
+ }
- decryptCipher = Cipher.getInstance("DES");
- decryptCipher.init(Cipher.DECRYPT_MODE, key);
+ public static String encrypt(String content, String key) throws Exception {
+ Cipher cipher = getCipher(Cipher.ENCRYPT_MODE, key);
+ byte[] bytes = cipher.doFinal(content.getBytes(StandardCharsets.UTF_8));
+ return base64Encode(bytes);
}
- private byte[] encrypt(byte[] arrB) throws Exception {
- return encryptCipher.doFinal(arrB);
+ public static String decrypt(String content) throws Exception {
+ return decrypt(content, DEFAULT_KEY);
}
- String encrypt(String strIn) throws Exception {
- return byteArr2HexStr(encrypt(strIn.getBytes()));
+ public static String decrypt(String content, String key) throws Exception {
+ Cipher cipher = getCipher(Cipher.DECRYPT_MODE, key);
+ byte[] decryptBytes = cipher.doFinal(base64Decode(content));
+ return new String(decryptBytes, StandardCharsets.UTF_8);
}
- private byte[] decrypt(byte[] arrB) throws Exception {
- return decryptCipher.doFinal(arrB);
+ private static Cipher getCipher(int mode, String key) throws Exception {
+ SecureRandom random = SecureRandom.getInstance(RNG_ALGORITHM);
+ random.setSeed(key.getBytes(StandardCharsets.UTF_8));
+ KeyGenerator gen = KeyGenerator.getInstance(ALGORITHM);
+ gen.init(KEY_SIZE, random);
+ SecretKey secKey = gen.generateKey();
+ Cipher cipher = Cipher.getInstance(ALGORITHM);
+ cipher.init(mode, secKey);
+ return cipher;
}
- String decrypt(String strIn) {
- try {
- return new String(decrypt(hexStr2ByteArr(strIn)));
- } catch (Exception e) {
- return "";
- }
+ public static String base64Encode(byte[] bytes) {
Review Comment:
```suggestion
private static String base64Encode(byte[] bytes) {
```
##########
streampark-console/streampark-console-service/src/main/java/org/apache/streampark/console/base/util/EncryptUtils.java:
##########
@@ -17,86 +17,64 @@
package org.apache.streampark.console.base.util;
+import org.apache.commons.codec.digest.DigestUtils;
+
import javax.crypto.Cipher;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
-import java.security.Key;
+import java.nio.charset.StandardCharsets;
+import java.security.SecureRandom;
+import java.util.Base64;
public class EncryptUtils {
- private static final String DEFAULT_KEY = "defaultKey";
- private Cipher encryptCipher = null;
- private Cipher decryptCipher = null;
-
- private static String byteArr2HexStr(byte[] arrB) {
- int iLen = arrB.length;
- StringBuilder sb = new StringBuilder(iLen * 2);
- for (byte anArrB : arrB) {
- int intTmp = anArrB;
- while (intTmp < 0) {
- intTmp = intTmp + 256;
- }
- if (intTmp < 16) {
- sb.append("0");
- }
- sb.append(Integer.toString(intTmp, 16));
- }
- return sb.toString();
- }
+ private static final int KEY_SIZE = 128;
- private static byte[] hexStr2ByteArr(String strIn) {
- byte[] arrB = strIn.getBytes();
- int iLen = arrB.length;
+ private static final String DEFAULT_KEY = DigestUtils.md5Hex("ApacheStreamPark");
- byte[] arrOut = new byte[iLen / 2];
- for (int i = 0; i < iLen; i = i + 2) {
- String strTmp = new String(arrB, i, 2);
- arrOut[i / 2] = (byte) Integer.parseInt(strTmp, 16);
- }
- return arrOut;
- }
+ private static final String ALGORITHM = "AES";
- public EncryptUtils() throws Exception {
- this(DEFAULT_KEY);
- }
+ private static final String RNG_ALGORITHM = "SHA1PRNG";
- EncryptUtils(String strKey) throws Exception {
- /*
- * Security.addProvider(new com.sun.crypto.provider.SunJCE());
- */
- Key key = getKey(strKey.getBytes());
+ private EncryptUtils() {}
- encryptCipher = Cipher.getInstance("DES");
- encryptCipher.init(Cipher.ENCRYPT_MODE, key);
+ public static String encrypt(String content) throws Exception {
+ return encrypt(content, DEFAULT_KEY);
+ }
- decryptCipher = Cipher.getInstance("DES");
- decryptCipher.init(Cipher.DECRYPT_MODE, key);
+ public static String encrypt(String content, String key) throws Exception {
+ Cipher cipher = getCipher(Cipher.ENCRYPT_MODE, key);
+ byte[] bytes = cipher.doFinal(content.getBytes(StandardCharsets.UTF_8));
+ return base64Encode(bytes);
}
- private byte[] encrypt(byte[] arrB) throws Exception {
- return encryptCipher.doFinal(arrB);
+ public static String decrypt(String content) throws Exception {
+ return decrypt(content, DEFAULT_KEY);
}
- String encrypt(String strIn) throws Exception {
- return byteArr2HexStr(encrypt(strIn.getBytes()));
+ public static String decrypt(String content, String key) throws Exception {
+ Cipher cipher = getCipher(Cipher.DECRYPT_MODE, key);
+ byte[] decryptBytes = cipher.doFinal(base64Decode(content));
+ return new String(decryptBytes, StandardCharsets.UTF_8);
}
- private byte[] decrypt(byte[] arrB) throws Exception {
- return decryptCipher.doFinal(arrB);
+ private static Cipher getCipher(int mode, String key) throws Exception {
+ SecureRandom random = SecureRandom.getInstance(RNG_ALGORITHM);
+ random.setSeed(key.getBytes(StandardCharsets.UTF_8));
+ KeyGenerator gen = KeyGenerator.getInstance(ALGORITHM);
+ gen.init(KEY_SIZE, random);
+ SecretKey secKey = gen.generateKey();
+ Cipher cipher = Cipher.getInstance(ALGORITHM);
+ cipher.init(mode, secKey);
+ return cipher;
}
- String decrypt(String strIn) {
- try {
- return new String(decrypt(hexStr2ByteArr(strIn)));
- } catch (Exception e) {
- return "";
- }
+ public static String base64Encode(byte[] bytes) {
+ return Base64.getEncoder().encodeToString(bytes);
}
- private Key getKey(byte[] arrBTmp) {
- byte[] arrB = new byte[8];
- for (int i = 0; i < arrBTmp.length && i < arrB.length; i++) {
- arrB[i] = arrBTmp[i];
- }
- return new javax.crypto.spec.SecretKeySpec(arrB, "DES");
+ public static byte[] base64Decode(String base64Code) {
+ return Base64.getDecoder().decode(base64Code);
Review Comment:
```suggestion
private static byte[] base64Decode(String context) {
return Base64.getDecoder().decode(context);
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@streampark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-streampark] 1996fanrui merged pull request #2242: [Improve] DES cryptographic algorithm change to AES
Posted by GitBox <gi...@apache.org>.
1996fanrui merged PR #2242:
URL: https://github.com/apache/incubator-streampark/pull/2242
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@streampark.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org