You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@camel.apache.org by Wilken Marci J <MA...@dhsoha.state.or.us.INVALID> on 2022/09/20 19:34:06 UTC
RE: Encrypt header value. - TypeConverter
I looked at Jasypt initially I didn't really understand how I would use it.
This is what I came up with.
https://access.redhat.com/documentation/en-us/red_hat_jboss_fuse/6.2/html/apache_camel_development_guide/typeconv-impl
I created a class EncryptedString, When it gets instantiated it encrypts and stores the encrypted string. Then I created a typeConverter using ROT-47 (this could be replaced with Jasypt), EncryptedStringConverter and finally added the class name to the TypeConverter file in the META-INF/services/org/apache/camel project directory, So far this seems to be doing what I need.
EncryptedString password = new EncryptedString(camelctx.resolvePropertyPlaceholders("{{file.router.remote.password}}"),
camelctx.resolvePropertyPlaceholders("{{file.router.encryption.key}}")
);
EncryptedString username = new EncryptedString(camelctx.resolvePropertyPlaceholders("{{file.router.remote.username}}"));
public class EncryptedString {
private String string;
private String key;
/*
* Constructor encrypts the string, locks value with a key that must be supplied to decrypt
* ignored
*/
public EncryptedString(String string,String key) throws Exception{
encryptString(string);
this.key = key;
}
}
@Converter
public class EncryptedStringConverter {
private static final Logger log = LoggerFactory.getLogger(EncryptedStringConverter.class);
static DateFormat df = new SimpleDateFormat("yyyy.MM.dd");
EncryptedStringConverter() {
}
@Converter
public static String decrypt(EncryptedString data, Exchange exchange) throws Exception {
try {
if (exchange != null) {
String charsetName = exchange.getProperty(Exchange.CHARSET_NAME, String.class);
return (rotate(data.getEncryptedString(
Objects.nonNull(exchange) ? (String) exchange.getIn().getHeader("LocalEncryptionKey") : null)));
} else {
if (Objects.nonNull(data)) {
return (rotate(data.getEncryptedString(null)));
} else {
return null;
}
}
}catch (IllegalArgumentException iae){ // IllegalArgumentException a required decryption key what not supplied
log.warn(iae.getMessage());
return(StringUtils.repeat("*", data.length()));
}
}
/**
* Applies a ROT-47 Caesar cipher to the supplied value. Each letter in the
* supplied value is substituted with a new value rotated by 47 places. See
* <a href="http://en.wikipedia.org/wiki/ROT13">ROT13</a> for more information
* (there is a subsection for ROT-47).
* <p>
* A Unix command to perform a ROT-47 cipher is:
*
* <pre>
* tr '!-~' 'P-~!-O'
* </pre>
*
* @param data The text to be rotated.
* @return The rotated text.
*/
private static String rotate(String data) {
if (data == null) {
return null;
}
.........
-----Original Message-----
From: Jeremy Ross <je...@gmail.com>
Sent: Saturday, September 10, 2022 4:25 PM
To: users@camel.apache.org
Subject: Re: Encrypt header value.
Think twice before clicking on links or opening attachments. This email came from outside our organization and might not be safe. If you are not expecting an attachment, contact the sender before opening it.
Yep.
On Sat, Sep 10, 2022 at 3:39 PM ski n <ra...@gmail.com> wrote:
> @Jeremy Don't you mean Jasypt:
>
> https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcame
> l.apache.org%2Fcomponents%2F3.18.x%2Fothers%2Fjasypt.html&data=05%
> 7C01%7CMARCI.J.WILKEN%40dhsoha.state.or.us%7C0fec4b8b62c84e6acf4f08da9
> 383c6e6%7C658e63e88d39499c8f4813adc9452f4c%7C0%7C0%7C63798449145651813
> 7%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6
> Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=MczkvEvjkD3dFEUhqCvZ%
> 2F1xEFVLY54%2FETi5itrJGH0Q%3D&reserved=0
>
> On Sat, Sep 10, 2022 at 7:12 PM Jeremy Ross <je...@gmail.com>
> wrote:
>
> > Have you looked at the jsypt component? With it, you can store your
> > password encrypted, then access it using property placeholder syntax:
> >
> > ftps://<host>?password={{my_ftp_password}}
> >
> > Of course, if your file system security is sufficient, you can skip
> > the jsypt part. Everything else would be the same.
> >
> >
> > On Tue, Sep 6, 2022 at 6:02 PM Wilken Marci J
> > <MA...@dhsoha.state.or.us.invalid> wrote:
> >
> > > HI all,
> > > Issue: sensitive data getting passed from the exchange header to
> > > the
> logs
> > > in the clear.
> > >
> > > Is there a way to encrypt header value in camel? I've got several
> > > values; id, ssn, dob, password that get passed around in the
> > > message header or that I would like to pass in the header. I
> > > would prefer to
> > pass
> > > these with some kind of encryption instead of a String.
> > >
> > > Simple example: To call an sftp route I need to send the password
> > > and
> for
> > > debugging purposes I want to log the call before connecting.
> > > Route A
> > reads
> > > the vault for the appropriate user id and password and place the
> > > info
> in
> > > the header (the message is in the body) and call the sftp route.
> > >
> > >
> > > .log(LoggingLevel.INFO,
> > >
> >
> "ftps://{{file.router.remote.host}}:{{file.router.remote.port}}//{{file.router.remote.home}}"
> > > +
> > > "?password=${header.password}"
> > > +
> > > "&username=${header.userName}"
> > > //
> > > + "&stepwise=true" // unknown if it works or makes a
> > difference
> > > // doesn't like
> +
> > > "&strictHostKeyChecking=no"
> > > +
> > > "&include=${header.CamelFileName}"
> > > +
> > > "&fileName=${header.TransmissionCamelFileName}"
> > > +
> > > "&noop=true"
> > > +
> > > "&keepLastModified=true"
> > > // ojd does not like this +
> > > "&execPbsz={{file.router.remote.ftpsPBSZ}}"
> > > +
> > > "&securityProtocol={{file.router.remote.ftpsprotocol}}"
> > > +
> > > "&passiveMode=true" // ?
> > > +
> > > "&binary=false" // ?
> > > //
> > doesn't
> > > like + "&implicit={{file.router.remote.ftpsimplicit}}"
> > > //
> leave
> > > the file to be archived
> > > +
> > > "&reconnectDelay={{file.router.reconnectDelay}}"
> > > +
> > > "&maximumReconnectAttempts={{file.router.maximumReconnectAttempts}}"
> > > +
> > > "&backoffErrorThreshold=5"
> > > +
> > > "&backoffMultiplier=10"
> > > +
> > > "&runLoggingLevel={{file.router.runLoggingLevel:WARN}}"
> > > +
> > > "&transferLoggingVerbose=true")
> > >
> > >
> > >
> > > Regards-
> > > Marci Wilken
> > > She/Her/Hers
> > > Operations Architect
> > > Office of Information Services
> > > OHA/DHS/CAF-CW/OR-KIDS
> > > Desk: 503.378.2405 Cell: 503.979.9680
> > >
> > > CONFIDENTIALITY NOTICE
> > > This email may contain information that is privileged,
> > > confidential, or otherwise exempt from disclosure under applicable
> > > law. If you are not
> the
> > > addressee or it appears from the context or otherwise that you
> > > have received this email in error, please advise me immediately by
> > > reply
> > email,
> > > keep the contents confidential, and immediately delete the message
> > > and
> > any
> > > attachments from your system.
> > >
> > >
> > >
> >
>