You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by co...@apache.org on 2017/07/18 11:02:13 UTC
syncope git commit: SYNCOPE-1168 - Encryptor pads short secret keys
with "0" instead of random characters
Repository: syncope
Updated Branches:
refs/heads/master eebca673e -> 4214a3892
SYNCOPE-1168 - Encryptor pads short secret keys with "0" instead of random characters
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/4214a389
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/4214a389
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/4214a389
Branch: refs/heads/master
Commit: 4214a38925ea07d6ab2a9d8bbf32fcd3fe0841d0
Parents: eebca67
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Jul 18 11:02:40 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Jul 18 11:36:21 2017 +0100
----------------------------------------------------------------------
.../apache/syncope/core/spring/security/Encryptor.java | 11 +++++++----
.../syncope/core/spring/security/EncryptorTest.java | 13 +++++++++++--
2 files changed, 18 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/syncope/blob/4214a389/core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java
----------------------------------------------------------------------
diff --git a/core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java b/core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java
index af64177..a97094a 100644
--- a/core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java
+++ b/core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java
@@ -154,11 +154,14 @@ public final class Encryptor {
String actualKey = secretKey;
if (actualKey.length() < 16) {
StringBuilder actualKeyPadding = new StringBuilder(actualKey);
- for (int i = 0; i < 16 - actualKey.length(); i++) {
- actualKeyPadding.append('0');
- }
+ int length = 16 - actualKey.length();
+ String randomChars = SecureRandomUtils.generateRandomPassword(length);
+
+ actualKeyPadding.append(randomChars);
actualKey = actualKeyPadding.toString();
- LOG.debug("actualKey too short, adding some random characters");
+ LOG.warn("The secret key is too short (< 16), adding some random characters. "
+ + "Passwords encrypted with AES and this key will not be recoverable "
+ + "as a result if the container is restarted.");
}
try {
http://git-wip-us.apache.org/repos/asf/syncope/blob/4214a389/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java
----------------------------------------------------------------------
diff --git a/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java b/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java
index 98c3f16..064d970 100644
--- a/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java
+++ b/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java
@@ -61,7 +61,16 @@ public class EncryptorTest {
@Test
public void testDecodeDefaultAESKey() throws Exception {
- String password = encryptor.decode("9Pav+xl+UyHt02H9ZBytiA==", CipherAlgorithm.AES);
- assertEquals("password", password);
+ String decPassword = encryptor.decode("9Pav+xl+UyHt02H9ZBytiA==", CipherAlgorithm.AES);
+ assertEquals(password, decPassword);
}
+
+ @Test
+ public void testSmallKey() throws Exception {
+ Encryptor smallKeyEncryptor = Encryptor.getInstance("123");
+ String encPassword = smallKeyEncryptor.encode(password, CipherAlgorithm.AES);
+ String decPassword = smallKeyEncryptor.decode(encPassword, CipherAlgorithm.AES);
+ assertEquals(password, decPassword);
+ }
+
}