You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tika.apache.org by ta...@apache.org on 2022/04/20 19:13:20 UTC

[tika] branch main updated: TIKA-3724

This is an automated email from the ASF dual-hosted git repository.

tallison pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tika.git


The following commit(s) were added to refs/heads/main by this push:
     new 9f204bfad TIKA-3724
9f204bfad is described below

commit 9f204bfad98d2b65ecae95c1169fc4c60e451b20
Author: tallison <ta...@apache.org>
AuthorDate: Wed Apr 20 15:13:00 2022 -0400

    TIKA-3724
---
 CHANGES.txt                                                         | 2 ++
 .../src/main/java/org/apache/tika/client/HttpClientFactory.java     | 6 ++++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/CHANGES.txt b/CHANGES.txt
index 08a37b892..ea0f01375 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -46,6 +46,8 @@ Release 2.4.0 - ???
    * Various dependency upgrades, including POI, dl4j, gson, jackson,
      twelvemonkeys, log4j2 and others (TIKA-3675 and many PRs from dependabot).
 
+   * Switch cipher from ECB to GCM in HttpClientFactory (TIKA-3724).
+
 Release 2.3.0 - 02/02/2022
 
    * Upgrade to Apache POI 5.2.0. This is the first upgrade to POI
diff --git a/tika-pipes/tika-httpclient-commons/src/main/java/org/apache/tika/client/HttpClientFactory.java b/tika-pipes/tika-httpclient-commons/src/main/java/org/apache/tika/client/HttpClientFactory.java
index 1ce02efeb..56fce6353 100644
--- a/tika-pipes/tika-httpclient-commons/src/main/java/org/apache/tika/client/HttpClientFactory.java
+++ b/tika-pipes/tika-httpclient-commons/src/main/java/org/apache/tika/client/HttpClientFactory.java
@@ -88,6 +88,8 @@ import org.apache.tika.utils.StringUtils;
 public class HttpClientFactory {
 
     public static final String AES_ENV_VAR = "AES_KEY";
+
+    private static final String CIPHER_TYPE = "AES/GCM/PKCS5Padding";
     private static final Logger LOG = LoggerFactory.getLogger(HttpClientFactory.class);
 
     private AES aes = null;
@@ -446,7 +448,7 @@ public class HttpClientFactory {
 
         public String encrypt(String strToEncrypt) throws TikaConfigException {
             try {
-                Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
+                Cipher cipher = Cipher.getInstance(CIPHER_TYPE);
                 cipher.init(Cipher.ENCRYPT_MODE, secretKey);
                 return Base64.getEncoder().encodeToString(
                         cipher.doFinal(strToEncrypt.getBytes(StandardCharsets.UTF_8)));
@@ -458,7 +460,7 @@ public class HttpClientFactory {
 
         public String decrypt(String strToDecrypt) throws TikaConfigException {
             try {
-                Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5PADDING");
+                Cipher cipher = Cipher.getInstance(CIPHER_TYPE);
                 cipher.init(Cipher.DECRYPT_MODE, secretKey);
                 return new String(cipher.doFinal(Base64.getDecoder().decode(strToDecrypt)),
                         StandardCharsets.UTF_8);