fineract-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [fineract] fynmanoj commented on a change in pull request #1032: FINERACT-1034-encryption-infra
Date Fri, 12 Jun 2020 00:18:15 GMT

fynmanoj commented on a change in pull request #1032:
URL: https://github.com/apache/fineract/pull/1032#discussion_r439140917



##########
File path: fineract-provider/src/main/java/org/apache/fineract/infrastructure/crypt/service/EncryptionKeyStoreServiceImpl.java
##########
@@ -0,0 +1,104 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.fineract.infrastructure.crypt.service;
+
+import com.sun.jersey.spi.resource.Singleton;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+import org.apache.fineract.infrastructure.configuration.domain.ConfigurationDomainService;
+import org.apache.fineract.infrastructure.core.service.DateUtils;
+import org.apache.fineract.infrastructure.core.service.ThreadLocalContextUtil;
+import org.apache.fineract.infrastructure.crypt.domain.EncryptionKeys;
+import org.apache.fineract.infrastructure.crypt.utils.RSAEncryptionUtils;
+import org.joda.time.Seconds;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.cache.annotation.CacheEvict;
+import org.springframework.cache.annotation.Cacheable;
+import org.springframework.cache.annotation.Caching;
+import org.springframework.stereotype.Service;
+
+/**
+ * @author manoj
+ */
+@Service
+@Singleton
+public class EncryptionKeyStoreServiceImpl  implements EncryptionKeyStoreService{
+    private Map<String, EncryptionKeys> keyMap =  new ConcurrentHashMap<>();
+
+
+    private final ConfigurationDomainService configurationDomainService;
+    private final RSAEncryptionUtils rsaEncryptionUtils;
+
+    @Autowired
+    public EncryptionKeyStoreServiceImpl(ConfigurationDomainService configurationDomainService,
RSAEncryptionUtils rsaEncryptionUtils) {
+        this.configurationDomainService = configurationDomainService;
+        this.rsaEncryptionUtils = rsaEncryptionUtils;
+    }
+
+    @Caching(evict = {
+            @CacheEvict(value = "encryptionKeys", key = "T(org.apache.fineract.infrastructure.core.service.ThreadLocalContextUtil).getTenant().getTenantIdentifier().concat(#type)")})
+    public void storeKey(String type, EncryptionKeys key){
+        this.keyMap.put(getKeyType(type), key);
+    }
+
+    private EncryptionKeys retrieveValidKey(String type){
+
+        EncryptionKeys keys = getKeys(type);
+        if(keys == null){
+            return null;

Review comment:
       This is trying to retrieve a key from the memory. When there is no key available here
(that is, when null is returned) the wrapper which calls this method is supposed to create
a new key and store it.  do you really think an Exception throw and catch needed in this context?
I don't.

##########
File path: fineract-provider/src/main/java/org/apache/fineract/infrastructure/crypt/service/EncryptionKeyStoreServiceImpl.java
##########
@@ -0,0 +1,104 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.fineract.infrastructure.crypt.service;
+
+import com.sun.jersey.spi.resource.Singleton;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+import org.apache.fineract.infrastructure.configuration.domain.ConfigurationDomainService;
+import org.apache.fineract.infrastructure.core.service.DateUtils;
+import org.apache.fineract.infrastructure.core.service.ThreadLocalContextUtil;
+import org.apache.fineract.infrastructure.crypt.domain.EncryptionKeys;
+import org.apache.fineract.infrastructure.crypt.utils.RSAEncryptionUtils;
+import org.joda.time.Seconds;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.cache.annotation.CacheEvict;
+import org.springframework.cache.annotation.Cacheable;
+import org.springframework.cache.annotation.Caching;
+import org.springframework.stereotype.Service;
+
+/**
+ * @author manoj
+ */
+@Service
+@Singleton
+public class EncryptionKeyStoreServiceImpl  implements EncryptionKeyStoreService{
+    private Map<String, EncryptionKeys> keyMap =  new ConcurrentHashMap<>();
+
+
+    private final ConfigurationDomainService configurationDomainService;
+    private final RSAEncryptionUtils rsaEncryptionUtils;
+
+    @Autowired
+    public EncryptionKeyStoreServiceImpl(ConfigurationDomainService configurationDomainService,
RSAEncryptionUtils rsaEncryptionUtils) {
+        this.configurationDomainService = configurationDomainService;
+        this.rsaEncryptionUtils = rsaEncryptionUtils;
+    }
+
+    @Caching(evict = {
+            @CacheEvict(value = "encryptionKeys", key = "T(org.apache.fineract.infrastructure.core.service.ThreadLocalContextUtil).getTenant().getTenantIdentifier().concat(#type)")})
+    public void storeKey(String type, EncryptionKeys key){
+        this.keyMap.put(getKeyType(type), key);
+    }
+
+    private EncryptionKeys retrieveValidKey(String type){
+
+        EncryptionKeys keys = getKeys(type);
+        if(keys == null){
+            return null;
+        }
+        //check validityOftheKey
+        //get validity time from config
+        Integer validUpto = configurationDomainService.retrieveEncKeyExpirySeconds(type);
+        if(validUpto.equals(-1)){
+            return keys;
+        } else {
+            Seconds seconds = Seconds.secondsBetween(keys.getCreatedDateTime(), DateUtils.getLocalDateTimeOfTenant());
+            if(seconds.getSeconds() < validUpto) {
+                return keys;
+            }
+
+        }
+        return null;

Review comment:
       same as above

##########
File path: fineract-provider/src/main/java/org/apache/fineract/infrastructure/crypt/utils/RSAEncryptionUtils.java
##########
@@ -0,0 +1,110 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.fineract.infrastructure.crypt.utils;
+
+import static java.nio.charset.StandardCharsets.UTF_8;
+
+import java.security.InvalidKeyException;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.util.Random;
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.xml.bind.DatatypeConverter;
+import org.apache.commons.codec.binary.Hex;
+import org.apache.fineract.infrastructure.core.exception.GeneralPlatformDomainRuleException;
+import org.apache.fineract.infrastructure.core.service.DateUtils;
+import org.apache.fineract.infrastructure.crypt.domain.EncryptionKeys;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Component;
+
+/**
+ * @author manoj
+ */
+@Component
+public class RSAEncryptionUtils {
+    private final static Logger LOG = LoggerFactory.getLogger(RSAEncryptionUtils.class);
+
+    public EncryptionKeys generateKeys(){
+        KeyPairGenerator keyPairGenerator;
+        try {
+            keyPairGenerator = KeyPairGenerator.getInstance("RSA");
+
+            KeyPair keyPair = keyPairGenerator.generateKeyPair();
+            PublicKey publicKey = keyPair.getPublic();
+            PrivateKey privateKey = keyPair.getPrivate();
+            byte[] publicKeyAsBytes = publicKey.getEncoded();
+            byte[] privateKeyAsBytes = privateKey.getEncoded();
+
+            return new EncryptionKeys(privateKeyAsBytes, publicKeyAsBytes, DateUtils.getLocalDateTimeOfTenant(),
generateVersionString());
+
+        } catch (NoSuchAlgorithmException e) {
+           LOG.error("Error occurred", e);
+        }
+        throw new GeneralPlatformDomainRuleException("error.msg.error.in.generating.keys",
"Error in generating keys");
+    }
+
+    public String decryptUsingRSA(String encryptedText, final byte[] privateKeyAsBytes, boolean
isBase64Encoded) {
+        String decryptedString = null;
+        try {
+            KeyFactory kf = KeyFactory.getInstance("RSA");
+            PrivateKey privateKey = kf.generatePrivate(new PKCS8EncodedKeySpec(privateKeyAsBytes));
+            Cipher decrypt = Cipher.getInstance("RSA");
+            decrypt.init(Cipher.DECRYPT_MODE, privateKey);
+            if(isBase64Encoded) {
+                encryptedText = Hex.encodeHexString(encryptedText.getBytes( UTF_8));
+                byte[] decryptByteFromUi = decrypt.doFinal(DatatypeConverter.parseHexBinary(encryptedText));
+                decryptedString =  new String(decryptByteFromUi,  UTF_8);
+            } else {
+                byte[] decryptByteFromUi = decrypt.doFinal(encryptedText.getBytes( UTF_8));
+                decryptedString =  new String(decryptByteFromUi, UTF_8);
+            }
+            return decryptedString;
+        }catch (NoSuchAlgorithmException | InvalidKeySpecException | NoSuchPaddingException
| InvalidKeyException |
+                IllegalBlockSizeException | BadPaddingException e) {
+            LOG.error("Error occurred", e);
+        }
+        throw new GeneralPlatformDomainRuleException("error.msg.error.in.decryption.keys",
"Error in decryption");
+    }
+
+
+
+
+
+    private String generateVersionString() {
+        final char[] buf = new char[15];
+        final String alphanum = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "0123456789" ;
+        final char[] symbols = alphanum.toCharArray();
+        final Random random= new SecureRandom();

Review comment:
       done!

##########
File path: fineract-provider/src/main/java/org/apache/fineract/infrastructure/crypt/utils/RSAEncryptionUtils.java
##########
@@ -0,0 +1,110 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.fineract.infrastructure.crypt.utils;
+
+import static java.nio.charset.StandardCharsets.UTF_8;
+
+import java.security.InvalidKeyException;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.util.Random;
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.xml.bind.DatatypeConverter;
+import org.apache.commons.codec.binary.Hex;
+import org.apache.fineract.infrastructure.core.exception.GeneralPlatformDomainRuleException;
+import org.apache.fineract.infrastructure.core.service.DateUtils;
+import org.apache.fineract.infrastructure.crypt.domain.EncryptionKeys;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Component;
+
+/**
+ * @author manoj
+ */
+@Component
+public class RSAEncryptionUtils {
+    private final static Logger LOG = LoggerFactory.getLogger(RSAEncryptionUtils.class);
+
+    public EncryptionKeys generateKeys(){
+        KeyPairGenerator keyPairGenerator;
+        try {
+            keyPairGenerator = KeyPairGenerator.getInstance("RSA");
+
+            KeyPair keyPair = keyPairGenerator.generateKeyPair();
+            PublicKey publicKey = keyPair.getPublic();
+            PrivateKey privateKey = keyPair.getPrivate();
+            byte[] publicKeyAsBytes = publicKey.getEncoded();
+            byte[] privateKeyAsBytes = privateKey.getEncoded();
+
+            return new EncryptionKeys(privateKeyAsBytes, publicKeyAsBytes, DateUtils.getLocalDateTimeOfTenant(),
generateVersionString());
+
+        } catch (NoSuchAlgorithmException e) {
+           LOG.error("Error occurred", e);
+        }
+        throw new GeneralPlatformDomainRuleException("error.msg.error.in.generating.keys",
"Error in generating keys");
+    }
+
+    public String decryptUsingRSA(String encryptedText, final byte[] privateKeyAsBytes, boolean
isBase64Encoded) {

Review comment:
       This method is meant for future implementations. Lets discuss in FINERACT-1034 




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



Mime
View raw message