added encryption

commons/src/main/java/nl/uva/sne/drip/commons/utils/Converter.java

@@ -21,6 +21,7 @@ import java.io.FileNotFoundException;
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.io.UnsupportedEncodingException;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.FileSystem;
 import java.nio.file.FileSystems;
@@ -30,8 +31,11 @@ import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.nio.file.SimpleFileVisitor;
 import java.nio.file.attribute.BasicFileAttributes;
+import java.security.InvalidKeyException;
+import java.security.Key;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
+import java.util.Arrays;
 import java.util.Base64;
 import java.util.Enumeration;
 import java.util.HashMap;
@@ -40,6 +44,11 @@ import java.util.Map;
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipFile;
 import java.util.zip.ZipOutputStream;
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.spec.SecretKeySpec;
 import org.json.JSONException;
 import org.json.JSONObject;
 import org.springframework.web.multipart.MultipartFile;
@@ -157,4 +166,29 @@ public class Converter {
         }
     }
 
+    public static String decryptString(String contents, String secret) throws UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
+        SecretKeySpec secretKey = getsecretKey(secret);
+        Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5PADDING");
+        cipher.init(Cipher.DECRYPT_MODE, secretKey);
+        return new String(cipher.doFinal(Base64.getDecoder().decode(contents)));
+
+    }
+
+    public static String encryptString(String contents, String secret) throws UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
+        SecretKeySpec secretKey = getsecretKey(secret);
+        Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
+        cipher.init(Cipher.ENCRYPT_MODE, secretKey);
+        return Base64.getEncoder().encodeToString(cipher.doFinal(contents.getBytes("UTF-8")));
+    }
+
+    private static SecretKeySpec getsecretKey(String myKey) throws UnsupportedEncodingException, NoSuchAlgorithmException {
+        MessageDigest sha;
+
+        byte[] key = myKey.getBytes("UTF-8");
+        sha = MessageDigest.getInstance("SHA-1");
+        key = sha.digest(key);
+        key = Arrays.copyOf(key, 16);
+        return new SecretKeySpec(key, "AES");
+    }
+
 }

commons/src/test/java/nl/uva/sne/drip/commons/utils/ConverterTest.java

+/*
+ * Copyright 2019 S. Koulouzis
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package nl.uva.sne.drip.commons.utils;
+
+import java.util.Map;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import static org.junit.Assert.*;
+import org.springframework.web.multipart.MultipartFile;
+
+/**
+ *
+ * @author S. Koulouzis
+ */
+public class ConverterTest {
+
+    public ConverterTest() {
+    }
+
+    @BeforeClass
+    public static void setUpClass() {
+    }
+
+    @AfterClass
+    public static void tearDownClass() {
+    }
+
+    @Before
+    public void setUp() {
+    }
+
+    @After
+    public void tearDown() {
+    }
+
+    /**
+     * Test of decryptString method, of class Converter.
+     */
+    @Test
+    public void testEncryptDecryptString() throws Exception {
+        System.out.println("decryptString");
+        String contents = "this is very important information";
+        String secret = "1223";
+        String expResult = contents;
+        String enc = Converter.encryptString(contents, secret);
+        System.out.println("Encrypted String: " + enc);
+        String result = Converter.decryptString(enc, secret);
+        assertEquals(expResult, result);
+    }
+
+}

provisioner/Dockerfile

 FROM openjdk:11
 COPY target/provisioner-3.0.0-jar-with-dependencies.jar provisioner-3.0.0-jar-with-dependencies.jar
 COPY etc/ etc
+ENV ENCRYPTION_PASSWORD=123
 
 CMD jar -xf provisioner-3.0.0-jar-with-dependencies.jar application.properties && \
     cat application.properties && \
     sed -ie "s#^message.broker.host=.*#message.broker.host=$RABBITMQ_HOST#" application.properties && \ 
     sed -ie "s#^sure-tosca.base.path=.*#sure-tosca.base.path=$SURE_TOSCA_BASE_PATH#" application.properties && \
+    ENCRYPTION_PASSWORD=`date +%s | sha256sum | base64 | head -c 32 ; echo` && \
+    sed -ie "s#^secret=.*#secret=$ENCRYPTION_PASSWORD#" application.properties && \
     echo "cloud.storm.db.path=/etc/UD" >> application.properties && \
     cat application.properties && \
     jar -uf provisioner-3.0.0-jar-with-dependencies.jar application.properties && \

provisioner/src/main/java/nl/uva/sne/drip/provisioner/CloudStormService.java

@@ -17,9 +17,12 @@ import com.jcraft.jsch.KeyPair;
 import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.IOException;
+import java.io.UnsupportedEncodingException;
 import java.nio.file.Files;
 import java.nio.file.Paths;
 import java.nio.file.attribute.PosixFilePermission;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -29,6 +32,9 @@ import java.util.Properties;
 import java.util.Set;
 import java.util.logging.Level;
 import java.util.logging.Logger;
+import javax.crypto.BadPaddingException;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
 import nl.uva.sne.drip.commons.utils.Constants;
 import static nl.uva.sne.drip.commons.utils.Constants.*;
 import nl.uva.sne.drip.commons.utils.Converter;
@@ -62,6 +68,8 @@ import topology.analysis.TopologyAnalysisMain;
  */
 class CloudStormService {
 
+    private String secret;
+
     /**
      * @return the helper
      */
@@ -105,6 +113,10 @@ class CloudStormService {
         if (sureToscaBasePath == null) {
             throw new NullPointerException("sureToscaBasePath cannot be null");
         }
+        secret = properties.getProperty("secret");
+        if (secret == null) {
+            throw new NullPointerException("secret cannot be null");
+        }
         Logger.getLogger(CloudStormService.class.getName()).log(Level.FINE, "sureToscaBasePath: {0}", sureToscaBasePath);
         this.helper = new ToscaHelper(sureToscaBasePath);
         this.helper.uploadToscaTemplate(toscaTemplate);
@@ -123,9 +135,10 @@ class CloudStormService {
         for (NodeTemplateMap vmTopologyMap : helper.getVMTopologyTemplates()) {
             Map<String, Object> provisionedFiles = helper.getNodeArtifact(vmTopologyMap.getNodeTemplate(), "provisioned_files");
             if (provisionedFiles != null) {
-                String fileContentsBase64 = (String) provisionedFiles.get("file_contents");
-                if (fileContentsBase64 != null) {
+                String encryptedFileContents = (String) provisionedFiles.get("file_contents");
+                if (encryptedFileContents != null) {
                     File zipFile = new File(tempInputDir.getParent() + File.separator + Long.toString(System.nanoTime()) + "-" + CLOUD_STORM_FILES_ZIP_SUFIX);
+                    String fileContentsBase64 = Converter.decryptString(encryptedFileContents,secret);
                     Converter.decodeBase64BToFile(fileContentsBase64, zipFile.getAbsolutePath());
                     Converter.unzipFolder(zipFile.getAbsolutePath(), tempInputDir.getAbsolutePath());
 
@@ -355,7 +368,7 @@ class CloudStormService {
         FileUtils.copyDirectory(srcDir, destDir);
     }
 
-    protected ToscaTemplate runCloudStorm(String tempInputDirPath, boolean dryRun) throws IOException, ApiException {
+    protected ToscaTemplate runCloudStorm(String tempInputDirPath, boolean dryRun) throws IOException, ApiException, UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
         String[] args = new String[]{"run", tempInputDirPath};
         File topTopologyFile = new File(tempInputDirPath + TOPOLOGY_RELATIVE_PATH
                 + TOP_TOPOLOGY_FILE_NAME);
@@ -402,7 +415,7 @@ class CloudStormService {
         return keyPair;
     }
 
-    protected NodeTemplateMap addCloudStromArtifacts(NodeTemplateMap vmTopologyMap, String tempInputDirPath) throws IOException {
+    protected NodeTemplateMap addCloudStromArtifacts(NodeTemplateMap vmTopologyMap, String tempInputDirPath) throws IOException, UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
         Map<String, Object> artifacts = vmTopologyMap.getNodeTemplate().getArtifacts();
         if (artifacts == null) {
             artifacts = new HashMap<>();
@@ -416,7 +429,8 @@ class CloudStormService {
         Logger.getLogger(CloudStormService.class.getName()).log(Level.FINE, "Created zip at: {0}", zipPath);
 
         String cloudStormZipFileContentsAsBase64 = Converter.encodeFileToBase64Binary(zipPath);
-        provisionedFiles.put("file_contents", cloudStormZipFileContentsAsBase64);
+        String encryptedCloudStormZipFileContents = Converter.encryptString(cloudStormZipFileContentsAsBase64,secret);
+        provisionedFiles.put("file_contents", encryptedCloudStormZipFileContents);
         provisionedFiles.put("encoding", "base64");
         provisionedFiles.put("file_ext", "zip");
         artifacts.put("provisioned_files", provisionedFiles);
@@ -425,7 +439,7 @@ class CloudStormService {
         return vmTopologyMap;
     }
 
-    private void setSSHKeysToVMAttributes(int i, List<NodeTemplateMap> vmTopologiesMaps, CloudsStormSubTopology subTopology, String tempInputDirPath) throws IOException, ApiException {
+    private void setSSHKeysToVMAttributes(int i, List<NodeTemplateMap> vmTopologiesMaps, CloudsStormSubTopology subTopology, String tempInputDirPath) throws IOException, ApiException, UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
         NodeTemplateMap vmTopologyMap = vmTopologiesMaps.get(i);
 
         vmTopologyMap = addCloudStromArtifacts(vmTopologyMap, tempInputDirPath);

provisioner/src/main/resources/application.properties

@@ -5,4 +5,5 @@ message.broker.queue.provisioner=provisioner
 message.broker.queue.planner=planner
 message.broker.queue.deployer=deployer
 sure-tosca.base.path=http://localhost:8081/tosca-sure/1.0.0
-cloud.storm.db.path=etc/UD
\ No newline at end of file
+cloud.storm.db.path=etc/UD
+secret=top_secret
\ No newline at end of file