Commit a9a921fd authored by Spiros Koulouzis's avatar Spiros Koulouzis

added encryption

parent cc1e7378
...@@ -21,6 +21,7 @@ import java.io.FileNotFoundException; ...@@ -21,6 +21,7 @@ import java.io.FileNotFoundException;
import java.io.FileOutputStream; import java.io.FileOutputStream;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.nio.file.FileSystem; import java.nio.file.FileSystem;
import java.nio.file.FileSystems; import java.nio.file.FileSystems;
...@@ -30,8 +31,11 @@ import java.nio.file.Path; ...@@ -30,8 +31,11 @@ import java.nio.file.Path;
import java.nio.file.Paths; import java.nio.file.Paths;
import java.nio.file.SimpleFileVisitor; import java.nio.file.SimpleFileVisitor;
import java.nio.file.attribute.BasicFileAttributes; import java.nio.file.attribute.BasicFileAttributes;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.MessageDigest; import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Base64; import java.util.Base64;
import java.util.Enumeration; import java.util.Enumeration;
import java.util.HashMap; import java.util.HashMap;
...@@ -40,6 +44,11 @@ import java.util.Map; ...@@ -40,6 +44,11 @@ import java.util.Map;
import java.util.zip.ZipEntry; import java.util.zip.ZipEntry;
import java.util.zip.ZipFile; import java.util.zip.ZipFile;
import java.util.zip.ZipOutputStream; import java.util.zip.ZipOutputStream;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;
import org.json.JSONException; import org.json.JSONException;
import org.json.JSONObject; import org.json.JSONObject;
import org.springframework.web.multipart.MultipartFile; import org.springframework.web.multipart.MultipartFile;
...@@ -157,4 +166,29 @@ public class Converter { ...@@ -157,4 +166,29 @@ public class Converter {
} }
} }
public static String decryptString(String contents, String secret) throws UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
SecretKeySpec secretKey = getsecretKey(secret);
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5PADDING");
cipher.init(Cipher.DECRYPT_MODE, secretKey);
return new String(cipher.doFinal(Base64.getDecoder().decode(contents)));
}
public static String encryptString(String contents, String secret) throws UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
SecretKeySpec secretKey = getsecretKey(secret);
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
return Base64.getEncoder().encodeToString(cipher.doFinal(contents.getBytes("UTF-8")));
}
private static SecretKeySpec getsecretKey(String myKey) throws UnsupportedEncodingException, NoSuchAlgorithmException {
MessageDigest sha;
byte[] key = myKey.getBytes("UTF-8");
sha = MessageDigest.getInstance("SHA-1");
key = sha.digest(key);
key = Arrays.copyOf(key, 16);
return new SecretKeySpec(key, "AES");
}
} }
/*
* Copyright 2019 S. Koulouzis
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package nl.uva.sne.drip.commons.utils;
import java.util.Map;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
import org.springframework.web.multipart.MultipartFile;
/**
*
* @author S. Koulouzis
*/
public class ConverterTest {
public ConverterTest() {
}
@BeforeClass
public static void setUpClass() {
}
@AfterClass
public static void tearDownClass() {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of decryptString method, of class Converter.
*/
@Test
public void testEncryptDecryptString() throws Exception {
System.out.println("decryptString");
String contents = "this is very important information";
String secret = "1223";
String expResult = contents;
String enc = Converter.encryptString(contents, secret);
System.out.println("Encrypted String: " + enc);
String result = Converter.decryptString(enc, secret);
assertEquals(expResult, result);
}
}
FROM openjdk:11 FROM openjdk:11
COPY target/provisioner-3.0.0-jar-with-dependencies.jar provisioner-3.0.0-jar-with-dependencies.jar COPY target/provisioner-3.0.0-jar-with-dependencies.jar provisioner-3.0.0-jar-with-dependencies.jar
COPY etc/ etc COPY etc/ etc
ENV ENCRYPTION_PASSWORD=123
CMD jar -xf provisioner-3.0.0-jar-with-dependencies.jar application.properties && \ CMD jar -xf provisioner-3.0.0-jar-with-dependencies.jar application.properties && \
cat application.properties && \ cat application.properties && \
sed -ie "s#^message.broker.host=.*#message.broker.host=$RABBITMQ_HOST#" application.properties && \ sed -ie "s#^message.broker.host=.*#message.broker.host=$RABBITMQ_HOST#" application.properties && \
sed -ie "s#^sure-tosca.base.path=.*#sure-tosca.base.path=$SURE_TOSCA_BASE_PATH#" application.properties && \ sed -ie "s#^sure-tosca.base.path=.*#sure-tosca.base.path=$SURE_TOSCA_BASE_PATH#" application.properties && \
ENCRYPTION_PASSWORD=`date +%s | sha256sum | base64 | head -c 32 ; echo` && \
sed -ie "s#^secret=.*#secret=$ENCRYPTION_PASSWORD#" application.properties && \
echo "cloud.storm.db.path=/etc/UD" >> application.properties && \ echo "cloud.storm.db.path=/etc/UD" >> application.properties && \
cat application.properties && \ cat application.properties && \
jar -uf provisioner-3.0.0-jar-with-dependencies.jar application.properties && \ jar -uf provisioner-3.0.0-jar-with-dependencies.jar application.properties && \
......
...@@ -17,9 +17,12 @@ import com.jcraft.jsch.KeyPair; ...@@ -17,9 +17,12 @@ import com.jcraft.jsch.KeyPair;
import java.io.File; import java.io.File;
import java.io.FileNotFoundException; import java.io.FileNotFoundException;
import java.io.IOException; import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.nio.file.Files; import java.nio.file.Files;
import java.nio.file.Paths; import java.nio.file.Paths;
import java.nio.file.attribute.PosixFilePermission; import java.nio.file.attribute.PosixFilePermission;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.HashMap; import java.util.HashMap;
import java.util.HashSet; import java.util.HashSet;
...@@ -29,6 +32,9 @@ import java.util.Properties; ...@@ -29,6 +32,9 @@ import java.util.Properties;
import java.util.Set; import java.util.Set;
import java.util.logging.Level; import java.util.logging.Level;
import java.util.logging.Logger; import java.util.logging.Logger;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import nl.uva.sne.drip.commons.utils.Constants; import nl.uva.sne.drip.commons.utils.Constants;
import static nl.uva.sne.drip.commons.utils.Constants.*; import static nl.uva.sne.drip.commons.utils.Constants.*;
import nl.uva.sne.drip.commons.utils.Converter; import nl.uva.sne.drip.commons.utils.Converter;
...@@ -62,6 +68,8 @@ import topology.analysis.TopologyAnalysisMain; ...@@ -62,6 +68,8 @@ import topology.analysis.TopologyAnalysisMain;
*/ */
class CloudStormService { class CloudStormService {
private String secret;
/** /**
* @return the helper * @return the helper
*/ */
...@@ -105,6 +113,10 @@ class CloudStormService { ...@@ -105,6 +113,10 @@ class CloudStormService {
if (sureToscaBasePath == null) { if (sureToscaBasePath == null) {
throw new NullPointerException("sureToscaBasePath cannot be null"); throw new NullPointerException("sureToscaBasePath cannot be null");
} }
secret = properties.getProperty("secret");
if (secret == null) {
throw new NullPointerException("secret cannot be null");
}
Logger.getLogger(CloudStormService.class.getName()).log(Level.FINE, "sureToscaBasePath: {0}", sureToscaBasePath); Logger.getLogger(CloudStormService.class.getName()).log(Level.FINE, "sureToscaBasePath: {0}", sureToscaBasePath);
this.helper = new ToscaHelper(sureToscaBasePath); this.helper = new ToscaHelper(sureToscaBasePath);
this.helper.uploadToscaTemplate(toscaTemplate); this.helper.uploadToscaTemplate(toscaTemplate);
...@@ -123,9 +135,10 @@ class CloudStormService { ...@@ -123,9 +135,10 @@ class CloudStormService {
for (NodeTemplateMap vmTopologyMap : helper.getVMTopologyTemplates()) { for (NodeTemplateMap vmTopologyMap : helper.getVMTopologyTemplates()) {
Map<String, Object> provisionedFiles = helper.getNodeArtifact(vmTopologyMap.getNodeTemplate(), "provisioned_files"); Map<String, Object> provisionedFiles = helper.getNodeArtifact(vmTopologyMap.getNodeTemplate(), "provisioned_files");
if (provisionedFiles != null) { if (provisionedFiles != null) {
String fileContentsBase64 = (String) provisionedFiles.get("file_contents"); String encryptedFileContents = (String) provisionedFiles.get("file_contents");
if (fileContentsBase64 != null) { if (encryptedFileContents != null) {
File zipFile = new File(tempInputDir.getParent() + File.separator + Long.toString(System.nanoTime()) + "-" + CLOUD_STORM_FILES_ZIP_SUFIX); File zipFile = new File(tempInputDir.getParent() + File.separator + Long.toString(System.nanoTime()) + "-" + CLOUD_STORM_FILES_ZIP_SUFIX);
String fileContentsBase64 = Converter.decryptString(encryptedFileContents,secret);
Converter.decodeBase64BToFile(fileContentsBase64, zipFile.getAbsolutePath()); Converter.decodeBase64BToFile(fileContentsBase64, zipFile.getAbsolutePath());
Converter.unzipFolder(zipFile.getAbsolutePath(), tempInputDir.getAbsolutePath()); Converter.unzipFolder(zipFile.getAbsolutePath(), tempInputDir.getAbsolutePath());
...@@ -355,7 +368,7 @@ class CloudStormService { ...@@ -355,7 +368,7 @@ class CloudStormService {
FileUtils.copyDirectory(srcDir, destDir); FileUtils.copyDirectory(srcDir, destDir);
} }
protected ToscaTemplate runCloudStorm(String tempInputDirPath, boolean dryRun) throws IOException, ApiException { protected ToscaTemplate runCloudStorm(String tempInputDirPath, boolean dryRun) throws IOException, ApiException, UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
String[] args = new String[]{"run", tempInputDirPath}; String[] args = new String[]{"run", tempInputDirPath};
File topTopologyFile = new File(tempInputDirPath + TOPOLOGY_RELATIVE_PATH File topTopologyFile = new File(tempInputDirPath + TOPOLOGY_RELATIVE_PATH
+ TOP_TOPOLOGY_FILE_NAME); + TOP_TOPOLOGY_FILE_NAME);
...@@ -402,7 +415,7 @@ class CloudStormService { ...@@ -402,7 +415,7 @@ class CloudStormService {
return keyPair; return keyPair;
} }
protected NodeTemplateMap addCloudStromArtifacts(NodeTemplateMap vmTopologyMap, String tempInputDirPath) throws IOException { protected NodeTemplateMap addCloudStromArtifacts(NodeTemplateMap vmTopologyMap, String tempInputDirPath) throws IOException, UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
Map<String, Object> artifacts = vmTopologyMap.getNodeTemplate().getArtifacts(); Map<String, Object> artifacts = vmTopologyMap.getNodeTemplate().getArtifacts();
if (artifacts == null) { if (artifacts == null) {
artifacts = new HashMap<>(); artifacts = new HashMap<>();
...@@ -416,7 +429,8 @@ class CloudStormService { ...@@ -416,7 +429,8 @@ class CloudStormService {
Logger.getLogger(CloudStormService.class.getName()).log(Level.FINE, "Created zip at: {0}", zipPath); Logger.getLogger(CloudStormService.class.getName()).log(Level.FINE, "Created zip at: {0}", zipPath);
String cloudStormZipFileContentsAsBase64 = Converter.encodeFileToBase64Binary(zipPath); String cloudStormZipFileContentsAsBase64 = Converter.encodeFileToBase64Binary(zipPath);
provisionedFiles.put("file_contents", cloudStormZipFileContentsAsBase64); String encryptedCloudStormZipFileContents = Converter.encryptString(cloudStormZipFileContentsAsBase64,secret);
provisionedFiles.put("file_contents", encryptedCloudStormZipFileContents);
provisionedFiles.put("encoding", "base64"); provisionedFiles.put("encoding", "base64");
provisionedFiles.put("file_ext", "zip"); provisionedFiles.put("file_ext", "zip");
artifacts.put("provisioned_files", provisionedFiles); artifacts.put("provisioned_files", provisionedFiles);
...@@ -425,7 +439,7 @@ class CloudStormService { ...@@ -425,7 +439,7 @@ class CloudStormService {
return vmTopologyMap; return vmTopologyMap;
} }
private void setSSHKeysToVMAttributes(int i, List<NodeTemplateMap> vmTopologiesMaps, CloudsStormSubTopology subTopology, String tempInputDirPath) throws IOException, ApiException { private void setSSHKeysToVMAttributes(int i, List<NodeTemplateMap> vmTopologiesMaps, CloudsStormSubTopology subTopology, String tempInputDirPath) throws IOException, ApiException, UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
NodeTemplateMap vmTopologyMap = vmTopologiesMaps.get(i); NodeTemplateMap vmTopologyMap = vmTopologiesMaps.get(i);
vmTopologyMap = addCloudStromArtifacts(vmTopologyMap, tempInputDirPath); vmTopologyMap = addCloudStromArtifacts(vmTopologyMap, tempInputDirPath);
......
...@@ -5,4 +5,5 @@ message.broker.queue.provisioner=provisioner ...@@ -5,4 +5,5 @@ message.broker.queue.provisioner=provisioner
message.broker.queue.planner=planner message.broker.queue.planner=planner
message.broker.queue.deployer=deployer message.broker.queue.deployer=deployer
sure-tosca.base.path=http://localhost:8081/tosca-sure/1.0.0 sure-tosca.base.path=http://localhost:8081/tosca-sure/1.0.0
cloud.storm.db.path=etc/UD cloud.storm.db.path=etc/UD
\ No newline at end of file secret=top_secret
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment