Commit a9a921fd authored by Spiros Koulouzis's avatar Spiros Koulouzis

added encryption

parent cc1e7378
......@@ -21,6 +21,7 @@ import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets;
import java.nio.file.FileSystem;
import java.nio.file.FileSystems;
......@@ -30,8 +31,11 @@ import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.SimpleFileVisitor;
import java.nio.file.attribute.BasicFileAttributes;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Base64;
import java.util.Enumeration;
import java.util.HashMap;
......@@ -40,6 +44,11 @@ import java.util.Map;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import java.util.zip.ZipOutputStream;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;
import org.json.JSONException;
import org.json.JSONObject;
import org.springframework.web.multipart.MultipartFile;
......@@ -157,4 +166,29 @@ public class Converter {
}
}
public static String decryptString(String contents, String secret) throws UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
SecretKeySpec secretKey = getsecretKey(secret);
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5PADDING");
cipher.init(Cipher.DECRYPT_MODE, secretKey);
return new String(cipher.doFinal(Base64.getDecoder().decode(contents)));
}
public static String encryptString(String contents, String secret) throws UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
SecretKeySpec secretKey = getsecretKey(secret);
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
return Base64.getEncoder().encodeToString(cipher.doFinal(contents.getBytes("UTF-8")));
}
private static SecretKeySpec getsecretKey(String myKey) throws UnsupportedEncodingException, NoSuchAlgorithmException {
MessageDigest sha;
byte[] key = myKey.getBytes("UTF-8");
sha = MessageDigest.getInstance("SHA-1");
key = sha.digest(key);
key = Arrays.copyOf(key, 16);
return new SecretKeySpec(key, "AES");
}
}
/*
* Copyright 2019 S. Koulouzis
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package nl.uva.sne.drip.commons.utils;
import java.util.Map;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;
import org.springframework.web.multipart.MultipartFile;
/**
*
* @author S. Koulouzis
*/
public class ConverterTest {
public ConverterTest() {
}
@BeforeClass
public static void setUpClass() {
}
@AfterClass
public static void tearDownClass() {
}
@Before
public void setUp() {
}
@After
public void tearDown() {
}
/**
* Test of decryptString method, of class Converter.
*/
@Test
public void testEncryptDecryptString() throws Exception {
System.out.println("decryptString");
String contents = "this is very important information";
String secret = "1223";
String expResult = contents;
String enc = Converter.encryptString(contents, secret);
System.out.println("Encrypted String: " + enc);
String result = Converter.decryptString(enc, secret);
assertEquals(expResult, result);
}
}
FROM openjdk:11
COPY target/provisioner-3.0.0-jar-with-dependencies.jar provisioner-3.0.0-jar-with-dependencies.jar
COPY etc/ etc
ENV ENCRYPTION_PASSWORD=123
CMD jar -xf provisioner-3.0.0-jar-with-dependencies.jar application.properties && \
cat application.properties && \
sed -ie "s#^message.broker.host=.*#message.broker.host=$RABBITMQ_HOST#" application.properties && \
sed -ie "s#^sure-tosca.base.path=.*#sure-tosca.base.path=$SURE_TOSCA_BASE_PATH#" application.properties && \
ENCRYPTION_PASSWORD=`date +%s | sha256sum | base64 | head -c 32 ; echo` && \
sed -ie "s#^secret=.*#secret=$ENCRYPTION_PASSWORD#" application.properties && \
echo "cloud.storm.db.path=/etc/UD" >> application.properties && \
cat application.properties && \
jar -uf provisioner-3.0.0-jar-with-dependencies.jar application.properties && \
......
......@@ -17,9 +17,12 @@ import com.jcraft.jsch.KeyPair;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.nio.file.attribute.PosixFilePermission;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
......@@ -29,6 +32,9 @@ import java.util.Properties;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import nl.uva.sne.drip.commons.utils.Constants;
import static nl.uva.sne.drip.commons.utils.Constants.*;
import nl.uva.sne.drip.commons.utils.Converter;
......@@ -62,6 +68,8 @@ import topology.analysis.TopologyAnalysisMain;
*/
class CloudStormService {
private String secret;
/**
* @return the helper
*/
......@@ -105,6 +113,10 @@ class CloudStormService {
if (sureToscaBasePath == null) {
throw new NullPointerException("sureToscaBasePath cannot be null");
}
secret = properties.getProperty("secret");
if (secret == null) {
throw new NullPointerException("secret cannot be null");
}
Logger.getLogger(CloudStormService.class.getName()).log(Level.FINE, "sureToscaBasePath: {0}", sureToscaBasePath);
this.helper = new ToscaHelper(sureToscaBasePath);
this.helper.uploadToscaTemplate(toscaTemplate);
......@@ -123,9 +135,10 @@ class CloudStormService {
for (NodeTemplateMap vmTopologyMap : helper.getVMTopologyTemplates()) {
Map<String, Object> provisionedFiles = helper.getNodeArtifact(vmTopologyMap.getNodeTemplate(), "provisioned_files");
if (provisionedFiles != null) {
String fileContentsBase64 = (String) provisionedFiles.get("file_contents");
if (fileContentsBase64 != null) {
String encryptedFileContents = (String) provisionedFiles.get("file_contents");
if (encryptedFileContents != null) {
File zipFile = new File(tempInputDir.getParent() + File.separator + Long.toString(System.nanoTime()) + "-" + CLOUD_STORM_FILES_ZIP_SUFIX);
String fileContentsBase64 = Converter.decryptString(encryptedFileContents,secret);
Converter.decodeBase64BToFile(fileContentsBase64, zipFile.getAbsolutePath());
Converter.unzipFolder(zipFile.getAbsolutePath(), tempInputDir.getAbsolutePath());
......@@ -355,7 +368,7 @@ class CloudStormService {
FileUtils.copyDirectory(srcDir, destDir);
}
protected ToscaTemplate runCloudStorm(String tempInputDirPath, boolean dryRun) throws IOException, ApiException {
protected ToscaTemplate runCloudStorm(String tempInputDirPath, boolean dryRun) throws IOException, ApiException, UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
String[] args = new String[]{"run", tempInputDirPath};
File topTopologyFile = new File(tempInputDirPath + TOPOLOGY_RELATIVE_PATH
+ TOP_TOPOLOGY_FILE_NAME);
......@@ -402,7 +415,7 @@ class CloudStormService {
return keyPair;
}
protected NodeTemplateMap addCloudStromArtifacts(NodeTemplateMap vmTopologyMap, String tempInputDirPath) throws IOException {
protected NodeTemplateMap addCloudStromArtifacts(NodeTemplateMap vmTopologyMap, String tempInputDirPath) throws IOException, UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
Map<String, Object> artifacts = vmTopologyMap.getNodeTemplate().getArtifacts();
if (artifacts == null) {
artifacts = new HashMap<>();
......@@ -416,7 +429,8 @@ class CloudStormService {
Logger.getLogger(CloudStormService.class.getName()).log(Level.FINE, "Created zip at: {0}", zipPath);
String cloudStormZipFileContentsAsBase64 = Converter.encodeFileToBase64Binary(zipPath);
provisionedFiles.put("file_contents", cloudStormZipFileContentsAsBase64);
String encryptedCloudStormZipFileContents = Converter.encryptString(cloudStormZipFileContentsAsBase64,secret);
provisionedFiles.put("file_contents", encryptedCloudStormZipFileContents);
provisionedFiles.put("encoding", "base64");
provisionedFiles.put("file_ext", "zip");
artifacts.put("provisioned_files", provisionedFiles);
......@@ -425,7 +439,7 @@ class CloudStormService {
return vmTopologyMap;
}
private void setSSHKeysToVMAttributes(int i, List<NodeTemplateMap> vmTopologiesMaps, CloudsStormSubTopology subTopology, String tempInputDirPath) throws IOException, ApiException {
private void setSSHKeysToVMAttributes(int i, List<NodeTemplateMap> vmTopologiesMaps, CloudsStormSubTopology subTopology, String tempInputDirPath) throws IOException, ApiException, UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
NodeTemplateMap vmTopologyMap = vmTopologiesMaps.get(i);
vmTopologyMap = addCloudStromArtifacts(vmTopologyMap, tempInputDirPath);
......
......@@ -6,3 +6,4 @@ message.broker.queue.planner=planner
message.broker.queue.deployer=deployer
sure-tosca.base.path=http://localhost:8081/tosca-sure/1.0.0
cloud.storm.db.path=etc/UD
secret=top_secret
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment