From 382058e1547e201fdb36ad623b2a72d14a07c566 Mon Sep 17 00:00:00 2001 From: exceptionfactory Date: Mon, 10 Apr 2023 10:35:28 -0500 Subject: [PATCH] NIFI-11425 Removed Compression from EncryptContentPGP and SignContentPGP - Removed Compression Algorithm property from EncryptContentPGP and SignContentPGP - Removed Camellia values from Symmetric Key Algorithm property in EncryptContentPGP Signed-off-by: Pierre Villard This closes #7156. --- .../processors/pgp/EncryptContentPGP.java | 36 ++++++------------- .../nifi/processors/pgp/SignContentPGP.java | 36 ++++++------------- .../pgp/attributes/BlockCipher.java | 4 +-- .../pgp/attributes/CompressionAlgorithm.java | 2 +- .../pgp/attributes/HashAlgorithm.java | 2 +- .../pgp/attributes/SymmetricKeyAlgorithm.java | 14 +++----- .../processors/pgp/EncryptContentPGPTest.java | 13 ------- .../processors/pgp/SignContentPGPTest.java | 7 ---- 8 files changed, 27 insertions(+), 87 deletions(-) diff --git a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/EncryptContentPGP.java b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/EncryptContentPGP.java index 9b676fd830..f62c7caeea 100644 --- a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/EncryptContentPGP.java +++ b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/EncryptContentPGP.java @@ -110,15 +110,6 @@ public class EncryptContentPGP extends AbstractProcessor { .allowableValues(SymmetricKeyAlgorithm.values()) .build(); - public static final PropertyDescriptor COMPRESSION_ALGORITHM = new PropertyDescriptor.Builder() - .name("compression-algorithm") - .displayName("Compression Algorithm") - .description("Compression Algorithm for encryption") - .required(true) - .defaultValue(CompressionAlgorithm.ZIP.toString()) - .allowableValues(CompressionAlgorithm.values()) - .build(); - public static final PropertyDescriptor FILE_ENCODING = new PropertyDescriptor.Builder() .name("file-encoding") .displayName("File Encoding") @@ -155,11 +146,13 @@ public class EncryptContentPGP extends AbstractProcessor { /** Enable Integrity Protection as described in RFC 4880 Section 5.13 */ private static final boolean ENCRYPTION_INTEGRITY_PACKET_ENABLED = true; + /** Disable Compression as recommended in OpenPGP refreshed specification */ + private static final CompressionAlgorithm COMPRESSION_DISABLED = CompressionAlgorithm.UNCOMPRESSED; + private static final Set RELATIONSHIPS = new HashSet<>(Arrays.asList(SUCCESS, FAILURE)); private static final List DESCRIPTORS = Arrays.asList( SYMMETRIC_KEY_ALGORITHM, - COMPRESSION_ALGORITHM, FILE_ENCODING, PASSPHRASE, PUBLIC_KEY_SERVICE, @@ -202,11 +195,10 @@ public class EncryptContentPGP extends AbstractProcessor { try { final SymmetricKeyAlgorithm symmetricKeyAlgorithm = getSymmetricKeyAlgorithm(context); final FileEncoding fileEncoding = getFileEncoding(context); - final CompressionAlgorithm compressionAlgorithm = getCompressionAlgorithm(context); - final StreamCallback callback = getEncryptStreamCallback(context, flowFile, symmetricKeyAlgorithm, compressionAlgorithm, fileEncoding); + final StreamCallback callback = getEncryptStreamCallback(context, flowFile, symmetricKeyAlgorithm, fileEncoding); flowFile = session.write(flowFile, callback); - final Map attributes = getAttributes(symmetricKeyAlgorithm, fileEncoding, compressionAlgorithm); + final Map attributes = getAttributes(symmetricKeyAlgorithm, fileEncoding); flowFile = session.putAllAttributes(flowFile, attributes); session.transfer(flowFile, SUCCESS); @@ -264,7 +256,6 @@ public class EncryptContentPGP extends AbstractProcessor { private StreamCallback getEncryptStreamCallback(final ProcessContext context, final FlowFile flowFile, final SymmetricKeyAlgorithm symmetricKeyAlgorithm, - final CompressionAlgorithm compressionAlgorithm, final FileEncoding fileEncoding) { final SecureRandom secureRandom = new SecureRandom(); final PGPDataEncryptorBuilder dataEncryptorBuilder = new BcPGPDataEncryptorBuilder(symmetricKeyAlgorithm.getId()) @@ -275,7 +266,7 @@ public class EncryptContentPGP extends AbstractProcessor { methodGenerators.forEach(encryptedDataGenerator::addMethod); final String filename = flowFile.getAttribute(CoreAttributes.FILENAME.key()); - return new EncryptStreamCallback(fileEncoding, compressionAlgorithm, filename, getLogger(), encryptedDataGenerator); + return new EncryptStreamCallback(fileEncoding, filename, getLogger(), encryptedDataGenerator); } private List getEncryptionMethodGenerators(final ProcessContext context, @@ -311,27 +302,21 @@ public class EncryptContentPGP extends AbstractProcessor { return SymmetricKeyAlgorithm.valueOf(algorithm); } - private CompressionAlgorithm getCompressionAlgorithm(final ProcessContext context) { - final String algorithm = context.getProperty(COMPRESSION_ALGORITHM).getValue(); - return CompressionAlgorithm.valueOf(algorithm); - } - private FileEncoding getFileEncoding(final ProcessContext context) { final String encoding = context.getProperty(FILE_ENCODING).getValue(); return FileEncoding.valueOf(encoding); } private Map getAttributes(final SymmetricKeyAlgorithm symmetricKeyAlgorithm, - final FileEncoding fileEncoding, - final CompressionAlgorithm compressionAlgorithm) { + final FileEncoding fileEncoding) { final Map attributes = new HashMap<>(); attributes.put(PGPAttributeKey.SYMMETRIC_KEY_ALGORITHM, symmetricKeyAlgorithm.toString()); attributes.put(PGPAttributeKey.SYMMETRIC_KEY_ALGORITHM_BLOCK_CIPHER, symmetricKeyAlgorithm.getBlockCipher().toString()); attributes.put(PGPAttributeKey.SYMMETRIC_KEY_ALGORITHM_KEY_SIZE, Integer.toString(symmetricKeyAlgorithm.getKeySize())); attributes.put(PGPAttributeKey.SYMMETRIC_KEY_ALGORITHM_ID, Integer.toString(symmetricKeyAlgorithm.getId())); attributes.put(PGPAttributeKey.FILE_ENCODING, fileEncoding.toString()); - attributes.put(PGPAttributeKey.COMPRESS_ALGORITHM, compressionAlgorithm.toString()); - attributes.put(PGPAttributeKey.COMPRESS_ALGORITHM_ID, Integer.toString(compressionAlgorithm.getId())); + attributes.put(PGPAttributeKey.COMPRESS_ALGORITHM, COMPRESSION_DISABLED.toString()); + attributes.put(PGPAttributeKey.COMPRESS_ALGORITHM_ID, Integer.toString(COMPRESSION_DISABLED.getId())); return attributes; } @@ -341,11 +326,10 @@ public class EncryptContentPGP extends AbstractProcessor { private final ComponentLog logger; public EncryptStreamCallback(final FileEncoding fileEncoding, - final CompressionAlgorithm compressionAlgorithm, final String filename, final ComponentLog logger, final PGPEncryptedDataGenerator encryptedDataGenerator) { - super(fileEncoding, compressionAlgorithm, filename); + super(fileEncoding, COMPRESSION_DISABLED, filename); this.logger = logger; this.encryptedDataGenerator = encryptedDataGenerator; } diff --git a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/SignContentPGP.java b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/SignContentPGP.java index cdee4be894..87726fa7d2 100644 --- a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/SignContentPGP.java +++ b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/SignContentPGP.java @@ -91,15 +91,6 @@ public class SignContentPGP extends AbstractProcessor { .description("Content signing failed") .build(); - public static final PropertyDescriptor COMPRESSION_ALGORITHM = new PropertyDescriptor.Builder() - .name("compression-algorithm") - .displayName("Compression Algorithm") - .description("Compression Algorithm for signing") - .required(true) - .defaultValue(CompressionAlgorithm.ZIP.name()) - .allowableValues(CompressionAlgorithm.values()) - .build(); - public static final PropertyDescriptor FILE_ENCODING = new PropertyDescriptor.Builder() .name("file-encoding") .displayName("File Encoding") @@ -151,7 +142,6 @@ public class SignContentPGP extends AbstractProcessor { private static final Set RELATIONSHIPS = new HashSet<>(Arrays.asList(SUCCESS, FAILURE)); private static final List DESCRIPTORS = Arrays.asList( - COMPRESSION_ALGORITHM, FILE_ENCODING, HASH_ALGORITHM, SIGNING_STRATEGY, @@ -161,6 +151,9 @@ public class SignContentPGP extends AbstractProcessor { private static final boolean NESTED_SIGNATURE_DISABLED = false; + /** Disable Compression as recommended in OpenPGP refreshed specification */ + private static final CompressionAlgorithm COMPRESSION_DISABLED = CompressionAlgorithm.UNCOMPRESSED; + /** * Get Relationships * @@ -207,14 +200,13 @@ public class SignContentPGP extends AbstractProcessor { private SignatureStreamCallback getStreamCallback(final ProcessContext context, final FlowFile flowFile) { final FileEncoding fileEncoding = getFileEncoding(context); - final CompressionAlgorithm compressionAlgorithm = getCompressionAlgorithm(context); final HashAlgorithm hashAlgorithm = getHashAlgorithm(context); final String filename = flowFile.getAttribute(CoreAttributes.FILENAME.key()); final SigningStrategy signingStrategy = getSigningStrategy(context); final PGPPrivateKey privateKey = getPrivateKey(context, flowFile); return SigningStrategy.SIGNED.equals(signingStrategy) - ? new SignedStreamCallback(fileEncoding, compressionAlgorithm, filename, hashAlgorithm, privateKey) - : new DetachedStreamCallback(fileEncoding, compressionAlgorithm, filename, hashAlgorithm, privateKey); + ? new SignedStreamCallback(fileEncoding, filename, hashAlgorithm, privateKey) + : new DetachedStreamCallback(fileEncoding, filename, hashAlgorithm, privateKey); } private PGPPrivateKey getPrivateKey(final ProcessContext context, final FlowFile flowFile) { @@ -237,11 +229,6 @@ public class SignContentPGP extends AbstractProcessor { } } - private CompressionAlgorithm getCompressionAlgorithm(final ProcessContext context) { - final String algorithm = context.getProperty(COMPRESSION_ALGORITHM).getValue(); - return CompressionAlgorithm.valueOf(algorithm); - } - private FileEncoding getFileEncoding(final ProcessContext context) { final String encoding = context.getProperty(FILE_ENCODING).getValue(); return FileEncoding.valueOf(encoding); @@ -265,17 +252,16 @@ public class SignContentPGP extends AbstractProcessor { private final Map attributes = new HashMap<>(); protected SignatureStreamCallback(final FileEncoding fileEncoding, - final CompressionAlgorithm compressionAlgorithm, final String filename, final HashAlgorithm hashAlgorithm, final PGPPrivateKey privateKey ) { - super(fileEncoding, compressionAlgorithm, filename); + super(fileEncoding, COMPRESSION_DISABLED, filename); this.hashAlgorithm = hashAlgorithm; this.privateKey = privateKey; - attributes.put(PGPAttributeKey.COMPRESS_ALGORITHM, compressionAlgorithm.toString()); - attributes.put(PGPAttributeKey.COMPRESS_ALGORITHM_ID, Integer.toString(compressionAlgorithm.getId())); + attributes.put(PGPAttributeKey.COMPRESS_ALGORITHM, COMPRESSION_DISABLED.toString()); + attributes.put(PGPAttributeKey.COMPRESS_ALGORITHM_ID, Integer.toString(COMPRESSION_DISABLED.getId())); attributes.put(PGPAttributeKey.FILE_ENCODING, fileEncoding.toString()); } @@ -329,12 +315,11 @@ public class SignContentPGP extends AbstractProcessor { private class DetachedStreamCallback extends SignatureStreamCallback { private DetachedStreamCallback(final FileEncoding fileEncoding, - final CompressionAlgorithm compressionAlgorithm, final String filename, final HashAlgorithm hashAlgorithm, final PGPPrivateKey privateKey ) { - super(fileEncoding, compressionAlgorithm, filename, hashAlgorithm, privateKey); + super(fileEncoding, filename, hashAlgorithm, privateKey); } /** @@ -364,12 +349,11 @@ public class SignContentPGP extends AbstractProcessor { private class SignedStreamCallback extends SignatureStreamCallback { private SignedStreamCallback(final FileEncoding fileEncoding, - final CompressionAlgorithm compressionAlgorithm, final String filename, final HashAlgorithm hashAlgorithm, final PGPPrivateKey privateKey ) { - super(fileEncoding, compressionAlgorithm, filename, hashAlgorithm, privateKey); + super(fileEncoding, filename, hashAlgorithm, privateKey); } /** diff --git a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/attributes/BlockCipher.java b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/attributes/BlockCipher.java index ff50c06444..2a6482fbff 100644 --- a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/attributes/BlockCipher.java +++ b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/attributes/BlockCipher.java @@ -20,7 +20,5 @@ package org.apache.nifi.processors.pgp.attributes; * Block Cipher Definitions */ public enum BlockCipher { - AES, - - CAMELLIA + AES } diff --git a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/attributes/CompressionAlgorithm.java b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/attributes/CompressionAlgorithm.java index 055c12e029..fc647e07bf 100644 --- a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/attributes/CompressionAlgorithm.java +++ b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/attributes/CompressionAlgorithm.java @@ -30,7 +30,7 @@ public enum CompressionAlgorithm { BZIP2(CompressionAlgorithmTags.BZIP2); - private int id; + private final int id; CompressionAlgorithm(final int id) { this.id = id; diff --git a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/attributes/HashAlgorithm.java b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/attributes/HashAlgorithm.java index 9549147510..977ee710e4 100644 --- a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/attributes/HashAlgorithm.java +++ b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/attributes/HashAlgorithm.java @@ -28,7 +28,7 @@ public enum HashAlgorithm { SHA512(HashAlgorithmTags.SHA512); - private int id; + private final int id; HashAlgorithm(final int id) { this.id = id; diff --git a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/attributes/SymmetricKeyAlgorithm.java b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/attributes/SymmetricKeyAlgorithm.java index 8e801cb2e0..8f458d0f1f 100644 --- a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/attributes/SymmetricKeyAlgorithm.java +++ b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/attributes/SymmetricKeyAlgorithm.java @@ -26,19 +26,13 @@ public enum SymmetricKeyAlgorithm { AES_192(BlockCipher.AES, 192, SymmetricKeyAlgorithmTags.AES_192), - AES_256(BlockCipher.AES, 256, SymmetricKeyAlgorithmTags.AES_256), + AES_256(BlockCipher.AES, 256, SymmetricKeyAlgorithmTags.AES_256); - CAMELLIA_128(BlockCipher.CAMELLIA, 128, SymmetricKeyAlgorithmTags.CAMELLIA_128), + private final BlockCipher blockCipher; - CAMELLIA_192(BlockCipher.CAMELLIA, 192, SymmetricKeyAlgorithmTags.CAMELLIA_192), + private final int keySize; - CAMELLIA_256(BlockCipher.CAMELLIA, 256, SymmetricKeyAlgorithmTags.CAMELLIA_256); - - private BlockCipher blockCipher; - - private int keySize; - - private int id; + private final int id; SymmetricKeyAlgorithm(final BlockCipher blockCipher, final int keySize, final int id) { this.blockCipher = blockCipher; diff --git a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/test/java/org/apache/nifi/processors/pgp/EncryptContentPGPTest.java b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/test/java/org/apache/nifi/processors/pgp/EncryptContentPGPTest.java index 78a31d988b..34a845f013 100644 --- a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/test/java/org/apache/nifi/processors/pgp/EncryptContentPGPTest.java +++ b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/test/java/org/apache/nifi/processors/pgp/EncryptContentPGPTest.java @@ -18,7 +18,6 @@ package org.apache.nifi.processors.pgp; import org.apache.nifi.pgp.service.api.PGPPublicKeyService; import org.apache.nifi.pgp.util.PGPOperationUtils; -import org.apache.nifi.processors.pgp.attributes.CompressionAlgorithm; import org.apache.nifi.processors.pgp.attributes.DecryptionStrategy; import org.apache.nifi.processors.pgp.attributes.FileEncoding; import org.apache.nifi.processors.pgp.attributes.SymmetricKeyAlgorithm; @@ -162,18 +161,6 @@ public class EncryptContentPGPTest { } } - @Test - public void testSuccessPasswordBasedEncryptionCompressionAlgorithms() throws IOException, PGPException { - for (final CompressionAlgorithm compressionAlgorithm : CompressionAlgorithm.values()) { - runner = TestRunners.newTestRunner(new EncryptContentPGP()); - runner.setProperty(EncryptContentPGP.PASSPHRASE, PASSPHRASE); - runner.setProperty(EncryptContentPGP.COMPRESSION_ALGORITHM, compressionAlgorithm.toString()); - runner.enqueue(DATA); - runner.run(); - assertSuccess(DEFAULT_SYMMETRIC_KEY_ALGORITHM, PASSPHRASE.toCharArray()); - } - } - @Test public void testSuccessPasswordBasedEncryptionFileEncodingAscii() throws IOException, PGPException { runner.setProperty(EncryptContentPGP.PASSPHRASE, PASSPHRASE); diff --git a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/test/java/org/apache/nifi/processors/pgp/SignContentPGPTest.java b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/test/java/org/apache/nifi/processors/pgp/SignContentPGPTest.java index 0b92b3d878..81cff89c01 100644 --- a/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/test/java/org/apache/nifi/processors/pgp/SignContentPGPTest.java +++ b/nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/test/java/org/apache/nifi/processors/pgp/SignContentPGPTest.java @@ -18,7 +18,6 @@ package org.apache.nifi.processors.pgp; import org.apache.nifi.pgp.service.api.PGPPrivateKeyService; import org.apache.nifi.pgp.util.PGPSecretKeyGenerator; -import org.apache.nifi.processors.pgp.attributes.CompressionAlgorithm; import org.apache.nifi.processors.pgp.attributes.FileEncoding; import org.apache.nifi.processors.pgp.attributes.HashAlgorithm; import org.apache.nifi.processors.pgp.attributes.SigningStrategy; @@ -147,12 +146,6 @@ public class SignContentPGPTest { assertSuccess(FileEncoding.BINARY, HashAlgorithm.SHA512, SigningStrategy.SIGNED); } - @Test - public void testSuccessFileEncodingBinaryUncompressedHashAlgorithmSha256() throws PGPException, IOException { - runner.setProperty(SignContentPGP.COMPRESSION_ALGORITHM, CompressionAlgorithm.UNCOMPRESSED.toString()); - assertSuccess(FileEncoding.BINARY, HashAlgorithm.SHA256, SigningStrategy.SIGNED); - } - @Test public void testSuccessFileEncodingBinaryHashAlgorithmSha256() throws PGPException, IOException { assertSuccess(FileEncoding.BINARY, HashAlgorithm.SHA256, SigningStrategy.SIGNED);