Apache
/
nifi
mirror of https://github.com/apache/nifi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NIFI-11425 Removed Compression from EncryptContentPGP and SignContentPGP 

- Removed Compression Algorithm property from EncryptContentPGP and SignContentPGP
- Removed Camellia values from Symmetric Key Algorithm property in EncryptContentPGP

Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>

This closes #7156.
This commit is contained in:
exceptionfactory 2023-04-10 10:35:28 -05:00 committed by Pierre Villard
parent d382b378a8
commit 382058e154
No known key found for this signature in database
GPG Key ID: F92A93B30C07C6D5
8 changed files with 27 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/EncryptContentPGP.java
View File

@ -110,15 +110,6 @@ public class EncryptContentPGP extends AbstractProcessor {
.allowableValues(SymmetricKeyAlgorithm.values())
.build();
public static final PropertyDescriptor COMPRESSION_ALGORITHM = new PropertyDescriptor.Builder()
.name("compression-algorithm")
.displayName("Compression Algorithm")
.description("Compression Algorithm for encryption")
.required(true)
.defaultValue(CompressionAlgorithm.ZIP.toString())
.allowableValues(CompressionAlgorithm.values())
.build();
public static final PropertyDescriptor FILE_ENCODING = new PropertyDescriptor.Builder()
.name("file-encoding")
.displayName("File Encoding")
@ -155,11 +146,13 @@ public class EncryptContentPGP extends AbstractProcessor {
/** Enable Integrity Protection as described in RFC 4880 Section 5.13 */
private static final boolean ENCRYPTION_INTEGRITY_PACKET_ENABLED = true;
/** Disable Compression as recommended in OpenPGP refreshed specification */
private static final CompressionAlgorithm COMPRESSION_DISABLED = CompressionAlgorithm.UNCOMPRESSED;
private static final Set<Relationship> RELATIONSHIPS = new HashSet<>(Arrays.asList(SUCCESS, FAILURE));
private static final List<PropertyDescriptor> DESCRIPTORS = Arrays.asList(
SYMMETRIC_KEY_ALGORITHM,
COMPRESSION_ALGORITHM,
FILE_ENCODING,
PASSPHRASE,
PUBLIC_KEY_SERVICE,
@ -202,11 +195,10 @@ public class EncryptContentPGP extends AbstractProcessor {
try {
final SymmetricKeyAlgorithm symmetricKeyAlgorithm = getSymmetricKeyAlgorithm(context);
final FileEncoding fileEncoding = getFileEncoding(context);
final CompressionAlgorithm compressionAlgorithm = getCompressionAlgorithm(context);
final StreamCallback callback = getEncryptStreamCallback(context, flowFile, symmetricKeyAlgorithm, compressionAlgorithm, fileEncoding);
final StreamCallback callback = getEncryptStreamCallback(context, flowFile, symmetricKeyAlgorithm, fileEncoding);
flowFile = session.write(flowFile, callback);
final Map<String, String> attributes = getAttributes(symmetricKeyAlgorithm, fileEncoding, compressionAlgorithm);
final Map<String, String> attributes = getAttributes(symmetricKeyAlgorithm, fileEncoding);
flowFile = session.putAllAttributes(flowFile, attributes);
session.transfer(flowFile, SUCCESS);
@ -264,7 +256,6 @@ public class EncryptContentPGP extends AbstractProcessor {
private StreamCallback getEncryptStreamCallback(final ProcessContext context,
final FlowFile flowFile,
final SymmetricKeyAlgorithm symmetricKeyAlgorithm,
final CompressionAlgorithm compressionAlgorithm,
final FileEncoding fileEncoding) {
final SecureRandom secureRandom = new SecureRandom();
final PGPDataEncryptorBuilder dataEncryptorBuilder = new BcPGPDataEncryptorBuilder(symmetricKeyAlgorithm.getId())
@ -275,7 +266,7 @@ public class EncryptContentPGP extends AbstractProcessor {
methodGenerators.forEach(encryptedDataGenerator::addMethod);
final String filename = flowFile.getAttribute(CoreAttributes.FILENAME.key());
return new EncryptStreamCallback(fileEncoding, compressionAlgorithm, filename, getLogger(), encryptedDataGenerator);
return new EncryptStreamCallback(fileEncoding, filename, getLogger(), encryptedDataGenerator);
}
private List<PGPKeyEncryptionMethodGenerator> getEncryptionMethodGenerators(final ProcessContext context,
@ -311,27 +302,21 @@ public class EncryptContentPGP extends AbstractProcessor {
return SymmetricKeyAlgorithm.valueOf(algorithm);
}
private CompressionAlgorithm getCompressionAlgorithm(final ProcessContext context) {
final String algorithm = context.getProperty(COMPRESSION_ALGORITHM).getValue();
return CompressionAlgorithm.valueOf(algorithm);
}
private FileEncoding getFileEncoding(final ProcessContext context) {
final String encoding = context.getProperty(FILE_ENCODING).getValue();
return FileEncoding.valueOf(encoding);
}
private Map<String, String> getAttributes(final SymmetricKeyAlgorithm symmetricKeyAlgorithm,
final FileEncoding fileEncoding,
final CompressionAlgorithm compressionAlgorithm) {
final FileEncoding fileEncoding) {
final Map<String, String> attributes = new HashMap<>();
attributes.put(PGPAttributeKey.SYMMETRIC_KEY_ALGORITHM, symmetricKeyAlgorithm.toString());
attributes.put(PGPAttributeKey.SYMMETRIC_KEY_ALGORITHM_BLOCK_CIPHER, symmetricKeyAlgorithm.getBlockCipher().toString());
attributes.put(PGPAttributeKey.SYMMETRIC_KEY_ALGORITHM_KEY_SIZE, Integer.toString(symmetricKeyAlgorithm.getKeySize()));
attributes.put(PGPAttributeKey.SYMMETRIC_KEY_ALGORITHM_ID, Integer.toString(symmetricKeyAlgorithm.getId()));
attributes.put(PGPAttributeKey.FILE_ENCODING, fileEncoding.toString());
attributes.put(PGPAttributeKey.COMPRESS_ALGORITHM, compressionAlgorithm.toString());
attributes.put(PGPAttributeKey.COMPRESS_ALGORITHM_ID, Integer.toString(compressionAlgorithm.getId()));
attributes.put(PGPAttributeKey.COMPRESS_ALGORITHM, COMPRESSION_DISABLED.toString());
attributes.put(PGPAttributeKey.COMPRESS_ALGORITHM_ID, Integer.toString(COMPRESSION_DISABLED.getId()));
return attributes;
}
@ -341,11 +326,10 @@ public class EncryptContentPGP extends AbstractProcessor {
private final ComponentLog logger;
public EncryptStreamCallback(final FileEncoding fileEncoding,
final CompressionAlgorithm compressionAlgorithm,
final String filename,
final ComponentLog logger,
final PGPEncryptedDataGenerator encryptedDataGenerator) {
super(fileEncoding, compressionAlgorithm, filename);
super(fileEncoding, COMPRESSION_DISABLED, filename);
this.logger = logger;
this.encryptedDataGenerator = encryptedDataGenerator;
}

36
nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/SignContentPGP.java
View File

@ -91,15 +91,6 @@ public class SignContentPGP extends AbstractProcessor {
.description("Content signing failed")
.build();
public static final PropertyDescriptor COMPRESSION_ALGORITHM = new PropertyDescriptor.Builder()
.name("compression-algorithm")
.displayName("Compression Algorithm")
.description("Compression Algorithm for signing")
.required(true)
.defaultValue(CompressionAlgorithm.ZIP.name())
.allowableValues(CompressionAlgorithm.values())
.build();
public static final PropertyDescriptor FILE_ENCODING = new PropertyDescriptor.Builder()
.name("file-encoding")
.displayName("File Encoding")
@ -151,7 +142,6 @@ public class SignContentPGP extends AbstractProcessor {
private static final Set<Relationship> RELATIONSHIPS = new HashSet<>(Arrays.asList(SUCCESS, FAILURE));
private static final List<PropertyDescriptor> DESCRIPTORS = Arrays.asList(
COMPRESSION_ALGORITHM,
FILE_ENCODING,
HASH_ALGORITHM,
SIGNING_STRATEGY,
@ -161,6 +151,9 @@ public class SignContentPGP extends AbstractProcessor {
private static final boolean NESTED_SIGNATURE_DISABLED = false;
/** Disable Compression as recommended in OpenPGP refreshed specification */
private static final CompressionAlgorithm COMPRESSION_DISABLED = CompressionAlgorithm.UNCOMPRESSED;
/**
* Get Relationships
*
@ -207,14 +200,13 @@ public class SignContentPGP extends AbstractProcessor {
private SignatureStreamCallback getStreamCallback(final ProcessContext context, final FlowFile flowFile) {
final FileEncoding fileEncoding = getFileEncoding(context);
final CompressionAlgorithm compressionAlgorithm = getCompressionAlgorithm(context);
final HashAlgorithm hashAlgorithm = getHashAlgorithm(context);
final String filename = flowFile.getAttribute(CoreAttributes.FILENAME.key());
final SigningStrategy signingStrategy = getSigningStrategy(context);
final PGPPrivateKey privateKey = getPrivateKey(context, flowFile);
return SigningStrategy.SIGNED.equals(signingStrategy)
? new SignedStreamCallback(fileEncoding, compressionAlgorithm, filename, hashAlgorithm, privateKey)
: new DetachedStreamCallback(fileEncoding, compressionAlgorithm, filename, hashAlgorithm, privateKey);
? new SignedStreamCallback(fileEncoding, filename, hashAlgorithm, privateKey)
: new DetachedStreamCallback(fileEncoding, filename, hashAlgorithm, privateKey);
}
private PGPPrivateKey getPrivateKey(final ProcessContext context, final FlowFile flowFile) {
@ -237,11 +229,6 @@ public class SignContentPGP extends AbstractProcessor {
}
}
private CompressionAlgorithm getCompressionAlgorithm(final ProcessContext context) {
final String algorithm = context.getProperty(COMPRESSION_ALGORITHM).getValue();
return CompressionAlgorithm.valueOf(algorithm);
}
private FileEncoding getFileEncoding(final ProcessContext context) {
final String encoding = context.getProperty(FILE_ENCODING).getValue();
return FileEncoding.valueOf(encoding);
@ -265,17 +252,16 @@ public class SignContentPGP extends AbstractProcessor {
private final Map<String, String> attributes = new HashMap<>();
protected SignatureStreamCallback(final FileEncoding fileEncoding,
final CompressionAlgorithm compressionAlgorithm,
final String filename,
final HashAlgorithm hashAlgorithm,
final PGPPrivateKey privateKey
) {
super(fileEncoding, compressionAlgorithm, filename);
super(fileEncoding, COMPRESSION_DISABLED, filename);
this.hashAlgorithm = hashAlgorithm;
this.privateKey = privateKey;
attributes.put(PGPAttributeKey.COMPRESS_ALGORITHM, compressionAlgorithm.toString());
attributes.put(PGPAttributeKey.COMPRESS_ALGORITHM_ID, Integer.toString(compressionAlgorithm.getId()));
attributes.put(PGPAttributeKey.COMPRESS_ALGORITHM, COMPRESSION_DISABLED.toString());
attributes.put(PGPAttributeKey.COMPRESS_ALGORITHM_ID, Integer.toString(COMPRESSION_DISABLED.getId()));
attributes.put(PGPAttributeKey.FILE_ENCODING, fileEncoding.toString());
}
@ -329,12 +315,11 @@ public class SignContentPGP extends AbstractProcessor {
private class DetachedStreamCallback extends SignatureStreamCallback {
private DetachedStreamCallback(final FileEncoding fileEncoding,
final CompressionAlgorithm compressionAlgorithm,
final String filename,
final HashAlgorithm hashAlgorithm,
final PGPPrivateKey privateKey
) {
super(fileEncoding, compressionAlgorithm, filename, hashAlgorithm, privateKey);
super(fileEncoding, filename, hashAlgorithm, privateKey);
}
/**
@ -364,12 +349,11 @@ public class SignContentPGP extends AbstractProcessor {
private class SignedStreamCallback extends SignatureStreamCallback {
private SignedStreamCallback(final FileEncoding fileEncoding,
final CompressionAlgorithm compressionAlgorithm,
final String filename,
final HashAlgorithm hashAlgorithm,
final PGPPrivateKey privateKey
) {
super(fileEncoding, compressionAlgorithm, filename, hashAlgorithm, privateKey);
super(fileEncoding, filename, hashAlgorithm, privateKey);
}
/**

4
nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/attributes/BlockCipher.java
View File

@ -20,7 +20,5 @@ package org.apache.nifi.processors.pgp.attributes;
* Block Cipher Definitions
*/
public enum BlockCipher {
AES,
CAMELLIA
AES
}

2
nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/attributes/CompressionAlgorithm.java
View File

@ -30,7 +30,7 @@ public enum CompressionAlgorithm {
BZIP2(CompressionAlgorithmTags.BZIP2);
private int id;
private final int id;
CompressionAlgorithm(final int id) {
this.id = id;

2
nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/attributes/HashAlgorithm.java
View File

@ -28,7 +28,7 @@ public enum HashAlgorithm {
SHA512(HashAlgorithmTags.SHA512);
private int id;
private final int id;
HashAlgorithm(final int id) {
this.id = id;

14
nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/attributes/SymmetricKeyAlgorithm.java
View File

@ -26,19 +26,13 @@ public enum SymmetricKeyAlgorithm {
AES_192(BlockCipher.AES, 192, SymmetricKeyAlgorithmTags.AES_192),
AES_256(BlockCipher.AES, 256, SymmetricKeyAlgorithmTags.AES_256),
AES_256(BlockCipher.AES, 256, SymmetricKeyAlgorithmTags.AES_256);
CAMELLIA_128(BlockCipher.CAMELLIA, 128, SymmetricKeyAlgorithmTags.CAMELLIA_128),
private final BlockCipher blockCipher;
CAMELLIA_192(BlockCipher.CAMELLIA, 192, SymmetricKeyAlgorithmTags.CAMELLIA_192),
private final int keySize;
CAMELLIA_256(BlockCipher.CAMELLIA, 256, SymmetricKeyAlgorithmTags.CAMELLIA_256);
private BlockCipher blockCipher;
private int keySize;
private int id;
private final int id;
SymmetricKeyAlgorithm(final BlockCipher blockCipher, final int keySize, final int id) {
this.blockCipher = blockCipher;

13
nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/test/java/org/apache/nifi/processors/pgp/EncryptContentPGPTest.java
View File

@ -18,7 +18,6 @@ package org.apache.nifi.processors.pgp;
import org.apache.nifi.pgp.service.api.PGPPublicKeyService;
import org.apache.nifi.pgp.util.PGPOperationUtils;
import org.apache.nifi.processors.pgp.attributes.CompressionAlgorithm;
import org.apache.nifi.processors.pgp.attributes.DecryptionStrategy;
import org.apache.nifi.processors.pgp.attributes.FileEncoding;
import org.apache.nifi.processors.pgp.attributes.SymmetricKeyAlgorithm;
@ -162,18 +161,6 @@ public class EncryptContentPGPTest {
}
}
@Test
public void testSuccessPasswordBasedEncryptionCompressionAlgorithms() throws IOException, PGPException {
for (final CompressionAlgorithm compressionAlgorithm : CompressionAlgorithm.values()) {
runner = TestRunners.newTestRunner(new EncryptContentPGP());
runner.setProperty(EncryptContentPGP.PASSPHRASE, PASSPHRASE);
runner.setProperty(EncryptContentPGP.COMPRESSION_ALGORITHM, compressionAlgorithm.toString());
runner.enqueue(DATA);
runner.run();
assertSuccess(DEFAULT_SYMMETRIC_KEY_ALGORITHM, PASSPHRASE.toCharArray());
}
}
@Test
public void testSuccessPasswordBasedEncryptionFileEncodingAscii() throws IOException, PGPException {
runner.setProperty(EncryptContentPGP.PASSPHRASE, PASSPHRASE);

7
nifi-nar-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/test/java/org/apache/nifi/processors/pgp/SignContentPGPTest.java
View File

@ -18,7 +18,6 @@ package org.apache.nifi.processors.pgp;
import org.apache.nifi.pgp.service.api.PGPPrivateKeyService;
import org.apache.nifi.pgp.util.PGPSecretKeyGenerator;
import org.apache.nifi.processors.pgp.attributes.CompressionAlgorithm;
import org.apache.nifi.processors.pgp.attributes.FileEncoding;
import org.apache.nifi.processors.pgp.attributes.HashAlgorithm;
import org.apache.nifi.processors.pgp.attributes.SigningStrategy;
@ -147,12 +146,6 @@ public class SignContentPGPTest {
assertSuccess(FileEncoding.BINARY, HashAlgorithm.SHA512, SigningStrategy.SIGNED);
}
@Test
public void testSuccessFileEncodingBinaryUncompressedHashAlgorithmSha256() throws PGPException, IOException {
runner.setProperty(SignContentPGP.COMPRESSION_ALGORITHM, CompressionAlgorithm.UNCOMPRESSED.toString());
assertSuccess(FileEncoding.BINARY, HashAlgorithm.SHA256, SigningStrategy.SIGNED);
}
@Test
public void testSuccessFileEncodingBinaryHashAlgorithmSha256() throws PGPException, IOException {
assertSuccess(FileEncoding.BINARY, HashAlgorithm.SHA256, SigningStrategy.SIGNED);