NIFI-7079 Cleaned up formatting and comments.

nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/crypto/Argon2SecureHasher.java

@@ -42,7 +42,6 @@ import org.slf4j.LoggerFactory;
 public class Argon2SecureHasher implements SecureHasher {
     private static final Logger logger = LoggerFactory.getLogger(Argon2SecureHasher.class);
 
-    private static final int DEFAULT_SALT_LENGTH = 16;
     private static final int DEFAULT_HASH_LENGTH = 32;
     private static final int DEFAULT_PARALLELISM = 1;
     private static final int DEFAULT_MEMORY = 1 << 12;
@@ -74,7 +73,7 @@ public class Argon2SecureHasher implements SecureHasher {
      * Instantiates an Argon2 secure hasher using the provided cost parameters. A unique
      * {@link #DEFAULT_SALT_LENGTH} byte salt will be generated on every hash request.
      *
-     * @param hashLength  the output length in bytes ({@code 4 to 2^32 -1})
+     * @param hashLength  the output length in bytes ({@code 4 to 2^32 - 1})
      * @param memory      the integer number of KB used ({@code 8p to 2^32 - 1})
      * @param parallelism degree of parallelism ({@code 1 to 2^24 - 1})
      * @param iterations  number of iterations ({@code 1 to 2^32 - 1})
@@ -87,7 +86,7 @@ public class Argon2SecureHasher implements SecureHasher {
      * Instantiates an Argon2 secure hasher using the provided cost parameters. A unique
      * salt of the specified length will be generated on every hash request.
      *
-     * @param hashLength  the output length in bytes ({@code 4 to 2^32 -1})
+     * @param hashLength  the output length in bytes ({@code 4 to 2^32 - 1})
      * @param memory      the integer number of KB used ({@code 8p to 2^32 - 1})
      * @param parallelism degree of parallelism ({@code 1 to 2^24 - 1})
      * @param iterations  number of iterations ({@code 1 to 2^32 - 1})
@@ -137,7 +136,7 @@ public class Argon2SecureHasher implements SecureHasher {
     }
 
     /**
-     * Returns a String representation of {@code CHF(input)} in hex-encoded format.
+     * Returns a String representation of {@code Argon2(input)} in hex-encoded format.
      *
      * @param input the input
      * @return the hex-encoded hash
@@ -153,7 +152,7 @@ public class Argon2SecureHasher implements SecureHasher {
     }
 
     /**
-     * Returns a String representation of {@code CHF(input)} in Base 64-encoded format.
+     * Returns a String representation of {@code Argon2(input)} in Base 64-encoded format.
      *
      * @param input the input
      * @return the Base 64-encoded hash
@@ -169,7 +168,7 @@ public class Argon2SecureHasher implements SecureHasher {
     }
 
     /**
-     * Returns a byte[] representation of {@code CHF(input)}.
+     * Returns a byte[] representation of {@code Argon2(input)}.
      *
      * @param input the input
      * @return the hash

nifi-commons/nifi-security-utils/src/test/resources/logback-test.xml

@@ -32,7 +32,7 @@
     <logger name="org.apache.nifi" level="INFO"/>
     <logger name="org.apache.nifi.security.util.crypto" level="DEBUG"/>
 
-    <root level="DEBUG">
+    <root level="INFO">
         <appender-ref ref="CONSOLE"/>
     </root>
 

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/fingerprint/FingerprintFactory.java

@@ -342,7 +342,7 @@ public class FingerprintFactory {
 
         // append value
         if (isEncrypted(value)) {
-            // propValue is non null, no need to use getValue
+            // Get a secure, deterministic, loggable representation of this value
             builder.append(getLoggableRepresentationOfSensitiveValue(value));
         } else {
             builder.append(getValue(value, NO_VALUE));
@@ -557,15 +557,12 @@ public class FingerprintFactory {
      * @return a deterministic string value which represents this input but is safe to print in a log
      */
     private String getLoggableRepresentationOfSensitiveValue(String encryptedPropertyValue) {
-        // TODO: Implement Scrypt or Argon2 secure hash of decrypted value
-
         // TODO: Use DI/IoC to inject this implementation in the constructor of the FingerprintFactory
         // There is little initialization cost, so it doesn't make sense to cache this as a field
         SecureHasher secureHasher = new Argon2SecureHasher();
 
         // TODO: Extend {@link StringEncryptor} with secure hashing capability and inject?
-        String hexEncodedHash = secureHasher.hashHex(decrypt(encryptedPropertyValue));
+        return secureHasher.hashHex(decrypt(encryptedPropertyValue));
-        return hexEncodedHash;
     }
 
     private StringBuilder addPortFingerprint(final StringBuilder builder, final Element portElem) throws FingerprintException {