code commit for BAEL-4869 (#10812)
* Code commit for "Converting String to BigDecimal in Java" - Article * modified the assert param for comparing actual and expected values * removed the conflict change * Code commit for Secret Key to String and vice versa in java * renaming the junit class name to match coding standard * code commit for BAEL-4869 * Adding new module with Secret key to String conversion in Java [BAEL-4489] * changed code indent by space instead of tab
This commit is contained in:
parent
805e96f784
commit
eefc0b2bc7
|
@ -0,0 +1,8 @@
|
|||
## Core Java Security
|
||||
|
||||
This module contains articles about core Java Security
|
||||
|
||||
### Relevant Articles:
|
||||
|
||||
- [Secret Key and String Conversion in Java](https://www.baeldung.com/secret-key-and-string-conversion-in-java/)
|
||||
- More articles: [[<-- prev]](/core-java-modules/core-java-security-2)
|
|
@ -0,0 +1,53 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<project xmlns="http://maven.apache.org/POM/4.0.0"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<artifactId>core-java-security-2</artifactId>
|
||||
<version>0.1.0-SNAPSHOT</version>
|
||||
<name>core-java-security-2</name>
|
||||
<packaging>jar</packaging>
|
||||
|
||||
<parent>
|
||||
<groupId>com.baeldung.core-java-modules</groupId>
|
||||
<artifactId>core-java-modules</artifactId>
|
||||
<version>0.0.1-SNAPSHOT</version>
|
||||
<relativePath>../</relativePath>
|
||||
</parent>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>commons-codec</groupId>
|
||||
<artifactId>commons-codec</artifactId>
|
||||
<version>${commons-codec.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.bouncycastle</groupId>
|
||||
<artifactId>bcprov-jdk15on</artifactId>
|
||||
<version>${bouncycastle.version}</version>
|
||||
</dependency>
|
||||
<!-- test scoped -->
|
||||
<dependency>
|
||||
<groupId>org.assertj</groupId>
|
||||
<artifactId>assertj-core</artifactId>
|
||||
<version>${assertj-core.version}</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<!-- https://mvnrepository.com/artifact/javax.xml.bind/jaxb-api -->
|
||||
<dependency>
|
||||
<groupId>javax.xml.bind</groupId>
|
||||
<artifactId>jaxb-api</artifactId>
|
||||
<version>${jaxb-api.version}</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<properties>
|
||||
<!-- util -->
|
||||
<bouncycastle.version>1.60</bouncycastle.version>
|
||||
<commons-codec.version>1.11</commons-codec.version>
|
||||
<!-- testing -->
|
||||
<assertj-core.version>3.18.0</assertj-core.version>
|
||||
<jaxb-api.version>2.3.1</jaxb-api.version>
|
||||
</properties>
|
||||
|
||||
</project>
|
|
@ -0,0 +1,53 @@
|
|||
package com.baeldung.secretkeyandstringconversion;
|
||||
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.spec.InvalidKeySpecException;
|
||||
import java.security.spec.KeySpec;
|
||||
import java.util.Base64;
|
||||
|
||||
import javax.crypto.KeyGenerator;
|
||||
import javax.crypto.SecretKey;
|
||||
import javax.crypto.SecretKeyFactory;
|
||||
import javax.crypto.spec.PBEKeySpec;
|
||||
import javax.crypto.spec.SecretKeySpec;
|
||||
|
||||
public class ConversionClassUtil {
|
||||
|
||||
/* Generating Secret key */
|
||||
|
||||
// Generating Secret Key using KeyGenerator class with 256
|
||||
public static SecretKey generateKey(int n) throws NoSuchAlgorithmException {
|
||||
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
|
||||
keyGenerator.init(n);
|
||||
SecretKey originalKey = keyGenerator.generateKey();
|
||||
return originalKey;
|
||||
}
|
||||
|
||||
// Generating Secret Key using password and salt
|
||||
public static SecretKey getKeyFromPassword(String password, String salt)
|
||||
throws NoSuchAlgorithmException, InvalidKeySpecException {
|
||||
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
|
||||
KeySpec spec = new PBEKeySpec(password.toCharArray(), salt.getBytes(), 65536, 256);
|
||||
SecretKey originalKey = new SecretKeySpec(factory.generateSecret(spec).getEncoded(), "AES");
|
||||
return originalKey;
|
||||
}
|
||||
|
||||
/* Converting Secret key into String */
|
||||
public static String convertSecretKeyToString(SecretKey secretKey) throws NoSuchAlgorithmException {
|
||||
// Converting the Secret Key into byte array
|
||||
byte[] rawData = secretKey.getEncoded();
|
||||
// Getting String - Base64 encoded version of the Secret Key
|
||||
String encodedKey = Base64.getEncoder().encodeToString(rawData);
|
||||
return encodedKey;
|
||||
}
|
||||
|
||||
/* Converting String into Secret key into */
|
||||
public static SecretKey convertStringToSecretKeyto(String encodedKey) {
|
||||
// Decoding the Base64 encoded string into byte array
|
||||
byte[] decodedKey = Base64.getDecoder().decode(encodedKey);
|
||||
// Rebuilding the Secret Key using SecretKeySpec Class
|
||||
SecretKey originalKey = new SecretKeySpec(decodedKey, 0, decodedKey.length, "AES");
|
||||
return originalKey;
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,44 @@
|
|||
package com.baeldung.secretkeyandstringconversion;
|
||||
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.spec.InvalidKeySpecException;
|
||||
|
||||
import javax.crypto.SecretKey;
|
||||
|
||||
import org.junit.jupiter.api.Assertions;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
public class ConversionClassUtilUnitTest {
|
||||
|
||||
@Test
|
||||
void givenPasswordAndSalt_whenCreateSecreKeyCheckConversion_thenSuccess()
|
||||
throws NoSuchAlgorithmException, InvalidKeySpecException {
|
||||
// given
|
||||
String password = "Baeldung@2021";
|
||||
String salt = "@$#baelDunG@#^$*";
|
||||
|
||||
// when
|
||||
SecretKey encodedKey = ConversionClassUtil.getKeyFromPassword(password, salt);
|
||||
String encodedString = ConversionClassUtil.convertSecretKeyToString(encodedKey);
|
||||
SecretKey decodeKey = ConversionClassUtil.convertStringToSecretKeyto(encodedString);
|
||||
|
||||
// then
|
||||
Assertions.assertEquals(encodedKey, decodeKey);
|
||||
}
|
||||
|
||||
@Test
|
||||
void givenSize_whenCreateSecreKeyCheckConversion_thenSuccess()
|
||||
throws NoSuchAlgorithmException, InvalidKeySpecException {
|
||||
// given
|
||||
int size = 256;
|
||||
|
||||
// when
|
||||
SecretKey encodedKey = ConversionClassUtil.generateKey(size);
|
||||
String encodedString = ConversionClassUtil.convertSecretKeyToString(encodedKey);
|
||||
SecretKey decodeKey = ConversionClassUtil.convertStringToSecretKeyto(encodedString);
|
||||
|
||||
// then
|
||||
Assertions.assertEquals(encodedKey, decodeKey);
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,15 @@
|
|||
package com.baeldung.sampleapp.config;
|
||||
|
||||
import org.springframework.context.annotation.ComponentScan;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
||||
|
||||
@Configuration
|
||||
@ComponentScan({ "com.baeldung.sampleapp.web" })
|
||||
public class MaxHTTPHeaderSizeConfig implements WebMvcConfigurer {
|
||||
|
||||
public MaxHTTPHeaderSizeConfig() {
|
||||
super();
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,17 @@
|
|||
package com.baeldung.sampleapp.web.controller;
|
||||
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.RequestHeader;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
@RestController
|
||||
@RequestMapping(value = "/request-header-test")
|
||||
public class MaxHttpHeaderSizeController {
|
||||
|
||||
@GetMapping
|
||||
public boolean testMaxHTTPHeaderSize(@RequestHeader(value = "token") String token) {
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,48 @@
|
|||
package com.baeldung.web.controller;
|
||||
|
||||
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
|
||||
import org.springframework.test.context.web.WebAppConfiguration;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
|
||||
import org.springframework.web.context.WebApplicationContext;
|
||||
|
||||
import com.baeldung.sampleapp.config.WebConfig;
|
||||
|
||||
@RunWith(SpringJUnit4ClassRunner.class)
|
||||
@ContextConfiguration(classes = WebConfig.class)
|
||||
@WebAppConfiguration
|
||||
public class MaxHttpHeaderSizeControllerIntegrationTest {
|
||||
|
||||
private MockMvc mockMvc;
|
||||
|
||||
@Autowired
|
||||
private WebApplicationContext webApplicationContext;
|
||||
|
||||
@Before
|
||||
public void setUp() {
|
||||
mockMvc = MockMvcBuilders.webAppContextSetup(webApplicationContext).build();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void givenTokenWithLessThan8KBLegth_whenSendGetRequest_thenReturnsOK() throws Exception {
|
||||
mockMvc.perform(get("/request-header-test").contentType(MediaType.APPLICATION_JSON_VALUE)
|
||||
.with(httpBasic("user", "password")).header("token", "token")).andExpect(status().isOk());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void givenTokenIsMissingInHeade_whenSendGetRequest_thenThrowsBadRequest() throws Exception {
|
||||
mockMvc.perform(get("/request-header-test").contentType(MediaType.APPLICATION_JSON_VALUE)
|
||||
.with(httpBasic("user", "password"))).andExpect(status().isBadRequest());
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,53 @@
|
|||
package com.baeldung.web.controller;
|
||||
|
||||
import java.io.BufferedReader;
|
||||
import java.io.FileReader;
|
||||
import java.io.IOException;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.springframework.http.HttpEntity;
|
||||
import org.springframework.http.HttpHeaders;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.test.context.ActiveProfiles;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
|
||||
import org.springframework.test.context.support.AnnotationConfigContextLoader;
|
||||
import org.springframework.web.client.HttpClientErrorException;
|
||||
import org.springframework.web.client.RestTemplate;
|
||||
|
||||
import com.baeldung.sampleapp.config.MaxHTTPHeaderSizeConfig;
|
||||
|
||||
@RunWith(SpringJUnit4ClassRunner.class)
|
||||
@ContextConfiguration(classes = { MaxHTTPHeaderSizeConfig.class }, loader = AnnotationConfigContextLoader.class)
|
||||
@ActiveProfiles("test")
|
||||
// Start MaxHttpHeaderSizeController Spring Boot App(MainApplication) first
|
||||
public class MaxHttpHeaderSizeControllerLiveTest {
|
||||
|
||||
@Test(expected = HttpClientErrorException.class)
|
||||
public void givenTokenWithGreaterThan8KBLegth_whenSendGetRequest_thenThrowsBadRequest() throws Exception {
|
||||
final String url = "http://localhost:8080/request-header-test";
|
||||
HttpHeaders headers = new HttpHeaders();
|
||||
headers.set("token", readRandomStringFromFile());
|
||||
|
||||
HttpEntity entity = new HttpEntity(headers);
|
||||
final ResponseEntity<String> response = new RestTemplate().exchange(url, HttpMethod.GET, entity, String.class);
|
||||
}
|
||||
|
||||
static String readRandomStringFromFile() throws IOException {
|
||||
BufferedReader reader = new BufferedReader(new FileReader("src/test/resources/randomSringForheader.txt"));
|
||||
StringBuilder stringBuilder = new StringBuilder();
|
||||
String line = null;
|
||||
String ls = System.getProperty("line.separator");
|
||||
while ((line = reader.readLine()) != null) {
|
||||
stringBuilder.append(line);
|
||||
stringBuilder.append(ls);
|
||||
}
|
||||
stringBuilder.deleteCharAt(stringBuilder.length() - 1);
|
||||
reader.close();
|
||||
String content = stringBuilder.toString();
|
||||
return content;
|
||||
}
|
||||
|
||||
}
|
File diff suppressed because one or more lines are too long
Loading…
Reference in New Issue