Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PRDP-186] Implement AES encryption and PDV Tokenizer #64

Merged
merged 25 commits into from
Nov 8, 2023
Merged

[PRDP-186] Implement AES encryption and PDV Tokenizer #64

merged 25 commits into from
Nov 8, 2023

Conversation

svariant
Copy link
Collaborator

@svariant svariant commented Oct 31, 2023
edited
Loading

List of Changes

  • Defined PDV Tokenizer Client & Service (unused till BizEvent isn't tokenized)
  • Added AES256 encryption/decryption util
  • Implemented AES encryption in ManageReceiptPoisonQueue function
  • Implemented AES decryption in RetryReviewedPosionMessages
  • Updated unit tests

Motivation and Context

Issue PRDP-186
The need is to save on CosmosDB tokenized fiscal codes

How Has This Been Tested?

Run unit tests

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.

@svariant svariant added enhancement New feature or request minor labels Oct 31, 2023
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 6, 2023
View reviewed changes
src/main/java/it/gov/pagopa/receipt/pdf/generator/utils/Aes256Utils.java
SecretKey tmp = factory.generateSecret(spec);
SecretKeySpec secretKeySpec = new SecretKeySpec(tmp.getEncoded(), ALGORITHM);

Cipher cipher = Cipher.getInstance(AES_CBC_PKCS_5_PADDING);

Check failure

Code scanning / SonarCloud

Encryption algorithms should be used with secure mode and padding scheme High

Use another cipher mode or disable padding. See more on SonarCloud
Copy link
Collaborator Author

@svariant svariant Nov 8, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Padding vulnerability rule java:S5542 ignored because encryption/decryption is used inside application workflow and is impossible to access it from the outside

https://en.wikipedia.org/wiki/Padding_oracle_attack#:~:text=In%20cryptography%2C%20a%20padding%20oracle,with%20the%20underlying%20cryptographic%20primitive.

src/main/java/it/gov/pagopa/receipt/pdf/generator/utils/Aes256Utils.java
SecretKey tmp = factory.generateSecret(spec);
SecretKeySpec secretKeySpec = new SecretKeySpec(tmp.getEncoded(), ALGORITHM);

Cipher cipher = Cipher.getInstance(AES_CBC_PKCS_5_PADDING);

Check failure

Code scanning / SonarCloud

Encryption algorithms should be used with secure mode and padding scheme High

Use another cipher mode or disable padding. See more on SonarCloud
Copy link
Collaborator Author

@svariant svariant Nov 8, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Padding vulnerability rule java:S5542 ignored because encryption/decryption is used inside application workflow and is impossible to access it from the outside

https://en.wikipedia.org/wiki/Padding_oracle_attack#:~:text=In%20cryptography%2C%20a%20padding%20oracle,with%20the%20underlying%20cryptographic%20primitive.

@svariant svariant changed the title [PRDP-186] Implement PDV Tokenizer for fiscal codes [PRDP-186] Implement AES encryption and PDV Tokenizer Nov 8, 2023
@svariant svariant marked this pull request as ready for review November 8, 2023 09:45
@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 8, 2023

This PR exceeds the recommended size of 400 lines. Please make sure you are NOT addressing multiple issues with one PR. Note this PR might be rejected due to its size.

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 8, 2023

Comment this PR with update_code to update openapi.json and format the code. Consider to use pre-commit to format the code.

@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Nov 8, 2023

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability D 2 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 1 Code Smell

83.2% 83.2% Coverage
0.0% 0.0% Duplication

idea Catch issues before they fail your Quality Gate with our IDE extension sonarlint SonarLint

pasqualespica
pasqualespica approved these changes Nov 8, 2023
View reviewed changes
Copy link
Contributor

@pasqualespica pasqualespica left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔝

@pasqualespica pasqualespica merged commit 42dcf37 into main Nov 8, 2023
7 of 12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pasqualespica pasqualespica pasqualespica approved these changes

Assignees

@svariant svariant

Labels
enhancement New feature or request minor size/large
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@svariant @pasqualespica @alessio-cialini