Merge pull request #225 from mahammedtaheer/dev-hash-gen

[MOSIP-25197] fixed the security issues.
mosip · Dec 12, 2023 · f50afa6 · f50afa6
2 parents 5a9a734 + 0bcf469
commit f50afa6
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 5 deletions.
diff --git a/...ce/src/main/java/io/mosip/kernel/cryptomanager/service/impl/CryptomanagerServiceImpl.java b/...ce/src/main/java/io/mosip/kernel/cryptomanager/service/impl/CryptomanagerServiceImpl.java
@@ -86,7 +86,7 @@ public class CryptomanagerServiceImpl implements CryptomanagerService {
 
 	private static final int AES_KEY_SIZE = 128;
 
-	private String AES_ECB_ALGO = "AES/ECB/PKCS7Padding";
+	private String AES_GCM_ALGO = "AES/GCM/NoPadding";
 
 	private static final Logger LOGGER = KeymanagerLogger.getLogger(CryptomanagerServiceImpl.class);
 
@@ -166,8 +166,11 @@ public void init() {
 			if (objectKey.equals(CryptomanagerConstant.CACHE_AES_KEY)) {
 				javax.crypto.KeyGenerator keyGenerator = KeyGeneratorUtils.getKeyGenerator(AES_KEY_TYPE, AES_KEY_SIZE);
 				return keyGenerator.generateKey();
-			} else if (objectKey.equals(CryptomanagerConstant.CACHE_INT_COUNTER)) {
-				return new AtomicLong(RandomUtils.nextLong());
+			} else if (objectKey.equals(CACHE_INT_COUNTER)) {
+				if(secureRandom == null)
+            		secureRandom = new SecureRandom();
+
+				return new AtomicLong(secureRandom.nextLong());
 			} 
 			return null;
 		})
@@ -598,7 +601,7 @@ private byte[] getLongBytes(long value) {
 
 	private byte[] getSaltBytes(byte[] randomBytes, SecretKey aesKey) {
 		try {
-			Cipher cipher = Cipher.getInstance(AES_ECB_ALGO);
+			Cipher cipher = Cipher.getInstance(AES_GCM_ALGO);
 			cipher.init(Cipher.ENCRYPT_MODE, aesKey);
 			return cipher.doFinal(randomBytes, 0, randomBytes.length);
 		} catch(NoSuchAlgorithmException | InvalidKeyException | NoSuchPaddingException

diff --git a/...main/java/io/mosip/kernel/keymanagerservice/repository/DataEncryptKeystoreRepository.java b/...main/java/io/mosip/kernel/keymanagerservice/repository/DataEncryptKeystoreRepository.java
@@ -24,7 +24,7 @@ public interface DataEncryptKeystoreRepository extends JpaRepository<DataEncrypt
 	 * @param id the id
 	 * @return the string
 	 */
-	@Cacheable(value="zkdataencryptedkeystorecache", key="#id", condition="#id!=null")
+	@Cacheable(value="zkdataencryptedkeystorecache", unless ="#result == null")
 	@Query("SELECT d.key from DataEncryptKeystore d where d.id = :id")
 	String findKeyById(@Param("id") Integer id);