Add salting

1904labs · Jul 19, 2018 · eb73bc6 · eb73bc6
1 parent d4bb600
commit eb73bc6
Show file tree

Hide file tree

Showing 9 changed files with 28 additions and 13 deletions.
diff --git a/nifi-encrypt-value-nar/pom.xml b/nifi-encrypt-value-nar/pom.xml
@@ -19,11 +19,11 @@
     <parent>
         <groupId>com.nineteen04labs</groupId>
         <artifactId>nifi-encrypt-value-bundle</artifactId>
-        <version>18.07.2</version>
+        <version>18.07.3</version>
     </parent>
 
     <artifactId>nifi-encrypt-value-nar</artifactId>
-    <version>18.07.2</version>
+    <version>18.07.3</version>
     <packaging>nar</packaging>
     <properties>
         <maven.javadoc.skip>true</maven.javadoc.skip>
@@ -34,7 +34,7 @@
         <dependency>
             <groupId>com.nineteen04labs</groupId>
             <artifactId>nifi-encrypt-value-processors</artifactId>
-            <version>18.07.2</version>
+            <version>18.07.3</version>
         </dependency>
     </dependencies>
 

diff --git a/nifi-encrypt-value-processors/pom.xml b/nifi-encrypt-value-processors/pom.xml
@@ -20,7 +20,7 @@
     <parent>
         <groupId>com.nineteen04labs</groupId>
         <artifactId>nifi-encrypt-value-bundle</artifactId>
-        <version>18.07.2</version>
+        <version>18.07.3</version>
     </parent>
 
     <artifactId>nifi-encrypt-value-processors</artifactId>

diff --git a/...lue-processors/src/main/java/com/nineteen04labs/processors/encryptvalue/EncryptValue.java b/...lue-processors/src/main/java/com/nineteen04labs/processors/encryptvalue/EncryptValue.java
@@ -49,7 +49,7 @@
 import org.apache.nifi.processor.exception.ProcessException;
 import org.apache.nifi.processor.io.StreamCallback;
 
-@Tags({"encrypt", "hash", "json", "pii"})
+@Tags({"encrypt", "hash", "json", "pii", "salt"})
 @CapabilityDescription("Encrypts the values of the given fields of a FlowFile. The original value is replaced with the hashed one.")
 public class EncryptValue extends AbstractProcessor {
 
@@ -63,6 +63,7 @@ protected void init(final ProcessorInitializationContext context) {
         descriptors.add(EncryptValueProperties.AVRO_SCHEMA);
         descriptors.add(EncryptValueProperties.FIELD_NAMES);
         descriptors.add(EncryptValueProperties.HASH_ALG);
+        descriptors.add(EncryptValueProperties.SALT);
         this.descriptors = Collections.unmodifiableList(descriptors);
 
         final Set<Relationship> relationships = new HashSet<Relationship>();
@@ -98,6 +99,7 @@ public void onTrigger(final ProcessContext context, final ProcessSession session
             final String flowFormat = context.getProperty(EncryptValueProperties.FLOW_FORMAT).getValue();
             final String schemaString = context.getProperty(EncryptValueProperties.AVRO_SCHEMA).getValue();
             final String algorithm = context.getProperty(EncryptValueProperties.HASH_ALG).getValue();
+            final String salt = context.getProperty(EncryptValueProperties.SALT).getValue();
 
             session.write(flowFile, new StreamCallback(){
                 @Override
@@ -129,7 +131,7 @@ public void process(InputStream in, OutputStream out) throws IOException {
                                 if ("null".equals(valueToHash))
                                     jsonGen.writeNull();
                                 else {
-                                    String hashedValue = Encryption.hashValue(valueToHash, algorithm);
+                                    String hashedValue = Encryption.hashValue(valueToHash, salt, algorithm);
                                     jsonGen.writeString(hashedValue);
                                 }
                             }

diff --git a/...sors/src/main/java/com/nineteen04labs/processors/encryptvalue/EncryptValueProperties.java b/...sors/src/main/java/com/nineteen04labs/processors/encryptvalue/EncryptValueProperties.java
@@ -53,10 +53,19 @@ public class EncryptValueProperties {
     public static final PropertyDescriptor HASH_ALG = new PropertyDescriptor
             .Builder().name("HASH_ALG")
             .displayName("Hash Algorithm")
-            .description("Determines what hashing algorithm should be used to perform the encryption")
+            .description("Determines what hashing algorithm should be used to perform the encryption.")
             .required(true)
             .allowableValues(Encryption.getAvailableAlgorithms())
             .defaultValue("SHA-512")
             .build();
 
+    public static final PropertyDescriptor SALT = new PropertyDescriptor
+            .Builder().name("SALT")
+            .displayName("Salt")
+            .description("Salt used in hashing.")
+            .required(false)
+            .addValidator(StandardValidators.NON_EMPTY_VALIDATOR)
+            .expressionLanguageSupported(true)
+            .build();
+
 }
diff --git a/...encrypt-value-processors/src/main/java/com/nineteen04labs/processors/util/Encryption.java b/...encrypt-value-processors/src/main/java/com/nineteen04labs/processors/util/Encryption.java
@@ -41,9 +41,11 @@ public static Set<String> getAvailableAlgorithms() {
         return algorithms;
     }
 
-    public static String hashValue(String valueToHash, String algorithm) {
+    public static String hashValue(String valueToHash, String salt, String algorithm) {
         try{
             MessageDigest digest = MessageDigest.getInstance(algorithm);
+            if (salt != null)
+                digest.update(salt.getBytes());
             byte[] hash = digest.digest(valueToHash.getBytes(StandardCharsets.UTF_8));
             StringBuffer buffer = new StringBuffer();
             for (byte b : hash) {

diff --git a/...essors/src/test/java/com/nineteen04labs/processors/encryptvalue/EncryptValueAvroTest.java b/...essors/src/test/java/com/nineteen04labs/processors/encryptvalue/EncryptValueAvroTest.java
@@ -26,10 +26,8 @@
 import org.apache.nifi.util.TestRunner;
 import org.apache.nifi.util.TestRunners;
 import org.junit.Before;
-import org.junit.Ignore;
 import org.junit.Test;
 
-@Ignore
 public class EncryptValueAvroTest {
 
     private final Path unencryptedFile = Paths.get("src/test/resources/unencrypted.avro");
@@ -51,6 +49,7 @@ public void testNoEncryption() throws IOException {
         runner.setProperty(EncryptValueProperties.FLOW_FORMAT, "AVRO");
         runner.setProperty(EncryptValueProperties.AVRO_SCHEMA, avroSchema);
         runner.setProperty(EncryptValueProperties.HASH_ALG, "SHA-512");
+        runner.setProperty(EncryptValueProperties.SALT, "ef3de698a8956f6eff8b7344407d861b7");
         runner.setValidateExpressionUsage(false);
 
         runner.enqueue(unencryptedFile);
@@ -69,6 +68,7 @@ private void testEncryption(final String hashAlgorithm) throws IOException {
         runner.setProperty(EncryptValueProperties.FLOW_FORMAT, "AVRO");
         runner.setProperty(EncryptValueProperties.AVRO_SCHEMA, avroSchema);
         runner.setProperty(EncryptValueProperties.HASH_ALG, hashAlgorithm);
+        runner.setProperty(EncryptValueProperties.SALT, "ef3de698a8956f6eff8b7344407d861b7");
         runner.setValidateExpressionUsage(false);
 
         runner.enqueue(unencryptedFile);

diff --git a/...essors/src/test/java/com/nineteen04labs/processors/encryptvalue/EncryptValueJsonTest.java b/...essors/src/test/java/com/nineteen04labs/processors/encryptvalue/EncryptValueJsonTest.java
@@ -40,6 +40,7 @@ public void testSHA512() throws IOException {
     public void testNoEncryption() throws IOException {
         runner.setProperty(EncryptValueProperties.FLOW_FORMAT, "JSON");
         runner.setProperty(EncryptValueProperties.HASH_ALG, "SHA-512");
+        runner.setProperty(EncryptValueProperties.SALT, "ef3de698a8956f6eff8b7344407d861b7");
         runner.setValidateExpressionUsage(false);
 
         runner.enqueue(unencryptedFile);
@@ -57,6 +58,7 @@ private void testEncryption(final String hashAlgorithm, final Path encryptedFile
         runner.setProperty(EncryptValueProperties.FIELD_NAMES, "first_name,last_name,card_number");
         runner.setProperty(EncryptValueProperties.FLOW_FORMAT, "JSON");
         runner.setProperty(EncryptValueProperties.HASH_ALG, hashAlgorithm);
+        runner.setProperty(EncryptValueProperties.SALT, "ef3de698a8956f6eff8b7344407d861b7");
         runner.setValidateExpressionUsage(false);
 
         runner.enqueue(unencryptedFile);

diff --git a/nifi-encrypt-value-processors/src/test/resources/sha512.json b/nifi-encrypt-value-processors/src/test/resources/sha512.json
@@ -1,2 +1,2 @@
-{"status":"active","location":{"state":"CA","country":"US"},"first_name":"019542970f4628243c4353bc2cdda0e17c42acc8a532d1ac0bfb5fdbe2afe143434f6d03a3e0586dea72fc78dc6c9607d05250fc8906f7428e756cf9020bd84b","last_name":"20ff29ae253bf483fb5f3d95e3aaea1cb4d62c95972827838a1b4debfd05470c138e8e9b1b1eca74eb46da6f4d578279a88b452bb2f6b2e8ae2e473e37a054e1","title":"Ms","created_at":"2015-09-03T01:23:20.605354","updated_at":"2016-09-18T20:05:20.747376","entity":"bed56c6310c6497b8c456b9244c2a427","position":"Chair, BILETA","id":"ffabd37094c24626a6901a03799c35d2","card_number":"4572b7b391c982302250b0c9312bcd4304d42d4214a968a749666f28b9db16abb9536a89470a2f4399d31c17d9ed6237c59a3cb9503883e95cb15d35b53c4919"}
-{"status":"active","location":{"state":"MO","country":"US"},"first_name":"123c86e1f2ac255ba31f1ad742defe23d194269669d2aac0d2572e20e9378e395976f84db305caeba1f91e7996463031d4c49365a7a9f4c7dc404873ad330974","last_name":"2f41f4845f1be07652c5888a45b327b5c0b9ef324f7e9cf840721161af425afdd2cd574f7ef9d9877ef43bcd076b2640135d40d49e26b8134e43e822ff070680","title":"Mr","created_at":"2016-03-11T11:11:11.986462","updated_at":"2017-12-10T10:10:10.9047382","entity":"klo36c6310c6497b8c456b9244c0pl4n","position":"Chair, BILETA","id":"ud96d37094c24626a6901a03798jnm5g","card_number":"3569541bdd41ea2880590b0b38a6439f3e2c674dd2f27bfb81673dc920408af13b43bf4cca8803d8b91652e7a6944896cf0906818e1c9e97d455643ba9871ee9"}
+{"status":"active","location":{"state":"CA","country":"US"},"first_name":"9e4f6dc9c4361312fe80cfe4c72502fabecd20dd62e06675d12b733b23d851d6bef5bb584a07b89d804a51b8b2d18a1d2a37a4b0dcd711297a25882aa413a474","last_name":"62f97219acfdef15251223dbc625e3bc0941be2ebc7fa5b20a6dfbb9cda9a822e3c68293a8b1bb48b2c6668a031cf772df7918d6c823f8c17a105f74c3aa072e","title":"Ms","created_at":"2015-09-03T01:23:20.605354","updated_at":"2016-09-18T20:05:20.747376","entity":"bed56c6310c6497b8c456b9244c2a427","position":"Chair, BILETA","id":"ffabd37094c24626a6901a03799c35d2","card_number":"39c8a07b6585c8783427a0687a0766cd41b919aecbb7725e7f9e1fb09bdf74b5b21e31ddda74da84f32535aa3491e0b35cadcc9eac4f998c89dea9aeee7ba2f3"}
+{"status":"active","location":{"state":"MO","country":"US"},"first_name":"1422c9ef5a41899e3cd612fae85b39c27b63e8d7814e479a4ac9d2a58fb38ceca1d554051ae7f5d8d6ec310c18c44fae8f3114be8b660de4c3afb7967634b4ef","last_name":"89b51e56e6d80c8c1d180edf11cbaba449db1ea258dc8d7e25e964de33e715fd372894d0cda90d74f4e969f8dabdd132d38f2ed9b02ddace667197af0e1024b8","title":"Mr","created_at":"2016-03-11T11:11:11.986462","updated_at":"2017-12-10T10:10:10.9047382","entity":"klo36c6310c6497b8c456b9244c0pl4n","position":"Chair, BILETA","id":"ud96d37094c24626a6901a03798jnm5g","card_number":"47574ef4550fd1a651373bacea62e3205e487e8f770fc64b4024ca17047751d46c2896300d3ae1cd468a68ed0abea9a0265589f6c0ef787c0b1ecc9d0e401d6d"}
diff --git a/pom.xml b/pom.xml
@@ -24,7 +24,7 @@
 
     <groupId>com.nineteen04labs</groupId>
     <artifactId>nifi-encrypt-value-bundle</artifactId>
-    <version>18.07.2</version>
+    <version>18.07.3</version>
     <packaging>pom</packaging>
 
     <modules>