Merge pull request #742 from catenax-ng/hotfix/0.1.5

release hotfix/0.1.5

docs/release-notes/Version 0.1.5.md

@@ -0,0 +1,25 @@
+# Release Notes Version 0.1.5
+
+13.02.2023
+
+## 0. Summary
+
+1. [Version updates](#1-version-updates)
+   - Use patched EDC version: 0.0.1-20220922.2-SNAPSHOT
+2. [Extensions](#2-extensions)
+   - [2.1 Data Encryption Extension](#22-data-encryption-extension)
+       - Fixed usage of a blocking algorithm
+
+## 1. Version Updates
+
+## 1.1 Use patched EDC version: 0.0.1-20220922.2-SNAPSHOT
+
+The version has been updated to the patched version `0.0.1-20220922.2-SNAPSHOT` that brings in a bugfix regarding the
+catalog pagination. [GitHub issue](https://github.com/eclipse-edc/Connector/issues/2008)
+
+## 2. Extensions
+
+### 2.2 Data Encryption Extension
+
+The encryption of the `EndpointDataReference` took up to 3 minutes unter certain circumstances.
+This was fixed by using a not blocking algorithm and setting the Java CMD flag `java.security.egd` correctly.

edc-controlplane/edc-controlplane-memory/src/main/docker/Dockerfile

@@ -10,13 +10,13 @@
 #  Contributors:
 #       Mercedes-Benz Tech Innovation GmbH - Initial Dockerfile
 #
-FROM alpine:3.16.2 as otel
+FROM alpine:3.17.1 as otel
 
 ENV OTEL_AGENT_LOCATION "https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v1.12.1/opentelemetry-javaagent.jar"
 
 RUN wget ${OTEL_AGENT_LOCATION} -O /tmp/opentelemetry-javaagent.jar
 
-FROM alpine:3.16.2
+FROM alpine:3.17.1
 
 ARG JAR
 ARG LIB
@@ -25,7 +25,7 @@ ARG APP_USER=docker
 ARG APP_UID=10100
 
 RUN apk update && \
-    apk add openjdk11-jre-headless=11.0.16.1_p1-r0 --no-cache && \
+    apk add openjdk11-jre-headless=11.0.18_p10-r0 --no-cache && \
     rm -rf /var/cache/apk/*
 
 RUN addgroup --system "$APP_USER"
@@ -53,6 +53,6 @@ CMD ["java", \
      "-Dotel.javaagent.configuration-file=/app/opentelemetry.properties", \
      "-Dotel.metrics.exporter=prometheus", \
      "-Dotel.exporter.prometheus.port=9090", \
-     "-Djava.security.edg=file:/dev/.urandom", \
+     "-Djava.security.egd=file:/dev/urandom", \
      "-jar", \
      "edc-controlplane.jar"]

edc-controlplane/edc-controlplane-postgresql-hashicorp-vault/src/main/docker/Dockerfile

@@ -10,13 +10,14 @@
 #  Contributors:
 #       Mercedes-Benz Tech Innovation GmbH - Initial Dockerfile
 #
-FROM alpine:3.16.2 as otel
+
+FROM alpine:3.17.1 as otel
 
 ENV OTEL_AGENT_LOCATION "https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v1.12.1/opentelemetry-javaagent.jar"
 
 RUN wget ${OTEL_AGENT_LOCATION} -O /tmp/opentelemetry-javaagent.jar
 
-FROM alpine:3.16.2
+FROM alpine:3.17.1
 
 ARG JAR
 ARG LIB
@@ -25,7 +26,7 @@ ARG APP_USER=docker
 ARG APP_UID=10100
 
 RUN apk update && \
-    apk add openjdk11-jre-headless=11.0.16.1_p1-r0 --no-cache && \
+    apk add openjdk11-jre-headless=11.0.18_p10-r0 --no-cache && \
     rm -rf /var/cache/apk/*
 
 RUN addgroup --system "$APP_USER"
@@ -53,6 +54,6 @@ CMD ["java", \
      "-Dotel.javaagent.configuration-file=/app/opentelemetry.properties", \
      "-Dotel.metrics.exporter=prometheus", \
      "-Dotel.exporter.prometheus.port=9090", \
-     "-Djava.security.edg=file:/dev/.urandom", \
+     "-Djava.security.egd=file:/dev/urandom", \
      "-jar", \
      "edc-controlplane.jar"]

edc-controlplane/edc-controlplane-postgresql/src/main/docker/Dockerfile

@@ -10,13 +10,14 @@
 #  Contributors:
 #       Mercedes-Benz Tech Innovation GmbH - Initial Dockerfile
 #
-FROM alpine:3.16.2 as otel
+
+FROM alpine:3.17.1 as otel
 
 ENV OTEL_AGENT_LOCATION "https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v1.12.1/opentelemetry-javaagent.jar"
 
 RUN wget ${OTEL_AGENT_LOCATION} -O /tmp/opentelemetry-javaagent.jar
 
-FROM alpine:3.16.2
+FROM alpine:3.17.1
 
 ARG JAR
 ARG LIB
@@ -25,7 +26,7 @@ ARG APP_USER=docker
 ARG APP_UID=10100
 
 RUN apk update && \
-    apk add openjdk11-jre-headless=11.0.16.1_p1-r0 --no-cache && \
+    apk add openjdk11-jre-headless=11.0.18_p10-r0 --no-cache && \
     rm -rf /var/cache/apk/*
 
 RUN addgroup --system "$APP_USER"
@@ -53,6 +54,6 @@ CMD ["java", \
      "-Dotel.javaagent.configuration-file=/app/opentelemetry.properties", \
      "-Dotel.metrics.exporter=prometheus", \
      "-Dotel.exporter.prometheus.port=9090", \
-     "-Djava.security.edg=file:/dev/.urandom", \
+     "-Djava.security.egd=file:/dev/urandom", \
      "-jar", \
      "edc-controlplane.jar"]

edc-dataplane/edc-dataplane-azure-vault/src/main/docker/Dockerfile

@@ -10,13 +10,13 @@
 #  Contributors:
 #       Mercedes-Benz Tech Innovation GmbH - Initial Dockerfile
 #
-FROM alpine:3.16.2 as otel
+FROM alpine:3.17.1 as otel
 
 ENV OTEL_AGENT_LOCATION "https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v1.12.1/opentelemetry-javaagent.jar"
 
 RUN wget ${OTEL_AGENT_LOCATION} -O /tmp/opentelemetry-javaagent.jar
 
-FROM alpine:3.16.2
+FROM alpine:3.17.1
 
 ARG JAR
 ARG LIB
@@ -25,7 +25,7 @@ ARG APP_USER=docker
 ARG APP_UID=10100
 
 RUN apk update && \
-    apk add openjdk11-jre-headless=11.0.16.1_p1-r0 --no-cache && \
+    apk add openjdk11-jre-headless=11.0.18_p10-r0 --no-cache && \
     rm -rf /var/cache/apk/*
 
 RUN addgroup --system "$APP_USER"
@@ -53,6 +53,6 @@ CMD ["java", \
      "-Dotel.javaagent.configuration-file=/app/opentelemetry.properties", \
      "-Dotel.metrics.exporter=prometheus", \
      "-Dotel.exporter.prometheus.port=9090", \
-     "-Djava.security.edg=file:/dev/.urandom", \
+     "-Djava.security.egd=file:/dev/urandom", \
      "-jar", \
      "edc-dataplane.jar"]

edc-dataplane/edc-dataplane-hashicorp-vault/src/main/docker/Dockerfile

@@ -10,13 +10,13 @@
 #  Contributors:
 #       Mercedes-Benz Tech Innovation GmbH - Initial Dockerfile
 #
-FROM alpine:3.16.2 as otel
+FROM alpine:3.17.1 as otel
 
 ENV OTEL_AGENT_LOCATION "https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v1.12.1/opentelemetry-javaagent.jar"
 
 RUN wget ${OTEL_AGENT_LOCATION} -O /tmp/opentelemetry-javaagent.jar
 
-FROM alpine:3.16.2
+FROM alpine:3.17.1
 
 ARG JAR
 ARG LIB
@@ -25,7 +25,7 @@ ARG APP_USER=docker
 ARG APP_UID=10100
 
 RUN apk update && \
-    apk add openjdk11-jre-headless=11.0.16.1_p1-r0 --no-cache && \
+    apk add openjdk11-jre-headless=11.0.18_p10-r0 --no-cache && \
     rm -rf /var/cache/apk/*
 
 RUN addgroup --system "$APP_USER"
@@ -53,6 +53,6 @@ CMD ["java", \
      "-Dotel.javaagent.configuration-file=/app/opentelemetry.properties", \
      "-Dotel.metrics.exporter=prometheus", \
      "-Dotel.exporter.prometheus.port=9090", \
-     "-Djava.security.edg=file:/dev/.urandom", \
+     "-Djava.security.egd=file:/dev/urandom", \
      "-jar", \
      "edc-dataplane.jar"]

edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/BusinessPartnerValidationExtension.java

@@ -22,10 +22,10 @@
 import org.eclipse.dataspaceconnector.policy.model.Duty;
 import org.eclipse.dataspaceconnector.policy.model.Permission;
 import org.eclipse.dataspaceconnector.policy.model.Prohibition;
-import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Requires;
 import org.eclipse.dataspaceconnector.spi.monitor.Monitor;
 import org.eclipse.dataspaceconnector.spi.policy.engine.PolicyEngine;
 import org.eclipse.dataspaceconnector.spi.policy.engine.RuleBindingRegistry;
+import org.eclipse.dataspaceconnector.spi.system.Requires;
 import org.eclipse.dataspaceconnector.spi.system.ServiceExtension;
 import org.eclipse.dataspaceconnector.spi.system.ServiceExtensionContext;
 

edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/OAuth2Extension.java

@@ -18,16 +18,12 @@
 import lombok.Setter;
 import okhttp3.OkHttpClient;
 import org.eclipse.dataspaceconnector.iam.oauth2.spi.Oauth2JwtDecoratorRegistry;
-import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.EdcSetting;
-import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Inject;
-import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Provides;
-import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Requires;
 import org.eclipse.dataspaceconnector.spi.EdcException;
+import org.eclipse.dataspaceconnector.spi.EdcSetting;
 import org.eclipse.dataspaceconnector.spi.iam.IdentityService;
 import org.eclipse.dataspaceconnector.spi.jwt.TokenGenerationService;
 import org.eclipse.dataspaceconnector.spi.jwt.TokenValidationService;
-import org.eclipse.dataspaceconnector.spi.system.ServiceExtension;
-import org.eclipse.dataspaceconnector.spi.system.ServiceExtensionContext;
+import org.eclipse.dataspaceconnector.spi.system.*;
 
 @Provides(IdentityService.class)
 @Requires({

edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/JwtDecoratorExtension.java

@@ -21,14 +21,10 @@
 import lombok.NonNull;
 import lombok.Setter;
 import org.eclipse.dataspaceconnector.iam.oauth2.spi.Oauth2JwtDecoratorRegistry;
-import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.EdcSetting;
-import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Inject;
-import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Provides;
-import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Requires;
 import org.eclipse.dataspaceconnector.spi.EdcException;
+import org.eclipse.dataspaceconnector.spi.EdcSetting;
 import org.eclipse.dataspaceconnector.spi.security.CertificateResolver;
-import org.eclipse.dataspaceconnector.spi.system.ServiceExtension;
-import org.eclipse.dataspaceconnector.spi.system.ServiceExtensionContext;
+import org.eclipse.dataspaceconnector.spi.system.*;
 
 @Provides(Oauth2JwtDecoratorRegistry.class)
 @Requires(CertificateResolver.class)

edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/generator/JwtTokenGenerationServiceExtension.java

@@ -16,14 +16,10 @@
 import java.security.PrivateKey;
 import lombok.NonNull;
 import lombok.Setter;
-import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.EdcSetting;
-import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Inject;
-import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Provides;
-import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Requires;
+import org.eclipse.dataspaceconnector.spi.EdcSetting;
 import org.eclipse.dataspaceconnector.spi.jwt.TokenGenerationService;
 import org.eclipse.dataspaceconnector.spi.security.PrivateKeyResolver;
-import org.eclipse.dataspaceconnector.spi.system.ServiceExtension;
-import org.eclipse.dataspaceconnector.spi.system.ServiceExtensionContext;
+import org.eclipse.dataspaceconnector.spi.system.*;
 
 @Provides(TokenGenerationService.class)
 @Requires(PrivateKeyResolver.class)

edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/validation/JwtValidationExtension.java

@@ -28,13 +28,9 @@
 import net.catenax.edc.oauth2.jwk.RsaPublicKeyReader;
 import okhttp3.OkHttpClient;
 import org.eclipse.dataspaceconnector.iam.oauth2.spi.Oauth2ValidationRulesRegistry;
-import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.EdcSetting;
-import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Inject;
-import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Provides;
-import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Requires;
+import org.eclipse.dataspaceconnector.spi.EdcSetting;
 import org.eclipse.dataspaceconnector.spi.jwt.TokenValidationService;
-import org.eclipse.dataspaceconnector.spi.system.ServiceExtension;
-import org.eclipse.dataspaceconnector.spi.system.ServiceExtensionContext;
+import org.eclipse.dataspaceconnector.spi.system.*;
 
 @Provides(TokenValidationService.class)
 @Requires({OkHttpClient.class, Clock.class})

edc-extensions/data-encryption/src/main/java/net/catenax/edc/data/encryption/DataEncryptionExtension.java

@@ -22,12 +22,12 @@
 import net.catenax.edc.data.encryption.key.CryptoKeyFactory;
 import net.catenax.edc.data.encryption.key.CryptoKeyFactoryImpl;
 import net.catenax.edc.data.encryption.provider.AesKeyProvider;
-import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.EdcSetting;
-import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Provides;
-import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Requires;
 import org.eclipse.dataspaceconnector.spi.EdcException;
+import org.eclipse.dataspaceconnector.spi.EdcSetting;
 import org.eclipse.dataspaceconnector.spi.monitor.Monitor;
 import org.eclipse.dataspaceconnector.spi.security.Vault;
+import org.eclipse.dataspaceconnector.spi.system.Provides;
+import org.eclipse.dataspaceconnector.spi.system.Requires;
 import org.eclipse.dataspaceconnector.spi.system.ServiceExtension;
 import org.eclipse.dataspaceconnector.spi.system.ServiceExtensionContext;
 import org.eclipse.dataspaceconnector.transfer.dataplane.spi.security.DataEncrypter;

edc-extensions/data-encryption/src/main/java/net/catenax/edc/data/encryption/algorithms/aes/AesAlgorithm.java

@@ -16,33 +16,45 @@
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
 import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
 import javax.crypto.IllegalBlockSizeException;
 import javax.crypto.NoSuchPaddingException;
 import javax.crypto.spec.GCMParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
 import lombok.NonNull;
+import lombok.SneakyThrows;
 import net.catenax.edc.data.encryption.algorithms.CryptoAlgorithm;
 import net.catenax.edc.data.encryption.data.CryptoDataFactory;
 import net.catenax.edc.data.encryption.data.DecryptedData;
 import net.catenax.edc.data.encryption.data.EncryptedData;
 import net.catenax.edc.data.encryption.key.AesKey;
 import net.catenax.edc.data.encryption.util.ArrayUtil;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.jetbrains.annotations.NotNull;
 
 public class AesAlgorithm implements CryptoAlgorithm<AesKey> {
 
   private static final String AES_GCM = "AES/GCM/NoPadding";
   private static final String AES = "AES";
   private static final Object MONITOR = new Object();
 
+  private final SecureRandom secureRandom;
+
   @NonNull private final CryptoDataFactory cryptoDataFactory;
   private AesInitializationVectorIterator initializationVectorIterator;
 
-  public AesAlgorithm(CryptoDataFactory cryptoDataFactory) {
+  @SneakyThrows
+  public AesAlgorithm(@NotNull CryptoDataFactory cryptoDataFactory) {
     this.cryptoDataFactory = cryptoDataFactory;
-    this.initializationVectorIterator = new AesInitializationVectorIterator();
+
+    // We use new SecureRandom() and not SecureRandom.getInstanceStrong(), as the second one
+    // would use a blocking algorithm, which leads to an increased encryption time of up to 3
+    // minutes. Since we have already used /dev/urandom, which only provides pseudo-randomness and
+    // is also non-blocking, switching to a non-blocking algorithm should not matter here either.
+    this.secureRandom = new SecureRandom();
+    this.initializationVectorIterator = new AesInitializationVectorIterator(this.secureRandom);
   }
 
   @Override
@@ -53,7 +65,7 @@ public synchronized EncryptedData encrypt(DecryptedData data, AesKey key)
     final byte[] initializationVector;
     synchronized (MONITOR) {
       if (!initializationVectorIterator.hasNext()) {
-        initializationVectorIterator = new AesInitializationVectorIterator();
+        initializationVectorIterator = new AesInitializationVectorIterator(this.secureRandom);
       }
 
       initializationVector = initializationVectorIterator.next();
@@ -86,4 +98,8 @@ public DecryptedData decrypt(EncryptedData data, AesKey key)
     byte[] decryptedData = cipher.doFinal(encrypted);
     return cryptoDataFactory.decryptedFromBytes(decryptedData);
   }
+
+  public String getAlgorithm() {
+    return this.secureRandom.getAlgorithm();
+  }
 }

edc-extensions/data-encryption/src/main/java/net/catenax/edc/data/encryption/algorithms/aes/AesInitializationVectorIterator.java

@@ -16,19 +16,20 @@
 import java.security.SecureRandom;
 import java.util.Iterator;
 import java.util.NoSuchElementException;
-import lombok.SneakyThrows;
 import net.catenax.edc.data.encryption.util.ArrayUtil;
 
 public class AesInitializationVectorIterator implements Iterator<byte[]> {
 
   public static final int RANDOM_SIZE = 12;
   public static final int COUNTER_SIZE = 4;
-  public static final int VECTOR_SIZE = RANDOM_SIZE + COUNTER_SIZE;
 
   private final ByteCounter counter;
 
-  public AesInitializationVectorIterator() {
-    counter = new ByteCounter(COUNTER_SIZE);
+  private SecureRandom secureRandom;
+
+  public AesInitializationVectorIterator(SecureRandom secureRandom) {
+    this.counter = new ByteCounter(COUNTER_SIZE);
+    this.secureRandom = secureRandom;
   }
 
   public AesInitializationVectorIterator(ByteCounter byteCounter) {
@@ -52,11 +53,9 @@ public byte[] next() {
     return ArrayUtil.concat(random, counter.getBytes());
   }
 
-  @SneakyThrows
   public byte[] getNextRandom() {
-    SecureRandom random = SecureRandom.getInstanceStrong();
     byte[] newVector = new byte[RANDOM_SIZE];
-    random.nextBytes(newVector);
+    secureRandom.nextBytes(newVector);
     return newVector;
   }
 }