chore(encryption) use CipherMode.CBC instead of CFB

eclipse-tractusx · Mar 4, 2024 · 84f5714 · 84f5714
1 parent 0c18b6f
commit 84f5714
Show file tree

Hide file tree

Showing 6 changed files with 13 additions and 13 deletions.
diff --git a/src/administration/Administration.Service/BusinessLogic/RegistrationStatusBusinessLogic.cs b/src/administration/Administration.Service/BusinessLogic/RegistrationStatusBusinessLogic.cs
@@ -59,7 +59,7 @@ public async Task SetCallbackAddress(OnboardingServiceProviderCallbackRequestDat
             throw new ForbiddenException($"Only {CompanyRoleId.ONBOARDING_SERVICE_PROVIDER} are allowed to set the callback url");
         }
 
-        var cryptoConfig = _settings.EncryptionConfig.SingleOrDefault(x => x.Index == _settings.EncrptionConfigIndex) ?? throw new ConfigurationException($"EncryptionModeIndex {_settings.EncrptionConfigIndex} is not configured");
+        var cryptoConfig = _settings.EncryptionConfigs.SingleOrDefault(x => x.Index == _settings.EncrptionConfigIndex) ?? throw new ConfigurationException($"EncryptionModeIndex {_settings.EncrptionConfigIndex} is not configured");
         var (secret, initializationVector) = CryptoHelper.Encrypt(requestData.ClientSecret, Convert.FromHexString(cryptoConfig.EncryptionKey), cryptoConfig.CipherMode, cryptoConfig.PaddingMode);
 
         if (ospDetails != null)

diff --git a/...nboardingServiceProvider.Library/DependencyInjection/OnboardingServiceProviderSettings.cs b/...nboardingServiceProvider.Library/DependencyInjection/OnboardingServiceProviderSettings.cs
@@ -25,7 +25,7 @@ namespace Org.Eclipse.TractusX.Portal.Backend.OnboardingServiceProvider.Library.
 public class OnboardingServiceProviderSettings
 {
     [Required]
-    public IEnumerable<EncryptionModeConfig> EncryptionConfig { get; set; } = null!;
+    public IEnumerable<EncryptionModeConfig> EncryptionConfigs { get; set; } = null!;
 
     [Required]
     public int EncrptionConfigIndex { get; set; }

diff --git a/...ternalsystems/OnboardingServiceProvider.Library/OnboardingServiceProviderBusinessLogic.cs b/...ternalsystems/OnboardingServiceProvider.Library/OnboardingServiceProviderBusinessLogic.cs
@@ -81,7 +81,7 @@ public OnboardingServiceProviderBusinessLogic(IOnboardingServiceProviderService
                 throw new ArgumentException($"{processStepTypeId} is not supported");
         }
 
-        var cryptoConfig = _settings.EncryptionConfig.SingleOrDefault(x => x.Index == data.OspDetails.EncryptionMode) ?? throw new ConfigurationException($"EncryptionModeIndex {data.OspDetails.EncryptionMode} is not configured");
+        var cryptoConfig = _settings.EncryptionConfigs.SingleOrDefault(x => x.Index == data.OspDetails.EncryptionMode) ?? throw new ConfigurationException($"EncryptionModeIndex {data.OspDetails.EncryptionMode} is not configured");
         var secret = CryptoHelper.Decrypt(data.OspDetails.ClientSecret, data.OspDetails.InitializationVector, Convert.FromHexString(cryptoConfig.EncryptionKey), cryptoConfig.CipherMode, cryptoConfig.PaddingMode);
 
         await _onboardingServiceProviderService.TriggerProviderCallback(

diff --git a/...tration/Administration.Service.Tests/BusinessLogic/RegistrationStatusBusinessLogicTest.cs b/...tration/Administration.Service.Tests/BusinessLogic/RegistrationStatusBusinessLogicTest.cs
@@ -60,10 +60,10 @@ public RegistrationStatusBusinessLogicTest()
 
         _options = new OnboardingServiceProviderSettings
         {
-            EncryptionConfig = new EncryptionModeConfig[]
+            EncryptionConfigs = new EncryptionModeConfig[]
             {
                 new() { Index=0, EncryptionKey=Convert.ToHexString(_fixture.CreateMany<byte>(32).ToArray()), CipherMode=CipherMode.ECB, PaddingMode=PaddingMode.PKCS7 },
-                new() { Index=1, EncryptionKey=Convert.ToHexString(_fixture.CreateMany<byte>(32).ToArray()), CipherMode=CipherMode.CFB, PaddingMode=PaddingMode.PKCS7 },
+                new() { Index=1, EncryptionKey=Convert.ToHexString(_fixture.CreateMany<byte>(32).ToArray()), CipherMode=CipherMode.CBC, PaddingMode=PaddingMode.PKCS7 },
             },
             EncrptionConfigIndex = 1
         };
@@ -178,11 +178,11 @@ public async Task SetCallbackAddress_WithOspData_UpdatesEntry()
         A.CallTo(() => _portalRepositories.SaveAsync())
             .MustHaveHappenedOnceExactly();
 
-        var cryptoConfig = _options.EncryptionConfig.ElementAtOrDefault(_options.EncrptionConfigIndex);
+        var cryptoConfig = _options.EncryptionConfigs.ElementAtOrDefault(_options.EncrptionConfigIndex);
         cryptoConfig.Should().NotBeNull()
             .And.Match<EncryptionModeConfig>(x =>
                 x.Index == 1 &&
-                x.CipherMode == CipherMode.CFB &&
+                x.CipherMode == CipherMode.CBC &&
                 x.PaddingMode == PaddingMode.PKCS7
             );
 

diff --git a/...ms/OnboardingServiceProvider.Library.Tests/OnboardingServiceProviderBusinessLogicTests.cs b/...ms/OnboardingServiceProvider.Library.Tests/OnboardingServiceProviderBusinessLogicTests.cs
@@ -56,10 +56,10 @@ public OnboardingServiceProviderBusinessLogicTests()
 
         _settings = new OnboardingServiceProviderSettings
         {
-            EncryptionConfig = new EncryptionModeConfig[]
+            EncryptionConfigs = new EncryptionModeConfig[]
             {
                 new() { Index=0, EncryptionKey="2b7e151628aed2a6abf715892b7e151628aed2a6abf715892b7e151628aed2a6", CipherMode=CipherMode.ECB, PaddingMode=PaddingMode.PKCS7 },
-                new() { Index=1, EncryptionKey="5892b7e151628aed2a6abf715892b7e151628aed2a62b7e151628aed2a6abf71", CipherMode=CipherMode.CFB, PaddingMode=PaddingMode.PKCS7 },
+                new() { Index=1, EncryptionKey="5892b7e151628aed2a6abf715892b7e151628aed2a62b7e151628aed2a6abf71", CipherMode=CipherMode.CBC, PaddingMode=PaddingMode.PKCS7 },
             },
             EncrptionConfigIndex = 1
         };
@@ -149,9 +149,9 @@ public async Task TriggerProviderCallback_WithWrongProcessStepTypeId_ThrowsUnexp
     [InlineData("/UJ0wr5w1HiXaLo25QfxqXWhyq6Pa9w+CvBFNs1782s=", null, 0, ProcessStepTypeId.TRIGGER_CALLBACK_OSP_SUBMITTED, "Application 2b965267-555c-4834-a323-09b7858c29ae has been submitted for further processing", CompanyApplicationStatusId.SUBMITTED)]
     [InlineData("/UJ0wr5w1HiXaLo25QfxqXWhyq6Pa9w+CvBFNs1782s=", null, 0, ProcessStepTypeId.TRIGGER_CALLBACK_OSP_APPROVED, "Application 2b965267-555c-4834-a323-09b7858c29ae has been approved", CompanyApplicationStatusId.CONFIRMED)]
     [InlineData("/UJ0wr5w1HiXaLo25QfxqXWhyq6Pa9w+CvBFNs1782s=", null, 0, ProcessStepTypeId.TRIGGER_CALLBACK_OSP_DECLINED, "Application 2b965267-555c-4834-a323-09b7858c29ae has been declined with reason: this is a test", CompanyApplicationStatusId.DECLINED)]
-    [InlineData("i1NbZSnrQLI+uhcig43QJQYr+ew=", "qvsPgVJT/CjWNXuAHl1IBQ==", 1, ProcessStepTypeId.TRIGGER_CALLBACK_OSP_SUBMITTED, "Application 2b965267-555c-4834-a323-09b7858c29ae has been submitted for further processing", CompanyApplicationStatusId.SUBMITTED)]
-    [InlineData("i1NbZSnrQLI+uhcig43QJQYr+ew=", "qvsPgVJT/CjWNXuAHl1IBQ==", 1, ProcessStepTypeId.TRIGGER_CALLBACK_OSP_APPROVED, "Application 2b965267-555c-4834-a323-09b7858c29ae has been approved", CompanyApplicationStatusId.CONFIRMED)]
-    [InlineData("i1NbZSnrQLI+uhcig43QJQYr+ew=", "qvsPgVJT/CjWNXuAHl1IBQ==", 1, ProcessStepTypeId.TRIGGER_CALLBACK_OSP_DECLINED, "Application 2b965267-555c-4834-a323-09b7858c29ae has been declined with reason: this is a test", CompanyApplicationStatusId.DECLINED)]
+    [InlineData("hzl/2shJlzl64Y4FGNYtuFjR2c4VKXsfBz4UeQKDovQ=", "7hFxEXvfoiRTrHYMA+vkug==", 1, ProcessStepTypeId.TRIGGER_CALLBACK_OSP_SUBMITTED, "Application 2b965267-555c-4834-a323-09b7858c29ae has been submitted for further processing", CompanyApplicationStatusId.SUBMITTED)]
+    [InlineData("hzl/2shJlzl64Y4FGNYtuFjR2c4VKXsfBz4UeQKDovQ=", "7hFxEXvfoiRTrHYMA+vkug==", 1, ProcessStepTypeId.TRIGGER_CALLBACK_OSP_APPROVED, "Application 2b965267-555c-4834-a323-09b7858c29ae has been approved", CompanyApplicationStatusId.CONFIRMED)]
+    [InlineData("hzl/2shJlzl64Y4FGNYtuFjR2c4VKXsfBz4UeQKDovQ=", "7hFxEXvfoiRTrHYMA+vkug==", 1, ProcessStepTypeId.TRIGGER_CALLBACK_OSP_DECLINED, "Application 2b965267-555c-4834-a323-09b7858c29ae has been declined with reason: this is a test", CompanyApplicationStatusId.DECLINED)]
     public async Task TriggerProviderCallback_WithValidData_CallsExpected(string clientSecret, string? initialVector, int index, ProcessStepTypeId processStepTypeId, string message, CompanyApplicationStatusId applicationStatusId)
     {
         // Act

diff --git a/tests/framework/Framework.Models.Tests/EncryptionHelperTests.cs b/tests/framework/Framework.Models.Tests/EncryptionHelperTests.cs
@@ -67,7 +67,7 @@ public void EncryptDecrypt_WithIV_Success(CipherMode cipherMode, PaddingMode pad
 
     [Theory]
     [InlineData("Sup3rS3cureTest!", "2b7e151628aed2a6abf715892b7e151628aed2a6abf715892b7e151628aed2a6", CipherMode.ECB, PaddingMode.PKCS7)]
-    [InlineData("Sup3rS3cureTest!", "5892b7e151628aed2a6abf715892b7e151628aed2a62b7e151628aed2a6abf71", CipherMode.CFB, PaddingMode.PKCS7)]
+    [InlineData("Sup3rS3cureTest!", "5892b7e151628aed2a6abf715892b7e151628aed2a62b7e151628aed2a6abf71", CipherMode.CBC, PaddingMode.PKCS7)]
     public void Foo(string data, string key, CipherMode cipherMode, PaddingMode paddingMode)
     {
         var (foo, bar) = CryptoHelper.Encrypt(data, Convert.FromHexString(key), cipherMode, paddingMode);