NIFI-7836 Added EncryptCMS and DecryptCMS Processors

nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/pom.xml

@@ -62,6 +62,11 @@
             <groupId>org.apache.nifi</groupId>
             <artifactId>nifi-lookup-service-api</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.apache.nifi</groupId>
+            <artifactId>nifi-pki-service-api</artifactId>
+            <version>1.13.0-SNAPSHOT</version>
+        </dependency>
         <dependency>
             <groupId>org.apache.nifi</groupId>
             <artifactId>nifi-flowfile-packager</artifactId>

nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/crypto/AbstractCryptographicProcessor.java

@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.processors.standard.crypto;
+
+import org.apache.nifi.processor.AbstractProcessor;
+import org.apache.nifi.processors.standard.crypto.algorithm.CryptographicAlgorithm;
+import org.apache.nifi.processors.standard.crypto.attributes.CryptographicAttributeKey;
+import org.apache.nifi.processors.standard.crypto.attributes.CryptographicMethod;
+import org.apache.nifi.security.util.crypto.CipherUtility;
+
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
+import java.security.Security;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * Abstract Cryptographic Processor for methods shared across implementations
+ */
+public abstract class AbstractCryptographicProcessor extends AbstractProcessor {
+    static {
+        Security.addProvider(new BouncyCastleProvider());
+    }
+
+    /**
+     * Get Cryptographic Flow File Attributes based on resolved Cryptographic Algorithm
+     *
+     * @param algorithm Cryptographic Algorithm
+     * @return Flow File Attributes
+     */
+    protected Map<String, String> getCryptographicAttributes(final CryptographicAlgorithm algorithm) {
+        final Map<String, String> attributes = new HashMap<>();
+
+        attributes.put(CryptographicAttributeKey.ALGORITHM.key(), algorithm.toString());
+        attributes.put(CryptographicAttributeKey.ALGORITHM_CIPHER.key(), algorithm.getCipher().getLabel());
+        attributes.put(CryptographicAttributeKey.ALGORITHM_KEY_SIZE.key(), Integer.toString(algorithm.getKeySize()));
+        attributes.put(CryptographicAttributeKey.ALGORITHM_BLOCK_CIPHER_MODE.key(), algorithm.getBlockCipherMode().getLabel());
+        attributes.put(CryptographicAttributeKey.ALGORITHM_OBJECT_IDENTIFIER.key(), algorithm.getObjectIdentifier());
+
+        attributes.put(CryptographicAttributeKey.METHOD.key(), getCryptographicMethod().toString());
+        attributes.put(CryptographicAttributeKey.PROCESSING_COMPLETED.key(), CipherUtility.getTimestampString());
+        return attributes;
+    }
+
+    /**
+     * Get Cryptographic Method definition for implementing Processors
+     *
+     * @return Cryptographic Method
+     */
+    protected abstract CryptographicMethod getCryptographicMethod();
+}

nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/crypto/algorithm/BlockCipherMode.java

@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.processors.standard.crypto.algorithm;
+
+/**
+ * Cryptographic Block Cipher Mode Cipher enumeration with acronym and description
+ */
+public enum BlockCipherMode {
+    CBC("CBC", "Cipher Block Chaining"),
+
+    CCM("CCM", "Counter with Cipher Block Chaining-Message Authentication Code"),
+
+    CFB("CFB", "Cipher Feedback"),
+
+    ECB("ECB", "Electronic Codebook"),
+
+    GCM("GCM", "Galois Counter Mode"),
+
+    OFB("OFB", "Output Feedback");
+
+    private String label;
+
+    private String description;
+
+    BlockCipherMode(final String label, final String description) {
+        this.label = label;
+        this.description = description;
+    }
+
+    public String getLabel() {
+        return label;
+    }
+
+    public String getDescription() {
+        return description;
+    }
+}

nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/crypto/algorithm/CryptographicAlgorithm.java

@@ -0,0 +1,95 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.processors.standard.crypto.algorithm;
+
+import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
+import org.bouncycastle.asn1.ntt.NTTObjectIdentifiers;
+import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+
+/**
+ * Cryptographic Algorithm enumerates identified ciphers and modes
+ */
+public enum CryptographicAlgorithm {
+    AES_128_CBC(CryptographicCipher.AES, 128, BlockCipherMode.CBC, NISTObjectIdentifiers.id_aes128_CBC.getId()),
+
+    AES_128_CCM(CryptographicCipher.AES, 128, BlockCipherMode.CCM, NISTObjectIdentifiers.id_aes128_CCM.getId()),
+
+    AES_128_GCM(CryptographicCipher.AES, 128, BlockCipherMode.GCM, NISTObjectIdentifiers.id_aes128_GCM.getId()),
+
+    AES_192_CBC(CryptographicCipher.AES, 192, BlockCipherMode.CBC, NISTObjectIdentifiers.id_aes192_CBC.getId()),
+
+    AES_192_CCM(CryptographicCipher.AES, 192, BlockCipherMode.CCM, NISTObjectIdentifiers.id_aes192_CCM.getId()),
+
+    AES_192_GCM(CryptographicCipher.AES, 192, BlockCipherMode.GCM, NISTObjectIdentifiers.id_aes192_GCM.getId()),
+
+    AES_256_CBC(CryptographicCipher.AES, 256, BlockCipherMode.CBC, NISTObjectIdentifiers.id_aes256_CBC.getId()),
+
+    AES_256_CCM(CryptographicCipher.AES, 256, BlockCipherMode.CCM, NISTObjectIdentifiers.id_aes256_CCM.getId()),
+
+    AES_256_GCM(CryptographicCipher.AES, 256, BlockCipherMode.GCM, NISTObjectIdentifiers.id_aes256_GCM.getId()),
+
+    CAMELLIA_128_CBC(CryptographicCipher.CAMELLIA, 128, BlockCipherMode.CBC, NTTObjectIdentifiers.id_camellia128_cbc.getId()),
+
+    CAMELLIA_192_CBC(CryptographicCipher.CAMELLIA, 192, BlockCipherMode.CBC, NTTObjectIdentifiers.id_camellia192_cbc.getId()),
+
+    CAMELLIA_256_CBC(CryptographicCipher.CAMELLIA, 256, BlockCipherMode.CBC, NTTObjectIdentifiers.id_camellia256_cbc.getId()),
+
+    DES_56_CBC(CryptographicCipher.DES, 56, BlockCipherMode.CBC, OIWObjectIdentifiers.desCBC.getId()),
+
+    RC2_40_CBC(CryptographicCipher.RC2, 40, BlockCipherMode.CBC, PKCSObjectIdentifiers.RC2_CBC.getId()),
+
+    TDEA_168_CBC(CryptographicCipher.TDEA, 168, BlockCipherMode.CBC, PKCSObjectIdentifiers.des_EDE3_CBC.getId());
+
+    private static final String FORMAT = "%s-%d-%s";
+
+    private CryptographicCipher cipher;
+
+    private int keySize;
+
+    private BlockCipherMode blockCipherMode;
+
+    private String objectIdentifier;
+
+    CryptographicAlgorithm(final CryptographicCipher cipher, final int keySize, final BlockCipherMode blockCipherMode, final String objectIdentifier) {
+        this.cipher = cipher;
+        this.keySize = keySize;
+        this.blockCipherMode = blockCipherMode;
+        this.objectIdentifier = objectIdentifier;
+    }
+
+    public CryptographicCipher getCipher() {
+        return cipher;
+    }
+
+    public int getKeySize() {
+        return keySize;
+    }
+
+    public BlockCipherMode getBlockCipherMode() {
+        return blockCipherMode;
+    }
+
+    public String getObjectIdentifier() {
+        return objectIdentifier;
+    }
+
+    @Override
+    public String toString() {
+        return String.format(FORMAT, cipher.getLabel(), keySize, blockCipherMode.getLabel());
+    }
+}

nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/crypto/algorithm/CryptographicAlgorithmResolver.java

@@ -0,0 +1,32 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.processors.standard.crypto.algorithm;
+
+import java.util.Optional;
+
+/**
+ * Cryptographic Algorithm Resolver
+ */
+public interface CryptographicAlgorithmResolver {
+    /**
+     * Find Cryptographic Algorithm based on Object Identifier
+     *
+     * @param objectIdentifier ASN.1 Object Identifier
+     * @return Optional Cryptographic Algorithm
+     */
+    Optional<CryptographicAlgorithm> findCryptographicAlgorithm(final String objectIdentifier);
+}

nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/crypto/algorithm/CryptographicCipher.java

@@ -0,0 +1,49 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.processors.standard.crypto.algorithm;
+
+/**
+ * Cryptographic Cipher enumeration with acronym and description
+ */
+public enum CryptographicCipher {
+    AES("AES", "Advanced Encryption Standard"),
+
+    CAMELLIA("CAMELLIA", "Camellia"),
+
+    DES("DES", "Data Encryption Standard"),
+
+    RC2("RC2", "Rivest Cipher 2"),
+
+    TDEA("TDEA", "Triple Data Encryption Algorithm");
+
+    private String label;
+
+    private String description;
+
+    CryptographicCipher(final String label, final String description) {
+        this.label = label;
+        this.description = description;
+    }
+
+    public String getLabel() {
+        return label;
+    }
+
+    public String getDescription() {
+        return description;
+    }
+}

nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/crypto/algorithm/DefaultCryptographicAlgorithmResolver.java

@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.processors.standard.crypto.algorithm;
+
+import java.util.Arrays;
+import java.util.Optional;
+
+/**
+ * Default implementation of Cryptographic Algorithm Resolver
+ */
+public class DefaultCryptographicAlgorithmResolver implements CryptographicAlgorithmResolver {
+    /**
+     * Find Cryptographic Algorithm based on Object Identifier using Cryptographic Algorithm enumeration
+     *
+     * @param objectIdentifier ASN.1 Object Identifier
+     * @return Cryptographic Algorithm or empty when not found
+     */
+    @Override
+    public Optional<CryptographicAlgorithm> findCryptographicAlgorithm(final String objectIdentifier) {
+        return Arrays.stream(CryptographicAlgorithm.values()).filter(
+                method -> method.getObjectIdentifier().equals(objectIdentifier)
+        ).findFirst();
+    }
+}

nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/crypto/attributes/CryptographicAttribute.java

@@ -0,0 +1,36 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.processors.standard.crypto.attributes;
+
+/**
+ * Cryptographic Flow File Attribute for reference in Processor documentation
+ */
+public interface CryptographicAttribute {
+    String ALGORITHM = "cryptographic.algorithm";
+
+    String ALGORITHM_CIPHER = "cryptographic.algorithm.cipher";
+
+    String ALGORITHM_KEY_SIZE = "cryptographic.algorithm.key.size";
+
+    String ALGORITHM_BLOCK_CIPHER_MODE = "cryptographic.algorithm.block.cipher.mode";
+
+    String ALGORITHM_OBJECT_IDENTIFIER = "cryptographic.algorithm.object.identifier";
+
+    String METHOD = "cryptographic.method";
+
+    String PROCESSING_COMPLETED = "cryptographic.processing.completed";
+}