diff --git a/authnull-db-agent b/authnull-db-agent index 67e962f..a5393be 100644 Binary files a/authnull-db-agent and b/authnull-db-agent differ diff --git a/src/pkg/checkout.go b/src/pkg/checkout.go index 3080f2d..46c250c 100644 --- a/src/pkg/checkout.go +++ b/src/pkg/checkout.go @@ -2,12 +2,17 @@ package pkg import ( "bytes" + "crypto/aes" + "crypto/cipher" + cryptoRand "crypto/rand" "database/sql" + "encoding/hex" "encoding/json" "errors" "fmt" "io" "log" + "math/rand" "net/http" "strconv" @@ -284,6 +289,32 @@ func FetchPolicyDetails(orgID int, tenantID int, policyID uuid.UUID) (*GetPolicy return &apiResponse, nil } +// New function to encrypt a string using AES +func EncryptAES(plaintext string, key []byte) (string, error) { + // Create a new AES cipher block + block, err := aes.NewCipher(key) + if err != nil { + return "", err + } + + // Create a byte array with the plaintext + plaintextBytes := []byte(plaintext) + + // The IV needs to be unique, but not secure + ciphertext := make([]byte, aes.BlockSize+len(plaintextBytes)) + iv := ciphertext[:aes.BlockSize] + if _, err := io.ReadFull(cryptoRand.Reader, iv); err != nil { + return "", err + } + + // Use CFB mode for encryption + stream := cipher.NewCFBEncrypter(block, iv) + stream.XORKeyStream(ciphertext[aes.BlockSize:], plaintextBytes) + + // Return the encrypted bytes as a hex string + return hex.EncodeToString(ciphertext), nil +} + func GenerateCredentials(db *sql.DB, Config DBConfig, dbName string, dbUserName string, host string, WalletUserID int, IssuerId int, TableName string, Fields string, Privlege string, policyID uuid.UUID, policyDetails *GetPolicyDetailsResponse) (bool, error) { @@ -397,8 +428,18 @@ func GenerateCredentials(db *sql.DB, Config DBConfig, dbName string, dbUserName tables := policyDetails.Data.Database.Tables fieldMasking := policyDetails.Data.Database.FieldMasking privilege := policyDetails.Data.Database.Privilege - //Step3 : Call Create Database Credential API - //Create the request body + + // Step 3: Encrypt the password before sending it to the API + // You need to define this AES key somewhere secure in your application + encryptionKey := []byte("Y9hL+r28l2+pXHYObVwhpdLb+ds8YLZGGyKfkARyaAb/9pAYIX5pigboLwxUBrLk") // This should be 16, 24, or 32 bytes for AES-128, AES-192, or AES-256 + + encryptedPassword, err := EncryptAES(password, encryptionKey) + if err != nil { + log.Printf("Error encrypting password: %v", err) + return false, err + } + + //Create the request body with encrypted password databaseCredentialRequest := CreateDatabaseCredentialRequestDto{ OrgId: orgId, TenantId: tenantId, @@ -407,12 +448,13 @@ func GenerateCredentials(db *sql.DB, Config DBConfig, dbName string, dbUserName Host: host, CredentialType: "DATABASE", DatabaseName: dbName, - Password: password, + Password: encryptedPassword, Tables: tables, FieldMasking: fieldMasking, DBUser: dbUserName, Privilege: privilege, } + //Call the API err = CallCreateDatabaseCredentialAPI(databaseCredentialRequest) if err != nil { @@ -422,8 +464,8 @@ func GenerateCredentials(db *sql.DB, Config DBConfig, dbName string, dbUserName //Step 4 : Return True if the password is updated successfully return true, nil - } + func GenerateRandomPassword(length int) (string, error) { // Generate a random password of the given length const charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()_+[]{}|;:,.<>?"