[kylin] 19/35: KYLIN-5644 fix diag api security, encryption changed from base64 to AES

Thu, 20 Jul 2023 01:41:38 -0700 

This is an automated email from the ASF dual-hosted git repository.

xxyu pushed a commit to branch kylin5_beta
in repository https://gitbox.apache.org/repos/asf/kylin.git

commit 6c53ac97e077c3dba1f7f0cff028279b507acfef
Author: Liang.Hua <36814772+jacob...@users.noreply.github.com>
AuthorDate: Wed Apr 26 18:54:42 2023 +0800

    KYLIN-5644 fix diag api security, encryption changed from base64 to AES
    
    Co-authored-by: liang.hua <liang....@kyligence.io>
---
 .../org/apache/kylin/rest/controller/NBasicController.java   |  6 ++++--
 .../apache/kylin/rest/controller/NBasicControllerTest.java   | 12 ++++++++++++
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git 
a/src/common-server/src/main/java/org/apache/kylin/rest/controller/NBasicController.java
 
b/src/common-server/src/main/java/org/apache/kylin/rest/controller/NBasicController.java
index 10b4fb9860..ac5ee3b536 100644
--- 
a/src/common-server/src/main/java/org/apache/kylin/rest/controller/NBasicController.java
+++ 
b/src/common-server/src/main/java/org/apache/kylin/rest/controller/NBasicController.java
@@ -81,6 +81,7 @@ import org.apache.kylin.common.exception.ServerErrorCode;
 import org.apache.kylin.common.msg.Message;
 import org.apache.kylin.common.msg.MsgPicker;
 import org.apache.kylin.common.persistence.transaction.TransactionException;
+import org.apache.kylin.common.util.EncryptUtil;
 import org.apache.kylin.common.util.JsonUtil;
 import org.apache.kylin.common.util.Pair;
 import org.apache.kylin.job.constant.JobStatusEnum;
@@ -643,7 +644,8 @@ public class NBasicController {
             if (StringUtils.isBlank(host) || host.startsWith("http://";)) {
                 return host;
             }
-            return new String(Base64.decodeBase64(host), 
Charset.defaultCharset());
+            String decryptValue = EncryptUtil.decrypt(new 
String(Base64.decodeBase64(host), Charset.defaultCharset()));
+            return StringUtils.isBlank(decryptValue) ? host : decryptValue;
         } catch (Exception e) {
             logger.error("Failed to decode host, will use the original host 
name");
         }
@@ -659,7 +661,7 @@ public class NBasicController {
             if (!host.toLowerCase().startsWith("http")) {
                 host = "http://"; + host;
             }
-            return 
Base64.encodeBase64String(host.getBytes(Charset.defaultCharset()));
+            return 
Base64.encodeBase64String(EncryptUtil.encrypt(host).getBytes(Charset.defaultCharset()));
         } catch (Exception e) {
             logger.error("Failed to encode host, will use the original host 
name");
         }
diff --git 
a/src/common-server/src/test/java/org/apache/kylin/rest/controller/NBasicControllerTest.java
 
b/src/common-server/src/test/java/org/apache/kylin/rest/controller/NBasicControllerTest.java
index 55bfc1f257..a6f8ab3484 100644
--- 
a/src/common-server/src/test/java/org/apache/kylin/rest/controller/NBasicControllerTest.java
+++ 
b/src/common-server/src/test/java/org/apache/kylin/rest/controller/NBasicControllerTest.java
@@ -311,5 +311,17 @@ public class NBasicControllerTest extends 
NLocalFileMetadataTestCase {
         }
         Assert.assertEquals(3, mockDataResponse.get("size"));
     }
+    
+    @Test
+    public void testEncodeAndDecodeHost() {
+        Assert.assertTrue(nBasicController.encodeHost("").isEmpty());
+        String host = "localhost:7070";
+        String encodeHost = nBasicController.encodeHost(host);
+        Assert.assertNotNull(encodeHost);
+        Assert.assertNotEquals(host, encodeHost);
+        String decodeHost = nBasicController.decodeHost(encodeHost);
+        Assert.assertEquals("http://"; + host, decodeHost);
+        Assert.assertEquals("ip", nBasicController.decodeHost("ip"));
+    }
 
 }

Reply via email to