[PHEE-384] Resolved masking for payer and payee object and array types (

#66) * added not operator * added not operator * increased ase length * increased ase length * refactor for payer and payee object * refactor for payer and payee object * refactor for payer and payee object * refactor for payer and payee object
openMF · Aug 10, 2023 · d733f56 · d733f56
1 parent a7a313e
commit d733f56
Show file tree

Hide file tree

Showing 3 changed files with 57 additions and 16 deletions.
diff --git a/src/main/java/org/mifos/phee/kafkastreamer/importer/KafkaVariables.java b/src/main/java/org/mifos/phee/kafkastreamer/importer/KafkaVariables.java
@@ -14,4 +14,5 @@ public class KafkaVariables {
     public static final String PARTY_IDENTIFIER = "partyIdentifier";
     public static final String DEBIT_PARTY = "debitParty";
     public static final String CREDIT_PARTY = "creditParty";
+    public static final String PARTY_ID_IDENTIFIER = "partyIdIdentifier";
 }
diff --git a/src/main/java/org/mifos/phee/kafkastreamer/importer/service/MaskingServiceImpl.java b/src/main/java/org/mifos/phee/kafkastreamer/importer/service/MaskingServiceImpl.java
@@ -4,6 +4,8 @@
 
 import java.util.ArrayList;
 import java.util.List;
+
+import org.json.JSONArray;
 import org.json.JSONObject;
 import org.mifos.phee.kafkastreamer.importer.KafkaVariables;
 import org.mifos.phee.kafkastreamer.importer.utils.AesUtil;
@@ -48,20 +50,43 @@ public String mask(String rawData) throws Exception {
             if(AesUtil.checkForMaskingFields(channelRequest,fieldsRequiredMasking)){
                 return rawData;
             }
+            String payerPartyIdentifier = "", payeePartyIdentifier = "";
+
+            if (channelRequest.has("payer")) {
+                Object payerValue = channelRequest.get("payer");
+                Object payeeValue = channelRequest.get("payee");
+
+                if (payerValue instanceof JSONArray) {
+                    JSONArray payerArray = (JSONArray) payerValue;
+                    JSONArray payeeArray = (JSONArray) payeeValue;
+
+                    JSONObject payerObject = payerArray.getJSONObject(0);
+                    payerPartyIdentifier = payerObject.getString(KafkaVariables.PARTY_ID_IDENTIFIER);
+                    JSONObject payeeObject = payeeArray.getJSONObject(0);
+                    payeePartyIdentifier = payeeObject.getString(KafkaVariables.PARTY_ID_IDENTIFIER);
+
+                    payerPartyIdentifier = encryptData(payerPartyIdentifier);
+                    payeePartyIdentifier = encryptData(payeePartyIdentifier);
+
+                    payerObject.put(KafkaVariables.PARTY_ID_IDENTIFIER, payerPartyIdentifier);
+                    payeeObject.put(KafkaVariables.PARTY_ID_IDENTIFIER, payeePartyIdentifier);
+                } else if (payerValue instanceof JSONObject) {
+                    JSONObject payerObject = (JSONObject) payerValue;
+                    JSONObject payeeObject = (JSONObject) payeeValue;
+                    payerPartyIdentifier = payerObject.getJSONObject(KafkaVariables.PARTY_ID_INFO)
+                            .getString(KafkaVariables.PARTY_IDENTIFIER);
+                    payeePartyIdentifier = payeeObject.getJSONObject(KafkaVariables.PARTY_ID_INFO)
+                            .getString(KafkaVariables.PARTY_IDENTIFIER);
+                    payerPartyIdentifier = encryptData(payerPartyIdentifier);
+                    payeePartyIdentifier = encryptData(payeePartyIdentifier);
+
+                    channelRequest.getJSONObject(KafkaVariables.PAYER).getJSONObject(KafkaVariables.PARTY_ID_INFO)
+                            .put(KafkaVariables.PARTY_IDENTIFIER, payerPartyIdentifier);
+                    channelRequest.getJSONObject(KafkaVariables.PAYEE).getJSONObject(KafkaVariables.PARTY_ID_INFO)
+                            .put(KafkaVariables.PARTY_IDENTIFIER, payeePartyIdentifier);
+                }
 
-            String payerPartyIdentifier = channelRequest.getJSONObject(KafkaVariables.PAYER).getJSONObject(KafkaVariables.PARTY_ID_INFO)
-                    .getString(KafkaVariables.PARTY_IDENTIFIER);
-            String payeePartyIdentifier = channelRequest.getJSONObject(KafkaVariables.PAYEE).getJSONObject(KafkaVariables.PARTY_ID_INFO)
-                    .getString(KafkaVariables.PARTY_IDENTIFIER);
-
-            payerPartyIdentifier = encryptData(payerPartyIdentifier);
-            payeePartyIdentifier = encryptData(payeePartyIdentifier);
-
-            channelRequest.getJSONObject(KafkaVariables.PAYER).getJSONObject(KafkaVariables.PARTY_ID_INFO)
-                    .put(KafkaVariables.PARTY_IDENTIFIER, payerPartyIdentifier);
-            channelRequest.getJSONObject(KafkaVariables.PAYEE).getJSONObject(KafkaVariables.PARTY_ID_INFO)
-                    .put(KafkaVariables.PARTY_IDENTIFIER, payeePartyIdentifier);
-
+            }
             value.put(KafkaVariables.VALUE, channelRequest.toString());
         } else if (name.equalsIgnoreCase(KafkaVariables.CHANNEL_GSMA_REQUEST)) {
             log.debug("Inside CHANNEL_GSMA_REQUEST condition");

diff --git a/src/main/java/org/mifos/phee/kafkastreamer/importer/utils/AesUtil.java b/src/main/java/org/mifos/phee/kafkastreamer/importer/utils/AesUtil.java
@@ -2,10 +2,14 @@
 
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
 import java.util.List;
 import javax.crypto.Cipher;
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
 import javax.crypto.spec.SecretKeySpec;
 import org.apache.commons.codec.binary.Base64;
 import org.json.JSONObject;
@@ -57,10 +61,21 @@ public static byte[] base64Decode(String base64EncodedString) {
         return Base64.decodeBase64(base64EncodedString);
     }
 
+    public static SecretKey deriveKey(String key, byte[] salt, int iterationCount, int keyLength) throws NoSuchAlgorithmException, InvalidKeySpecException {
+        SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
+        KeySpec spec = new PBEKeySpec(key.toCharArray(), salt, iterationCount, keyLength);
+        SecretKey tmp = factory.generateSecret(spec);
+        return new SecretKeySpec(tmp.getEncoded(), "AES");
+    }
+
     // get instance of class [SecretKey] using the string format of the key
-    public static SecretKey getSecretKey(String key) {
+    public static SecretKey getSecretKey(String key) throws NoSuchAlgorithmException, InvalidKeySpecException {
         byte[] aesByte = base64Decode(key);
-        return new SecretKeySpec(aesByte, "AES");
+        int iterationCount = 10000;
+        int keyLength = 256; // adding key length
+
+        SecretKey newKey = deriveKey(key, aesByte, iterationCount, keyLength);
+        return newKey;
     }
 
     // generates and returns the string encoded AES key
@@ -72,7 +87,7 @@ public static String generateSecretKey() throws NoSuchAlgorithmException {
     }
     public static boolean checkForMaskingFields(JSONObject jsonObject, List<String> fieldsRequiredMasking) {
         for (String field : fieldsRequiredMasking) {
-            if (jsonObject.has(field)) {
+            if (!jsonObject.has(field)) {
                 return true;
             }
         }