Produced by Araxis Merge on 10/18/2018 2:02:23 PM Central Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
# | Location | File | Last Modified |
---|---|---|---|
1 | VIX_SIV_v3_0_patch_201_build_8.zip\v3.0_patch_201_build_8\VISA\Java\VixGuiWebApp\main\src\java\gov\va\med\imaging\exchange | LogLineDecryptor.java | Thu Oct 11 13:30:12 2018 UTC |
2 | VIX_SIV_v3_0_patch_201_build_8.zip\v3.0_patch_201_build_8\VISA\Java\VixGuiWebApp\main\src\java\gov\va\med\imaging\exchange | LogLineDecryptor.java | Wed Oct 17 19:17:51 2018 UTC |
Description | Between Files 1 and 2 |
|
---|---|---|
Text Blocks | Lines | |
Unchanged | 3 | 424 |
Changed | 2 | 4 |
Inserted | 0 | 0 |
Removed | 0 | 0 |
Whitespace | |
---|---|
Character case | Differences in character case are significant |
Line endings | Differences in line endings (CR and LF characters) are ignored |
CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
1 | /** | |
2 | * | |
3 | Package: MAG - Vis tA Imaging | |
4 | WARNING: Per VHA D irective 2 004-038, t his routin e should n ot be modi fied. | |
5 | Date Cre ated: Mar 15, 2012 | |
6 | Site Nam e: Washin gton OI Fi eld Office , Silver S pring, MD | |
7 | Developer: PI I
|
|
8 | Descript ion: | |
9 | ||
10 | ;; +-------- ---------- ---------- ---------- ---------- ---------- ---------- + | |
11 | ;; Property of the US Government . | |
12 | ;; No permis sion to co py or redi stribute t his softwa re is give n. | |
13 | ;; Use of un released v ersions of this soft ware requi res the us er | |
14 | ;; to execu te a writt en test ag reement wi th the Vis tA Imaging | |
15 | ;; Developm ent Office of the De partment o f Veterans Affairs, | |
16 | ;; telephon e (301) 73 4-0100. | |
17 | ;; | |
18 | ;; The Food and Drug A dministrat ion classi fies this software a s | |
19 | ;; a Class I I medical device. A s such, it may not b e changed | |
20 | ;; in any wa y. Modifi cations to this soft ware may r esult in a n | |
21 | ;; adulterat ed medical device un der 21CFR8 20, the us e of which | |
22 | ;; is consid ered to be a violati on of US F ederal Sta tutes. | |
23 | ;; +-------- ---------- ---------- ---------- ---------- ---------- ---------- + | |
24 | ||
25 | */ | |
26 | package go v.va.med.i maging.exc hange; | |
27 | ||
28 | import jav a.lang.ref lect.Invoc ationTarge tException ; | |
29 | import jav a.lang.ref lect.Metho d; | |
30 | import jav a.util.Has hMap; | |
31 | import jav a.util.Map ; | |
32 | import jav a.util.reg ex.Matcher ; | |
33 | import jav a.util.reg ex.Pattern ; | |
34 | ||
35 | import org .apache.lo gging.log4 j.LogManag er; | |
36 | import org .apache.lo gging.log4 j.Logger; | |
37 | ||
38 | /** | |
39 | * | |
40 | * The dec ryptor dec rypts each log line as decrypt () is call ed. | |
41 | * If the log line h as an encr ypted fiel d, i.e. it matches t he pattern , | |
42 | * then we create a decryptor using the name in th e log line and decry pt | |
43 | * field. | |
44 | * The dec ryptors ar e cached f or later u se, since most (usua lly all) o f the decr yption in the | |
45 | * log fil e should u se the sam e decrypti on. | |
46 | * | |
47 | * @author PI I
|
|
48 | * | |
49 | */ | |
50 | public cla ss LogLine Decryptor | |
51 | { | |
52 | pr ivate tran sient Logg er logger = LogManag er.getLogg er(this.ge tClass()); | |
53 | ||
54 | // the encry pted field pattern m atch depen ds on havi ng BASE64 encoded en crypted fi eld values | |
55 | // that is A -Z a-z 0-9 / + | |
56 | // If we don 't use tha t characte r set for BASE64 enc oding than we need t o update t he REGEX | |
57 | // + is 0x2B | |
58 | // / is 0x2F | |
59 | // { is ox7B | |
60 | // } is 0x7D | |
61 | pr ivate stat ic final S tring DECR YPTION_PAT TERN_REGEX = "\\x7B( [\\w_]+)\\ x7D([A-Za- z0-9+/=]+) "; | |
62 | st atic final Pattern D ECRYPTION_ PATTERN = Pattern.co mpile(DECR YPTION_PAT TERN_REGEX ); | |
63 | st atic final int DECRY PTION_FIEL D_ENCRYPTO R_GROUP = 1; | |
64 | st atic final int DECRY PTION_FIEL D_VALUE_GR OUP = 2; | |
65 | ||
66 | pu blic stati c final St ring DEFAU LT_ENCRYPT ION_PACKAG E = "gov.v a.med.log4 j.encrypti on"; | |
67 | ||
68 | // IMPORTANT NOTE: | |
69 | // The decry ption clas s must hav e the foll owing meth ods, we ca n't rely o n the inte rface that declares these | |
70 | // to be ava ilable so we must us e reflecti on to vali date the d ecryption class and make the c alls. | |
71 | // Sometime soon we sh ould move the encryp ting layou t into the main code base and eliminate this ... m aybe | |
72 | // public ab stract byt e[] decryp t(byte[] e ncrypted); | |
73 | pu blic stati c final St ring DEFAU LT_DECRYPT ION_METHOD _NAME = "d ecrypt"; | |
74 | pu blic stati c final Cl ass<?>[] D ECRYPTION_ METHOD_PAR AMETER_TYP ES = new C lass<?>[]{ byte[].cla ss}; | |
75 | pu blic stati c final Cl ass<?> DEC RYPTION_ME THOD_RETUR N_TYPE = b yte[].clas s; | |
76 | // public ab stract byt e[] decode (String e ncoded); | |
77 | pu blic stati c final St ring DEFAU LT_DECODIN G_METHOD_N AME = "dec ode"; | |
78 | pu blic stati c final Cl ass<?>[] D ECODING_ME THOD_PARAM ETER_TYPES = new Cla ss<?>[]{St ring.class }; | |
79 | pu blic stati c final Cl ass<?> DEC ODING_METH OD_RETURN_ TYPE = byt e[].class; | |
80 | ||
81 | /* * | |
82 | * | |
83 | * / | |
84 | St ring decry ptLine(fin al String logLine) | |
85 | th rows Illeg alArgument Exception, IllegalAc cessExcept ion, Invoc ationTarge tException | |
86 | { | |
87 | // c ouldn't be encrypted , just ret urn it | |
88 | if(l ogLine == null || lo gLine.leng th() == 0) | |
89 | return logLine; | |
90 | ||
91 | Stri ngBuilder decryptedL ogLine = n ew StringB uilder(); | |
92 | ||
93 | int startClear TextIndex = 0; | |
94 | ||
95 | // s ee if elem ents in th e line mat ch the REG EX pattern for a lin e with a d ecrypted f ield, and if it | |
96 | // d oes then d ecrypt it and replac e it | |
97 | Matc her encryp tedFieldMa tcher = DE CRYPTION_P ATTERN.mat cher(logLi ne); | |
98 | logg er.debug(" Finding '" + encrypt edFieldMat cher.patte rn().toStr ing() + "' in '" + l ogLine + " '."); | |
99 | whil e( encrypt edFieldMat cher.find( ) ) | |
100 | { | |
101 | // cop y the clea r text bet ween the l ast match (or the be ginning) a nd the sta rt of this match | |
102 | String interveni ngClearTex t = logLin e.substrin g(startCle arTextInde x, encrypt edFieldMat cher.start ()); | |
103 | decryp tedLogLine .append(in terveningC learText); | |
104 | ||
105 | String encryptio nName = en cryptedFie ldMatcher. group(DECR YPTION_FIE LD_ENCRYPT OR_GROUP); | |
106 | String encrypted FieldValue = encrypt edFieldMat cher.group (DECRYPTIO N_FIELD_VA LUE_GROUP) ; | |
107 | logger .debug( "F ound encry pted field {" + encr yptionName + "}" + e ncryptedFi eldValue ) ; | |
108 | ||
109 | Decryp torInstanc e decrypto rInstance = getDecry ptorInstan ce(encrypt ionName); | |
110 | if( de cryptorIns tance != n ull ) | |
111 | { | |
112 | logger.d ebug( "Fou nd decrypt or for enc ryption ty pe " + enc ryptionNam e ); | |
113 | String d ecryptedFi eldValue = decryptor Instance.d ecodeAndDe crypt(encr yptedField Value); | |
114 | decrypte dLogLine.a ppend(decr yptedField Value); // copy the decrypted text into the string builder | |
115 | logger.d ebug( "Dec rypted usi ng encrypt ion type " + encrypt ionName ); | |
116 | } | |
117 | else | |
118 | { | |
119 | logger.w arn( "Unab le to decr ypt encryp tion type " + encryp tionName ) ; | |
120 | // copy the encryp ted field as is, we can't decr ypt it | |
121 | String e ncryptedFi eldText = logLine.su bstring(en cryptedFie ldMatcher. start(), e ncryptedFi eldMatcher .end()); | |
122 | decrypte dLogLine.a ppend(encr yptedField Text); | |
123 | } | |
124 | ||
125 | // kee p note of where we s topped so we can cop y an clear text | |
126 | startC learTextIn dex = encr yptedField Matcher.en d(); | |
127 | } | |
128 | ||
129 | // c opy any re maining te xt since t he last ma tch, or al l the text if no mat ches | |
130 | Stri ng interve ningClearT ext = logL ine.substr ing(startC learTextIn dex, logLi ne.length( )); | |
131 | decr yptedLogLi ne.append( intervenin gClearText ); | |
132 | ||
133 | retu rn decrypt edLogLine. toString() ; | |
134 | } | |
135 | ||
136 | // a simple caching me chanism so that we c reate 1 De cryptorIns tance to | |
137 | // do all of the decry ption that use the s ame decryp tor descri ption | |
138 | pr ivate Map< String, De cryptorIns tance> dec ryptorMap = new Hash Map<String , Decrypto rInstance> (); | |
139 | ||
140 | pr ivate Decr yptorInsta nce getDec ryptorInst ance(Strin g decrypto rName) | |
141 | { | |
142 | Decr yptorInsta nce decryp torInstanc e = decryp torMap.get (decryptor Name); | |
143 | if(d ecryptorIn stance == null) | |
144 | { | |
145 | decryp torInstanc e = create DecryptorI nstance(de cryptorNam e); | |
146 | if(dec ryptorInst ance != nu ll) | |
147 | { | |
148 | logger.d ebug("Addi ng " + dec ryptorName + " to th e decrypto rMap."); | |
149 | decrypto rMap.put(d ecryptorNa me, decryp torInstanc e); | |
150 | } | |
151 | } | |
152 | retu rn decrypt orInstance ; | |
153 | } | |
154 | ||
155 | /* * | |
156 | * Create an instance of a decry ptor from the name f ound in th e log file | |
157 | * / | |
158 | pr ivate Decr yptorInsta nce create DecryptorI nstance(St ring decry ptorName) | |
159 | { | |
160 | Stri ng decrypt orClassNam e = decryp torName.in dexOf('.') > 0 ? | |
161 | decryp torName : | |
162 | (DEFAU LT_ENCRYPT ION_PACKAG E + "." + decryptorN ame); | |
163 | ||
164 | try | |
165 | { | |
166 | Class< ?> decrypt orClass = Class.forN ame(decryp torClassNa me); | |
167 | Method decryptio nMethod = decryptorC lass.getMe thod(DEFAU LT_DECRYPT ION_METHOD _NAME, DEC RYPTION_ME THOD_PARAM ETER_TYPES ); | |
168 | if( DE CRYPTION_M ETHOD_RETU RN_TYPE != decryptio nMethod.ge tReturnTyp e()) | |
169 | throw ne w Exceptio n("decypti on method '" + DEFAU LT_DECRYPT ION_METHOD _NAME + "' does not return a " + DECRYPT ION_METHOD _RETURN_TY PE.getName () + " and must."); | |
170 | ||
171 | Method decodingM ethod = de cryptorCla ss.getMeth od(DEFAULT _DECODING_ METHOD_NAM E, DECODIN G_METHOD_P ARAMETER_T YPES); | |
172 | if( DE CODING_MET HOD_RETURN _TYPE != d ecryptionM ethod.getR eturnType( )) | |
173 | throw ne w Exceptio n("decodin g method ' " + DEFAUL T_DECRYPTI ON_METHOD_ NAME + "' does not r eturn a " + DECODING _METHOD_RE TURN_TYPE. getName() + " and mu st."); | |
174 | ||
175 | return new Decry ptorInstan ce(decrypt orClass.ne wInstance( ), decodin gMethod, d ecryptionM ethod); | |
176 | } | |
177 | catc h (Excepti on e) | |
178 | { | |
179 | logger .error("Un able to lo ad or crea te decrypt or of clas s '" + dec ryptorClas sName + ", encrypted fields wi ll not be decrypted. " + e.getM essage()); | |
180 | } | |
181 | retu rn null; | |
182 | } | |
183 | ||
184 | /* * | |
185 | * A simple value obje ct of the Decryptor instance a nd the met hod in the decryptor | |
186 | * to call t o do the d ecryption. | |
187 | * Also incl udes a con venience m ethod to d ecode and decrypt in one step. | |
188 | * / | |
189 | pr ivate clas s Decrypto rInstance | |
190 | { | |
191 | priv ate Object instance; | |
192 | priv ate Method decryptio nMethod; | |
193 | priv ate Method decodingM ethod; | |
194 | ||
195 | publ ic Decrypt orInstance (Object in stance, Me thod decod ingMethod, Method de cryptionMe thod) { | |
196 | super( ); | |
197 | this.i nstance = instance; | |
198 | this.d ecodingMet hod = deco dingMethod ; | |
199 | this.d ecryptionM ethod = de cryptionMe thod; | |
200 | } | |
201 | ||
202 | Stri ng decodeA ndDecrypt( String enc odedEncryp tedValue) | |
203 | thro ws Illegal ArgumentEx ception, I llegalAcce ssExceptio n, Invocat ionTargetE xception | |
204 | { | |
205 | byte[] decoded = (byte[]) decodingMe thod.invok e(instance , new Obje ct[]{encod edEncrypte dValue}); | |
206 | byte[] decrypted = (byte[] ) decrypti onMethod.i nvoke(inst ance, new Object[]{d ecoded}); | |
207 | if(dec rypted == null) | |
208 | return " "; | |
209 | String result = new String (decrypted ); | |
210 | ||
211 | return result.tr im(); | |
212 | } | |
213 | } | |
214 | } |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.