From cbecb3731bb77822aaafddb2b9e261ff6115864e Mon Sep 17 00:00:00 2001
From: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
Date: Mon, 30 Apr 2018 09:27:00 +0200
Subject: [PATCH] #979 use a java 7 compatible cipher spec

---
 .../cli/config/AesCipherStreamHandler.java    | 20 ++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/scm-clients/scm-cli-client/src/main/java/sonia/scm/cli/config/AesCipherStreamHandler.java b/scm-clients/scm-cli-client/src/main/java/sonia/scm/cli/config/AesCipherStreamHandler.java
index 5955b8b762..680dd25563 100644
--- a/scm-clients/scm-cli-client/src/main/java/sonia/scm/cli/config/AesCipherStreamHandler.java
+++ b/scm-clients/scm-cli-client/src/main/java/sonia/scm/cli/config/AesCipherStreamHandler.java
@@ -37,7 +37,7 @@ import com.google.common.base.Charsets;
 import javax.crypto.Cipher;
 import javax.crypto.CipherInputStream;
 import javax.crypto.CipherOutputStream;
-import javax.crypto.spec.GCMParameterSpec;
+import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
 import java.io.IOException;
 import java.io.InputStream;
@@ -53,7 +53,9 @@ import java.security.SecureRandom;
  */
 public class AesCipherStreamHandler implements CipherStreamHandler {
 
-  private static final String ALGORITHM = "AES/GCM/NoPadding";
+  private static final String CIPHER_ALGORITHM = "AES/CBC/PKCS5PADDING";
+  private static final String SECRET_KEY_ALGORITHM = "AES";
+  private static final int IV_LENGTH = 16;
 
   private final SecureRandom random = new SecureRandom();
 
@@ -77,11 +79,15 @@ public class AesCipherStreamHandler implements CipherStreamHandler {
   }
 
   private Cipher createCipherForDecryption(InputStream inputStream) throws IOException {
-    byte[] iv =new byte[12];
+    byte[] iv = createEmptyIvArray();
     inputStream.read(iv);
     return createCipher(Cipher.DECRYPT_MODE, iv);
   }
 
+  private byte[] createEmptyIvArray() {
+    return new byte[IV_LENGTH];
+  }
+
   private Cipher createCipherForEncryption() {
     byte[] iv = generateIV();
     return createCipher(Cipher.ENCRYPT_MODE, iv);
@@ -90,16 +96,16 @@ public class AesCipherStreamHandler implements CipherStreamHandler {
   private byte[] generateIV() {
     // use 12 byte as described at nist
     // https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf
-    byte[] iv = new byte[12];
+    byte[] iv = createEmptyIvArray();
     random.nextBytes(iv);
     return iv;
   }
 
   private Cipher createCipher(int mode, byte[] iv) {
     try {
-      Cipher cipher = Cipher.getInstance(ALGORITHM);
-      GCMParameterSpec parameterSpec = new GCMParameterSpec(128, iv);
-      cipher.init(mode, new SecretKeySpec(secretKey, "AES"), parameterSpec);
+      Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
+      IvParameterSpec ivParameterSpec = new IvParameterSpec(iv);
+      cipher.init(mode, new SecretKeySpec(secretKey, SECRET_KEY_ALGORITHM), ivParameterSpec);
       return cipher;
     } catch (Exception ex) {
       throw new ScmConfigException("failed to create cipher", ex);