[SECURITY] Upgrade session ticket cipher from DES to AES-256-GCM#5460
Open
aiceflower wants to merge 4 commits into
Open
[SECURITY] Upgrade session ticket cipher from DES to AES-256-GCM#5460aiceflower wants to merge 4 commits into
aiceflower wants to merge 4 commits into
Conversation
… add startup validation with escape hatch - Change default cryptKey from 'bdp-for-server' to empty string - Add startup validation: empty / legacy default / short keys cause fail-closed BDPInitServerException - Add escape hatch: linkis.crypt.key.allow.insecure=true (default false, logs ERROR banner)
…256-GCM with config toggle - New TicketCipher class: AES-256-GCM (NoPadding) via PBKDF2WithHmacSHA256 key derivation - GCM AEAD provides confidentiality + integrity in one pass, solving DES weak cipher and lack of anti-tamper protection - Config toggle: linkis.ticket.cipher.v2.enabled=true (default, uses AES-GCM for new tickets) Set to false to revert to legacy DES for new tickets without losing V2 decrypt capability - ServerConfiguration.getUsernameByTicket/getTicketByUsername switched to TicketCipher - ProxyUserSSOUtils proxy ticket operations switched to TicketCipher - Existing AESUtils class NOT modified (separate use case for datasource passwords)
aiceflower
force-pushed
the
fix-upgrade-ticket-cipher-des-to-aes-gcm
branch
from
July 16, 2026 03:53
28d0946 to
45c669c
Compare
- 17 tests: V2 AES-GCM encrypt/decrypt round-trip, deterministic key derivation, random IV, tampering detection (AEADBadTagException), blank input handling - V1 legacy DES compat: encrypt/decrypt, deterministic output - Cross-version: V2 decrypts V1 tickets, V1 decrypts V2 tickets - Unicode and long plaintext coverage
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Replace the legacy DES-based session ticket encryption with AES-256-GCM (AEAD). Solves DES 56-bit weak cipher and the lack of integrity/anti-tamper protection in one change.
Changes
New
TicketCipherclassConfig switch
linkis.ticket.cipher.v2.enabled=true(default) — new tickets issued in AES-GCM formatfalseto fall back to legacy DES if downstream systems have not yet upgradedCallers switched
ServerConfiguration.getUsernameByTicket/getTicketByUsernameProxyUserSSOUtilsproxy ticket encryption/decryptionAffected files
linkis-commons/linkis-common/.../TicketCipher.java(new, 147 lines)linkis-commons/linkis-module/.../ServerConfiguration.scala(+58/-9)linkis-commons/linkis-module/.../ProxyUserSSOUtils.scala(1 file, +4/-4)Rollback
Set
linkis.ticket.cipher.v2.enabled=falseto revert to DES for new tickets. Existing V2 tickets continue to be accepted on decrypt regardless.Deployment impact
🤖 Generated with Claude Code