Merge "Remove clear text password"

author: Michael Hwang <mhwang@research.att.com> 2018-12-19 15:22:26 +0000
committer: Gerrit Code Review <gerrit@onap.org> 2018-12-19 15:22:26 +0000
commit: bbdc49eecebbb6fd0289db18859b5d4360ce1701 (patch)
tree: 2d63f916f213ccda7f25a734ac8b1f08d9321da3
parent: b95941adee2725406c194c710240a36a698a183a (diff)
parent: 039595ca28f6dee552bab00bd1df167c0ea97ae3 (diff)
3 files changed, 15 insertions, 5 deletions
diff --git a/README.md b/README.md
index f77ca227..64664faa 100644
--- a/README.md
+++ b/README.md
@@ -31,10 +31,15 @@ docker-compose up
 
 ### Generate auth credential 
 
-Util "crypt_password.py" to generate new cryptographic password is stored in dcaegen2/sdk
+Library to generate new cryptographic password is stored in dcaegen2/sdk -"security/crypt-password"
 
+or download artifact from: 
+
+https://nexus.onap.org/#nexus-search;quick~crypt-password
+
+How to use:
 ```
-python crypt_password.py -p TestPassword
+java -jar crypt-password-<version>.jar password_to_crypt
 ```
 
 ### Environment variables in Docker Container
diff --git a/pom.xml b/pom.xml
index eeaa6b9d..d1132c7b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -462,6 +462,11 @@ limitations under the License.
             <version>2.1.0.RELEASE</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.onap.dcaegen2.services.sdk.security.crypt</groupId>
+            <artifactId>crypt-password</artifactId>
+            <version>1.0.0-SNAPSHOT</version>
+        </dependency>
     </dependencies>
     <repositories>
         <repository>
diff --git a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
index 6b5a64aa..3b76ae46 100644
--- a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
+++ b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
@@ -25,15 +25,15 @@ import java.util.Base64;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.onap.dcae.ApplicationSettings;
+import org.onap.dcaegen2.services.sdk.security.CryptPassword;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
 
 final class ApiAuthInterceptor extends HandlerInterceptorAdapter {
 
     private static final Logger LOG = LoggerFactory.getLogger(ApiAuthInterceptor.class);
-    private final BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
+    private final CryptPassword cryptPassword = new CryptPassword();
     private final ApplicationSettings applicationSettings;
 
     private Logger errorLog;
@@ -66,7 +66,7 @@ final class ApiAuthInterceptor extends HandlerInterceptorAdapter {
             String providedPassword = decodedData.split(":")[1].trim();
             Option<String> maybeSavedPassword = applicationSettings.validAuthorizationCredentials().get(providedUser);
             boolean userRegistered = maybeSavedPassword.isDefined();
-            return userRegistered && passwordEncoder.matches(providedPassword,maybeSavedPassword.get());
+            return userRegistered && cryptPassword.matches(providedPassword,maybeSavedPassword.get());
         } catch (Exception e) {
             LOG.warn(String.format("Could not check if user is authorized (header: '%s')), probably malformed header.",
                     authorizationHeader), e);
author	Michael Hwang <mhwang@research.att.com>	2018-12-19 15:22:26 +0000
committer	Gerrit Code Review <gerrit@onap.org>	2018-12-19 15:22:26 +0000
commit	bbdc49eecebbb6fd0289db18859b5d4360ce1701 (patch)
tree	2d63f916f213ccda7f25a734ac8b1f08d9321da3
parent	b95941adee2725406c194c710240a36a698a183a (diff)
parent	039595ca28f6dee552bab00bd1df167c0ea97ae3 (diff)