summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorefiacor <fiachra.corcoran@est.tech>2020-02-05 11:57:18 +0000
committerefiacor <fiachra.corcoran@est.tech>2020-02-05 13:54:58 +0000
commit0ad65c47b4fbddd5d1b653c5e38dcdf84884de9f (patch)
tree33ec4d4797ab682bfb229936376ea7440d1db3a8
parenta884c481af24e2405f9389b01842c4671a03a75e (diff)
Removing passwordencryption key
Signed-off-by: efiacor <fiachra.corcoran@est.tech> Change-Id: I1d5f193ae0215d5a5939227097adbb01a5b9866a Issue-ID: DMAAP-1367
-rwxr-xr-xdatarouter-docker-compose/src/main/resources/prov_data/provserver.properties1
-rwxr-xr-xdatarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java49
-rw-r--r--datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java4
-rw-r--r--datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/FeedServlet.java4
-rw-r--r--datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/GroupServlet.java7
-rw-r--r--datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java12
-rw-r--r--datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscribeServlet.java4
-rw-r--r--datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServlet.java7
-rw-r--r--datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java2
-rw-r--r--datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/PasswordProcessor.java78
-rwxr-xr-xdatarouter-prov/src/main/resources/provserver.properties1
-rwxr-xr-xdatarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/BaseServletTest.java71
-rw-r--r--datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/DrServletTestBase.java1
-rwxr-xr-xdatarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServletTest.java4
-rwxr-xr-xdatarouter-prov/src/test/resources/h2Database.properties1
15 files changed, 69 insertions, 177 deletions
diff --git a/datarouter-docker-compose/src/main/resources/prov_data/provserver.properties b/datarouter-docker-compose/src/main/resources/prov_data/provserver.properties
index 07060a84..b620f1fa 100755
--- a/datarouter-docker-compose/src/main/resources/prov_data/provserver.properties
+++ b/datarouter-docker-compose/src/main/resources/prov_data/provserver.properties
@@ -53,7 +53,6 @@ org.onap.dmaap.datarouter.provserver.https.include.protocols = TLSv1.1|TLSv1.2
# AAF config
org.onap.dmaap.datarouter.provserver.cadi.enabled = false
-org.onap.dmaap.datarouter.provserver.passwordencryption = PasswordEncryptionKey#@$%^&1234#
org.onap.dmaap.datarouter.provserver.aaf.feed.type = org.onap.dmaap-dr.feed
org.onap.dmaap.datarouter.provserver.aaf.sub.type = org.onap.dmaap-dr.sub
org.onap.dmaap.datarouter.provserver.aaf.instance = legacy
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java
index c0290bbb..52629ffb 100755
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java
@@ -33,7 +33,6 @@ import com.att.eelf.configuration.EELFLogger;
import com.att.eelf.configuration.EELFManager;
import java.net.InetAddress;
import java.net.UnknownHostException;
-import java.security.GeneralSecurityException;
import java.security.cert.X509Certificate;
import java.sql.Connection;
import java.sql.SQLException;
@@ -49,6 +48,7 @@ import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
+import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang3.StringUtils;
import org.jetbrains.annotations.Nullable;
import org.json.JSONArray;
@@ -66,7 +66,6 @@ import org.onap.dmaap.datarouter.provisioning.beans.NodeClass;
import org.onap.dmaap.datarouter.provisioning.beans.Parameters;
import org.onap.dmaap.datarouter.provisioning.beans.Subscription;
import org.onap.dmaap.datarouter.provisioning.beans.Updateable;
-import org.onap.dmaap.datarouter.provisioning.utils.PasswordProcessor;
import org.onap.dmaap.datarouter.provisioning.utils.Poker;
import org.onap.dmaap.datarouter.provisioning.utils.ProvDbUtils;
import org.onap.dmaap.datarouter.provisioning.utils.SynchronizerTask;
@@ -156,6 +155,7 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider {
static final String START_TIME = "start_time";
static final String END_TIME = "end_time";
static final String REASON_SQL = "reasonSQL";
+ static final String JSON_HASH_STRING = "password";
/**
* A boolean to trigger one time "provisioning changed" event on startup.
@@ -331,7 +331,7 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider {
try {
jo = new JSONObject(new JSONTokener(req.getInputStream()));
if (intlogger.isDebugEnabled()) {
- intlogger.debug("JSON: " + jo.toString());
+ intlogger.debug("JSON: " + hashPasswords(new JSONObject(jo.toString())).toString());
}
} catch (Exception e) {
intlogger.info("Error reading JSON: " + e);
@@ -339,38 +339,37 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider {
return jo;
}
- /**
- * This method encrypt/decrypt the key in the JSON passed by user request inside the authorisation
- * header object in request before logging the JSON.
- *
- * @param jo the JSON passed in http request.
- * @param maskKey the key to be masked in the JSON passed.
- * @param action whether to mask the key or unmask it in a JSON passed.
- * @return the JSONObject, or null if the stream cannot be parsed.
- */
- static JSONObject maskJSON(JSONObject jo, String maskKey, boolean action) {
+ public static JSONObject hashPasswords(JSONObject jo) {
if (!jo.isNull("authorization")) {
JSONArray endpointIds = jo.getJSONObject("authorization").getJSONArray("endpoint_ids");
for (int index = 0; index < endpointIds.length(); index++) {
- if ((!endpointIds.getJSONObject(index).isNull(maskKey))) {
- String password = endpointIds.getJSONObject(index).get(maskKey).toString();
- processPassword(maskKey, action, endpointIds, index, password);
+ if ((!endpointIds.getJSONObject(index).isNull(JSON_HASH_STRING))) {
+ String password = endpointIds.getJSONObject(index).get(JSON_HASH_STRING).toString();
+ processPassword(endpointIds, index, password);
}
}
}
+ if (!jo.isNull("delivery")) {
+ JSONObject deliveryObj = jo.getJSONObject("delivery");
+ String password = deliveryObj.get(JSON_HASH_STRING).toString();
+ processPassword(deliveryObj, password);
+ }
return jo;
}
- private static void processPassword(String maskKey, boolean action, JSONArray endpointIds, int index,
- String password) {
+ private static void processPassword(JSONArray endpointIds, int index, String password) {
try {
- if (action) {
- endpointIds.getJSONObject(index).put(maskKey, PasswordProcessor.encrypt(password));
- } else {
- endpointIds.getJSONObject(index).put(maskKey, PasswordProcessor.decrypt(password));
- }
- } catch (JSONException | GeneralSecurityException e) {
- intlogger.info("Error reading JSON while masking: " + e);
+ endpointIds.getJSONObject(index).put(JSON_HASH_STRING, DigestUtils.sha256Hex(password));
+ } catch (JSONException e) {
+ intlogger.info("Error reading JSON while hashing: " + e);
+ }
+ }
+
+ private static void processPassword(JSONObject deliveryObj, String password) {
+ try {
+ deliveryObj.put(JSON_HASH_STRING, DigestUtils.sha256Hex(password));
+ } catch (JSONException e) {
+ intlogger.info("Error reading JSON while hashing: " + e);
}
}
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java
index f0ab3956..eada4862 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java
@@ -34,7 +34,6 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.json.JSONObject;
-
import org.onap.dmaap.datarouter.authz.AuthorizationResponse;
import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord;
import org.onap.dmaap.datarouter.provisioning.beans.Feed;
@@ -269,9 +268,6 @@ public class DRFeedsServlet extends ProxyServlet {
sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
return;
}
- if (intlogger.isDebugEnabled()) {
- intlogger.debug(jo.toString());
- }
if (++activeFeeds > maxFeeds) {
activeFeeds--;
message = "Cannot create feed; the maximum number of feeds has been configured.";
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/FeedServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/FeedServlet.java
index 4b94159e..de27c652 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/FeedServlet.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/FeedServlet.java
@@ -34,7 +34,6 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.json.JSONException;
import org.json.JSONObject;
-
import org.onap.dmaap.datarouter.authz.AuthorizationResponse;
import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord;
import org.onap.dmaap.datarouter.provisioning.beans.Feed;
@@ -310,9 +309,6 @@ public class FeedServlet extends ProxyServlet {
sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
return;
}
- if (intlogger.isDebugEnabled()) {
- intlogger.debug(jo.toString());
- }
Feed feed;
try {
feed = new Feed(jo);
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/GroupServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/GroupServlet.java
index 73f859ac..432ea3c0 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/GroupServlet.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/GroupServlet.java
@@ -181,9 +181,6 @@ public class GroupServlet extends ProxyServlet {
sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
return;
}
- if (intlogger.isDebugEnabled()) {
- intlogger.debug(jo.toString());
- }
Group gup;
try {
gup = new Group(jo);
@@ -275,10 +272,6 @@ public class GroupServlet extends ProxyServlet {
sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
return;
}
- if (intlogger.isDebugEnabled()) {
- intlogger.debug(jo.toString());
- }
-
Group gup;
try {
gup = new Group(jo);
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java
index 4732183a..efa1c102 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java
@@ -39,19 +39,17 @@ import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.StandardCopyOption;
import java.util.Properties;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-
import org.json.JSONArray;
-import org.onap.dmaap.datarouter.provisioning.utils.Poker;
-import org.onap.dmaap.datarouter.provisioning.utils.SynchronizerTask;
import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord;
import org.onap.dmaap.datarouter.provisioning.beans.LogRecord;
import org.onap.dmaap.datarouter.provisioning.beans.Parameters;
import org.onap.dmaap.datarouter.provisioning.eelf.EelfMsgs;
import org.onap.dmaap.datarouter.provisioning.utils.LogfileLoader;
+import org.onap.dmaap.datarouter.provisioning.utils.Poker;
import org.onap.dmaap.datarouter.provisioning.utils.RLEBitSet;
+import org.onap.dmaap.datarouter.provisioning.utils.SynchronizerTask;
@@ -454,7 +452,7 @@ public class InternalServlet extends ProxyServlet {
if ("/logs".equals(path) || LOGS.equals(path)) {
String ctype = req.getHeader("Content-Type");
- if (ctype == null || !TEXT_CT.equals(ctype)) {
+ if (!TEXT_CT.equals(ctype)) {
elr.setResult(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE);
elr.setMessage("Bad media type: " + ctype);
resp.setStatus(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE);
@@ -494,7 +492,7 @@ public class InternalServlet extends ProxyServlet {
}
try {
fs.close();
- } catch (Exception e) {
+ } catch (UnsupportedOperationException | IOException e) {
intlogger.error("PROV0137 InternalServlet.doPost: " + e.getMessage(), e);
}
if (total != 0 && ((avail * 100) / total) < 5) {
@@ -522,7 +520,7 @@ public class InternalServlet extends ProxyServlet {
if ("/drlogs".equals(path) || "/drlogs/".equals(path)) {
// Receive post request and generate log entries
String ctype = req.getHeader("Content-Type");
- if (ctype == null || !TEXT_CT.equals(ctype)) {
+ if (!TEXT_CT.equals(ctype)) {
elr.setResult(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE);
elr.setMessage("Bad media type: " + ctype);
resp.setStatus(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE);
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscribeServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscribeServlet.java
index 21b838de..fa4a24ff 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscribeServlet.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscribeServlet.java
@@ -34,7 +34,6 @@ import java.util.Collection;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.json.JSONObject;
-
import org.onap.dmaap.datarouter.authz.AuthorizationResponse;
import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord;
import org.onap.dmaap.datarouter.provisioning.beans.Feed;
@@ -241,9 +240,6 @@ public class SubscribeServlet extends ProxyServlet {
sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
return;
}
- if (intlogger.isDebugEnabled()) {
- intlogger.debug(jo.toString());
- }
if (++activeSubs > maxSubs) {
activeSubs--;
message = "Cannot create subscription; the maximum number of subscriptions has been configured.";
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServlet.java
index 1f7c291d..b3bb679b 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServlet.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServlet.java
@@ -39,10 +39,10 @@ import javax.servlet.http.HttpServletResponse;
import org.json.JSONException;
import org.json.JSONObject;
import org.onap.dmaap.datarouter.authz.AuthorizationResponse;
-import org.onap.dmaap.datarouter.provisioning.utils.SynchronizerTask;
import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord;
import org.onap.dmaap.datarouter.provisioning.beans.Subscription;
import org.onap.dmaap.datarouter.provisioning.eelf.EelfMsgs;
+import org.onap.dmaap.datarouter.provisioning.utils.SynchronizerTask;
/**
* This servlet handles provisioning for the &lt;subscriptionURL&gt; which is generated by the provisioning server to
@@ -315,10 +315,7 @@ public class SubscriptionServlet extends ProxyServlet {
sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
return;
}
- if (intlogger.isDebugEnabled()) {
- intlogger.debug(jo.toString());
- }
- Subscription sub = null;
+ Subscription sub;
try {
sub = new Subscription(jo);
} catch (InvalidObjectException e) {
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java
index ac1f70af..c6344301 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java
@@ -185,7 +185,7 @@ public class Feed extends Syncable {
if (fid.getId().length() > 60) {
throw new InvalidObjectException("id field is too long (" + fid.getId() + ")");
}
- if (fid.getPassword().length() > 32) {
+ if (fid.getPassword().length() > 100) {
//Fortify scan fixes - Privacy Violation
throw new InvalidObjectException("password field is too long (" + fid.getPassword() + ")");
}
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/PasswordProcessor.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/PasswordProcessor.java
deleted file mode 100644
index a6a3e2b5..00000000
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/PasswordProcessor.java
+++ /dev/null
@@ -1,78 +0,0 @@
-/**
- * -
- * ============LICENSE_START=======================================================
- * Copyright (C) 2019 Nordix Foundation.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * <p>http://www.apache.org/licenses/LICENSE-2.0
- *
- * <p>* Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * <p>* SPDX-License-Identifier: Apache-2.0
- * ============LICENSE_END=========================================================
- */
-
-package org.onap.dmaap.datarouter.provisioning.utils;
-
-import java.nio.charset.StandardCharsets;
-import java.security.GeneralSecurityException;
-import java.util.Base64;
-
-import javax.crypto.Cipher;
-import javax.crypto.SecretKey;
-import javax.crypto.SecretKeyFactory;
-import javax.crypto.spec.PBEKeySpec;
-import javax.crypto.spec.PBEParameterSpec;
-import org.onap.dmaap.datarouter.provisioning.ProvRunner;
-
-/**
- * The Processing of a Password. Password can be encrypted and decrypted.
- * @author Vikram Singh
- * @version $Id: PasswordProcessor.java,v 1.0 2016/12/14 10:16:52 EST
- */
-public class PasswordProcessor {
-
- private static final String SECRET_KEY_FACTORY_TYPE = "PBEWithMD5AndDES";
- private static final String PASSWORD_ENCRYPTION_STRING =
- ProvRunner.getProvProperties().getProperty("org.onap.dmaap.datarouter.provserver.passwordencryption");
- private static final char[] PASSWORD = PASSWORD_ENCRYPTION_STRING.toCharArray();
- private static final byte[] SALT = {(byte) 0xde, (byte) 0x33, (byte) 0x10,
- (byte) 0x12, (byte) 0xde, (byte) 0x33, (byte) 0x10, (byte) 0x12,};
-
- private PasswordProcessor(){
- }
-
- /**
- * Encrypt password.
- * @param property the Password
- * @return Encrypted password.
- */
- public static String encrypt(String property) throws GeneralSecurityException {
- SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(SECRET_KEY_FACTORY_TYPE);
- SecretKey key = keyFactory.generateSecret(new PBEKeySpec(PASSWORD));
- Cipher pbeCipher = Cipher.getInstance(SECRET_KEY_FACTORY_TYPE);
- pbeCipher.init(Cipher.ENCRYPT_MODE, key, new PBEParameterSpec(SALT, 32));
- return Base64.getEncoder().encodeToString(pbeCipher.doFinal(property.getBytes(StandardCharsets.UTF_8)));
- }
-
- /**
- * Decrypt password.
- * @param property the Password
- * @return Decrypt password.
- */
- public static String decrypt(String property) throws GeneralSecurityException {
- SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(SECRET_KEY_FACTORY_TYPE);
- SecretKey key = keyFactory.generateSecret(new PBEKeySpec(PASSWORD));
- Cipher pbeCipher = Cipher.getInstance(SECRET_KEY_FACTORY_TYPE);
- pbeCipher.init(Cipher.DECRYPT_MODE, key, new PBEParameterSpec(SALT, 32));
- return new String(pbeCipher.doFinal(Base64.getDecoder().decode(property)), StandardCharsets.UTF_8);
- }
-
-}
diff --git a/datarouter-prov/src/main/resources/provserver.properties b/datarouter-prov/src/main/resources/provserver.properties
index 20b5cb92..ad9a19e3 100755
--- a/datarouter-prov/src/main/resources/provserver.properties
+++ b/datarouter-prov/src/main/resources/provserver.properties
@@ -52,7 +52,6 @@ org.onap.dmaap.datarouter.provserver.https.include.protocols = TLSv1.1|TLSv1.2
# AAF config
org.onap.dmaap.datarouter.provserver.cadi.enabled = false
-org.onap.dmaap.datarouter.provserver.passwordencryption = PasswordEncryptionKey#@$%^&1234#
org.onap.dmaap.datarouter.provserver.aaf.feed.type = org.onap.dmaap-dr.feed
org.onap.dmaap.datarouter.provserver.aaf.sub.type = org.onap.dmaap-dr.sub
org.onap.dmaap.datarouter.provserver.aaf.instance = legacy
diff --git a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/BaseServletTest.java b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/BaseServletTest.java
index 0013077d..bfd33f80 100755
--- a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/BaseServletTest.java
+++ b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/BaseServletTest.java
@@ -23,8 +23,22 @@
package org.onap.dmaap.datarouter.provisioning;
-import java.security.NoSuchAlgorithmException;
+import static org.hamcrest.Matchers.is;
+import static org.hamcrest.Matchers.nullValue;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotEquals;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertThat;
+import static org.mockito.Matchers.anyInt;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+import static org.powermock.api.mockito.PowerMockito.mockStatic;
+
+import java.util.HashSet;
+import java.util.Set;
+import java.util.UUID;
import javax.crypto.SecretKeyFactory;
+import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.reflect.FieldUtils;
import org.json.JSONObject;
import org.junit.Assert;
@@ -32,7 +46,6 @@ import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
-import org.mockito.Mockito;
import org.onap.dmaap.datarouter.provisioning.beans.Feed;
import org.onap.dmaap.datarouter.provisioning.beans.FeedAuthorization;
import org.onap.dmaap.datarouter.provisioning.beans.Group;
@@ -44,21 +57,6 @@ import org.powermock.core.classloader.annotations.SuppressStaticInitializationFo
import org.powermock.modules.junit4.PowerMockRunner;
import org.slf4j.MDC;
-import javax.servlet.http.HttpServletRequest;
-import java.util.HashSet;
-import java.util.Set;
-import java.util.UUID;
-
-import static org.hamcrest.Matchers.is;
-import static org.hamcrest.Matchers.nullValue;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNull;
-import static org.junit.Assert.assertThat;
-import static org.mockito.Matchers.anyInt;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-import static org.powermock.api.mockito.PowerMockito.mockStatic;
-
@RunWith(PowerMockRunner.class)
@SuppressStaticInitializationFor({"org.onap.dmaap.datarouter.provisioning.beans.Feed",
"org.onap.dmaap.datarouter.provisioning.beans.Subscription",
@@ -229,23 +227,7 @@ public class BaseServletTest extends DrServletTestBase {
Assert.assertEquals("456", MDC.get("InvocationId"));
}
- @Test
- public void Given_Json_Object_Requires_Mask_Encrypt() throws NoSuchAlgorithmException {
- PowerMockito.mockStatic(SecretKeyFactory.class);
- SecretKeyFactory secretKeyFactory = PowerMockito.mock(SecretKeyFactory.class);
- PowerMockito.when(SecretKeyFactory.getInstance(Mockito.anyString())).thenReturn(secretKeyFactory);
- BaseServlet.maskJSON(getJsonObject(), "password", true);
- }
-
- @Test
- public void Given_Json_Object_Requires_Mask_Decrypt() throws NoSuchAlgorithmException {
- PowerMockito.mockStatic(SecretKeyFactory.class);
- SecretKeyFactory secretKeyFactory = PowerMockito.mock(SecretKeyFactory.class);
- PowerMockito.when(SecretKeyFactory.getInstance(Mockito.anyString())).thenReturn(secretKeyFactory);
- BaseServlet.maskJSON(getJsonObject(), "password", false);
- }
-
- public JSONObject getJsonObject() {
+ public JSONObject getFeedJsonObject() {
return new JSONObject("{\"authorization\": {\n" + " \"endpoint_addrs\": [\n" + " ],\n"
+ " \"classification\": \"unclassified\",\n"
+ " \"endpoint_ids\": [\n" + " {\n"
@@ -255,6 +237,27 @@ public class BaseServletTest extends DrServletTestBase {
+ " \"id\": \"onap\"\n" + " }\n" + " ]\n" + " }}");
}
+ public JSONObject getSubJsonObject() {
+ return new JSONObject("{\"delivery\": {\"url\": \"http://172.18.0.3:7070/\", \"user\": "
+ + "\"LOGIN\", \"password\": \"PASSWORD\", \"use100\": true}, \"metadataOnly\": false, "
+ + "\"suspend\": false, \"groupid\": 29, \"subscriber\": \"sg481n\"}");
+ }
+
+ @Test
+ public void Given_Debug_Is_Enabled_Hash_Feed_Passwords_Successful() {
+ JSONObject hashed_feed_pass = BaseServlet.hashPasswords(getFeedJsonObject());
+ assertNotEquals(hashed_feed_pass.getJSONObject("authorization").getJSONArray("endpoint_ids")
+ .getJSONObject(0).get("password").toString(), "demo123456!");
+
+ }
+
+ @Test
+ public void Given_Debug_Is_Enabled_Hash_Sub_Passwords_Successful() {
+ JSONObject hashed_sub_pass = BaseServlet.hashPasswords(getSubJsonObject());
+ assertNotEquals(hashed_sub_pass.getJSONObject("delivery").get("password").toString(), "PASSWORD");
+
+ }
+
@Test
public void Given_BaseServlet_Verify_Cadi_Feed_Permission() {
assertEquals("org.onap.dmaap-dr.feed|legacy|publish", baseServlet.getFeedPermission("legacy", "publish"));
diff --git a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/DrServletTestBase.java b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/DrServletTestBase.java
index 03f5df1b..0a2b6085 100644
--- a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/DrServletTestBase.java
+++ b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/DrServletTestBase.java
@@ -48,7 +48,6 @@ public class DrServletTestBase {
props.setProperty("org.onap.dmaap.datarouter.provserver.accesslog.dir", "unit-test-logs");
props.setProperty("org.onap.dmaap.datarouter.provserver.spooldir", "unit-test-logs/spool");
props.setProperty("org.onap.dmaap.datarouter.provserver.https.relaxation", "false");
- props.setProperty("org.onap.dmaap.datarouter.provserver.passwordencryption", "PasswordEncryptionKey#@$%^&1234#");
FieldUtils.writeDeclaredStaticField(ProvRunner.class, "provProperties", props, true);
FieldUtils.writeDeclaredStaticField(BaseServlet.class, "startmsgFlag", false, true);
SynchronizerTask synchronizerTask = mock(SynchronizerTask.class);
diff --git a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServletTest.java b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServletTest.java
index cb0fa2bf..a7b42976 100755
--- a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServletTest.java
+++ b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServletTest.java
@@ -40,7 +40,6 @@ import org.onap.dmaap.datarouter.provisioning.beans.Deleteable;
import org.onap.dmaap.datarouter.provisioning.beans.SubDelivery;
import org.onap.dmaap.datarouter.provisioning.beans.Subscription;
import org.onap.dmaap.datarouter.provisioning.beans.Updateable;
-import org.onap.dmaap.datarouter.provisioning.utils.PasswordProcessor;
import org.onap.dmaap.datarouter.provisioning.utils.Poker;
import org.onap.dmaap.datarouter.provisioning.utils.ProvDbUtils;
import org.powermock.api.mockito.PowerMockito;
@@ -64,7 +63,6 @@ import static org.onap.dmaap.datarouter.provisioning.BaseServlet.BEHALF_HEADER;
@RunWith(PowerMockRunner.class)
-@PrepareForTest(PasswordProcessor.class)
public class SubscriptionServletTest extends DrServletTestBase {
private static EntityManagerFactory emf;
private static EntityManager em;
@@ -304,7 +302,6 @@ public class SubscriptionServletTest extends DrServletTestBase {
when(request.getHeader("Content-Type")).thenReturn("application/vnd.dmaap-dr.subscription; version=1.0");
when(request.getPathInfo()).thenReturn("/3");
when(request.isUserInRole("org.onap.dmaap-dr.sub|*|edit")).thenReturn(true);
- PowerMockito.mockStatic(PasswordProcessor.class);
JSONObject JSObject = buildRequestJsonObject();
SubscriptionServlet subscriptionServlet = new SubscriptionServlet() {
public JSONObject getJSONfromInput(HttpServletRequest req) {
@@ -418,7 +415,6 @@ public class SubscriptionServletTest extends DrServletTestBase {
when(response.getOutputStream()).thenReturn(outStream);
when(request.getHeader("X-DMAAP-DR-ON-BEHALF-OF-GROUP")).thenReturn("stub_subjectGroup");
when(request.getHeader("Content-Type")).thenReturn("application/vnd.dmaap-dr.subscription; version=1.0");
- PowerMockito.mockStatic(PasswordProcessor.class);
JSONObject JSObject = buildRequestJsonObject();
SubscriptionServlet subscriptionServlet = new SubscriptionServlet() {
public JSONObject getJSONfromInput(HttpServletRequest req) {
diff --git a/datarouter-prov/src/test/resources/h2Database.properties b/datarouter-prov/src/test/resources/h2Database.properties
index 61d76fac..6957ae17 100755
--- a/datarouter-prov/src/test/resources/h2Database.properties
+++ b/datarouter-prov/src/test/resources/h2Database.properties
@@ -31,4 +31,3 @@ org.onap.dmaap.datarouter.provserver.accesslog.dir = unit-test-logs
org.onap.dmaap.datarouter.provserver.spooldir = src/test/resources
org.onap.dmaap.datarouter.provserver.dbscripts = src/test/resources
org.onap.dmaap.datarouter.provserver.localhost = 127.0.0.1
-org.onap.dmaap.datarouter.provserver.passwordencryption = PasswordEncryptionKey#@$%^&1234# \ No newline at end of file