From 0ad65c47b4fbddd5d1b653c5e38dcdf84884de9f Mon Sep 17 00:00:00 2001 From: efiacor Date: Wed, 5 Feb 2020 11:57:18 +0000 Subject: Removing passwordencryption key Signed-off-by: efiacor Change-Id: I1d5f193ae0215d5a5939227097adbb01a5b9866a Issue-ID: DMAAP-1367 --- .../main/resources/prov_data/provserver.properties | 1 - .../dmaap/datarouter/provisioning/BaseServlet.java | 49 +++++++------- .../datarouter/provisioning/DRFeedsServlet.java | 4 -- .../dmaap/datarouter/provisioning/FeedServlet.java | 4 -- .../datarouter/provisioning/GroupServlet.java | 7 -- .../datarouter/provisioning/InternalServlet.java | 12 ++-- .../datarouter/provisioning/SubscribeServlet.java | 4 -- .../provisioning/SubscriptionServlet.java | 7 +- .../dmaap/datarouter/provisioning/beans/Feed.java | 2 +- .../provisioning/utils/PasswordProcessor.java | 78 ---------------------- .../src/main/resources/provserver.properties | 1 - .../datarouter/provisioning/BaseServletTest.java | 71 ++++++++++---------- .../datarouter/provisioning/DrServletTestBase.java | 1 - .../provisioning/SubscriptionServletTest.java | 4 -- .../src/test/resources/h2Database.properties | 1 - 15 files changed, 69 insertions(+), 177 deletions(-) delete mode 100644 datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/PasswordProcessor.java diff --git a/datarouter-docker-compose/src/main/resources/prov_data/provserver.properties b/datarouter-docker-compose/src/main/resources/prov_data/provserver.properties index 07060a84..b620f1fa 100755 --- a/datarouter-docker-compose/src/main/resources/prov_data/provserver.properties +++ b/datarouter-docker-compose/src/main/resources/prov_data/provserver.properties @@ -53,7 +53,6 @@ org.onap.dmaap.datarouter.provserver.https.include.protocols = TLSv1.1|TLSv1.2 # AAF config org.onap.dmaap.datarouter.provserver.cadi.enabled = false -org.onap.dmaap.datarouter.provserver.passwordencryption = PasswordEncryptionKey#@$%^&1234# org.onap.dmaap.datarouter.provserver.aaf.feed.type = org.onap.dmaap-dr.feed org.onap.dmaap.datarouter.provserver.aaf.sub.type = org.onap.dmaap-dr.sub org.onap.dmaap.datarouter.provserver.aaf.instance = legacy diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java index c0290bbb..52629ffb 100755 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java @@ -33,7 +33,6 @@ import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; import java.net.InetAddress; import java.net.UnknownHostException; -import java.security.GeneralSecurityException; import java.security.cert.X509Certificate; import java.sql.Connection; import java.sql.SQLException; @@ -49,6 +48,7 @@ import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; +import org.apache.commons.codec.digest.DigestUtils; import org.apache.commons.lang3.StringUtils; import org.jetbrains.annotations.Nullable; import org.json.JSONArray; @@ -66,7 +66,6 @@ import org.onap.dmaap.datarouter.provisioning.beans.NodeClass; import org.onap.dmaap.datarouter.provisioning.beans.Parameters; import org.onap.dmaap.datarouter.provisioning.beans.Subscription; import org.onap.dmaap.datarouter.provisioning.beans.Updateable; -import org.onap.dmaap.datarouter.provisioning.utils.PasswordProcessor; import org.onap.dmaap.datarouter.provisioning.utils.Poker; import org.onap.dmaap.datarouter.provisioning.utils.ProvDbUtils; import org.onap.dmaap.datarouter.provisioning.utils.SynchronizerTask; @@ -156,6 +155,7 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { static final String START_TIME = "start_time"; static final String END_TIME = "end_time"; static final String REASON_SQL = "reasonSQL"; + static final String JSON_HASH_STRING = "password"; /** * A boolean to trigger one time "provisioning changed" event on startup. @@ -331,7 +331,7 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { try { jo = new JSONObject(new JSONTokener(req.getInputStream())); if (intlogger.isDebugEnabled()) { - intlogger.debug("JSON: " + jo.toString()); + intlogger.debug("JSON: " + hashPasswords(new JSONObject(jo.toString())).toString()); } } catch (Exception e) { intlogger.info("Error reading JSON: " + e); @@ -339,38 +339,37 @@ public class BaseServlet extends HttpServlet implements ProvDataProvider { return jo; } - /** - * This method encrypt/decrypt the key in the JSON passed by user request inside the authorisation - * header object in request before logging the JSON. - * - * @param jo the JSON passed in http request. - * @param maskKey the key to be masked in the JSON passed. - * @param action whether to mask the key or unmask it in a JSON passed. - * @return the JSONObject, or null if the stream cannot be parsed. - */ - static JSONObject maskJSON(JSONObject jo, String maskKey, boolean action) { + public static JSONObject hashPasswords(JSONObject jo) { if (!jo.isNull("authorization")) { JSONArray endpointIds = jo.getJSONObject("authorization").getJSONArray("endpoint_ids"); for (int index = 0; index < endpointIds.length(); index++) { - if ((!endpointIds.getJSONObject(index).isNull(maskKey))) { - String password = endpointIds.getJSONObject(index).get(maskKey).toString(); - processPassword(maskKey, action, endpointIds, index, password); + if ((!endpointIds.getJSONObject(index).isNull(JSON_HASH_STRING))) { + String password = endpointIds.getJSONObject(index).get(JSON_HASH_STRING).toString(); + processPassword(endpointIds, index, password); } } } + if (!jo.isNull("delivery")) { + JSONObject deliveryObj = jo.getJSONObject("delivery"); + String password = deliveryObj.get(JSON_HASH_STRING).toString(); + processPassword(deliveryObj, password); + } return jo; } - private static void processPassword(String maskKey, boolean action, JSONArray endpointIds, int index, - String password) { + private static void processPassword(JSONArray endpointIds, int index, String password) { try { - if (action) { - endpointIds.getJSONObject(index).put(maskKey, PasswordProcessor.encrypt(password)); - } else { - endpointIds.getJSONObject(index).put(maskKey, PasswordProcessor.decrypt(password)); - } - } catch (JSONException | GeneralSecurityException e) { - intlogger.info("Error reading JSON while masking: " + e); + endpointIds.getJSONObject(index).put(JSON_HASH_STRING, DigestUtils.sha256Hex(password)); + } catch (JSONException e) { + intlogger.info("Error reading JSON while hashing: " + e); + } + } + + private static void processPassword(JSONObject deliveryObj, String password) { + try { + deliveryObj.put(JSON_HASH_STRING, DigestUtils.sha256Hex(password)); + } catch (JSONException e) { + intlogger.info("Error reading JSON while hashing: " + e); } } diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java index f0ab3956..eada4862 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java @@ -34,7 +34,6 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.json.JSONObject; - import org.onap.dmaap.datarouter.authz.AuthorizationResponse; import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord; import org.onap.dmaap.datarouter.provisioning.beans.Feed; @@ -269,9 +268,6 @@ public class DRFeedsServlet extends ProxyServlet { sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); return; } - if (intlogger.isDebugEnabled()) { - intlogger.debug(jo.toString()); - } if (++activeFeeds > maxFeeds) { activeFeeds--; message = "Cannot create feed; the maximum number of feeds has been configured."; diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/FeedServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/FeedServlet.java index 4b94159e..de27c652 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/FeedServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/FeedServlet.java @@ -34,7 +34,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.json.JSONException; import org.json.JSONObject; - import org.onap.dmaap.datarouter.authz.AuthorizationResponse; import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord; import org.onap.dmaap.datarouter.provisioning.beans.Feed; @@ -310,9 +309,6 @@ public class FeedServlet extends ProxyServlet { sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); return; } - if (intlogger.isDebugEnabled()) { - intlogger.debug(jo.toString()); - } Feed feed; try { feed = new Feed(jo); diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/GroupServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/GroupServlet.java index 73f859ac..432ea3c0 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/GroupServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/GroupServlet.java @@ -181,9 +181,6 @@ public class GroupServlet extends ProxyServlet { sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); return; } - if (intlogger.isDebugEnabled()) { - intlogger.debug(jo.toString()); - } Group gup; try { gup = new Group(jo); @@ -275,10 +272,6 @@ public class GroupServlet extends ProxyServlet { sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); return; } - if (intlogger.isDebugEnabled()) { - intlogger.debug(jo.toString()); - } - Group gup; try { gup = new Group(jo); diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java index 4732183a..efa1c102 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java @@ -39,19 +39,17 @@ import java.nio.file.Path; import java.nio.file.Paths; import java.nio.file.StandardCopyOption; import java.util.Properties; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; - import org.json.JSONArray; -import org.onap.dmaap.datarouter.provisioning.utils.Poker; -import org.onap.dmaap.datarouter.provisioning.utils.SynchronizerTask; import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord; import org.onap.dmaap.datarouter.provisioning.beans.LogRecord; import org.onap.dmaap.datarouter.provisioning.beans.Parameters; import org.onap.dmaap.datarouter.provisioning.eelf.EelfMsgs; import org.onap.dmaap.datarouter.provisioning.utils.LogfileLoader; +import org.onap.dmaap.datarouter.provisioning.utils.Poker; import org.onap.dmaap.datarouter.provisioning.utils.RLEBitSet; +import org.onap.dmaap.datarouter.provisioning.utils.SynchronizerTask; @@ -454,7 +452,7 @@ public class InternalServlet extends ProxyServlet { if ("/logs".equals(path) || LOGS.equals(path)) { String ctype = req.getHeader("Content-Type"); - if (ctype == null || !TEXT_CT.equals(ctype)) { + if (!TEXT_CT.equals(ctype)) { elr.setResult(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE); elr.setMessage("Bad media type: " + ctype); resp.setStatus(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE); @@ -494,7 +492,7 @@ public class InternalServlet extends ProxyServlet { } try { fs.close(); - } catch (Exception e) { + } catch (UnsupportedOperationException | IOException e) { intlogger.error("PROV0137 InternalServlet.doPost: " + e.getMessage(), e); } if (total != 0 && ((avail * 100) / total) < 5) { @@ -522,7 +520,7 @@ public class InternalServlet extends ProxyServlet { if ("/drlogs".equals(path) || "/drlogs/".equals(path)) { // Receive post request and generate log entries String ctype = req.getHeader("Content-Type"); - if (ctype == null || !TEXT_CT.equals(ctype)) { + if (!TEXT_CT.equals(ctype)) { elr.setResult(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE); elr.setMessage("Bad media type: " + ctype); resp.setStatus(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE); diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscribeServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscribeServlet.java index 21b838de..fa4a24ff 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscribeServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscribeServlet.java @@ -34,7 +34,6 @@ import java.util.Collection; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.json.JSONObject; - import org.onap.dmaap.datarouter.authz.AuthorizationResponse; import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord; import org.onap.dmaap.datarouter.provisioning.beans.Feed; @@ -241,9 +240,6 @@ public class SubscribeServlet extends ProxyServlet { sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); return; } - if (intlogger.isDebugEnabled()) { - intlogger.debug(jo.toString()); - } if (++activeSubs > maxSubs) { activeSubs--; message = "Cannot create subscription; the maximum number of subscriptions has been configured."; diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServlet.java index 1f7c291d..b3bb679b 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServlet.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServlet.java @@ -39,10 +39,10 @@ import javax.servlet.http.HttpServletResponse; import org.json.JSONException; import org.json.JSONObject; import org.onap.dmaap.datarouter.authz.AuthorizationResponse; -import org.onap.dmaap.datarouter.provisioning.utils.SynchronizerTask; import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord; import org.onap.dmaap.datarouter.provisioning.beans.Subscription; import org.onap.dmaap.datarouter.provisioning.eelf.EelfMsgs; +import org.onap.dmaap.datarouter.provisioning.utils.SynchronizerTask; /** * This servlet handles provisioning for the <subscriptionURL> which is generated by the provisioning server to @@ -315,10 +315,7 @@ public class SubscriptionServlet extends ProxyServlet { sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger); return; } - if (intlogger.isDebugEnabled()) { - intlogger.debug(jo.toString()); - } - Subscription sub = null; + Subscription sub; try { sub = new Subscription(jo); } catch (InvalidObjectException e) { diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java index ac1f70af..c6344301 100644 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java +++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java @@ -185,7 +185,7 @@ public class Feed extends Syncable { if (fid.getId().length() > 60) { throw new InvalidObjectException("id field is too long (" + fid.getId() + ")"); } - if (fid.getPassword().length() > 32) { + if (fid.getPassword().length() > 100) { //Fortify scan fixes - Privacy Violation throw new InvalidObjectException("password field is too long (" + fid.getPassword() + ")"); } diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/PasswordProcessor.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/PasswordProcessor.java deleted file mode 100644 index a6a3e2b5..00000000 --- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/PasswordProcessor.java +++ /dev/null @@ -1,78 +0,0 @@ -/** - * - - * ============LICENSE_START======================================================= - * Copyright (C) 2019 Nordix Foundation. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - *

http://www.apache.org/licenses/LICENSE-2.0 - * - *

* Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - *

* SPDX-License-Identifier: Apache-2.0 - * ============LICENSE_END========================================================= - */ - -package org.onap.dmaap.datarouter.provisioning.utils; - -import java.nio.charset.StandardCharsets; -import java.security.GeneralSecurityException; -import java.util.Base64; - -import javax.crypto.Cipher; -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactory; -import javax.crypto.spec.PBEKeySpec; -import javax.crypto.spec.PBEParameterSpec; -import org.onap.dmaap.datarouter.provisioning.ProvRunner; - -/** - * The Processing of a Password. Password can be encrypted and decrypted. - * @author Vikram Singh - * @version $Id: PasswordProcessor.java,v 1.0 2016/12/14 10:16:52 EST - */ -public class PasswordProcessor { - - private static final String SECRET_KEY_FACTORY_TYPE = "PBEWithMD5AndDES"; - private static final String PASSWORD_ENCRYPTION_STRING = - ProvRunner.getProvProperties().getProperty("org.onap.dmaap.datarouter.provserver.passwordencryption"); - private static final char[] PASSWORD = PASSWORD_ENCRYPTION_STRING.toCharArray(); - private static final byte[] SALT = {(byte) 0xde, (byte) 0x33, (byte) 0x10, - (byte) 0x12, (byte) 0xde, (byte) 0x33, (byte) 0x10, (byte) 0x12,}; - - private PasswordProcessor(){ - } - - /** - * Encrypt password. - * @param property the Password - * @return Encrypted password. - */ - public static String encrypt(String property) throws GeneralSecurityException { - SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(SECRET_KEY_FACTORY_TYPE); - SecretKey key = keyFactory.generateSecret(new PBEKeySpec(PASSWORD)); - Cipher pbeCipher = Cipher.getInstance(SECRET_KEY_FACTORY_TYPE); - pbeCipher.init(Cipher.ENCRYPT_MODE, key, new PBEParameterSpec(SALT, 32)); - return Base64.getEncoder().encodeToString(pbeCipher.doFinal(property.getBytes(StandardCharsets.UTF_8))); - } - - /** - * Decrypt password. - * @param property the Password - * @return Decrypt password. - */ - public static String decrypt(String property) throws GeneralSecurityException { - SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(SECRET_KEY_FACTORY_TYPE); - SecretKey key = keyFactory.generateSecret(new PBEKeySpec(PASSWORD)); - Cipher pbeCipher = Cipher.getInstance(SECRET_KEY_FACTORY_TYPE); - pbeCipher.init(Cipher.DECRYPT_MODE, key, new PBEParameterSpec(SALT, 32)); - return new String(pbeCipher.doFinal(Base64.getDecoder().decode(property)), StandardCharsets.UTF_8); - } - -} diff --git a/datarouter-prov/src/main/resources/provserver.properties b/datarouter-prov/src/main/resources/provserver.properties index 20b5cb92..ad9a19e3 100755 --- a/datarouter-prov/src/main/resources/provserver.properties +++ b/datarouter-prov/src/main/resources/provserver.properties @@ -52,7 +52,6 @@ org.onap.dmaap.datarouter.provserver.https.include.protocols = TLSv1.1|TLSv1.2 # AAF config org.onap.dmaap.datarouter.provserver.cadi.enabled = false -org.onap.dmaap.datarouter.provserver.passwordencryption = PasswordEncryptionKey#@$%^&1234# org.onap.dmaap.datarouter.provserver.aaf.feed.type = org.onap.dmaap-dr.feed org.onap.dmaap.datarouter.provserver.aaf.sub.type = org.onap.dmaap-dr.sub org.onap.dmaap.datarouter.provserver.aaf.instance = legacy diff --git a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/BaseServletTest.java b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/BaseServletTest.java index 0013077d..bfd33f80 100755 --- a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/BaseServletTest.java +++ b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/BaseServletTest.java @@ -23,8 +23,22 @@ package org.onap.dmaap.datarouter.provisioning; -import java.security.NoSuchAlgorithmException; +import static org.hamcrest.Matchers.is; +import static org.hamcrest.Matchers.nullValue; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotEquals; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertThat; +import static org.mockito.Matchers.anyInt; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; +import static org.powermock.api.mockito.PowerMockito.mockStatic; + +import java.util.HashSet; +import java.util.Set; +import java.util.UUID; import javax.crypto.SecretKeyFactory; +import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang3.reflect.FieldUtils; import org.json.JSONObject; import org.junit.Assert; @@ -32,7 +46,6 @@ import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.Mock; -import org.mockito.Mockito; import org.onap.dmaap.datarouter.provisioning.beans.Feed; import org.onap.dmaap.datarouter.provisioning.beans.FeedAuthorization; import org.onap.dmaap.datarouter.provisioning.beans.Group; @@ -44,21 +57,6 @@ import org.powermock.core.classloader.annotations.SuppressStaticInitializationFo import org.powermock.modules.junit4.PowerMockRunner; import org.slf4j.MDC; -import javax.servlet.http.HttpServletRequest; -import java.util.HashSet; -import java.util.Set; -import java.util.UUID; - -import static org.hamcrest.Matchers.is; -import static org.hamcrest.Matchers.nullValue; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNull; -import static org.junit.Assert.assertThat; -import static org.mockito.Matchers.anyInt; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.when; -import static org.powermock.api.mockito.PowerMockito.mockStatic; - @RunWith(PowerMockRunner.class) @SuppressStaticInitializationFor({"org.onap.dmaap.datarouter.provisioning.beans.Feed", "org.onap.dmaap.datarouter.provisioning.beans.Subscription", @@ -229,23 +227,7 @@ public class BaseServletTest extends DrServletTestBase { Assert.assertEquals("456", MDC.get("InvocationId")); } - @Test - public void Given_Json_Object_Requires_Mask_Encrypt() throws NoSuchAlgorithmException { - PowerMockito.mockStatic(SecretKeyFactory.class); - SecretKeyFactory secretKeyFactory = PowerMockito.mock(SecretKeyFactory.class); - PowerMockito.when(SecretKeyFactory.getInstance(Mockito.anyString())).thenReturn(secretKeyFactory); - BaseServlet.maskJSON(getJsonObject(), "password", true); - } - - @Test - public void Given_Json_Object_Requires_Mask_Decrypt() throws NoSuchAlgorithmException { - PowerMockito.mockStatic(SecretKeyFactory.class); - SecretKeyFactory secretKeyFactory = PowerMockito.mock(SecretKeyFactory.class); - PowerMockito.when(SecretKeyFactory.getInstance(Mockito.anyString())).thenReturn(secretKeyFactory); - BaseServlet.maskJSON(getJsonObject(), "password", false); - } - - public JSONObject getJsonObject() { + public JSONObject getFeedJsonObject() { return new JSONObject("{\"authorization\": {\n" + " \"endpoint_addrs\": [\n" + " ],\n" + " \"classification\": \"unclassified\",\n" + " \"endpoint_ids\": [\n" + " {\n" @@ -255,6 +237,27 @@ public class BaseServletTest extends DrServletTestBase { + " \"id\": \"onap\"\n" + " }\n" + " ]\n" + " }}"); } + public JSONObject getSubJsonObject() { + return new JSONObject("{\"delivery\": {\"url\": \"http://172.18.0.3:7070/\", \"user\": " + + "\"LOGIN\", \"password\": \"PASSWORD\", \"use100\": true}, \"metadataOnly\": false, " + + "\"suspend\": false, \"groupid\": 29, \"subscriber\": \"sg481n\"}"); + } + + @Test + public void Given_Debug_Is_Enabled_Hash_Feed_Passwords_Successful() { + JSONObject hashed_feed_pass = BaseServlet.hashPasswords(getFeedJsonObject()); + assertNotEquals(hashed_feed_pass.getJSONObject("authorization").getJSONArray("endpoint_ids") + .getJSONObject(0).get("password").toString(), "demo123456!"); + + } + + @Test + public void Given_Debug_Is_Enabled_Hash_Sub_Passwords_Successful() { + JSONObject hashed_sub_pass = BaseServlet.hashPasswords(getSubJsonObject()); + assertNotEquals(hashed_sub_pass.getJSONObject("delivery").get("password").toString(), "PASSWORD"); + + } + @Test public void Given_BaseServlet_Verify_Cadi_Feed_Permission() { assertEquals("org.onap.dmaap-dr.feed|legacy|publish", baseServlet.getFeedPermission("legacy", "publish")); diff --git a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/DrServletTestBase.java b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/DrServletTestBase.java index 03f5df1b..0a2b6085 100644 --- a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/DrServletTestBase.java +++ b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/DrServletTestBase.java @@ -48,7 +48,6 @@ public class DrServletTestBase { props.setProperty("org.onap.dmaap.datarouter.provserver.accesslog.dir", "unit-test-logs"); props.setProperty("org.onap.dmaap.datarouter.provserver.spooldir", "unit-test-logs/spool"); props.setProperty("org.onap.dmaap.datarouter.provserver.https.relaxation", "false"); - props.setProperty("org.onap.dmaap.datarouter.provserver.passwordencryption", "PasswordEncryptionKey#@$%^&1234#"); FieldUtils.writeDeclaredStaticField(ProvRunner.class, "provProperties", props, true); FieldUtils.writeDeclaredStaticField(BaseServlet.class, "startmsgFlag", false, true); SynchronizerTask synchronizerTask = mock(SynchronizerTask.class); diff --git a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServletTest.java b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServletTest.java index cb0fa2bf..a7b42976 100755 --- a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServletTest.java +++ b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServletTest.java @@ -40,7 +40,6 @@ import org.onap.dmaap.datarouter.provisioning.beans.Deleteable; import org.onap.dmaap.datarouter.provisioning.beans.SubDelivery; import org.onap.dmaap.datarouter.provisioning.beans.Subscription; import org.onap.dmaap.datarouter.provisioning.beans.Updateable; -import org.onap.dmaap.datarouter.provisioning.utils.PasswordProcessor; import org.onap.dmaap.datarouter.provisioning.utils.Poker; import org.onap.dmaap.datarouter.provisioning.utils.ProvDbUtils; import org.powermock.api.mockito.PowerMockito; @@ -64,7 +63,6 @@ import static org.onap.dmaap.datarouter.provisioning.BaseServlet.BEHALF_HEADER; @RunWith(PowerMockRunner.class) -@PrepareForTest(PasswordProcessor.class) public class SubscriptionServletTest extends DrServletTestBase { private static EntityManagerFactory emf; private static EntityManager em; @@ -304,7 +302,6 @@ public class SubscriptionServletTest extends DrServletTestBase { when(request.getHeader("Content-Type")).thenReturn("application/vnd.dmaap-dr.subscription; version=1.0"); when(request.getPathInfo()).thenReturn("/3"); when(request.isUserInRole("org.onap.dmaap-dr.sub|*|edit")).thenReturn(true); - PowerMockito.mockStatic(PasswordProcessor.class); JSONObject JSObject = buildRequestJsonObject(); SubscriptionServlet subscriptionServlet = new SubscriptionServlet() { public JSONObject getJSONfromInput(HttpServletRequest req) { @@ -418,7 +415,6 @@ public class SubscriptionServletTest extends DrServletTestBase { when(response.getOutputStream()).thenReturn(outStream); when(request.getHeader("X-DMAAP-DR-ON-BEHALF-OF-GROUP")).thenReturn("stub_subjectGroup"); when(request.getHeader("Content-Type")).thenReturn("application/vnd.dmaap-dr.subscription; version=1.0"); - PowerMockito.mockStatic(PasswordProcessor.class); JSONObject JSObject = buildRequestJsonObject(); SubscriptionServlet subscriptionServlet = new SubscriptionServlet() { public JSONObject getJSONfromInput(HttpServletRequest req) { diff --git a/datarouter-prov/src/test/resources/h2Database.properties b/datarouter-prov/src/test/resources/h2Database.properties index 61d76fac..6957ae17 100755 --- a/datarouter-prov/src/test/resources/h2Database.properties +++ b/datarouter-prov/src/test/resources/h2Database.properties @@ -31,4 +31,3 @@ org.onap.dmaap.datarouter.provserver.accesslog.dir = unit-test-logs org.onap.dmaap.datarouter.provserver.spooldir = src/test/resources org.onap.dmaap.datarouter.provserver.dbscripts = src/test/resources org.onap.dmaap.datarouter.provserver.localhost = 127.0.0.1 -org.onap.dmaap.datarouter.provserver.passwordencryption = PasswordEncryptionKey#@$%^&1234# \ No newline at end of file -- cgit 1.2.3-korg