diff options
| author |   guangxingwang <gw1218@att.com> | 2018-02-05 14:01:00 -0600 |
|---|---|---|
| committer | guangxingwang <gw1218@att.com> | 2018-02-06 09:27:40 -0600 |
| commit | 9b323f102056c57c5dbc10917c9c72ddb929c418 (patch) | |
| tree | 293d0a9ff9cab14aafc18c7fc9197d5f551b77d0 | |
| parent | 6425d452d8507e9eeeb4da2f9f7051e602af541e (diff) | |
Implement Encryption on Passwords
Fix Fortify scan issue - hardcoded password in properties file
Issue-ID: POLICY-542
Change-Id: Icefd4097dc2e20c0ec2b78c002599defb6034267
Signed-off-by: guangxingwang <gw1218@att.com>
| -rw-r--r-- | LogParser/parserlog.properties | 8 | ||||
| -rw-r--r-- | LogParser/pom.xml | 31 | ||||
| -rw-r--r-- | LogParser/src/main/java/org/onap/xacml/parser/ParseLog.java | 6 |
3 files changed, 38 insertions, 7 deletions
diff --git a/LogParser/parserlog.properties b/LogParser/parserlog.properties index 66ce34d19..76716d589 100644 --- a/LogParser/parserlog.properties +++ b/LogParser/parserlog.properties @@ -2,7 +2,7 @@ # ============LICENSE_START======================================================= # LogParser # ================================================================================ -# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# Copyright (C) 2018 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,13 +23,15 @@ RESOURCE_NAME=logparser_pap01 javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver javax.persistence.jdbc.url=jdbc:mariadb://localhost:3306/onap_sdk javax.persistence.jdbc.user=policy_user -javax.persistence.jdbc.password=policy_user +#javax.persistence.jdbc.password=policy_user +javax.persistence.jdbc.password=Za2Xy8XOo9wn8V1EetPgoQ== #Log Parser application values JDBC_DRIVER=org.mariadb.jdbc.Driver JDBC_URL=jdbc:mariadb://localhost:3306/log JDBC_USER=policy_user -JDBC_PASSWORD=policy_user +#JDBC_PASSWORD=policy_user +JDBC_PASSWORD=Za2Xy8XOo9wn8V1EetPgoQ== SERVER=https://localhost:9091/pap/ LOGTYPE=PAP LOGPATH=C:\\Workspaces\\HealthCheck\\pap-rest.log diff --git a/LogParser/pom.xml b/LogParser/pom.xml index 8af1dc278..c7b181413 100644 --- a/LogParser/pom.xml +++ b/LogParser/pom.xml @@ -3,7 +3,7 @@ ============LICENSE_START======================================================= ONAP Policy Engine ================================================================================ - Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + Copyright (C) 2018 AT&T Intellectual Property. All rights reserved. ================================================================================ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -103,7 +103,34 @@ <groupId>org.mockito</groupId> <artifactId>mockito-all</artifactId> <version>1.10.19</version> - </dependency> + </dependency> + <dependency> + <groupId>org.onap.policy.engine</groupId> + <artifactId>PolicyEngineUtils</artifactId> + <version>${project.version}</version> + <exclusions> + <exclusion> + <groupId>com.att.aft</groupId> + <artifactId>dme2</artifactId> + </exclusion> + <exclusion> + <groupId>org.json</groupId> + <artifactId>json</artifactId> + </exclusion> + <exclusion> + <groupId>org.onap.dmaap.messagerouter.dmaapclient</groupId> + <artifactId>dmaapClient</artifactId> + </exclusion> + <exclusion> + <groupId>com.att.nsa</groupId> + <artifactId>cambriaClient</artifactId> + </exclusion> + <exclusion> + <groupId>com.att.cadi</groupId> + <artifactId>cadi-aaf</artifactId> + </exclusion> + </exclusions> + </dependency> </dependencies> <build> <plugins> diff --git a/LogParser/src/main/java/org/onap/xacml/parser/ParseLog.java b/LogParser/src/main/java/org/onap/xacml/parser/ParseLog.java index 1dbe12523..827516e75 100644 --- a/LogParser/src/main/java/org/onap/xacml/parser/ParseLog.java +++ b/LogParser/src/main/java/org/onap/xacml/parser/ParseLog.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * LogParser * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2018 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -50,6 +50,7 @@ import org.onap.policy.common.im.AdministrativeStateException; import org.onap.policy.common.im.IntegrityMonitor; import org.onap.policy.common.im.StandbyStatusException; import org.onap.policy.common.logging.flexlogger.FlexLogger; +import org.onap.policy.utils.CryptoUtils; import org.onap.xacml.parser.LogEntryObject.LOGTYPE; /** @@ -808,7 +809,8 @@ public class ParseLog { jdbcUrl = config.getProperty("JDBC_URL").replace("'", ""); jdbcUser = config.getProperty("JDBC_USER"); jdbcDriver = config.getProperty("JDBC_DRIVER"); - jdbcPassword = config.getProperty("JDBC_PASSWORD"); + jdbcPassword = CryptoUtils.decryptTxtNoExStr(config.getProperty("JDBC_PASSWORD", "")); + config.setProperty("javax.persistence.jdbc.password", CryptoUtils.decryptTxtNoExStr(config.getProperty("javax.persistence.jdbc.password", ""))); return config; } catch (IOException e) { |