summaryrefslogtreecommitdiffstats
path: root/ONAP-PDP-REST
diff options
context:
space:
mode:
authorguangxingwang <gw1218@att.com>2018-02-15 11:13:18 -0600
committerguangxingwang <gw1218@att.com>2018-02-19 16:42:19 -0600
commit5ba143338d6fbc2b4d1e36c0efcbbabe15c65301 (patch)
tree7b5898632763ee06f09a2fd548107bd4e5750f8f /ONAP-PDP-REST
parente5c628fee6a6e6bb57a34d5b73e092d89ee26a5c (diff)
Fix Fortify Scan Issue:
1) Fix Fortify Header Manipulation issue by checking the format of the message before adding it response header. 2) Fix Fortify Hardcoded Password issue by using encryption and decryption Issue-ID: POLICY-543 Change-Id: I16b44b9b0670b1af75094c9ae9d1f7d352fa894a Signed-off-by: guangxingwang <gw1218@att.com>
Diffstat (limited to 'ONAP-PDP-REST')
-rw-r--r--ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/PapUrlResolver.java7
-rw-r--r--ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/api/services/PAPServices.java3
2 files changed, 6 insertions, 4 deletions
diff --git a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/PapUrlResolver.java b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/PapUrlResolver.java
index 7ac322ec9..5462dd908 100644
--- a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/PapUrlResolver.java
+++ b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/PapUrlResolver.java
@@ -2,7 +2,7 @@
* ============LICENSE_START=======================================================
* ONAP-PDP-REST
* ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -32,6 +32,7 @@ import java.util.Properties;
import org.onap.policy.common.logging.flexlogger.FlexLogger;
import org.onap.policy.common.logging.flexlogger.Logger;
import org.onap.policy.rest.XACMLRestProperties;
+import org.onap.policy.utils.CryptoUtils;
import com.att.research.xacml.util.XACMLProperties;
@@ -118,10 +119,10 @@ public class PapUrlResolver {
String userId = null;
String pass = null;
userId = XACMLProperties.getProperty(urls[i] + "." + XACMLRestProperties.PROP_PAP_USERID);
- pass = XACMLProperties.getProperty(urls[i] + "." + XACMLRestProperties.PROP_PAP_PASS);
+ pass = XACMLProperties.getProperty(urls[i] + "." + CryptoUtils.decryptTxtNoExStr(XACMLRestProperties.PROP_PAP_PASS));
if (userId == null || pass == null) {
userId = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_USERID);
- pass = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS);
+ pass = CryptoUtils.decryptTxtNoExStr(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS));
}
if (userId == null || pass == null) {
userId = "";
diff --git a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/api/services/PAPServices.java b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/api/services/PAPServices.java
index 9ab4252c7..59194841f 100644
--- a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/api/services/PAPServices.java
+++ b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/api/services/PAPServices.java
@@ -40,6 +40,7 @@ import org.onap.policy.common.logging.flexlogger.FlexLogger;
import org.onap.policy.common.logging.flexlogger.Logger;
import org.onap.policy.pdp.rest.config.PDPApiAuth;
import org.onap.policy.rest.XACMLRestProperties;
+import org.onap.policy.utils.CryptoUtils;
import org.onap.policy.xacml.api.XACMLErrorConstants;
import org.onap.policy.xacml.std.pap.StdPDPPolicy;
@@ -76,7 +77,7 @@ public class PAPServices {
private String getPAPEncoding(){
if(encoding == null){
String userID = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_USERID);
- String pass = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS);
+ String pass =CryptoUtils.decryptTxtNoExStr(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS));
Base64.Encoder encoder = Base64.getEncoder();
encoding = encoder.encodeToString((userID+":"+pass).getBytes(StandardCharsets.UTF_8));
}