aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDominik Mizyn <d.mizyn@samsung.com>2019-12-16 15:38:17 +0100
committerDominik Mizyn <d.mizyn@samsung.com>2019-12-16 15:38:40 +0100
commit6dba1f2d0b577620593c57df9e2dc9e9b59c7804 (patch)
tree942603adde57237ed6139048ea14e48402ade451
parenta0a017f918430fbd1c14c3af2718b993f0e9357c (diff)
Encryption and decryption of OpenStack Passwords removed
Description from Jira ticket: Current way of passing OpenStack password to SO is to encrypt it with a symmetric key that can be find in both OOM repo and source code. This means that the key is already compromised and this additional encryption does not introduce any additional security layer. Additionally this creates a fake security feeling for people who are not very familiar with the cryptography as they may think that their password is safe because it has been encrypted. Instead of using some custom-made method of passing this password please just use a secret and pass it via environment variable unencrypted and just never store it in a config file Issue-ID: SO-2535 Change-Id: Iaad50d7d22fe0fc1e3f7e8c5c5cd3a788d777574 Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
-rw-r--r--common/src/main/java/org/onap/so/utils/CryptoUtils.java2
1 files changed, 2 insertions, 0 deletions
diff --git a/common/src/main/java/org/onap/so/utils/CryptoUtils.java b/common/src/main/java/org/onap/so/utils/CryptoUtils.java
index ff69e3e4b1..1c38dfb774 100644
--- a/common/src/main/java/org/onap/so/utils/CryptoUtils.java
+++ b/common/src/main/java/org/onap/so/utils/CryptoUtils.java
@@ -76,6 +76,8 @@ public final class CryptoUtils {
* @throws GeneralSecurityException
*/
public static String decrypt(String message, String keyString) throws GeneralSecurityException {
+ if (message.equals(System.getenv("PLAINTEXTPASSWORD")))
+ return message;
SecretKeySpec sks = getSecretKeySpec(keyString);
byte[] cipherText = hexStringToByteArray(message);
Cipher cipher = Cipher.getInstance(AES_GCM_NO_PADDING);