diff options
author | Dominik Mizyn <d.mizyn@samsung.com> | 2019-12-16 15:38:17 +0100 |
---|---|---|
committer | Dominik Mizyn <d.mizyn@samsung.com> | 2019-12-16 15:38:40 +0100 |
commit | 6dba1f2d0b577620593c57df9e2dc9e9b59c7804 (patch) | |
tree | 942603adde57237ed6139048ea14e48402ade451 /common | |
parent | a0a017f918430fbd1c14c3af2718b993f0e9357c (diff) |
Encryption and decryption of OpenStack Passwords removed
Description from Jira ticket:
Current way of passing OpenStack password to SO is to
encrypt it with a symmetric key that can be find in both
OOM repo and source code. This means that the key is already
compromised and this additional encryption does not introduce
any additional security layer. Additionally this creates a fake
security feeling for people who are not very familiar with the
cryptography as they may think that their password is safe because
it has been encrypted.
Instead of using some custom-made method of passing this password
please just use a secret and pass it via environment variable
unencrypted
and just never store it in a config file
Issue-ID: SO-2535
Change-Id: Iaad50d7d22fe0fc1e3f7e8c5c5cd3a788d777574
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>
Diffstat (limited to 'common')
-rw-r--r-- | common/src/main/java/org/onap/so/utils/CryptoUtils.java | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/common/src/main/java/org/onap/so/utils/CryptoUtils.java b/common/src/main/java/org/onap/so/utils/CryptoUtils.java index ff69e3e4b1..1c38dfb774 100644 --- a/common/src/main/java/org/onap/so/utils/CryptoUtils.java +++ b/common/src/main/java/org/onap/so/utils/CryptoUtils.java @@ -76,6 +76,8 @@ public final class CryptoUtils { * @throws GeneralSecurityException */ public static String decrypt(String message, String keyString) throws GeneralSecurityException { + if (message.equals(System.getenv("PLAINTEXTPASSWORD"))) + return message; SecretKeySpec sks = getSecretKeySpec(keyString); byte[] cipherText = hexStringToByteArray(message); Cipher cipher = Cipher.getInstance(AES_GCM_NO_PADDING); |