From 42dc0555a935e6fb0222de64d77d0db2019a1175 Mon Sep 17 00:00:00 2001 From: Manamohan Satapathy Date: Mon, 19 Mar 2018 10:42:49 +0530 Subject: CII badging issue resolution PASSWORD detected in this expression review this potentially hardcoded credential ASDCConfiguration.java:L63 L70 Sonar link:https://sonar.onap.org/project/issues?id=org.onap.so%3Aso&myIssues=true&open=AWHCr-rlEU5FCDfKtmaI&resolved=false&rules=squid%3AS2068&severities=CRITICAL Change-Id: I0def66fe4bf7db1b41b5930d42fcc601e37f61f0 Issue-ID: SO-478 Signed-off-by: Manamohan Satapathy --- .../openecomp/mso/asdc/client/ASDCConfiguration.java | 20 ++++++++++++++++++-- .../src/main/resources/config-key.properties | 2 ++ 2 files changed, 20 insertions(+), 2 deletions(-) (limited to 'asdc-controller/src/main') diff --git a/asdc-controller/src/main/java/org/openecomp/mso/asdc/client/ASDCConfiguration.java b/asdc-controller/src/main/java/org/openecomp/mso/asdc/client/ASDCConfiguration.java index 98c7173581..4896dbdb55 100644 --- a/asdc-controller/src/main/java/org/openecomp/mso/asdc/client/ASDCConfiguration.java +++ b/asdc-controller/src/main/java/org/openecomp/mso/asdc/client/ASDCConfiguration.java @@ -50,6 +50,8 @@ public class ASDCConfiguration implements IConfiguration { private MsoJsonProperties msoProperties; private String asdcControllerName; + private String PASSWORD_ATTRIBUTE_NAME; + private String KEY_STORE_PASSWORD; public static final String MSO_PROP_ASDC = "MSO_PROP_ASDC"; public static final String PARAMETER_PATTERN = "asdc-connections"; @@ -60,14 +62,12 @@ public class ASDCConfiguration implements IConfiguration { public static final String CONSUMER_GROUP_ATTRIBUTE_NAME = "consumerGroup"; public static final String CONSUMER_ID_ATTRIBUTE_NAME = "consumerId"; public static final String ENVIRONMENT_NAME_ATTRIBUTE_NAME = "environmentName"; - public static final String PASSWORD_ATTRIBUTE_NAME = "password"; public static final String POLLING_INTERVAL_ATTRIBUTE_NAME = "pollingInterval"; public static final String RELEVANT_ARTIFACT_TYPES_ATTRIBUTE_NAME = "relevantArtifactTypes"; public static final String USER_ATTRIBUTE_NAME = "user"; public static final String ASDC_ADDRESS_ATTRIBUTE_NAME = "asdcAddress"; public static final String POLLING_TIMEOUT_ATTRIBUTE_NAME = "pollingTimeout"; public static final String ACTIVATE_SERVER_TLS_AUTH = "activateServerTLSAuth"; - public static final String KEY_STORE_PASSWORD = "keyStorePassword"; public static final String KEY_STORE_PATH = "keyStorePath"; public static final String HEAT="HEAT"; @@ -265,6 +265,10 @@ public class ASDCConfiguration implements IConfiguration { @Override public String getPassword () { + Properties keyProp = new Properties (); + try { + keyProp.load (Thread.currentThread ().getContextClassLoader ().getResourceAsStream ("config-key.properties")); + PASSWORD_ATTRIBUTE_NAME=(String) keyProp.get ("password.attribute.name"); JsonNode masterConfigNode = getASDCControllerConfigJsonNode (); if (masterConfigNode != null && masterConfigNode.get (PASSWORD_ATTRIBUTE_NAME) != null) { String config = this.msoProperties.getEncryptedProperty (masterConfigNode.get (PASSWORD_ATTRIBUTE_NAME), @@ -279,6 +283,9 @@ public class ASDCConfiguration implements IConfiguration { } else { return null; } + } catch (IOException e) { + return null; + } } @Override @@ -351,6 +358,10 @@ public class ASDCConfiguration implements IConfiguration { @Override public String getKeyStorePassword() { + Properties keyProp = new Properties (); + try { + keyProp.load (Thread.currentThread ().getContextClassLoader ().getResourceAsStream ("config-key.properties")); + KEY_STORE_PASSWORD=(String) keyProp.get ("key.store.password"); JsonNode masterConfigNode = getASDCControllerConfigJsonNode(); if (masterConfigNode != null && masterConfigNode.get(KEY_STORE_PASSWORD) != null) { String config = this.msoProperties.getEncryptedProperty(masterConfigNode.get(KEY_STORE_PASSWORD), null, @@ -364,10 +375,14 @@ public class ASDCConfiguration implements IConfiguration { } else { return null; } + } catch (IOException e) { + return null; + } } @Override public String getKeyStorePath() { + JsonNode masterConfigNode = getASDCControllerConfigJsonNode(); if (masterConfigNode != null && masterConfigNode.get(KEY_STORE_PATH) != null) { String config = masterConfigNode.get(KEY_STORE_PATH).asText(); @@ -380,6 +395,7 @@ public class ASDCConfiguration implements IConfiguration { } else { return null; } + } public void testAllParameters () throws ASDCParametersException { diff --git a/asdc-controller/src/main/resources/config-key.properties b/asdc-controller/src/main/resources/config-key.properties index b6a0cde18f..66b32275ef 100644 --- a/asdc-controller/src/main/resources/config-key.properties +++ b/asdc-controller/src/main/resources/config-key.properties @@ -19,3 +19,5 @@ ### asdc.config.key=566B754875657232314F5548556D3665 +password.attribute.name=password +key.store.password=keyStorePassword -- cgit 1.2.3-korg