From 5a3ba18ea7ee971571575a0ce62f5e32975bd32d Mon Sep 17 00:00:00 2001 From: Manamohan Satapathy Date: Thu, 22 Mar 2018 16:37:54 +0530 Subject: CII badging issue resolution Pwd detected in this expression is potentially hardcoded credential CryptoHandler.java:L31 Sonar link:https://sonar.onap.org/issues?myIssues=true&open=AWHCr-PVEU5FCDfKtl8E&resolved=false Change-Id: I29aaa489a4b1f2e472eb11ed8ba811d31a4d6809 Issue-ID: SO-478 Signed-off-by: Manamohan Satapathy --- .../java/org/openecomp/mso/bpmn/common/util/CryptoHandler.java | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'bpmn/MSOCommonBPMN/src/main/java/org/openecomp') diff --git a/bpmn/MSOCommonBPMN/src/main/java/org/openecomp/mso/bpmn/common/util/CryptoHandler.java b/bpmn/MSOCommonBPMN/src/main/java/org/openecomp/mso/bpmn/common/util/CryptoHandler.java index 787453ed28..13cff65018 100644 --- a/bpmn/MSOCommonBPMN/src/main/java/org/openecomp/mso/bpmn/common/util/CryptoHandler.java +++ b/bpmn/MSOCommonBPMN/src/main/java/org/openecomp/mso/bpmn/common/util/CryptoHandler.java @@ -20,21 +20,25 @@ */ package org.openecomp.mso.bpmn.common.util; - +import java.io.IOException; import java.security.GeneralSecurityException; import org.openecomp.mso.logger.MsoLogger; +import java.util.Properties; public class CryptoHandler implements ICryptoHandler { private static final MsoLogger LOGGER = MsoLogger.getMsoLogger(MsoLogger.Catalog.BPEL); private static String msoKey = "aa3871669d893c7fb8abbcda31b88b4f"; - private static String msoAaiEncryptedPwd = "C1FC4A39E16419DD41DFC1212843F440"; + private static String msoAaiEncryptedPwd; @Override public String getMsoAaiPassword() { + Properties keyProp = new Properties (); try { + keyProp.load (Thread.currentThread ().getContextClassLoader ().getResourceAsStream ("urn.properties")); + msoAaiEncryptedPwd =(String) keyProp.get ("mso.AaiEncrypted.Pwd"); return CryptoUtils.decrypt(msoAaiEncryptedPwd, msoKey); - } catch (GeneralSecurityException e) { + } catch (GeneralSecurityException | IOException e) { LOGGER.debug("GeneralSecurityException :",e); return null; } -- cgit 1.2.3-korg