From 0a079745598f2dccaa27487e6d755c72ede8cfaf Mon Sep 17 00:00:00 2001 From: Manamohan Satapathy Date: Mon, 19 Mar 2018 15:34:59 +0530 Subject: CII badging issue resolution PASSWORD detected in this expression review this potentially hardcoded credential RestClientSSL.java:L41 Location:https://sonar.onap.org/issues?myIssues=true&open=AWIklWurRGy6eclHDh62&resolved=false&rules=squid%3AS2068&severities=CRITICAL Change-Id: I6c80f04c0965711e836f0ff1ee5dcdfd2725fb62 Issue-ID: SO-478 Signed-off-by: Manamohan Satapathy --- .../org/openecomp/mso/client/policy/RestClientSSL.java | 18 ++++++++++++++---- common/src/main/resources/Policy.properties | 3 ++- 2 files changed, 16 insertions(+), 5 deletions(-) (limited to 'common') diff --git a/common/src/main/java/org/openecomp/mso/client/policy/RestClientSSL.java b/common/src/main/java/org/openecomp/mso/client/policy/RestClientSSL.java index 921664588a..6146fc373f 100644 --- a/common/src/main/java/org/openecomp/mso/client/policy/RestClientSSL.java +++ b/common/src/main/java/org/openecomp/mso/client/policy/RestClientSSL.java @@ -21,10 +21,12 @@ package org.openecomp.mso.client.policy; import java.io.FileInputStream; +import java.io.IOException; import java.net.URI; import java.security.NoSuchAlgorithmException; import java.security.KeyStore; import java.util.Optional; +import java.util.Properties; import java.util.UUID; import javax.net.ssl.SSLContext; @@ -38,7 +40,7 @@ import org.openecomp.mso.logger.MsoLogger; public abstract class RestClientSSL extends RestClient { public static final String SSL_KEY_STORE_KEY = "javax.net.ssl.keyStore"; - public static final String SSL_KEY_STORE_PASSWORD_KEY = "javax.net.ssl.keyStorePassword"; + public static String SSL_KEY_STORE_PASSWORD_KEY; public static final String MSO_LOAD_SSL_CLIENT_KEYSTORE_KEY = "mso.load.ssl.client.keystore"; @@ -52,9 +54,11 @@ public abstract class RestClientSSL extends RestClient { @Override protected Client getClient() { - Client client = null; + Properties keyProp = new Properties (); try { + keyProp.load (Thread.currentThread ().getContextClassLoader ().getResourceAsStream ("Policy.properties")); + SSL_KEY_STORE_PASSWORD_KEY=(String) keyProp.get ("ssl.key.store.password.key"); String loadSSLKeyStore = System.getProperty(RestClientSSL.MSO_LOAD_SSL_CLIENT_KEYSTORE_KEY); if(loadSSLKeyStore != null && loadSSLKeyStore.equalsIgnoreCase("true")) { KeyStore ks = getKeyStore(); @@ -67,17 +71,22 @@ public abstract class RestClientSSL extends RestClient { //Use default SSL context client = ClientBuilder.newBuilder().sslContext(SSLContext.getDefault()).build(); this.msoLogger.debug("RestClientSSL using default SSL context!"); - } catch (NoSuchAlgorithmException e) { + } catch (NoSuchAlgorithmException | IOException e) { this.msoLogger.error(MessageEnum.APIH_GENERAL_EXCEPTION, "AAI", "Client init", MsoLogger.ErrorCode.UnknownError, "could not create SSL client", e); throw new RuntimeException(e); } return client; } - private KeyStore getKeyStore() { + private KeyStore getKeyStore() throws IOException { KeyStore ks = null; + Properties keyProp = new Properties (); + + keyProp.load (Thread.currentThread ().getContextClassLoader ().getResourceAsStream ("Policy.properties")); + SSL_KEY_STORE_PASSWORD_KEY=(String) keyProp.get ("ssl.key.store.password.key"); char[] password = System.getProperty(RestClientSSL.SSL_KEY_STORE_PASSWORD_KEY).toCharArray(); FileInputStream fis = null; + try { ks = KeyStore.getInstance(KeyStore.getDefaultType()); fis = new FileInputStream(System.getProperty(RestClientSSL.SSL_KEY_STORE_KEY)); @@ -86,6 +95,7 @@ public abstract class RestClientSSL extends RestClient { catch(Exception e) { return null; } + finally { if (fis != null) { try { diff --git a/common/src/main/resources/Policy.properties b/common/src/main/resources/Policy.properties index 383aa181bb..b5b38c465b 100644 --- a/common/src/main/resources/Policy.properties +++ b/common/src/main/resources/Policy.properties @@ -3,4 +3,5 @@ CLIENT_AUTH = Basic bTAzNzQzOnBvbGljeVIwY2sk AUTHORIZATION = Basic dGVzdHBkcDphbHBoYTEyMw== ENVIRONMENT = TEST X_ECOMP_REQUESTID = 1234567h -ECOMP_COMPONENT_NAME = MSO \ No newline at end of file +ECOMP_COMPONENT_NAME = MSO +ssl.key.store.password.key = javax.net.ssl.keyStorePassword \ No newline at end of file -- cgit 1.2.3-korg