Fix Sonar vulnerabilities

[clamp.git] / src / main / java / org / onap / clamp / util / HttpConnectionManager.java

diff --git a/src/main/java/org/onap/clamp/util/HttpConnectionManager.java b/src/main/java/org/onap/clamp/util/HttpConnectionManager.java
index 9443301..6459fa9 100644 (file)
--- a/src/main/java/org/onap/clamp/util/HttpConnectionManager.java
+++ b/src/main/java/org/onap/clamp/util/HttpConnectionManager.java
@@ -33,6 +33,8 @@ import java.io.IOException;
 import java.io.InputStreamReader;
 import java.net.HttpURLConnection;
 import java.net.URL;
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
 
 import javax.net.ssl.HttpsURLConnection;
 import javax.ws.rs.BadRequestException;
@@ -50,13 +52,17 @@ public class HttpConnectionManager {
     protected static final EELFLogger metricsLogger = EELFManager.getInstance().getMetricsLogger();
     private static final String REQUEST_FAILED_LOG = "Request Failed - response payload=";
 
-    private String doHttpsQuery(URL url, String requestMethod, String payload, String contentType, String target) throws IOException {
+    private String doHttpsQuery(URL url, String requestMethod, String payload, String contentType, String target,
+        String userName, String password) throws IOException {
         LoggingUtils utils = new LoggingUtils(logger);
         logger.info("Using HTTPS URL:" + url.toString());
         HttpsURLConnection secureConnection = (HttpsURLConnection) url.openConnection();
         secureConnection = utils.invokeHttps(secureConnection, target, requestMethod);
         secureConnection.setRequestMethod(requestMethod);
-        secureConnection.setRequestProperty("X-ECOMP-RequestID", LoggingUtils.getRequestId());
+        if (userName != null && password != null) {
+            secureConnection.setRequestProperty("Authorization", "Basic "
+                + Base64.getEncoder().encodeToString((userName + ":" + password).getBytes(StandardCharsets.UTF_8)));
+        }
         if (payload != null && contentType != null) {
             secureConnection.setRequestProperty("Content-Type", contentType);
             secureConnection.setDoOutput(true);
@@ -84,12 +90,17 @@ public class HttpConnectionManager {
         }
     }
 
-    private String doHttpQuery(URL url, String requestMethod, String payload, String contentType, String target) throws IOException {
+    private String doHttpQuery(URL url, String requestMethod, String payload, String contentType, String target,
+        String userName, String password) throws IOException {
         LoggingUtils utils = new LoggingUtils(logger);
         logger.info("Using HTTP URL:" + url);
         HttpURLConnection connection = (HttpURLConnection) url.openConnection();
         connection = utils.invoke(connection, target, requestMethod);
         connection.setRequestMethod(requestMethod);
+        if (userName != null && password != null) {
+            connection.setRequestProperty("Authorization", "Basic "
+                + Base64.getEncoder().encodeToString((userName + ":" + password).getBytes(StandardCharsets.UTF_8)));
+        }
         if (payload != null && contentType != null) {
             connection.setRequestProperty("Content-Type", contentType);
             connection.setDoOutput(true);
@@ -134,13 +145,13 @@ public class HttpConnectionManager {
      * @throws IOException
      *         In case of issue with the streams
      */
-    public String doGeneralHttpQuery(String url, String requestMethod, String payload, String contentType, String target)
-        throws IOException {
+    public String doHttpRequest(String url, String requestMethod, String payload, String contentType, String target,
+        String userName, String password) throws IOException {
         URL urlObj = new URL(url);
         if (url.contains("https://")) { // Support for HTTPS
-            return doHttpsQuery(urlObj, requestMethod, payload, contentType, target);
+            return doHttpsQuery(urlObj, requestMethod, payload, contentType, target, userName, password);
         } else { // Support for HTTP
-            return doHttpQuery(urlObj, requestMethod, payload, contentType, target);
+            return doHttpQuery(urlObj, requestMethod, payload, contentType, target, userName, password);
         }
     }
 }