Code Review / so.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: abe44af)
CII badging issue resolution 77/36477/1
authorManamohan Satapathy <MS00534989@techmahindra.com>
Mon, 19 Mar 2018 10:04:59 +0000 (15:34 +0530)
committerManamohan Satapathy <MS00534989@techmahindra.com>
Mon, 19 Mar 2018 10:05:30 +0000 (15:35 +0530)
PASSWORD detected in this expression review this potentially hardcoded credential
RestClientSSL.java:L41

Location:https://sonar.onap.org/issues?myIssues=true&open=AWIklWurRGy6eclHDh62&resolved=false&rules=squid%3AS2068&severities=CRITICAL

Change-Id: I6c80f04c0965711e836f0ff1ee5dcdfd2725fb62
Issue-ID: SO-478
Signed-off-by: Manamohan Satapathy <MS00534989@techmahindra.com>
common/src/main/java/org/openecomp/mso/client/policy/RestClientSSL.java patch | blob | history
common/src/main/resources/Policy.properties patch | blob | history

diff --git a/common/src/main/java/org/openecomp/mso/client/policy/RestClientSSL.java b/common/src/main/java/org/openecomp/mso/client/policy/RestClientSSL.java
index 9216645..6146fc3 100644 (file)
--- a/common/src/main/java/org/openecomp/mso/client/policy/RestClientSSL.java
+++ b/common/src/main/java/org/openecomp/mso/client/policy/RestClientSSL.java
@@ -21,10 +21,12 @@
 package org.openecomp.mso.client.policy;
 
 import java.io.FileInputStream;
+import java.io.IOException;
 import java.net.URI;
 import java.security.NoSuchAlgorithmException;
 import java.security.KeyStore;
 import java.util.Optional;
+import java.util.Properties;
 import java.util.UUID;
 
 import javax.net.ssl.SSLContext;
@@ -38,7 +40,7 @@ import org.openecomp.mso.logger.MsoLogger;
 public abstract class RestClientSSL extends RestClient {
        
        public static final String SSL_KEY_STORE_KEY = "javax.net.ssl.keyStore";
-       public static final String SSL_KEY_STORE_PASSWORD_KEY = "javax.net.ssl.keyStorePassword";
+       public static  String SSL_KEY_STORE_PASSWORD_KEY;
        public static final String MSO_LOAD_SSL_CLIENT_KEYSTORE_KEY = "mso.load.ssl.client.keystore";
        
 
@@ -52,9 +54,11 @@ public abstract class RestClientSSL extends RestClient {
 
        @Override
        protected Client getClient() {
-               
                Client client = null;
+               Properties keyProp = new Properties ();
                try {
+                       keyProp.load (Thread.currentThread ().getContextClassLoader ().getResourceAsStream ("Policy.properties"));
+                       SSL_KEY_STORE_PASSWORD_KEY=(String) keyProp.get ("ssl.key.store.password.key");
                        String loadSSLKeyStore = System.getProperty(RestClientSSL.MSO_LOAD_SSL_CLIENT_KEYSTORE_KEY);
                        if(loadSSLKeyStore != null && loadSSLKeyStore.equalsIgnoreCase("true")) {
                                KeyStore ks = getKeyStore();
@@ -67,17 +71,22 @@ public abstract class RestClientSSL extends RestClient {
                        //Use default SSL context 
                        client = ClientBuilder.newBuilder().sslContext(SSLContext.getDefault()).build();
                        this.msoLogger.debug("RestClientSSL using default SSL context!");
-               } catch (NoSuchAlgorithmException e) {
+               } catch (NoSuchAlgorithmException | IOException e) {
                        this.msoLogger.error(MessageEnum.APIH_GENERAL_EXCEPTION, "AAI", "Client init", MsoLogger.ErrorCode.UnknownError, "could not create SSL client", e);
                        throw new RuntimeException(e);
                }
                return client;
        }
        
-       private KeyStore getKeyStore() {
+       private KeyStore getKeyStore() throws IOException {
                KeyStore ks = null;
+               Properties keyProp = new Properties ();
+       
+               keyProp.load (Thread.currentThread ().getContextClassLoader ().getResourceAsStream ("Policy.properties"));
+               SSL_KEY_STORE_PASSWORD_KEY=(String) keyProp.get ("ssl.key.store.password.key");
            char[] password = System.getProperty(RestClientSSL.SSL_KEY_STORE_PASSWORD_KEY).toCharArray();
            FileInputStream fis = null;
+           
            try {
                ks = KeyStore.getInstance(KeyStore.getDefaultType());
                fis = new FileInputStream(System.getProperty(RestClientSSL.SSL_KEY_STORE_KEY));
@@ -86,6 +95,7 @@ public abstract class RestClientSSL extends RestClient {
            catch(Exception e) {
                return null;
            }
+           
            finally {
                if (fis != null) {
                    try { 
diff --git a/common/src/main/resources/Policy.properties b/common/src/main/resources/Policy.properties
index 383aa18..b5b38c4 100644 (file)
--- a/common/src/main/resources/Policy.properties
+++ b/common/src/main/resources/Policy.properties
@@ -3,4 +3,5 @@ CLIENT_AUTH = Basic bTAzNzQzOnBvbGljeVIwY2sk
 AUTHORIZATION = Basic dGVzdHBkcDphbHBoYTEyMw==\r
 ENVIRONMENT = TEST\r
 X_ECOMP_REQUESTID = 1234567h\r
-ECOMP_COMPONENT_NAME = MSO
\ No newline at end of file
+ECOMP_COMPONENT_NAME = MSO\r
+ssl.key.store.password.key = javax.net.ssl.keyStorePassword
\ No newline at end of file
Service Orchestrator