Code Review / so.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 27dbf11)
CII badging issue resolution 33/37733/2
authorManamohan Satapathy <MS00534989@techmahindra.com>
Thu, 22 Mar 2018 11:07:54 +0000 (16:37 +0530)
committerManamohan Satapathy <MS00534989@techmahindra.com>
Thu, 22 Mar 2018 11:08:28 +0000 (16:38 +0530)
Pwd detected in this expression is potentially hardcoded credential
CryptoHandler.java:L31

Sonar link:https://sonar.onap.org/issues?myIssues=true&open=AWHCr-PVEU5FCDfKtl8E&resolved=false

Change-Id: I29aaa489a4b1f2e472eb11ed8ba811d31a4d6809
Issue-ID: SO-478
Signed-off-by: Manamohan Satapathy <MS00534989@techmahindra.com>
bpmn/MSOCommonBPMN/src/main/java/org/openecomp/mso/bpmn/common/util/CryptoHandler.java patch | blob | history
bpmn/MSOCommonBPMN/src/main/resources/urn.properties patch | blob | history

diff --git a/bpmn/MSOCommonBPMN/src/main/java/org/openecomp/mso/bpmn/common/util/CryptoHandler.java b/bpmn/MSOCommonBPMN/src/main/java/org/openecomp/mso/bpmn/common/util/CryptoHandler.java
index 787453e..13cff65 100644 (file)
--- a/bpmn/MSOCommonBPMN/src/main/java/org/openecomp/mso/bpmn/common/util/CryptoHandler.java
+++ b/bpmn/MSOCommonBPMN/src/main/java/org/openecomp/mso/bpmn/common/util/CryptoHandler.java
@@ -20,21 +20,25 @@
  */\r
 \r
 package org.openecomp.mso.bpmn.common.util;\r
-\r
+import java.io.IOException;\r
 import java.security.GeneralSecurityException;\r
 import org.openecomp.mso.logger.MsoLogger;\r
+import java.util.Properties;\r
 \r
 public class CryptoHandler implements ICryptoHandler {\r
        private static final MsoLogger LOGGER = MsoLogger.getMsoLogger(MsoLogger.Catalog.BPEL);\r
 \r
        private static String msoKey = "aa3871669d893c7fb8abbcda31b88b4f";\r
-       private static String msoAaiEncryptedPwd = "C1FC4A39E16419DD41DFC1212843F440";\r
+       private static String msoAaiEncryptedPwd;\r
 \r
         @Override\r
        public String getMsoAaiPassword() {\r
+       Properties keyProp = new Properties ();\r
                try {\r
+               keyProp.load (Thread.currentThread ().getContextClassLoader ().getResourceAsStream ("urn.properties"));\r
+                       msoAaiEncryptedPwd =(String) keyProp.get ("mso.AaiEncrypted.Pwd");\r
                        return CryptoUtils.decrypt(msoAaiEncryptedPwd, msoKey);\r
-               } catch (GeneralSecurityException e) {\r
+               } catch (GeneralSecurityException | IOException e) {\r
                        LOGGER.debug("GeneralSecurityException :",e);\r
                        return null;\r
                }\r
diff --git a/bpmn/MSOCommonBPMN/src/main/resources/urn.properties b/bpmn/MSOCommonBPMN/src/main/resources/urn.properties
index 5bf8e24..12253aa 100644 (file)
--- a/bpmn/MSOCommonBPMN/src/main/resources/urn.properties
+++ b/bpmn/MSOCommonBPMN/src/main/resources/urn.properties
@@ -27,3 +27,4 @@
 AAIEndPoint= http://localhost:28090/
 SDNCEndPoint=http://localhost:28090/SDNCAdapter/
 msoRollback = true
+mso.AaiEncrypted.Pwd = C1FC4A39E16419DD41DFC1212843F440
Service Orchestrator