Encryption and decryption of OpenStack Passwords removed

Description from Jira ticket:

Current way of passing OpenStack password to SO is to
encrypt it with a symmetric key that can be find in both
OOM repo and source code. This means that the key is already
compromised and this additional encryption does not introduce
any additional security layer. Additionally this creates a fake
security feeling for people who are not very familiar with the
cryptography as they may think that their password is safe because
it has been encrypted.

Instead of using some custom-made method of passing this password
please just use a secret and pass it via environment variable
unencrypted
and just never store it in a config file

Issue-ID: SO-2535
Change-Id: Iaad50d7d22fe0fc1e3f7e8c5c5cd3a788d777574
Signed-off-by: Dominik Mizyn <d.mizyn@samsung.com>

diff --git a/common/src/main/java/org/onap/so/utils/CryptoUtils.java b/common/src/main/java/org/onap/so/utils/CryptoUtils.java
index ff69e3e..1c38dfb 100644 (file)
--- a/common/src/main/java/org/onap/so/utils/CryptoUtils.java
+++ b/common/src/main/java/org/onap/so/utils/CryptoUtils.java
@@ -76,6 +76,8 @@ public final class CryptoUtils {
      * @throws GeneralSecurityException
      */
     public static String decrypt(String message, String keyString) throws GeneralSecurityException {
+        if (message.equals(System.getenv("PLAINTEXTPASSWORD")))
+            return message;
         SecretKeySpec sks = getSecretKeySpec(keyString);
         byte[] cipherText = hexStringToByteArray(message);
         Cipher cipher = Cipher.getInstance(AES_GCM_NO_PADDING);