From: Dominik Mizyn Date: Mon, 16 Dec 2019 14:38:17 +0000 (+0100) Subject: Encryption and decryption of OpenStack Passwords removed X-Git-Tag: 1.6.1~279^2 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=6dba1f2d0b577620593c57df9e2dc9e9b59c7804;p=so.git Encryption and decryption of OpenStack Passwords removed Description from Jira ticket: Current way of passing OpenStack password to SO is to encrypt it with a symmetric key that can be find in both OOM repo and source code. This means that the key is already compromised and this additional encryption does not introduce any additional security layer. Additionally this creates a fake security feeling for people who are not very familiar with the cryptography as they may think that their password is safe because it has been encrypted. Instead of using some custom-made method of passing this password please just use a secret and pass it via environment variable unencrypted and just never store it in a config file Issue-ID: SO-2535 Change-Id: Iaad50d7d22fe0fc1e3f7e8c5c5cd3a788d777574 Signed-off-by: Dominik Mizyn --- diff --git a/common/src/main/java/org/onap/so/utils/CryptoUtils.java b/common/src/main/java/org/onap/so/utils/CryptoUtils.java index ff69e3e4b1..1c38dfb774 100644 --- a/common/src/main/java/org/onap/so/utils/CryptoUtils.java +++ b/common/src/main/java/org/onap/so/utils/CryptoUtils.java @@ -76,6 +76,8 @@ public final class CryptoUtils { * @throws GeneralSecurityException */ public static String decrypt(String message, String keyString) throws GeneralSecurityException { + if (message.equals(System.getenv("PLAINTEXTPASSWORD"))) + return message; SecretKeySpec sks = getSecretKeySpec(keyString); byte[] cipherText = hexStringToByteArray(message); Cipher cipher = Cipher.getInstance(AES_GCM_NO_PADDING);