From f84018a417cee7bbb1261f5ae36e51c9ddef748f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20=C5=A0m=C3=A9rek?= Date: Fri, 3 Jun 2016 15:52:17 +0200 Subject: [PATCH] ARTEMIS-551 Obfuscate truststore password Obfuscate truststore password in TransportConfiguration.toString() in the same way as keystore. The password will not be logged in plain text when bridge is connected. --- .../artemis/api/core/TransportConfiguration.java | 2 +- .../api/core/TransportConfigurationTest.java | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/TransportConfiguration.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/TransportConfiguration.java index deceeeaad5..a3e1d7cc38 100644 --- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/TransportConfiguration.java +++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/api/core/TransportConfiguration.java @@ -257,7 +257,7 @@ public class TransportConfiguration implements Serializable { // HORNETQ-1281 - don't log passwords String val; - if (key.equals(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME) || key.equals(TransportConstants.DEFAULT_TRUSTSTORE_PASSWORD)) { + if (key.equals(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME) || key.equals(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME)) { val = "****"; } else { diff --git a/artemis-core-client/src/test/java/org/apache/activemq/artemis/api/core/TransportConfigurationTest.java b/artemis-core-client/src/test/java/org/apache/activemq/artemis/api/core/TransportConfigurationTest.java index 965036c12c..9f0d29c9b8 100644 --- a/artemis-core-client/src/test/java/org/apache/activemq/artemis/api/core/TransportConfigurationTest.java +++ b/artemis-core-client/src/test/java/org/apache/activemq/artemis/api/core/TransportConfigurationTest.java @@ -19,9 +19,13 @@ package org.apache.activemq.artemis.api.core; import java.util.HashMap; +import org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants; import org.junit.Assert; import org.junit.Test; +import static org.hamcrest.CoreMatchers.containsString; +import static org.hamcrest.CoreMatchers.not; + public class TransportConfigurationTest { @Test @@ -61,4 +65,16 @@ public class TransportConfigurationTest { Assert.assertNotEquals(configuration.hashCode(), configuration2.hashCode()); } + + @Test + public void testToStringObfuscatesPasswords() { + HashMap params = new HashMap<>(); + params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secret_password"); + params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secret_password"); + + TransportConfiguration configuration = new TransportConfiguration("SomeClass", params, null); + + Assert.assertThat(configuration.toString(), not(containsString("secret_password"))); + } + }