ARTEMIS-551 Obfuscate truststore password

Obfuscate truststore password in TransportConfiguration.toString()
in the same way as keystore. The password will not be logged in
plain text when bridge is connected.
This commit is contained in:
Martin Šmérek 2016-06-03 15:52:17 +02:00
parent 36bb52c0f6
commit f84018a417
2 changed files with 17 additions and 1 deletions

View File

@ -257,7 +257,7 @@ public class TransportConfiguration implements Serializable {
// HORNETQ-1281 - don't log passwords // HORNETQ-1281 - don't log passwords
String val; String val;
if (key.equals(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME) || key.equals(TransportConstants.DEFAULT_TRUSTSTORE_PASSWORD)) { if (key.equals(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME) || key.equals(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME)) {
val = "****"; val = "****";
} }
else { else {

View File

@ -19,9 +19,13 @@ package org.apache.activemq.artemis.api.core;
import java.util.HashMap; import java.util.HashMap;
import org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants;
import org.junit.Assert; import org.junit.Assert;
import org.junit.Test; import org.junit.Test;
import static org.hamcrest.CoreMatchers.containsString;
import static org.hamcrest.CoreMatchers.not;
public class TransportConfigurationTest { public class TransportConfigurationTest {
@Test @Test
@ -61,4 +65,16 @@ public class TransportConfigurationTest {
Assert.assertNotEquals(configuration.hashCode(), configuration2.hashCode()); Assert.assertNotEquals(configuration.hashCode(), configuration2.hashCode());
} }
@Test
public void testToStringObfuscatesPasswords() {
HashMap<String, Object> params = new HashMap<>();
params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secret_password");
params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secret_password");
TransportConfiguration configuration = new TransportConfiguration("SomeClass", params, null);
Assert.assertThat(configuration.toString(), not(containsString("secret_password")));
}
} }