ARTEMIS-551 Obfuscate truststore password
Obfuscate truststore password in TransportConfiguration.toString() in the same way as keystore. The password will not be logged in plain text when bridge is connected.
This commit is contained in:
parent
36bb52c0f6
commit
f84018a417
|
@ -257,7 +257,7 @@ public class TransportConfiguration implements Serializable {
|
|||
|
||||
// HORNETQ-1281 - don't log passwords
|
||||
String val;
|
||||
if (key.equals(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME) || key.equals(TransportConstants.DEFAULT_TRUSTSTORE_PASSWORD)) {
|
||||
if (key.equals(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME) || key.equals(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME)) {
|
||||
val = "****";
|
||||
}
|
||||
else {
|
||||
|
|
|
@ -19,9 +19,13 @@ package org.apache.activemq.artemis.api.core;
|
|||
|
||||
import java.util.HashMap;
|
||||
|
||||
import org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Test;
|
||||
|
||||
import static org.hamcrest.CoreMatchers.containsString;
|
||||
import static org.hamcrest.CoreMatchers.not;
|
||||
|
||||
public class TransportConfigurationTest {
|
||||
|
||||
@Test
|
||||
|
@ -61,4 +65,16 @@ public class TransportConfigurationTest {
|
|||
Assert.assertNotEquals(configuration.hashCode(), configuration2.hashCode());
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testToStringObfuscatesPasswords() {
|
||||
HashMap<String, Object> params = new HashMap<>();
|
||||
params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "secret_password");
|
||||
params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, "secret_password");
|
||||
|
||||
TransportConfiguration configuration = new TransportConfiguration("SomeClass", params, null);
|
||||
|
||||
Assert.assertThat(configuration.toString(), not(containsString("secret_password")));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue