From f22a8f627bac8f71c851c21ef90b343fcc2e3c0e Mon Sep 17 00:00:00 2001
From: Steve Ebersole <steve@hibernate.org>
Date: Fri, 29 Mar 2013 12:43:17 -0500
Subject: [PATCH] HHH-8122 - Scrub known-sensitive settings from
 EMF.getProperties() (cherry picked from commit
 bc85168015927f8fc086c812e0e29ab0f328f8c8)

Conflicts:

	hibernate-entitymanager/src/main/java/org/hibernate/ejb/EntityManagerFactoryImpl.java
---
 .../ejb/EntityManagerFactoryImpl.java         | 20 ++++++++++++++++---
 ...EntityManagerFactorySerializationTest.java | 10 ++++++++++
 2 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/hibernate-entitymanager/src/main/java/org/hibernate/ejb/EntityManagerFactoryImpl.java b/hibernate-entitymanager/src/main/java/org/hibernate/ejb/EntityManagerFactoryImpl.java
index e284d9f578..2f50137ee9 100755
--- a/hibernate-entitymanager/src/main/java/org/hibernate/ejb/EntityManagerFactoryImpl.java
+++ b/hibernate-entitymanager/src/main/java/org/hibernate/ejb/EntityManagerFactoryImpl.java
@@ -1,8 +1,10 @@
 /*
- * Copyright (c) 2009, Red Hat Middleware LLC or third-party contributors as
+ * Hibernate, Relational Persistence for Idiomatic Java
+ *
+ * Copyright (c) 2013, Red Hat Inc. or third-party contributors as
  * indicated by the @author tags or express copyright attribution
  * statements applied by the authors.  All third-party contributions are
- * distributed under license by Red Hat Middleware LLC.
+ * distributed under license by Red Hat Inc.
  *
  * This copyrighted material is made available to anyone wishing to use, modify,
  * copy, or redistribute it subject to the terms and conditions of the GNU
@@ -113,6 +115,7 @@ public class EntityManagerFactoryImpl implements HibernateEntityManagerFactory {
 		HashMap<String,Object> props = new HashMap<String, Object>();
 		addAll( props, ( (SessionFactoryImplementor) sessionFactory ).getProperties() );
 		addAll( props, cfg.getProperties() );
+		maskOutSensitiveInformation( props );
 		this.properties = Collections.unmodifiableMap( props );
 		String entityManagerFactoryName = (String)this.properties.get(AvailableSettings.ENTITY_MANAGER_FACTORY_NAME);
 		if (entityManagerFactoryName == null) {
@@ -170,6 +173,17 @@ public class EntityManagerFactoryImpl implements HibernateEntityManagerFactory {
 		}
 	}
 
+	private void maskOutSensitiveInformation(HashMap<String, Object> props) {
+		maskOutIfSet( props, AvailableSettings.JDBC_PASSWORD );
+		maskOutIfSet( props, org.hibernate.cfg.AvailableSettings.PASS );
+	}
+
+	private void maskOutIfSet(HashMap<String, Object> props, String setting) {
+		if ( props.containsKey( setting ) ) {
+			props.put( setting, "****" );
+		}
+	}
+
 	public EntityManager createEntityManager() {
 		return createEntityManager( null );
 	}
@@ -238,7 +252,7 @@ public class EntityManagerFactoryImpl implements HibernateEntityManagerFactory {
 		}
 
 		public void evict(Class entityClass, Object identifier) {
-			sessionFactory.getCache().evictEntity( entityClass, ( Serializable ) identifier );
+			sessionFactory.getCache().evictEntity( entityClass, (Serializable) identifier );
 		}
 
 		public void evict(Class entityClass) {
diff --git a/hibernate-entitymanager/src/test/java/org/hibernate/ejb/test/ejb3configuration/EntityManagerFactorySerializationTest.java b/hibernate-entitymanager/src/test/java/org/hibernate/ejb/test/ejb3configuration/EntityManagerFactorySerializationTest.java
index f7a443683a..200521584c 100644
--- a/hibernate-entitymanager/src/test/java/org/hibernate/ejb/test/ejb3configuration/EntityManagerFactorySerializationTest.java
+++ b/hibernate-entitymanager/src/test/java/org/hibernate/ejb/test/ejb3configuration/EntityManagerFactorySerializationTest.java
@@ -34,6 +34,7 @@ import javax.persistence.EntityManagerFactory;
 
 import org.junit.Test;
 
+import org.hibernate.cfg.AvailableSettings;
 import org.hibernate.ejb.HibernateEntityManager;
 import org.hibernate.ejb.test.BaseEntityManagerFunctionalTestCase;
 import org.hibernate.ejb.test.Cat;
@@ -42,6 +43,7 @@ import org.hibernate.ejb.test.Item;
 import org.hibernate.ejb.test.Kitten;
 import org.hibernate.ejb.test.Wallet;
 
+import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
 
 /**
@@ -127,6 +129,14 @@ public class EntityManagerFactorySerializationTest extends BaseEntityManagerFunc
 				entityManagerFactory2 == entityManagerFactory);
 	}
 
+	@Test
+	public void testEntityManagerFactoryProperties() {
+		EntityManagerFactory entityManagerFactory = entityManagerFactory();
+		assertTrue( entityManagerFactory.getProperties().containsKey( AvailableSettings.USER ) );
+		if ( entityManagerFactory.getProperties().containsKey( AvailableSettings.PASS ) ) {
+			assertEquals( "****",  entityManagerFactory.getProperties().get( AvailableSettings.PASS ) );
+		}
+	}
 
 	@Override
 	public Class[] getAnnotatedClasses() {