QPID-8135: [Qpid JMS AMQP 0-x] Mask passwords associated with end to end encryption...
authorKeith Wall <kwall@apache.org>
Thu, 5 Apr 2018 15:13:36 +0000 (16:13 +0100)
committerKeith Wall <kwall@apache.org>
Thu, 5 Apr 2018 15:22:03 +0000 (16:22 +0100)
client/src/main/java/org/apache/qpid/client/BrokerDetails.java
client/src/test/java/org/apache/qpid/test/unit/client/BrokerDetails/BrokerDetailsTest.java

index c7865ef..5b99285 100644 (file)
@@ -23,8 +23,12 @@ package org.apache.qpid.client;
 import java.io.Serializable;
 import java.net.URI;
 import java.net.URISyntaxException;
+import java.util.Arrays;
+import java.util.Collections;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.Map;
+import java.util.Set;
 
 import org.apache.qpid.configuration.ClientProperties;
 import org.apache.qpid.transport.ConnectionSettings;
@@ -65,6 +69,12 @@ public class BrokerDetails implements Serializable
     public static final String OPTIONS_ENCRYPTION_KEY_STORE = "encryption_key_store";
     public static final String OPTIONS_ENCRYPTION_KEY_STORE_PASSWORD = "encryption_key_store_password";
 
+    private static final Set<String> PASSWORD_YIELDING_OPTIONS =
+            Collections.unmodifiableSet(new HashSet<>(Arrays.asList(
+                    OPTIONS_TRUST_STORE_PASSWORD,
+                    OPTIONS_KEY_STORE_PASSWORD,
+                    OPTIONS_ENCRYPTION_TRUST_STORE_PASSWORD,
+                    OPTIONS_ENCRYPTION_KEY_STORE_PASSWORD)));
 
     public static final int DEFAULT_PORT = 5672;
     public static final String TCP = "tcp";
@@ -427,7 +437,7 @@ public class BrokerDetails implements Serializable
 
                 optionsURL.append("='");
 
-                if (OPTIONS_TRUST_STORE_PASSWORD.equals(key) || OPTIONS_KEY_STORE_PASSWORD.equals(key))
+                if (PASSWORD_YIELDING_OPTIONS.contains(key))
                 {
                     optionsURL.append("********");
                 }
index 2a33bf7..fd0e7d0 100644 (file)
@@ -144,6 +144,28 @@ public class BrokerDetailsTest extends QpidTestCase
         assertEquals("Unexpected toString", expectedToString, actualToString);
     }
 
+    public void testToStringMasksEncryptionTrustStorePassword() throws Exception
+    {
+        String url = "tcp://localhost:5672?encryption_trust_store_password='password'";
+        BrokerDetails details = new BrokerDetails(url);
+
+        String expectedToString = "tcp://localhost:5672?encryption_trust_store_password='********'";
+        String actualToString = details.toString();
+
+        assertEquals("Unexpected toString", expectedToString, actualToString);
+    }
+
+    public void testToStringMasksEncryptionKeyStorePassword() throws Exception
+    {
+        String url = "tcp://localhost:5672?encryption_key_store_password='password'";
+        BrokerDetails details = new BrokerDetails(url);
+
+        String expectedToString = "tcp://localhost:5672?encryption_key_store_password='********'";
+        String actualToString = details.toString();
+
+        assertEquals("Unexpected toString", expectedToString, actualToString);
+    }
+
     public void testDefaultSsl() throws URLSyntaxException
     {
         String brokerURL = "tcp://localhost:5672";