QPID-8135: [Qpid JMS AMQP 0-x] Mask passwords associated with end to end encryption in the BrokerDetails#toString()
diff --git a/client/src/main/java/org/apache/qpid/client/BrokerDetails.java b/client/src/main/java/org/apache/qpid/client/BrokerDetails.java
index c7865ef..5b99285 100644
--- a/client/src/main/java/org/apache/qpid/client/BrokerDetails.java
+++ b/client/src/main/java/org/apache/qpid/client/BrokerDetails.java
@@ -23,8 +23,12 @@
import java.io.Serializable;
import java.net.URI;
import java.net.URISyntaxException;
+import java.util.Arrays;
+import java.util.Collections;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.Map;
+import java.util.Set;
import org.apache.qpid.configuration.ClientProperties;
import org.apache.qpid.transport.ConnectionSettings;
@@ -65,6 +69,12 @@
public static final String OPTIONS_ENCRYPTION_KEY_STORE = "encryption_key_store";
public static final String OPTIONS_ENCRYPTION_KEY_STORE_PASSWORD = "encryption_key_store_password";
+ private static final Set<String> PASSWORD_YIELDING_OPTIONS =
+ Collections.unmodifiableSet(new HashSet<>(Arrays.asList(
+ OPTIONS_TRUST_STORE_PASSWORD,
+ OPTIONS_KEY_STORE_PASSWORD,
+ OPTIONS_ENCRYPTION_TRUST_STORE_PASSWORD,
+ OPTIONS_ENCRYPTION_KEY_STORE_PASSWORD)));
public static final int DEFAULT_PORT = 5672;
public static final String TCP = "tcp";
@@ -427,7 +437,7 @@
optionsURL.append("='");
- if (OPTIONS_TRUST_STORE_PASSWORD.equals(key) || OPTIONS_KEY_STORE_PASSWORD.equals(key))
+ if (PASSWORD_YIELDING_OPTIONS.contains(key))
{
optionsURL.append("********");
}
diff --git a/client/src/test/java/org/apache/qpid/test/unit/client/BrokerDetails/BrokerDetailsTest.java b/client/src/test/java/org/apache/qpid/test/unit/client/BrokerDetails/BrokerDetailsTest.java
index 2a33bf7..fd0e7d0 100644
--- a/client/src/test/java/org/apache/qpid/test/unit/client/BrokerDetails/BrokerDetailsTest.java
+++ b/client/src/test/java/org/apache/qpid/test/unit/client/BrokerDetails/BrokerDetailsTest.java
@@ -144,6 +144,28 @@
assertEquals("Unexpected toString", expectedToString, actualToString);
}
+ public void testToStringMasksEncryptionTrustStorePassword() throws Exception
+ {
+ String url = "tcp://localhost:5672?encryption_trust_store_password='password'";
+ BrokerDetails details = new BrokerDetails(url);
+
+ String expectedToString = "tcp://localhost:5672?encryption_trust_store_password='********'";
+ String actualToString = details.toString();
+
+ assertEquals("Unexpected toString", expectedToString, actualToString);
+ }
+
+ public void testToStringMasksEncryptionKeyStorePassword() throws Exception
+ {
+ String url = "tcp://localhost:5672?encryption_key_store_password='password'";
+ BrokerDetails details = new BrokerDetails(url);
+
+ String expectedToString = "tcp://localhost:5672?encryption_key_store_password='********'";
+ String actualToString = details.toString();
+
+ assertEquals("Unexpected toString", expectedToString, actualToString);
+ }
+
public void testDefaultSsl() throws URLSyntaxException
{
String brokerURL = "tcp://localhost:5672";
