Merge branch 'release/os/4.9' into hjkim/os-4.9-4.10-merge-24062022

This merge includes a bugfix ENT-6714 which Corda logs database password.
2025-04-07 11:27:01 +00:00 · 2022-06-24 16:08:16 +01:00 · 2022-06-24 16:08:16 +01:00 · 0a59d578ff
commit 0a59d578ff
parent 0f739a29ec 774be6234d
1 changed files with 25 additions and 1 deletions
--- a/node/src/main/kotlin/net/corda/node/services/config/schema/v1/ConfigSections.kt
+++ b/node/src/main/kotlin/net/corda/node/services/config/schema/v1/ConfigSections.kt
@ -47,6 +47,7 @@ import net.corda.nodeapi.internal.persistence.DatabaseConfig
 import net.corda.nodeapi.internal.persistence.TransactionIsolationLevel
 import net.corda.notary.experimental.bftsmart.BFTSmartConfig
 import net.corda.notary.experimental.raft.RaftConfig
+import java.util.Properties

 internal object UserSpec : Configuration.Specification<User>("User") {
    private val username by string().optional()
@ -67,9 +68,32 @@ internal object UserSpec : Configuration.Specification<User>("User") {
 internal object SecurityConfigurationSpec : Configuration.Specification<SecurityConfiguration>("SecurityConfiguration") {
    private object AuthServiceSpec : Configuration.Specification<SecurityConfiguration.AuthService>("AuthService") {
        private object DataSourceSpec : Configuration.Specification<SecurityConfiguration.AuthService.DataSource>("DataSource") {
+            fun Properties.enablePasswordMasking(): Properties {
+                class PwMasking : Properties() {
+                    fun maskPassword(): Properties {
+                        if (!containsKey("password")) return this
+                        val propsNoPassword = Properties()
+                        // if the properties are passed in to the constructor as defaults
+                        // they don't get printed so adding all keys explicitly
+                        propsNoPassword.putAll(this)
+                        propsNoPassword.setProperty("password", "***")
+                        return propsNoPassword
+                    }
+
+                    override fun toString(): String {
+                        val props = maskPassword()
+                        return props.toString()
+                    }
+                }
+
+                val masker = PwMasking()
+                masker.putAll(this)
+                return masker
+            }
+
            private val type by enum(AuthDataSourceType::class)
            private val passwordEncryption by enum(PasswordEncryption::class).optional().withDefaultValue(SecurityConfiguration.AuthService.DataSource.Defaults.passwordEncryption)
-            private val connection by nestedObject(sensitive = true).map(::toProperties).optional()
+            private val connection by nestedObject(sensitive = true).map{ toProperties(it).enablePasswordMasking() }.optional()
            private val users by nested(UserSpec).list().optional()

            override fun parseValid(configuration: Config, options: Configuration.Options): Valid<SecurityConfiguration.AuthService.DataSource> {