ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2025-05-31 22:50:53 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'release/os/4.9' into hjkim/os-4.9-4.10-merge-24062022

Browse Source 
This merge includes a bugfix ENT-6714 which Corda logs database
password.
This commit is contained in:
HJ Kim 2022-06-24 16:08:16 +01:00
commit 0a59d578ff
1 changed files with 25 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
node/src/main/kotlin/net/corda/node/services/config/schema/v1/ConfigSections.kt
View File

@ -47,6 +47,7 @@ import net.corda.nodeapi.internal.persistence.DatabaseConfig
import net.corda.nodeapi.internal.persistence.TransactionIsolationLevel import net.corda.nodeapi.internal.persistence.TransactionIsolationLevel
import net.corda.notary.experimental.bftsmart.BFTSmartConfig import net.corda.notary.experimental.bftsmart.BFTSmartConfig
import net.corda.notary.experimental.raft.RaftConfig import net.corda.notary.experimental.raft.RaftConfig
import java.util.Properties
internal object UserSpec : Configuration.Specification<User>("User") { internal object UserSpec : Configuration.Specification<User>("User") {
private val username by string().optional() private val username by string().optional()
@ -67,9 +68,32 @@ internal object UserSpec : Configuration.Specification<User>("User") {
internal object SecurityConfigurationSpec : Configuration.Specification<SecurityConfiguration>("SecurityConfiguration") { internal object SecurityConfigurationSpec : Configuration.Specification<SecurityConfiguration>("SecurityConfiguration") {
private object AuthServiceSpec : Configuration.Specification<SecurityConfiguration.AuthService>("AuthService") { private object AuthServiceSpec : Configuration.Specification<SecurityConfiguration.AuthService>("AuthService") {
private object DataSourceSpec : Configuration.Specification<SecurityConfiguration.AuthService.DataSource>("DataSource") { private object DataSourceSpec : Configuration.Specification<SecurityConfiguration.AuthService.DataSource>("DataSource") {
fun Properties.enablePasswordMasking(): Properties {
class PwMasking : Properties() {
fun maskPassword(): Properties {
if (!containsKey("password")) return this
val propsNoPassword = Properties()
// if the properties are passed in to the constructor as defaults
// they don't get printed so adding all keys explicitly
propsNoPassword.putAll(this)
propsNoPassword.setProperty("password", "***")
return propsNoPassword
}
override fun toString(): String {
val props = maskPassword()
return props.toString()
}
}
val masker = PwMasking()
masker.putAll(this)
return masker
}
private val type by enum(AuthDataSourceType::class) private val type by enum(AuthDataSourceType::class)
private val passwordEncryption by enum(PasswordEncryption::class).optional().withDefaultValue(SecurityConfiguration.AuthService.DataSource.Defaults.passwordEncryption) private val passwordEncryption by enum(PasswordEncryption::class).optional().withDefaultValue(SecurityConfiguration.AuthService.DataSource.Defaults.passwordEncryption)
private val connection by nestedObject(sensitive = true).map(::toProperties).optional() private val connection by nestedObject(sensitive = true).map{ toProperties(it).enablePasswordMasking() }.optional()
private val users by nested(UserSpec).list().optional() private val users by nested(UserSpec).list().optional()
override fun parseValid(configuration: Config, options: Configuration.Options): Valid<SecurityConfiguration.AuthService.DataSource> { override fun parseValid(configuration: Config, options: Configuration.Options): Valid<SecurityConfiguration.AuthService.DataSource> {