• Home
• br.com.ingenieux
• beanstalker-common
• 1.5.6
• source code
• CredentialsUtil.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

br.com.ingenieux.mojo.aws.util.CredentialsUtil Maven / Gradle / Ivy

/*
 * Copyright (c) 2016 ingenieux Labs
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package br.com.ingenieux.mojo.aws.util;

import java.util.regex.Matcher;
import java.util.regex.Pattern;

import static org.apache.commons.lang.StringUtils.defaultString;

/**
 * Utilities for AWS Credentials
 *
 * @author aldrin
 */
public class CredentialsUtil {

  public static final Pattern PATTERN_ALNUM_40 = Pattern.compile("[\\p{Alnum}\\/\\+]{40}");

  public static final Pattern PATTERN_HEX_40 = Pattern.compile("[\\p{XDigit}\\/\\+]{40}", Pattern.CASE_INSENSITIVE);
  public static final String MESSAGE = "/** REDACTED POSSIBLE AWS CREDENTIAL **/";

  /**
   * 
 Huge thanks to Eric Hammond from Alestic on this one (source: Understanding Access Credentials for
   * AWS/EC2: 
   *
   * 
 (6) AWS Access Key ID and (7) Secret Access Key. This is the first of two pairs of
   * credentials which can be used to access and control basic AWS services through the API
   * including EC2, S3, SimpleDB, CloudFront, SQS, EMR, RDS, etc. Some interfaces use this pair,
   * and some use the next pair below. Pay close attention to the names requested. The Access Key
   * ID is 20 alpha-numeric characters like 022QF06E7MXBSH9DHM02 and is not secret; it is
   * available to others in some situations. The Secret Access Key is 40
   * alpha-numeric-slash-plus characters like kWcrlUX5JEDGM/LtmEENI/aVmYvHNif5zB+d9+ct
   * and must be kept very secret. 
   *
   * @param s string to replace
   * @return redacted string
   */
  public static String redact(String s) {
    s = defaultString(s);

    StringBuilder stringBuilder = new StringBuilder(s);

    boolean found;

    int lastPos = 0;

    do {
      final Matcher matcher = PATTERN_ALNUM_40.matcher(stringBuilder);

      found = matcher.find(lastPos);

      if (found) {
        CharSequence segment = stringBuilder.subSequence(matcher.start(), matcher.end());

        if (!PATTERN_HEX_40.matcher(segment).matches()) {
          stringBuilder.replace(matcher.start(), matcher.end(), MESSAGE);

          lastPos = matcher.start() + MESSAGE.length();
        } else {
          lastPos = matcher.end();
        }
      }
    } while (found);

    return stringBuilder.toString();
  }

  public static void main(String[] args) throws Exception {
    System.out.println(
        redact(
            "{\n"
                + "  \"accessKey\": \"0THISISANACCESSKEYh3\",\n"
                + "  \"secretKey\": \"abc123abdefasad32ldasdlj323lkjaR+secretk\",\n"
                + "  \"applicationName\": \"multipackage-example\",\n"
                + "  \"commitId\": \"73031a04846d8adaee6fc1eb1b4bb98af9878c3b\",\n"
                + "  \"repoName\": \"ingenieux-image-blobs\",\n"
                + "  \"targetPath\": \"s3://elasticbeanstalk-us-east-1-235368163414/apps/multipackage-example/versions/git-73031a04846d8adaee6fc1eb1b4bb98af9878c3b.zip\"\n"
                + "}"));
  }
}