Merge pull request #4 from amirzaman8088/bug/map

[bug] encrypt sensitive data of key and value format
Tosan · Sep 11, 2023 · ff614db · ff614db
2 parents 02e796f + 3dcd0c9
commit ff614db
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 3 deletions.
diff --git a/tosan-soap-client/src/main/java/com/tosan/client/soap/handler/LogEncryptor.java b/tosan-soap-client/src/main/java/com/tosan/client/soap/handler/LogEncryptor.java
@@ -12,24 +12,41 @@
  */
 public class LogEncryptor {
 
+    private static final String KEY = "key";
+    private static final String VALUE = "value";
+
     public static String encrypt(String input, Set<String> secureParameters) {
         if (secureParameters == null || secureParameters.isEmpty()) {
             return input;
         }
         Pattern pattern = Pattern.compile("<([^<>]+)>([^<>]+)</\\1>");
         Matcher matcher = pattern.matcher(input);
+        boolean needEncryptedKeyValue = false;
         while (matcher.find()) {
             String tag = matcher.group(1);
+            String value = matcher.group(2);
             String lowerCasedTagName = tag.toLowerCase();
+            if (lowerCasedTagName.equals(KEY) && secureParameters.contains(value.toLowerCase())) {
+                needEncryptedKeyValue = true;
+            } else if (needEncryptedKeyValue) {
+                needEncryptedKeyValue = false;
+                if (lowerCasedTagName.equals(VALUE)) {
+                    input = replaceEncryptedData(input, tag, value);
+                }
+            }
             if (checkContainAnyEncryptedData(lowerCasedTagName, secureParameters)) {
-                String originalTag = "<" + tag + ">" + matcher.group(2) + "</" + tag + ">";
-                String toBeEncryptTag = "<" + tag + ">" + "ENCRYPTED" + "</" + tag + ">";
-                input = input.replace(originalTag, toBeEncryptTag);
+                input = replaceEncryptedData(input, tag, value);
             }
         }
         return input;
     }
 
+    private static String replaceEncryptedData(String input, String tag, String data) {
+        String originalTag = "<" + tag + ">" + data + "</" + tag + ">";
+        String toBeReplacedTag = "<" + tag + ">" + "ENCRYPTED" + "</" + tag + ">";
+        return input.replace(originalTag, toBeReplacedTag);
+    }
+
     private static boolean checkContainAnyEncryptedData(String tagName, Set<String> secureParameters) {
         return secureParameters.stream().anyMatch(tagName::contains);
     }

diff --git a/tosan-soap-client/src/test/java/com/tosan/client/soap/LogEncryptorUTest.java b/tosan-soap-client/src/test/java/com/tosan/client/soap/LogEncryptorUTest.java
@@ -223,4 +223,18 @@ public void testDifferentFormat() {
         String output = "<s:OTP1><XML><pan>ENCRYPTED</pan></XML></s:OTP1>";
         assertEquals(output, LogEncryptor.encrypt(input, ENCRYPTED_TAGS));
     }
+
+    @Test
+    public void testEncryptSensitiveKeyValue() {
+        String input = "<context><data><key>pan</key><value>6218234512341235</value></data></context>";
+        String output = "<context><data><key>pan</key><value>ENCRYPTED</value></data></context>";
+        assertEquals(output, LogEncryptor.encrypt(input, ENCRYPTED_TAGS));
+    }
+
+    @Test
+    public void testNotEncryptNormalKeyValue() {
+        String input = "<context><data><key>test</key><value>123456789</value></data></context>";
+        String output = "<context><data><key>test</key><value>123456789</value></data></context>";
+        assertEquals(output, LogEncryptor.encrypt(input, ENCRYPTED_TAGS));
+    }
 }