You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2022/06/17 07:46:10 UTC
[ws-wss4j] branch master updated: Removing default passwords for keystores and truststores
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
The following commit(s) were added to refs/heads/master by this push:
new 2355ecb73 Removing default passwords for keystores and truststores
2355ecb73 is described below
commit 2355ecb73bee855fd99a2a53a6ddb0f87aff6e8d
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Fri Jun 17 08:35:46 2022 +0100
Removing default passwords for keystores and truststores
---
.../src/main/java/org/apache/wss4j/common/crypto/Merlin.java | 4 ++--
.../src/main/java/org/apache/wss4j/common/crypto/MerlinDevice.java | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java b/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
index 396139994..c783e781b 100644
--- a/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
+++ b/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/Merlin.java
@@ -222,7 +222,7 @@ public class Merlin extends CryptoBase {
keyStoreLocation = keyStoreLocation.trim();
try (InputStream is = loadInputStream(loader, keyStoreLocation)) {
- String passwd = properties.getProperty(prefix + KEYSTORE_PASSWORD, "security");
+ String passwd = properties.getProperty(prefix + KEYSTORE_PASSWORD);
if (passwd != null) {
passwd = passwd.trim();
passwd = decryptPassword(passwd, passwordEncryptor);
@@ -272,7 +272,7 @@ public class Merlin extends CryptoBase {
trustStoreLocation = trustStoreLocation.trim();
try (InputStream is = loadInputStream(loader, trustStoreLocation)) {
- String passwd = properties.getProperty(prefix + TRUSTSTORE_PASSWORD, "changeit");
+ String passwd = properties.getProperty(prefix + TRUSTSTORE_PASSWORD);
if (passwd != null) {
passwd = passwd.trim();
passwd = decryptPassword(passwd, passwordEncryptor);
diff --git a/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/MerlinDevice.java b/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/MerlinDevice.java
index 02f460cb4..866a8c11d 100644
--- a/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/MerlinDevice.java
+++ b/ws-security-common/src/main/java/org/apache/wss4j/common/crypto/MerlinDevice.java
@@ -97,7 +97,7 @@ public class MerlinDevice extends Merlin {
if (keyStoreLocation == null) {
keyStoreLocation = properties.getProperty(prefix + OLD_KEYSTORE_FILE);
}
- String keyStorePassword = properties.getProperty(prefix + KEYSTORE_PASSWORD, "security");
+ String keyStorePassword = properties.getProperty(prefix + KEYSTORE_PASSWORD);
if (keyStorePassword != null) {
keyStorePassword = keyStorePassword.trim();
keyStorePassword = decryptPassword(keyStorePassword, passwordEncryptor);
@@ -122,7 +122,7 @@ public class MerlinDevice extends Merlin {
//
// Load the TrustStore
//
- String trustStorePassword = properties.getProperty(prefix + TRUSTSTORE_PASSWORD, "changeit");
+ String trustStorePassword = properties.getProperty(prefix + TRUSTSTORE_PASSWORD);
if (trustStorePassword != null) {
trustStorePassword = trustStorePassword.trim();
trustStorePassword = decryptPassword(trustStorePassword, passwordEncryptor);