From 74e563da7fa6886449fd2be5933e2d4ca5c85f48 Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期二, 12 九月 2023 11:25:52 +0800
Subject: [PATCH] [UPDATE] 解決弱點Se: Incorrect definition of Serializable class [UPDATE] 解決弱點Information exposure to log file [UPDATE] 解決弱點Use of hard-coded password

---
 pamapi/src/main/java/com/pollex/pam/service/OtpWebService.java |   77 ++++++++++++++++++++------------------
 1 files changed, 40 insertions(+), 37 deletions(-)

diff --git a/pamapi/src/main/java/com/pollex/pam/service/OtpWebService.java b/pamapi/src/main/java/com/pollex/pam/service/OtpWebService.java
index 35c9a63..d3f1874 100644
--- a/pamapi/src/main/java/com/pollex/pam/service/OtpWebService.java
+++ b/pamapi/src/main/java/com/pollex/pam/service/OtpWebService.java
@@ -1,16 +1,16 @@
 package com.pollex.pam.service;
 
 import com.pollex.pam.config.ApplicationProperties;
-import com.pollex.pam.service.dto.OtpResponseDTO;
+import com.pollex.pam.business.service.dto.OtpResponseDTO;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
-import tw.com.softleader.otp.ws.OtpWebServiceLocator;
-import tw.com.softleader.otp.ws.OtpWebServicePortBindingStub;
+import tw.com.softleader.otp.ws.OtpWeb;
+import tw.com.softleader.otp.ws.StringArray;
 
-import javax.xml.rpc.ServiceException;
-import java.rmi.RemoteException;
+import java.net.MalformedURLException;
+import java.net.URL;
 
 @Service
 public class OtpWebService {
@@ -20,44 +20,47 @@
     @Autowired
     ApplicationProperties applicationProperty;
 
-    public OtpResponseDTO sendByPhone(String phone) throws ServiceException, RemoteException {
-        OtpWebServicePortBindingStub stub = getOtpWebServicePortBindingStub();
-        log.info("call OtpService snedOtpBySMS, ");
+    public OtpResponseDTO sendByPhone(String phone) {
+        OtpWeb otpWS = getOtpWebService();
+//        log.debug("call OtpService sendOtpBySMS, url = {}, systemType = {}, service password = {}, phone = {}",
+//            applicationProperty.getOtpWebServiceUrl(), applicationProperty.getOtpWebServiceSystemType(), applicationProperty.getOtpWebServicePassword(), phone);
 
-        String[] result =
-            stub.sendOtpBySMS(applicationProperty.getOtpWebServicePassword(), applicationProperty.getOtpWebServiceSystemType(), phone);
+        StringArray result =
+            otpWS.sendOtpBySMS(applicationProperty.getOtpWebServicePassword(), applicationProperty.getOtpWebServiceSystemType(), phone);
 
-        return new OtpResponseDTO(result);
+        return new OtpResponseDTO(result.getItem());
     }
 
-    public OtpResponseDTO sendByEmail(String email) throws ServiceException, RemoteException {
-        OtpWebServicePortBindingStub stub = getOtpWebServicePortBindingStub();
+    public OtpResponseDTO sendByEmail(String email) {
+        OtpWeb otpWS = getOtpWebService();
+//        log.debug("call OtpService sendByEmail, url = {}, systemType = {}, service password = {}, email = {}",
+//            applicationProperty.getOtpWebServiceUrl(), applicationProperty.getOtpWebServiceSystemType(), applicationProperty.getOtpWebServicePassword(), email);
 
-        String[] result =
-            stub.sendOtpByEmail(applicationProperty.getOtpWebServicePassword(), applicationProperty.getOtpWebServiceSystemType(), email);
+        StringArray result =
+            otpWS.sendOtpByEmail(applicationProperty.getOtpWebServicePassword(), applicationProperty.getOtpWebServiceSystemType(), email);
 
-        final OtpResponseDTO otpResponseDTO = new OtpResponseDTO(result);
-        if(otpResponseDTO.isSuccess()) {
-            return otpResponseDTO;
+        return new OtpResponseDTO(result.getItem());
+    }
+
+    public OtpResponseDTO verifyOTP(String indexKey, String otpCode) {
+        OtpWeb otpWS = getOtpWebService();
+//        log.debug("call OtpService verifyOTP, url = {}, systemType = {}, service password = {}, indexKey = {}, otpCode = {}",
+//            applicationProperty.getOtpWebServiceUrl(), applicationProperty.getOtpWebServiceSystemType(), applicationProperty.getOtpWebServicePassword(), indexKey, otpCode);
+
+        StringArray result =
+            otpWS.verifyOtp(applicationProperty.getOtpWebServicePassword(), applicationProperty.getOtpWebServiceSystemType(), indexKey, otpCode);
+
+        return new OtpResponseDTO(result.getItem());
+    }
+
+    public OtpWeb getOtpWebService() {
+        final String wsUrl = applicationProperty.getOtpWebServiceUrl();
+        try {
+            tw.com.softleader.otp.ws.OtpWebService locator
+                = new tw.com.softleader.otp.ws.OtpWebService(new URL(wsUrl));
+            return locator.getOtpWebPort();
+        } catch (MalformedURLException e) {
+            throw new IllegalArgumentException("Invalid url: " + wsUrl, e);
         }
-        else {
-            throw new RuntimeException("error code = " + otpResponseDTO.getFailCode() + ", error reason = " + otpResponseDTO.getFailReason());
-        }
-    }
-
-    public OtpResponseDTO verifyOTP(String indexKey, String otpCode) throws ServiceException, RemoteException {
-        OtpWebServicePortBindingStub stub = getOtpWebServicePortBindingStub();
-
-        String[] result =
-            stub.verifyOtp(applicationProperty.getOtpWebServicePassword(), applicationProperty.getOtpWebServiceSystemType(), indexKey, otpCode);
-
-        return new OtpResponseDTO(result);
-    }
-
-    private OtpWebServicePortBindingStub getOtpWebServicePortBindingStub() throws ServiceException {
-        OtpWebServiceLocator locator = new OtpWebServiceLocator();
-        locator.setOtpWebServicePortEndpointAddress(applicationProperty.getOtpWebServiceUrl());
-
-        return (OtpWebServicePortBindingStub) locator.getOtpWebServicePort();
     }
 }

--
Gitblit v1.8.0