From f70b70eec5e1aa1428d3888233e259e8c52ce8b6 Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期五, 08 九月 2023 17:18:51 +0800
Subject: [PATCH] [UPDATE] 解決弱掃Information exposure to log file, 將印在log的私密資料移除

---
 pamapi/src/main/java/com/pollex/pam/service/OtpWebService.java |   62 ++++++++++++++++--------------
 1 files changed, 33 insertions(+), 29 deletions(-)

diff --git a/pamapi/src/main/java/com/pollex/pam/service/OtpWebService.java b/pamapi/src/main/java/com/pollex/pam/service/OtpWebService.java
index 144e202..4b85a47 100644
--- a/pamapi/src/main/java/com/pollex/pam/service/OtpWebService.java
+++ b/pamapi/src/main/java/com/pollex/pam/service/OtpWebService.java
@@ -1,16 +1,16 @@
 package com.pollex.pam.service;
 
 import com.pollex.pam.config.ApplicationProperties;
-import com.pollex.pam.service.dto.OtpResponseDTO;
+import com.pollex.pam.business.service.dto.OtpResponseDTO;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
-import tw.com.softleader.otp.ws.OtpWebServiceLocator;
-import tw.com.softleader.otp.ws.OtpWebServicePortBindingStub;
+import tw.com.softleader.otp.ws.OtpWeb;
+import tw.com.softleader.otp.ws.StringArray;
 
-import javax.xml.rpc.ServiceException;
-import java.rmi.RemoteException;
+import java.net.MalformedURLException;
+import java.net.URL;
 
 @Service
 public class OtpWebService {
@@ -20,43 +20,47 @@
     @Autowired
     ApplicationProperties applicationProperty;
 
-    public OtpResponseDTO sendByPhone(String phone) throws ServiceException, RemoteException {
-        OtpWebServicePortBindingStub stub = getOtpWebServicePortBindingStub();
-        log.info("call OtpService sendOtpBySMS, url = {}, systemType = {}, service password = {}, phone = {}",
+    public OtpResponseDTO sendByPhone(String phone) {
+        OtpWeb otpWS = getOtpWebService();
+        log.debug("call OtpService sendOtpBySMS, url = {}, systemType = {}, service password = {}, phone = {}",
             applicationProperty.getOtpWebServiceUrl(), applicationProperty.getOtpWebServiceSystemType(), applicationProperty.getOtpWebServicePassword(), phone);
 
-        String[] result =
-            stub.sendOtpBySMS(applicationProperty.getOtpWebServicePassword(), applicationProperty.getOtpWebServiceSystemType(), phone);
+        StringArray result =
+            otpWS.sendOtpBySMS(applicationProperty.getOtpWebServicePassword(), applicationProperty.getOtpWebServiceSystemType(), phone);
 
-        return new OtpResponseDTO(result);
+        return new OtpResponseDTO(result.getItem());
     }
 
-    public OtpResponseDTO sendByEmail(String email) throws ServiceException, RemoteException {
-        OtpWebServicePortBindingStub stub = getOtpWebServicePortBindingStub();
-        log.info("call OtpService sendByEmail, url = {}, systemType = {}, service password = {}, email = {}",
-            applicationProperty.getOtpWebServiceUrl(), applicationProperty.getOtpWebServiceSystemType(), applicationProperty.getOtpWebServicePassword(), email);
+    public OtpResponseDTO sendByEmail(String email) {
+        OtpWeb otpWS = getOtpWebService();
+//        log.debug("call OtpService sendByEmail, url = {}, systemType = {}, service password = {}, email = {}",
+//            applicationProperty.getOtpWebServiceUrl(), applicationProperty.getOtpWebServiceSystemType(), applicationProperty.getOtpWebServicePassword(), email);
 
-        String[] result =
-            stub.sendOtpByEmail(applicationProperty.getOtpWebServicePassword(), applicationProperty.getOtpWebServiceSystemType(), email);
+        StringArray result =
+            otpWS.sendOtpByEmail(applicationProperty.getOtpWebServicePassword(), applicationProperty.getOtpWebServiceSystemType(), email);
 
-        return new OtpResponseDTO(result);
+        return new OtpResponseDTO(result.getItem());
     }
 
-    public OtpResponseDTO verifyOTP(String indexKey, String otpCode) throws ServiceException, RemoteException {
-        OtpWebServicePortBindingStub stub = getOtpWebServicePortBindingStub();
-        log.info("call OtpService verifyOTP, url = {}, systemType = {}, service password = {}, indexKey = {}, otpCode = {}",
+    public OtpResponseDTO verifyOTP(String indexKey, String otpCode) {
+        OtpWeb otpWS = getOtpWebService();
+        log.debug("call OtpService verifyOTP, url = {}, systemType = {}, service password = {}, indexKey = {}, otpCode = {}",
             applicationProperty.getOtpWebServiceUrl(), applicationProperty.getOtpWebServiceSystemType(), applicationProperty.getOtpWebServicePassword(), indexKey, otpCode);
 
-        String[] result =
-            stub.verifyOtp(applicationProperty.getOtpWebServicePassword(), applicationProperty.getOtpWebServiceSystemType(), indexKey, otpCode);
+        StringArray result =
+            otpWS.verifyOtp(applicationProperty.getOtpWebServicePassword(), applicationProperty.getOtpWebServiceSystemType(), indexKey, otpCode);
 
-        return new OtpResponseDTO(result);
+        return new OtpResponseDTO(result.getItem());
     }
 
-    public OtpWebServicePortBindingStub getOtpWebServicePortBindingStub() throws ServiceException {
-        OtpWebServiceLocator locator = new OtpWebServiceLocator();
-        locator.setOtpWebServicePortEndpointAddress(applicationProperty.getOtpWebServiceUrl());
-
-        return (OtpWebServicePortBindingStub) locator.getOtpWebServicePort();
+    public OtpWeb getOtpWebService() {
+        final String wsUrl = applicationProperty.getOtpWebServiceUrl();
+        try {
+            tw.com.softleader.otp.ws.OtpWebService locator
+                = new tw.com.softleader.otp.ws.OtpWebService(new URL(wsUrl));
+            return locator.getOtpWebPort();
+        } catch (MalformedURLException e) {
+            throw new IllegalArgumentException("Invalid url: " + wsUrl, e);
+        }
     }
 }

--
Gitblit v1.8.0