Removing passwordencryption key

Signed-off-by: efiacor <fiachra.corcoran@est.tech>
Change-Id: I1d5f193ae0215d5a5939227097adbb01a5b9866a
Issue-ID: DMAAP-1367
diff --git a/datarouter-docker-compose/src/main/resources/prov_data/provserver.properties b/datarouter-docker-compose/src/main/resources/prov_data/provserver.properties
index 07060a8..b620f1f 100755
--- a/datarouter-docker-compose/src/main/resources/prov_data/provserver.properties
+++ b/datarouter-docker-compose/src/main/resources/prov_data/provserver.properties
@@ -53,7 +53,6 @@
 # AAF config
 org.onap.dmaap.datarouter.provserver.cadi.enabled = false
 
-org.onap.dmaap.datarouter.provserver.passwordencryption   = PasswordEncryptionKey#@$%^&1234#
 org.onap.dmaap.datarouter.provserver.aaf.feed.type        = org.onap.dmaap-dr.feed
 org.onap.dmaap.datarouter.provserver.aaf.sub.type         = org.onap.dmaap-dr.sub
 org.onap.dmaap.datarouter.provserver.aaf.instance         = legacy
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java
index c0290bb..52629ff 100755
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/BaseServlet.java
@@ -33,7 +33,6 @@
 import com.att.eelf.configuration.EELFManager;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
-import java.security.GeneralSecurityException;
 import java.security.cert.X509Certificate;
 import java.sql.Connection;
 import java.sql.SQLException;
@@ -49,6 +48,7 @@
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
+import org.apache.commons.codec.digest.DigestUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.jetbrains.annotations.Nullable;
 import org.json.JSONArray;
@@ -66,7 +66,6 @@
 import org.onap.dmaap.datarouter.provisioning.beans.Parameters;
 import org.onap.dmaap.datarouter.provisioning.beans.Subscription;
 import org.onap.dmaap.datarouter.provisioning.beans.Updateable;
-import org.onap.dmaap.datarouter.provisioning.utils.PasswordProcessor;
 import org.onap.dmaap.datarouter.provisioning.utils.Poker;
 import org.onap.dmaap.datarouter.provisioning.utils.ProvDbUtils;
 import org.onap.dmaap.datarouter.provisioning.utils.SynchronizerTask;
@@ -156,6 +155,7 @@
     static final String START_TIME = "start_time";
     static final String END_TIME = "end_time";
     static final String REASON_SQL = "reasonSQL";
+    static final String JSON_HASH_STRING = "password";
 
     /**
      * A boolean to trigger one time "provisioning changed" event on startup.
@@ -331,7 +331,7 @@
         try {
             jo = new JSONObject(new JSONTokener(req.getInputStream()));
             if (intlogger.isDebugEnabled()) {
-                intlogger.debug("JSON: " + jo.toString());
+                intlogger.debug("JSON: " + hashPasswords(new JSONObject(jo.toString())).toString());
             }
         } catch (Exception e) {
             intlogger.info("Error reading JSON: " + e);
@@ -339,38 +339,37 @@
         return jo;
     }
 
-    /**
-     * This method encrypt/decrypt the key in the JSON passed by user request inside the authorisation
-     * header object in request before logging the JSON.
-     *
-     * @param jo      the JSON passed in http request.
-     * @param maskKey the key to be masked in the JSON passed.
-     * @param action  whether to mask the key or unmask it in a JSON passed.
-     * @return the JSONObject, or null if the stream cannot be parsed.
-     */
-    static JSONObject maskJSON(JSONObject jo, String maskKey, boolean action) {
+    public static JSONObject hashPasswords(JSONObject jo) {
         if (!jo.isNull("authorization")) {
             JSONArray endpointIds = jo.getJSONObject("authorization").getJSONArray("endpoint_ids");
             for (int index = 0; index < endpointIds.length(); index++) {
-                if ((!endpointIds.getJSONObject(index).isNull(maskKey))) {
-                    String password = endpointIds.getJSONObject(index).get(maskKey).toString();
-                    processPassword(maskKey, action, endpointIds, index, password);
+                if ((!endpointIds.getJSONObject(index).isNull(JSON_HASH_STRING))) {
+                    String password = endpointIds.getJSONObject(index).get(JSON_HASH_STRING).toString();
+                    processPassword(endpointIds, index, password);
                 }
             }
         }
+        if (!jo.isNull("delivery")) {
+            JSONObject deliveryObj = jo.getJSONObject("delivery");
+            String password = deliveryObj.get(JSON_HASH_STRING).toString();
+            processPassword(deliveryObj, password);
+        }
         return jo;
     }
 
-    private static void processPassword(String maskKey, boolean action, JSONArray endpointIds, int index,
-        String password) {
+    private static void processPassword(JSONArray endpointIds, int index, String password) {
         try {
-            if (action) {
-                endpointIds.getJSONObject(index).put(maskKey, PasswordProcessor.encrypt(password));
-            } else {
-                endpointIds.getJSONObject(index).put(maskKey, PasswordProcessor.decrypt(password));
-            }
-        } catch (JSONException | GeneralSecurityException e) {
-            intlogger.info("Error reading JSON while masking: " + e);
+            endpointIds.getJSONObject(index).put(JSON_HASH_STRING, DigestUtils.sha256Hex(password));
+        } catch (JSONException e) {
+            intlogger.info("Error reading JSON while hashing: " + e);
+        }
+    }
+
+    private static void processPassword(JSONObject deliveryObj, String password) {
+        try {
+            deliveryObj.put(JSON_HASH_STRING, DigestUtils.sha256Hex(password));
+        } catch (JSONException e) {
+            intlogger.info("Error reading JSON while hashing: " + e);
         }
     }
 
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java
index f0ab395..eada486 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/DRFeedsServlet.java
@@ -34,7 +34,6 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.json.JSONObject;
-
 import org.onap.dmaap.datarouter.authz.AuthorizationResponse;
 import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord;
 import org.onap.dmaap.datarouter.provisioning.beans.Feed;
@@ -269,9 +268,6 @@
                 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
                 return;
             }
-            if (intlogger.isDebugEnabled()) {
-                intlogger.debug(jo.toString());
-            }
             if (++activeFeeds > maxFeeds) {
                 activeFeeds--;
                 message = "Cannot create feed; the maximum number of feeds has been configured.";
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/FeedServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/FeedServlet.java
index 4b94159..de27c65 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/FeedServlet.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/FeedServlet.java
@@ -34,7 +34,6 @@
 import javax.servlet.http.HttpServletResponse;
 import org.json.JSONException;
 import org.json.JSONObject;
-
 import org.onap.dmaap.datarouter.authz.AuthorizationResponse;
 import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord;
 import org.onap.dmaap.datarouter.provisioning.beans.Feed;
@@ -310,9 +309,6 @@
                 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
                 return;
             }
-            if (intlogger.isDebugEnabled()) {
-                intlogger.debug(jo.toString());
-            }
             Feed feed;
             try {
                 feed = new Feed(jo);
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/GroupServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/GroupServlet.java
index 73f859a..432ea3c 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/GroupServlet.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/GroupServlet.java
@@ -181,9 +181,6 @@
             sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
             return;
         }
-        if (intlogger.isDebugEnabled()) {
-            intlogger.debug(jo.toString());
-        }
         Group gup;
         try {
             gup = new Group(jo);
@@ -275,10 +272,6 @@
             sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
             return;
         }
-        if (intlogger.isDebugEnabled()) {
-            intlogger.debug(jo.toString());
-        }
-
         Group gup;
         try {
             gup = new Group(jo);
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java
index 4732183..efa1c10 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/InternalServlet.java
@@ -39,19 +39,17 @@
 import java.nio.file.Paths;
 import java.nio.file.StandardCopyOption;
 import java.util.Properties;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-
 import org.json.JSONArray;
-import org.onap.dmaap.datarouter.provisioning.utils.Poker;
-import org.onap.dmaap.datarouter.provisioning.utils.SynchronizerTask;
 import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord;
 import org.onap.dmaap.datarouter.provisioning.beans.LogRecord;
 import org.onap.dmaap.datarouter.provisioning.beans.Parameters;
 import org.onap.dmaap.datarouter.provisioning.eelf.EelfMsgs;
 import org.onap.dmaap.datarouter.provisioning.utils.LogfileLoader;
+import org.onap.dmaap.datarouter.provisioning.utils.Poker;
 import org.onap.dmaap.datarouter.provisioning.utils.RLEBitSet;
+import org.onap.dmaap.datarouter.provisioning.utils.SynchronizerTask;
 
 
 
@@ -454,7 +452,7 @@
 
             if ("/logs".equals(path) || LOGS.equals(path)) {
                 String ctype = req.getHeader("Content-Type");
-                if (ctype == null || !TEXT_CT.equals(ctype)) {
+                if (!TEXT_CT.equals(ctype)) {
                     elr.setResult(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE);
                     elr.setMessage("Bad media type: " + ctype);
                     resp.setStatus(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE);
@@ -494,7 +492,7 @@
                 }
                 try {
                     fs.close();
-                } catch (Exception e) {
+                } catch (UnsupportedOperationException | IOException e) {
                     intlogger.error("PROV0137 InternalServlet.doPost: " + e.getMessage(), e);
                 }
                 if (total != 0 && ((avail * 100) / total) < 5) {
@@ -522,7 +520,7 @@
             if ("/drlogs".equals(path) || "/drlogs/".equals(path)) {
                 // Receive post request and generate log entries
                 String ctype = req.getHeader("Content-Type");
-                if (ctype == null || !TEXT_CT.equals(ctype)) {
+                if (!TEXT_CT.equals(ctype)) {
                     elr.setResult(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE);
                     elr.setMessage("Bad media type: " + ctype);
                     resp.setStatus(HttpServletResponse.SC_UNSUPPORTED_MEDIA_TYPE);
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscribeServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscribeServlet.java
index 21b838d..fa4a24f 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscribeServlet.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscribeServlet.java
@@ -34,7 +34,6 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.json.JSONObject;
-
 import org.onap.dmaap.datarouter.authz.AuthorizationResponse;
 import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord;
 import org.onap.dmaap.datarouter.provisioning.beans.Feed;
@@ -241,9 +240,6 @@
                 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);
                 return;
             }
-            if (intlogger.isDebugEnabled()) {
-                intlogger.debug(jo.toString());
-            }
             if (++activeSubs > maxSubs) {
                 activeSubs--;
                 message = "Cannot create subscription; the maximum number of subscriptions has been configured.";
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServlet.java
index 1f7c291..b3bb679 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServlet.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServlet.java
@@ -39,10 +39,10 @@
 import org.json.JSONException;

 import org.json.JSONObject;

 import org.onap.dmaap.datarouter.authz.AuthorizationResponse;

-import org.onap.dmaap.datarouter.provisioning.utils.SynchronizerTask;

 import org.onap.dmaap.datarouter.provisioning.beans.EventLogRecord;

 import org.onap.dmaap.datarouter.provisioning.beans.Subscription;

 import org.onap.dmaap.datarouter.provisioning.eelf.EelfMsgs;

+import org.onap.dmaap.datarouter.provisioning.utils.SynchronizerTask;

 

 /**

  * This servlet handles provisioning for the &lt;subscriptionURL&gt; which is generated by the provisioning server to

@@ -315,10 +315,7 @@
                 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);

                 return;

             }

-            if (intlogger.isDebugEnabled()) {

-                intlogger.debug(jo.toString());

-            }

-            Subscription sub = null;

+            Subscription sub;

             try {

                 sub = new Subscription(jo);

             } catch (InvalidObjectException e) {

diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java
index ac1f70a..c634430 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Feed.java
@@ -185,7 +185,7 @@
                 if (fid.getId().length() > 60) {

                     throw new InvalidObjectException("id field is too long (" + fid.getId() + ")");

                 }

-                if (fid.getPassword().length() > 32) {

+                if (fid.getPassword().length() > 100) {

                     //Fortify scan fixes - Privacy Violation

                     throw new InvalidObjectException("password field is too long (" + fid.getPassword() + ")");

                 }

diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/PasswordProcessor.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/PasswordProcessor.java
deleted file mode 100644
index a6a3e2b..0000000
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/utils/PasswordProcessor.java
+++ /dev/null
@@ -1,78 +0,0 @@
-/**

- * -

- * ============LICENSE_START=======================================================

- * Copyright (C) 2019 Nordix Foundation.

- * ================================================================================

- * Licensed under the Apache License, Version 2.0 (the "License");

- * you may not use this file except in compliance with the License.

- * You may obtain a copy of the License at

- *

- * <p>http://www.apache.org/licenses/LICENSE-2.0

- *

- * <p>* Unless required by applicable law or agreed to in writing, software

- * distributed under the License is distributed on an "AS IS" BASIS,

- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

- * See the License for the specific language governing permissions and

- * limitations under the License.

- *

- * <p>* SPDX-License-Identifier: Apache-2.0

- * ============LICENSE_END=========================================================

- */

-

-package org.onap.dmaap.datarouter.provisioning.utils;

-

-import java.nio.charset.StandardCharsets;

-import java.security.GeneralSecurityException;

-import java.util.Base64;

-

-import javax.crypto.Cipher;

-import javax.crypto.SecretKey;

-import javax.crypto.SecretKeyFactory;

-import javax.crypto.spec.PBEKeySpec;

-import javax.crypto.spec.PBEParameterSpec;

-import org.onap.dmaap.datarouter.provisioning.ProvRunner;

-

-/**

- * The Processing of a Password.  Password can be encrypted and decrypted.

- * @author Vikram Singh

- * @version $Id: PasswordProcessor.java,v 1.0 2016/12/14 10:16:52 EST

- */

-public class PasswordProcessor {

-

-    private static final String SECRET_KEY_FACTORY_TYPE = "PBEWithMD5AndDES";

-    private static final String PASSWORD_ENCRYPTION_STRING =

-            ProvRunner.getProvProperties().getProperty("org.onap.dmaap.datarouter.provserver.passwordencryption");

-    private static final char[] PASSWORD = PASSWORD_ENCRYPTION_STRING.toCharArray();

-    private static final byte[] SALT = {(byte) 0xde, (byte) 0x33, (byte) 0x10,

-        (byte) 0x12, (byte) 0xde, (byte) 0x33, (byte) 0x10, (byte) 0x12,};

-

-    private PasswordProcessor(){

-    }

-

-    /**

-     * Encrypt password.

-     * @param property the Password

-     * @return Encrypted password.

-     */

-    public static String encrypt(String property) throws GeneralSecurityException {

-        SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(SECRET_KEY_FACTORY_TYPE);

-        SecretKey key = keyFactory.generateSecret(new PBEKeySpec(PASSWORD));

-        Cipher pbeCipher = Cipher.getInstance(SECRET_KEY_FACTORY_TYPE);

-        pbeCipher.init(Cipher.ENCRYPT_MODE, key, new PBEParameterSpec(SALT, 32));

-        return Base64.getEncoder().encodeToString(pbeCipher.doFinal(property.getBytes(StandardCharsets.UTF_8)));

-    }

-

-    /**

-     * Decrypt password.

-     * @param property the Password

-     * @return Decrypt password.

-     */

-    public static String decrypt(String property) throws GeneralSecurityException {

-        SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(SECRET_KEY_FACTORY_TYPE);

-        SecretKey key = keyFactory.generateSecret(new PBEKeySpec(PASSWORD));

-        Cipher pbeCipher = Cipher.getInstance(SECRET_KEY_FACTORY_TYPE);

-        pbeCipher.init(Cipher.DECRYPT_MODE, key, new PBEParameterSpec(SALT, 32));

-        return new String(pbeCipher.doFinal(Base64.getDecoder().decode(property)), StandardCharsets.UTF_8);

-    }

-

-}

diff --git a/datarouter-prov/src/main/resources/provserver.properties b/datarouter-prov/src/main/resources/provserver.properties
index 20b5cb9..ad9a19e 100755
--- a/datarouter-prov/src/main/resources/provserver.properties
+++ b/datarouter-prov/src/main/resources/provserver.properties
@@ -52,7 +52,6 @@
 # AAF config
 org.onap.dmaap.datarouter.provserver.cadi.enabled = false
 
-org.onap.dmaap.datarouter.provserver.passwordencryption   = PasswordEncryptionKey#@$%^&1234#
 org.onap.dmaap.datarouter.provserver.aaf.feed.type        = org.onap.dmaap-dr.feed
 org.onap.dmaap.datarouter.provserver.aaf.sub.type         = org.onap.dmaap-dr.sub
 org.onap.dmaap.datarouter.provserver.aaf.instance         = legacy
diff --git a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/BaseServletTest.java b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/BaseServletTest.java
index 0013077..bfd33f8 100755
--- a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/BaseServletTest.java
+++ b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/BaseServletTest.java
@@ -23,8 +23,22 @@
 
 package org.onap.dmaap.datarouter.provisioning;
 
-import java.security.NoSuchAlgorithmException;
+import static org.hamcrest.Matchers.is;
+import static org.hamcrest.Matchers.nullValue;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotEquals;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertThat;
+import static org.mockito.Matchers.anyInt;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+import static org.powermock.api.mockito.PowerMockito.mockStatic;
+
+import java.util.HashSet;
+import java.util.Set;
+import java.util.UUID;
 import javax.crypto.SecretKeyFactory;
+import javax.servlet.http.HttpServletRequest;
 import org.apache.commons.lang3.reflect.FieldUtils;
 import org.json.JSONObject;
 import org.junit.Assert;
@@ -32,7 +46,6 @@
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.Mock;
-import org.mockito.Mockito;
 import org.onap.dmaap.datarouter.provisioning.beans.Feed;
 import org.onap.dmaap.datarouter.provisioning.beans.FeedAuthorization;
 import org.onap.dmaap.datarouter.provisioning.beans.Group;
@@ -44,21 +57,6 @@
 import org.powermock.modules.junit4.PowerMockRunner;
 import org.slf4j.MDC;
 
-import javax.servlet.http.HttpServletRequest;
-import java.util.HashSet;
-import java.util.Set;
-import java.util.UUID;
-
-import static org.hamcrest.Matchers.is;
-import static org.hamcrest.Matchers.nullValue;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNull;
-import static org.junit.Assert.assertThat;
-import static org.mockito.Matchers.anyInt;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-import static org.powermock.api.mockito.PowerMockito.mockStatic;
-
 @RunWith(PowerMockRunner.class)
 @SuppressStaticInitializationFor({"org.onap.dmaap.datarouter.provisioning.beans.Feed",
         "org.onap.dmaap.datarouter.provisioning.beans.Subscription",
@@ -229,23 +227,7 @@
         Assert.assertEquals("456", MDC.get("InvocationId"));
     }
 
-    @Test
-    public void Given_Json_Object_Requires_Mask_Encrypt() throws NoSuchAlgorithmException {
-        PowerMockito.mockStatic(SecretKeyFactory.class);
-        SecretKeyFactory secretKeyFactory = PowerMockito.mock(SecretKeyFactory.class);
-        PowerMockito.when(SecretKeyFactory.getInstance(Mockito.anyString())).thenReturn(secretKeyFactory);
-        BaseServlet.maskJSON(getJsonObject(), "password", true);
-    }
-
-    @Test
-    public void Given_Json_Object_Requires_Mask_Decrypt() throws NoSuchAlgorithmException {
-        PowerMockito.mockStatic(SecretKeyFactory.class);
-        SecretKeyFactory secretKeyFactory = PowerMockito.mock(SecretKeyFactory.class);
-        PowerMockito.when(SecretKeyFactory.getInstance(Mockito.anyString())).thenReturn(secretKeyFactory);
-        BaseServlet.maskJSON(getJsonObject(), "password", false);
-    }
-
-    public JSONObject getJsonObject() {
+    public JSONObject getFeedJsonObject() {
         return new JSONObject("{\"authorization\": {\n" + "    \"endpoint_addrs\": [\n" + "    ],\n"
                                       + "    \"classification\": \"unclassified\",\n"
                                       + "    \"endpoint_ids\": [\n" + "      {\n"
@@ -255,6 +237,27 @@
                                       + "        \"id\": \"onap\"\n" + "      }\n" + "    ]\n" + "  }}");
     }
 
+    public JSONObject getSubJsonObject() {
+        return new JSONObject("{\"delivery\": {\"url\": \"http://172.18.0.3:7070/\", \"user\": "
+            + "\"LOGIN\", \"password\": \"PASSWORD\", \"use100\": true}, \"metadataOnly\": false, "
+            + "\"suspend\": false, \"groupid\": 29, \"subscriber\": \"sg481n\"}");
+    }
+
+    @Test
+    public void Given_Debug_Is_Enabled_Hash_Feed_Passwords_Successful() {
+        JSONObject hashed_feed_pass = BaseServlet.hashPasswords(getFeedJsonObject());
+        assertNotEquals(hashed_feed_pass.getJSONObject("authorization").getJSONArray("endpoint_ids")
+            .getJSONObject(0).get("password").toString(), "demo123456!");
+
+    }
+
+    @Test
+    public void Given_Debug_Is_Enabled_Hash_Sub_Passwords_Successful() {
+        JSONObject hashed_sub_pass = BaseServlet.hashPasswords(getSubJsonObject());
+        assertNotEquals(hashed_sub_pass.getJSONObject("delivery").get("password").toString(), "PASSWORD");
+
+    }
+
     @Test
     public void Given_BaseServlet_Verify_Cadi_Feed_Permission() {
         assertEquals("org.onap.dmaap-dr.feed|legacy|publish", baseServlet.getFeedPermission("legacy", "publish"));
diff --git a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/DrServletTestBase.java b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/DrServletTestBase.java
index 03f5df1..0a2b608 100644
--- a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/DrServletTestBase.java
+++ b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/DrServletTestBase.java
@@ -48,7 +48,6 @@
         props.setProperty("org.onap.dmaap.datarouter.provserver.accesslog.dir", "unit-test-logs");
         props.setProperty("org.onap.dmaap.datarouter.provserver.spooldir", "unit-test-logs/spool");
         props.setProperty("org.onap.dmaap.datarouter.provserver.https.relaxation", "false");
-        props.setProperty("org.onap.dmaap.datarouter.provserver.passwordencryption", "PasswordEncryptionKey#@$%^&1234#");
         FieldUtils.writeDeclaredStaticField(ProvRunner.class, "provProperties", props, true);
         FieldUtils.writeDeclaredStaticField(BaseServlet.class, "startmsgFlag", false, true);
         SynchronizerTask synchronizerTask = mock(SynchronizerTask.class);
diff --git a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServletTest.java b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServletTest.java
index cb0fa2b..a7b4297 100755
--- a/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServletTest.java
+++ b/datarouter-prov/src/test/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServletTest.java
@@ -40,7 +40,6 @@
 import org.onap.dmaap.datarouter.provisioning.beans.SubDelivery;
 import org.onap.dmaap.datarouter.provisioning.beans.Subscription;
 import org.onap.dmaap.datarouter.provisioning.beans.Updateable;
-import org.onap.dmaap.datarouter.provisioning.utils.PasswordProcessor;
 import org.onap.dmaap.datarouter.provisioning.utils.Poker;
 import org.onap.dmaap.datarouter.provisioning.utils.ProvDbUtils;
 import org.powermock.api.mockito.PowerMockito;
@@ -64,7 +63,6 @@
 
 
 @RunWith(PowerMockRunner.class)
-@PrepareForTest(PasswordProcessor.class)
 public class SubscriptionServletTest extends DrServletTestBase {
     private static EntityManagerFactory emf;
     private static EntityManager em;
@@ -304,7 +302,6 @@
         when(request.getHeader("Content-Type")).thenReturn("application/vnd.dmaap-dr.subscription; version=1.0");
         when(request.getPathInfo()).thenReturn("/3");
         when(request.isUserInRole("org.onap.dmaap-dr.sub|*|edit")).thenReturn(true);
-        PowerMockito.mockStatic(PasswordProcessor.class);
         JSONObject JSObject = buildRequestJsonObject();
         SubscriptionServlet subscriptionServlet = new SubscriptionServlet() {
             public JSONObject getJSONfromInput(HttpServletRequest req) {
@@ -418,7 +415,6 @@
         when(response.getOutputStream()).thenReturn(outStream);
         when(request.getHeader("X-DMAAP-DR-ON-BEHALF-OF-GROUP")).thenReturn("stub_subjectGroup");
         when(request.getHeader("Content-Type")).thenReturn("application/vnd.dmaap-dr.subscription; version=1.0");
-        PowerMockito.mockStatic(PasswordProcessor.class);
         JSONObject JSObject = buildRequestJsonObject();
         SubscriptionServlet subscriptionServlet = new SubscriptionServlet() {
             public JSONObject getJSONfromInput(HttpServletRequest req) {
diff --git a/datarouter-prov/src/test/resources/h2Database.properties b/datarouter-prov/src/test/resources/h2Database.properties
index 61d76fa..6957ae1 100755
--- a/datarouter-prov/src/test/resources/h2Database.properties
+++ b/datarouter-prov/src/test/resources/h2Database.properties
@@ -31,4 +31,3 @@
 org.onap.dmaap.datarouter.provserver.spooldir              = src/test/resources
 org.onap.dmaap.datarouter.provserver.dbscripts             = src/test/resources
 org.onap.dmaap.datarouter.provserver.localhost             = 127.0.0.1
-org.onap.dmaap.datarouter.provserver.passwordencryption    = PasswordEncryptionKey#@$%^&1234#
\ No newline at end of file