From 8a9569407a97168014acb38349dcecc7479ffe9f Mon Sep 17 00:00:00 2001 From: SnehaRH Date: Thu, 13 Nov 2025 16:37:35 +0530 Subject: [PATCH 1/2] fix: amm-1929 username and passwords are passed plain --- .../java/com/iemr/common/service/cti/CTIServiceImpl.java | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/iemr/common/service/cti/CTIServiceImpl.java b/src/main/java/com/iemr/common/service/cti/CTIServiceImpl.java index 9a792699..5a69abdd 100644 --- a/src/main/java/com/iemr/common/service/cti/CTIServiceImpl.java +++ b/src/main/java/com/iemr/common/service/cti/CTIServiceImpl.java @@ -56,6 +56,7 @@ import com.iemr.common.repository.callhandling.BeneficiaryCallRepository; import com.iemr.common.repository.callhandling.IEMRCalltypeRepositoryImplCustom; import com.iemr.common.utils.config.ConfigProperties; +import com.iemr.common.utils.encryption.AESUtil; import com.iemr.common.utils.exception.IEMRException; import com.iemr.common.utils.http.HttpUtils; import com.iemr.common.utils.mapper.InputMapper; @@ -81,6 +82,9 @@ public class CTIServiceImpl implements CTIService { private static final String CUSTOM_API_FAILURE = "0"; private static final String DEFAULT_IP = "0.0.0.0"; + + private AESUtil aesUtil; + @Autowired private BeneficiaryCallRepository beneficiaryCallRepository; @@ -290,9 +294,12 @@ public OutputResponse getLoginKey(String request, String ipAddress) throws IEMRE String serverURL = ConfigProperties.getPropertyByName("cti-server-ip"); AgentLoginKey agentState = objectMapper.readValue(request, AgentLoginKey.class); + String decryptPassword = aesUtil.decrypt("Piramal12Piramal", agentState.getPassword()); + + ctiURI = ctiURI.replace("CTI_SERVER", serverURL); ctiURI = ctiURI.replace("USERNAME", (agentState.getUsername() != null) ? agentState.getUsername() : ""); - ctiURI = ctiURI.replace("PASSWORD", (agentState.getPassword() != null) ? agentState.getPassword() : ""); + ctiURI = ctiURI.replace("PASSWORD", (decryptPassword != null) ? decryptPassword : ""); logger.info("calling URL " + ctiURI); ctiURI = ctiURI.replace("AGENT_IP", ipAddress); String response = this.callUrl(ctiURI);// httpUtils.get(ctiURI); From a51d44198080b80e108d40db601cca3ee00bac72 Mon Sep 17 00:00:00 2001 From: SnehaRH Date: Thu, 13 Nov 2025 20:40:51 +0530 Subject: [PATCH 2/2] fix: amm-1929 removed hardcoded decrypted value --- .../com/iemr/common/service/cti/CTIServiceImpl.java | 11 ++++++++--- src/main/resources/application.properties | 3 +++ 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/iemr/common/service/cti/CTIServiceImpl.java b/src/main/java/com/iemr/common/service/cti/CTIServiceImpl.java index 5a69abdd..81d8953a 100644 --- a/src/main/java/com/iemr/common/service/cti/CTIServiceImpl.java +++ b/src/main/java/com/iemr/common/service/cti/CTIServiceImpl.java @@ -83,6 +83,7 @@ public class CTIServiceImpl implements CTIService { private static final String DEFAULT_IP = "0.0.0.0"; + @Autowired private AESUtil aesUtil; @@ -294,9 +295,13 @@ public OutputResponse getLoginKey(String request, String ipAddress) throws IEMRE String serverURL = ConfigProperties.getPropertyByName("cti-server-ip"); AgentLoginKey agentState = objectMapper.readValue(request, AgentLoginKey.class); - String decryptPassword = aesUtil.decrypt("Piramal12Piramal", agentState.getPassword()); - - + String decryptPassword = null; + + String passphrase = ConfigProperties.getPropertyByName("encryption.passphrase"); + + decryptPassword = aesUtil.decrypt(passphrase, agentState.getPassword()); + + ctiURI = ctiURI.replace("CTI_SERVER", serverURL); ctiURI = ctiURI.replace("USERNAME", (agentState.getUsername() != null) ? agentState.getUsername() : ""); ctiURI = ctiURI.replace("PASSWORD", (decryptPassword != null) ? decryptPassword : ""); diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index d57801bd..427754c5 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -193,6 +193,9 @@ cti-server-ip=10.208.122.99 cti-logger_base_url=http://10.208.122.99/logger sms-gateway-url = +#Encryption passphrase used by AESUtil for decrypting CTI passwords. +encryption.passphrase=Piramal12Piramal + # Identity Config identity-api-url = http://localhost:8094/ #Verify whether 1097 and identity are same?