001package com.box.sdk;
002
003import com.eclipsesource.json.JsonObject;
004import java.util.Arrays;
005import java.util.HashSet;
006import java.util.Set;
007import okhttp3.Headers;
008import org.jetbrains.annotations.NotNull;
009
010/**
011 * Class used to sanitize sensitive data from payload.
012 */
013public final class BoxSensitiveDataSanitizer {
014    private static final Set<String> SENSITIVE_KEYS = new HashSet<>(Arrays.asList("authorization", "access_token",
015        "refresh_token", "subject_token", "token", "client_id", "client_secret", "code", "shared_link", "download_url",
016        "jwt_private_key", "jwt_private_key_passphrase", "password"));
017
018    private BoxSensitiveDataSanitizer() {
019    }
020
021    /**
022     * Add key that should be sanitized
023     *
024     * @param key key to be sanitized
025     */
026    public static void addKeyToSanitize(String key) {
027        SENSITIVE_KEYS.add(key);
028    }
029
030    @NotNull
031    static Headers sanitizeHeaders(Headers originalHeaders) {
032        Headers.Builder sanitizedHeadersBuilder = originalHeaders.newBuilder();
033
034        for (String originalHeaderName : originalHeaders.names()) {
035            if (isSensitiveKey(originalHeaderName)) {
036                sanitizedHeadersBuilder.set(originalHeaderName, "[REDACTED]");
037            } else {
038                String headerValue = originalHeaders.get(originalHeaderName);
039                if (headerValue != null) {
040                    sanitizedHeadersBuilder.set(originalHeaderName, headerValue);
041                }
042            }
043        }
044
045        return sanitizedHeadersBuilder.build();
046    }
047
048    /**
049     * Sanitize the json body. Only for the first level of the json.
050     *
051     * @param originalBody the original json body
052     * @return the sanitized json body
053     */
054    @NotNull
055    static JsonObject sanitizeJsonBody(JsonObject originalBody) {
056        JsonObject sanitizedBody = new JsonObject();
057
058        for (String key : originalBody.names()) {
059            if (isSensitiveKey(key)) {
060                sanitizedBody.set(key, "[REDACATED]");
061            } else {
062                sanitizedBody.set(key, originalBody.get(key));
063            }
064        }
065        return sanitizedBody;
066    }
067
068    private static boolean isSensitiveKey(@NotNull String key) {
069        return SENSITIVE_KEYS.contains(key.toLowerCase(java.util.Locale.ROOT));
070    }
071}