[core-amqp] Removing connection string from leaking connection information being logged (Azure#19306)

* Removing connection string information from logging as it will leak secrets present in it.

Author: hemanttanwar

sdk/core/azure-core-amqp/src/main/java/com/azure/core/amqp/implementation/ConnectionStringProperties.java

@@ -32,10 +32,9 @@ public class ConnectionStringProperties {
         + "SharedAccessKeyName={sharedAccessKeyName};SharedAccessKey={sharedAccessKey};EntityPath={entityPath}";
     private static final String CONNECTION_STRING_WITH_SAS = "Endpoint={endpoint};SharedAccessSignature="
         + "SharedAccessSignature {sharedAccessSignature};EntityPath={entityPath}";
-    private static final String ERROR_MESSAGE_FORMAT = "Could not parse 'connectionString'. Expected format: "
-        + CONNECTION_STRING_WITH_ACCESS_KEY + " or " + CONNECTION_STRING_WITH_SAS + ". Actual: %s";
-    private static final String ERROR_MESSAGE_ENDPOINT_FORMAT = "'Endpoint' must be provided in 'connectionString'."
-        + " Actual: %s";
+    private static final String ERROR_MESSAGE_FORMAT = String.format(Locale.US,
+        "Could not parse 'connectionString'. Expected format: %s or %s.", CONNECTION_STRING_WITH_ACCESS_KEY,
+        CONNECTION_STRING_WITH_SAS);
 
     private final URI endpoint;
     private final String entityPath;
@@ -77,7 +76,7 @@ public ConnectionStringProperties(String connectionString) {
             final String value = pair[1].trim();
 
             if (key.equalsIgnoreCase(ENDPOINT)) {
-                final String endpointUri = validateAndUpdateDefaultScheme(value, connectionString);
+                final String endpointUri = validateAndUpdateDefaultScheme(value);
                 try {
                     endpoint = new URI(endpointUri);
                 } catch (URISyntaxException e) {
@@ -106,7 +105,7 @@ public ConnectionStringProperties(String connectionString) {
         if (endpoint == null
             || (includesSharedKey && includesSharedAccessSignature) // includes both SAS and key or value
             || (!hasSharedKeyAndValue && !includesSharedAccessSignature)) { // invalid key, value and SAS
-            throw new IllegalArgumentException(String.format(Locale.US, ERROR_MESSAGE_FORMAT, connectionString));
+            throw logger.logExceptionAsError(new IllegalArgumentException(ERROR_MESSAGE_FORMAT));
         }
 
         this.endpoint = endpoint;
@@ -161,20 +160,19 @@ public String getSharedAccessSignature() {
      * The function checks for pre existing scheme of "sb://" , "http://" or "https://". If the scheme is not provided
      * in endpoint, it will set the default scheme to "sb://".
      */
-    private String validateAndUpdateDefaultScheme(final String endpoint, final String connectionString) {
-        String updatedEndpoint = endpoint.trim();
+    private String validateAndUpdateDefaultScheme(final String endpoint) {
 
         if (CoreUtils.isNullOrEmpty(endpoint)) {
-            throw logger.logExceptionAsError(new IllegalArgumentException(String.format(Locale.US,
-                ERROR_MESSAGE_ENDPOINT_FORMAT, connectionString)));
-
+            throw logger.logExceptionAsError(new IllegalArgumentException(
+                "'Endpoint' must be provided in 'connectionString'."));
         }
-        final String endpointLowerCase = endpoint.toLowerCase(Locale.getDefault());
+
+        final String endpointLowerCase = endpoint.trim().toLowerCase(Locale.ROOT);
         if (!endpointLowerCase.startsWith(ENDPOINT_SCHEME_SB_PREFIX)
             && !endpointLowerCase.startsWith(ENDPOINT_SCHEME_HTTP_PREFIX)
             && !endpointLowerCase.startsWith(ENDPOINT_SCHEME_HTTPS_PREFIX)) {
-            updatedEndpoint = ENDPOINT_SCHEME_SB_PREFIX + endpoint;
+            return ENDPOINT_SCHEME_SB_PREFIX + endpoint;
         }
-        return updatedEndpoint;
+        return endpointLowerCase;
     }
 }

sdk/core/azure-core-amqp/src/test/java/com/azure/core/amqp/implementation/ConnectionStringPropertiesTest.java

@@ -11,6 +11,7 @@
 import java.util.Locale;
 import java.util.stream.Stream;
 
+import static org.junit.jupiter.api.Assertions.assertFalse;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 
 public class ConnectionStringPropertiesTest {
@@ -62,6 +63,42 @@ public void invalidSasKeyValue() {
         assertThrows(IllegalArgumentException.class, () -> new ConnectionStringProperties(connectionString));
     }
 
+    /**
+     * Verifies sdk do not expose secret in exception string when SharedAccessKeyName is not present.
+     */
+    @Test
+    public void invalidConnectionStringNoSecretExposed() {
+        // Arrange
+        final String invalidConnectionString = getConnectionString(HOSTNAME_URI, EVENT_HUB, SAS_KEY, SAS_VALUE)
+            .replace(String.format(Locale.US, "SharedAccessKeyName=%s;", SAS_KEY), "");
+
+        // Act & Assert
+        final Exception exception = assertThrows(IllegalArgumentException.class, () -> new ConnectionStringProperties(invalidConnectionString));
+
+        final String actualMessage = exception.getMessage();
+
+        assertFalse(actualMessage.contains(SAS_VALUE));
+        assertFalse(actualMessage.contains(HOSTNAME_URI));
+    }
+
+    /**
+     * Verifies sdk do not expose secret in exception string when 'Endpoint' is not present.
+     */
+    @Test
+    public void invalidEndpointNoSecretExposed() {
+        // Arrange
+        final String invalidConnectionString = getConnectionString(HOSTNAME_URI, EVENT_HUB, SAS_KEY, SAS_VALUE)
+            .replace(String.format(Locale.US, "Endpoint=%s;", HOSTNAME_URI), "");
+
+        // Act & Assert
+        final Exception exception = assertThrows(IllegalArgumentException.class, () -> new ConnectionStringProperties(invalidConnectionString));
+
+        final String actualMessage = exception.getMessage();
+
+        assertFalse(actualMessage.contains(SAS_VALUE));
+        assertFalse(actualMessage.contains(SAS_KEY));
+    }
+
     @Test
     public void differentEndpointScheme() {
         // Arrange