From 03248cdc1d249008aec6a2c5131cb8492c48c804 Mon Sep 17 00:00:00 2001 From: Tamas Cservenak Date: Tue, 10 Aug 2021 13:38:28 +0200 Subject: [PATCH 1/3] Update codebase Changes: * drop legacy SISU, use latest * drop legacy test helper class, use vanilla junit * apply language level changes, where applicable * fix javadoc where applicable --- .gitignore | 2 + pom.xml | 44 +++++----- .../plexus/components/cipher/Base64.java | 4 +- .../cipher/DefaultPlexusCipher.java | 85 ++++++++----------- .../plexus/components/cipher/PBECipher.java | 6 +- .../components/cipher/PlexusCipher.java | 27 +++--- .../cipher/PlexusCipherException.java | 4 +- .../cipher/DefaultPlexusCipherTest.java | 36 ++++++-- .../components/cipher/PBECipherTest.java | 17 ++-- 9 files changed, 119 insertions(+), 106 deletions(-) diff --git a/.gitignore b/.gitignore index 5a78575..597cf42 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,5 @@ target/ .classpath .settings/ bin +*.iml + diff --git a/pom.xml b/pom.xml index 669b3d2..10435e1 100644 --- a/pom.xml +++ b/pom.xml @@ -9,7 +9,7 @@ plexus-cipher - 1.9-SNAPSHOT + 2.0-SNAPSHOT Plexus Cipher: encryption/decryption Component @@ -32,16 +32,37 @@ 7 + 0.3.4 2020-01-20T18:52:37Z - + + + + javax.inject + javax.inject + 1 + + + org.eclipse.sisu + org.eclipse.sisu.inject + ${sisuVersion} + provided + + + junit + junit + 4.13.2 + test + + + org.apache.maven.plugins maven-surefire-plugin - 2.22.1 + 2.22.2 org.eclipse.m2e @@ -106,7 +127,7 @@ org.eclipse.sisu sisu-maven-plugin - 0.3.4 + ${sisuVersion} @@ -119,19 +140,4 @@ - - - org.sonatype.sisu - sisu-inject-bean - 2.6.0 - provided - - - junit - junit - 4.13.1 - test - - - diff --git a/src/main/java/org/sonatype/plexus/components/cipher/Base64.java b/src/main/java/org/sonatype/plexus/components/cipher/Base64.java index 8420278..1ee726a 100644 --- a/src/main/java/org/sonatype/plexus/components/cipher/Base64.java +++ b/src/main/java/org/sonatype/plexus/components/cipher/Base64.java @@ -95,7 +95,7 @@ public class Base64 * The value of undefined encodings is -1. *

*/ - private static byte[] base64Alphabet = new byte[BASELENGTH]; + private static final byte[] base64Alphabet = new byte[BASELENGTH]; /** *

@@ -110,7 +110,7 @@ public class Base64 * For example, lookUpBase64Alphabet[62] returns '+'. *

*/ - private static byte[] lookUpBase64Alphabet = new byte[LOOKUPLENGTH]; + private static final byte[] lookUpBase64Alphabet = new byte[LOOKUPLENGTH]; // Populating the lookup and character arrays static { diff --git a/src/main/java/org/sonatype/plexus/components/cipher/DefaultPlexusCipher.java b/src/main/java/org/sonatype/plexus/components/cipher/DefaultPlexusCipher.java index 379eedd..ddf0243 100644 --- a/src/main/java/org/sonatype/plexus/components/cipher/DefaultPlexusCipher.java +++ b/src/main/java/org/sonatype/plexus/components/cipher/DefaultPlexusCipher.java @@ -1,4 +1,4 @@ -/** +/* * Copyright (c) 2008 Sonatype, Inc. All rights reserved. * * This program is licensed to you under the Apache License Version 2.0, @@ -15,14 +15,14 @@ import java.security.Provider; import java.security.Security; import java.util.HashSet; -import java.util.Iterator; import java.util.Set; import java.util.regex.Matcher; import java.util.regex.Pattern; -import javax.enterprise.inject.Typed; import javax.inject.Named; +import org.eclipse.sisu.Typed; + /** * @author Oleg Gusakov */ @@ -136,29 +136,26 @@ public String decorate( final String str ) */ public static String[] getServiceTypes() { - Set result = new HashSet(); + Set result = new HashSet<>(); // All all providers Provider[] providers = Security.getProviders(); - for ( int i = 0; i < providers.length; i++ ) - { + for (Provider provider : providers) { // Get services provided by each provider - Set keys = providers[i].keySet(); - for ( Iterator it = keys.iterator(); it.hasNext(); ) - { - String key = (String) it.next(); - key = key.split( " " )[0]; - - if ( key.startsWith( "Alg.Alias." ) ) - { + Set keys = provider.keySet(); + for (Object o : keys) { + String key = (String) o; + key = key.split(" ")[0]; + + if (key.startsWith("Alg.Alias.")) { // Strip the alias - key = key.substring( 10 ); + key = key.substring(10); } - int ix = key.indexOf( '.' ); - result.add( key.substring( 0, ix ) ); + int ix = key.indexOf('.'); + result.add(key.substring(0, ix)); } } - return (String[]) result.toArray( new String[result.size()] ); + return result.toArray( new String[result.size()] ); } /** @@ -166,31 +163,27 @@ public static String[] getServiceTypes() */ public static String[] getCryptoImpls( final String serviceType ) { - Set result = new HashSet(); + Set result = new HashSet<>(); // All all providers Provider[] providers = Security.getProviders(); - for ( int i = 0; i < providers.length; i++ ) - { + for (Provider provider : providers) { // Get services provided by each provider - Set keys = providers[i].keySet(); - for ( Iterator it = keys.iterator(); it.hasNext(); ) - { - String key = (String) it.next(); - key = key.split( " " )[0]; - - if ( key.startsWith( serviceType + "." ) ) - { - result.add( key.substring( serviceType.length() + 1 ) ); + Set keys = provider.keySet(); + for (Object o : keys) { + String key = (String) o; + key = key.split(" ")[0]; + + if (key.startsWith(serviceType + ".")) { + result.add(key.substring(serviceType.length() + 1)); } - else if ( key.startsWith( "Alg.Alias." + serviceType + "." ) ) - { + else if (key.startsWith("Alg.Alias." + serviceType + ".")) { // This is an alias - result.add( key.substring( serviceType.length() + 11 ) ); + result.add(key.substring(serviceType.length() + 11)); } } } - return (String[]) result.toArray( new String[result.size()] ); + return result.toArray( new String[result.size()] ); } // --------------------------------------------------------------- @@ -201,26 +194,18 @@ public static void main( final String[] args ) String[] serviceTypes = getServiceTypes(); if ( serviceTypes != null ) { - for ( int i = 0; i < serviceTypes.length; i++ ) - { - String serviceType = serviceTypes[i]; - String[] serviceProviders = getCryptoImpls( serviceType ); - if ( serviceProviders != null ) - { - System.out.println( serviceType + ": provider list" ); - for ( int j = 0; j < serviceProviders.length; j++ ) - { - String provider = serviceProviders[j]; - System.out.println( " " + provider ); + for (String serviceType : serviceTypes) { + String[] serviceProviders = getCryptoImpls(serviceType); + if (serviceProviders != null) { + System.out.println(serviceType + ": provider list"); + for (String provider : serviceProviders) { + System.out.println(" " + provider); } } - else - { - System.out.println( serviceType + ": does not have any providers in this environment" ); + else { + System.out.println(serviceType + ": does not have any providers in this environment"); } } } } - // --------------------------------------------------------------- - // --------------------------------------------------------------- } diff --git a/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java b/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java index a41615d..82a2316 100644 --- a/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java +++ b/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java @@ -1,4 +1,4 @@ -/** +/* * createCipher routine was adopted from http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.10/src/java/org/apache/commons/ssl/OpenSSL.java * which is distributed under APL-2.0 license: http://www.apache.org/licenses/LICENSE-2.0 */ @@ -58,7 +58,7 @@ public class PBECipher protected static final String CIPHER_ALG = "AES/CBC/PKCS5Padding"; - protected static int PBE_ITERATIONS = 1000; + protected static final int PBE_ITERATIONS = 1000; protected MessageDigest _digester; @@ -234,6 +234,4 @@ private Cipher createCipher( final byte [] pwdAsBytes, byte [] salt, final int m return cipher; } - //------------------------------------------------------------------------------- - //------------------------------------------------------------------------------- } diff --git a/src/main/java/org/sonatype/plexus/components/cipher/PlexusCipher.java b/src/main/java/org/sonatype/plexus/components/cipher/PlexusCipher.java index b08886a..105dae4 100644 --- a/src/main/java/org/sonatype/plexus/components/cipher/PlexusCipher.java +++ b/src/main/java/org/sonatype/plexus/components/cipher/PlexusCipher.java @@ -1,4 +1,4 @@ -/** +/* * Copyright (c) 2008 Sonatype, Inc. All rights reserved. * * This program is licensed to you under the Apache License Version 2.0, @@ -17,16 +17,16 @@ */ public interface PlexusCipher { - public static final char ENCRYPTED_STRING_DECORATION_START = '{'; + char ENCRYPTED_STRING_DECORATION_START = '{'; - public static final char ENCRYPTED_STRING_DECORATION_STOP = '}'; + char ENCRYPTED_STRING_DECORATION_STOP = '}'; /** * encrypt given string with the given passPhrase and encode it into base64 * * @param str * @param passPhrase - * @return + * @return encrypted str * @throws PlexusCipherException */ String encrypt( String str, String passPhrase ) @@ -38,7 +38,7 @@ String encrypt( String str, String passPhrase ) * * @param str * @param passPhrase - * @return + * @return encrypted and decorated str * @throws PlexusCipherException */ String encryptAndDecorate( String str, String passPhrase ) @@ -49,7 +49,7 @@ String encryptAndDecorate( String str, String passPhrase ) * * @param str * @param passPhrase - * @return + * @return decrypted str * @throws PlexusCipherException */ String decrypt( String str, String passPhrase ) @@ -61,7 +61,7 @@ String decrypt( String str, String passPhrase ) * * @param str * @param passPhrase - * @return + * @return decrypted decorated str * @throws PlexusCipherException */ String decryptDecorated( String str, String passPhrase ) @@ -71,26 +71,25 @@ String decryptDecorated( String str, String passPhrase ) * check if given string is decorated * * @param str - * @return + * @return true if string is encrypted */ - public boolean isEncryptedString( String str ); + boolean isEncryptedString( String str ); /** * return string inside decorations * * @param str - * @return + * @return undecorated str * @throws PlexusCipherException */ - public String unDecorate( String str ) + String unDecorate( String str ) throws PlexusCipherException; /** * decorated given string with { and } * * @param str - * @return + * @return decorated str */ - public String decorate( String str ); - + String decorate( String str ); } diff --git a/src/main/java/org/sonatype/plexus/components/cipher/PlexusCipherException.java b/src/main/java/org/sonatype/plexus/components/cipher/PlexusCipherException.java index 9fe6c26..836fd37 100644 --- a/src/main/java/org/sonatype/plexus/components/cipher/PlexusCipherException.java +++ b/src/main/java/org/sonatype/plexus/components/cipher/PlexusCipherException.java @@ -1,4 +1,4 @@ -/** +/* * Copyright (c) 2008 Sonatype, Inc. All rights reserved. * * This program is licensed to you under the Apache License Version 2.0, @@ -15,7 +15,6 @@ public class PlexusCipherException extends Exception { - public PlexusCipherException() { } @@ -34,5 +33,4 @@ public PlexusCipherException( String message, Throwable cause ) { super( message, cause ); } - } diff --git a/src/test/java/org/sonatype/plexus/components/cipher/DefaultPlexusCipherTest.java b/src/test/java/org/sonatype/plexus/components/cipher/DefaultPlexusCipherTest.java index dc3f3be..a259a02 100644 --- a/src/test/java/org/sonatype/plexus/components/cipher/DefaultPlexusCipherTest.java +++ b/src/test/java/org/sonatype/plexus/components/cipher/DefaultPlexusCipherTest.java @@ -1,4 +1,4 @@ -/** +/* * Copyright (c) 2008 Sonatype, Inc. All rights reserved. * * This program is licensed to you under the Apache License Version 2.0, @@ -12,7 +12,13 @@ */ package org.sonatype.plexus.components.cipher; -import org.sonatype.guice.bean.containers.InjectedTestCase; +import org.junit.Before; +import org.junit.Test; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; /** * Test the Plexus Cipher container @@ -20,9 +26,8 @@ * @author Oleg Gusakov */ public class DefaultPlexusCipherTest - extends InjectedTestCase { - private String passPhrase = "testtest"; + private final String passPhrase = "testtest"; String str = "my testing phrase"; @@ -31,14 +36,14 @@ public class DefaultPlexusCipherTest DefaultPlexusCipher pc; // ------------------------------------------------------------- - public void setUp() + @Before + public void prepare() throws Exception { - super.setUp(); - pc = new DefaultPlexusCipher(); } + @Test public void testIsEncryptedString() { String noBraces = "This is a test"; @@ -55,6 +60,7 @@ public void testIsEncryptedString() assertTrue( pc.isEncryptedString( mixedBraces ) ); } + @Test public void testUnDecorate_BracesPermutations() throws PlexusCipherException { @@ -68,6 +74,8 @@ public void testUnDecorate_BracesPermutations() } // ------------------------------------------------------------- + + @Test public void testDefaultAlgorithmExists() throws Exception { @@ -92,6 +100,8 @@ public void testDefaultAlgorithmExists() } // ------------------------------------------------------------- + + @Test public void stestFindDefaultAlgorithm() throws Exception { @@ -117,6 +127,8 @@ public void stestFindDefaultAlgorithm() } // ------------------------------------------------------------- + + @Test public void testEncrypt() throws Exception { @@ -130,6 +142,8 @@ public void testEncrypt() } // ------------------------------------------------------------- + + @Test public void testEncryptVariableLengths() throws Exception { @@ -160,6 +174,8 @@ public void testDecrypt() } // ------------------------------------------------------------- + + @Test public void testDecorate() throws Exception { @@ -169,6 +185,8 @@ public void testDecorate() } // ------------------------------------------------------------- + + @Test public void testUnDecorate() throws Exception { @@ -179,6 +197,8 @@ public void testUnDecorate() } // ------------------------------------------------------------- + + @Test public void testEncryptAndDecorate() throws Exception { @@ -186,6 +206,4 @@ public void testEncryptAndDecorate() assertEquals( '{', res.charAt( 0 ) ); } - // ------------------------------------------------------------- - // ------------------------------------------------------------- } diff --git a/src/test/java/org/sonatype/plexus/components/cipher/PBECipherTest.java b/src/test/java/org/sonatype/plexus/components/cipher/PBECipherTest.java index 17bc8dd..17d7700 100644 --- a/src/test/java/org/sonatype/plexus/components/cipher/PBECipherTest.java +++ b/src/test/java/org/sonatype/plexus/components/cipher/PBECipherTest.java @@ -19,13 +19,17 @@ Licensed to the Apache Software Foundation (ASF) under one package org.sonatype.plexus.components.cipher; -import org.sonatype.guice.bean.containers.InjectedTestCase; +import org.junit.Before; +import org.junit.Test; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; /** * @author Oleg Gusakov */ public class PBECipherTest - extends InjectedTestCase { PBECipher _cipher; @@ -35,13 +39,14 @@ public class PBECipherTest String _password = "testtest"; - protected void setUp() + @Before + public void prepare() throws Exception { - super.setUp(); _cipher = new PBECipher(); } + @Test public void testEncrypt() throws Exception { @@ -60,6 +65,7 @@ public void testEncrypt() assertFalse( enc.equals( enc2 ) ); } + @Test public void testDecrypt() throws Exception { @@ -67,7 +73,8 @@ public void testDecrypt() assertEquals( _cleatText, clear ); } - + + @Test public void testEncoding() throws Exception { From 45d23857e635078912ae5c5b3e01cf8036ace074 Mon Sep 17 00:00:00 2001 From: Tamas Cservenak Date: Tue, 10 Aug 2021 14:11:00 +0200 Subject: [PATCH 2/3] Drop legacy plx Xml --- src/main/resources/META-INF/plexus/components.xml | 12 ------------ 1 file changed, 12 deletions(-) delete mode 100644 src/main/resources/META-INF/plexus/components.xml diff --git a/src/main/resources/META-INF/plexus/components.xml b/src/main/resources/META-INF/plexus/components.xml deleted file mode 100644 index 23eee11..0000000 --- a/src/main/resources/META-INF/plexus/components.xml +++ /dev/null @@ -1,12 +0,0 @@ - - - - - org.sonatype.plexus.components.cipher.PlexusCipher - default - org.sonatype.plexus.components.cipher.DefaultPlexusCipher - - false - - - From 2eec31ef97541964cba466c762ce1973c0328f25 Mon Sep 17 00:00:00 2001 From: Tamas Cservenak Date: Tue, 10 Aug 2021 15:15:52 +0200 Subject: [PATCH 3/3] Make classes thread-safe, mark them as singletons As DefPlxCipher was not singleton, but SecDispatcher used it as such. Modified PBECiper to be thread-safe (MessageDigest var is method local now), this makes PlexusCipher but also SecDispatcher behave now. --- .../cipher/DefaultPlexusCipher.java | 18 +++++++---- .../plexus/components/cipher/PBECipher.java | 31 ++++--------------- 2 files changed, 18 insertions(+), 31 deletions(-) diff --git a/src/main/java/org/sonatype/plexus/components/cipher/DefaultPlexusCipher.java b/src/main/java/org/sonatype/plexus/components/cipher/DefaultPlexusCipher.java index ddf0243..db5a9b6 100644 --- a/src/main/java/org/sonatype/plexus/components/cipher/DefaultPlexusCipher.java +++ b/src/main/java/org/sonatype/plexus/components/cipher/DefaultPlexusCipher.java @@ -20,30 +20,33 @@ import java.util.regex.Pattern; import javax.inject.Named; +import javax.inject.Singleton; import org.eclipse.sisu.Typed; /** + * Default implementation of {@link PlexusCipher}. This class is thread safe. + * * @author Oleg Gusakov */ +@Singleton @Named( "default" ) @Typed( PlexusCipher.class ) public class DefaultPlexusCipher implements PlexusCipher { - private static final Pattern ENCRYPTED_STRING_PATTERN = Pattern.compile( ".*?[^\\\\]?\\{(.*?[^\\\\])\\}.*" ); private final PBECipher _cipher; // --------------------------------------------------------------- public DefaultPlexusCipher() - throws PlexusCipherException { _cipher = new PBECipher(); } // --------------------------------------------------------------- + @Override public String encrypt( final String str, final String passPhrase ) throws PlexusCipherException { @@ -56,6 +59,7 @@ public String encrypt( final String str, final String passPhrase ) } // --------------------------------------------------------------- + @Override public String encryptAndDecorate( final String str, final String passPhrase ) throws PlexusCipherException { @@ -63,6 +67,7 @@ public String encryptAndDecorate( final String str, final String passPhrase ) } // --------------------------------------------------------------- + @Override public String decrypt( final String str, final String passPhrase ) throws PlexusCipherException { @@ -75,6 +80,7 @@ public String decrypt( final String str, final String passPhrase ) } // --------------------------------------------------------------- + @Override public String decryptDecorated( final String str, final String passPhrase ) throws PlexusCipherException { @@ -92,6 +98,7 @@ public String decryptDecorated( final String str, final String passPhrase ) } // ---------------------------------------------------------------------------- + @Override public boolean isEncryptedString( final String str ) { if ( str == null || str.length() < 1 ) @@ -105,7 +112,7 @@ public boolean isEncryptedString( final String str ) } // ---------------------------------------------------------------------------- - // ------------------- + @Override public String unDecorate( final String str ) throws PlexusCipherException { @@ -122,15 +129,14 @@ public String unDecorate( final String str ) } // ---------------------------------------------------------------------------- - // ------------------- + @Override public String decorate( final String str ) { return ENCRYPTED_STRING_DECORATION_START + ( str == null ? "" : str ) + ENCRYPTED_STRING_DECORATION_STOP; } // --------------------------------------------------------------- - // --------------------------------------------------------------- - // *************************************************************** + /** * Exploratory part. This method returns all available services types */ diff --git a/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java b/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java index 82a2316..f81d4fe 100644 --- a/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java +++ b/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java @@ -28,9 +28,7 @@ Licensed to the Apache Software Foundation (ASF) under one import java.security.InvalidKeyException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; import java.security.SecureRandom; -import java.util.Random; import javax.crypto.Cipher; import javax.crypto.NoSuchPaddingException; @@ -38,6 +36,8 @@ Licensed to the Apache Software Foundation (ASF) under one import javax.crypto.spec.SecretKeySpec; /** + * This class is thread-safe. + * * @author Oleg Gusakov */ public class PBECipher @@ -60,23 +60,8 @@ public class PBECipher protected static final int PBE_ITERATIONS = 1000; - protected MessageDigest _digester; - private static final SecureRandom _secureRandom = new SecureRandom(); - //--------------------------------------------------------------- - public PBECipher() - throws PlexusCipherException - { - try - { - _digester = MessageDigest.getInstance( DIGEST_ALG ); - } - catch ( NoSuchAlgorithmException e ) - { - throw new PlexusCipherException(e); - } - } //--------------------------------------------------------------- private byte[] getSalt( final int sz ) { @@ -116,9 +101,7 @@ public String encrypt64( final String clearText, final String password ) byte [] encryptedTextBytes = Base64.encodeBase64( allEncryptedBytes ); - String encryptedText = new String( encryptedTextBytes, STRING_ENCODING ); - - return encryptedText; + return new String( encryptedTextBytes, STRING_ENCODING ); } catch( Exception e) { @@ -150,9 +133,7 @@ public String decrypt64( final String encryptedText, final String password ) byte [] clearBytes = cipher.doFinal( encryptedBytes ); - String clearText = new String( clearBytes, STRING_ENCODING ); - - return clearText; + return new String( clearBytes, STRING_ENCODING ); } catch( Exception e) { @@ -163,8 +144,8 @@ public String decrypt64( final String encryptedText, final String password ) private Cipher createCipher( final byte [] pwdAsBytes, byte [] salt, final int mode ) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException { - _digester.reset(); - + MessageDigest _digester = MessageDigest.getInstance( DIGEST_ALG ); + byte[] keyAndIv = new byte[ SPICE_SIZE * 2 ]; if( salt == null || salt.length == 0 )