mirror of
https://github.com/scm-manager/scm-manager.git
synced 2026-07-07 15:53:37 +02:00
merge with branch issue-887
This commit is contained in:
@@ -35,7 +35,8 @@ package sonia.scm.security;
|
||||
|
||||
|
||||
/**
|
||||
*
|
||||
* Encrypts and decrypts string values.
|
||||
*
|
||||
* @author Sebastian Sdorra
|
||||
* @since 1.7
|
||||
*/
|
||||
@@ -43,22 +44,20 @@ public interface CipherHandler
|
||||
{
|
||||
|
||||
/**
|
||||
* Method description
|
||||
* Decrypts the given value.
|
||||
*
|
||||
* @param value encrypted value
|
||||
*
|
||||
* @param value
|
||||
*
|
||||
* @return
|
||||
* @return decrypted value
|
||||
*/
|
||||
public String decode(String value);
|
||||
|
||||
/**
|
||||
* Method description
|
||||
* Encrypts the given value.
|
||||
*
|
||||
* @param value plain text value to encrypt.
|
||||
*
|
||||
* @param value
|
||||
*
|
||||
* @return
|
||||
* @return encrypted value
|
||||
*/
|
||||
public String encode(String value);
|
||||
}
|
||||
|
||||
@@ -53,7 +53,7 @@ import java.io.FileNotFoundException;
|
||||
import java.io.FileReader;
|
||||
import java.io.IOException;
|
||||
import java.io.PrintWriter;
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.security.GeneralSecurityException;
|
||||
|
||||
import java.security.MessageDigest;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
@@ -66,32 +66,32 @@ import javax.crypto.spec.IvParameterSpec;
|
||||
import javax.crypto.spec.SecretKeySpec;
|
||||
|
||||
/**
|
||||
*
|
||||
* Default implementation of the {@link CipherHandler}, which uses AES for
|
||||
* encryption and decryption.
|
||||
*
|
||||
* @author Sebastian Sdorra
|
||||
* @since 1.7
|
||||
*/
|
||||
public class DefaultCipherHandler implements CipherHandler
|
||||
{
|
||||
public class DefaultCipherHandler implements CipherHandler {
|
||||
|
||||
/** Field description */
|
||||
/** used cipher type */
|
||||
public static final String CIPHER_TYPE = "AES/CTR/PKCS5PADDING";
|
||||
|
||||
/** Field description */
|
||||
/** digest type for key generation */
|
||||
public static final String DIGEST_TYPE = "SHA-512";
|
||||
|
||||
/** Field description */
|
||||
/** string encoding */
|
||||
public static final String ENCODING = "UTF-8";
|
||||
|
||||
/** Field description */
|
||||
/** default key length */
|
||||
public static final int KEY_LENGTH = 16;
|
||||
|
||||
/** Field description */
|
||||
/** default salt length */
|
||||
public static final int SALT_LENGTH = 16;
|
||||
|
||||
/** Field description */
|
||||
private static final String CIPHERKEY_FILENAME = ".cipherkey";
|
||||
@VisibleForTesting
|
||||
static final String CIPHERKEY_FILENAME = ".cipherkey";
|
||||
|
||||
/** Field description */
|
||||
private static final char[] KEY_BASE = new char[]
|
||||
{
|
||||
'1', '4', '7', '3', 'F', '2', '1', 'E', '-', 'C', '4', 'C', '4', '-', '4',
|
||||
@@ -99,96 +99,72 @@ public class DefaultCipherHandler implements CipherHandler
|
||||
'E', 'C', '7', '7', '2', 'E'
|
||||
};
|
||||
|
||||
/** Field description */
|
||||
private static final String KEY_TYPE = "AES";
|
||||
|
||||
/** the logger for DefaultCipherHandler */
|
||||
private static final Logger logger =
|
||||
LoggerFactory.getLogger(DefaultCipherHandler.class);
|
||||
|
||||
//~--- constructors ---------------------------------------------------------
|
||||
|
||||
private static final Logger logger = LoggerFactory.getLogger(DefaultCipherHandler.class);
|
||||
|
||||
private final SecureRandom random = new SecureRandom();
|
||||
|
||||
private final char[] key;
|
||||
|
||||
/**
|
||||
* Constructs a new DefaultCipherHandler. Note this constructor is only for
|
||||
* unit tests.
|
||||
*
|
||||
*
|
||||
* @param key
|
||||
* @param key default encryption key
|
||||
*
|
||||
* @since 1.38
|
||||
*/
|
||||
@VisibleForTesting
|
||||
protected DefaultCipherHandler(String key)
|
||||
{
|
||||
protected DefaultCipherHandler(String key) {
|
||||
this.key = key.toCharArray();
|
||||
}
|
||||
|
||||
/**
|
||||
* Constructs ...
|
||||
*
|
||||
*
|
||||
* @param context
|
||||
* @param keyGenerator
|
||||
*
|
||||
* Constructs a new instance and reads the default key from the scm home directory,
|
||||
* if the key file does not exists it will be generated with the {@link KeyGenerator}.
|
||||
*
|
||||
* @param context SCM-Manager context provider
|
||||
* @param keyGenerator key generator for default key generation
|
||||
*/
|
||||
public DefaultCipherHandler(SCMContextProvider context,
|
||||
KeyGenerator keyGenerator)
|
||||
{
|
||||
public DefaultCipherHandler(SCMContextProvider context, KeyGenerator keyGenerator) {
|
||||
File configDirectory = new File(context.getBaseDirectory(), "config");
|
||||
|
||||
IOUtil.mkdirs(configDirectory);
|
||||
cipherKeyFile = new File(configDirectory, CIPHERKEY_FILENAME);
|
||||
File cipherKeyFile = new File(configDirectory, CIPHERKEY_FILENAME);
|
||||
|
||||
try
|
||||
{
|
||||
if (cipherKeyFile.exists())
|
||||
{
|
||||
loadKey();
|
||||
}
|
||||
else
|
||||
{
|
||||
try {
|
||||
if (cipherKeyFile.exists()) {
|
||||
key = loadKey(cipherKeyFile);
|
||||
} else {
|
||||
key = keyGenerator.createKey().toCharArray();
|
||||
storeKey();
|
||||
storeKey(cipherKeyFile);
|
||||
}
|
||||
}
|
||||
catch (IOException ex)
|
||||
{
|
||||
} catch (IOException ex) {
|
||||
throw new CipherException("could not create CipherHandler", ex);
|
||||
}
|
||||
}
|
||||
|
||||
//~--- methods --------------------------------------------------------------
|
||||
|
||||
/**
|
||||
* Method description
|
||||
*
|
||||
*
|
||||
* @param value
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
@Override
|
||||
public String decode(String value)
|
||||
{
|
||||
public String decode(String value) {
|
||||
return decode(key, value);
|
||||
}
|
||||
|
||||
/**
|
||||
* Method description
|
||||
* Decodes the given value with the provided key.
|
||||
*
|
||||
* @param plainKey key which is used for decoding
|
||||
* @param value encrypted value
|
||||
*
|
||||
* @param plainKey
|
||||
* @param value
|
||||
*
|
||||
* @return
|
||||
* @return decrypted value
|
||||
*/
|
||||
public String decode(char[] plainKey, String value)
|
||||
{
|
||||
public String decode(char[] plainKey, String value) {
|
||||
String result = null;
|
||||
|
||||
try
|
||||
{
|
||||
try {
|
||||
byte[] encodedInput = Base64.decode(value);
|
||||
byte[] salt = new byte[SALT_LENGTH];
|
||||
byte[] encoded = new byte[encodedInput.length - SALT_LENGTH];
|
||||
@@ -206,52 +182,35 @@ public class DefaultCipherHandler implements CipherHandler
|
||||
byte[] decoded = cipher.doFinal(encoded);
|
||||
|
||||
result = new String(decoded, ENCODING);
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
logger.error("could not decode string", ex);
|
||||
|
||||
throw new CipherException(ex);
|
||||
} catch (IOException | GeneralSecurityException ex) {
|
||||
throw new CipherException("could not decode string", ex);
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
/**
|
||||
* Method description
|
||||
*
|
||||
*
|
||||
* @param value
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
@Override
|
||||
public String encode(String value)
|
||||
{
|
||||
public String encode(String value) {
|
||||
return encode(key, value);
|
||||
}
|
||||
|
||||
/**
|
||||
* Method description
|
||||
* Encrypts the given value with the provided key.
|
||||
*
|
||||
* @param plainKey key which is used for encoding
|
||||
* @param value plain text value to encrypt
|
||||
*
|
||||
* @param plainKey
|
||||
* @param value
|
||||
*
|
||||
* @return
|
||||
* @return encrypted value
|
||||
*/
|
||||
public String encode(char[] plainKey, String value)
|
||||
{
|
||||
public String encode(char[] plainKey, String value) {
|
||||
String res = null;
|
||||
|
||||
try
|
||||
{
|
||||
try {
|
||||
byte[] salt = new byte[SALT_LENGTH];
|
||||
|
||||
random.nextBytes(salt);
|
||||
|
||||
IvParameterSpec iv = new IvParameterSpec(salt);
|
||||
SecretKey secretKey = buildSecretKey(key);
|
||||
SecretKey secretKey = buildSecretKey(plainKey);
|
||||
javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance(CIPHER_TYPE);
|
||||
|
||||
cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, secretKey, iv);
|
||||
@@ -264,31 +223,14 @@ public class DefaultCipherHandler implements CipherHandler
|
||||
System.arraycopy(encodedInput, 0, result, SALT_LENGTH,
|
||||
result.length - SALT_LENGTH);
|
||||
res = new String(Base64.encode(result), ENCODING);
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
logger.error("could not encode string", ex);
|
||||
|
||||
throw new CipherException(ex);
|
||||
} catch (IOException | GeneralSecurityException ex) {
|
||||
throw new CipherException("could not encode string", ex);
|
||||
}
|
||||
|
||||
return res;
|
||||
}
|
||||
|
||||
/**
|
||||
* Method description
|
||||
*
|
||||
*
|
||||
* @param plainKey
|
||||
*
|
||||
* @return
|
||||
*
|
||||
* @throws NoSuchAlgorithmException
|
||||
* @throws UnsupportedEncodingException
|
||||
*/
|
||||
private SecretKey buildSecretKey(char[] plainKey)
|
||||
throws UnsupportedEncodingException, NoSuchAlgorithmException
|
||||
{
|
||||
private SecretKey buildSecretKey(char[] plainKey) throws IOException, NoSuchAlgorithmException {
|
||||
byte[] raw = new String(plainKey).getBytes(ENCODING);
|
||||
MessageDigest digest = MessageDigest.getInstance(DIGEST_TYPE);
|
||||
|
||||
@@ -298,60 +240,18 @@ public class DefaultCipherHandler implements CipherHandler
|
||||
return new SecretKeySpec(raw, KEY_TYPE);
|
||||
}
|
||||
|
||||
/**
|
||||
* Method description
|
||||
*
|
||||
*
|
||||
* @throws IOException
|
||||
*/
|
||||
private void loadKey() throws IOException
|
||||
{
|
||||
BufferedReader reader = null;
|
||||
|
||||
try
|
||||
{
|
||||
reader = new BufferedReader(new FileReader(cipherKeyFile));
|
||||
|
||||
private char[] loadKey(File cipherKeyFile) throws IOException {
|
||||
try (BufferedReader reader = new BufferedReader(new FileReader(cipherKeyFile))) {
|
||||
String line = reader.readLine();
|
||||
|
||||
key = decode(KEY_BASE, line).toCharArray();
|
||||
}
|
||||
finally
|
||||
{
|
||||
IOUtil.close(reader);
|
||||
return decode(KEY_BASE, line).toCharArray();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Method description
|
||||
*
|
||||
*
|
||||
* @throws FileNotFoundException
|
||||
*/
|
||||
private void storeKey() throws FileNotFoundException
|
||||
{
|
||||
private void storeKey(File cipherKeyFile) throws FileNotFoundException {
|
||||
String storeKey = encode(KEY_BASE, new String(key));
|
||||
PrintWriter output = null;
|
||||
|
||||
try
|
||||
{
|
||||
output = new PrintWriter(cipherKeyFile);
|
||||
try (PrintWriter output = new PrintWriter(cipherKeyFile)) {
|
||||
output.write(storeKey);
|
||||
}
|
||||
finally
|
||||
{
|
||||
IOUtil.close(output);
|
||||
}
|
||||
}
|
||||
|
||||
//~--- fields ---------------------------------------------------------------
|
||||
|
||||
/** Field description */
|
||||
private File cipherKeyFile;
|
||||
|
||||
/** Field description */
|
||||
private char[] key = null;
|
||||
|
||||
/** Field description */
|
||||
private SecureRandom random = new SecureRandom();
|
||||
}
|
||||
|
||||
@@ -0,0 +1,110 @@
|
||||
/**
|
||||
* Copyright (c) 2014, Sebastian Sdorra
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright notice,
|
||||
* this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright notice,
|
||||
* this list of conditions and the following disclaimer in the documentation
|
||||
* and/or other materials provided with the distribution.
|
||||
* 3. Neither the name of SCM-Manager; nor the names of its
|
||||
* contributors may be used to endorse or promote products derived from this
|
||||
* software without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
||||
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
* DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY
|
||||
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
|
||||
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
* http://bitbucket.org/sdorra/scm-manager
|
||||
*
|
||||
*/
|
||||
|
||||
package sonia.scm.security;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
import org.junit.Test;
|
||||
import static org.junit.Assert.*;
|
||||
import org.junit.Rule;
|
||||
import org.junit.rules.TemporaryFolder;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.mockito.Mock;
|
||||
import static org.mockito.Mockito.*;
|
||||
import org.mockito.runners.MockitoJUnitRunner;
|
||||
import sonia.scm.SCMContextProvider;
|
||||
|
||||
/**
|
||||
* Unit tests for {@link DefaultCipherHandler}.
|
||||
*
|
||||
* @author Sebastian Sdorra
|
||||
*/
|
||||
@RunWith(MockitoJUnitRunner.class)
|
||||
public class DefaultCipherHandlerTest {
|
||||
|
||||
@Mock
|
||||
private SCMContextProvider context;
|
||||
|
||||
@Mock
|
||||
private KeyGenerator keyGenerator;
|
||||
|
||||
@Rule
|
||||
public TemporaryFolder tempFolder = new TemporaryFolder();
|
||||
|
||||
/**
|
||||
* Tests loading and storing default key.
|
||||
*
|
||||
* @throws IOException
|
||||
*/
|
||||
@Test
|
||||
public void testLoadingAndStoringDefaultKey() throws IOException {
|
||||
File baseDirectory = tempFolder.newFolder();
|
||||
when(context.getBaseDirectory()).thenReturn(baseDirectory);
|
||||
when(keyGenerator.createKey()).thenReturn("secret");
|
||||
|
||||
DefaultCipherHandler cipher = new DefaultCipherHandler(context, keyGenerator);
|
||||
File configDirectory = new File(baseDirectory, "config");
|
||||
assertTrue(new File(configDirectory, DefaultCipherHandler.CIPHERKEY_FILENAME).exists());
|
||||
|
||||
// plain text for assertion
|
||||
String plain = "hallo123";
|
||||
|
||||
// encrypt value with new generated key
|
||||
String encrypted = cipher.encode(plain);
|
||||
|
||||
// load key from disk
|
||||
cipher = new DefaultCipherHandler(context, keyGenerator);
|
||||
|
||||
// decrypt with loaded key
|
||||
assertEquals(plain, cipher.decode(encrypted));
|
||||
}
|
||||
|
||||
/**
|
||||
* Test encode and decode method with a separate key.
|
||||
*/
|
||||
@Test
|
||||
public void testEncodeDecodeWithSeparateKey(){
|
||||
char[] key = "testkey".toCharArray();
|
||||
DefaultCipherHandler cipher = new DefaultCipherHandler("somekey");
|
||||
assertEquals("hallo123", cipher.decode(key, cipher.encode(key, "hallo123")));
|
||||
}
|
||||
|
||||
/**
|
||||
* Test encode and decode method with the default key.
|
||||
*/
|
||||
@Test
|
||||
public void testEncodeDecodeWithDefaultKey() {
|
||||
DefaultCipherHandler cipher = new DefaultCipherHandler("testkey");
|
||||
assertEquals("hallo123", cipher.decode(cipher.encode("hallo123")));
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user