Update to released plexus-cipher, adopt

cstamas · cstamas · commit 6dc32947eef7 · 2024-09-28T20:56:05.000+02:00
diff --git a/pom.xml b/pom.xml
@@ -41,7 +41,7 @@
     <dependency>
       <groupId>org.codehaus.plexus</groupId>
       <artifactId>plexus-cipher</artifactId>
-      <version>3.0.0-SNAPSHOT</version>
+      <version>3.0.0</version>
     </dependency>
 
     <dependency>
diff --git a/src/main/java/org/codehaus/plexus/components/secdispatcher/internal/DefaultSecDispatcher.java b/src/main/java/org/codehaus/plexus/components/secdispatcher/internal/DefaultSecDispatcher.java
@@ -71,7 +71,7 @@ public String encrypt(String str, Map<String, String> attr) throws SecDispatcher
             if (attr == null || attr.get(DISPATCHER_NAME_ATTR) == null) {
                 SettingsSecurity sec = getConfiguration(true);
                 String master = getMasterPassword(sec, true);
-                res = cipher.encrypt(str, master);
+                res = cipher.encrypt(getMasterCipher(sec), str, master);
             } else {
                 String type = attr.get(DISPATCHER_NAME_ATTR);
                 Dispatcher dispatcher = dispatchers.get(type);
@@ -98,7 +98,7 @@ public String decrypt(String str) throws SecDispatcherException {
             if (attr == null || attr.get(DISPATCHER_NAME_ATTR) == null) {
                 SettingsSecurity sec = getConfiguration(true);
                 String master = getMasterPassword(sec, true);
-                return cipher.decrypt(bare, master);
+                return cipher.decrypt(getMasterCipher(sec), bare, master);
             } else {
                 String type = attr.get(DISPATCHER_NAME_ATTR);
                 Dispatcher dispatcher = dispatchers.get(type);
@@ -189,6 +189,11 @@ private String getMasterPassword(SettingsSecurity sec, boolean mandatory) throws
         }
     }
 
+    private String getMasterCipher(SettingsSecurity sec) throws SecDispatcherException {
+        requireNonNull(sec, "configuration is null");
+        return requireNonNull(sec.getMasterCipher(), "masterCipher is null");
+    }
+
     public String getConfigurationFile() {
         return configurationFile;
     }
diff --git a/src/main/mdo/settings-security.mdo b/src/main/mdo/settings-security.mdo
@@ -48,6 +48,13 @@
           <description>The URI describing the source of the master password</description>
         </field>
 
+        <field>
+          <name>masterCipher</name>
+          <version>3.0.0+</version>
+          <type>String</type>
+          <description>The Cipher to be used</description>
+        </field>
+
         <field>
           <name>relocation</name>
           <version>1.0.0+</version>
diff --git a/src/test/java/org/codehaus/plexus/components/secdispatcher/internal/DefaultSecDispatcherTest.java b/src/test/java/org/codehaus/plexus/components/secdispatcher/internal/DefaultSecDispatcherTest.java
@@ -19,6 +19,7 @@
 import java.util.Map;
 import java.util.Set;
 
+import org.codehaus.plexus.components.cipher.internal.AESGCMNoPadding;
 import org.codehaus.plexus.components.cipher.internal.DefaultPlexusCipher;
 import org.codehaus.plexus.components.secdispatcher.SecDispatcher;
 import org.codehaus.plexus.components.secdispatcher.SecDispatcherException;
@@ -40,11 +41,11 @@
 public class DefaultSecDispatcherTest {
     String masterPassword = "masterPw";
     String password = "somePassword";
-    String passwordEncrypted = "{TT2NQZ4iAdoHqsSfYUab3s6X2IHl5qaf4vx/F8DvtSI=}";
 
     private void saveSec(String masterSource) throws Exception {
         SettingsSecurity sec = new SettingsSecurity();
         sec.setMasterSource(masterSource);
+        sec.setMasterCipher(AESGCMNoPadding.CIPHER_ALG);
 
         try (FileWriter fw = new FileWriter("./target/sec.xml")) {
             new SecurityConfigurationStaxWriter().write(fw, sec);
@@ -61,7 +62,7 @@ public void prepare() throws Exception {
     @Test
     void testEncrypt() throws Exception {
         DefaultSecDispatcher sd = new DefaultSecDispatcher(
-                new DefaultPlexusCipher(),
+                new DefaultPlexusCipher(Map.of(AESGCMNoPadding.CIPHER_ALG, new AESGCMNoPadding())),
                 Map.of("static", new StaticMasterPasswordSource(masterPassword)),
                 Map.of(),
                 DefaultSecDispatcher.DEFAULT_CONFIGURATION);
@@ -74,11 +75,12 @@ void testEncrypt() throws Exception {
     @Test
     void testDecrypt() throws Exception {
         DefaultSecDispatcher sd = new DefaultSecDispatcher(
-                new DefaultPlexusCipher(),
+                new DefaultPlexusCipher(Map.of(AESGCMNoPadding.CIPHER_ALG, new AESGCMNoPadding())),
                 Map.of("static", new StaticMasterPasswordSource(masterPassword)),
                 Map.of(),
                 DefaultSecDispatcher.DEFAULT_CONFIGURATION);
-        String pass = sd.decrypt(passwordEncrypted);
+        String encrypted = sd.encrypt(password, null);
+        String pass = sd.decrypt(encrypted);
         assertNotNull(pass);
         assertEquals(password, pass);
     }
@@ -88,7 +90,7 @@ void testDecryptSystemProperty() throws Exception {
         System.setProperty("foobar", masterPassword);
         saveSec("prop:foobar");
         DefaultSecDispatcher sd = new DefaultSecDispatcher(
-                new DefaultPlexusCipher(),
+                new DefaultPlexusCipher(Map.of(AESGCMNoPadding.CIPHER_ALG, new AESGCMNoPadding())),
                 Map.of(
                         "prop",
                         new SystemPropertyMasterPasswordSource(),
@@ -98,7 +100,8 @@ void testDecryptSystemProperty() throws Exception {
                         new GpgAgentMasterPasswordSource()),
                 Map.of(),
                 DefaultSecDispatcher.DEFAULT_CONFIGURATION);
-        String pass = sd.decrypt(passwordEncrypted);
+        String encrypted = sd.encrypt(password, null);
+        String pass = sd.decrypt(encrypted);
         assertNotNull(pass);
         assertEquals(password, pass);
     }
@@ -107,7 +110,7 @@ void testDecryptSystemProperty() throws Exception {
     void testDecryptEnv() throws Exception {
         saveSec("env:MASTER_PASSWORD");
         DefaultSecDispatcher sd = new DefaultSecDispatcher(
-                new DefaultPlexusCipher(),
+                new DefaultPlexusCipher(Map.of(AESGCMNoPadding.CIPHER_ALG, new AESGCMNoPadding())),
                 Map.of(
                         "prop",
                         new SystemPropertyMasterPasswordSource(),
@@ -117,7 +120,8 @@ void testDecryptEnv() throws Exception {
                         new GpgAgentMasterPasswordSource()),
                 Map.of(),
                 DefaultSecDispatcher.DEFAULT_CONFIGURATION);
-        String pass = sd.decrypt(passwordEncrypted);
+        String encrypted = sd.encrypt(password, null);
+        String pass = sd.decrypt(encrypted);
         assertNotNull(pass);
         assertEquals(password, pass);
     }
@@ -127,7 +131,7 @@ void testDecryptEnv() throws Exception {
     void testDecryptGpg() throws Exception {
         saveSec("gpg-agent:/run/user/1000/gnupg/S.gpg-agent");
         DefaultSecDispatcher sd = new DefaultSecDispatcher(
-                new DefaultPlexusCipher(),
+                new DefaultPlexusCipher(Map.of(AESGCMNoPadding.CIPHER_ALG, new AESGCMNoPadding())),
                 Map.of(
                         "prop",
                         new SystemPropertyMasterPasswordSource(),
@@ -137,15 +141,16 @@ void testDecryptGpg() throws Exception {
                         new GpgAgentMasterPasswordSource()),
                 Map.of(),
                 DefaultSecDispatcher.DEFAULT_CONFIGURATION);
-        String pass = sd.decrypt(passwordEncrypted);
+        String encrypted = sd.encrypt(password, null);
+        String pass = sd.decrypt(encrypted);
         assertNotNull(pass);
         assertEquals(password, pass);
     }
 
     @Test
     void testEncryptWithDispatcher() throws Exception {
         DefaultSecDispatcher sd = new DefaultSecDispatcher(
-                new DefaultPlexusCipher(),
+                new DefaultPlexusCipher(Map.of(AESGCMNoPadding.CIPHER_ALG, new AESGCMNoPadding())),
                 Map.of("static", new StaticMasterPasswordSource(masterPassword)),
                 Map.of("magic", new StaticDispatcher("decrypted", "encrypted")),
                 DefaultSecDispatcher.DEFAULT_CONFIGURATION);
@@ -162,7 +167,7 @@ void testEncryptWithDispatcher() throws Exception {
     @Test
     void testDecryptWithDispatcher() throws Exception {
         DefaultSecDispatcher sd = new DefaultSecDispatcher(
-                new DefaultPlexusCipher(),
+                new DefaultPlexusCipher(Map.of(AESGCMNoPadding.CIPHER_ALG, new AESGCMNoPadding())),
                 Map.of("static", new StaticMasterPasswordSource(masterPassword)),
                 Map.of("magic", new StaticDispatcher("decrypted", "encrypted")),
                 DefaultSecDispatcher.DEFAULT_CONFIGURATION);
@@ -178,7 +183,7 @@ void testDecryptWithDispatcher() throws Exception {
     void testDecryptWithDispatcherConf() throws Exception {
         String bare = Base64.getEncoder().encodeToString("whatever".getBytes(StandardCharsets.UTF_8));
         DefaultSecDispatcher sd = new DefaultSecDispatcher(
-                new DefaultPlexusCipher(),
+                new DefaultPlexusCipher(Map.of(AESGCMNoPadding.CIPHER_ALG, new AESGCMNoPadding())),
                 Map.of("static", new StaticMasterPasswordSource(masterPassword)),
                 Map.of("magic", new Dispatcher() {
                     @Override
diff --git a/src/test/resources/test-sec.xml b/src/test/resources/test-sec.xml
