View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.maven.settings.crypto;
20  
21  import javax.inject.Inject;
22  import javax.inject.Named;
23  import javax.inject.Singleton;
24  
25  import java.io.IOException;
26  import java.util.ArrayList;
27  import java.util.List;
28  
29  import org.apache.maven.settings.Proxy;
30  import org.apache.maven.settings.Server;
31  import org.apache.maven.settings.building.DefaultSettingsProblem;
32  import org.apache.maven.settings.building.SettingsProblem;
33  import org.apache.maven.settings.building.SettingsProblem.Severity;
34  import org.codehaus.plexus.components.secdispatcher.SecDispatcher;
35  import org.codehaus.plexus.components.secdispatcher.SecDispatcherException;
36  
37  /**
38   * Decrypts passwords in the settings.
39   *
40   * @deprecated since 4.0.0
41   */
42  @Named
43  @Singleton
44  @Deprecated(since = "4.0.0")
45  public class DefaultSettingsDecrypter implements SettingsDecrypter {
46      private final SecDispatcher securityDispatcher;
47  
48      @Inject
49      public DefaultSettingsDecrypter(SecDispatcher securityDispatcher) {
50          this.securityDispatcher = securityDispatcher;
51      }
52  
53      @Override
54      public SettingsDecryptionResult decrypt(SettingsDecryptionRequest request) {
55          List<SettingsProblem> problems = new ArrayList<>();
56  
57          List<Server> servers = new ArrayList<>();
58  
59          for (Server server : request.getServers()) {
60              server = server.clone();
61  
62              String password = server.getPassword();
63              if (securityDispatcher.isAnyEncryptedString(password)) {
64                  try {
65                      if (securityDispatcher.isLegacyEncryptedString(password)) {
66                          problems.add(new DefaultSettingsProblem(
67                                  "Legacy/insecurely encrypted password detected for server " + server.getId(),
68                                  Severity.WARNING,
69                                  "server: " + server.getId(),
70                                  -1,
71                                  -1,
72                                  null));
73                      }
74                      server.setPassword(securityDispatcher.decrypt(password));
75                  } catch (SecDispatcherException | IOException e) {
76                      problems.add(new DefaultSettingsProblem(
77                              "Failed to decrypt password for server " + server.getId() + ": " + e.getMessage(),
78                              Severity.ERROR,
79                              "server: " + server.getId(),
80                              -1,
81                              -1,
82                              e));
83                  }
84              }
85  
86              String passphrase = server.getPassphrase();
87              if (securityDispatcher.isAnyEncryptedString(passphrase)) {
88                  try {
89                      if (securityDispatcher.isLegacyEncryptedString(passphrase)) {
90                          problems.add(new DefaultSettingsProblem(
91                                  "Legacy/insecurely encrypted passphrase detected for server " + server.getId(),
92                                  Severity.WARNING,
93                                  "server: " + server.getId(),
94                                  -1,
95                                  -1,
96                                  null));
97                      }
98                      server.setPassphrase(securityDispatcher.decrypt(passphrase));
99                  } catch (SecDispatcherException | IOException e) {
100                     problems.add(new DefaultSettingsProblem(
101                             "Failed to decrypt passphrase for server " + server.getId() + ": " + e.getMessage(),
102                             Severity.ERROR,
103                             "server: " + server.getId(),
104                             -1,
105                             -1,
106                             e));
107                 }
108             }
109 
110             servers.add(server);
111         }
112 
113         List<Proxy> proxies = new ArrayList<>();
114 
115         for (Proxy proxy : request.getProxies()) {
116             String password = proxy.getPassword();
117             if (securityDispatcher.isAnyEncryptedString(password)) {
118                 try {
119                     if (securityDispatcher.isLegacyEncryptedString(password)) {
120                         problems.add(new DefaultSettingsProblem(
121                                 "Legacy/insecurely encrypted password detected for proxy " + proxy.getId(),
122                                 Severity.WARNING,
123                                 "proxy: " + proxy.getId(),
124                                 -1,
125                                 -1,
126                                 null));
127                     }
128                     proxy.setPassword(securityDispatcher.decrypt(password));
129                 } catch (SecDispatcherException | IOException e) {
130                     problems.add(new DefaultSettingsProblem(
131                             "Failed to decrypt password for proxy " + proxy.getId() + ": " + e.getMessage(),
132                             Severity.ERROR,
133                             "proxy: " + proxy.getId(),
134                             -1,
135                             -1,
136                             e));
137                 }
138             }
139 
140             proxies.add(proxy);
141         }
142 
143         return new DefaultSettingsDecryptionResult(servers, proxies, problems);
144     }
145 }