View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.maven.settings.crypto;
20  
21  import javax.inject.Inject;
22  import javax.inject.Named;
23  import javax.inject.Singleton;
24  
25  import java.io.IOException;
26  import java.util.ArrayList;
27  import java.util.List;
28  
29  import org.apache.maven.settings.Proxy;
30  import org.apache.maven.settings.Server;
31  import org.apache.maven.settings.building.DefaultSettingsProblem;
32  import org.apache.maven.settings.building.SettingsProblem;
33  import org.apache.maven.settings.building.SettingsProblem.Severity;
34  import org.codehaus.plexus.components.secdispatcher.SecDispatcher;
35  import org.codehaus.plexus.components.secdispatcher.SecDispatcherException;
36  
37  /**
38   * Decrypts passwords in the settings.
39   *
40   * @deprecated since 4.0.0
41   */
42  @Named
43  @Singleton
44  @Deprecated(since = "4.0.0")
45  public class DefaultSettingsDecrypter implements SettingsDecrypter {
46      private final SecDispatcher securityDispatcher;
47  
48      @Inject
49      public DefaultSettingsDecrypter(MavenSecDispatcher securityDispatcher) {
50          this.securityDispatcher = securityDispatcher;
51      }
52  
53      @Override
54      public SettingsDecryptionResult decrypt(SettingsDecryptionRequest request) {
55          List<SettingsProblem> problems = new ArrayList<>();
56  
57          List<Server> servers = new ArrayList<>();
58  
59          for (Server server : request.getServers()) {
60              server = server.clone();
61  
62              String password = server.getPassword();
63              if (securityDispatcher.isAnyEncryptedString(password)) {
64                  try {
65                      if (securityDispatcher.isLegacyEncryptedString(password)) {
66                          problems.add(new DefaultSettingsProblem(
67                                  "Pre-Maven 4 legacy encrypted password detected for server " + server.getId()
68                                          + " - configure password encryption with the help of mvnenc to be compatible with Maven 4.",
69                                  Severity.WARNING,
70                                  "server: " + server.getId(),
71                                  -1,
72                                  -1,
73                                  null));
74                      }
75                      server.setPassword(securityDispatcher.decrypt(password));
76                  } catch (SecDispatcherException | IOException e) {
77                      problems.add(new DefaultSettingsProblem(
78                              "Failed to decrypt password for server " + server.getId() + ": " + e.getMessage(),
79                              Severity.ERROR,
80                              "server: " + server.getId(),
81                              -1,
82                              -1,
83                              e));
84                  }
85              }
86  
87              String passphrase = server.getPassphrase();
88              if (securityDispatcher.isAnyEncryptedString(passphrase)) {
89                  try {
90                      if (securityDispatcher.isLegacyEncryptedString(passphrase)) {
91                          problems.add(new DefaultSettingsProblem(
92                                  "Legacy/insecurely encrypted passphrase detected for server " + server.getId(),
93                                  Severity.WARNING,
94                                  "server: " + server.getId(),
95                                  -1,
96                                  -1,
97                                  null));
98                      }
99                      server.setPassphrase(securityDispatcher.decrypt(passphrase));
100                 } catch (SecDispatcherException | IOException e) {
101                     problems.add(new DefaultSettingsProblem(
102                             "Failed to decrypt passphrase for server " + server.getId() + ": " + e.getMessage(),
103                             Severity.ERROR,
104                             "server: " + server.getId(),
105                             -1,
106                             -1,
107                             e));
108                 }
109             }
110 
111             servers.add(server);
112         }
113 
114         List<Proxy> proxies = new ArrayList<>();
115 
116         for (Proxy proxy : request.getProxies()) {
117             String password = proxy.getPassword();
118             if (securityDispatcher.isAnyEncryptedString(password)) {
119                 try {
120                     if (securityDispatcher.isLegacyEncryptedString(password)) {
121                         problems.add(new DefaultSettingsProblem(
122                                 "Legacy/insecurely encrypted password detected for proxy " + proxy.getId(),
123                                 Severity.WARNING,
124                                 "proxy: " + proxy.getId(),
125                                 -1,
126                                 -1,
127                                 null));
128                     }
129                     proxy.setPassword(securityDispatcher.decrypt(password));
130                 } catch (SecDispatcherException | IOException e) {
131                     problems.add(new DefaultSettingsProblem(
132                             "Failed to decrypt password for proxy " + proxy.getId() + ": " + e.getMessage(),
133                             Severity.ERROR,
134                             "proxy: " + proxy.getId(),
135                             -1,
136                             -1,
137                             e));
138                 }
139             }
140 
141             proxies.add(proxy);
142         }
143 
144         return new DefaultSettingsDecryptionResult(servers, proxies, problems);
145     }
146 }