public ScannerProperties(Map<String, String> properties) { encryption = new Encryption(properties.get(CoreProperties.ENCRYPTION_SECRET_KEY_PATH)); Map<String, String> decryptedProps = new HashMap<>(properties.size()); for (Map.Entry<String, String> entry : properties.entrySet()) { String value = entry.getValue(); if (value != null && encryption.isEncrypted(value)) { try { value = encryption.decrypt(value); } catch (Exception e) { throw new IllegalStateException("Fail to decrypt the property " + entry.getKey() + ". Please check your secret key.", e); } } decryptedProps.put(entry.getKey(), value); } this.properties = decryptedProps; }
@Test public void generate_valid_secret_key() throws IOException { GenerateSecretKeyWsResponse result = call(); String secretKey = result.getSecretKey(); File file = temporaryFolder.newFile(); FileUtils.writeStringToFile(file, secretKey); encryption.setPathToSecretKey(file.getAbsolutePath()); String encryptedValue = encryption.encrypt("my value"); String decryptedValue = encryption.decrypt(encryptedValue); assertThat(decryptedValue).isEqualTo("my value"); }
@Override public void handle(Request request, Response response) throws Exception { userSession.checkIsSystemAdministrator(); String value = request.mandatoryParam(PARAM_VALUE); checkRequest(!value.isEmpty(), "Parameter '%s' must not be empty", PARAM_VALUE); Encryption encryption = settings.getEncryption(); checkRequest(encryption.hasSecretKey(), "No secret key available"); String encryptedValue = encryption.encrypt(value); writeProtobuf(toEncryptWsResponse(encryptedValue), request, response); }
@VisibleForTesting ThreadLocalSettings(PropertyDefinitions definitions, Properties props, SettingLoader settingLoader) { super(definitions, new Encryption(null)); this.settingLoader = settingLoader; props.forEach((k, v) -> systemProps.put(k, v == null ? null : v.toString().trim())); // TODO something wrong about lifecycle here. It could be improved getEncryption().setPathToSecretKey(props.getProperty(CoreProperties.ENCRYPTION_SECRET_KEY_PATH)); }
private Optional<String> getInternal(String key) { Optional<String> value = Optional.ofNullable(properties.get(key)); if (!value.isPresent()) { // default values cannot be encrypted, so return value as-is. return Optional.ofNullable(definitions.getDefaultValue(key)); } if (encryption.isEncrypted(value.get())) { try { return Optional.of(encryption.decrypt(value.get())); } catch (Exception e) { throw new IllegalStateException("Fail to decrypt the property " + key + ". Please check your secret key.", e); } } return value; }
public MapSettings(PropertyDefinitions definitions) { super(definitions, new Encryption(null)); configurationBridge = new ConfigurationBridge(this); }
@Test public void decrypt_uncrypted_text() { Encryption encryption = new Encryption(null); assertThat(encryption.decrypt("foo")).isEqualTo("foo"); } }
@Test public void isEncrypted() { Encryption encryption = new Encryption(null); assertThat(encryption.isEncrypted("{aes}ADASDASAD")).isTrue(); assertThat(encryption.isEncrypted("{b64}ADASDASAD")).isTrue(); assertThat(encryption.isEncrypted("{abc}ADASDASAD")).isTrue(); assertThat(encryption.isEncrypted("{}")).isFalse(); assertThat(encryption.isEncrypted("{foo")).isFalse(); assertThat(encryption.isEncrypted("foo{aes}")).isFalse(); }
@Test public void scramble() { Encryption encryption = new Encryption(null); assertThat(encryption.scramble("foo")).isEqualTo("{b64}Zm9v"); }
@Before public void setUpSecretKey() throws Exception { logInAsSystemAdministrator(); File secretKeyFile = folder.newFile(); FileUtils.writeStringToFile(secretKeyFile, "fCVFf/JHRi8Qwu5KLNva7g=="); encryption.setPathToSecretKey(secretKeyFile.getAbsolutePath()); }
public String scramble(String clearText) { return encrypt(BASE64_ALGORITHM, clearText); }
@Test public void encryption_secret_key_is_undefined_by_default() { underTest = create(ImmutableMap.of("foo", "bar", "sonar.secretKeyPath", "unknown/path/to/sonar-secret.txt")); assertThat(underTest.getEncryption().hasSecretKey()).isFalse(); }
/** * The effective value of the specified property. Can return * {@code null} if the property is not set and has no * defined default value. * <p> * If the property is encrypted with a secret key, * then the returned value is decrypted. * </p> * * @throws IllegalStateException if value is encrypted but fails to be decrypted. */ @CheckForNull public String getString(String key) { String effectiveKey = definitions.validKey(key); Optional<String> value = getRawString(effectiveKey); if (!value.isPresent()) { // default values cannot be encrypted, so return value as-is. return getDefaultValue(effectiveKey); } if (encryption.isEncrypted(value.get())) { try { return encryption.decrypt(value.get()); } catch (Exception e) { throw new IllegalStateException("Fail to decrypt the property " + effectiveKey + ". Please check your secret key.", e); } } return value.get(); }
private String[] getStringArray(String value) { return new DefaultConfiguration(new PropertyDefinitions(Arrays.asList( PropertyDefinition.builder("multi").multiValues(true).build())), new Encryption(null), ImmutableMap.of("multi", value)) { }.getStringArray("multi"); } }
@Test public void decrypt() { Encryption encryption = new Encryption(null); assertThat(encryption.decrypt("{b64}Zm9v")).isEqualTo("foo"); }
@VisibleForTesting ThreadLocalSettings(PropertyDefinitions definitions, Properties props, SettingLoader settingLoader) { super(definitions, new Encryption(null)); this.settingLoader = settingLoader; this.systemProps = new Properties(); props.forEach((k, v) -> systemProps.put(k, v == null ? null : v.toString().trim())); // TODO something wrong about lifecycle here. It could be improved getEncryption().setPathToSecretKey(props.getProperty(CoreProperties.ENCRYPTION_SECRET_KEY_PATH)); }
@Test public void false_when_no_secret_key() { logInAsSystemAdministrator(); encryption.setPathToSecretKey("unknown/path/to_secret_key.txt"); CheckSecretKeyWsResponse result = call(); assertThat(result.getSecretKeyAvailable()).isFalse(); }
public String encrypt(String clearText) { return encrypt(AES_ALGORITHM, clearText); }
@Test public void load_encryption_secret_key_from_system_properties() throws Exception { File secretKey = temp.newFile(); underTest = create(ImmutableMap.of("foo", "bar", "sonar.secretKeyPath", secretKey.getAbsolutePath())); assertThat(underTest.getEncryption().hasSecretKey()).isTrue(); }
public UserProperties(Map<String, String> properties, @Nullable String pathToSecretKey) { encryption = new Encryption(pathToSecretKey); Map<String, String> decryptedProps = Maps.newHashMap(); for (Map.Entry<String, String> entry : properties.entrySet()) { String value = entry.getValue(); if (value != null && encryption.isEncrypted(value)) { try { value = encryption.decrypt(value); } catch (Exception e) { throw new IllegalStateException("Fail to decrypt the property " + entry.getKey() + ". Please check your secret key.", e); } } decryptedProps.put(entry.getKey(), value); } this.properties = Maps.newHashMap(decryptedProps); }