From 177a887acb4d90abd411779d882b4cf835cf3410 Mon Sep 17 00:00:00 2001
From: Benjamin Bentmann <bentmann@apache.org>
Date: Wed, 12 Aug 2009 13:51:07 +0000
Subject: [PATCH] [MNG-553] Secure Storage of Server Passwords

git-svn-id: https://svn.apache.org/repos/asf/maven/components/trunk@803510 13f79535-47bb-0310-9956-ffa450edef68
---
 ...DefaultMavenExecutionRequestPopulator.java | 51 +++++++++++++++++--
 pom.xml                                       |  2 +-
 2 files changed, 47 insertions(+), 6 deletions(-)

diff --git a/maven-embedder/src/main/java/org/apache/maven/embedder/execution/DefaultMavenExecutionRequestPopulator.java b/maven-embedder/src/main/java/org/apache/maven/embedder/execution/DefaultMavenExecutionRequestPopulator.java
index fc31c01204..f91bac4d81 100644
--- a/maven-embedder/src/main/java/org/apache/maven/embedder/execution/DefaultMavenExecutionRequestPopulator.java
+++ b/maven-embedder/src/main/java/org/apache/maven/embedder/execution/DefaultMavenExecutionRequestPopulator.java
@@ -16,6 +16,7 @@
  */
 
 import java.io.File;
+import java.io.FileNotFoundException;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
@@ -33,15 +34,21 @@
 import org.apache.maven.settings.Server;
 import org.apache.maven.settings.Settings;
 import org.apache.maven.settings.SettingsUtils;
-import org.apache.maven.toolchain.ToolchainsBuilder;
 import org.codehaus.plexus.component.annotations.Component;
 import org.codehaus.plexus.component.annotations.Requirement;
+import org.codehaus.plexus.logging.Logger;
 import org.codehaus.plexus.util.StringUtils;
+import org.sonatype.plexus.components.sec.dispatcher.SecDispatcher;
+import org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException;
 
 @Component(role = MavenExecutionRequestPopulator.class)
 public class DefaultMavenExecutionRequestPopulator
     implements MavenExecutionRequestPopulator
 {
+
+    @Requirement
+    private Logger logger;
+
     //TODO: this needs to be pushed up to the front-end
     @Requirement
     private MavenSettingsBuilder settingsBuilder;
@@ -49,8 +56,8 @@ public class DefaultMavenExecutionRequestPopulator
     @Requirement
     private RepositorySystem repositorySystem;
 
-    @Requirement
-    private ToolchainsBuilder toolchainsBuilder;
+    @Requirement( hint = "maven" )
+    private SecDispatcher securityDispatcher;
 
     private void pom( MavenExecutionRequest request )
     {
@@ -196,12 +203,17 @@ private void processRepositoriesInSettings( MavenExecutionRequest request )
                 throw new MavenEmbedderException( "Proxy in settings.xml has no host" );
             }
 
-            repositorySystem.addProxy( proxy.getProtocol(), proxy.getHost(), proxy.getPort(), proxy.getUsername(), proxy.getPassword(), proxy.getNonProxyHosts() );
+            String password = decrypt( proxy.getPassword(), "password for proxy " + proxy.getId() );
+
+            repositorySystem.addProxy( proxy.getProtocol(), proxy.getHost(), proxy.getPort(), proxy.getUsername(),
+                                       password, proxy.getNonProxyHosts() );
         }
 
         for ( Server server : settings.getServers() )
         {
-            repositorySystem.addAuthenticationForArtifactRepository( server.getId(), server.getUsername(), server.getPassword() );
+            String password = decrypt( server.getPassword(), "password for server " + server.getId() );
+
+            repositorySystem.addAuthenticationForArtifactRepository( server.getId(), server.getUsername(), password );
         }
 
         for ( Mirror mirror : settings.getMirrors() )
@@ -222,6 +234,35 @@ private void processRepositoriesInSettings( MavenExecutionRequest request )
         request.setPluginArtifactRepositories( repositorySystem.getMirrors( request.getPluginArtifactRepositories() ) );
     }
 
+    private String decrypt( String encrypted, String source )
+    {
+        try
+        {
+            return securityDispatcher.decrypt( encrypted );
+        }
+        catch ( SecDispatcherException e )
+        {
+            logger.warn( "Not decrypting " + source + " due to exception in security handler: " + e.getMessage() );
+
+            Throwable cause = e;
+
+            while ( cause.getCause() != null )
+            {
+                cause = cause.getCause();
+            }
+
+            if ( cause instanceof FileNotFoundException )
+            {
+                logger.warn( "Ensure that you have configured your master password file (and relocation if appropriate)." );
+                logger.warn( "See the installation instructions for details." );
+            }
+
+            logger.debug( "Full stack trace follows", e );
+
+            return encrypted;
+        }
+    }
+
     // ------------------------------------------------------------------------
     // Settings
     // ------------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 1864274b0a..69499b1e1e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -47,7 +47,7 @@
     <plexusPluginManagerVersion>1.0-alpha-1</plexusPluginManagerVersion>
     <plexusUtilsVersion>1.5.15</plexusUtilsVersion>
     <wagonVersion>1.0-beta-6</wagonVersion>
-    <securityDispatcherVersion>1.2</securityDispatcherVersion>
+    <securityDispatcherVersion>1.3</securityDispatcherVersion>
     <modelloVersion>1.0.1</modelloVersion>
     <jxpathVersion>1.3</jxpathVersion>
     <maven.test.redirectTestOutputToFile>true</maven.test.redirectTestOutputToFile>