From 41145c05e450c584cbb22a5d8d3ee916734de5ab Mon Sep 17 00:00:00 2001 From: Benjamin Bentmann Date: Wed, 12 Aug 2009 15:17:42 +0000 Subject: [PATCH] [MNG-553] Secure Storage of Server Passwords o Restored CLI commands to create encrypted passwords git-svn-id: https://svn.apache.org/repos/asf/maven/components/trunk@803553 13f79535-47bb-0310-9956-ffa450edef68 --- .../java/org/apache/maven/cli/CLIManager.java | 6 ++ .../java/org/apache/maven/cli/MavenCli.java | 62 +++++++++++++++++++ 2 files changed, 68 insertions(+) diff --git a/maven-embedder/src/main/java/org/apache/maven/cli/CLIManager.java b/maven-embedder/src/main/java/org/apache/maven/cli/CLIManager.java index bc95ca3e92..2449d9a245 100644 --- a/maven-embedder/src/main/java/org/apache/maven/cli/CLIManager.java +++ b/maven-embedder/src/main/java/org/apache/maven/cli/CLIManager.java @@ -92,6 +92,10 @@ public class CLIManager public static final String LOG_FILE = "l"; + public static final String ENCRYPT_MASTER_PASSWORD = "emp"; + + public static final String ENCRYPT_PASSWORD = "ep"; + private Options options; @SuppressWarnings("static-access") @@ -128,6 +132,8 @@ public class CLIManager options.addOption( OptionBuilder.withLongOpt( "also-make-dependents" ).withDescription( "If project list is specified, also build projects that depend on projects on the list" ).create( ALSO_MAKE_DEPENDENTS ) ); options.addOption( OptionBuilder.withLongOpt( "log-file" ).hasArg().withDescription( "Log file to where all build output will go." ).create( LOG_FILE ) ); options.addOption( OptionBuilder.withLongOpt( "show-version" ).withDescription( "Display version information WITHOUT stopping build" ).create( SHOW_VERSION ) ); + options.addOption( OptionBuilder.withLongOpt( "encrypt-master-password" ).hasArg().withDescription( "Encrypt master security password" ).create( ENCRYPT_MASTER_PASSWORD ) ); + options.addOption( OptionBuilder.withLongOpt( "encrypt-password" ).hasArg().withDescription( "Encrypt server password" ).create( ENCRYPT_PASSWORD ) ); // Adding this back in for compatibility with the verifier that hard codes this option. diff --git a/maven-embedder/src/main/java/org/apache/maven/cli/MavenCli.java b/maven-embedder/src/main/java/org/apache/maven/cli/MavenCli.java index df811d3213..2627aacf5e 100644 --- a/maven-embedder/src/main/java/org/apache/maven/cli/MavenCli.java +++ b/maven-embedder/src/main/java/org/apache/maven/cli/MavenCli.java @@ -30,6 +30,11 @@ import org.apache.maven.exception.ExceptionSummary; import org.apache.maven.execution.MavenExecutionRequest; import org.apache.maven.execution.MavenExecutionResult; import org.codehaus.plexus.classworlds.ClassWorld; +import org.sonatype.plexus.components.cipher.DefaultPlexusCipher; +import org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher; +import org.sonatype.plexus.components.sec.dispatcher.SecDispatcher; +import org.sonatype.plexus.components.sec.dispatcher.SecUtil; +import org.sonatype.plexus.components.sec.dispatcher.model.SettingsSecurity; /** * @author jason van zyl @@ -160,6 +165,63 @@ public class MavenCli return 1; } + try + { + if ( commandLine.hasOption( CLIManager.ENCRYPT_MASTER_PASSWORD ) ) + { + String passwd = commandLine.getOptionValue( CLIManager.ENCRYPT_MASTER_PASSWORD ); + + DefaultPlexusCipher cipher = new DefaultPlexusCipher(); + + System.out.println( cipher.encryptAndDecorate( passwd, + DefaultSecDispatcher.SYSTEM_PROPERTY_SEC_LOCATION ) ); + + return 0; + } + else if ( commandLine.hasOption( CLIManager.ENCRYPT_PASSWORD ) ) + { + String passwd = commandLine.getOptionValue( CLIManager.ENCRYPT_PASSWORD ); + + DefaultSecDispatcher dispatcher; + dispatcher = (DefaultSecDispatcher) mavenEmbedder.getPlexusContainer().lookup( SecDispatcher.class ); + String configurationFile = dispatcher.getConfigurationFile(); + if ( configurationFile.startsWith( "~" ) ) + { + configurationFile = System.getProperty( "user.home" ) + configurationFile.substring( 1 ); + } + String file = System.getProperty( DefaultSecDispatcher.SYSTEM_PROPERTY_SEC_LOCATION, configurationFile ); + mavenEmbedder.getPlexusContainer().release( dispatcher ); + + String master = null; + + SettingsSecurity sec = SecUtil.read( file, true ); + if ( sec != null ) + { + master = sec.getMaster(); + } + + if ( master == null ) + { + System.err.println( "Master password is not set in the setting security file" ); + + return 1; + } + + DefaultPlexusCipher cipher = new DefaultPlexusCipher(); + String masterPasswd = + cipher.decryptDecorated( master, DefaultSecDispatcher.SYSTEM_PROPERTY_SEC_LOCATION ); + System.out.println( cipher.encryptAndDecorate( passwd, masterPasswd ) ); + + return 0; + } + } + catch ( Exception e ) + { + CLIReportingUtils.showError( "FATAL ERROR: " + "Error encrypting password: " + e.getMessage(), e, showErrors ); + + return 1; + } + MavenExecutionResult result = mavenEmbedder.execute( request ); try