[MNG-553] Secure Storage of Server Passwords

o Restored CLI commands to create encrypted passwords git-svn-id: https://svn.apache.org/repos/asf/maven/components/trunk@803553 13f79535-47bb-0310-9956-ffa450edef68
2009-08-12 15:17:42 +00:00 · 2009-08-12 15:17:42 +00:00 · 41145c05e4
parent 177a887acb
commit 41145c05e4
2 changed files with 68 additions and 0 deletions
--- a/maven-embedder/src/main/java/org/apache/maven/cli/CLIManager.java
+++ b/maven-embedder/src/main/java/org/apache/maven/cli/CLIManager.java
@ -92,6 +92,10 @@ public class CLIManager

    public static final String LOG_FILE = "l";

+    public static final String ENCRYPT_MASTER_PASSWORD = "emp";
+
+    public static final String ENCRYPT_PASSWORD = "ep";
+
    private Options options;

    @SuppressWarnings("static-access")
@ -128,6 +132,8 @@ public CLIManager()
        options.addOption( OptionBuilder.withLongOpt( "also-make-dependents" ).withDescription( "If project list is specified, also build projects that depend on projects on the list" ).create( ALSO_MAKE_DEPENDENTS ) );
        options.addOption( OptionBuilder.withLongOpt( "log-file" ).hasArg().withDescription( "Log file to where all build output will go." ).create( LOG_FILE ) );
        options.addOption( OptionBuilder.withLongOpt( "show-version" ).withDescription( "Display version information WITHOUT stopping build" ).create( SHOW_VERSION ) );
+        options.addOption( OptionBuilder.withLongOpt( "encrypt-master-password" ).hasArg().withDescription( "Encrypt master security password" ).create( ENCRYPT_MASTER_PASSWORD ) );
+        options.addOption( OptionBuilder.withLongOpt( "encrypt-password" ).hasArg().withDescription( "Encrypt server password" ).create( ENCRYPT_PASSWORD ) );
        
        // Adding this back in for compatibility with the verifier that hard codes this option.
        
--- a/maven-embedder/src/main/java/org/apache/maven/cli/MavenCli.java
+++ b/maven-embedder/src/main/java/org/apache/maven/cli/MavenCli.java
@ -30,6 +30,11 @@
 import org.apache.maven.execution.MavenExecutionRequest;
 import org.apache.maven.execution.MavenExecutionResult;
 import org.codehaus.plexus.classworlds.ClassWorld;
+import org.sonatype.plexus.components.cipher.DefaultPlexusCipher;
+import org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher;
+import org.sonatype.plexus.components.sec.dispatcher.SecDispatcher;
+import org.sonatype.plexus.components.sec.dispatcher.SecUtil;
+import org.sonatype.plexus.components.sec.dispatcher.model.SettingsSecurity;

 /**
 * @author jason van zyl
@ -160,6 +165,63 @@ else if ( debug || commandLine.hasOption( CLIManager.SHOW_VERSION ) )
            return 1;
        }

+        try
+        {
+            if ( commandLine.hasOption( CLIManager.ENCRYPT_MASTER_PASSWORD ) )
+            {
+                String passwd = commandLine.getOptionValue( CLIManager.ENCRYPT_MASTER_PASSWORD );
+
+                DefaultPlexusCipher cipher = new DefaultPlexusCipher();
+
+                System.out.println( cipher.encryptAndDecorate( passwd,
+                                                               DefaultSecDispatcher.SYSTEM_PROPERTY_SEC_LOCATION ) );
+
+                return 0;
+            }
+            else if ( commandLine.hasOption( CLIManager.ENCRYPT_PASSWORD ) )
+            {
+                String passwd = commandLine.getOptionValue( CLIManager.ENCRYPT_PASSWORD );
+
+                DefaultSecDispatcher dispatcher;
+                dispatcher = (DefaultSecDispatcher) mavenEmbedder.getPlexusContainer().lookup( SecDispatcher.class );
+                String configurationFile = dispatcher.getConfigurationFile();
+                if ( configurationFile.startsWith( "~" ) )
+                {
+                    configurationFile = System.getProperty( "user.home" ) + configurationFile.substring( 1 );
+                }
+                String file = System.getProperty( DefaultSecDispatcher.SYSTEM_PROPERTY_SEC_LOCATION, configurationFile );
+                mavenEmbedder.getPlexusContainer().release( dispatcher );
+
+                String master = null;
+
+                SettingsSecurity sec = SecUtil.read( file, true );
+                if ( sec != null )
+                {
+                    master = sec.getMaster();
+                }
+
+                if ( master == null )
+                {
+                    System.err.println( "Master password is not set in the setting security file" );
+
+                    return 1;
+                }
+
+                DefaultPlexusCipher cipher = new DefaultPlexusCipher();
+                String masterPasswd =
+                    cipher.decryptDecorated( master, DefaultSecDispatcher.SYSTEM_PROPERTY_SEC_LOCATION );
+                System.out.println( cipher.encryptAndDecorate( passwd, masterPasswd ) );
+
+                return 0;
+            }
+        }
+        catch ( Exception e )
+        {
+            CLIReportingUtils.showError( "FATAL ERROR: " + "Error encrypting password: " + e.getMessage(), e, showErrors );
+
+            return 1;
+        }
+
        MavenExecutionResult result = mavenEmbedder.execute( request );

        try