From 626884e9eeaafe895a0118d3d9d57dd6206c353e Mon Sep 17 00:00:00 2001
From: Robert Scholte <rfscholte@codehaus.org>
Date: Fri, 10 Jan 2014 22:27:25 +0100
Subject: [PATCH] [MNG-4099] Password encryption CLI switches should prompt for
 password if missing

---
 .../java/org/apache/maven/cli/CLIManager.java |  4 +--
 .../java/org/apache/maven/cli/MavenCli.java   | 31 +++++++++++++++++++
 2 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/maven-embedder/src/main/java/org/apache/maven/cli/CLIManager.java b/maven-embedder/src/main/java/org/apache/maven/cli/CLIManager.java
index 1018e29efa..c6bdd4ab19 100644
--- a/maven-embedder/src/main/java/org/apache/maven/cli/CLIManager.java
+++ b/maven-embedder/src/main/java/org/apache/maven/cli/CLIManager.java
@@ -132,8 +132,8 @@ public CLIManager()
         options.addOption( OptionBuilder.withLongOpt( "also-make-dependents" ).withDescription( "If project list is specified, also build projects that depend on projects on the list" ).create( ALSO_MAKE_DEPENDENTS ) );
         options.addOption( OptionBuilder.withLongOpt( "log-file" ).hasArg().withDescription( "Log file to where all build output will go." ).create( LOG_FILE ) );
         options.addOption( OptionBuilder.withLongOpt( "show-version" ).withDescription( "Display version information WITHOUT stopping build" ).create( SHOW_VERSION ) );
-        options.addOption( OptionBuilder.withLongOpt( "encrypt-master-password" ).hasArg().withDescription( "Encrypt master security password" ).create( ENCRYPT_MASTER_PASSWORD ) );
-        options.addOption( OptionBuilder.withLongOpt( "encrypt-password" ).hasArg().withDescription( "Encrypt server password" ).create( ENCRYPT_PASSWORD ) );
+        options.addOption( OptionBuilder.withLongOpt( "encrypt-master-password" ).hasOptionalArg().withDescription( "Encrypt master security password" ).create( ENCRYPT_MASTER_PASSWORD ) );
+        options.addOption( OptionBuilder.withLongOpt( "encrypt-password" ).hasOptionalArg().withDescription( "Encrypt server password" ).create( ENCRYPT_PASSWORD ) );
         options.addOption( OptionBuilder.withLongOpt( "threads" ).hasArg().withDescription( "Thread count, for instance 2.0C where C is core multiplied" ).create( THREADS ) );
         options.addOption( OptionBuilder.withLongOpt( "legacy-local-repository" ).withDescription( "Use Maven 2 Legacy Local Repository behaviour, ie no use of _remote.repositories. Can also be activated by using -Dmaven.legacyLocalRepo=true" ).create( LEGACY_LOCAL_REPOSITORY ) );
 
diff --git a/maven-embedder/src/main/java/org/apache/maven/cli/MavenCli.java b/maven-embedder/src/main/java/org/apache/maven/cli/MavenCli.java
index c6d705c330..4dcb0b7189 100644
--- a/maven-embedder/src/main/java/org/apache/maven/cli/MavenCli.java
+++ b/maven-embedder/src/main/java/org/apache/maven/cli/MavenCli.java
@@ -19,6 +19,7 @@
  * under the License.
  */
 
+import java.io.Console;
 import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.FileOutputStream;
@@ -497,6 +498,21 @@ private void encryption( CliRequest cliRequest )
         if ( cliRequest.commandLine.hasOption( CLIManager.ENCRYPT_MASTER_PASSWORD ) )
         {
             String passwd = cliRequest.commandLine.getOptionValue( CLIManager.ENCRYPT_MASTER_PASSWORD );
+            
+            if ( passwd == null )
+            {
+                Console cons;
+                char[] password;
+                if ( ( cons = System.console() ) != null
+                    && ( password = cons.readPassword( "Master password:") ) != null )
+                {
+                    // Cipher uses Strings
+                    passwd = String.copyValueOf( password );
+                    
+                    // Sun/Oracle advises to empty the char array
+                    java.util.Arrays.fill( password, ' ' );
+                }
+            }
 
             DefaultPlexusCipher cipher = new DefaultPlexusCipher();
 
@@ -507,6 +523,21 @@ private void encryption( CliRequest cliRequest )
         else if ( cliRequest.commandLine.hasOption( CLIManager.ENCRYPT_PASSWORD ) )
         {
             String passwd = cliRequest.commandLine.getOptionValue( CLIManager.ENCRYPT_PASSWORD );
+            
+            if ( passwd == null )
+            {
+                Console cons;
+                char[] password;
+                if ( ( cons = System.console() ) != null
+                    && ( password = cons.readPassword( "Password:" ) ) != null )
+                {
+                    // Cipher uses Strings
+                    passwd = String.copyValueOf( password );
+
+                    // Sun/Oracle advises to empty the char array
+                    java.util.Arrays.fill( password, ' ' );
+                }
+            }
 
             String configurationFile = dispatcher.getConfigurationFile();