import javax.crypto.spec.SecretKeySpec;
import java.io.File;
import java.io.IOException;
-import java.security.*;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
final class AesCipher extends Cipher {
}
String encrypt(String clearText) {
- String path = settings.getClearString(CoreProperties.ENCRYPTION_PATH_TO_SECRET_KEY);
try {
javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance("AES");
- cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, loadSecretFileFromFile(path));
+ cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, loadSecretFile());
return new String(Base64.encodeBase64(cipher.doFinal(clearText.getBytes(Charsets.UTF_8))));
} catch (Exception e) {
throw Throwables.propagate(e);
String decrypt(String encryptedText) {
- String path = settings.getClearString(CoreProperties.ENCRYPTION_PATH_TO_SECRET_KEY);
try {
javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance("AES");
- cipher.init(javax.crypto.Cipher.DECRYPT_MODE, loadSecretFileFromFile(path));
+ cipher.init(javax.crypto.Cipher.DECRYPT_MODE, loadSecretFile());
byte[] cipherData = cipher.doFinal(Base64.decodeBase64(StringUtils.trim(encryptedText)));
return new String(cipherData);
} catch (Exception e) {
}
}
+ public boolean canEncrypt() {
+ try {
+ return loadSecretFile() != null;
+ } catch (Exception e) {
+ return false;
+ }
+ }
+
+ Key loadSecretFile() throws NoSuchAlgorithmException, InvalidKeySpecException, IOException, InvalidKeyException {
+ String path = settings.getClearString(CoreProperties.ENCRYPTION_PATH_TO_SECRET_KEY);
+ return loadSecretFileFromFile(path);
+ }
+
@VisibleForTesting
Key loadSecretFileFromFile(String path) throws NoSuchAlgorithmException, InvalidKeySpecException, IOException, InvalidKeyException {
if (StringUtils.isBlank(path)) {
throw new IllegalStateException("Fail to generate random RSA keys", e);
}
}
+
+
}
);
}
+ public boolean canEncrypt() {
+ return aesEncryption.canEncrypt();
+ }
+
public boolean isEncrypted(String value) {
return value.startsWith("{") && value.indexOf("}") > 1;
}
this.encryption = new Encryption(this);
}
+ public final Encryption getEncryption() {
+ return encryption;
+ }
+
public final String getDefaultValue(String key) {
return definitions.getDefaultValue(key);
}
LoggerFactory.getLogger(getClass()).error(message);
}
+ public boolean canEncrypt() {
+ return getContainer().getComponentByType(Settings.class).getEncryption().canEncrypt();
+ }
+
+ public String encrypt(String clearText) {
+ return getContainer().getComponentByType(Settings.class).getEncryption().encrypt(clearText);
+ }
+
+ public String generateRandomSecretKey() {
+ return getContainer().getComponentByType(Settings.class).getEncryption().generateRandomSecretKey();
+ }
+
+
public ReviewsNotificationManager getReviewsNotificationManager() {
return getContainer().getComponentByType(ReviewsNotificationManager.class);
}
--- /dev/null
+#
+# Sonar, entreprise quality control tool.
+# Copyright (C) 2008-2012 SonarSource
+# mailto:contact AT sonarsource DOT com
+#
+# Sonar is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 3 of the License, or (at your option) any later version.
+#
+# Sonar is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with Sonar; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02
+#
+class EncryptionController < ApplicationController
+
+ SECTION=Navigation::SECTION_CONFIGURATION
+ before_filter :admin_required
+ verify :method => :post, :only => [:generate_secret, :encrypt], :redirect_to => {:action => :index}
+
+ def index
+ @can_encrypt=java_facade.canEncrypt()
+ end
+
+ def generate_secret
+ begin
+ @secret=java_facade.generateRandomSecretKey()
+ rescue Exception => e
+ flash[:error]=e.message
+ redirect_to :action => :index
+ end
+ end
+
+ def encrypt
+ bad_request('No secret key') unless java_facade.canEncrypt()
+ @encrypted=java_facade.encrypt(params[:text])
+ end
+
+ private
+
+
+end
--- /dev/null
+<p>
+ Secret is:
+ <input type="text" value="<%= @secret -%>"/>
+</p>
\ No newline at end of file
--- /dev/null
+<p>bla bla</p>
+
+<% if @can_encrypt %>
+ <form action="<%= ApplicationController.root_context -%>/encryption/encrypt" method="POST">
+ <input type="text" name="text" id="text"/>
+ <input type="submit" value="Encrypt" id="submit_encrypt"/>
+ </form>
+<% else %>
+ <form action="<%= ApplicationController.root_context -%>/encryption/generate_secret" method="POST">
+ <input type="submit" value="Generate secret" id="submit_generate_secret"/>
+ </form>
+<% end %>
\ No newline at end of file