mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
29967 Commits
59 Branches
Tree: 4cd0180440
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '4cd0180440'
${ noResults }
sonarqube/sonar-plugin-api-impl/src/main/java/org/sonar/api/config/internal/AesCipher.java

AesCipher.java 4.5KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2020 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.api.config.internal;

  21. 

  22. import java.io.File;

  23. import java.io.IOException;

  24. import java.nio.charset.StandardCharsets;

  25. import java.security.Key;

  26. import java.security.SecureRandom;

  27. import javax.annotation.Nullable;

  28. import javax.crypto.KeyGenerator;

  29. import javax.crypto.SecretKey;

  30. import javax.crypto.spec.SecretKeySpec;

  31. import org.apache.commons.codec.binary.Base64;

  32. import org.apache.commons.io.FileUtils;

  33. import org.apache.commons.lang.StringUtils;

  34. import org.sonar.api.CoreProperties;

  35. 

  36. import static java.nio.charset.StandardCharsets.UTF_8;

  37. 

  38. final class AesCipher implements Cipher {

  39.   static final int KEY_SIZE_IN_BITS = 256;

  40. 

  41.   private static final String CRYPTO_KEY = "AES";

  42. 

  43.   private String pathToSecretKey;

  44. 

  45.   AesCipher(@Nullable String pathToSecretKey) {

  46.     this.pathToSecretKey = pathToSecretKey;

  47.   }

  48. 

  49.   @Override

  50.   public String encrypt(String clearText) {

  51.     try {

  52.       javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance(CRYPTO_KEY);

  53.       cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, loadSecretFile());

  54.       return Base64.encodeBase64String(cipher.doFinal(clearText.getBytes(StandardCharsets.UTF_8.name())));

  55.     } catch (RuntimeException e) {

  56.       throw e;

  57.     } catch (Exception e) {

  58.       throw new IllegalStateException(e);

  59.     }

  60.   }

  61. 

  62.   @Override

  63.   public String decrypt(String encryptedText) {

  64.     try {

  65.       javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance(CRYPTO_KEY);

  66.       cipher.init(javax.crypto.Cipher.DECRYPT_MODE, loadSecretFile());

  67.       byte[] cipherData = cipher.doFinal(Base64.decodeBase64(StringUtils.trim(encryptedText)));

  68.       return new String(cipherData, StandardCharsets.UTF_8);

  69.     } catch (RuntimeException e) {

  70.       throw e;

  71.     } catch (Exception e) {

  72.       throw new IllegalStateException(e);

  73.     }

  74.   }

  75. 

  76.   /**

  77.    * This method checks the existence of the file, but not the validity of the contained key.

  78.    */

  79.   boolean hasSecretKey() {

  80.     String path = getPathToSecretKey();

  81.     if (StringUtils.isNotBlank(path)) {

  82.       File file = new File(path);

  83.       return file.exists() && file.isFile();

  84.     }

  85.     return false;

  86.   }

  87. 

  88.   private Key loadSecretFile() throws IOException {

  89.     String path = getPathToSecretKey();

  90.     return loadSecretFileFromFile(path);

  91.   }

  92. 

  93.   Key loadSecretFileFromFile(@Nullable String path) throws IOException {

  94.     if (StringUtils.isBlank(path)) {

  95.       throw new IllegalStateException("Secret key not found. Please set the property " + CoreProperties.ENCRYPTION_SECRET_KEY_PATH);

  96.     }

  97.     File file = new File(path);

  98.     if (!file.exists() || !file.isFile()) {

  99.       throw new IllegalStateException("The property " + CoreProperties.ENCRYPTION_SECRET_KEY_PATH + " does not link to a valid file: " + path);

  100.     }

  101.     String s = FileUtils.readFileToString(file, UTF_8);

  102.     if (StringUtils.isBlank(s)) {

  103.       throw new IllegalStateException("No secret key in the file: " + path);

  104.     }

  105.     return new SecretKeySpec(Base64.decodeBase64(StringUtils.trim(s)), CRYPTO_KEY);

  106.   }

  107. 

  108.   String generateRandomSecretKey() {

  109.     try {

  110.       KeyGenerator keyGen = KeyGenerator.getInstance(CRYPTO_KEY);

  111.       keyGen.init(KEY_SIZE_IN_BITS, new SecureRandom());

  112.       SecretKey secretKey = keyGen.generateKey();

  113.       return Base64.encodeBase64String(secretKey.getEncoded());

  114. 

  115.     } catch (Exception e) {

  116.       throw new IllegalStateException("Fail to generate secret key", e);

  117.     }

  118.   }

  119. 

  120.   String getPathToSecretKey() {

  121.     if (StringUtils.isBlank(pathToSecretKey)) {

  122.       pathToSecretKey = new File(FileUtils.getUserDirectoryPath(), ".sonar/sonar-secret.txt").getPath();

  123.     }

  124.     return pathToSecretKey;

  125.   }

  126. 

  127.   public void setPathToSecretKey(@Nullable String pathToSecretKey) {

  128.     this.pathToSecretKey = pathToSecretKey;

  129.   }

  130. }