SONAR-2084 replace asymetric RSA by symetric AES

11 files changed, 267 insertions, 254 deletions

diff --git a/sonar-plugin-api/src/main/java/org/sonar/api/CoreProperties.java b/sonar-plugin-api/src/main/java/org/sonar/api/CoreProperties.java
index 32a67d2b529..8cf0e3cb576 100644
--- a/sonar-plugin-api/src/main/java/org/sonar/api/CoreProperties.java
+++ b/sonar-plugin-api/src/main/java/org/sonar/api/CoreProperties.java
@@ -30,12 +30,7 @@ public interface CoreProperties {
   /**
    * @since 2.15
    */
-  String ENCRYPTION_PATH_TO_PRIVATE_KEY = "sonar.encryption.privateKeyPath";
-
-  /**
-   * @since 2.15
-   */
-  String ENCRYPTION_PUBLIC_KEY = "sonar.encryption.publicKey";
+  String ENCRYPTION_PATH_TO_SECRET_KEY = "sonar.pathToSecretKey";
 
 
   /**
diff --git a/sonar-plugin-api/src/main/java/org/sonar/api/config/AesCipher.java b/sonar-plugin-api/src/main/java/org/sonar/api/config/AesCipher.java
new file mode 100644
index 00000000000..e8ed181966c
--- /dev/null
+++ b/sonar-plugin-api/src/main/java/org/sonar/api/config/AesCipher.java
@@ -0,0 +1,99 @@
+/*
+ * Sonar, open source software quality management tool.
+ * Copyright (C) 2008-2012 SonarSource
+ * mailto:contact AT sonarsource DOT com
+ *
+ * Sonar is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * Sonar is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with Sonar; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02
+ */
+package org.sonar.api.config;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Charsets;
+import com.google.common.base.Throwables;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.lang.StringUtils;
+import org.sonar.api.CoreProperties;
+
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import java.io.File;
+import java.io.IOException;
+import java.security.*;
+import java.security.spec.InvalidKeySpecException;
+
+final class AesCipher extends Cipher {
+
+  public static final int KEY_SIZE_IN_BITS = 128;
+  private final Settings settings;
+
+  AesCipher(Settings settings) {
+    this.settings = settings;
+  }
+
+  String encrypt(String clearText) {
+    String path = settings.getClearString(CoreProperties.ENCRYPTION_PATH_TO_SECRET_KEY);
+    try {
+      javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance("AES");
+      cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, loadSecretFileFromFile(path));
+      return new String(Base64.encodeBase64(cipher.doFinal(clearText.getBytes(Charsets.UTF_8))));
+    } catch (Exception e) {
+      throw Throwables.propagate(e);
+    }
+  }
+
+
+  String decrypt(String encryptedText) {
+    String path = settings.getClearString(CoreProperties.ENCRYPTION_PATH_TO_SECRET_KEY);
+    try {
+      javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance("AES");
+      cipher.init(javax.crypto.Cipher.DECRYPT_MODE, loadSecretFileFromFile(path));
+      byte[] cipherData = cipher.doFinal(Base64.decodeBase64(StringUtils.trim(encryptedText)));
+      return new String(cipherData);
+    } catch (Exception e) {
+      throw Throwables.propagate(e);
+    }
+  }
+
+  @VisibleForTesting
+  Key loadSecretFileFromFile(String path) throws NoSuchAlgorithmException, InvalidKeySpecException, IOException, InvalidKeyException {
+    if (StringUtils.isBlank(path)) {
+      throw new IllegalStateException("Secret key not found. Please set the property " + CoreProperties.ENCRYPTION_PATH_TO_SECRET_KEY);
+    }
+    File file = new File(path);
+    if (!file.exists() || !file.isFile()) {
+      throw new IllegalStateException("The property " + CoreProperties.ENCRYPTION_PATH_TO_SECRET_KEY + " does not link to a valid file: " + path);
+    }
+
+    String s = FileUtils.readFileToString(file);
+    if (StringUtils.isBlank(s)) {
+      throw new IllegalStateException("No secret key in the file: " + path);
+    }
+    return new SecretKeySpec(Base64.decodeBase64(s), "AES");
+  }
+
+  String generateRandomSecretKey() {
+    try {
+      KeyGenerator keyGen = KeyGenerator.getInstance("AES");
+      keyGen.init(KEY_SIZE_IN_BITS, new SecureRandom());
+      SecretKey secretKey = keyGen.generateKey();
+      return new String(Base64.encodeBase64(secretKey.getEncoded()));
+
+    } catch (Exception e) {
+      throw new IllegalStateException("Fail to generate random RSA keys", e);
+    }
+  }
+}
diff --git a/sonar-plugin-api/src/main/java/org/sonar/api/config/Encryption.java b/sonar-plugin-api/src/main/java/org/sonar/api/config/Encryption.java
index edc7dfab7b8..def3164985f 100644
--- a/sonar-plugin-api/src/main/java/org/sonar/api/config/Encryption.java
+++ b/sonar-plugin-api/src/main/java/org/sonar/api/config/Encryption.java
@@ -34,18 +34,18 @@ public final class Encryption {
   private static final String BASE64_ALGORITHM = "b64";
   private final Base64Cipher base64Encryption;
 
-  private static final String RSA_ALGORITHM = "rsa";
-  private final RsaCipher rsaEncryption;
+  private static final String AES_ALGORITHM = "aes";
+  private final AesCipher aesEncryption;
 
   private final Map<String, Cipher> encryptions;
   private static final Pattern ENCRYPTED_PATTERN = Pattern.compile("\\{(.*?)\\}(.*)");
 
   Encryption(Settings settings) {
     base64Encryption = new Base64Cipher();
-    rsaEncryption = new RsaCipher(settings);
+    aesEncryption = new AesCipher(settings);
     encryptions = ImmutableMap.of(
         BASE64_ALGORITHM, base64Encryption,
-        RSA_ALGORITHM, rsaEncryption
+        AES_ALGORITHM, aesEncryption
     );
   }
 
@@ -54,26 +54,23 @@ public final class Encryption {
   }
 
   public String encrypt(String clearText) {
-    return encrypt(RSA_ALGORITHM, clearText);
+    return encrypt(AES_ALGORITHM, clearText);
   }
 
   public String scramble(String clearText) {
     return encrypt(BASE64_ALGORITHM, clearText);
   }
 
-  /**
-   * @return an array of 2 strings: {public key, private key}
-   */
-  public String[] generateRandomKeys() {
-    return rsaEncryption.generateRandomKeys();
+  public String generateRandomSecretKey() {
+    return aesEncryption.generateRandomSecretKey();
   }
-  
+
   public String decrypt(String encryptedText) {
     Matcher matcher = ENCRYPTED_PATTERN.matcher(encryptedText);
     if (matcher.matches()) {
-      Cipher cipher = encryptions.get(matcher.group(0).toLowerCase(Locale.ENGLISH));
+      Cipher cipher = encryptions.get(matcher.group(1).toLowerCase(Locale.ENGLISH));
       if (cipher != null) {
-        return cipher.decrypt(matcher.group(1));
+        return cipher.decrypt(matcher.group(2));
       }
     }
     return encryptedText;
diff --git a/sonar-plugin-api/src/main/java/org/sonar/api/config/RsaCipher.java b/sonar-plugin-api/src/main/java/org/sonar/api/config/RsaCipher.java
deleted file mode 100644
index 3e96c096c12..00000000000
--- a/sonar-plugin-api/src/main/java/org/sonar/api/config/RsaCipher.java
+++ /dev/null
@@ -1,137 +0,0 @@
-/*
- * Sonar, open source software quality management tool.
- * Copyright (C) 2008-2012 SonarSource
- * mailto:contact AT sonarsource DOT com
- *
- * Sonar is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * Sonar is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with Sonar; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02
- */
-package org.sonar.api.config;
-
-import com.google.common.annotations.VisibleForTesting;
-import com.google.common.base.Throwables;
-import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.io.FileUtils;
-import org.apache.commons.lang.StringUtils;
-import org.sonar.api.CoreProperties;
-
-import java.io.File;
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.*;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.RSAPrivateKeySpec;
-import java.security.spec.RSAPublicKeySpec;
-
-final class RsaCipher extends Cipher {
-
-  private final Settings settings;
-
-  RsaCipher(Settings settings) {
-    this.settings = settings;
-  }
-
-  String encrypt(String clearText) {
-    String publicKey = settings.getClearString(CoreProperties.ENCRYPTION_PUBLIC_KEY);
-    if (StringUtils.isBlank(publicKey)) {
-      throw new IllegalStateException("RSA public key is missing. Please generate one.");
-    }
-    return encrypt(clearText, publicKey);
-  }
-
-  private String encrypt(String clearText, String publicKey) {
-    try {
-      javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance("RSA");
-      cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, toPublicKey(publicKey));
-      return new String(Base64.encodeBase64(cipher.doFinal(clearText.getBytes())));
-    } catch (Exception e) {
-      throw Throwables.propagate(e);
-    }
-  }
-
-  String decrypt(String encryptedText) {
-    try {
-      PrivateKey privateKey = loadPrivateKey();
-      javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance("RSA");
-      cipher.init(javax.crypto.Cipher.DECRYPT_MODE, privateKey);
-      byte[] cipherData = cipher.doFinal(Base64.decodeBase64(StringUtils.trim(encryptedText)));
-      return new String(cipherData);
-    } catch (Exception e) {
-      throw Throwables.propagate(e);
-    }
-  }
-
-  private PrivateKey loadPrivateKey() throws NoSuchAlgorithmException, IOException, InvalidKeySpecException, InvalidKeyException {
-    String path = settings.getClearString(CoreProperties.ENCRYPTION_PATH_TO_PRIVATE_KEY);
-    return loadPrivateKeyFromFile(path);
-  }
-
-  @VisibleForTesting
-  PrivateKey loadPrivateKeyFromFile(String path) throws NoSuchAlgorithmException, InvalidKeySpecException, IOException, InvalidKeyException {
-    if (StringUtils.isBlank(path)) {
-      throw new IllegalStateException("Impossible to decrypt text without the private key. Please set the property " + CoreProperties.ENCRYPTION_PATH_TO_PRIVATE_KEY);
-    }
-    File file = new File(path);
-    if (!file.exists() || !file.isFile()) {
-      throw new IllegalStateException("The property " + CoreProperties.ENCRYPTION_PATH_TO_PRIVATE_KEY + " does not link to a valid file: " + path);
-    }
-
-    String s = FileUtils.readFileToString(file);
-    if (StringUtils.isBlank(s)) {
-      throw new IllegalStateException("No private key in the file: " + path);
-    }
-    String[] fields = StringUtils.split(StringUtils.trim(s), ",");
-    if (fields.length != 2) {
-      throw new IllegalStateException("Badly formatted private key in the file: " + path);
-    }
-    BigInteger modulus = new BigInteger(fields[0]);
-    BigInteger exponent = new BigInteger(fields[1]);
-    KeyFactory keyFactory = KeyFactory.getInstance("RSA");
-    return keyFactory.generatePrivate(new RSAPrivateKeySpec(modulus, exponent));
-  }
-
-  @VisibleForTesting
-  PublicKey toPublicKey(String text) throws InvalidKeySpecException, NoSuchAlgorithmException {
-    if (StringUtils.isBlank(text)) {
-      throw new IllegalArgumentException("The public key is blank");
-    }
-    String[] fields = StringUtils.split(StringUtils.trim(text), ",");
-    if (fields.length != 2) {
-      throw new IllegalStateException("Unknown format of public key: " + text);
-    }
-    BigInteger modulus = new BigInteger(fields[0]);
-    BigInteger exponent = new BigInteger(fields[1]);
-    KeyFactory keyFactory = KeyFactory.getInstance("RSA");
-    return keyFactory.generatePublic(new RSAPublicKeySpec(modulus, exponent));
-  }
-
-  String[] generateRandomKeys() {
-    try {
-      KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA");
-      gen.initialize(1024, new SecureRandom());
-      KeyPair pair = gen.generateKeyPair();
-
-      KeyFactory fact = KeyFactory.getInstance("RSA");
-      RSAPublicKeySpec pub = fact.getKeySpec(pair.getPublic(), RSAPublicKeySpec.class);
-      RSAPrivateKeySpec priv = fact.getKeySpec(pair.getPrivate(), RSAPrivateKeySpec.class);
-
-      String publicKey = pub.getModulus() + "," + pub.getPublicExponent();
-      String privateKey = priv.getModulus() + "," + priv.getPrivateExponent();
-      return new String[]{publicKey, privateKey};
-
-    } catch (Exception e) {
-      throw new IllegalStateException("Fail to generate random RSA keys", e);
-    }
-  }
-}
diff --git a/sonar-plugin-api/src/main/java/org/sonar/api/config/Settings.java b/sonar-plugin-api/src/main/java/org/sonar/api/config/Settings.java
index 8de950ac7f5..8e88562a2bb 100644
--- a/sonar-plugin-api/src/main/java/org/sonar/api/config/Settings.java
+++ b/sonar-plugin-api/src/main/java/org/sonar/api/config/Settings.java
@@ -69,7 +69,11 @@ public class Settings implements BatchComponent, ServerComponent {
     if (value == null) {
       value = getDefaultValue(key);
     } else if (encryption.isEncrypted(value)) {
-      value = encryption.decrypt(value);
+      try {
+        value = encryption.decrypt(value);
+      } catch (Exception e) {
+        throw new IllegalStateException("Fail to decrypt the property " + key + ". Please check your secret key.");
+      }
     }
     return value;
   }
diff --git a/sonar-plugin-api/src/test/java/org/sonar/api/config/AesCipherTest.java b/sonar-plugin-api/src/test/java/org/sonar/api/config/AesCipherTest.java
new file mode 100644
index 00000000000..47b432f75d5
--- /dev/null
+++ b/sonar-plugin-api/src/test/java/org/sonar/api/config/AesCipherTest.java
@@ -0,0 +1,92 @@
+/*
+ * Sonar, open source software quality management tool.
+ * Copyright (C) 2008-2012 SonarSource
+ * mailto:contact AT sonarsource DOT com
+ *
+ * Sonar is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * Sonar is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with Sonar; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02
+ */
+package org.sonar.api.config;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.lang.StringUtils;
+import org.junit.Test;
+import org.sonar.api.CoreProperties;
+
+import java.io.File;
+import java.net.URL;
+import java.security.Key;
+
+import static org.hamcrest.Matchers.greaterThan;
+import static org.hamcrest.core.Is.is;
+import static org.junit.Assert.assertThat;
+
+public class AesCipherTest {
+
+  @Test
+  public void generateRandomSecretKey() {
+    AesCipher cipher = new AesCipher(new Settings());
+
+    String key = cipher.generateRandomSecretKey();
+
+    assertThat(StringUtils.isNotBlank(key), is(true));
+    assertThat(Base64.isArrayByteBase64(key.getBytes()), is(true));
+  }
+
+  @Test
+  public void encrypt() throws Exception {
+    Settings settings = new Settings();
+    settings.setProperty(CoreProperties.ENCRYPTION_PATH_TO_SECRET_KEY, pathToSecretKey());
+    AesCipher cipher = new AesCipher(settings);
+
+    String encryptedText = cipher.encrypt("sonar");
+    System.out.println(encryptedText);
+    assertThat(StringUtils.isNotBlank(encryptedText), is(true));
+    assertThat(Base64.isArrayByteBase64(encryptedText.getBytes()), is(true));
+  }
+
+  @Test
+  public void decrypt() throws Exception {
+    Settings settings = new Settings();
+    settings.setProperty(CoreProperties.ENCRYPTION_PATH_TO_SECRET_KEY, pathToSecretKey());
+    AesCipher cipher = new AesCipher(settings);
+
+    // the following value has been encrypted with the key /org/sonar/api/config/AesCipherTest/aes_secret_key.txt
+    String clearText = cipher.decrypt("9mx5Zq4JVyjeChTcVjEide4kWCwusFl7P2dSVXtg9IY=");
+
+    assertThat(clearText, is("this is a secret"));
+  }
+
+  @Test
+  public void encryptThenDecrypt() throws Exception {
+    Settings settings = new Settings();
+    settings.setProperty(CoreProperties.ENCRYPTION_PATH_TO_SECRET_KEY, pathToSecretKey());
+    AesCipher cipher = new AesCipher(settings);
+
+    assertThat(cipher.decrypt(cipher.encrypt("foo")), is("foo"));
+  }
+
+  @Test
+  public void loadSecretKeyFromFile() throws Exception {
+    AesCipher cipher = new AesCipher(new Settings());
+    Key secretKey = cipher.loadSecretFileFromFile(pathToSecretKey());
+    assertThat(secretKey.getAlgorithm(), is("AES"));
+    assertThat(secretKey.getEncoded().length, greaterThan(10));
+  }
+
+  private String pathToSecretKey() throws Exception {
+    URL resource = getClass().getResource("/org/sonar/api/config/AesCipherTest/aes_secret_key.txt");
+    return new File(resource.toURI()).getCanonicalPath();
+  }
+}
diff --git a/sonar-plugin-api/src/test/java/org/sonar/api/config/EncryptionTest.java b/sonar-plugin-api/src/test/java/org/sonar/api/config/EncryptionTest.java
new file mode 100644
index 00000000000..1333120422c
--- /dev/null
+++ b/sonar-plugin-api/src/test/java/org/sonar/api/config/EncryptionTest.java
@@ -0,0 +1,59 @@
+/*
+ * Sonar, open source software quality management tool.
+ * Copyright (C) 2008-2012 SonarSource
+ * mailto:contact AT sonarsource DOT com
+ *
+ * Sonar is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * Sonar is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with Sonar; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02
+ */
+package org.sonar.api.config;
+
+import org.junit.Test;
+
+import static org.hamcrest.CoreMatchers.is;
+import static org.junit.Assert.assertThat;
+
+public class EncryptionTest {
+
+  @Test
+  public void isEncrypted() {
+    Encryption encryption = new Encryption(new Settings());
+    assertThat(encryption.isEncrypted("{aes}ADASDASAD"), is(true));
+    assertThat(encryption.isEncrypted("{b64}ADASDASAD"), is(true));
+    assertThat(encryption.isEncrypted("{abc}ADASDASAD"), is(true));
+
+    assertThat(encryption.isEncrypted("{}"), is(false));
+    assertThat(encryption.isEncrypted("{foo"), is(false));
+    assertThat(encryption.isEncrypted("foo{aes}"), is(false));
+  }
+
+  @Test
+  public void decrypt() {
+    Encryption encryption = new Encryption(new Settings());
+    assertThat(encryption.decrypt("{b64}Zm9v"), is("foo"));
+  }
+
+  @Test
+  public void decrypt_unknown_algorithm() {
+    Encryption encryption = new Encryption(new Settings());
+    assertThat(encryption.decrypt("{xxx}Zm9v"), is("{xxx}Zm9v"));
+  }
+
+  @Test
+  public void decrypt_uncrypted_text() {
+    Encryption encryption = new Encryption(new Settings());
+    assertThat(encryption.decrypt("foo"), is("foo"));
+
+  }
+}
diff --git a/sonar-plugin-api/src/test/java/org/sonar/api/config/RsaCipherTest.java b/sonar-plugin-api/src/test/java/org/sonar/api/config/RsaCipherTest.java
deleted file mode 100644
index 2bd4a538c45..00000000000
--- a/sonar-plugin-api/src/test/java/org/sonar/api/config/RsaCipherTest.java
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * Sonar, open source software quality management tool.
- * Copyright (C) 2008-2012 SonarSource
- * mailto:contact AT sonarsource DOT com
- *
- * Sonar is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or (at your option) any later version.
- *
- * Sonar is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with Sonar; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02
- */
-package org.sonar.api.config;
-
-import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.io.IOUtils;
-import org.apache.commons.lang.StringUtils;
-import org.junit.Test;
-
-import java.io.File;
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URISyntaxException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-
-import static org.hamcrest.core.Is.is;
-import static org.junit.Assert.assertThat;
-
-public class RsaCipherTest {
-  @Test
-  public void encrypt() throws IOException {
-    Settings settings = new Settings();
-    settings.setProperty("sonar.encryption.publicKey", loadPublicKey());
-    RsaCipher cipher = new RsaCipher(settings);
-    String encryptedText = cipher.encrypt("sonar");
-    System.out.println(encryptedText);
-    assertThat(StringUtils.isNotBlank(encryptedText), is(true));
-    assertThat(Base64.isArrayByteBase64(encryptedText.getBytes()), is(true));
-  }
-
-  @Test
-  public void decrypt() throws URISyntaxException, IOException {
-    File file = new File(getClass().getResource("/org/sonar/api/config/RsaCipherTest/rsa_private_key.txt").toURI());
-    Settings settings = new Settings();
-    settings.setProperty("sonar.encryption.privateKeyPath", file.getCanonicalPath());
-    RsaCipher cipher = new RsaCipher(settings);
-
-    // the following value has been encrypted with the public key /org/sonar/api/config/RsaCipherTest/rsa_public_key.txt
-    String clearText = cipher.decrypt("bnFlXnB5A8kLV4VR1FSGI4BmKd9I1E7euOQq/yB8a8RIpW34YYQX0toM5GTymY5EwkMO+KvfcpKXIvvhthr+5beW8v2nDux8n3VSH+tb+3wJZ+UYZQBQAQj2G8FVvYxbvRk3WVGn9bpw3x6195/gEneGvcG/A41/YsDHDce9zLw=");
-    assertThat(clearText, is("this is a secret"));
-  }
-
-  @Test
-  public void encryptThenDecrypt() throws URISyntaxException, IOException {
-    File file = new File(getClass().getResource("/org/sonar/api/config/RsaCipherTest/rsa_private_key.txt").toURI());
-    Settings settings = new Settings();
-    settings.setProperty("sonar.encryption.publicKey", loadPublicKey());
-    settings.setProperty("sonar.encryption.privateKeyPath", file.getCanonicalPath());
-    RsaCipher cipher = new RsaCipher(settings);
-
-    assertThat(cipher.decrypt(cipher.encrypt("foo")), is("foo"));
-  }
-
-  @Test
-  public void loadPrivateKeyFromFile() throws Exception {
-    File file = new File(getClass().getResource("/org/sonar/api/config/RsaCipherTest/rsa_private_key.txt").toURI());
-    RsaCipher cipher = new RsaCipher(new Settings());
-    PrivateKey privateKey = cipher.loadPrivateKeyFromFile(file.getPath());
-    assertThat(privateKey.getAlgorithm(), is("RSA"));
-  }
-
-  @Test
-  public void toPublicKey() throws Exception {
-    RsaCipher cipher = new RsaCipher(new Settings());
-    PublicKey publicKey = cipher.toPublicKey(loadPublicKey());
-    assertThat(publicKey.getAlgorithm(), is("RSA"));
-  }
-
-  private String loadPublicKey() throws IOException {
-    InputStream input = getClass().getResourceAsStream("/org/sonar/api/config/RsaCipherTest/rsa_public_key.txt");
-    try {
-      return IOUtils.toString(input);
-    } finally {
-      IOUtils.closeQuietly(input);
-    }
-  }
-}
diff --git a/sonar-plugin-api/src/test/resources/org/sonar/api/config/AesCipherTest/aes_secret_key.txt b/sonar-plugin-api/src/test/resources/org/sonar/api/config/AesCipherTest/aes_secret_key.txt
new file mode 100644
index 00000000000..65b98c522da
--- /dev/null
+++ b/sonar-plugin-api/src/test/resources/org/sonar/api/config/AesCipherTest/aes_secret_key.txt
@@ -0,0 +1 @@
+0PZz+G+f8mjr3sPn4+AhHg==
\ No newline at end of file
diff --git a/sonar-plugin-api/src/test/resources/org/sonar/api/config/RsaCipherTest/rsa_private_key.txt b/sonar-plugin-api/src/test/resources/org/sonar/api/config/RsaCipherTest/rsa_private_key.txt
deleted file mode 100644
index 10be545d264..00000000000
--- a/sonar-plugin-api/src/test/resources/org/sonar/api/config/RsaCipherTest/rsa_private_key.txt
+++ /dev/null
@@ -1 +0,0 @@
-90219154459460484635307049294251309350624400174513872842964935995590426792849850754956692979878580134173903984923579664828287537160023584656524734039928278121145700539672753499137027823143447317638477535928797385199093031615075304372662494208460458746505946857452591645907526128623572362647338861106567346733,28487650981645105345729039749992166191644740180529930949117542540744133726768616377360480408404524731015987443184896433830608393640073974409602558039310242973125348929164889362700042142142217737063061860660679199646988663544428331146992861271726257946205621825278746735752228856292372558114153659087908459073
\ No newline at end of file
diff --git a/sonar-plugin-api/src/test/resources/org/sonar/api/config/RsaCipherTest/rsa_public_key.txt b/sonar-plugin-api/src/test/resources/org/sonar/api/config/RsaCipherTest/rsa_public_key.txt
deleted file mode 100644
index ef746000bcc..00000000000
--- a/sonar-plugin-api/src/test/resources/org/sonar/api/config/RsaCipherTest/rsa_public_key.txt
+++ /dev/null
@@ -1 +0,0 @@
-90219154459460484635307049294251309350624400174513872842964935995590426792849850754956692979878580134173903984923579664828287537160023584656524734039928278121145700539672753499137027823143447317638477535928797385199093031615075304372662494208460458746505946857452591645907526128623572362647338861106567346733,65537
\ No newline at end of file