SONAR-5051 Support Maven encryption mechanism for SonarQube passwords

3 files changed, 66 insertions, 4 deletions

diff --git a/sonar-maven-plugin/pom.xml b/sonar-maven-plugin/pom.xml
index 00e8fb9a021..ad18cff7b79 100644
--- a/sonar-maven-plugin/pom.xml
+++ b/sonar-maven-plugin/pom.xml
@@ -34,6 +34,12 @@
       <artifactId>maven-project</artifactId>
       <scope>provided</scope>
     </dependency>
+    <dependency>
+      <groupId>org.sonatype.plexus</groupId>
+      <artifactId>plexus-sec-dispatcher</artifactId>
+      <version>1.4</version>
+      <scope>compile</scope>
+    </dependency>
 
     <!-- Test -->
     <dependency>
diff --git a/sonar-maven-plugin/src/main/java/org/sonar/maven/SonarMojo.java b/sonar-maven-plugin/src/main/java/org/sonar/maven/SonarMojo.java
index 7d1f31b1246..8cb4d94460e 100644
--- a/sonar-maven-plugin/src/main/java/org/sonar/maven/SonarMojo.java
+++ b/sonar-maven-plugin/src/main/java/org/sonar/maven/SonarMojo.java
@@ -35,9 +35,12 @@ import org.apache.maven.shared.dependency.tree.DependencyTreeBuilder;
 import org.sonar.runner.api.EmbeddedRunner;
 import org.sonar.runner.api.RunnerProperties;
 import org.sonar.runner.api.ScanProperties;
+import org.sonatype.plexus.components.sec.dispatcher.SecDispatcher;
+import org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException;
 
 import java.io.File;
 import java.io.IOException;
+import java.util.Properties;
 
 /**
  * @goal sonar
@@ -126,6 +129,13 @@ public final class SonarMojo extends AbstractMojo {
    */
   RuntimeInformation runtimeInformation;
 
+  /**
+   * Plexus component for the SecDispatcher
+   * @component role="org.sonatype.plexus.components.sec.dispatcher.SecDispatcher"
+   * @required  
+   */
+  private SecDispatcher securityDispatcher;
+
   @Override
   public void execute() throws MojoExecutionException {
     ArtifactVersion mavenVersion = getMavenVersion();
@@ -157,19 +167,21 @@ public final class SonarMojo extends AbstractMojo {
         // Include slf4j Logger that is exposed by some Sonar components
         .unmask("org.slf4j.Logger")
         .unmask("org.slf4j.ILoggerFactory")
-          // Exclude other slf4j classes
-          // .unmask("org.slf4j.impl.")
+        // Exclude other slf4j classes
+        // .unmask("org.slf4j.impl.")
         .mask("org.slf4j.")
-          // Exclude logback
+        // Exclude logback
         .mask("ch.qos.logback.")
         .mask("org.sonar.")
-          // Include everything else
+        // Include everything else
         .unmask("");
       runner.addExtensions(session, getLog(), lifecycleExecutor, artifactFactory, localRepository, artifactMetadataSource, artifactCollector,
         dependencyTreeBuilder, projectBuilder);
       if (getLog().isDebugEnabled()) {
         runner.setProperty("sonar.verbose", "true");
       }
+      // Replace all properties by decrypted ones if applicable
+      runner.addProperties(decryptProperties(runner.properties()));
       runner.execute();
     } catch (Exception e) {
       throw ExceptionHandling.handle(e, getLog());
@@ -214,4 +226,23 @@ public final class SonarMojo extends AbstractMojo {
     }
     return null;
   }
+
+  public Properties decryptProperties(Properties properties) {
+    Properties newProperties = new Properties();
+    try {
+      for (String key : properties.stringPropertyNames()) {
+        if (key.contains(".password")) {
+          try {
+            String decrypted = securityDispatcher.decrypt(properties.getProperty(key));
+            newProperties.setProperty(key, decrypted);
+          } catch (SecDispatcherException e) {
+            getLog().warn("Unable to decrypt property " + key, e);
+          }
+        }
+      }
+    } catch (Exception e) {
+      getLog().warn("Unable to decrypt properties", e);
+    }
+    return newProperties;
+  }
 }
diff --git a/sonar-maven-plugin/src/main/resources/META-INF/plexus/components.xml b/sonar-maven-plugin/src/main/resources/META-INF/plexus/components.xml
new file mode 100644
index 00000000000..0101f8e0536
--- /dev/null
+++ b/sonar-maven-plugin/src/main/resources/META-INF/plexus/components.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<component-set>
+  <components>
+    <component>
+      <role>org.sonatype.plexus.components.sec.dispatcher.SecDispatcher</role>
+      <role-hint>default</role-hint>
+      <implementation>org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher</implementation>
+      <requirements>
+        <requirement>
+          <role>org.sonatype.plexus.components.cipher.PlexusCipher</role>
+          <role-hint>default</role-hint>
+          <field-name>_cipher</field-name>
+        </requirement>
+      </requirements>
+      <configuration>
+        <_configuration-file>~/.m2/settings-security.xml</_configuration-file>
+      </configuration>
+    </component>
+    <component>
+      <role>org.sonatype.plexus.components.cipher.PlexusCipher</role>
+      <role-hint>default</role-hint>
+      <implementation>org.sonatype.plexus.components.cipher.DefaultPlexusCipher</implementation>
+    </component>
+  </components>
+</component-set>