1 files changed, 133 insertions, 0 deletions

diff --git a/server/sonar-process/src/main/java/org/sonar/process/AesCipher.java b/server/sonar-process/src/main/java/org/sonar/process/AesCipher.java
new file mode 100644
index 00000000000..204ae1a6b6b
--- /dev/null
+++ b/server/sonar-process/src/main/java/org/sonar/process/AesCipher.java
@@ -0,0 +1,133 @@
+/*
+ * SonarQube, open source software quality management tool.
+ * Copyright (C) 2008-2014 SonarSource
+ * mailto:contact AT sonarsource DOT com
+ *
+ * SonarQube is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * SonarQube is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+
+package org.sonar.process;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.io.FileUtils;
+import org.apache.commons.lang.StringUtils;
+
+import javax.annotation.Nullable;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import java.io.File;
+import java.io.IOException;
+import java.security.Key;
+import java.security.SecureRandom;
+
+final class AesCipher implements Cipher {
+
+  // Can't be increased because of Java 6 policy files :
+  // https://confluence.terena.org/display/~visser/No+256+bit+ciphers+for+Java+apps
+  // http://java.sun.com/javase/6/webnotes/install/jre/README
+  public static final int KEY_SIZE_IN_BITS = 128;
+
+  private static final String CRYPTO_KEY = "AES";
+
+  /**
+   * Duplication from CoreProperties.ENCRYPTION_SECRET_KEY_PATH
+   */
+  static final String ENCRYPTION_SECRET_KEY_PATH = "sonar.secretKeyPath";
+
+  private String pathToSecretKey;
+
+  AesCipher(@Nullable String pathToSecretKey) {
+    this.pathToSecretKey = pathToSecretKey;
+  }
+
+  @Override
+  public String encrypt(String clearText) {
+    try {
+      javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance(CRYPTO_KEY);
+      cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, loadSecretFile());
+      return new String(Base64.encodeBase64(cipher.doFinal(clearText.getBytes("UTF-8"))));
+    } catch (RuntimeException e) {
+      throw e;
+    } catch (Exception e) {
+      throw new IllegalStateException(e);
+    }
+  }
+
+  @Override
+  public String decrypt(String encryptedText) {
+    try {
+      javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance(CRYPTO_KEY);
+      cipher.init(javax.crypto.Cipher.DECRYPT_MODE, loadSecretFile());
+      byte[] cipherData = cipher.doFinal(Base64.decodeBase64(StringUtils.trim(encryptedText)));
+      return new String(cipherData);
+    } catch (RuntimeException e) {
+      throw e;
+    } catch (Exception e) {
+      throw new IllegalStateException(e);
+    }
+  }
+
+  /**
+   * This method checks the existence of the file, but not the validity of the contained key.
+   */
+  boolean hasSecretKey() {
+    String path = getPathToSecretKey();
+    if (StringUtils.isNotBlank(path)) {
+      File file = new File(path);
+      return file.exists() && file.isFile();
+    }
+    return false;
+  }
+
+  private Key loadSecretFile() throws IOException {
+    String path = getPathToSecretKey();
+    return loadSecretFileFromFile(path);
+  }
+
+  Key loadSecretFileFromFile(String path) throws IOException {
+    if (StringUtils.isBlank(path)) {
+      throw new IllegalStateException("Secret key not found. Please set the property " + ENCRYPTION_SECRET_KEY_PATH);
+    }
+    File file = new File(path);
+    if (!file.exists() || !file.isFile()) {
+      throw new IllegalStateException("The property " + ENCRYPTION_SECRET_KEY_PATH + " does not link to a valid file: " + path);
+    }
+    String s = FileUtils.readFileToString(file);
+    if (StringUtils.isBlank(s)) {
+      throw new IllegalStateException("No secret key in the file: " + path);
+    }
+    return new SecretKeySpec(Base64.decodeBase64(StringUtils.trim(s)), CRYPTO_KEY);
+  }
+
+  String generateRandomSecretKey() {
+    try {
+      KeyGenerator keyGen = KeyGenerator.getInstance(CRYPTO_KEY);
+      keyGen.init(KEY_SIZE_IN_BITS, new SecureRandom());
+      SecretKey secretKey = keyGen.generateKey();
+      return new String(Base64.encodeBase64(secretKey.getEncoded()));
+
+    } catch (Exception e) {
+      throw new IllegalStateException("Fail to generate secret key", e);
+    }
+  }
+
+  String getPathToSecretKey() {
+    if (StringUtils.isBlank(pathToSecretKey)) {
+      pathToSecretKey = new File(FileUtils.getUserDirectoryPath(), ".sonar/sonar-secret.txt").getPath();
+    }
+    return pathToSecretKey;
+  }
+}