pax_global_header00006660000000000000000000000064116136007470014517gustar00rootroot0000000000000052 comment=a73d92e2bd4a3cc9dc250c0e4b24cf2313a2682d plexus-cipher-plexus-cipher-1.7/000077500000000000000000000000001161360074700167445ustar00rootroot00000000000000plexus-cipher-plexus-cipher-1.7/.gitignore000066400000000000000000000000531161360074700207320ustar00rootroot00000000000000target/ .project .classpath .settings/ bin plexus-cipher-plexus-cipher-1.7/NOTICE.txt000066400000000000000000000010121161360074700204600ustar00rootroot00000000000000The code in this component contains a class - Base64 taken from http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.10/src/java/org/apache/commons/ssl/Base64.java which is Apache license: http://www.apache.org/licenses/LICENSE-2.0 The PBE key processing routine PBECipher.createCipher() is adopted from http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.10/src/java/org/apache/commons/ssl/OpenSSL.java which is also Apache APL-2.0 license: http://www.apache.org/licenses/LICENSE-2.0 plexus-cipher-plexus-cipher-1.7/pom.xml000066400000000000000000000101171161360074700202610ustar00rootroot00000000000000 4.0.0 org.sonatype.spice spice-parent 15 org.sonatype.plexus plexus-cipher 1.7 http://spice.sonatype.org/${project.artifactId} Plexus Cipher: encryption/decryption Component sonatype.org-sites ${spiceSiteBaseUrl}/${project.artifactId} org.apache.maven.plugins maven-surefire-plugin 2.9 org.eclipse.m2e lifecycle-mapping 1.0.0 org.sonatype.plugins sisu-maven-plugin [1.1,) test-index main-index maven-compiler-plugin 1.5 1.5 org.apache.maven.plugins maven-surefire-plugin utf8 test test utf8 iso8859-1 test test iso8859-1 org.sonatype.plugins sisu-maven-plugin 1.1 main-index test-index org.sonatype.sisu sisu-inject-bean 2.2.0 provided junit junit 3.8.2 scm:git:git@github.com/sonatype/plexus-cipher.git scm:git:ssh://git@github.com/sonatype/plexus-cipher.git http://github.com/sonatype/plexus-cipher plexus-cipher-plexus-cipher-1.7/src/000077500000000000000000000000001161360074700175335ustar00rootroot00000000000000plexus-cipher-plexus-cipher-1.7/src/main/000077500000000000000000000000001161360074700204575ustar00rootroot00000000000000plexus-cipher-plexus-cipher-1.7/src/main/java/000077500000000000000000000000001161360074700214005ustar00rootroot00000000000000plexus-cipher-plexus-cipher-1.7/src/main/java/org/000077500000000000000000000000001161360074700221675ustar00rootroot00000000000000plexus-cipher-plexus-cipher-1.7/src/main/java/org/sonatype/000077500000000000000000000000001161360074700240315ustar00rootroot00000000000000plexus-cipher-plexus-cipher-1.7/src/main/java/org/sonatype/plexus/000077500000000000000000000000001161360074700253515ustar00rootroot00000000000000plexus-cipher-plexus-cipher-1.7/src/main/java/org/sonatype/plexus/components/000077500000000000000000000000001161360074700275365ustar00rootroot00000000000000plexus-cipher-plexus-cipher-1.7/src/main/java/org/sonatype/plexus/components/cipher/000077500000000000000000000000001161360074700310105ustar00rootroot00000000000000plexus-cipher-plexus-cipher-1.7/src/main/java/org/sonatype/plexus/components/cipher/Base64.java000066400000000000000000000447421161360074700327120ustar00rootroot00000000000000package org.sonatype.plexus.components.cipher; /* * $HeadURL: http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.10/src/java/org/apache/commons/ssl/Base64.java $ * $Revision$ * $Date$ * * ==================================================================== * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation. For more * information on the Apache Software Foundation, please see * . * */ /** * Provides Base64 encoding and decoding as defined by RFC 2045. *

*

This class implements section 6.8. Base64 Content-Transfer-Encoding * from RFC 2045 Multipurpose Internet Mail Extensions (MIME) Part One: * Format of Internet Message Bodies by Freed and Borenstein.

* * @author Apache Software Foundation * @version $Id$ * @see RFC 2045 * @since 1.0-dev */ public class Base64 { /** * Chunk size per RFC 2045 section 6.8. *

*

The character limit does not count the trailing CRLF, but counts * all other characters, including any equal signs.

* * @see RFC 2045 section 6.8 */ static final int CHUNK_SIZE = 76; /** * Chunk separator per RFC 2045 section 2.1. * * @see RFC 2045 section 2.1 */ static final byte[] CHUNK_SEPARATOR = "\r\n".getBytes(); /** The base length. */ static final int BASELENGTH = 255; /** Lookup length. */ static final int LOOKUPLENGTH = 64; /** Used to calculate the number of bits in a byte. */ static final int EIGHTBIT = 8; /** Used when encoding something which has fewer than 24 bits. */ static final int SIXTEENBIT = 16; /** Used to determine how many bits data contains. */ static final int TWENTYFOURBITGROUP = 24; /** Used to get the number of Quadruples. */ static final int FOURBYTE = 4; /** Used to test the sign of a byte. */ static final int SIGN = -128; /** Byte used to pad output. */ static final byte PAD = (byte) '='; /** * Contains the Base64 values 0 through 63 accessed by using character encodings as * indices. *

* For example, base64Alphabet['+'] returns 62. *

*

* The value of undefined encodings is -1. *

*/ private static byte[] base64Alphabet = new byte[BASELENGTH]; /** *

* Contains the Base64 encodings A through Z, followed by a through * z, followed by 0 through 9, followed by +, and * /. *

*

* This array is accessed by using character values as indices. *

*

* For example, lookUpBase64Alphabet[62] returns '+'. *

*/ private static byte[] lookUpBase64Alphabet = new byte[LOOKUPLENGTH]; // Populating the lookup and character arrays static { for (int i = 0; i < BASELENGTH; i++) { base64Alphabet[i] = (byte) -1; } for (int i = 'Z'; i >= 'A'; i--) { base64Alphabet[i] = (byte) (i - 'A'); } for (int i = 'z'; i >= 'a'; i--) { base64Alphabet[i] = (byte) (i - 'a' + 26); } for (int i = '9'; i >= '0'; i--) { base64Alphabet[i] = (byte) (i - '0' + 52); } base64Alphabet['+'] = 62; base64Alphabet['/'] = 63; for (int i = 0; i <= 25; i++) { lookUpBase64Alphabet[i] = (byte) ('A' + i); } for (int i = 26, j = 0; i <= 51; i++, j++) { lookUpBase64Alphabet[i] = (byte) ('a' + j); } for (int i = 52, j = 0; i <= 61; i++, j++) { lookUpBase64Alphabet[i] = (byte) ('0' + j); } lookUpBase64Alphabet[62] = (byte) '+'; lookUpBase64Alphabet[63] = (byte) '/'; } /** * Returns whether or not the octect is in the base 64 alphabet. * * @param b The value to test * @return true if the value is defined in the the base 64 alphabet, false otherwise. */ public static boolean isBase64(byte b) { return (b == PAD) || (b >= 0 && base64Alphabet[b] >= 0); } /** * Tests a given byte array to see if it contains * only valid characters within the Base64 alphabet. * * @param arrayOctect byte array to test * @return true if all bytes are valid characters in the Base64 * alphabet or if the byte array is empty; false, otherwise */ public static boolean isArrayByteBase64(byte[] arrayOctect) { arrayOctect = discardWhitespace(arrayOctect); int length = arrayOctect.length; if (length == 0) { // shouldn't a 0 length array be valid base64 data? // return false; return true; } for (int i = 0; i < length; i++) { if (!isBase64(arrayOctect[i])) { return false; } } return true; } /** * Encodes binary data using the base64 algorithm but * does not chunk the output. * * @param binaryData binary data to encode * @return Base64 characters */ public static byte[] encodeBase64(byte[] binaryData) { return encodeBase64(binaryData, false); } /** * Encodes binary data using the base64 algorithm and chunks * the encoded output into 76 character blocks * * @param binaryData binary data to encode * @return Base64 characters chunked in 76 character blocks */ public static byte[] encodeBase64Chunked(byte[] binaryData) { return encodeBase64(binaryData, true); } /** * Decodes an Object using the base64 algorithm. This method * is provided in order to satisfy the requirements of the * Decoder interface, and will throw a DecoderException if the * supplied object is not of type byte[]. * * @param pObject Object to decode * @return An object (of type byte[]) containing the * binary data which corresponds to the byte[] supplied. * @throws IllegalArgumentException if the parameter supplied is not * of type byte[] */ public Object decode(Object pObject) throws IllegalArgumentException { if (!(pObject instanceof byte[])) { throw new IllegalArgumentException("Parameter supplied to Base64 decode is not a byte[]"); } return decode((byte[]) pObject); } /** * Decodes a byte[] containing containing * characters in the Base64 alphabet. * * @param pArray A byte array containing Base64 character data * @return a byte array containing binary data */ public byte[] decode(byte[] pArray) { return decodeBase64(pArray); } /** * Encodes binary data using the base64 algorithm, optionally * chunking the output into 76 character blocks. * * @param binaryData Array containing binary data to encode. * @param isChunked if true this encoder will chunk * the base64 output into 76 character blocks * @return Base64-encoded data. */ public static byte[] encodeBase64(byte[] binaryData, boolean isChunked) { int lengthDataBits = binaryData.length * EIGHTBIT; int fewerThan24bits = lengthDataBits % TWENTYFOURBITGROUP; int numberTriplets = lengthDataBits / TWENTYFOURBITGROUP; byte encodedData[]; int encodedDataLength; int nbrChunks = 0; if (fewerThan24bits != 0) { //data not divisible by 24 bit encodedDataLength = (numberTriplets + 1) * 4; } else { // 16 or 8 bit encodedDataLength = numberTriplets * 4; } // If the output is to be "chunked" into 76 character sections, // for compliance with RFC 2045 MIME, then it is important to // allow for extra length to account for the separator(s) if (isChunked) { nbrChunks = (CHUNK_SEPARATOR.length == 0 ? 0 : (int) Math.ceil((float) encodedDataLength / CHUNK_SIZE)); encodedDataLength += nbrChunks * CHUNK_SEPARATOR.length; } encodedData = new byte[encodedDataLength]; byte k, l, b1, b2, b3; int dataIndex; int i; int encodedIndex = 0; int nextSeparatorIndex = CHUNK_SIZE; int chunksSoFar = 0; //log.debug("number of triplets = " + numberTriplets); for (i = 0; i < numberTriplets; i++) { dataIndex = i * 3; b1 = binaryData[dataIndex]; b2 = binaryData[dataIndex + 1]; b3 = binaryData[dataIndex + 2]; //log.debug("b1= " + b1 +", b2= " + b2 + ", b3= " + b3); l = (byte) (b2 & 0x0f); k = (byte) (b1 & 0x03); byte val1 = ((b1 & SIGN) == 0) ? (byte) (b1 >> 2) : (byte) ((b1) >> 2 ^ 0xc0); byte val2 = ((b2 & SIGN) == 0) ? (byte) (b2 >> 4) : (byte) ((b2) >> 4 ^ 0xf0); byte val3 = ((b3 & SIGN) == 0) ? (byte) (b3 >> 6) : (byte) ((b3) >> 6 ^ 0xfc); encodedData[encodedIndex] = lookUpBase64Alphabet[val1]; //log.debug( "val2 = " + val2 ); //log.debug( "k4 = " + (k<<4) ); //log.debug( "vak = " + (val2 | (k<<4)) ); encodedData[encodedIndex + 1] = lookUpBase64Alphabet[val2 | (k << 4)]; encodedData[encodedIndex + 2] = lookUpBase64Alphabet[(l << 2) | val3]; encodedData[encodedIndex + 3] = lookUpBase64Alphabet[b3 & 0x3f]; encodedIndex += 4; // If we are chunking, let's put a chunk separator down. if (isChunked) { // this assumes that CHUNK_SIZE % 4 == 0 if (encodedIndex == nextSeparatorIndex) { System.arraycopy(CHUNK_SEPARATOR, 0, encodedData, encodedIndex, CHUNK_SEPARATOR.length); chunksSoFar++; nextSeparatorIndex = (CHUNK_SIZE * (chunksSoFar + 1)) + (chunksSoFar * CHUNK_SEPARATOR.length); encodedIndex += CHUNK_SEPARATOR.length; } } } // form integral number of 6-bit groups dataIndex = i * 3; if (fewerThan24bits == EIGHTBIT) { b1 = binaryData[dataIndex]; k = (byte) (b1 & 0x03); //log.debug("b1=" + b1); //log.debug("b1<<2 = " + (b1>>2) ); byte val1 = ((b1 & SIGN) == 0) ? (byte) (b1 >> 2) : (byte) ((b1) >> 2 ^ 0xc0); encodedData[encodedIndex] = lookUpBase64Alphabet[val1]; encodedData[encodedIndex + 1] = lookUpBase64Alphabet[k << 4]; encodedData[encodedIndex + 2] = PAD; encodedData[encodedIndex + 3] = PAD; } else if (fewerThan24bits == SIXTEENBIT) { b1 = binaryData[dataIndex]; b2 = binaryData[dataIndex + 1]; l = (byte) (b2 & 0x0f); k = (byte) (b1 & 0x03); byte val1 = ((b1 & SIGN) == 0) ? (byte) (b1 >> 2) : (byte) ((b1) >> 2 ^ 0xc0); byte val2 = ((b2 & SIGN) == 0) ? (byte) (b2 >> 4) : (byte) ((b2) >> 4 ^ 0xf0); encodedData[encodedIndex] = lookUpBase64Alphabet[val1]; encodedData[encodedIndex + 1] = lookUpBase64Alphabet[val2 | (k << 4)]; encodedData[encodedIndex + 2] = lookUpBase64Alphabet[l << 2]; encodedData[encodedIndex + 3] = PAD; } if (isChunked) { // we also add a separator to the end of the final chunk. if (chunksSoFar < nbrChunks) { System.arraycopy(CHUNK_SEPARATOR, 0, encodedData, encodedDataLength - CHUNK_SEPARATOR.length, CHUNK_SEPARATOR.length); } } return encodedData; } /** * Decodes Base64 data into octects * * @param base64Data Byte array containing Base64 data * @return Array containing decoded data. */ public static byte[] decodeBase64(byte[] base64Data) { // RFC 2045 requires that we discard ALL non-Base64 characters base64Data = discardNonBase64(base64Data); // handle the edge case, so we don't have to worry about it later if (base64Data.length == 0) { return new byte[0]; } int numberQuadruple = base64Data.length / FOURBYTE; byte decodedData[]; byte b1, b2, b3, b4, marker0, marker1; // Throw away anything not in base64Data int dataIndex; int encodedIndex = 0; { // this sizes the output array properly - rlw int lastData = base64Data.length; // ignore the '=' padding while (base64Data[lastData - 1] == PAD) { if (--lastData == 0) { return new byte[0]; } } decodedData = new byte[lastData - numberQuadruple]; } for (int i = 0; i < numberQuadruple; i++) { dataIndex = i * 4; marker0 = base64Data[dataIndex + 2]; marker1 = base64Data[dataIndex + 3]; b1 = base64Alphabet[base64Data[dataIndex]]; b2 = base64Alphabet[base64Data[dataIndex + 1]]; if (marker0 != PAD && marker1 != PAD) { //No PAD e.g 3cQl b3 = base64Alphabet[marker0]; b4 = base64Alphabet[marker1]; decodedData[encodedIndex] = (byte) (b1 << 2 | b2 >> 4); decodedData[encodedIndex + 1] = (byte) (((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf)); decodedData[encodedIndex + 2] = (byte) (b3 << 6 | b4); } else if (marker0 == PAD) { //Two PAD e.g. 3c[Pad][Pad] decodedData[encodedIndex] = (byte) (b1 << 2 | b2 >> 4); } else // if ( marker1 == PAD ) (always true at this point) { //One PAD e.g. 3cQ[Pad] b3 = base64Alphabet[marker0]; decodedData[encodedIndex] = (byte) (b1 << 2 | b2 >> 4); decodedData[encodedIndex + 1] = (byte) (((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf)); } encodedIndex += 3; } return decodedData; } /** * Discards any whitespace from a base-64 encoded block. * * @param data The base-64 encoded data to discard the whitespace * from. * @return The data, less whitespace (see RFC 2045). */ static byte[] discardWhitespace(byte[] data) { byte groomedData[] = new byte[data.length]; int bytesCopied = 0; for (int i = 0; i < data.length; i++) { switch (data[i]) { case (byte) ' ': case (byte) '\n': case (byte) '\r': case (byte) '\t': break; default: groomedData[bytesCopied++] = data[i]; } } byte packedData[] = new byte[bytesCopied]; System.arraycopy(groomedData, 0, packedData, 0, bytesCopied); return packedData; } /** * Discards any characters outside of the base64 alphabet, per * the requirements on page 25 of RFC 2045 - "Any characters * outside of the base64 alphabet are to be ignored in base64 * encoded data." * * @param data The base-64 encoded data to groom * @return The data, less non-base64 characters (see RFC 2045). */ static byte[] discardNonBase64(byte[] data) { byte groomedData[] = new byte[data.length]; int bytesCopied = 0; for (int i = 0; i < data.length; i++) { if (isBase64(data[i])) { groomedData[bytesCopied++] = data[i]; } } byte packedData[] = new byte[bytesCopied]; System.arraycopy(groomedData, 0, packedData, 0, bytesCopied); return packedData; } // Implementation of the Encoder Interface /** * Encodes an Object using the base64 algorithm. This method * is provided in order to satisfy the requirements of the * Encoder interface, and will throw an EncoderException if the * supplied object is not of type byte[]. * * @param pObject Object to encode * @return An object (of type byte[]) containing the * base64 encoded data which corresponds to the byte[] supplied. * @throws IllegalArgumentException if the parameter supplied is not * of type byte[] */ public Object encode(Object pObject) throws IllegalArgumentException { if (!(pObject instanceof byte[])) { throw new IllegalArgumentException("Parameter supplied to Base64 encode is not a byte[]"); } return encode((byte[]) pObject); } /** * Encodes a byte[] containing binary data, into a byte[] containing * characters in the Base64 alphabet. * * @param pArray a byte array containing binary data * @return A byte array containing only Base64 character data */ public byte[] encode(byte[] pArray) { return encodeBase64(pArray, false); } } DefaultPlexusCipher.java000066400000000000000000000166771161360074700355350ustar00rootroot00000000000000plexus-cipher-plexus-cipher-1.7/src/main/java/org/sonatype/plexus/components/cipher/** * Copyright (c) 2008 Sonatype, Inc. All rights reserved. * * This program is licensed to you under the Apache License Version 2.0, * and you may not use this file except in compliance with the Apache License Version 2.0. * You may obtain a copy of the Apache License Version 2.0 at http://www.apache.org/licenses/LICENSE-2.0. * * Unless required by applicable law or agreed to in writing, * software distributed under the Apache License Version 2.0 is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Apache License Version 2.0 for the specific language governing permissions and limitations there under. */ package org.sonatype.plexus.components.cipher; import java.security.Provider; import java.security.Security; import java.util.HashSet; import java.util.Iterator; import java.util.Set; import java.util.regex.Matcher; import java.util.regex.Pattern; import javax.enterprise.inject.Typed; import javax.inject.Named; /** * @author Oleg Gusakov */ @Named( "default" ) @Typed( PlexusCipher.class ) public class DefaultPlexusCipher implements PlexusCipher { private static final Pattern ENCRYPTED_STRING_PATTERN = Pattern.compile( ".*?[^\\\\]?\\{(.*?[^\\\\])\\}.*" ); private final PBECipher _cipher; // --------------------------------------------------------------- public DefaultPlexusCipher() throws PlexusCipherException { _cipher = new PBECipher(); } // --------------------------------------------------------------- public String encrypt( final String str, final String passPhrase ) throws PlexusCipherException { if ( str == null || str.length() < 1 ) { return str; } return _cipher.encrypt64( str, passPhrase ); } // --------------------------------------------------------------- public String encryptAndDecorate( final String str, final String passPhrase ) throws PlexusCipherException { return decorate( encrypt( str, passPhrase ) ); } // --------------------------------------------------------------- public String decrypt( final String str, final String passPhrase ) throws PlexusCipherException { if ( str == null || str.length() < 1 ) { return str; } return _cipher.decrypt64( str, passPhrase ); } // --------------------------------------------------------------- public String decryptDecorated( final String str, final String passPhrase ) throws PlexusCipherException { if ( str == null || str.length() < 1 ) { return str; } if ( isEncryptedString( str ) ) { return decrypt( unDecorate( str ), passPhrase ); } return decrypt( str, passPhrase ); } // ---------------------------------------------------------------------------- public boolean isEncryptedString( final String str ) { if ( str == null || str.length() < 1 ) { return false; } Matcher matcher = ENCRYPTED_STRING_PATTERN.matcher( str ); return matcher.matches() || matcher.find(); } // ---------------------------------------------------------------------------- // ------------------- public String unDecorate( final String str ) throws PlexusCipherException { Matcher matcher = ENCRYPTED_STRING_PATTERN.matcher( str ); if ( matcher.matches() || matcher.find() ) { return matcher.group( 1 ); } else { throw new PlexusCipherException( "default.plexus.cipher.badEncryptedPassword" ); } } // ---------------------------------------------------------------------------- // ------------------- public String decorate( final String str ) { return ENCRYPTED_STRING_DECORATION_START + ( str == null ? "" : str ) + ENCRYPTED_STRING_DECORATION_STOP; } // --------------------------------------------------------------- // --------------------------------------------------------------- // *************************************************************** /** * Exploratory part. This method returns all available services types */ public static String[] getServiceTypes() { Set result = new HashSet(); // All all providers Provider[] providers = Security.getProviders(); for ( int i = 0; i < providers.length; i++ ) { // Get services provided by each provider Set keys = providers[i].keySet(); for ( Iterator it = keys.iterator(); it.hasNext(); ) { String key = (String) it.next(); key = key.split( " " )[0]; if ( key.startsWith( "Alg.Alias." ) ) { // Strip the alias key = key.substring( 10 ); } int ix = key.indexOf( '.' ); result.add( key.substring( 0, ix ) ); } } return (String[]) result.toArray( new String[result.size()] ); } /** * This method returns the available implementations for a service type */ public static String[] getCryptoImpls( final String serviceType ) { Set result = new HashSet(); // All all providers Provider[] providers = Security.getProviders(); for ( int i = 0; i < providers.length; i++ ) { // Get services provided by each provider Set keys = providers[i].keySet(); for ( Iterator it = keys.iterator(); it.hasNext(); ) { String key = (String) it.next(); key = key.split( " " )[0]; if ( key.startsWith( serviceType + "." ) ) { result.add( key.substring( serviceType.length() + 1 ) ); } else if ( key.startsWith( "Alg.Alias." + serviceType + "." ) ) { // This is an alias result.add( key.substring( serviceType.length() + 11 ) ); } } } return (String[]) result.toArray( new String[result.size()] ); } // --------------------------------------------------------------- public static void main( final String[] args ) { // Security.addProvider( new BouncyCastleProvider() ); String[] serviceTypes = getServiceTypes(); if ( serviceTypes != null ) { for ( int i = 0; i < serviceTypes.length; i++ ) { String serviceType = serviceTypes[i]; String[] serviceProviders = getCryptoImpls( serviceType ); if ( serviceProviders != null ) { System.out.println( serviceType + ": provider list" ); for ( int j = 0; j < serviceProviders.length; j++ ) { String provider = serviceProviders[j]; System.out.println( " " + provider ); } } else { System.out.println( serviceType + ": does not have any providers in this environment" ); } } } } // --------------------------------------------------------------- // --------------------------------------------------------------- } plexus-cipher-plexus-cipher-1.7/src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java000066400000000000000000000216541161360074700334240ustar00rootroot00000000000000/** * createCipher routine was adopted from http://juliusdavies.ca/svn/not-yet-commons-ssl/tags/commons-ssl-0.3.10/src/java/org/apache/commons/ssl/OpenSSL.java * which is distributed under APL-2.0 license: http://www.apache.org/licenses/LICENSE-2.0 */ /* Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ package org.sonatype.plexus.components.cipher; import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.SecureRandom; import java.util.Random; import javax.crypto.Cipher; import javax.crypto.NoSuchPaddingException; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; /** * @author Oleg Gusakov * @version $Id$ */ public class PBECipher { protected static final String STRING_ENCODING = "UTF8"; protected static final int SPICE_SIZE = 16; protected static final int SALT_SIZE = 8; protected static final int CHUNK_SIZE = 16; protected static final byte WIPER = 0; protected static final String DIGEST_ALG = "SHA-256"; protected static final String KEY_ALG = "AES"; protected static final String CIPHER_ALG = "AES/CBC/PKCS5Padding"; protected static int PBE_ITERATIONS = 1000; protected MessageDigest _digester; protected SecureRandom _secureRandom; protected boolean _onLinux = false; //--------------------------------------------------------------- public PBECipher() throws PlexusCipherException { try { _digester = MessageDigest.getInstance( DIGEST_ALG ); if( System.getProperty( "os.name", "blah" ).toLowerCase().indexOf( "linux" ) != -1 ) { _onLinux = true; } if( _onLinux ) { System.setProperty( "securerandom.source", "file:/dev/./urandom"); } else { _secureRandom = new SecureRandom(); } } catch ( NoSuchAlgorithmException e ) { throw new PlexusCipherException(e); } } //--------------------------------------------------------------- private byte[] getSalt( final int sz ) throws NoSuchAlgorithmException, NoSuchProviderException { byte [] res = null; if( _secureRandom != null ) { _secureRandom.setSeed( System.currentTimeMillis() ); res = _secureRandom.generateSeed( sz ); } else { res = new byte[ sz ]; Random r = new Random( System.currentTimeMillis() ); r.nextBytes( res ); } return res; } //------------------------------------------------------------------------------- public String encrypt64( final String clearText, final String password ) throws PlexusCipherException { try { byte[] clearBytes = clearText.getBytes( STRING_ENCODING ); byte[] salt = getSalt( SALT_SIZE ); // spin it :) if( _secureRandom != null ) { new SecureRandom().nextBytes( salt ); } Cipher cipher = createCipher( password.getBytes( STRING_ENCODING ), salt, Cipher.ENCRYPT_MODE ); byte [] encryptedBytes = cipher.doFinal( clearBytes ); int len = encryptedBytes.length; byte padLen = (byte) ( CHUNK_SIZE - (SALT_SIZE + len + 1) % CHUNK_SIZE ); int totalLen = SALT_SIZE + len + padLen + 1; byte [] allEncryptedBytes = getSalt( totalLen ); System.arraycopy( salt, 0, allEncryptedBytes, 0, SALT_SIZE ); allEncryptedBytes[ SALT_SIZE ] = padLen; System.arraycopy( encryptedBytes, 0, allEncryptedBytes, SALT_SIZE + 1, len ); byte [] encryptedTextBytes = Base64.encodeBase64( allEncryptedBytes ); String encryptedText = new String( encryptedTextBytes, STRING_ENCODING ); return encryptedText; } catch( Exception e) { throw new PlexusCipherException(e); } } // ------------------------------------------------------------------------------- public String decrypt64( final String encryptedText, final String password ) throws PlexusCipherException { try { byte[] allEncryptedBytes = Base64.decodeBase64( encryptedText.getBytes() ); int totalLen = allEncryptedBytes.length; byte [] salt = new byte[ SALT_SIZE ]; System.arraycopy( allEncryptedBytes, 0, salt, 0, SALT_SIZE ); byte padLen = allEncryptedBytes[ SALT_SIZE ]; byte [] encryptedBytes = new byte[ totalLen - SALT_SIZE - 1 - padLen ]; System.arraycopy( allEncryptedBytes, SALT_SIZE + 1, encryptedBytes, 0, encryptedBytes.length ); Cipher cipher = createCipher( password.getBytes( STRING_ENCODING ), salt, Cipher.DECRYPT_MODE ); byte [] clearBytes = cipher.doFinal( encryptedBytes ); String clearText = new String( clearBytes, STRING_ENCODING ); return clearText; } catch( Exception e) { throw new PlexusCipherException(e); } } //------------------------------------------------------------------------------- private Cipher createCipher( final byte [] pwdAsBytes, byte [] salt, final int mode ) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException { _digester.reset(); byte[] keyAndIv = new byte[ SPICE_SIZE * 2 ]; if( salt == null || salt.length == 0 ) { // Unsalted! Bad idea! salt = null; } byte[] result; int currentPos = 0; while (currentPos < keyAndIv.length) { _digester.update(pwdAsBytes); if (salt != null) { // First 8 bytes of salt ONLY! That wasn't obvious to me // when using AES encrypted private keys in "Traditional // SSLeay Format". // // Example: // DEK-Info: AES-128-CBC,8DA91D5A71988E3D4431D9C2C009F249 // // Only the first 8 bytes are salt, but the whole thing is // re-used again later as the IV. MUCH gnashing of teeth! _digester.update( salt, 0, 8 ); } result = _digester.digest(); int stillNeed = keyAndIv.length - currentPos; // Digest gave us more than we need. Let's truncate it. if (result.length > stillNeed) { byte[] b = new byte[stillNeed]; System.arraycopy(result, 0, b, 0, b.length); result = b; } System.arraycopy(result, 0, keyAndIv, currentPos, result.length); currentPos += result.length; if (currentPos < keyAndIv.length) { // Next round starts with a hash of the hash. _digester.reset(); _digester.update(result); } } byte[] key = new byte[ SPICE_SIZE ]; byte[] iv = new byte[ SPICE_SIZE ]; System.arraycopy(keyAndIv, 0, key, 0, key.length); System.arraycopy(keyAndIv, key.length, iv, 0, iv.length); Cipher cipher = Cipher.getInstance( CIPHER_ALG ); cipher.init( mode, new SecretKeySpec( key, KEY_ALG ), new IvParameterSpec( iv ) ); return cipher; } //------------------------------------------------------------------------------- //------------------------------------------------------------------------------- } PlexusCipher.java000066400000000000000000000052251161360074700342130ustar00rootroot00000000000000plexus-cipher-plexus-cipher-1.7/src/main/java/org/sonatype/plexus/components/cipher/** * Copyright (c) 2008 Sonatype, Inc. All rights reserved. * * This program is licensed to you under the Apache License Version 2.0, * and you may not use this file except in compliance with the Apache License Version 2.0. * You may obtain a copy of the Apache License Version 2.0 at http://www.apache.org/licenses/LICENSE-2.0. * * Unless required by applicable law or agreed to in writing, * software distributed under the Apache License Version 2.0 is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Apache License Version 2.0 for the specific language governing permissions and limitations there under. */ package org.sonatype.plexus.components.cipher; /** * @author Oleg Gusakov */ public interface PlexusCipher { public static final char ENCRYPTED_STRING_DECORATION_START = '{'; public static final char ENCRYPTED_STRING_DECORATION_STOP = '}'; /** * encrypt given string with the given passPhrase and encode it into base64 * * @param str * @param passPhrase * @return * @throws PlexusCipherException */ String encrypt( String str, String passPhrase ) throws PlexusCipherException; /** * encrypt given string with the given passPhrase, encode it into base64 and return result, wrapped into { } * decorations * * @param str * @param passPhrase * @return * @throws PlexusCipherException */ String encryptAndDecorate( String str, String passPhrase ) throws PlexusCipherException; /** * decrypt given base64 encrypted string * * @param str * @param passPhrase * @return * @throws PlexusCipherException */ String decrypt( String str, String passPhrase ) throws PlexusCipherException; /** * decrypt given base64 encoded encrypted string. If string is decorated, decrypt base64 encoded string inside * decorations * * @param str * @param passPhrase * @return * @throws PlexusCipherException */ String decryptDecorated( String str, String passPhrase ) throws PlexusCipherException; /** * check if given string is decorated * * @param str * @return */ public boolean isEncryptedString( String str ); /** * return string inside decorations * * @param str * @return * @throws PlexusCipherException */ public String unDecorate( String str ) throws PlexusCipherException; /** * decorated given string with { and } * * @param str * @return */ public String decorate( String str ); } PlexusCipherException.java000066400000000000000000000021671161360074700360740ustar00rootroot00000000000000plexus-cipher-plexus-cipher-1.7/src/main/java/org/sonatype/plexus/components/cipher/** * Copyright (c) 2008 Sonatype, Inc. All rights reserved. * * This program is licensed to you under the Apache License Version 2.0, * and you may not use this file except in compliance with the Apache License Version 2.0. * You may obtain a copy of the Apache License Version 2.0 at http://www.apache.org/licenses/LICENSE-2.0. * * Unless required by applicable law or agreed to in writing, * software distributed under the Apache License Version 2.0 is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Apache License Version 2.0 for the specific language governing permissions and limitations there under. */ package org.sonatype.plexus.components.cipher; public class PlexusCipherException extends Exception { public PlexusCipherException() { } public PlexusCipherException( String message ) { super( message ); } public PlexusCipherException( Throwable cause ) { super( cause ); } public PlexusCipherException( String message, Throwable cause ) { super( message, cause ); } } plexus-cipher-plexus-cipher-1.7/src/main/resources/000077500000000000000000000000001161360074700224715ustar00rootroot00000000000000plexus-cipher-plexus-cipher-1.7/src/main/resources/META-INF/000077500000000000000000000000001161360074700236315ustar00rootroot00000000000000plexus-cipher-plexus-cipher-1.7/src/main/resources/META-INF/plexus/000077500000000000000000000000001161360074700251515ustar00rootroot00000000000000plexus-cipher-plexus-cipher-1.7/src/main/resources/META-INF/plexus/components.xml000066400000000000000000000006271161360074700300650ustar00rootroot00000000000000 org.sonatype.plexus.components.cipher.PlexusCipher default org.sonatype.plexus.components.cipher.DefaultPlexusCipher false plexus-cipher-plexus-cipher-1.7/src/test/000077500000000000000000000000001161360074700205125ustar00rootroot00000000000000plexus-cipher-plexus-cipher-1.7/src/test/java/000077500000000000000000000000001161360074700214335ustar00rootroot00000000000000plexus-cipher-plexus-cipher-1.7/src/test/java/org/000077500000000000000000000000001161360074700222225ustar00rootroot00000000000000plexus-cipher-plexus-cipher-1.7/src/test/java/org/sonatype/000077500000000000000000000000001161360074700240645ustar00rootroot00000000000000plexus-cipher-plexus-cipher-1.7/src/test/java/org/sonatype/plexus/000077500000000000000000000000001161360074700254045ustar00rootroot00000000000000plexus-cipher-plexus-cipher-1.7/src/test/java/org/sonatype/plexus/components/000077500000000000000000000000001161360074700275715ustar00rootroot00000000000000plexus-cipher-plexus-cipher-1.7/src/test/java/org/sonatype/plexus/components/cipher/000077500000000000000000000000001161360074700310435ustar00rootroot00000000000000DefaultPlexusCipherTest.java000066400000000000000000000144701161360074700364150ustar00rootroot00000000000000plexus-cipher-plexus-cipher-1.7/src/test/java/org/sonatype/plexus/components/cipher/** * Copyright (c) 2008 Sonatype, Inc. All rights reserved. * * This program is licensed to you under the Apache License Version 2.0, * and you may not use this file except in compliance with the Apache License Version 2.0. * You may obtain a copy of the Apache License Version 2.0 at http://www.apache.org/licenses/LICENSE-2.0. * * Unless required by applicable law or agreed to in writing, * software distributed under the Apache License Version 2.0 is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Apache License Version 2.0 for the specific language governing permissions and limitations there under. */ package org.sonatype.plexus.components.cipher; import org.sonatype.guice.bean.containers.InjectedTestCase; /** * Test the Plexus Cipher container * * @author Oleg Gusakov * @version $Id$ */ public class DefaultPlexusCipherTest extends InjectedTestCase { private String passPhrase = "testtest"; String str = "my testing phrase"; String encStr = "LFulS0pAlmMHpDtm+81oPcqctcwpco5p4Fo7640/gqDRifCahXBefG4FxgKcu17v"; DefaultPlexusCipher pc; // ------------------------------------------------------------- public void setUp() throws Exception { super.setUp(); pc = new DefaultPlexusCipher(); } public void testIsEncryptedString() { String noBraces = "This is a test"; String normalBraces = "Comment {This is a test} other comment with a: }"; String escapedBraces = "\\{This is a test\\}"; String mixedBraces = "Comment {foo\\{This is a test\\}} other comment with a: }"; assertFalse( pc.isEncryptedString( noBraces ) ); assertTrue( pc.isEncryptedString( normalBraces ) ); assertFalse( pc.isEncryptedString( escapedBraces ) ); assertTrue( pc.isEncryptedString( mixedBraces ) ); } public void testUnDecorate_BracesPermutations() throws PlexusCipherException { String noBraces = "This is a test"; String normalBraces = "Comment {This is a test} other comment with a: }"; String mixedBraces = "Comment {foo\\{This is a test\\}} other comment with a: }"; assertEquals( noBraces, pc.unDecorate( normalBraces ) ); assertEquals( "foo\\{" + noBraces + "\\}", pc.unDecorate( mixedBraces ) ); } // ------------------------------------------------------------- public void testDefaultAlgorithmExists() throws Exception { String[] res = DefaultPlexusCipher.getCryptoImpls( "Cipher" ); assertNotNull( "No Cipher providers found in the current environment", res ); System.out.println( "\n=== Available ciphers :" ); for ( int i = 0; i < res.length; i++ ) { System.out.println( res[i] ); } System.out.println( "====================" ); for ( int i = 0; i < res.length; i++ ) { String provider = res[i]; if ( PBECipher.KEY_ALG.equalsIgnoreCase( provider ) ) return; } throw new Exception( "Cannot find default algorithm " + PBECipher.KEY_ALG + " in the current environment." ); } // ------------------------------------------------------------- public void stestFindDefaultAlgorithm() throws Exception { String[] res = DefaultPlexusCipher.getServiceTypes(); assertNotNull( "No service types found in the current environment", res ); String[] impls = DefaultPlexusCipher.getCryptoImpls( "Cipher" ); assertNotNull( "No Cipher providers found in the current environment", impls ); for ( int i = 0; i < impls.length; i++ ) try { String provider = impls[i]; System.out.print( provider ); pc.encrypt( str, passPhrase ); System.out.println( "------------------> Success !!!!!!" ); } catch ( Exception e ) { System.out.println( e.getMessage() ); } } // ------------------------------------------------------------- public void testEncrypt() throws Exception { String xRes = pc.encrypt( str, passPhrase ); System.out.println( xRes ); String res = pc.decrypt( xRes, passPhrase ); assertEquals( "Encryption/Decryption did not produce desired result", str, res ); } // ------------------------------------------------------------- public void testEncryptVariableLengths() throws Exception { String xRes = null; String res = null; String pass = "g"; for ( int i = 0; i < 64; i++ ) { pass = pass + 'a'; xRes = pc.encrypt( str, pass ); System.out.println( pass.length() + ": " + xRes ); res = pc.decrypt( xRes, pass ); assertEquals( "Encryption/Decryption did not produce desired result", str, res ); } } // ------------------------------------------------------------- public void testDecrypt() throws Exception { String res = pc.decrypt( encStr, passPhrase ); assertEquals( "Decryption did not produce desired result", str, res ); } // ------------------------------------------------------------- public void testDecorate() throws Exception { String res = pc.decorate( "aaa" ); assertEquals( "Decoration failed", PlexusCipher.ENCRYPTED_STRING_DECORATION_START + "aaa" + PlexusCipher.ENCRYPTED_STRING_DECORATION_STOP, res ); } // ------------------------------------------------------------- public void testUnDecorate() throws Exception { String res = pc.unDecorate( PlexusCipher.ENCRYPTED_STRING_DECORATION_START + "aaa" + PlexusCipher.ENCRYPTED_STRING_DECORATION_STOP ); assertEquals( "Decoration failed", "aaa", res ); } // ------------------------------------------------------------- public void testEncryptAndDecorate() throws Exception { String res = pc.encryptAndDecorate( "my-password", "12345678" ); assertEquals( '{', res.charAt( 0 ) ); } // ------------------------------------------------------------- // ------------------------------------------------------------- } PBECipherTest.java000066400000000000000000000043031161360074700342300ustar00rootroot00000000000000plexus-cipher-plexus-cipher-1.7/src/test/java/org/sonatype/plexus/components/cipher/* Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ package org.sonatype.plexus.components.cipher; import java.util.Arrays; import java.util.Properties; import org.sonatype.guice.bean.containers.InjectedTestCase; /** * @author Oleg Gusakov * @version $Id$ */ public class PBECipherTest extends InjectedTestCase { PBECipher _cipher; String _cleatText = "veryOpenText"; String _encryptedText = "ibeHrdCOonkH7d7YnH7sarQLbwOk1ljkkM/z8hUhl4c="; String _password = "testtest"; protected void setUp() throws Exception { super.setUp(); _cipher = new PBECipher(); } public void testEncrypt() throws Exception { String enc = _cipher.encrypt64( _cleatText, _password ); assertNotNull( enc ); System.out.println( enc ); String enc2 = _cipher.encrypt64( _cleatText, _password ); assertNotNull( enc2 ); System.out.println( enc2 ); assertFalse( enc.equals( enc2 ) ); } public void testDecrypt() throws Exception { String clear = _cipher.decrypt64( _encryptedText, _password ); assertEquals( _cleatText, clear ); } public void testEncoding() throws Exception { System.out.println("file.encoding=" + System.getProperty("file.encoding")); String pwd = "äüöÜÖÄß\"§$%&/()=?é"; String encPwd = _cipher.encrypt64(pwd, pwd); String decPwd = _cipher.decrypt64(encPwd, pwd); assertEquals(pwd, decPwd); } }