You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sling.apache.org by ol...@apache.org on 2021/06/16 18:36:47 UTC

[sling-org-apache-sling-commons-crypto] branch master updated (e18da8a -> b1d5344)

This is an automated email from the ASF dual-hosted git repository.

olli pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-commons-crypto.git.


    from e18da8a  SLING-9700 Enable code coverage with JaCoCo
     new 6953cc1  move Web Console plugin to dedicated package
     new d446562  SLING-10495 Extend API by salt and secret key providers
     new b1d5344  SLING-10499 Provide a salt provider using a secure random number generator

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../{PasswordProvider.java => SaltProvider.java}   |  4 +-
 ...asswordProvider.java => SecretKeyProvider.java} |  6 +-
 ...Provider.java => SecureRandomSaltProvider.java} | 42 +++++++------
 ... => SecureRandomSaltProviderConfiguration.java} | 19 +++---
 .../apache/sling/commons/crypto/package-info.java  |  2 +-
 .../internal/EncryptWebConsolePlugin.java          |  4 +-
 .../internal/SecureRandomSaltProviderTest.java     | 68 ++++++++++++++++++++++
 ...iderIT.java => SecureRandomSaltProviderIT.java} | 27 +++++----
 8 files changed, 124 insertions(+), 48 deletions(-)
 copy src/main/java/org/apache/sling/commons/crypto/{PasswordProvider.java => SaltProvider.java} (93%)
 copy src/main/java/org/apache/sling/commons/crypto/{PasswordProvider.java => SecretKeyProvider.java} (89%)
 copy src/main/java/org/apache/sling/commons/crypto/internal/{EnvironmentVariablePasswordProvider.java => SecureRandomSaltProvider.java} (58%)
 copy src/main/java/org/apache/sling/commons/crypto/internal/{EnvironmentVariablePasswordProviderConfiguration.java => SecureRandomSaltProviderConfiguration.java} (72%)
 rename src/main/java/org/apache/sling/commons/crypto/{ => webconsole}/internal/EncryptWebConsolePlugin.java (98%)
 create mode 100644 src/test/java/org/apache/sling/commons/crypto/internal/SecureRandomSaltProviderTest.java
 copy src/test/java/org/apache/sling/commons/crypto/it/tests/{FilePasswordProviderIT.java => SecureRandomSaltProviderIT.java} (69%)

[sling-org-apache-sling-commons-crypto] 02/03: SLING-10495 Extend API by salt and secret key providers

Posted by ol...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

olli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-commons-crypto.git

commit d446562143ad5c96610565eec8bcfaabe3652b89
Author: Oliver Lietz <ol...@apache.org>
AuthorDate: Wed Jun 16 11:19:45 2021 +0200

    SLING-10495 Extend API by salt and secret key providers
---
 .../commons/crypto/{package-info.java => SaltProvider.java} | 11 +++++++++--
 .../crypto/{package-info.java => SecretKeyProvider.java}    | 13 +++++++++++--
 .../java/org/apache/sling/commons/crypto/package-info.java  |  2 +-
 3 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/src/main/java/org/apache/sling/commons/crypto/package-info.java b/src/main/java/org/apache/sling/commons/crypto/SaltProvider.java
similarity index 82%
copy from src/main/java/org/apache/sling/commons/crypto/package-info.java
copy to src/main/java/org/apache/sling/commons/crypto/SaltProvider.java
index 1727374..5b63b8e 100644
--- a/src/main/java/org/apache/sling/commons/crypto/package-info.java
+++ b/src/main/java/org/apache/sling/commons/crypto/SaltProvider.java
@@ -16,7 +16,14 @@
  * specific language governing permissions and limitations
  * under the License.
  */
-@Version("1.0.1")
 package org.apache.sling.commons.crypto;
 
-import org.osgi.annotation.versioning.Version;
+import org.jetbrains.annotations.NotNull;
+import org.osgi.annotation.versioning.ProviderType;
+
+@ProviderType
+public interface SaltProvider {
+
+    byte @NotNull [] getSalt();
+
+}
diff --git a/src/main/java/org/apache/sling/commons/crypto/package-info.java b/src/main/java/org/apache/sling/commons/crypto/SecretKeyProvider.java
similarity index 79%
copy from src/main/java/org/apache/sling/commons/crypto/package-info.java
copy to src/main/java/org/apache/sling/commons/crypto/SecretKeyProvider.java
index 1727374..e8f6a02 100644
--- a/src/main/java/org/apache/sling/commons/crypto/package-info.java
+++ b/src/main/java/org/apache/sling/commons/crypto/SecretKeyProvider.java
@@ -16,7 +16,16 @@
  * specific language governing permissions and limitations
  * under the License.
  */
-@Version("1.0.1")
 package org.apache.sling.commons.crypto;
 
-import org.osgi.annotation.versioning.Version;
+import javax.crypto.SecretKey;
+
+import org.jetbrains.annotations.NotNull;
+import org.osgi.annotation.versioning.ProviderType;
+
+@ProviderType
+public interface SecretKeyProvider {
+
+    @NotNull SecretKey getSecretKey();
+
+}
diff --git a/src/main/java/org/apache/sling/commons/crypto/package-info.java b/src/main/java/org/apache/sling/commons/crypto/package-info.java
index 1727374..82d2999 100644
--- a/src/main/java/org/apache/sling/commons/crypto/package-info.java
+++ b/src/main/java/org/apache/sling/commons/crypto/package-info.java
@@ -16,7 +16,7 @@
  * specific language governing permissions and limitations
  * under the License.
  */
-@Version("1.0.1")
+@Version("1.1.0")
 package org.apache.sling.commons.crypto;
 
 import org.osgi.annotation.versioning.Version;

[sling-org-apache-sling-commons-crypto] 01/03: move Web Console plugin to dedicated package

Posted by ol...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

olli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-commons-crypto.git

commit 6953cc189b3e0402888a23aea894f0105b3d5690
Author: Oliver Lietz <ol...@apache.org>
AuthorDate: Wed Jun 16 11:12:43 2021 +0200

    move Web Console plugin to dedicated package
---
 .../crypto/{ => webconsole}/internal/EncryptWebConsolePlugin.java     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/apache/sling/commons/crypto/internal/EncryptWebConsolePlugin.java b/src/main/java/org/apache/sling/commons/crypto/webconsole/internal/EncryptWebConsolePlugin.java
similarity index 98%
rename from src/main/java/org/apache/sling/commons/crypto/internal/EncryptWebConsolePlugin.java
rename to src/main/java/org/apache/sling/commons/crypto/webconsole/internal/EncryptWebConsolePlugin.java
index 7d9009c..9ef8560 100644
--- a/src/main/java/org/apache/sling/commons/crypto/internal/EncryptWebConsolePlugin.java
+++ b/src/main/java/org/apache/sling/commons/crypto/webconsole/internal/EncryptWebConsolePlugin.java
@@ -16,7 +16,7 @@
  * specific language governing permissions and limitations
  * under the License.
  */
-package org.apache.sling.commons.crypto.internal;
+package org.apache.sling.commons.crypto.webconsole.internal;
 
 import java.io.IOException;
 import java.io.PrintWriter;
@@ -60,7 +60,7 @@ public class EncryptWebConsolePlugin extends HttpServlet {
 
     private static final String PARAMETER_MESSAGE = "message";
 
-    private static final String ATTRIBUTE_CIPHERTEXT = "org.apache.sling.commons.crypto.internal.EncryptWebConsolePlugin.ciphertext";
+    private static final String ATTRIBUTE_CIPHERTEXT = "org.apache.sling.commons.crypto.webconsole.internal.EncryptWebConsolePlugin.ciphertext";
 
     public EncryptWebConsolePlugin() { //
     }

[sling-org-apache-sling-commons-crypto] 03/03: SLING-10499 Provide a salt provider using a secure random number generator

Posted by ol...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

olli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-commons-crypto.git

commit b1d5344ea65fd90886afa7a19afc856e7a92bf63
Author: Oliver Lietz <ol...@apache.org>
AuthorDate: Wed Jun 16 20:36:27 2021 +0200

    SLING-10499 Provide a salt provider using a secure random number generator
---
 .../crypto/internal/SecureRandomSaltProvider.java  | 86 ++++++++++++++++++++++
 .../SecureRandomSaltProviderConfiguration.java     | 49 ++++++++++++
 .../internal/SecureRandomSaltProviderTest.java     | 68 +++++++++++++++++
 .../it/tests/SecureRandomSaltProviderIT.java       | 68 +++++++++++++++++
 4 files changed, 271 insertions(+)

diff --git a/src/main/java/org/apache/sling/commons/crypto/internal/SecureRandomSaltProvider.java b/src/main/java/org/apache/sling/commons/crypto/internal/SecureRandomSaltProvider.java
new file mode 100644
index 0000000..e2695fe
--- /dev/null
+++ b/src/main/java/org/apache/sling/commons/crypto/internal/SecureRandomSaltProvider.java
@@ -0,0 +1,86 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.commons.crypto.internal;
+
+import java.io.IOException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.util.Objects;
+
+import org.apache.sling.commons.crypto.SaltProvider;
+import org.jetbrains.annotations.NotNull;
+import org.osgi.framework.Constants;
+import org.osgi.service.component.annotations.Activate;
+import org.osgi.service.component.annotations.Component;
+import org.osgi.service.component.annotations.Deactivate;
+import org.osgi.service.component.annotations.Modified;
+import org.osgi.service.metatype.annotations.Designate;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+@Component(
+    property = {
+        Constants.SERVICE_DESCRIPTION + "=Apache Sling Commons Crypto – SecureRandom Salt Provider",
+        Constants.SERVICE_VENDOR + "=The Apache Software Foundation"
+    }
+)
+@Designate(
+    ocd = SecureRandomSaltProviderConfiguration.class,
+    factory = true
+)
+public class SecureRandomSaltProvider implements SaltProvider {
+
+    private SecureRandom secureRandom;
+
+    private SecureRandomSaltProviderConfiguration configuration;
+
+    private final Logger logger = LoggerFactory.getLogger(SecureRandomSaltProvider.class);
+
+    public SecureRandomSaltProvider() { //
+    }
+
+    @Activate
+    protected void activate(final SecureRandomSaltProviderConfiguration configuration) throws IOException, NoSuchAlgorithmException {
+        logger.debug("activating");
+        this.configuration = configuration;
+        secureRandom = SecureRandom.getInstance(configuration.algorithm());
+
+    }
+
+    @Modified
+    protected void modified(final SecureRandomSaltProviderConfiguration configuration) throws IOException, NoSuchAlgorithmException {
+        logger.debug("modifying");
+        this.configuration = configuration;
+        secureRandom = SecureRandom.getInstance(configuration.algorithm());
+    }
+
+    @Deactivate
+    protected void deactivate() {
+        logger.debug("deactivating");
+    }
+
+    @Override
+    public byte @NotNull [] getSalt() {
+        Objects.requireNonNull(configuration, "Configuration must not be null");
+        final byte[] bytes = new byte[configuration.keyLength()];
+        secureRandom.nextBytes(bytes);
+        return bytes;
+    }
+
+}
diff --git a/src/main/java/org/apache/sling/commons/crypto/internal/SecureRandomSaltProviderConfiguration.java b/src/main/java/org/apache/sling/commons/crypto/internal/SecureRandomSaltProviderConfiguration.java
new file mode 100644
index 0000000..71306e4
--- /dev/null
+++ b/src/main/java/org/apache/sling/commons/crypto/internal/SecureRandomSaltProviderConfiguration.java
@@ -0,0 +1,49 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.commons.crypto.internal;
+
+import org.osgi.service.metatype.annotations.AttributeDefinition;
+import org.osgi.service.metatype.annotations.ObjectClassDefinition;
+
+@ObjectClassDefinition(
+    name = "Apache Sling Commons Crypto “SecureRandom Salt Provider”",
+    description = "Provides salts created from random bytes"
+)
+@interface SecureRandomSaltProviderConfiguration {
+
+    @AttributeDefinition(
+        name = "Names",
+        description = "names of this service",
+        required = false
+    )
+    String[] names() default {};
+
+    @AttributeDefinition(
+        name = "Algorithm",
+        description = "secure random number generation algorithm"
+    )
+    String algorithm() default "SHA1PRNG";
+
+    @AttributeDefinition(
+        name = "Key Length",
+        description = "length of the key"
+    )
+    int keyLength() default 8;
+
+}
diff --git a/src/test/java/org/apache/sling/commons/crypto/internal/SecureRandomSaltProviderTest.java b/src/test/java/org/apache/sling/commons/crypto/internal/SecureRandomSaltProviderTest.java
new file mode 100644
index 0000000..99972c3
--- /dev/null
+++ b/src/test/java/org/apache/sling/commons/crypto/internal/SecureRandomSaltProviderTest.java
@@ -0,0 +1,68 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.commons.crypto.internal;
+
+import java.io.IOException;
+import java.security.NoSuchAlgorithmException;
+
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+
+import static com.google.common.truth.Truth.assertThat;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+public class SecureRandomSaltProviderTest {
+
+    @Rule
+    public ExpectedException exception = ExpectedException.none();
+
+    @Test
+    public void testMissingConfiguration() throws IOException, NoSuchAlgorithmException {
+        final SecureRandomSaltProvider provider = new SecureRandomSaltProvider();
+        exception.expect(NullPointerException.class);
+        exception.expectMessage("Configuration must not be null");
+        provider.getSalt();
+    }
+
+    @Test
+    public void testComponentLifecycle() throws IOException, NoSuchAlgorithmException {
+        final SecureRandomSaltProvider provider = new SecureRandomSaltProvider();
+        { // activate
+            final SecureRandomSaltProviderConfiguration configuration = mock(SecureRandomSaltProviderConfiguration.class);
+            when(configuration.algorithm()).thenReturn("SHA1PRNG");
+            when(configuration.keyLength()).thenReturn(8);
+            provider.activate(configuration);
+            assertThat(provider.getSalt()).hasLength(8);
+        }
+        { // modified
+            final SecureRandomSaltProviderConfiguration configuration = mock(SecureRandomSaltProviderConfiguration.class);
+            when(configuration.algorithm()).thenReturn("SHA1PRNG");
+            when(configuration.keyLength()).thenReturn(16);
+            provider.modified(configuration);
+            assertThat(provider.getSalt()).hasLength(16);
+        }
+        { // deactivate
+            provider.deactivate();
+            assertThat(provider.getSalt()).hasLength(16);
+        }
+    }
+
+}
diff --git a/src/test/java/org/apache/sling/commons/crypto/it/tests/SecureRandomSaltProviderIT.java b/src/test/java/org/apache/sling/commons/crypto/it/tests/SecureRandomSaltProviderIT.java
new file mode 100644
index 0000000..69f41e9
--- /dev/null
+++ b/src/test/java/org/apache/sling/commons/crypto/it/tests/SecureRandomSaltProviderIT.java
@@ -0,0 +1,68 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.commons.crypto.it.tests;
+
+import javax.inject.Inject;
+
+import org.apache.sling.commons.crypto.SaltProvider;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.ops4j.pax.exam.Configuration;
+import org.ops4j.pax.exam.Option;
+import org.ops4j.pax.exam.junit.PaxExam;
+import org.ops4j.pax.exam.spi.reactors.ExamReactorStrategy;
+import org.ops4j.pax.exam.spi.reactors.PerClass;
+import org.ops4j.pax.exam.util.Filter;
+
+import static com.google.common.truth.Truth.assertThat;
+import static org.ops4j.pax.exam.CoreOptions.options;
+import static org.ops4j.pax.exam.cm.ConfigurationAdminOptions.factoryConfiguration;
+
+@RunWith(PaxExam.class)
+@ExamReactorStrategy(PerClass.class)
+public class SecureRandomSaltProviderIT extends CryptoTestSupport {
+
+    @Inject
+    @Filter(value = "(names=secure random)")
+    private SaltProvider saltProvider;
+
+    @Configuration
+    public Option[] configuration() {
+        return options(
+            baseConfiguration(),
+            factoryConfiguration("org.apache.sling.commons.crypto.internal.SecureRandomSaltProvider")
+                .put("names", "secure random")
+                .put("keyLength", 32)
+                .asOption()
+        );
+    }
+
+    @Test
+    public void testSaltProvider() {
+        assertThat(saltProvider).isNotNull();
+    }
+
+    @Test
+    public void testSalt() {
+        final byte[] salt = saltProvider.getSalt();
+        assertThat(salt).isNotNull();
+        assertThat(salt).hasLength(32);
+    }
+
+}