You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by rf...@apache.org on 2013/10/06 22:25:56 UTC
svn commit: r1529677 - in /maven/release/trunk/maven-release-manager/src:
main/java/org/apache/maven/shared/release/config/PropertiesReleaseDescriptorStore.java
test/java/org/apache/maven/shared/release/config/PropertiesReleaseDescriptorStoreTest.java
Author: rfscholte
Date: Sun Oct 6 20:25:56 2013
New Revision: 1529677
URL: http://svn.apache.org/r1529677
Log:
[MRELEASE-846] m2 release plugin exposes SCM password in release.properties file
Modified:
maven/release/trunk/maven-release-manager/src/main/java/org/apache/maven/shared/release/config/PropertiesReleaseDescriptorStore.java
maven/release/trunk/maven-release-manager/src/test/java/org/apache/maven/shared/release/config/PropertiesReleaseDescriptorStoreTest.java
Modified: maven/release/trunk/maven-release-manager/src/main/java/org/apache/maven/shared/release/config/PropertiesReleaseDescriptorStore.java
URL: http://svn.apache.org/viewvc/maven/release/trunk/maven-release-manager/src/main/java/org/apache/maven/shared/release/config/PropertiesReleaseDescriptorStore.java?rev=1529677&r1=1529676&r2=1529677&view=diff
==============================================================================
--- maven/release/trunk/maven-release-manager/src/main/java/org/apache/maven/shared/release/config/PropertiesReleaseDescriptorStore.java (original)
+++ maven/release/trunk/maven-release-manager/src/main/java/org/apache/maven/shared/release/config/PropertiesReleaseDescriptorStore.java Sun Oct 6 20:25:56 2013
@@ -19,11 +19,6 @@ package org.apache.maven.shared.release.
* under the License.
*/
-import org.apache.maven.model.Scm;
-import org.apache.maven.shared.release.scm.IdentifiedScm;
-import org.codehaus.plexus.logging.AbstractLogEnabled;
-import org.codehaus.plexus.util.IOUtil;
-
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
@@ -37,6 +32,17 @@ import java.util.Map.Entry;
import java.util.Properties;
import java.util.Set;
+import org.apache.maven.model.Scm;
+import org.apache.maven.shared.release.scm.IdentifiedScm;
+import org.codehaus.plexus.logging.AbstractLogEnabled;
+import org.codehaus.plexus.util.IOUtil;
+import org.sonatype.plexus.components.cipher.DefaultPlexusCipher;
+import org.sonatype.plexus.components.cipher.PlexusCipherException;
+import org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher;
+import org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException;
+import org.sonatype.plexus.components.sec.dispatcher.SecUtil;
+import org.sonatype.plexus.components.sec.dispatcher.model.SettingsSecurity;
+
/**
* Read and write release configuration and state from a properties file.
*
@@ -47,6 +53,16 @@ public class PropertiesReleaseDescriptor
extends AbstractLogEnabled
implements ReleaseDescriptorStore
{
+
+ /**
+ * When this plugin requires Maven 3.0 as minimum, this component can be removed and o.a.m.s.c.SettingsDecrypter be
+ * used instead.
+ *
+ * @plexus.requirement role="org.sonatype.plexus.components.sec.dispatcher.SecDispatcher" role-hint="mng-4384"
+ */
+
+ private DefaultSecDispatcher secDispatcher;
+
public ReleaseDescriptor read( ReleaseDescriptor mergeDescriptor )
throws ReleaseDescriptorStoreException
{
@@ -130,7 +146,24 @@ public class PropertiesReleaseDescriptor
}
if ( config.getScmPassword() != null )
{
- properties.setProperty( "scm.password", config.getScmPassword() );
+ String password = config.getScmPassword();
+ try
+ {
+ password = encryptAndDecorate( password );
+ }
+ catch ( IllegalStateException e )
+ {
+ getLogger().debug( e.getMessage() );
+ }
+ catch ( SecDispatcherException e )
+ {
+ getLogger().debug( e.getMessage() );
+ }
+ catch ( PlexusCipherException e )
+ {
+ getLogger().debug( e.getMessage() );
+ }
+ properties.setProperty( "scm.password", password );
}
if ( config.getScmPrivateKey() != null )
{
@@ -138,7 +171,24 @@ public class PropertiesReleaseDescriptor
}
if ( config.getScmPrivateKeyPassPhrase() != null )
{
- properties.setProperty( "scm.passphrase", config.getScmPrivateKeyPassPhrase() );
+ String passPhrase = config.getScmPrivateKeyPassPhrase();
+ try
+ {
+ passPhrase = encryptAndDecorate( passPhrase );
+ }
+ catch ( IllegalStateException e )
+ {
+ getLogger().debug( e.getMessage() );
+ }
+ catch ( SecDispatcherException e )
+ {
+ getLogger().debug( e.getMessage() );
+ }
+ catch ( PlexusCipherException e )
+ {
+ getLogger().debug( e.getMessage() );
+ }
+ properties.setProperty( "scm.passphrase", passPhrase );
}
if ( config.getScmTagBase() != null )
{
@@ -286,5 +336,35 @@ public class PropertiesReleaseDescriptor
{
return new File( mergeDescriptor.getWorkingDirectory(), "release.properties" );
}
+
+ // From org.apache.maven.cli.MavenCli.encryption(CliRequest)
+ private String encryptAndDecorate( String passwd ) throws IllegalStateException, SecDispatcherException, PlexusCipherException
+ {
+ String configurationFile = secDispatcher.getConfigurationFile();
+
+ if ( configurationFile.startsWith( "~" ) )
+ {
+ configurationFile = System.getProperty( "user.home" ) + configurationFile.substring( 1 );
+ }
+
+ String file = System.getProperty( DefaultSecDispatcher.SYSTEM_PROPERTY_SEC_LOCATION, configurationFile );
+
+ String master = null;
+
+ SettingsSecurity sec = SecUtil.read( file, true );
+ if ( sec != null )
+ {
+ master = sec.getMaster();
+ }
+
+ if ( master == null )
+ {
+ throw new IllegalStateException( "Master password is not set in the setting security file: " + file );
+ }
+
+ DefaultPlexusCipher cipher = new DefaultPlexusCipher();
+ String masterPasswd = cipher.decryptDecorated( master, DefaultSecDispatcher.SYSTEM_PROPERTY_SEC_LOCATION );
+ return cipher.encryptAndDecorate( passwd, masterPasswd );
+ }
}
Modified: maven/release/trunk/maven-release-manager/src/test/java/org/apache/maven/shared/release/config/PropertiesReleaseDescriptorStoreTest.java
URL: http://svn.apache.org/viewvc/maven/release/trunk/maven-release-manager/src/test/java/org/apache/maven/shared/release/config/PropertiesReleaseDescriptorStoreTest.java?rev=1529677&r1=1529676&r2=1529677&view=diff
==============================================================================
--- maven/release/trunk/maven-release-manager/src/test/java/org/apache/maven/shared/release/config/PropertiesReleaseDescriptorStoreTest.java (original)
+++ maven/release/trunk/maven-release-manager/src/test/java/org/apache/maven/shared/release/config/PropertiesReleaseDescriptorStoreTest.java Sun Oct 6 20:25:56 2013
@@ -22,6 +22,7 @@ package org.apache.maven.shared.release.
import org.apache.maven.shared.release.phase.AbstractReleaseTestCase;
import org.apache.maven.shared.release.scm.IdentifiedScm;
import org.codehaus.plexus.PlexusTestCase;
+import org.sonatype.plexus.components.sec.dispatcher.SecDispatcher;
import java.io.File;
import java.io.IOException;
@@ -35,12 +36,15 @@ public class PropertiesReleaseDescriptor
extends PlexusTestCase
{
private PropertiesReleaseDescriptorStore store;
+
+ private SecDispatcher secDispatcher;
protected void setUp()
throws Exception
{
super.setUp();
store = (PropertiesReleaseDescriptorStore) lookup( ReleaseDescriptorStore.ROLE, "properties" );
+ secDispatcher = (SecDispatcher) lookup( SecDispatcher.ROLE, "mng-4384" );
}
public void testReadFromFile()
@@ -111,7 +115,7 @@ public class PropertiesReleaseDescriptor
}
public void testWriteToNewFile()
- throws ReleaseDescriptorStoreException
+ throws Exception
{
File file = getTestFile( "target/test-classes/new-release.properties" );
file.delete();
@@ -122,6 +126,9 @@ public class PropertiesReleaseDescriptor
store.write( config, file );
ReleaseDescriptor rereadDescriptor = store.read( file );
+
+ assertAndAdjustScmPassword( config, rereadDescriptor );
+ assertAndAdjustScmPrivateKeyPassPhrase( config, rereadDescriptor );
assertEquals( "compare configuration", config, rereadDescriptor );
}
@@ -141,7 +148,10 @@ public class PropertiesReleaseDescriptor
ReleaseDescriptor rereadDescriptor = store.read( file );
rereadDescriptor.setWorkingDirectory( AbstractReleaseTestCase.getPath( file.getParentFile() ) );
-
+
+ assertAndAdjustScmPassword( config, rereadDescriptor );
+ assertAndAdjustScmPrivateKeyPassPhrase( config, rereadDescriptor );
+
assertEquals( "compare configuration", config, rereadDescriptor );
}
@@ -219,7 +229,7 @@ public class PropertiesReleaseDescriptor
}
public void testOverwriteFile()
- throws ReleaseDescriptorStoreException
+ throws Exception
{
File file = getTestFile( "target/test-classes/rewrite-release.properties" );
assertTrue( "Check file already exists", file.exists() );
@@ -229,6 +239,9 @@ public class PropertiesReleaseDescriptor
store.write( config, file );
ReleaseDescriptor rereadDescriptor = store.read( file );
+
+ assertAndAdjustScmPassword( config, rereadDescriptor );
+ assertAndAdjustScmPrivateKeyPassPhrase( config, rereadDescriptor );
assertEquals( "compare configuration", config, rereadDescriptor );
}
@@ -345,6 +358,38 @@ public class PropertiesReleaseDescriptor
return releaseDescriptor;
}
+
+ private void assertAndAdjustScmPassword( ReleaseDescriptor expected, ReleaseDescriptor original )
+ throws Exception
+ {
+ String expectedPassword = expected.getScmPassword();
+ String originalPassword = original.getScmPassword();
+
+ // encrypting the same password twice doesn't have to be the same result
+ if ( expectedPassword != null ? !expectedPassword.equals( originalPassword ) : originalPassword != null )
+ {
+ assertEquals( secDispatcher.decrypt( expectedPassword ), secDispatcher.decrypt( originalPassword ) );
+
+ expected.setScmPassword( originalPassword );
+ }
+ assertEquals( expected.getScmPassword(), original.getScmPassword() );
+ }
+
+ private void assertAndAdjustScmPrivateKeyPassPhrase( ReleaseDescriptor expected, ReleaseDescriptor original )
+ throws Exception
+ {
+ String expectedPassPhrase = expected.getScmPrivateKeyPassPhrase();
+ String originalPassPhrase = original.getScmPrivateKeyPassPhrase();
+
+ // encrypting the same passphrase twice doesn't have to be the same result
+ if ( expectedPassPhrase != null ? !expectedPassPhrase.equals( originalPassPhrase ) : originalPassPhrase != null )
+ {
+ assertEquals( secDispatcher.decrypt( expectedPassPhrase ), secDispatcher.decrypt( originalPassPhrase ) );
+
+ expected.setScmPrivateKeyPassPhrase( originalPassPhrase );
+ }
+ assertEquals( expected.getScmPrivateKeyPassPhrase(), original.getScmPrivateKeyPassPhrase() );
+ }
private ReleaseDescriptor createExpectedReleaseConfiguration()
{