plexus-cipher 3.0.0

pom.xml

@@ -9,7 +9,7 @@
   </parent>
 
   <artifactId>plexus-cipher</artifactId>
-  <version>2.1.1-SNAPSHOT</version>
+  <version>3.0.0-SNAPSHOT</version>
 
   <name>Plexus Cipher: encryption/decryption Component</name>
 
@@ -60,7 +60,7 @@
         <artifactId>maven-surefire-plugin</artifactId>
         <executions>
           <execution>
-            <id>utf8</id>
+            <id>default-test</id>
             <goals>
               <goal>test</goal>
             </goals>

src/main/java/org/sonatype/plexus/components/cipher/DefaultPlexusCipher.java

@@ -22,16 +22,13 @@
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
-import org.eclipse.sisu.Typed;
-
 /**
  * Default implementation of {@link PlexusCipher}. This class is thread safe.
  *
  * @author Oleg Gusakov
  */
 @Singleton
-@Named("default")
-@Typed(PlexusCipher.class)
+@Named
 public class DefaultPlexusCipher implements PlexusCipher {
     private static final Pattern ENCRYPTED_STRING_PATTERN = Pattern.compile(".*?[^\\\\]?\\{(.*?[^\\\\])\\}.*");
 
@@ -45,7 +42,7 @@ public DefaultPlexusCipher() {
     // ---------------------------------------------------------------
     @Override
     public String encrypt(final String str, final String passPhrase) throws PlexusCipherException {
-        if (str == null || str.length() < 1) {
+        if (str == null || str.isEmpty()) {
             return str;
         }
 
@@ -61,7 +58,7 @@ public String encryptAndDecorate(final String str, final String passPhrase) thro
     // ---------------------------------------------------------------
     @Override
     public String decrypt(final String str, final String passPhrase) throws PlexusCipherException {
-        if (str == null || str.length() < 1) {
+        if (str == null || str.isEmpty()) {
             return str;
         }
 
@@ -71,7 +68,7 @@ public String decrypt(final String str, final String passPhrase) throws PlexusCi
     // ---------------------------------------------------------------
     @Override
     public String decryptDecorated(final String str, final String passPhrase) throws PlexusCipherException {
-        if (str == null || str.length() < 1) {
+        if (str == null || str.isEmpty()) {
             return str;
         }
 
@@ -85,7 +82,7 @@ public String decryptDecorated(final String str, final String passPhrase) throws
     // ----------------------------------------------------------------------------
     @Override
     public boolean isEncryptedString(final String str) {
-        if (str == null || str.length() < 1) {
+        if (str == null || str.isEmpty()) {
             return false;
         }
 
@@ -98,11 +95,10 @@ public boolean isEncryptedString(final String str) {
     @Override
     public String unDecorate(final String str) throws PlexusCipherException {
         Matcher matcher = ENCRYPTED_STRING_PATTERN.matcher(str);
-
         if (matcher.matches() || matcher.find()) {
             return matcher.group(1);
         } else {
-            throw new PlexusCipherException("default.plexus.cipher.badEncryptedPassword");
+            throw new PlexusCipherException("Malformed decorated string");
         }
     }
 

src/main/java/org/sonatype/plexus/components/cipher/PBECipher.java

@@ -22,10 +22,12 @@ Licensed to the Apache Software Foundation (ASF) under one
 import javax.crypto.Cipher;
 import javax.crypto.NoSuchPaddingException;
 import javax.crypto.SecretKeyFactory;
-import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.GCMParameterSpec;
 import javax.crypto.spec.PBEKeySpec;
 import javax.crypto.spec.SecretKeySpec;
 
+import java.nio.charset.Charset;
+import java.nio.charset.StandardCharsets;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
@@ -40,24 +42,13 @@ Licensed to the Apache Software Foundation (ASF) under one
  * @author Oleg Gusakov
  */
 public class PBECipher {
-    protected static final String STRING_ENCODING = "UTF8";
-
+    protected static final Charset STRING_ENCODING = StandardCharsets.UTF_8;
     protected static final int SPICE_SIZE = 16;
-
     protected static final int SALT_SIZE = 8;
-
     protected static final int CHUNK_SIZE = 16;
-
-    protected static final byte WIPER = 0;
-
-    protected static final String DIGEST_ALG = "SHA-256";
-
     protected static final String KEY_ALG = "AES";
-
-    protected static final String CIPHER_ALG = "AES/CBC/PKCS5Padding";
-
+    protected static final String CIPHER_ALG = "AES/GCM/NoPadding";
     protected static final int PBE_ITERATIONS = 310000;
-
     private static final SecureRandom _secureRandom = new SecureRandom();
 
     // ---------------------------------------------------------------
@@ -95,7 +86,7 @@ public String encrypt64(final String clearText, final String password) throws Pl
 
             return Base64.getEncoder().encodeToString(allEncryptedBytes);
         } catch (Exception e) {
-            throw new PlexusCipherException(e);
+            throw new PlexusCipherException(e.getMessage(), e);
         }
     }
 
@@ -122,7 +113,7 @@ public String decrypt64(final String encryptedText, final String password) throw
 
             return new String(clearBytes, STRING_ENCODING);
         } catch (Exception e) {
-            throw new PlexusCipherException(e);
+            throw new PlexusCipherException(e.getMessage(), e);
         }
     }
     // -------------------------------------------------------------------------------
@@ -131,7 +122,7 @@ private Cipher createCipher(final char[] pwd, byte[] salt, final int mode)
                     InvalidAlgorithmParameterException, InvalidKeySpecException {
 
         KeySpec spec = new PBEKeySpec(pwd, salt, PBE_ITERATIONS, SPICE_SIZE * 16);
-        SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
+        SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512");
         byte[] keyAndIv = factory.generateSecret(spec).getEncoded();
 
         byte[] key = new byte[SPICE_SIZE];
@@ -144,7 +135,7 @@ private Cipher createCipher(final char[] pwd, byte[] salt, final int mode)
 
         Cipher cipher = Cipher.getInstance(CIPHER_ALG);
 
-        cipher.init(mode, new SecretKeySpec(key, KEY_ALG), new IvParameterSpec(iv));
+        cipher.init(mode, new SecretKeySpec(key, KEY_ALG), new GCMParameterSpec(128, iv));
 
         return cipher;
     }

src/main/java/org/sonatype/plexus/components/cipher/PlexusCipher.java

@@ -16,9 +16,9 @@
  * @author Oleg Gusakov
  */
 public interface PlexusCipher {
-    char ENCRYPTED_STRING_DECORATION_START = '{';
+    String ENCRYPTED_STRING_DECORATION_START = "{";
 
-    char ENCRYPTED_STRING_DECORATION_STOP = '}';
+    String ENCRYPTED_STRING_DECORATION_STOP = "}";
 
     /**
      * encrypt given string with the given passPhrase and encode it into base64

src/main/java/org/sonatype/plexus/components/cipher/PlexusCipherException.java

@@ -12,17 +12,11 @@
  */
 package org.sonatype.plexus.components.cipher;
 
-public class PlexusCipherException extends Exception {
-    public PlexusCipherException() {}
-
+public class PlexusCipherException extends RuntimeException {
     public PlexusCipherException(String message) {
         super(message);
     }
 
-    public PlexusCipherException(Throwable cause) {
-        super(cause);
-    }
-
     public PlexusCipherException(String message, Throwable cause) {
         super(message, cause);
     }

src/test/java/org/sonatype/plexus/components/cipher/DefaultPlexusCipherTest.java

@@ -13,6 +13,7 @@
 package org.sonatype.plexus.components.cipher;
 
 import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Disabled;
 import org.junit.jupiter.api.Test;
 
 import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
@@ -31,7 +32,7 @@ class DefaultPlexusCipherTest {
 
     final String str = "my testing phrase";
 
-    final String encStr = "cYrPoOelYU0HGlsn3nERAIyiLVVgnsn/KC5ZqeAPG0beOZCYrFwWwBTp3uyxt/yx";
+    final String encStr = "cQupsZrOFpkGa7Ce/vdwr3a0Zun/X5VHsqXhnZOnhKB6VtTu7mfyI5gtycUsG3Fy";
     PlexusCipher pc;
 
     @BeforeEach
@@ -88,6 +89,7 @@ void testDefaultAlgorithmExists() throws Exception {
 
     // -------------------------------------------------------------
 
+    @Disabled("This test is not really a test")
     @Test
     void stestFindDefaultAlgorithm() {
         String[] res = DefaultPlexusCipher.getServiceTypes();

src/test/java/org/sonatype/plexus/components/cipher/PBECipherTest.java

@@ -34,7 +34,7 @@ class PBECipherTest {
 
     final String clearText = "veryOpenText";
 
-    final String encryptedText = "F7eMV2QRQF4H0ODCA1nrTGUWacCXVvPemSjaQjGbO6U=";
+    final String encryptedText = "ce/l2ofOiSELRT1WAjOyNoZbG+2FQcrlOKEdDr5mi6esyR2LfvBY855yxW5bqHZi";
 
     final String password = "testtest";