codehaus-plexus · cstamas · Sep 28, 2024 · Sep 27, 2024 · Sep 27, 2024 · Sep 27, 2024
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
@@ -23,6 +23,8 @@ jobs:
   build:
     name: Build it
     uses: codehaus-plexus/.github/.github/workflows/maven.yml@master
+    with:
+      jdk-matrix: '[ "23", "21", "17" ]'
 
   deploy:
     name: Deploy

diff --git a/pom.xml b/pom.xml
@@ -9,7 +9,7 @@
   </parent>
 
   <artifactId>plexus-cipher</artifactId>
-  <version>2.1.1-SNAPSHOT</version>
+  <version>3.0.0-SNAPSHOT</version>
 
   <name>Plexus Cipher: encryption/decryption Component</name>
 
@@ -31,6 +31,7 @@
   </distributionManagement>
 
   <properties>
+    <javaVersion>17</javaVersion>
     <project.build.outputTimestamp>2023-10-21T21:30:57Z</project.build.outputTimestamp>
   </properties>
 
@@ -39,6 +40,7 @@
       <groupId>javax.inject</groupId>
       <artifactId>javax.inject</artifactId>
       <version>1</version>
+      <scope>provided</scope>
     </dependency>
     <dependency>
       <groupId>org.eclipse.sisu</groupId>
@@ -60,7 +62,7 @@
         <artifactId>maven-surefire-plugin</artifactId>
         <executions>
           <execution>
-            <id>utf8</id>
+            <id>default-test</id>
             <goals>
               <goal>test</goal>
             </goals>

diff --git a/...lexus/components/cipher/PlexusCipher.java → ...lexus/components/cipher/PlexusCipher.java b/...lexus/components/cipher/PlexusCipher.java → ...lexus/components/cipher/PlexusCipher.java
@@ -10,16 +10,12 @@
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the Apache License Version 2.0 for the specific language governing permissions and limitations there under.
  */
-package org.sonatype.plexus.components.cipher;
+package org.codehaus.plexus.components.cipher;
 
 /**
  * @author Oleg Gusakov
  */
 public interface PlexusCipher {
-    char ENCRYPTED_STRING_DECORATION_START = '{';
-
-    char ENCRYPTED_STRING_DECORATION_STOP = '}';
-
     /**
      * encrypt given string with the given passPhrase and encode it into base64
      *

diff --git a/...ponents/cipher/PlexusCipherException.java → ...ponents/cipher/PlexusCipherException.java b/...ponents/cipher/PlexusCipherException.java → ...ponents/cipher/PlexusCipherException.java
@@ -10,19 +10,13 @@
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the Apache License Version 2.0 for the specific language governing permissions and limitations there under.
  */
-package org.sonatype.plexus.components.cipher;
-
-public class PlexusCipherException extends Exception {
-    public PlexusCipherException() {}
+package org.codehaus.plexus.components.cipher;
 
+public class PlexusCipherException extends RuntimeException {
     public PlexusCipherException(String message) {
         super(message);
     }
 
-    public PlexusCipherException(Throwable cause) {
-        super(cause);
-    }
-
     public PlexusCipherException(String message, Throwable cause) {
         super(message, cause);
     }

diff --git a/...omponents/cipher/DefaultPlexusCipher.java → .../cipher/internal/DefaultPlexusCipher.java b/...omponents/cipher/DefaultPlexusCipher.java → .../cipher/internal/DefaultPlexusCipher.java
@@ -10,7 +10,7 @@
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the Apache License Version 2.0 for the specific language governing permissions and limitations there under.
  */
-package org.sonatype.plexus.components.cipher;
+package org.codehaus.plexus.components.cipher.internal;
 
 import javax.inject.Named;
 import javax.inject.Singleton;
@@ -22,18 +22,20 @@
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
-import org.eclipse.sisu.Typed;
+import org.codehaus.plexus.components.cipher.PlexusCipher;
+import org.codehaus.plexus.components.cipher.PlexusCipherException;
 
 /**
  * Default implementation of {@link PlexusCipher}. This class is thread safe.
  *
  * @author Oleg Gusakov
  */
 @Singleton
-@Named("default")
-@Typed(PlexusCipher.class)
+@Named
 public class DefaultPlexusCipher implements PlexusCipher {
     private static final Pattern ENCRYPTED_STRING_PATTERN = Pattern.compile(".*?[^\\\\]?\\{(.*?[^\\\\])\\}.*");
+    private static final String ENCRYPTED_STRING_DECORATION_START = "{";
+    private static final String ENCRYPTED_STRING_DECORATION_STOP = "}";
 
     private final PBECipher _cipher;
 
@@ -45,7 +47,7 @@ public DefaultPlexusCipher() {
     // ---------------------------------------------------------------
     @Override
     public String encrypt(final String str, final String passPhrase) throws PlexusCipherException {
-        if (str == null || str.length() < 1) {
+        if (str == null || str.isEmpty()) {
             return str;
         }
 
@@ -61,7 +63,7 @@ public String encryptAndDecorate(final String str, final String passPhrase) thro
     // ---------------------------------------------------------------
     @Override
     public String decrypt(final String str, final String passPhrase) throws PlexusCipherException {
-        if (str == null || str.length() < 1) {
+        if (str == null || str.isEmpty()) {
             return str;
         }
 
@@ -71,7 +73,7 @@ public String decrypt(final String str, final String passPhrase) throws PlexusCi
     // ---------------------------------------------------------------
     @Override
     public String decryptDecorated(final String str, final String passPhrase) throws PlexusCipherException {
-        if (str == null || str.length() < 1) {
+        if (str == null || str.isEmpty()) {
             return str;
         }
 
@@ -85,7 +87,7 @@ public String decryptDecorated(final String str, final String passPhrase) throws
     // ----------------------------------------------------------------------------
     @Override
     public boolean isEncryptedString(final String str) {
-        if (str == null || str.length() < 1) {
+        if (str == null || str.isEmpty()) {
             return false;
         }
 
@@ -98,11 +100,10 @@ public boolean isEncryptedString(final String str) {
     @Override
     public String unDecorate(final String str) throws PlexusCipherException {
         Matcher matcher = ENCRYPTED_STRING_PATTERN.matcher(str);
-
         if (matcher.matches() || matcher.find()) {
             return matcher.group(1);
         } else {
-            throw new PlexusCipherException("default.plexus.cipher.badEncryptedPassword");
+            throw new PlexusCipherException("Malformed decorated string");
         }
     }
 

diff --git a/...e/plexus/components/cipher/PBECipher.java → ...components/cipher/internal/PBECipher.java b/...e/plexus/components/cipher/PBECipher.java → ...components/cipher/internal/PBECipher.java
@@ -17,15 +17,17 @@ Licensed to the Apache Software Foundation (ASF) under one
 under the License.
  */
 
-package org.sonatype.plexus.components.cipher;
+package org.codehaus.plexus.components.cipher.internal;
 
 import javax.crypto.Cipher;
 import javax.crypto.NoSuchPaddingException;
 import javax.crypto.SecretKeyFactory;
-import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.GCMParameterSpec;
 import javax.crypto.spec.PBEKeySpec;
 import javax.crypto.spec.SecretKeySpec;
 
+import java.nio.charset.Charset;
+import java.nio.charset.StandardCharsets;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
@@ -34,30 +36,21 @@ Licensed to the Apache Software Foundation (ASF) under one
 import java.security.spec.KeySpec;
 import java.util.Base64;
 
+import org.codehaus.plexus.components.cipher.PlexusCipherException;
+
 /**
  * This class is thread-safe.
  *
  * @author Oleg Gusakov
  */
 public class PBECipher {
-    protected static final String STRING_ENCODING = "UTF8";
-
+    protected static final Charset STRING_ENCODING = StandardCharsets.UTF_8;
     protected static final int SPICE_SIZE = 16;
-
     protected static final int SALT_SIZE = 8;
-
     protected static final int CHUNK_SIZE = 16;
-
-    protected static final byte WIPER = 0;
-
-    protected static final String DIGEST_ALG = "SHA-256";
-
     protected static final String KEY_ALG = "AES";
-
-    protected static final String CIPHER_ALG = "AES/CBC/PKCS5Padding";
-
+    protected static final String CIPHER_ALG = "AES/GCM/NoPadding";
     protected static final int PBE_ITERATIONS = 310000;
-
     private static final SecureRandom _secureRandom = new SecureRandom();
 
     // ---------------------------------------------------------------
@@ -95,7 +88,7 @@ public String encrypt64(final String clearText, final String password) throws Pl
 
             return Base64.getEncoder().encodeToString(allEncryptedBytes);
         } catch (Exception e) {
-            throw new PlexusCipherException(e);
+            throw new PlexusCipherException(e.getMessage(), e);
         }
     }
 
@@ -122,7 +115,7 @@ public String decrypt64(final String encryptedText, final String password) throw
 
             return new String(clearBytes, STRING_ENCODING);
         } catch (Exception e) {
-            throw new PlexusCipherException(e);
+            throw new PlexusCipherException(e.getMessage(), e);
         }
     }
     // -------------------------------------------------------------------------------
@@ -131,7 +124,7 @@ private Cipher createCipher(final char[] pwd, byte[] salt, final int mode)
                     InvalidAlgorithmParameterException, InvalidKeySpecException {
 
         KeySpec spec = new PBEKeySpec(pwd, salt, PBE_ITERATIONS, SPICE_SIZE * 16);
-        SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
+        SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512");
         byte[] keyAndIv = factory.generateSecret(spec).getEncoded();
 
         byte[] key = new byte[SPICE_SIZE];
@@ -144,7 +137,7 @@ private Cipher createCipher(final char[] pwd, byte[] salt, final int mode)
 
         Cipher cipher = Cipher.getInstance(CIPHER_ALG);
 
-        cipher.init(mode, new SecretKeySpec(key, KEY_ALG), new IvParameterSpec(iv));
+        cipher.init(mode, new SecretKeySpec(key, KEY_ALG), new GCMParameterSpec(128, iv));
 
         return cipher;
     }

diff --git a/...nents/cipher/DefaultPlexusCipherTest.java → ...her/internal/DefaultPlexusCipherTest.java b/...nents/cipher/DefaultPlexusCipherTest.java → ...her/internal/DefaultPlexusCipherTest.java
@@ -10,9 +10,12 @@
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the Apache License Version 2.0 for the specific language governing permissions and limitations there under.
  */
-package org.sonatype.plexus.components.cipher;
+package org.codehaus.plexus.components.cipher.internal;
 
+import org.codehaus.plexus.components.cipher.PlexusCipher;
+import org.codehaus.plexus.components.cipher.PlexusCipherException;
 import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Disabled;
 import org.junit.jupiter.api.Test;
 
 import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
@@ -31,7 +34,7 @@ class DefaultPlexusCipherTest {
 
     final String str = "my testing phrase";
 
-    final String encStr = "cYrPoOelYU0HGlsn3nERAIyiLVVgnsn/KC5ZqeAPG0beOZCYrFwWwBTp3uyxt/yx";
+    final String encStr = "cQupsZrOFpkGa7Ce/vdwr3a0Zun/X5VHsqXhnZOnhKB6VtTu7mfyI5gtycUsG3Fy";
     PlexusCipher pc;
 
     @BeforeEach
@@ -88,6 +91,7 @@ void testDefaultAlgorithmExists() throws Exception {
 
     // -------------------------------------------------------------
 
+    @Disabled("This test is not really a test")
     @Test
     void stestFindDefaultAlgorithm() {
         String[] res = DefaultPlexusCipher.getServiceTypes();
@@ -152,18 +156,14 @@ void testDecrypt() {
     @Test
     void testDecorate() {
         String res = pc.decorate("aaa");
-        assertEquals(
-                PlexusCipher.ENCRYPTED_STRING_DECORATION_START + "aaa" + PlexusCipher.ENCRYPTED_STRING_DECORATION_STOP,
-                res,
-                "Decoration failed");
+        assertEquals("{aaa}", res, "Decoration failed");
     }
 
     // -------------------------------------------------------------
 
     @Test
     void testUnDecorate() throws Exception {
-        String res = pc.unDecorate(
-                PlexusCipher.ENCRYPTED_STRING_DECORATION_START + "aaa" + PlexusCipher.ENCRYPTED_STRING_DECORATION_STOP);
+        String res = pc.unDecorate("{aaa}");
         assertEquals("aaa", res, "Decoration failed");
     }
 

diff --git a/...exus/components/cipher/PBECipherTest.java → ...onents/cipher/internal/PBECipherTest.java b/...exus/components/cipher/PBECipherTest.java → ...onents/cipher/internal/PBECipherTest.java
@@ -17,7 +17,7 @@ Licensed to the Apache Software Foundation (ASF) under one
 under the License.
  */
 
-package org.sonatype.plexus.components.cipher;
+package org.codehaus.plexus.components.cipher.internal;
 
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
@@ -34,7 +34,7 @@ class PBECipherTest {
 
     final String clearText = "veryOpenText";
 
-    final String encryptedText = "F7eMV2QRQF4H0ODCA1nrTGUWacCXVvPemSjaQjGbO6U=";
+    final String encryptedText = "ce/l2ofOiSELRT1WAjOyNoZbG+2FQcrlOKEdDr5mi6esyR2LfvBY855yxW5bqHZi";
 
     final String password = "testtest";