Add MavenPasswordDecrypter

Author: fabapp2

components/sbm-core/src/main/java/org/springframework/sbm/project/parser/MavenPasswordDecrypter.java

@@ -0,0 +1,86 @@
+/*
+ * Copyright 2021 - 2022 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.sbm.project.parser;
+
+import lombok.RequiredArgsConstructor;
+import org.apache.maven.settings.Server;
+import org.apache.maven.settings.crypto.*;
+import org.openrewrite.maven.MavenSettings;
+import org.sonatype.plexus.components.cipher.DefaultPlexusCipher;
+import org.sonatype.plexus.components.cipher.PlexusCipherException;
+import org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher;
+import org.springframework.sbm.testhelper.ResourceUtil;
+import org.springframework.stereotype.Component;
+import org.springframework.util.ReflectionUtils;
+
+import java.lang.reflect.Field;
+import java.nio.file.Path;
+import java.util.List;
+
+/**
+ * Decrypt Maven Server passwords.
+ *
+ * Requires access to Maven security settings file (~/.settings-security.xml) to decrypt the server passwords provided in
+ * the server settings in Maven settings file (~/.m2/settings.xml) which are provided with {@link MavenSettings}.
+ *
+ * @author Fabian Krüger
+ */
+@Component
+@RequiredArgsConstructor
+// TODO: should be package private
+public class MavenPasswordDecrypter {
+    private DefaultSecDispatcher securityDispatcher = new DefaultSecDispatcher();
+    private final SettingsDecrypter settingsDecrypter = new DefaultSettingsDecrypter(securityDispatcher);
+
+    public void decryptMavenServerPasswords(MavenSettings mavenSettings, Path mavenSecuritySettingsFile) {
+        try {
+            // DefaultSecDispatcher reads file with security settings
+            // hack, the cipher is required but can't be set from outside
+            Field cipher1 = ReflectionUtils.findField(DefaultSecDispatcher.class, "_cipher");
+            //Field cipher = ReflectionUtils.getField(cipher1, securityDispatcher);
+            ReflectionUtils.makeAccessible(cipher1);
+            ReflectionUtils.setField(cipher1, securityDispatcher, new DefaultPlexusCipher());
+            // The file location is retrieved from env, default is ~/${user.home}/.settings-security.xml
+            System.setProperty("settings.security", mavenSecuritySettingsFile.toString());
+            decryptMavenServerPasswords(mavenSettings);
+        } catch (PlexusCipherException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+
+    private void decryptMavenServerPasswords(MavenSettings mavenSettings) {
+        if(mavenSettings.getServers() != null && mavenSettings.getServers().getServers() != null) {
+            List<MavenSettings.Server> servers = mavenSettings.getServers().getServers();
+            for(int i = 0; i< servers.size(); i++){
+                MavenSettings.Server server = servers.get(i);
+                if(server.getPassword() != null) {
+                    MavenSettings.Server serverWithDecodedPw = decryptPassword(server);
+                    servers.set(i, serverWithDecodedPw);
+                }
+            }
+        }
+    }
+
+    private MavenSettings.Server decryptPassword(MavenSettings.Server server) {
+        Server mavenServer = new Server();
+        mavenServer.setPassword(server.getPassword());
+        SettingsDecryptionRequest decryptionRequest = new DefaultSettingsDecryptionRequest(mavenServer);
+        SettingsDecryptionResult decryptionResult = settingsDecrypter.decrypt(decryptionRequest);
+        String decryptedPassword = decryptionResult.getServer().getPassword();
+        return server.withPassword(decryptedPassword);
+    }
+}

components/sbm-core/src/test/java/org/springframework/sbm/project/parser/MavenPasswordDecrypterTest.java

@@ -0,0 +1,52 @@
+package org.springframework.sbm.project.parser;
+
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.io.TempDir;
+import org.openrewrite.internal.lang.Nullable;
+import org.openrewrite.maven.MavenSettings;
+import org.springframework.sbm.project.parser.MavenPasswordDecrypter;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.ArrayList;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+/**
+ * @author Fabian Krüger
+ */
+class MavenPasswordDecrypterTest {
+
+    @Test
+    void decryptMavenServerPasswords(@TempDir Path tempDir) throws IOException {
+        MavenPasswordDecrypter sut = new MavenPasswordDecrypter();
+
+        // create MavenSettings with Server using an encrypted password
+        MavenSettings.@Nullable Servers serversWithPassword = new MavenSettings.Servers();
+        String encryptedPassword = "{gY56I8DPBrwHu3dWkh+EGDqp+ppuTnBaWe9fNpdTPIw=}";
+        MavenSettings.Server serverWithPassword = new MavenSettings.Server("id", "username", encryptedPassword);
+        ArrayList servers = new ArrayList<>();
+        servers.add(serverWithPassword);
+        serversWithPassword.setServers(servers);
+        MavenSettings mavenSettings = new MavenSettings(null, null, null, null, serversWithPassword);
+
+        // Write Maven security settings file to file system
+        // Required because {@link DefaultSecDispatcher} uses SecUtil which reads the file from
+        // provided location
+        Path mavenSecurityFilePath = tempDir.resolve(".settings-security.xml");
+        String mavenSecurityFileContent = """
+                <settingsSecurity>
+                  <master>{H39p2LFBhRQHqKIsRiu0R/zhfke3/B4k0Wt+BZlC8mc=}</master>
+                </settingsSecurity>
+                """;
+        Files.writeString(mavenSecurityFilePath, mavenSecurityFileContent);
+
+        // Server has encrypted password
+        assertThat(mavenSettings.getServers().getServers().get(0).getPassword()).isEqualTo(encryptedPassword);
+        // call system under test
+        sut.decryptMavenServerPasswords(mavenSettings, mavenSecurityFilePath);
+        // password has been decrypted
+        assertThat(mavenSettings.getServers().getServers().get(0).getPassword()).isEqualTo("xxx");
+    }
+}