Java tutorial
/* * SonarQube * Copyright (C) 2009-2017 SonarSource SA * mailto:info AT sonarsource DOT com * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 3 of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public License * along with this program; if not, write to the Free Software Foundation, * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ package org.sonar.process; import java.io.File; import java.io.IOException; import java.security.Key; import java.security.SecureRandom; import javax.annotation.Nullable; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; import org.apache.commons.codec.binary.Base64; import org.apache.commons.io.FileUtils; import org.apache.commons.lang.StringUtils; import static java.nio.charset.StandardCharsets.UTF_8; final class AesCipher implements Cipher { // Can't be increased because of Java 6 policy files : // https://confluence.terena.org/display/~visser/No+256+bit+ciphers+for+Java+apps // http://java.sun.com/javase/6/webnotes/install/jre/README public static final int KEY_SIZE_IN_BITS = 128; private static final String CRYPTO_KEY = "AES"; /** * Duplication from CoreProperties.ENCRYPTION_SECRET_KEY_PATH */ static final String ENCRYPTION_SECRET_KEY_PATH = "sonar.secretKeyPath"; private String pathToSecretKey; AesCipher(@Nullable String pathToSecretKey) { this.pathToSecretKey = pathToSecretKey; } @Override public String encrypt(String clearText) { try { javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance(CRYPTO_KEY); cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, loadSecretFile()); return Base64.encodeBase64String(cipher.doFinal(clearText.getBytes("UTF-8"))); } catch (RuntimeException e) { throw e; } catch (Exception e) { throw new IllegalStateException(e); } } @Override public String decrypt(String encryptedText) { try { javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance(CRYPTO_KEY); cipher.init(javax.crypto.Cipher.DECRYPT_MODE, loadSecretFile()); byte[] cipherData = cipher.doFinal(Base64.decodeBase64(StringUtils.trim(encryptedText))); return new String(cipherData, UTF_8); } catch (RuntimeException e) { throw e; } catch (Exception e) { throw new IllegalStateException(e); } } /** * This method checks the existence of the file, but not the validity of the contained key. */ boolean hasSecretKey() { String path = getPathToSecretKey(); if (StringUtils.isNotBlank(path)) { File file = new File(path); return file.exists() && file.isFile(); } return false; } private Key loadSecretFile() throws IOException { String path = getPathToSecretKey(); return loadSecretFileFromFile(path); } Key loadSecretFileFromFile(String path) throws IOException { if (StringUtils.isBlank(path)) { throw new IllegalStateException( "Secret key not found. Please set the property " + ENCRYPTION_SECRET_KEY_PATH); } File file = new File(path); if (!file.exists() || !file.isFile()) { throw new IllegalStateException( "The property " + ENCRYPTION_SECRET_KEY_PATH + " does not link to a valid file: " + path); } String s = FileUtils.readFileToString(file, UTF_8); if (StringUtils.isBlank(s)) { throw new IllegalStateException("No secret key in the file: " + path); } return new SecretKeySpec(Base64.decodeBase64(StringUtils.trim(s)), CRYPTO_KEY); } String generateRandomSecretKey() { try { KeyGenerator keyGen = KeyGenerator.getInstance(CRYPTO_KEY); keyGen.init(KEY_SIZE_IN_BITS, new SecureRandom()); SecretKey secretKey = keyGen.generateKey(); return Base64.encodeBase64String(secretKey.getEncoded()); } catch (Exception e) { throw new IllegalStateException("Fail to generate secret key", e); } } String getPathToSecretKey() { if (StringUtils.isBlank(pathToSecretKey)) { pathToSecretKey = new File(FileUtils.getUserDirectoryPath(), ".sonar/sonar-secret.txt").getPath(); } return pathToSecretKey; } }