Adding master password decrypting

[svaningelgem]

What's changed?

Adding the ability for openrewrite to read encrypted passwords. (maven-feature as described here:
https://maven.apache.org/guides/mini/guide-encryption.html

What's your motivation?

We can't use this library on our internal Nexus server as our passwords are encrypted.

Anything in particular you'd like reviewers to focus on?

For now this is a draft as I don't know what to add/change. Or maybe you can pick it up and whip it into shape? The heavy lifting for the decryption is already done after all ;-).

Have you considered any alternatives or workarounds?

No alternatives exist.

Any additional context

• Closes Authentication failure when using password encryption through Maven settings-security.xml #4589

Checklist

• I've added unit tests to cover both positive and negative cases
• I've read and applied the recipe conventions and best practices
• I've used the IntelliJ IDEA auto-formatter on affected files

[github-actions]

Some suggestions could not be made:

• rewrite-maven/src/main/java/org/openrewrite/maven/MavenSettings.java
  • lines 27-27

[svaningelgem]

@timtebeek : could you list all the changes that are necessary?

[timtebeek]

Looking good already @svaningelgem ! Could you remove the ChangeParentPom2Test and replace it with a test that has both a security-settings.xml and settings.xml, based on the examples here, and verifies that the decrypted values match their actual values after calling maybeDecryptPasswords?

[svaningelgem]

Thanks for the assist. I'll handle the hint you gave me

[svaningelgem]

Hello @timtebeek , I added the tests now. Could you have a look if they're decent enough and/or where I would need to make changes?

Thanks

[svaningelgem]

👍 Thanks @timtebeek for the assist ! :-)

[timtebeek]

Thanks a lot for the hard work here @svaningelgem ! I've only added some small changes to move things around and support relocation; apart from that very glad to see you tackled the decryption & tests. Hope this helps you all there!

[svaningelgem]

Yes, I will try to test it out at work tomorrow. I hope this solves the issue.

[sruffatti]

@svaningelgem This change is not working for me.

my master password is in a file called settings-security.xml in my .m2 directory

It looks like this

<settingsSecurity>
	<master>{my-encrypted-password}</master>
</settingsSecurity>

The exception is below.

java.lang.NegativeArraySizeException: -75
	at org.openrewrite.maven.MavenSecuritySettings.decrypt(MavenSecuritySettings.java:175)
	at org.openrewrite.maven.MavenSettings.lambda$maybeDecryptPasswords$4(MavenSettings.java:151)
	at org.openrewrite.internal.ListUtils.map(ListUtils.java:243)
	at org.openrewrite.internal.ListUtils.map(ListUtils.java:265)
	at org.openrewrite.maven.MavenSettings.maybeDecryptPasswords(MavenSettings.java:150)
	at org.openrewrite.maven.MavenSettings.readMavenSettingsFromDisk(MavenSettings.java:129)
	at com.org.engg.openrewrite.config.OrgRewriteTest.defaultExecutionContext(OrgRewriteTest.java:22)
	at org.openrewrite.test.RewriteTest.rewriteRun(RewriteTest.java:214)
	at org.openrewrite.test.RewriteTest.rewriteRun(RewriteTest.java:132)
	at org.openrewrite.test.RewriteTest.rewriteRun(RewriteTest.java:127)

[svaningelgem]

Hi Sean,

What I would suggest is that you check out the main branch and debug with your settings file.
It is very possible that it won't work with every file as I skipped some stuff.
The current code is proven to work with my file and password, but likely yours is longer/shorter/more variation/... so it triggers a side condition.

Alternatively, you can send me your settings & settings security file (check my profile to see how to reach out). Watch out. This will expose your password to me (but I promise to delete it once I'm done with it -- and my memory is worse than a goldfish ;)).

Grtz,
Steven