From 81810aff298ffb3e871b4dbab76be2c8b9a46ea8 Mon Sep 17 00:00:00 2001 From: Andrei Pozolotin Date: Mon, 21 Sep 2015 22:59:14 +0000 Subject: [PATCH] Adding AES Walk Encryption support in http://www.jets3t.org/ mode See previous attempt: https://git.eclipse.org/r/#/c/16674/ Here we preserve as much of JetS3t mode as possible while allowing to use new Java 8+ PBE algorithms such as PBEWithHmacSHA512AndAES_256 Summary of changes: * change pom.xml to control long tests * add WalkEncryptionTest.launch to run long tests * add AmazonS3.Keys to to normalize use of constants * change WalkEncryption to support AES in JetS3t mode * add WalkEncryptionTest to test remote encryption pipeline * add support for CI configuration for live Amazon S3 testing * add log4j based logging for tests in both Eclipse and Maven build To test locally, check out the review branch, then: * create amazon test configuration file * located your home dir: ${user.home} * named jgit-s3-config.properties * file format follows AmazonS3 connection settings file: accesskey = your-amazon-access-key secretkey = your-amazon-secret-key test.bucket = your-bucket-for-testing * finally: * run in Eclipse: WalkEncryptionTest.launch * or * run in Shell: mvn test --define test=WalkEncryptionTest Change-Id: I6f455fd9fb4eac261ca73d0bec6a4e7dae9f2e91 Signed-off-by: Andrei Pozolotin --- .gitignore | 1 + org.eclipse.jgit.test/build.properties | 1 + ....jgit.test-WalkEncryptionTest-Proxy.launch | 20 + ...clipse.jgit.test-WalkEncryptionTest.launch | 20 + org.eclipse.jgit.test/pom.xml | 28 + .../jgit-s3-config.disabled.properties | 48 + .../jgit-s3-config.policy.bucket.json | 20 + .../tst-rsrc/jgit-s3-config.policy.user.json | 24 + .../tst-rsrc/log4j.properties | 9 + .../jgit/transport/WalkEncryptionTest.java | 1060 +++++++++++++++++ .../eclipse/jgit/internal/JGitText.properties | 1 + .../org/eclipse/jgit/internal/JGitText.java | 1 + .../org/eclipse/jgit/transport/AmazonS3.java | 42 +- .../jgit/transport/WalkEncryption.java | 179 ++- 14 files changed, 1388 insertions(+), 66 deletions(-) create mode 100644 org.eclipse.jgit.test/org.eclipse.jgit.test-WalkEncryptionTest-Proxy.launch create mode 100644 org.eclipse.jgit.test/org.eclipse.jgit.test-WalkEncryptionTest.launch create mode 100644 org.eclipse.jgit.test/tst-rsrc/jgit-s3-config.disabled.properties create mode 100644 org.eclipse.jgit.test/tst-rsrc/jgit-s3-config.policy.bucket.json create mode 100644 org.eclipse.jgit.test/tst-rsrc/jgit-s3-config.policy.user.json create mode 100644 org.eclipse.jgit.test/tst-rsrc/log4j.properties create mode 100644 org.eclipse.jgit.test/tst/org/eclipse/jgit/transport/WalkEncryptionTest.java diff --git a/.gitignore b/.gitignore index ea8c4bf7f..139e5aee6 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ /target +/.project diff --git a/org.eclipse.jgit.test/build.properties b/org.eclipse.jgit.test/build.properties index afc4855d6..786046c58 100644 --- a/org.eclipse.jgit.test/build.properties +++ b/org.eclipse.jgit.test/build.properties @@ -4,3 +4,4 @@ source.. = tst/,\ bin.includes = META-INF/,\ .,\ plugin.properties +additional.bundles = org.apache.log4j diff --git a/org.eclipse.jgit.test/org.eclipse.jgit.test-WalkEncryptionTest-Proxy.launch b/org.eclipse.jgit.test/org.eclipse.jgit.test-WalkEncryptionTest-Proxy.launch new file mode 100644 index 000000000..fe3a01372 --- /dev/null +++ b/org.eclipse.jgit.test/org.eclipse.jgit.test-WalkEncryptionTest-Proxy.launch @@ -0,0 +1,20 @@ + + + + + + + + + + + + + + + + + + + + diff --git a/org.eclipse.jgit.test/org.eclipse.jgit.test-WalkEncryptionTest.launch b/org.eclipse.jgit.test/org.eclipse.jgit.test-WalkEncryptionTest.launch new file mode 100644 index 000000000..3b4a5a24e --- /dev/null +++ b/org.eclipse.jgit.test/org.eclipse.jgit.test-WalkEncryptionTest.launch @@ -0,0 +1,20 @@ + + + + + + + + + + + + + + + + + + + + diff --git a/org.eclipse.jgit.test/pom.xml b/org.eclipse.jgit.test/pom.xml index 51ac8463c..539caff14 100644 --- a/org.eclipse.jgit.test/pom.xml +++ b/org.eclipse.jgit.test/pom.xml @@ -69,6 +69,16 @@ test + + + + + org.bouncycastle + bcprov-jdk15on + 1.52 + test + + org.hamcrest hamcrest-library @@ -101,6 +111,24 @@ + + + + test.long + + + + org.apache.maven.plugins + maven-surefire-plugin + + -Djgit.test.long=true + + + + + + + src/ tst/ diff --git a/org.eclipse.jgit.test/tst-rsrc/jgit-s3-config.disabled.properties b/org.eclipse.jgit.test/tst-rsrc/jgit-s3-config.disabled.properties new file mode 100644 index 000000000..d540977e9 --- /dev/null +++ b/org.eclipse.jgit.test/tst-rsrc/jgit-s3-config.disabled.properties @@ -0,0 +1,48 @@ +# +# See WalkEncryptionTest.java +# +# This file is a template for test configuration file used by WalkEncryptionTest. +# To be active, this file must have the following hard coded name: jgit-s3-config.properties +# To be active, this file must be discovered by WalkEncryptionTest from one of these locations: +# * ${user.home}/jgit-s3-config.properties +# * ${user.dir}/jgit-s3-config.properties +# * ${user.dir}/tst-rsrc/jgit-s3-config.properties +# When this file is missing, tests in WalkEncryptionTest will not run, only report a warning. +# + +# +# WalkEncryptionTest requires amazon s3 test bucket setup. +# +# Test bucket setup instructions: +# +# Create IAM user: +# http://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html +# * user name: jgit.eclipse.org +# +# Configure IAM user S3 bucket access +# http://docs.aws.amazon.com/AmazonS3/latest/dev/example-policies-s3.html +# * attach S3 user policy to user account: jgit-s3-config.policy.user.json +# +# Create S3 bucket: +# http://docs.aws.amazon.com/AmazonS3/latest/gsg/CreatingABucket.html +# * bucket name: jgit.eclipse.org +# +# Configure S3 bucket source address/mask access: +# http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html +# * attach bucket policy to the test bucket: jgit-s3-config.policy.bucket.json +# * verify that any required source address/mask is included in the bucket policy: +# * see https://wiki.eclipse.org/Hudson +# * see http://www.tcpiputils.com/browse/ip-address/198.41.30.200 +# * proxy.eclipse.org 198.41.30.0/24 +# * Andrei Pozolotin 67.175.188.187/32 +# +# Configure bucket 1 day expiration in object life cycle management: +# * https://docs.aws.amazon.com/AmazonS3/latest/dev/manage-lifecycle-using-console.html +# + +# Test bucket name +test.bucket=jgit.eclipse.org + +# IAM credentials for user jgit.eclipse.org +accesskey=AKIAIYWXB4ETREBRMZDQ +secretkey=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 diff --git a/org.eclipse.jgit.test/tst-rsrc/jgit-s3-config.policy.bucket.json b/org.eclipse.jgit.test/tst-rsrc/jgit-s3-config.policy.bucket.json new file mode 100644 index 000000000..3020b09a0 --- /dev/null +++ b/org.eclipse.jgit.test/tst-rsrc/jgit-s3-config.policy.bucket.json @@ -0,0 +1,20 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "DenyAllButKnownSourceAddressWithMask", + "Effect": "Deny", + "Principal": "*", + "Action": "s3:*", + "Resource": "arn:aws:s3:::jgit.eclipse.org/*", + "Condition": { + "NotIpAddress": { + "aws:SourceIp": [ + "198.41.30.0/24", + "67.175.188.187/32" + ] + } + } + } + ] +} diff --git a/org.eclipse.jgit.test/tst-rsrc/jgit-s3-config.policy.user.json b/org.eclipse.jgit.test/tst-rsrc/jgit-s3-config.policy.user.json new file mode 100644 index 000000000..830d0888c --- /dev/null +++ b/org.eclipse.jgit.test/tst-rsrc/jgit-s3-config.policy.user.json @@ -0,0 +1,24 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "BucketList", + "Effect": "Allow", + "Action": "s3:ListAllMyBuckets", + "Resource": [ + "arn:aws:s3:::jgit.eclipse.org" + ] + }, + { + "Sid": "BucketFullControl", + "Effect": "Allow", + "Action": [ + "s3:*" + ], + "Resource": [ + "arn:aws:s3:::jgit.eclipse.org", + "arn:aws:s3:::jgit.eclipse.org/*" + ] + } + ] +} diff --git a/org.eclipse.jgit.test/tst-rsrc/log4j.properties b/org.eclipse.jgit.test/tst-rsrc/log4j.properties new file mode 100644 index 000000000..14620ffae --- /dev/null +++ b/org.eclipse.jgit.test/tst-rsrc/log4j.properties @@ -0,0 +1,9 @@ + +# Root logger option +log4j.rootLogger=INFO, stdout + +# Direct log messages to stdout +log4j.appender.stdout=org.apache.log4j.ConsoleAppender +log4j.appender.stdout.Target=System.out +log4j.appender.stdout.layout=org.apache.log4j.PatternLayout +log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n diff --git a/org.eclipse.jgit.test/tst/org/eclipse/jgit/transport/WalkEncryptionTest.java b/org.eclipse.jgit.test/tst/org/eclipse/jgit/transport/WalkEncryptionTest.java new file mode 100644 index 000000000..f2701cb41 --- /dev/null +++ b/org.eclipse.jgit.test/tst/org/eclipse/jgit/transport/WalkEncryptionTest.java @@ -0,0 +1,1060 @@ +/* + * Copyright (C) 2015, Andrei Pozolotin. + * and other copyright owners as documented in the project's IP log. + * + * This program and the accompanying materials are made available + * under the terms of the Eclipse Distribution License v1.0 which + * accompanies this distribution, is reproduced below, and is + * available at http://www.eclipse.org/org/documents/edl-v10.php + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or + * without modification, are permitted provided that the following + * conditions are met: + * + * - Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * - Neither the name of the Eclipse Foundation, Inc. nor the + * names of its contributors may be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +package org.eclipse.jgit.transport; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; +import static org.junit.Assume.assumeTrue; + +import java.io.BufferedReader; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.OutputStream; +import java.io.PrintWriter; +import java.net.URL; +import java.nio.charset.Charset; +import java.nio.file.Files; +import java.security.GeneralSecurityException; +import java.security.Provider; +import java.security.Security; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; +import java.util.Properties; +import java.util.Set; +import java.util.TreeSet; +import java.util.UUID; + +import javax.crypto.SecretKeyFactory; + +import org.apache.log4j.Logger; +import org.eclipse.jgit.api.Git; +import org.eclipse.jgit.lib.StoredConfig; +import org.eclipse.jgit.test.resources.SampleDataRepositoryTestCase; +import org.eclipse.jgit.util.FileUtils; +import org.junit.After; +import org.junit.AfterClass; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.FixMethodOrder; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.MethodSorters; +import org.junit.runners.Parameterized; +import org.junit.runners.Parameterized.Parameters; +import org.junit.runners.Suite; + +import static org.eclipse.jgit.transport.WalkEncryptionTest.Util.*; + +/** + * Amazon S3 encryption pipeline test. + * + * See {@link AmazonS3} {@link WalkEncryption} + * + * Note: CI server must provide amazon credentials (access key, secret key, + * bucket name) via one of methods available in {@link Names}. + * + * Note: long running tests are activated by Maven profile "test.long". There is + * also a separate Eclipse m2e launcher for that. See 'pom.xml' and + * 'WalkEncryptionTest.launch'. + */ +@RunWith(Suite.class) +@Suite.SuiteClasses({ // + WalkEncryptionTest.MinimalSet.class, // + WalkEncryptionTest.TestablePBE.class, // +}) +public class WalkEncryptionTest { + + /** + * Logger setup: ${project_loc}/tst-rsrc/log4j.properties + */ + static final Logger logger = Logger.getLogger(WalkEncryptionTest.class); + + /** + * Property names used in test session. + */ + interface Names { + + // Names of discovered test properties. + + String TEST_BUCKET = "test.bucket"; + + // Names of test environment variables for CI. + + String ENV_ACCESS_KEY = "JGIT_S3_ACCESS_KEY"; + + String ENV_SECRET_KEY = "JGIT_S3_SECRET_KEY"; + + String ENV_BUCKET_NAME = "JGIT_S3_BUCKET_NAME"; + + // Name of test environment variable file path for CI. + + String ENV_CONFIG_FILE = "JGIT_S3_CONFIG_FILE"; + + // Names of test system properties for CI. + + String SYS_ACCESS_KEY = "jgit.s3.access.key"; + + String SYS_SECRET_KEY = "jgit.s3.secret.key"; + + String SYS_BUCKET_NAME = "jgit.s3.bucket.name"; + + // Name of test system property file path for CI. + String SYS_CONFIG_FILE = "jgit.s3.config.file"; + + // Hard coded name of test properties file for CI. + // File format follows AmazonS3.Keys: + // # + // # Required entries: + // # + // accesskey = your-amazon-access-key # default AmazonS3.Keys + // secretkey = your-amazon-secret-key # default AmazonS3.Keys + // test.bucket = your-bucket-for-testing # custom name, for this test + String CONFIG_FILE = "jgit-s3-config.properties"; + + // Test properties file in [user home] of CI. + String HOME_CONFIG_FILE = System.getProperty("user.home") + + File.separator + CONFIG_FILE; + + // Test properties file in [project work directory] of CI. + String WORK_CONFIG_FILE = System.getProperty("user.dir") + + File.separator + CONFIG_FILE; + + // Test properties file in [project test source directory] of CI. + String TEST_CONFIG_FILE = System.getProperty("user.dir") + + File.separator + "tst-rsrc" + File.separator + CONFIG_FILE; + + } + + /** + * Find test properties from various sources in order of priority. + */ + static class Props implements WalkEncryptionTest.Names, AmazonS3.Keys { + + static boolean haveEnvVar(String name) { + return System.getenv(name) != null; + } + + static boolean haveEnvVarFile(String name) { + return haveEnvVar(name) && new File(name).exists(); + } + + static boolean haveSysProp(String name) { + return System.getProperty(name) != null; + } + + static boolean haveSysPropFile(String name) { + return haveSysProp(name) && new File(name).exists(); + } + + static void loadEnvVar(String source, String target, Properties props) { + props.put(target, System.getenv(source)); + } + + static void loadSysProp(String source, String target, + Properties props) { + props.put(target, System.getProperty(source)); + } + + static boolean haveProp(String name, Properties props) { + return props.containsKey(name); + } + + static boolean checkTestProps(Properties props) { + return haveProp(ACCESS_KEY, props) && haveProp(SECRET_KEY, props) + && haveProp(TEST_BUCKET, props); + } + + static Properties fromEnvVars() { + if (haveEnvVar(ENV_ACCESS_KEY) && haveEnvVar(ENV_SECRET_KEY) + && haveEnvVar(ENV_BUCKET_NAME)) { + Properties props = new Properties(); + loadEnvVar(ENV_ACCESS_KEY, ACCESS_KEY, props); + loadEnvVar(ENV_SECRET_KEY, SECRET_KEY, props); + loadEnvVar(ENV_BUCKET_NAME, TEST_BUCKET, props); + return props; + } else { + return null; + } + } + + static Properties fromEnvFile() throws Exception { + if (haveEnvVarFile(ENV_CONFIG_FILE)) { + Properties props = new Properties(); + props.load(new FileInputStream(ENV_CONFIG_FILE)); + if (checkTestProps(props)) { + return props; + } else { + throw new Error("Environment config file is incomplete."); + } + } else { + return null; + } + } + + static Properties fromSysProps() { + if (haveSysProp(SYS_ACCESS_KEY) && haveSysProp(SYS_SECRET_KEY) + && haveSysProp(SYS_BUCKET_NAME)) { + Properties props = new Properties(); + loadSysProp(SYS_ACCESS_KEY, ACCESS_KEY, props); + loadSysProp(SYS_SECRET_KEY, SECRET_KEY, props); + loadSysProp(SYS_BUCKET_NAME, TEST_BUCKET, props); + return props; + } else { + return null; + } + } + + static Properties fromSysFile() throws Exception { + if (haveSysPropFile(SYS_CONFIG_FILE)) { + Properties props = new Properties(); + props.load(new FileInputStream(SYS_CONFIG_FILE)); + if (checkTestProps(props)) { + return props; + } else { + throw new Error("System props config file is incomplete."); + } + } else { + return null; + } + } + + static Properties fromConfigFile(String path) throws Exception { + File file = new File(path); + if (file.exists()) { + Properties props = new Properties(); + props.load(new FileInputStream(file)); + if (checkTestProps(props)) { + return props; + } else { + throw new Error("Props config file is incomplete: " + path); + } + } else { + return null; + } + } + + /** + * Find test properties from various sources in order of priority. + * + * @return result + * @throws Exception + */ + static Properties discover() throws Exception { + Properties props; + if ((props = fromEnvVars()) != null) { + logger.debug( + "Using test properties from environment variables."); + return props; + } + if ((props = fromEnvFile()) != null) { + logger.debug( + "Using test properties from environment variable config file."); + return props; + } + if ((props = fromSysProps()) != null) { + logger.debug("Using test properties from system properties."); + return props; + } + if ((props = fromSysFile()) != null) { + logger.debug( + "Using test properties from system property config file."); + return props; + } + if ((props = fromConfigFile(HOME_CONFIG_FILE)) != null) { + logger.debug( + "Using test properties from hard coded ${user.home} file."); + return props; + } + if ((props = fromConfigFile(WORK_CONFIG_FILE)) != null) { + logger.debug( + "Using test properties from hard coded ${user.dir} file."); + return props; + } + if ((props = fromConfigFile(TEST_CONFIG_FILE)) != null) { + logger.debug( + "Using test properties from hard coded ${project.source} file."); + return props; + } + throw new Error("Can not load test properties form any source."); + } + + } + + /** + * Collection of test utility methods. + */ + static class Util { + + static final Charset UTF_8 = Charset.forName("UTF-8"); + + /** + * Read UTF-8 encoded text file into string. + * + * @param file + * @return result + * @throws Exception + */ + static String textRead(File file) throws Exception { + return new String(Files.readAllBytes(file.toPath()), UTF_8); + } + + /** + * Write string into UTF-8 encoded file. + * + * @param file + * @param text + * @throws Exception + */ + static void textWrite(File file, String text) throws Exception { + Files.write(file.toPath(), text.getBytes(UTF_8)); + } + + static void verifyFileContent(File fileOne, File fileTwo) + throws Exception { + assertTrue(fileOne.length() > 0); + assertTrue(fileTwo.length() > 0); + String textOne = textRead(fileOne); + String textTwo = textRead(fileTwo); + assertEquals(textOne, textTwo); + } + + /** + * Create local folder. + * + * @param folder + * @throws Exception + */ + static void folderCreate(String folder) throws Exception { + File path = new File(folder); + assertTrue(path.mkdirs()); + } + + /** + * Delete local folder. + * + * @param folder + * @throws Exception + */ + static void folderDelete(String folder) throws Exception { + File path = new File(folder); + FileUtils.delete(path, + FileUtils.RECURSIVE | FileUtils.SKIP_MISSING); + } + + /** + * Discover public address of CI server. + * + * @return result + * @throws Exception + */ + static String publicAddress() throws Exception { + String service = "http://checkip.amazonaws.com"; + URL url = new URL(service); + BufferedReader reader = new BufferedReader( + new InputStreamReader(url.openStream())); + try { + return reader.readLine(); + } finally { + reader.close(); + } + } + + /** + * Discover Password-Based Encryption (PBE) engines providing both + * [SecretKeyFactory] and [AlgorithmParameters]. + * + * @return result + */ + // https://www.bouncycastle.org/specifications.html + // https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html + static List cryptoCipherListPBE() { + return cryptoCipherList("(PBE).*(WITH).+(AND).+"); + } + + static String securityProviderName(String algorithm) throws Exception { + return SecretKeyFactory.getInstance(algorithm).getProvider() + .getName(); + } + + static List cryptoCipherList(String regex) { + Set source = Security.getAlgorithms("Cipher"); + Set target = new TreeSet(); + for (String algo : source) { + algo = algo.toUpperCase(); + if (algo.matches(regex)) { + target.add(algo); + } + } + return new ArrayList(target); + } + + /** + * Verify if any security provider published the algorithm. + * + * @param algorithm + * @return result + */ + static boolean isAlgorithmPresent(String algorithm) { + Set cipherSet = Security.getAlgorithms("Cipher"); + for (String source : cipherSet) { + // Standard names are not case-sensitive. + // http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html + String target = algorithm.toUpperCase(); + if (source.equalsIgnoreCase(target)) { + return true; + } + } + return false; + } + + /** + * Stream copy. + * + * @param from + * @param into + * @return count + * @throws IOException + */ + static long transferStream(InputStream from, OutputStream into) + throws IOException { + byte[] array = new byte[1 * 1024]; + long total = 0; + while (true) { + int count = from.read(array); + if (count == -1) { + break; + } + into.write(array, 0, count); + total += count; + } + return total; + } + + /** + * Setup proxy during CI build. + * + * @throws Exception + */ + // https://wiki.eclipse.org/Hudson#Accessing_the_Internet_using_Proxy + // http://docs.oracle.com/javase/7/docs/api/java/net/doc-files/net-properties.html + static void proxySetup() throws Exception { + String keyNoProxy = "no_proxy"; + String keyHttpProxy = "http_proxy"; + String keyHttpsProxy = "https_proxy"; + + String no_proxy = System.getProperty(keyNoProxy, + System.getenv(keyNoProxy)); + if (no_proxy != null) { + System.setProperty("http.nonProxyHosts", no_proxy); + logger.info("Proxy NOT: " + no_proxy); + } + + String http_proxy = System.getProperty(keyHttpProxy, + System.getenv(keyHttpProxy)); + if (http_proxy != null) { + URL url = new URL(http_proxy); + System.setProperty("http.proxyHost", url.getHost()); + System.setProperty("http.proxyPort", "" + url.getPort()); + logger.info("Proxy HTTP: " + http_proxy); + } + + String https_proxy = System.getProperty(keyHttpsProxy, + System.getenv(keyHttpsProxy)); + if (https_proxy != null) { + URL url = new URL(https_proxy); + System.setProperty("https.proxyHost", url.getHost()); + System.setProperty("https.proxyPort", "" + url.getPort()); + logger.info("Proxy HTTPS: " + https_proxy); + } + + if (no_proxy == null && http_proxy == null && https_proxy == null) { + logger.info("Proxy not used."); + } + + } + + /** + * Permit long tests on CI or with manual activation. + * + * @return result + */ + static boolean permitLongTests() { + return isBuildCI() || isProfileActive(); + } + + /** + * Using Maven profile activation, see pom.xml + * + * @return result + */ + static boolean isProfileActive() { + return Boolean.parseBoolean(System.getProperty("jgit.test.long")); + } + + /** + * Detect if build is running on CI. + * + * @return result + */ + static boolean isBuildCI() { + return System.getenv("HUDSON_HOME") != null; + } + + } + + /** + * Common base for encryption tests. + */ + @FixMethodOrder(MethodSorters.NAME_ASCENDING) + public abstract static class Base extends SampleDataRepositoryTestCase { + + /** + * S3 URI user used by JGIT to discover connection configuration file. + */ + static final String JGIT_USER = "tester-" + System.currentTimeMillis(); + + /** + * S3 content encoding password used for this test session. + */ + static final String JGIT_PASS = "secret-" + System.currentTimeMillis(); + + /** + * S3 repository configuration file expected by {@link AmazonS3}. + */ + static final String JGIT_CONF_FILE = System.getProperty("user.home") + + "/" + JGIT_USER; + + /** + * Name representing remote or local JGIT repository. + */ + static final String JGIT_REPO_DIR = JGIT_USER + ".jgit"; + + /** + * Local JGIT repository for this test session. + */ + static final String JGIT_LOCAL_DIR = System.getProperty("user.dir") + + "/target/" + JGIT_REPO_DIR; + + /** + * Remote JGIT repository for this test session. + */ + static final String JGIT_REMOTE_DIR = JGIT_REPO_DIR; + + /** + * Generate JGIT S3 connection configuration file. + * + * @param algorithm + * @throws Exception + */ + static void configCreate(String algorithm) throws Exception { + Properties props = Props.discover(); + props.put(AmazonS3.Keys.PASSWORD, JGIT_PASS); + props.put(AmazonS3.Keys.CRYPTO_ALG, algorithm); + PrintWriter writer = new PrintWriter(JGIT_CONF_FILE); + props.store(writer, "JGIT S3 connection configuration file."); + writer.close(); + } + + /** + * Remove JGIT connection configuration file. + * + * @throws Exception + */ + static void configDelete() throws Exception { + File path = new File(JGIT_CONF_FILE); + FileUtils.delete(path, FileUtils.SKIP_MISSING); + } + + /** + * Generate remote URI for the test session. + * + * @return result + * @throws Exception + */ + static String amazonURI() throws Exception { + Properties props = Props.discover(); + String bucket = props.getProperty(Names.TEST_BUCKET); + assertNotNull(bucket); + return TransportAmazonS3.S3_SCHEME + "://" + JGIT_USER + "@" + + bucket + "/" + JGIT_REPO_DIR; + } + + /** + * Create S3 repository folder. + * + * @throws Exception + */ + static void remoteCreate() throws Exception { + Properties props = Props.discover(); + props.remove(AmazonS3.Keys.PASSWORD); // Disable encryption. + String bucket = props.getProperty(Names.TEST_BUCKET); + AmazonS3 s3 = new AmazonS3(props); + String path = JGIT_REMOTE_DIR + "/"; + s3.put(bucket, path, new byte[0]); + logger.debug("remote create: " + JGIT_REMOTE_DIR); + } + + /** + * Delete S3 repository folder. + * + * @throws Exception + */ + static void remoteDelete() throws Exception { + Properties props = Props.discover(); + props.remove(AmazonS3.Keys.PASSWORD); // Disable encryption. + String bucket = props.getProperty(Names.TEST_BUCKET); + AmazonS3 s3 = new AmazonS3(props); + List list = s3.list(bucket, JGIT_REMOTE_DIR); + for (String path : list) { + path = JGIT_REMOTE_DIR + "/" + path; + s3.delete(bucket, path); + } + logger.debug("remote delete: " + JGIT_REMOTE_DIR); + } + + /** + * Verify if we can create/delete remote file. + * + * @throws Exception + */ + static void remoteVerify() throws Exception { + Properties props = Props.discover(); + String bucket = props.getProperty(Names.TEST_BUCKET); + AmazonS3 s3 = new AmazonS3(props); + String file = JGIT_USER + "-" + UUID.randomUUID().toString(); + String path = JGIT_REMOTE_DIR + "/" + file; + s3.put(bucket, path, file.getBytes(UTF_8)); + s3.delete(bucket, path); + } + + /** + * Verify if JRE security policy allows the algorithm. + * + * @param algorithm + * @return result + */ + static boolean isAlgorithmAllowed(String algorithm) { + try { + WalkEncryption crypto = new WalkEncryption.ObjectEncryptionJetS3tV2( + algorithm, JGIT_PASS); + verifyCrypto(crypto); + return true; + } catch (IOException e) { + return false; // Encryption failure. + } catch (GeneralSecurityException e) { + throw new Error(e); // Construction failure. + } + } + + /** + * Verify round trip encryption. + * + * @param crypto + * @throws IOException + */ + static void verifyCrypto(WalkEncryption crypto) throws IOException { + String charset = "UTF-8"; + String sourceText = "secret-message Свобода 老子"; + String targetText; + byte[] cipherText; + { + byte[] origin = sourceText.getBytes(charset); + ByteArrayOutputStream target = new ByteArrayOutputStream(); + OutputStream source = crypto.encrypt(target); + source.write(origin); + source.flush(); + source.close(); + cipherText = target.toByteArray(); + } + { + InputStream source = new ByteArrayInputStream(cipherText); + InputStream target = crypto.decrypt(source); + ByteArrayOutputStream result = new ByteArrayOutputStream(); + transferStream(target, result); + targetText = result.toString(charset); + } + assertEquals(sourceText, targetText); + } + + /** + * Algorithm is testable when it is present and allowed by policy. + * + * @param algorithm + * @return result + */ + static boolean isAlgorithmTestable(String algorithm) { + return isAlgorithmPresent(algorithm) + && isAlgorithmAllowed(algorithm); + } + + /** + * Log algorithm, provider, testability. + * + * @param algorithm + * @throws Exception + */ + static void reportAlgorithmStatus(String algorithm) throws Exception { + final boolean present = isAlgorithmPresent(algorithm); + final boolean allowed = present && isAlgorithmAllowed(algorithm); + final String provider = present ? securityProviderName(algorithm) + : "N/A"; + String status = "Algorithm: " + algorithm + " @ " + provider + "; " + + "present/allowed : " + present + "/" + allowed; + if (allowed) { + logger.info("Testing " + status); + } else { + logger.warn("Missing " + status); + } + } + + /** + * Verify if we can perform remote tests. + * + * @return result + */ + static boolean isTestConfigPresent() { + try { + Props.discover(); + return true; + } catch (Throwable e) { + return false; + } + } + + static void reportTestConfigPresent() { + if (isTestConfigPresent()) { + logger.info("Amazon S3 test configuration is present."); + } else { + logger.error( + "Amazon S3 test configuration is missing, tests will not run."); + } + } + + /** + * Log public address of CI. + * + * @throws Exception + */ + static void reportPublicAddress() throws Exception { + logger.info("Public address: " + publicAddress()); + } + + /** + * BouncyCastle provider class. + * + * Needs extra dependency, see pom.xml + */ + // http://search.maven.org/#artifactdetails%7Corg.bouncycastle%7Cbcprov-jdk15on%7C1.52%7Cjar + static final String PROVIDER_BC = "org.bouncycastle.jce.provider.BouncyCastleProvider"; + + /** + * Load BouncyCastle provider if present. + */ + static void loadBouncyCastle() { + try { + Class provider = Class.forName(PROVIDER_BC); + Provider instance = (Provider) provider + .getConstructor(new Class[] {}) + .newInstance(new Object[] {}); + Security.addProvider(instance); + logger.info("Loaded " + PROVIDER_BC); + } catch (Throwable e) { + logger.warn("Failed to load " + PROVIDER_BC); + } + } + + static void reportLongTests() { + if (permitLongTests()) { + logger.info("Long running tests are enabled."); + } else { + logger.warn("Long running tests are disabled."); + } + } + + /** + * Non-PBE algorithm, for error check. + */ + static final String ALGO_ERROR = "PBKDF2WithHmacSHA1"; + + /** + * Default JetS3t algorithm present in most JRE. + */ + static final String ALGO_JETS3T = "PBEWithMD5AndDES"; + + /** + * Minimal strength AES based algorithm present in most JRE. + */ + static final String ALGO_MINIMAL_AES = "PBEWithHmacSHA1AndAES_128"; + + /** + * Selected non-AES algorithm present in BouncyCastle provider. + */ + static final String ALGO_BOUNCY_CASTLE_CBC = "PBEWithSHAAndTwofish-CBC"; + + ////////////////////////////////////////////////// + + @BeforeClass + public static void initialize() throws Exception { + Transport.register(TransportAmazonS3.PROTO_S3); + proxySetup(); + reportLongTests(); + reportPublicAddress(); + reportTestConfigPresent(); + loadBouncyCastle(); + if (isTestConfigPresent()) { + remoteCreate(); + } + } + + @AfterClass + public static void terminate() throws Exception { + configDelete(); + folderDelete(JGIT_LOCAL_DIR); + if (isTestConfigPresent()) { + remoteDelete(); + } + } + + @Before + @Override + public void setUp() throws Exception { + super.setUp(); + } + + @After + @Override + public void tearDown() throws Exception { + super.tearDown(); + } + + /** + * Optional encrypted amazon remote JGIT life cycle test. + * + * @param algorithm + * @throws Exception + */ + void cryptoTestIfCan(String algorithm) throws Exception { + reportAlgorithmStatus(algorithm); + assumeTrue(isTestConfigPresent()); + assumeTrue(isAlgorithmTestable(algorithm)); + cryptoTest(algorithm); + } + + /** + * Required encrypted amazon remote JGIT life cycle test. + * + * @param algorithm + * @throws Exception + */ + void cryptoTest(String algorithm) throws Exception { + + remoteDelete(); + configCreate(algorithm); + folderDelete(JGIT_LOCAL_DIR); + + String uri = amazonURI(); + + // Local repositories. + File dirOne = db.getWorkTree(); // Provided by setup. + File dirTwo = new File(JGIT_LOCAL_DIR); + + // Local verification files. + String nameStatic = "master.txt"; // Provided by setup. + String nameDynamic = JGIT_USER + "-" + UUID.randomUUID().toString(); + + String remote = "remote"; + RefSpec specs = new RefSpec("refs/heads/master:refs/heads/master"); + + { // Push into remote from local one. + + StoredConfig config = db.getConfig(); + RemoteConfig remoteConfig = new RemoteConfig(config, remote); + remoteConfig.addURI(new URIish(uri)); + remoteConfig.update(config); + config.save(); + + Git git = Git.open(dirOne); + git.checkout().setName("master").call(); + git.push().setRemote(remote).setRefSpecs(specs).call(); + git.close(); + + File fileStatic = new File(dirOne, nameStatic); + assertTrue("Provided by setup", fileStatic.exists()); + + } + + { // Clone from remote into local two. + + File fileStatic = new File(dirTwo, nameStatic); + assertFalse("Not Provided by setup", fileStatic.exists()); + + Git git = Git.cloneRepository().setURI(uri).setDirectory(dirTwo) + .call(); + git.close(); + + assertTrue("Provided by clone", fileStatic.exists()); + } + + { // Verify static file content. + File fileOne = new File(dirOne, nameStatic); + File fileTwo = new File(dirTwo, nameStatic); + verifyFileContent(fileOne, fileTwo); + } + + { // Verify new file commit and push from local one. + + File fileDynamic = new File(dirOne, nameDynamic); + assertFalse("Not Provided by setup", fileDynamic.exists()); + FileUtils.createNewFile(fileDynamic); + textWrite(fileDynamic, nameDynamic); + assertTrue("Provided by create", fileDynamic.exists()); + assertTrue("Need content to encrypt", fileDynamic.length() > 0); + + Git git = Git.open(dirOne); + git.add().addFilepattern(nameDynamic).call(); + git.commit().setMessage(nameDynamic).call(); + git.push().setRemote(remote).setRefSpecs(specs).call(); + git.close(); + + } + + { // Verify new file pull from remote into local two. + + File fileDynamic = new File(dirTwo, nameDynamic); + assertFalse("Not Provided by setup", fileDynamic.exists()); + + Git git = Git.open(dirTwo); + git.pull().call(); + git.close(); + + assertTrue("Provided by pull", fileDynamic.exists()); + } + + { // Verify dynamic file content. + File fileOne = new File(dirOne, nameDynamic); + File fileTwo = new File(dirTwo, nameDynamic); + verifyFileContent(fileOne, fileTwo); + } + + } + + } + + /** + * Test minimal set of algorithms. + */ + @FixMethodOrder(MethodSorters.NAME_ASCENDING) + public static class MinimalSet extends Base { + + @Test + public void test_A1_ValidURI() throws Exception { + assumeTrue(isTestConfigPresent()); + URIish uri = new URIish(amazonURI()); + assertTrue("uri=" + uri, TransportAmazonS3.PROTO_S3.canHandle(uri)); + } + + @Test(expected = Exception.class) + public void test_A2_CryptoError() throws Exception { + assumeTrue(isTestConfigPresent()); + cryptoTest(ALGO_ERROR); + } + + @Test + public void test_A3_CryptoJetS3tDefault() throws Exception { + cryptoTestIfCan(ALGO_JETS3T); + } + + @Test + public void test_A4_CryptoMinimalAES() throws Exception { + cryptoTestIfCan(ALGO_MINIMAL_AES); + } + + @Test + public void test_A5_CryptoBouncyCastleCBC() throws Exception { + cryptoTestIfCan(ALGO_BOUNCY_CASTLE_CBC); + } + + } + + /** + * Test all present and allowed PBE algorithms. + */ + // https://github.com/junit-team/junit/wiki/Parameterized-tests + @RunWith(Parameterized.class) + @FixMethodOrder(MethodSorters.NAME_ASCENDING) + public static class TestablePBE extends Base { + + @Parameters(name = "Algorithm: {0}") + public static Collection algorimthmList() { + List source = cryptoCipherListPBE(); + List target = new ArrayList(); + for (String name : source) { + target.add(new Object[] { name }); + } + return target; + } + + final String algorithm; + + public TestablePBE(String algorithm) { + this.algorithm = algorithm; + } + + @Test // Can take long time, needs activation. + public void test_B1_Crypto() throws Exception { + assumeTrue(permitLongTests()); + cryptoTestIfCan(algorithm); + } + + } + +} diff --git a/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties b/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties index 34bbb415b..51e44fd77 100644 --- a/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties +++ b/org.eclipse.jgit/resources/org/eclipse/jgit/internal/JGitText.properties @@ -228,6 +228,7 @@ emptyCommit=No changes emptyPathNotPermitted=Empty path not permitted. emptyRef=Empty ref: {0} encryptionError=Encryption error: {0} +encryptionOnlyPBE=Encryption error: only password-based encryption (PBE) algorithms are supported. endOfFileInEscape=End of file in escape entryNotFoundByPath=Entry not found by path: {0} enumValueNotSupported2=Invalid value: {0}.{1}={2} diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java b/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java index 9067e8295..e39469bd8 100644 --- a/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java +++ b/org.eclipse.jgit/src/org/eclipse/jgit/internal/JGitText.java @@ -287,6 +287,7 @@ public class JGitText extends TranslationBundle { /***/ public String emptyPathNotPermitted; /***/ public String emptyRef; /***/ public String encryptionError; + /***/ public String encryptionOnlyPBE; /***/ public String endOfFileInEscape; /***/ public String entryNotFoundByPath; /***/ public String enumValueNotSupported2; diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/AmazonS3.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/AmazonS3.java index d3cdba5bf..e55066a8b 100644 --- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/AmazonS3.java +++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/AmazonS3.java @@ -56,10 +56,10 @@ import java.net.ProxySelector; import java.net.URL; import java.net.URLConnection; import java.security.DigestOutputStream; +import java.security.GeneralSecurityException; import java.security.InvalidKeyException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; -import java.security.spec.InvalidKeySpecException; import java.text.MessageFormat; import java.text.SimpleDateFormat; import java.util.ArrayList; @@ -186,6 +186,19 @@ public class AmazonS3 { /** S3 Bucket Domain. */ private final String domain; + /** Property names used in amazon connection configuration file. */ + interface Keys { + String ACCESS_KEY = "accesskey"; //$NON-NLS-1$ + String SECRET_KEY = "secretkey"; //$NON-NLS-1$ + String PASSWORD = "password"; //$NON-NLS-1$ + String CRYPTO_ALG = "crypto.algorithm"; //$NON-NLS-1$ + String CRYPTO_VER = "crypto.version"; //$NON-NLS-1$ + String ACL = "acl"; //$NON-NLS-1$ + String DOMAIN = "domain"; //$NON-NLS-1$ + String HTTP_RETRY = "httpclient.retry-max"; //$NON-NLS-1$ + String TMP_DIR = "tmpdir"; //$NON-NLS-1$ + } + /** * Create a new S3 client for the supplied user information. *

@@ -219,17 +232,18 @@ public class AmazonS3 { * */ public AmazonS3(final Properties props) { - domain = props.getProperty("domain", "s3.amazonaws.com"); //$NON-NLS-1$ //$NON-NLS-2$ - publicKey = props.getProperty("accesskey"); //$NON-NLS-1$ + domain = props.getProperty(Keys.DOMAIN, "s3.amazonaws.com"); //$NON-NLS-1$ + + publicKey = props.getProperty(Keys.ACCESS_KEY); if (publicKey == null) throw new IllegalArgumentException(JGitText.get().missingAccesskey); - final String secret = props.getProperty("secretkey"); //$NON-NLS-1$ + final String secret = props.getProperty(Keys.SECRET_KEY); if (secret == null) throw new IllegalArgumentException(JGitText.get().missingSecretkey); privateKey = new SecretKeySpec(Constants.encodeASCII(secret), HMAC); - final String pacl = props.getProperty("acl", "PRIVATE"); //$NON-NLS-1$ //$NON-NLS-2$ + final String pacl = props.getProperty(Keys.ACL, "PRIVATE"); //$NON-NLS-1$ if (StringUtils.equalsIgnoreCase("PRIVATE", pacl)) //$NON-NLS-1$ acl = "private"; //$NON-NLS-1$ else if (StringUtils.equalsIgnoreCase("PUBLIC", pacl)) //$NON-NLS-1$ @@ -242,26 +256,24 @@ public class AmazonS3 { throw new IllegalArgumentException("Invalid acl: " + pacl); //$NON-NLS-1$ try { - final String cPas = props.getProperty("password"); //$NON-NLS-1$ + final String cPas = props.getProperty(Keys.PASSWORD); if (cPas != null) { - String cAlg = props.getProperty("crypto.algorithm"); //$NON-NLS-1$ + String cAlg = props.getProperty(Keys.CRYPTO_ALG); if (cAlg == null) - cAlg = "PBEWithMD5AndDES"; //$NON-NLS-1$ - encryption = new WalkEncryption.ObjectEncryptionV2(cAlg, cPas); + cAlg = WalkEncryption.ObjectEncryptionJetS3tV2.JETS3T_ALGORITHM; + encryption = new WalkEncryption.ObjectEncryptionJetS3tV2(cAlg, cPas); } else { encryption = WalkEncryption.NONE; } - } catch (InvalidKeySpecException e) { - throw new IllegalArgumentException(JGitText.get().invalidEncryption, e); - } catch (NoSuchAlgorithmException e) { + } catch (GeneralSecurityException e) { throw new IllegalArgumentException(JGitText.get().invalidEncryption, e); } - maxAttempts = Integer.parseInt(props.getProperty( - "httpclient.retry-max", "3")); //$NON-NLS-1$ //$NON-NLS-2$ + maxAttempts = Integer + .parseInt(props.getProperty(Keys.HTTP_RETRY, "3")); //$NON-NLS-1$ proxySelector = ProxySelector.getDefault(); - String tmp = props.getProperty("tmpdir"); //$NON-NLS-1$ + String tmp = props.getProperty(Keys.TMP_DIR); tmpDir = tmp != null && tmp.length() > 0 ? new File(tmp) : null; } diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/WalkEncryption.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/WalkEncryption.java index e55b98438..e93a2af3e 100644 --- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/WalkEncryption.java +++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/WalkEncryption.java @@ -47,18 +47,16 @@ import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.net.HttpURLConnection; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.spec.InvalidKeySpecException; +import java.security.GeneralSecurityException; +import java.security.spec.AlgorithmParameterSpec; import java.text.MessageFormat; import javax.crypto.Cipher; import javax.crypto.CipherInputStream; import javax.crypto.CipherOutputStream; -import javax.crypto.NoSuchPaddingException; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.PBEParameterSpec; @@ -77,23 +75,29 @@ abstract class WalkEncryption { abstract void request(HttpURLConnection u, String prefix); - abstract void validate(HttpURLConnection u, String p) throws IOException; + abstract void validate(HttpURLConnection u, String prefix) throws IOException; - protected void validateImpl(final HttpURLConnection u, final String p, + // TODO mixed ciphers + // consider permitting mixed ciphers to facilitate algorithm migration + // i.e. user keeps the password, but changes the algorithm + // then existing remote entries will still be readable + protected void validateImpl(final HttpURLConnection u, final String prefix, final String version, final String name) throws IOException { String v; - v = u.getHeaderField(p + JETS3T_CRYPTO_VER); + v = u.getHeaderField(prefix + JETS3T_CRYPTO_VER); if (v == null) v = ""; //$NON-NLS-1$ if (!version.equals(v)) throw new IOException(MessageFormat.format(JGitText.get().unsupportedEncryptionVersion, v)); - v = u.getHeaderField(p + JETS3T_CRYPTO_ALG); + v = u.getHeaderField(prefix + JETS3T_CRYPTO_ALG); if (v == null) v = ""; //$NON-NLS-1$ - if (!name.equals(v)) - throw new IOException(JGitText.get().unsupportedEncryptionAlgorithm + v); + // Standard names are not case-sensitive. + // http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html + if (!name.equalsIgnoreCase(v)) + throw new IOException(MessageFormat.format(JGitText.get().unsupportedEncryptionAlgorithm, v)); } IOException error(final Throwable why) { @@ -110,9 +114,9 @@ abstract class WalkEncryption { } @Override - void validate(final HttpURLConnection u, final String p) + void validate(final HttpURLConnection u, final String prefix) throws IOException { - validateImpl(u, p, "", ""); //$NON-NLS-1$ //$NON-NLS-2$ + validateImpl(u, prefix, "", ""); //$NON-NLS-1$ //$NON-NLS-2$ } @Override @@ -126,53 +130,132 @@ abstract class WalkEncryption { } } - static class ObjectEncryptionV2 extends WalkEncryption { - private static int ITERATION_COUNT = 5000; + // PBEParameterSpec factory for Java (version <= 7). + // Does not support AlgorithmParameterSpec. + static PBEParameterSpec java7PBEParameterSpec(byte[] salt, + int iterationCount) { + return new PBEParameterSpec(salt, iterationCount); + } + + // PBEParameterSpec factory for Java (version >= 8). + // Adds support for AlgorithmParameterSpec. + static PBEParameterSpec java8PBEParameterSpec(byte[] salt, + int iterationCount, AlgorithmParameterSpec paramSpec) { + try { + @SuppressWarnings("boxing") + PBEParameterSpec instance = PBEParameterSpec.class + .getConstructor(byte[].class, int.class, + AlgorithmParameterSpec.class) + .newInstance(salt, iterationCount, paramSpec); + return instance; + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + // Current runtime version. + // https://docs.oracle.com/javase/7/docs/technotes/guides/versioning/spec/versioning2.html + static double javaVersion() { + return Double.parseDouble(System.getProperty("java.specification.version")); //$NON-NLS-1$ + } + + /** + * JetS3t compatibility reference: + * EncryptionUtil.java + *

+ * Note: EncryptionUtil is inadequate: + *

  • EncryptionUtil.isCipherAvailableForUse checks encryption only which + * "always works", but in JetS3t both encryption and decryption use non-IV + * aware algorithm parameters for all PBE specs, which breaks in case of AES + *
  • that means that only non-IV algorithms will work round trip in + * JetS3t, such as PBEWithMD5AndDES and PBEWithSHAAndTwofish-CBC + *
  • any AES based algorithms such as "PBE...With...And...AES" will not + * work, since they need proper IV setup + */ + static class ObjectEncryptionJetS3tV2 extends WalkEncryption { + + static final String JETS3T_VERSION = "2"; //$NON-NLS-1$ + + static final String JETS3T_ALGORITHM = "PBEWithMD5AndDES"; //$NON-NLS-1$ + + static final int JETS3T_ITERATIONS = 5000; + + static final int JETS3T_KEY_SIZE = 32; + + static final byte[] JETS3T_SALT = { // + (byte) 0xA4, (byte) 0x0B, (byte) 0xC8, (byte) 0x34, // + (byte) 0xD6, (byte) 0x95, (byte) 0xF3, (byte) 0x13 // + }; + + // Size 16, see com.sun.crypto.provider.AESConstants.AES_BLOCK_SIZE + static final byte[] ZERO_AES_IV = new byte[16]; - private static byte[] salt = { (byte) 0xA4, (byte) 0x0B, (byte) 0xC8, - (byte) 0x34, (byte) 0xD6, (byte) 0x95, (byte) 0xF3, (byte) 0x13 }; + private final String cryptoVer = JETS3T_VERSION; - private final String algorithmName; + private final String cryptoAlg; - private final SecretKey skey; + private final SecretKey secretKey; - private final PBEParameterSpec aspec; + private final AlgorithmParameterSpec paramSpec; - ObjectEncryptionV2(final String algo, final String key) - throws InvalidKeySpecException, NoSuchAlgorithmException { - algorithmName = algo; + ObjectEncryptionJetS3tV2(final String algo, final String key) + throws GeneralSecurityException { + cryptoAlg = algo; + + // Standard names are not case-sensitive. + // http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html + String cryptoName = cryptoAlg.toUpperCase(); + + if (!cryptoName.startsWith("PBE")) //$NON-NLS-1$ + throw new GeneralSecurityException(JGitText.get().encryptionOnlyPBE); + + PBEKeySpec keySpec = new PBEKeySpec(key.toCharArray(), JETS3T_SALT, JETS3T_ITERATIONS, JETS3T_KEY_SIZE); + secretKey = SecretKeyFactory.getInstance(algo).generateSecret(keySpec); + + // Detect algorithms which require initialization vector. + boolean useIV = cryptoName.contains("AES"); //$NON-NLS-1$ + + // PBEParameterSpec algorithm parameters are supported from Java 8. + boolean isJava8 = javaVersion() >= 1.8; + + if (useIV && isJava8) { + // Support IV where possible: + // * since JCE provider uses random IV for PBE/AES + // * and there is no place to store dynamic IV in JetS3t V2 + // * we use static IV, and tolerate increased security risk + // TODO back port this change to JetS3t V2 + // See: + // https://bitbucket.org/jmurty/jets3t/raw/156c00eb160598c2e9937fd6873f00d3190e28ca/src/org/jets3t/service/security/EncryptionUtil.java + // http://cr.openjdk.java.net/~mullan/webrevs/ascarpin/webrev.00/raw_files/new/src/share/classes/com/sun/crypto/provider/PBES2Core.java + IvParameterSpec paramIV = new IvParameterSpec(ZERO_AES_IV); + paramSpec = java8PBEParameterSpec(JETS3T_SALT, JETS3T_ITERATIONS, paramIV); + } else { + // Strict legacy JetS3t V2 compatibility, with no IV support. + paramSpec = java7PBEParameterSpec(JETS3T_SALT, JETS3T_ITERATIONS); + } - final PBEKeySpec s; - s = new PBEKeySpec(key.toCharArray(), salt, ITERATION_COUNT, 32); - skey = SecretKeyFactory.getInstance(algo).generateSecret(s); - aspec = new PBEParameterSpec(salt, ITERATION_COUNT); } @Override void request(final HttpURLConnection u, final String prefix) { - u.setRequestProperty(prefix + JETS3T_CRYPTO_VER, "2"); //$NON-NLS-1$ - u.setRequestProperty(prefix + JETS3T_CRYPTO_ALG, algorithmName); + u.setRequestProperty(prefix + JETS3T_CRYPTO_VER, cryptoVer); + u.setRequestProperty(prefix + JETS3T_CRYPTO_ALG, cryptoAlg); } @Override - void validate(final HttpURLConnection u, final String p) + void validate(final HttpURLConnection u, final String prefix) throws IOException { - validateImpl(u, p, "2", algorithmName); //$NON-NLS-1$ + validateImpl(u, prefix, cryptoVer, cryptoAlg); } @Override OutputStream encrypt(final OutputStream os) throws IOException { try { - final Cipher c = Cipher.getInstance(algorithmName); - c.init(Cipher.ENCRYPT_MODE, skey, aspec); - return new CipherOutputStream(os, c); - } catch (NoSuchAlgorithmException e) { - throw error(e); - } catch (NoSuchPaddingException e) { - throw error(e); - } catch (InvalidKeyException e) { - throw error(e); - } catch (InvalidAlgorithmParameterException e) { + final Cipher cipher = Cipher.getInstance(cryptoAlg); + cipher.init(Cipher.ENCRYPT_MODE, secretKey, paramSpec); + return new CipherOutputStream(os, cipher); + } catch (GeneralSecurityException e) { throw error(e); } } @@ -180,16 +263,10 @@ abstract class WalkEncryption { @Override InputStream decrypt(final InputStream in) throws IOException { try { - final Cipher c = Cipher.getInstance(algorithmName); - c.init(Cipher.DECRYPT_MODE, skey, aspec); - return new CipherInputStream(in, c); - } catch (NoSuchAlgorithmException e) { - throw error(e); - } catch (NoSuchPaddingException e) { - throw error(e); - } catch (InvalidKeyException e) { - throw error(e); - } catch (InvalidAlgorithmParameterException e) { + final Cipher cipher = Cipher.getInstance(cryptoAlg); + cipher.init(Cipher.DECRYPT_MODE, secretKey, paramSpec); + return new CipherInputStream(in, cipher); + } catch (GeneralSecurityException e) { throw error(e); } }