Skip to content

Commit

Permalink
#344 Added multikey encryption for config values
Browse files Browse the repository at this point in the history
  • Loading branch information
svenkubiak committed Jan 23, 2018
1 parent 021db29 commit 156f7d3
Show file tree
Hide file tree
Showing 5 changed files with 54 additions and 24 deletions.
48 changes: 28 additions & 20 deletions mangooio-core/src/main/java/io/mangoo/configuration/Config.java
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Objects;
Expand Down Expand Up @@ -130,25 +132,27 @@ private void load(String parentKey, Map<String, Object> map) {
* Decrypts all encrypted config value
*/
private void decrypt() {
String key = null;
Crypto crypto = new Crypto(this);

for (final Entry<String, String> entry : this.values.entrySet()) {
if (isEncrypted(entry.getValue())) {
if (StringUtils.isBlank(key)) {
key = getMasterKey();
List<String> keys = getMasterKeys();

String value = StringUtils.substringBetween(entry.getValue(), "cryptex[", "]");
String [] cryptex = value.split(",");

String decryptedValue = null;
if (cryptex.length == 1) {
decryptedValue = crypto.decrypt(cryptex[0].trim(), keys.get(0));
} else if (cryptex.length == 2) {
decryptedValue = crypto.decrypt(cryptex[0].trim(), keys.get(Integer.valueOf(cryptex[1].trim()) - 1));
}

if (StringUtils.isNotBlank(key)) {
final String decryptedText = crypto.decrypt(StringUtils.substringBetween(entry.getValue(), "cryptex[", "]"), key);
if (StringUtils.isNotBlank(decryptedText)) {
this.values.put(entry.getKey(), decryptedText);
} else {
decrypted = false;
}

if (StringUtils.isNotBlank(decryptedValue)) {
this.values.put(entry.getKey(), decryptedValue);
} else {
LOG.error("Found encrypted config value '" + entry.getKey() + "' but no masterkey was set.");
decrypted = false;
LOG.error("Failed to decrypt a config value");
this.decrypted = false;
}
}
}
Expand All @@ -164,22 +168,26 @@ public boolean isDecrypted() {
/**
* @return The master key for encrypted config value, returns a default value if in test mode
*/
public String getMasterKey() {
public List<String> getMasterKeys() {
String masterkey = System.getProperty(Jvm.APPLICATION_MASTERKEY.toString());
if (StringUtils.isBlank(masterkey)) {
List<String> keys = new ArrayList<>();

if (StringUtils.isNotBlank(masterkey)) {
keys.add(masterkey);
} else {
String masterkeyFile = this.values.get(Key.APPLICATION_MASTERKEY_FILE.toString());
if (StringUtils.isNotBlank(masterkeyFile)) {
try {
masterkey = FileUtils.readFileToString(new File(masterkeyFile), Default.ENCODING.toString()); //NOSONAR
} catch (final IOException e) {
LOG.error("Failed to read master key", e);
keys = FileUtils.readLines(new File(masterkeyFile), Default.ENCODING.toString());
} catch (IOException e) {
LOG.error("Failed to load masterkey file. Please make sure to set a masterkey file if using encrypted config values");
}
} else {
LOG.error("Failed to load masterkey file. Please make sure to set a masterkey file if using encrypted config values");
}
}
}

return masterkey;
return keys;
}

/**
Expand Down
4 changes: 3 additions & 1 deletion mangooio-integration-test/key/masterkey.txt
Original file line number Diff line number Diff line change
@@ -1 +1,3 @@
jkldjsaklKJSjskadsjkalcxynkjlds2
jkldjsaklKJSjskadsjkalcxynkjlds2
jlkfsajkbfahjbfsakbfjsakbfsjakbf
njkfd2b2hwbdsajdsajkdsnajkdsakjc
2 changes: 2 additions & 0 deletions mangooio-integration-test/src/main/resources/application.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,8 @@ test:
application:
masterkeyfile : ./key/masterkey.txt
foo : cryptex[MloJcu6/zaaNs7gfpfZATg==]
bar : cryptex[NtUQaVGVUAVoTsl2c1HMDw==, 2]
foobar : cryptex[WqfTFTyaEW2umq5d47Twow==, 3]
admin:
enable : true
username : cryptex[MloJcu6/zaaNs7gfpfZATg==]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -132,14 +132,32 @@ public void testEncryptedValue() {
assertThat(config.getString("application.foo"), equalTo("admin"));
}

@Test
public void testEncryptedValueMultiKeyLineTwo() {
//given
final Config config = Application.getInstance(Config.class);

//then
assertThat(config.getString("application.bar"), equalTo("westeros"));
}

@Test
public void testEncryptedValueMultiKeyLineThree() {
//given
final Config config = Application.getInstance(Config.class);

//then
assertThat(config.getString("application.foobar"), equalTo("essos"));
}

@Test
public void testGetMasterKey() {
//given
final Config config = Application.getInstance(Config.class);
System.setProperty(Jvm.APPLICATION_MASTERKEY.toString(), "thisismymasterkey");

//then
assertThat(config.getMasterKey(), equalTo("thisismymasterkey"));
assertThat(config.getMasterKeys().get(0), equalTo("thisismymasterkey"));
}

@Test
Expand Down
4 changes: 2 additions & 2 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<log4j.version>2.10.0</log4j.version>
<maven.version>3.5.2</maven.version>
<httpcomponents.version>4.5.4</httpcomponents.version>
<httpcomponents.version>4.5.5</httpcomponents.version>
<scribejava.version>5.1.0</scribejava.version>
<jackson.version>2.9.3</jackson.version>
<fluentlenium.version>3.4.1</fluentlenium.version>
Expand Down Expand Up @@ -210,7 +210,7 @@
<dependency>
<groupId>org.apache.maven.plugin-tools</groupId>
<artifactId>maven-plugin-annotations</artifactId>
<version>3.5</version>
<version>3.5.1</version>
</dependency>
<dependency>
<groupId>io.jsonwebtoken</groupId>
Expand Down

0 comments on commit 156f7d3

Please sign in to comment.