diff --git a/mangooio-core/src/main/java/io/mangoo/configuration/Config.java b/mangooio-core/src/main/java/io/mangoo/configuration/Config.java index 99dcbcdf3b..af99023520 100644 --- a/mangooio-core/src/main/java/io/mangoo/configuration/Config.java +++ b/mangooio-core/src/main/java/io/mangoo/configuration/Config.java @@ -4,6 +4,8 @@ import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; +import java.util.ArrayList; +import java.util.List; import java.util.Map; import java.util.Map.Entry; import java.util.Objects; @@ -130,25 +132,27 @@ private void load(String parentKey, Map map) { * Decrypts all encrypted config value */ private void decrypt() { - String key = null; Crypto crypto = new Crypto(this); for (final Entry entry : this.values.entrySet()) { if (isEncrypted(entry.getValue())) { - if (StringUtils.isBlank(key)) { - key = getMasterKey(); + List keys = getMasterKeys(); + + String value = StringUtils.substringBetween(entry.getValue(), "cryptex[", "]"); + String [] cryptex = value.split(","); + + String decryptedValue = null; + if (cryptex.length == 1) { + decryptedValue = crypto.decrypt(cryptex[0].trim(), keys.get(0)); + } else if (cryptex.length == 2) { + decryptedValue = crypto.decrypt(cryptex[0].trim(), keys.get(Integer.valueOf(cryptex[1].trim()) - 1)); } - - if (StringUtils.isNotBlank(key)) { - final String decryptedText = crypto.decrypt(StringUtils.substringBetween(entry.getValue(), "cryptex[", "]"), key); - if (StringUtils.isNotBlank(decryptedText)) { - this.values.put(entry.getKey(), decryptedText); - } else { - decrypted = false; - } + + if (StringUtils.isNotBlank(decryptedValue)) { + this.values.put(entry.getKey(), decryptedValue); } else { - LOG.error("Found encrypted config value '" + entry.getKey() + "' but no masterkey was set."); - decrypted = false; + LOG.error("Failed to decrypt a config value"); + this.decrypted = false; } } } @@ -164,22 +168,26 @@ public boolean isDecrypted() { /** * @return The master key for encrypted config value, returns a default value if in test mode */ - public String getMasterKey() { + public List getMasterKeys() { String masterkey = System.getProperty(Jvm.APPLICATION_MASTERKEY.toString()); - if (StringUtils.isBlank(masterkey)) { + List keys = new ArrayList<>(); + + if (StringUtils.isNotBlank(masterkey)) { + keys.add(masterkey); + } else { String masterkeyFile = this.values.get(Key.APPLICATION_MASTERKEY_FILE.toString()); if (StringUtils.isNotBlank(masterkeyFile)) { try { - masterkey = FileUtils.readFileToString(new File(masterkeyFile), Default.ENCODING.toString()); //NOSONAR - } catch (final IOException e) { - LOG.error("Failed to read master key", e); + keys = FileUtils.readLines(new File(masterkeyFile), Default.ENCODING.toString()); + } catch (IOException e) { + LOG.error("Failed to load masterkey file. Please make sure to set a masterkey file if using encrypted config values"); } } else { LOG.error("Failed to load masterkey file. Please make sure to set a masterkey file if using encrypted config values"); - } + } } - return masterkey; + return keys; } /** diff --git a/mangooio-integration-test/key/masterkey.txt b/mangooio-integration-test/key/masterkey.txt index 0e309832f0..3e3c0c8188 100644 --- a/mangooio-integration-test/key/masterkey.txt +++ b/mangooio-integration-test/key/masterkey.txt @@ -1 +1,3 @@ -jkldjsaklKJSjskadsjkalcxynkjlds2 \ No newline at end of file +jkldjsaklKJSjskadsjkalcxynkjlds2 +jlkfsajkbfahjbfsakbfjsakbfsjakbf +njkfd2b2hwbdsajdsajkdsnajkdsakjc \ No newline at end of file diff --git a/mangooio-integration-test/src/main/resources/application.yaml b/mangooio-integration-test/src/main/resources/application.yaml index 6d50aaf7be..9fda59a70a 100644 --- a/mangooio-integration-test/src/main/resources/application.yaml +++ b/mangooio-integration-test/src/main/resources/application.yaml @@ -70,6 +70,8 @@ test: application: masterkeyfile : ./key/masterkey.txt foo : cryptex[MloJcu6/zaaNs7gfpfZATg==] + bar : cryptex[NtUQaVGVUAVoTsl2c1HMDw==, 2] + foobar : cryptex[WqfTFTyaEW2umq5d47Twow==, 3] admin: enable : true username : cryptex[MloJcu6/zaaNs7gfpfZATg==] diff --git a/mangooio-integration-test/src/test/java/io/mangoo/configuration/ConfigTest.java b/mangooio-integration-test/src/test/java/io/mangoo/configuration/ConfigTest.java index 37a08c0049..61a1a027f7 100644 --- a/mangooio-integration-test/src/test/java/io/mangoo/configuration/ConfigTest.java +++ b/mangooio-integration-test/src/test/java/io/mangoo/configuration/ConfigTest.java @@ -132,6 +132,24 @@ public void testEncryptedValue() { assertThat(config.getString("application.foo"), equalTo("admin")); } + @Test + public void testEncryptedValueMultiKeyLineTwo() { + //given + final Config config = Application.getInstance(Config.class); + + //then + assertThat(config.getString("application.bar"), equalTo("westeros")); + } + + @Test + public void testEncryptedValueMultiKeyLineThree() { + //given + final Config config = Application.getInstance(Config.class); + + //then + assertThat(config.getString("application.foobar"), equalTo("essos")); + } + @Test public void testGetMasterKey() { //given @@ -139,7 +157,7 @@ public void testGetMasterKey() { System.setProperty(Jvm.APPLICATION_MASTERKEY.toString(), "thisismymasterkey"); //then - assertThat(config.getMasterKey(), equalTo("thisismymasterkey")); + assertThat(config.getMasterKeys().get(0), equalTo("thisismymasterkey")); } @Test diff --git a/pom.xml b/pom.xml index 00fb678869..d59ea5255a 100644 --- a/pom.xml +++ b/pom.xml @@ -25,7 +25,7 @@ UTF-8 2.10.0 3.5.2 - 4.5.4 + 4.5.5 5.1.0 2.9.3 3.4.1 @@ -210,7 +210,7 @@ org.apache.maven.plugin-tools maven-plugin-annotations - 3.5 + 3.5.1 io.jsonwebtoken