Merge branch 'release/0.5'

Author: jfallows

NOTICE

@@ -22,4 +22,10 @@ This project includes:
   JSON-B API under Eclipse Public License 2.0 or GNU General Public License, version 2 with the GNU Classpath Exception
   JSON-P Default Provider under Eclipse Public License 2.0 or GNU General Public License, version 2 with the GNU Classpath Exception
   org.eclipse.yasson under Eclipse Public License v. 2.0 or Eclipse Distribution License v. 1.0
+  Plexus :: Component Annotations under The Apache Software License, Version 2.0
+  Plexus Cipher: encryption/decryption Component under Apache Public License 2.0
+  Plexus Classworlds under The Apache Software License, Version 2.0
+  Plexus Common Utilities under The Apache Software License, Version 2.0
+  Plexus Security Dispatcher Component under Apache Public License 2.0
+  Sisu-Inject-Plexus : Aggregate OSGi bundle under Eclipse Public License, Version 1.0
 

pom.xml

@@ -6,7 +6,7 @@
   <modelVersion>4.0.0</modelVersion>
   <groupId>org.reaktivity</groupId>
   <artifactId>rym</artifactId>
-  <version>0.4</version>
+  <version>0.5</version>
   <name>Reaktivity Management Tool</name>
   <description>Reaktivity Management Tool</description>
   <url>https://github.com/reaktivity/rym.java</url>
@@ -70,6 +70,22 @@
       <artifactId>ivy</artifactId>
       <version>2.5.0</version>
     </dependency>
+    <dependency>
+      <groupId>org.sonatype.plexus</groupId>
+      <artifactId>plexus-sec-dispatcher</artifactId>
+      <version>1.3</version>
+    </dependency>
+    <dependency>
+      <groupId>org.sonatype.sisu</groupId>
+      <artifactId>sisu-inject-plexus</artifactId>
+      <version>2.3.0</version>
+      <exclusions>
+        <exclusion>
+          <groupId>org.sonatype.sisu</groupId>
+          <artifactId>sisu-inject-bean</artifactId>
+        </exclusion>
+      </exclusions>
+    </dependency>
     <dependency>
       <groupId>org.junit.jupiter</groupId>
       <artifactId>junit-jupiter-engine</artifactId>

src/main/java/org/reaktivity/rym/internal/RymCli.java

@@ -16,6 +16,7 @@
 package org.reaktivity.rym.internal;
 
 import org.reaktivity.rym.internal.commands.clean.RymClean;
+import org.reaktivity.rym.internal.commands.encrypt.RymEncrypt;
 import org.reaktivity.rym.internal.commands.install.RymInstall;
 import org.reaktivity.rym.internal.commands.wrap.RymWrap;
 
@@ -30,7 +31,8 @@
         Help.class,
         RymWrap.class,
         RymInstall.class,
-        RymClean.class
+        RymClean.class,
+        RymEncrypt.class
     })
 public final class RymCli
 {

src/main/java/org/reaktivity/rym/internal/RymCommand.java

@@ -36,6 +36,11 @@ public abstract class RymCommand implements Runnable
             hidden = true)
     public Boolean silent = false;
 
+    @Option(name = { "--settings-directory" },
+            description = "settings directory",
+            typeConverterProvider = RymPathConverterProvider.class)
+    public Path settingsDir = Paths.get(System.getProperty("user.home"), ".rym");
+
     @Option(name = { "--config-directory" },
             description = "config directory",
             typeConverterProvider = RymPathConverterProvider.class)

src/main/java/org/reaktivity/rym/internal/commands/encrypt/RymEncrypt.java

@@ -0,0 +1,135 @@
+/**
+ * Copyright 2016-2021 The Reaktivity Project
+ *
+ * The Reaktivity Project licenses this file to you under the Apache License,
+ * version 2.0 (the "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at:
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+package org.reaktivity.rym.internal.commands.encrypt;
+
+import static java.nio.file.Files.createDirectories;
+import static java.nio.file.Files.newInputStream;
+import static java.nio.file.Files.newOutputStream;
+import static org.reaktivity.rym.internal.settings.RymSecrets.decryptSecret;
+import static org.reaktivity.rym.internal.settings.RymSecrets.encryptSecret;
+import static org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher.SYSTEM_PROPERTY_SEC_LOCATION;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.security.SecureRandom;
+import java.util.Random;
+import java.util.Scanner;
+
+import javax.json.bind.Jsonb;
+import javax.json.bind.JsonbBuilder;
+import javax.json.bind.JsonbConfig;
+
+import org.reaktivity.rym.internal.RymCommand;
+import org.reaktivity.rym.internal.settings.RymSecurity;
+import org.sonatype.plexus.components.cipher.PlexusCipherException;
+
+import com.github.rvesse.airline.annotations.Command;
+
+@Command(
+    name = "encrypt",
+    description = "Encrypt passwords")
+public class RymEncrypt extends RymCommand
+{
+    private static final String SECRET_CHARS =
+        "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/";
+
+    @Override
+    public void invoke()
+    {
+        try
+        {
+            RymSecurity security = readSecurity(settingsDir);
+
+            if (security.secret == null)
+            {
+                final String secret = generateSecret(32);
+                security.secret = encryptSecret(secret, SYSTEM_PROPERTY_SEC_LOCATION);
+                writeSecurity(security);
+            }
+
+            assert security.secret != null;
+
+            final String secret = decryptSecret(security.secret, SYSTEM_PROPERTY_SEC_LOCATION);
+            try (Scanner scanner = new Scanner(System.in))
+            {
+                String password = scanner.nextLine().trim();
+                String encrypted = encryptSecret(password, secret);
+
+                System.out.println(encrypted);
+            }
+        }
+        catch (Exception ex)
+        {
+            throw new RuntimeException(ex);
+        }
+    }
+
+    private RymSecurity readSecurity(
+        Path settingsDir) throws IOException, PlexusCipherException
+    {
+        Path securityFile = settingsDir.resolve("security.json");
+
+        RymSecurity security = new RymSecurity();
+
+        Jsonb builder = JsonbBuilder.newBuilder()
+                .withConfig(new JsonbConfig().withFormatting(true))
+                .build();
+
+        if (Files.exists(securityFile))
+        {
+            try (InputStream in = newInputStream(securityFile))
+            {
+                security = builder.fromJson(in, RymSecurity.class);
+            }
+        }
+
+        return security;
+    }
+
+    private void writeSecurity(
+        RymSecurity security) throws IOException
+    {
+        Path securityFile = settingsDir.resolve("security.json");
+
+        Jsonb builder = JsonbBuilder.newBuilder()
+                .withConfig(new JsonbConfig().withFormatting(true))
+                .build();
+
+        createDirectories(settingsDir);
+        try (OutputStream out = newOutputStream(securityFile))
+        {
+            builder.toJson(security, out);
+        }
+    }
+
+    private String generateSecret(
+        int length) throws PlexusCipherException
+    {
+        Random random = new SecureRandom();
+        char[] secret = new char[length];
+
+        for (int i = 0; i < secret.length; i++)
+        {
+            int charIndex = random.nextInt(SECRET_CHARS.length());
+            secret[i] = SECRET_CHARS.charAt(charIndex);
+        }
+
+        return new String(secret);
+    }
+}

src/main/java/org/reaktivity/rym/internal/commands/install/RymInstall.java

@@ -22,10 +22,13 @@
 import static java.nio.file.Files.newOutputStream;
 import static java.util.Collections.emptyList;
 import static java.util.Collections.list;
+import static java.util.Collections.singletonMap;
 import static java.util.Comparator.reverseOrder;
 import static java.util.Optional.ofNullable;
 import static java.util.stream.Collectors.toList;
 import static java.util.stream.Collectors.toMap;
+import static org.reaktivity.rym.internal.settings.RymSecrets.decryptSecret;
+import static org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher.SYSTEM_PROPERTY_SEC_LOCATION;
 
 import java.io.File;
 import java.io.IOException;
@@ -69,11 +72,17 @@
 import org.apache.ivy.util.DefaultMessageLogger;
 import org.apache.ivy.util.Message;
 import org.apache.ivy.util.MessageLogger;
+import org.apache.ivy.util.url.CredentialsStore;
 import org.reaktivity.rym.internal.RymCommand;
 import org.reaktivity.rym.internal.commands.install.cache.RymArtifact;
 import org.reaktivity.rym.internal.commands.install.cache.RymArtifactId;
 import org.reaktivity.rym.internal.commands.install.cache.RymCache;
 import org.reaktivity.rym.internal.commands.install.cache.RymModule;
+import org.reaktivity.rym.internal.settings.RymCredentials;
+import org.reaktivity.rym.internal.settings.RymSecrets;
+import org.reaktivity.rym.internal.settings.RymSecurity;
+import org.reaktivity.rym.internal.settings.RymSettings;
+import org.sonatype.plexus.components.cipher.PlexusCipherException;
 
 import com.github.rvesse.airline.annotations.Command;
 import com.github.rvesse.airline.annotations.Option;
@@ -86,12 +95,11 @@ public final class RymInstall extends RymCommand
     private static final String MODULE_INFO_JAVA_FILENAME = "module-info.java";
     private static final String MODULE_INFO_CLASS_FILENAME = "module-info.class";
 
+    private static final Map<String, String> DEFAULT_REALMS = initDefaultRealms();
+
     @Option(name = { "--debug" })
     public Boolean debug = false;
 
-    @Option(name = { "--ignore-signing-information" })
-    public Boolean ignoreSigning = false;
-
     @Option(name = { "--exclude-local-repository" })
     public boolean excludeLocalRepo;
 
@@ -116,6 +124,7 @@ public void invoke()
             config = overrideConfigIfLocked(config, rymFile, lockFile);
 
             logger.info("resolving dependencies");
+            readSettings(settingsDir);
             createDirectories(cacheDir);
             List<RymRepository> repositories = new ArrayList<>(config.repositories);
             if (!excludeLocalRepo)
@@ -182,6 +191,58 @@ public void invoke()
         }
     }
 
+    private void readSettings(
+        Path settingsDir) throws IOException, PlexusCipherException
+    {
+        Path settingsFile = settingsDir.resolve("settings.json");
+
+        RymSettings settings = new RymSettings();
+        settings.credentials = emptyList();
+
+        Jsonb builder = JsonbBuilder.newBuilder()
+                .withConfig(new JsonbConfig().withFormatting(true))
+                .build();
+
+        if (Files.exists(settingsFile))
+        {
+            try (InputStream in = newInputStream(settingsFile))
+            {
+                settings = builder.fromJson(in, RymSettings.class);
+            }
+        }
+
+        if (settings.credentials.size() > 0)
+        {
+            Path securityFile = settingsDir.resolve("security.json");
+
+            RymSecurity security = new RymSecurity();
+
+            if (Files.exists(securityFile))
+            {
+                try (InputStream in = newInputStream(securityFile))
+                {
+                    security = builder.fromJson(in, RymSecurity.class);
+                }
+            }
+
+            security.secret = decryptSecret(security.secret, SYSTEM_PROPERTY_SEC_LOCATION);
+
+            for (RymCredentials credentials : settings.credentials)
+            {
+                String realm = defaultRealmIfNecessary(credentials);
+                String host = credentials.host;
+                String username = credentials.username;
+                String password = RymSecrets.decryptSecret(credentials.password, security.secret);
+
+                CredentialsStore.INSTANCE.addCredentials(
+                    realm,
+                    host,
+                    username,
+                    password);
+            }
+        }
+    }
+
     private RymConfiguration readOrDefaultConfig(
         Path rymFile) throws IOException
     {
@@ -573,10 +634,7 @@ private void linkModules(
             "--compress", "2",
             "--add-modules", moduleNames.collect(Collectors.joining(","))));
 
-        if (ignoreSigning)
-        {
-            args.add("--ignore-signing-information");
-        }
+        args.add("--ignore-signing-information");
 
         if (!debug)
         {
@@ -696,4 +754,16 @@ private void deleteDirectories(
                  .forEach(File::delete);
         }
     }
+
+    private String defaultRealmIfNecessary(
+        RymCredentials credentials)
+    {
+        return ofNullable(credentials.realm)
+            .orElse(DEFAULT_REALMS.get(credentials.host));
+    }
+
+    private static Map<String, String> initDefaultRealms()
+    {
+        return singletonMap("maven.pkg.github.com", "GitHub Package Registry");
+    }
 }