Author: echatellier Date: 2015-05-07 09:43:46 +0000 (Thu, 07 May 2015) New Revision: 4220 Url: http://forge.codelutin.com/projects/isis-fish/repository/revisions/4220 Log: Fix deprecated SVNkit of use String as password (char[]) Modified: trunk/src/main/java/fr/ifremer/isisfish/simulator/launcher/SSHSimulatorLauncher.java trunk/src/main/java/fr/ifremer/isisfish/ui/config/SSHLauncherConfigAction.java trunk/src/main/java/fr/ifremer/isisfish/util/ssh/SSHAgent.java trunk/src/main/java/fr/ifremer/isisfish/vcs/VCSFactory.java trunk/src/main/java/fr/ifremer/isisfish/vcs/VCSSVN.java trunk/src/test/java/fr/ifremer/isisfish/util/ssh/SSHAgentTest.java Modified: trunk/src/main/java/fr/ifremer/isisfish/simulator/launcher/SSHSimulatorLauncher.java =================================================================== --- trunk/src/main/java/fr/ifremer/isisfish/simulator/launcher/SSHSimulatorLauncher.java 2015-05-07 09:43:12 UTC (rev 4219) +++ trunk/src/main/java/fr/ifremer/isisfish/simulator/launcher/SSHSimulatorLauncher.java 2015-05-07 09:43:46 UTC (rev 4220) @@ -460,13 +460,10 @@ // on dit juste que la simulation a eu une demande // d'arret pour qu'elle s'arrete dans l'UI Properties infoProperties = new Properties(); - InputStream isInfoFile = new FileInputStream(infoFile); - try { + + try (InputStream isInfoFile = new FileInputStream(infoFile)) { infoProperties.load(isInfoFile); } - finally { - isInfoFile.close(); - } if (!StringUtils.isEmpty(infoProperties .getProperty("exception"))) { synchronized (control) { @@ -571,9 +568,9 @@ // username and password will be given via UserInfo interface. SSHUserInfo ui = new SSHUserInfo(); if (sshKeyUsed) { - String passphrase = null; try { - passphrase = SSHAgent.getAgent().getPassphrase(sshKey); + char[] passChars = SSHAgent.getAgent().getPassphrase(sshKey); + String passphrase = String.valueOf(passChars); ui.setPassphrase(passphrase); } catch (InvalidPassphraseException e) { if (log.isWarnEnabled()) { Modified: trunk/src/main/java/fr/ifremer/isisfish/ui/config/SSHLauncherConfigAction.java =================================================================== --- trunk/src/main/java/fr/ifremer/isisfish/ui/config/SSHLauncherConfigAction.java 2015-05-07 09:43:12 UTC (rev 4219) +++ trunk/src/main/java/fr/ifremer/isisfish/ui/config/SSHLauncherConfigAction.java 2015-05-07 09:43:46 UTC (rev 4220) @@ -296,8 +296,8 @@ // username and password will be given via UserInfo interface. SSHUserInfo ui = new SSHUserInfo(); if (sshKeyUsed) { - String passphrase = null; - passphrase = SSHAgent.getAgent().getPassphrase(currentSSHKey); + char[] passchars = SSHAgent.getAgent().getPassphrase(currentSSHKey); + String passphrase = String.valueOf(passchars); ui.setPassphrase(passphrase); setTestMessage(t("isisfish.simulator.ssh.configuration.connectingpk"), false); } else { @@ -457,8 +457,8 @@ // username and password will be given via UserInfo interface. SSHUserInfo ui = new SSHUserInfo(); if (sshKeyUsed) { - String passphrase = null; - passphrase = SSHAgent.getAgent().getPassphrase(currentSSHKey); + char[] passchars = SSHAgent.getAgent().getPassphrase(currentSSHKey); + String passphrase = String.valueOf(passchars); ui.setPassphrase(passphrase); } session.setUserInfo(ui); Modified: trunk/src/main/java/fr/ifremer/isisfish/util/ssh/SSHAgent.java =================================================================== --- trunk/src/main/java/fr/ifremer/isisfish/util/ssh/SSHAgent.java 2015-05-07 09:43:12 UTC (rev 4219) +++ trunk/src/main/java/fr/ifremer/isisfish/util/ssh/SSHAgent.java 2015-05-07 09:43:46 UTC (rev 4220) @@ -5,7 +5,7 @@ * $Id$ * $HeadURL$ * %% - * Copyright (C) 2009 - 2010 Ifremer, Code Lutin, Chatellier Eric + * Copyright (C) 2009 - 2015 Ifremer, Code Lutin, Chatellier Eric * %% * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as @@ -28,6 +28,10 @@ import static org.nuiton.i18n.I18n.t; import java.io.File; +import java.nio.ByteBuffer; +import java.nio.CharBuffer; +import java.nio.charset.StandardCharsets; +import java.util.Arrays; import java.util.HashMap; import java.util.Map; @@ -65,7 +69,7 @@ * * Ensure that passphrase are valid before add into. */ - protected Map<String, String> passphraseForKeys; + protected Map<String, char[]> passphraseForKeys; /** Unique agent. */ private static SSHAgent agent = new SSHAgent(); @@ -75,7 +79,7 @@ */ private SSHAgent() { jsch = new JSch(); - passphraseForKeys = new HashMap<String, String>(); + passphraseForKeys = new HashMap<>(); } /** @@ -94,9 +98,9 @@ * @return <tt>null</tt> if there is no passphrase * @throws InvalidPassphraseException if user cancel authentication */ - public String getPassphrase(File privatekeyFile) + public char[] getPassphrase(File privatekeyFile) throws InvalidPassphraseException { - String passphrase = getPassphrase(privatekeyFile.getAbsolutePath()); + char[] passphrase = getPassphrase(privatekeyFile.getAbsolutePath()); return passphrase; } @@ -107,10 +111,10 @@ * @return <tt>null</tt> if there is no passphrase * @throws InvalidPassphraseException if user cancel authentication */ - public String getPassphrase(String privatekeyFile) + public char[] getPassphrase(String privatekeyFile) throws InvalidPassphraseException { - String passphrase = passphraseForKeys.get(privatekeyFile); + char[] passphrase = passphraseForKeys.get(privatekeyFile); if (passphrase == null) { try { @@ -124,7 +128,7 @@ do { passphrase = askPassphrase(privatekeyFile, message); - if (kpair.decrypt(passphrase)) { + if (kpair.decrypt(toBytes(passphrase))) { isValid = true; passphraseForKeys.put(privatekeyFile, passphrase); } else { @@ -149,7 +153,7 @@ * @return entrered passphrase * @throws InvalidPassphraseException if user cancel authentication */ - protected String askPassphrase(String privatekeyFile, String message) + protected char[] askPassphrase(String privatekeyFile, String message) throws InvalidPassphraseException { JPasswordField passwordField = new JPasswordField(); @@ -165,7 +169,24 @@ throw new InvalidPassphraseException("User cancel passphrase ask"); } - return String.valueOf(passwordField.getPassword()); + return passwordField.getPassword(); } + /** + * Transform char array to byte array without creating String instance. + * + * see http://stackoverflow.com/a/9670279/2038100 for details + * + * @param chars char array + * @return byte array + */ + protected static byte[] toBytes(char[] chars) { + CharBuffer charBuffer = CharBuffer.wrap(chars); + ByteBuffer byteBuffer = StandardCharsets.UTF_8.encode(charBuffer); + byte[] bytes = Arrays.copyOfRange(byteBuffer.array(), + byteBuffer.position(), byteBuffer.limit()); + Arrays.fill(charBuffer.array(), '\u0000'); // clear sensitive data + Arrays.fill(byteBuffer.array(), (byte) 0); // clear sensitive data + return bytes; + } } Modified: trunk/src/main/java/fr/ifremer/isisfish/vcs/VCSFactory.java =================================================================== --- trunk/src/main/java/fr/ifremer/isisfish/vcs/VCSFactory.java 2015-05-07 09:43:12 UTC (rev 4219) +++ trunk/src/main/java/fr/ifremer/isisfish/vcs/VCSFactory.java 2015-05-07 09:43:46 UTC (rev 4220) @@ -5,7 +5,7 @@ * $Id$ * $HeadURL$ * %% - * Copyright (C) 2002 - 2011 Ifremer, Code Lutin, Benjamin Poussin, Chatellier Eric + * Copyright (C) 2002 - 2015 Ifremer, Code Lutin, Benjamin Poussin, Chatellier Eric * %% * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as @@ -125,7 +125,7 @@ String host, String path, File sshKeyFile, String login, String password) { VCS result = null; try { - Class clazz = (Class) ConvertUtils.convert(classname, Class.class); + Class<VCS> clazz = (Class<VCS>) ConvertUtils.convert(classname, VCS.class); result = (VCS) ConstructorUtils.invokeConstructor(clazz, new Object[]{dataDir, protocol, host, path, sshKeyFile, login, password}); } catch (Exception eee) { Modified: trunk/src/main/java/fr/ifremer/isisfish/vcs/VCSSVN.java =================================================================== --- trunk/src/main/java/fr/ifremer/isisfish/vcs/VCSSVN.java 2015-05-07 09:43:12 UTC (rev 4219) +++ trunk/src/main/java/fr/ifremer/isisfish/vcs/VCSSVN.java 2015-05-07 09:43:46 UTC (rev 4220) @@ -5,7 +5,7 @@ * $Id$ * $HeadURL$ * %% - * Copyright (C) 2008 - 2011 Ifremer, CodeLutin, Chatellier Eric + * Copyright (C) 2008 - 2015 Ifremer, CodeLutin, Chatellier Eric * %% * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as @@ -30,6 +30,7 @@ import java.io.ByteArrayOutputStream; import java.io.File; import java.io.IOException; +import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; @@ -149,11 +150,13 @@ } String login = getLogin(); - String passwd = getPassword(); + String password = getPassword(); + char[] passwd = password != null ? password.toCharArray() : null; DefaultSVNOptions options = SVNWCUtil.createDefaultOptions(true); + ISVNAuthenticationManager auth; + if (getProtocol().contains("ssh")) { - ISVNAuthenticationManager auth = null; if (sshKeyFile != null && sshKeyFile.canRead()) { @@ -163,7 +166,7 @@ + sshKeyFile.getAbsolutePath()); } - String passphrase = null; + char[] passphrase = null; try { passphrase = SSHAgent.getAgent().getPassphrase(sshKeyFile); } @@ -191,11 +194,13 @@ SVNWCUtil.getDefaultConfigurationDirectory(), login, passwd); } - svnManager = SVNClientManager.newInstance(options, auth); + } else { - svnManager = SVNClientManager.newInstance(options, login, - passwd); + auth = SVNWCUtil.createDefaultAuthenticationManager(login, passwd); } + + svnManager = SVNClientManager.newInstance(options, auth); + } return svnManager; } @@ -804,8 +809,7 @@ String diff = null; - try { - ByteArrayOutputStream byte1 = new ByteArrayOutputStream(); + try (ByteArrayOutputStream byte1 = new ByteArrayOutputStream()) { SVNDiffClient diffClient = getSVNManager().getDiffClient(); diffClient.doDiff(file, // File path1, @@ -817,8 +821,7 @@ byte1, // OutputStream result, null); // Collection changeLists - diff = byte1.toString(); - byte1.close(); + diff = byte1.toString(StandardCharsets.UTF_8.name()); } catch (SVNException e) { throw new VCSException(t("isisfish.vcs.vcssvn.diff.error"), e); Modified: trunk/src/test/java/fr/ifremer/isisfish/util/ssh/SSHAgentTest.java =================================================================== --- trunk/src/test/java/fr/ifremer/isisfish/util/ssh/SSHAgentTest.java 2015-05-07 09:43:12 UTC (rev 4219) +++ trunk/src/test/java/fr/ifremer/isisfish/util/ssh/SSHAgentTest.java 2015-05-07 09:43:46 UTC (rev 4220) @@ -5,7 +5,7 @@ * $Id$ * $HeadURL$ * %% - * Copyright (C) 2009 - 2010 Ifremer, Code Lutin + * Copyright (C) 2009 - 2015 Ifremer, Code Lutin, Chatellier Eric * %% * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as @@ -78,13 +78,13 @@ */ @Test public void testIsValidPassphrase() throws JSchException { - String passphrase = "isispassphrase"; + char[] passphrase = "isispassphrase".toCharArray(); - JSch jsch=new JSch(); - KeyPair kpair=KeyPair.load(jsch, keyFile.getAbsolutePath()); + JSch jsch = new JSch(); + KeyPair kpair = KeyPair.load(jsch, keyFile.getAbsolutePath()); Assert.assertTrue(kpair.isEncrypted()); // cle protegee - Assert.assertTrue(kpair.decrypt(passphrase)); // decodage fonctionne + Assert.assertTrue(kpair.decrypt(SSHAgent.toBytes(passphrase))); // decodage fonctionne } @@ -94,12 +94,12 @@ */ @Test public void testIsNotValidPassphrase() throws JSchException { - String passphrase = "passphare not good"; + char[] passphrase = "passphare not good".toCharArray(); - JSch jsch=new JSch(); - KeyPair kpair=KeyPair.load(jsch, keyFile.getAbsolutePath()); + JSch jsch = new JSch(); + KeyPair kpair = KeyPair.load(jsch, keyFile.getAbsolutePath()); Assert.assertTrue(kpair.isEncrypted()); // cle protegee - Assert.assertFalse(kpair.decrypt(passphrase)); // decodage fonctionne + Assert.assertFalse(kpair.decrypt(SSHAgent.toBytes(passphrase))); // decodage fonctionne } }