Make sure Dispatcher gets non-null attributes and conf

Also, pass on masterPassword (if possible, exists) to
Dispatcher.

Author: cstamas

src/main/java/org/codehaus/plexus/components/secdispatcher/internal/DefaultSecDispatcher.java

@@ -68,21 +68,20 @@ public String encrypt(String str, Map<String, String> attr) throws SecDispatcher
 
         try {
             String res;
-            SettingsSecurity sec = getSec();
             if (attr == null || attr.get(DISPATCHER_NAME_ATTR) == null) {
-                String master = getMaster(sec);
+                SettingsSecurity sec = getConfiguration(true);
+                String master = getMasterPassword(sec, true);
                 res = cipher.encrypt(str, master);
             } else {
                 String type = attr.get(DISPATCHER_NAME_ATTR);
-                Map<String, String> conf = SecUtil.getConfig(sec, type);
                 Dispatcher dispatcher = dispatchers.get(type);
                 if (dispatcher == null) throw new SecDispatcherException("no dispatcher for name " + type);
                 res = ATTR_START
                         + attr.entrySet().stream()
                                 .map(e -> e.getKey() + "=" + e.getValue())
                                 .collect(Collectors.joining(","))
                         + ATTR_STOP;
-                res += dispatcher.encrypt(str, attr, conf);
+                res += dispatcher.encrypt(str, attr, prepareDispatcherConfig(type));
             }
             return cipher.decorate(res);
         } catch (PlexusCipherException e) {
@@ -96,23 +95,35 @@ public String decrypt(String str) throws SecDispatcherException {
         try {
             String bare = cipher.unDecorate(str);
             Map<String, String> attr = stripAttributes(bare);
-            SettingsSecurity sec = getSec();
             if (attr == null || attr.get(DISPATCHER_NAME_ATTR) == null) {
-                String master = getMaster(sec);
+                SettingsSecurity sec = getConfiguration(true);
+                String master = getMasterPassword(sec, true);
                 return cipher.decrypt(bare, master);
             } else {
                 String type = attr.get(DISPATCHER_NAME_ATTR);
-                Map<String, String> conf = SecUtil.getConfig(sec, type);
                 Dispatcher dispatcher = dispatchers.get(type);
                 if (dispatcher == null) throw new SecDispatcherException("no dispatcher for name " + type);
-                String pass = strip(bare);
-                return dispatcher.decrypt(pass, attr, conf);
+                return dispatcher.decrypt(strip(bare), attr, prepareDispatcherConfig(type));
             }
         } catch (PlexusCipherException e) {
             throw new SecDispatcherException(e.getMessage(), e);
         }
     }
 
+    private Map<String, String> prepareDispatcherConfig(String type) {
+        HashMap<String, String> dispatcherConf = new HashMap<>();
+        SettingsSecurity sec = getConfiguration(false);
+        String master = getMasterPassword(sec, false);
+        if (master != null) {
+            dispatcherConf.put(Dispatcher.CONF_MASTER_PASSWORD, master);
+        }
+        Map<String, String> conf = SecUtil.getConfig(sec, type);
+        if (conf != null) {
+            dispatcherConf.putAll(conf);
+        }
+        return dispatcherConf;
+    }
+
     private String strip(String str) {
         int start = str.indexOf(ATTR_START);
         int stop = str.indexOf(ATTR_STOP);
@@ -151,27 +162,31 @@ private boolean isEncryptedString(String str) {
         return cipher.isEncryptedString(str);
     }
 
-    private SettingsSecurity getSec() throws SecDispatcherException {
+    private SettingsSecurity getConfiguration(boolean mandatory) throws SecDispatcherException {
         String location = System.getProperty(SYSTEM_PROPERTY_CONFIGURATION_LOCATION, getConfigurationFile());
-        String realLocation =
-                location.charAt(0) == '~' ? System.getProperty("user.home") + location.substring(1) : location;
-
-        SettingsSecurity sec = SecUtil.read(realLocation, true);
-
-        if (sec == null)
-            throw new SecDispatcherException(
-                    "cannot retrieve master password. Please check that " + realLocation + " exists and has data");
+        location = location.charAt(0) == '~' ? System.getProperty("user.home") + location.substring(1) : location;
+        SettingsSecurity sec = SecUtil.read(location, true);
+        if (mandatory && sec == null)
+            throw new SecDispatcherException("Please check that configuration file on path " + location + " exists");
 
         return sec;
     }
 
-    private String getMaster(SettingsSecurity sec) throws SecDispatcherException {
+    private String getMasterPassword(SettingsSecurity sec, boolean mandatory) throws SecDispatcherException {
+        if (sec == null && !mandatory) {
+            return null;
+        }
+        requireNonNull(sec, "configuration is null");
         String masterSource = requireNonNull(sec.getMasterSource(), "masterSource is null");
         for (MasterPasswordSource masterPasswordSource : masterPasswordSources.values()) {
-            String master = masterPasswordSource.handle(masterSource);
-            if (master != null) return master;
+            String masterPassword = masterPasswordSource.handle(masterSource);
+            if (masterPassword != null) return masterPassword;
+        }
+        if (mandatory) {
+            throw new SecDispatcherException("master password could not be fetched");
+        } else {
+            return null;
         }
-        throw new SecDispatcherException("master password could not be fetched");
     }
 
     public String getConfigurationFile() {

src/main/java/org/codehaus/plexus/components/secdispatcher/internal/Dispatcher.java

@@ -25,12 +25,18 @@
  *
  */
 public interface Dispatcher {
+    /**
+     * Configuration key for masterPassword. It may be present, if SecDispatcher could
+     * obtain it, but presence is not optional.
+     */
+    String CONF_MASTER_PASSWORD = "masterPassword";
+
     /**
      * encrypt given plaintext string
      *
      * @param str string to encrypt
      * @param attributes attributes, never {@code null}
-     * @param config configuration from settings-security.xml, may be {@code null}
+     * @param config configuration from settings-security.xml, never {@code null}
      * @return encrypted string
      */
     String encrypt(String str, Map<String, String> attributes, Map<String, String> config)
@@ -41,7 +47,7 @@ String encrypt(String str, Map<String, String> attributes, Map<String, String> c
      *
      * @param str string to decrypt
      * @param attributes attributes, never {@code null}
-     * @param config configuration from settings-security.xml, may be {@code null}
+     * @param config configuration from settings-security.xml, never {@code null}
      * @return decrypted string
      */
     String decrypt(String str, Map<String, String> attributes, Map<String, String> config)

src/main/java/org/codehaus/plexus/components/secdispatcher/internal/MasterPasswordSource.java

@@ -26,6 +26,10 @@ public interface MasterPasswordSource {
      *     <li>if master password retrieval was attempted, but failed throw {@link SecDispatcherException}</li>
      *     <li>happy path: return the master password.</li>
      * </ul>
+     *
+     * @param masterSource the source of master password, and opaque string.
+     * @return the master password, or {@code null} if implementation does not handle this masterSource
+     * @throws SecDispatcherException If implementation does handle this masterSource, but cannot obtain it
      */
-    String handle(String uri) throws SecDispatcherException;
+    String handle(String masterSource) throws SecDispatcherException;
 }

src/main/java/org/codehaus/plexus/components/secdispatcher/internal/SecUtil.java

@@ -13,10 +13,13 @@
 
 package org.codehaus.plexus.components.secdispatcher.internal;
 
+import javax.xml.stream.XMLStreamException;
+
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.URL;
 import java.nio.file.Files;
+import java.nio.file.NoSuchFileException;
 import java.nio.file.Paths;
 import java.util.HashMap;
 import java.util.List;
@@ -28,6 +31,8 @@
 import org.codehaus.plexus.components.secdispatcher.model.SettingsSecurity;
 import org.codehaus.plexus.components.secdispatcher.model.io.stax.SecurityConfigurationStaxReader;
 
+import static java.util.Objects.requireNonNull;
+
 /**
  *
  *
@@ -44,68 +49,57 @@ public class SecUtil {
 
     public static SettingsSecurity read(String location, boolean cycle) throws SecDispatcherException {
         if (location == null) throw new SecDispatcherException("location to read from is null");
-
         SettingsSecurity sec;
-
         try {
             try (InputStream in = toStream(location)) {
                 sec = new SecurityConfigurationStaxReader().read(in);
             }
-
             if (cycle && sec.getRelocation() != null) return read(sec.getRelocation(), true);
-
             return sec;
-        } catch (Exception e) {
-            throw new SecDispatcherException(e.getMessage(), e);
+        } catch (NoSuchFileException e) {
+            return null;
+        } catch (IOException e) {
+            throw new SecDispatcherException("IO Problem", e);
+        } catch (XMLStreamException e) {
+            throw new SecDispatcherException("Parsing error", e);
         }
     }
-    // ---------------------------------------------------------------------------------------------------------------
-    private static InputStream toStream(String resource) throws IOException {
-        if (resource == null) return null;
 
+    private static InputStream toStream(String resource) throws IOException {
+        requireNonNull(resource, "resource is null");
         int ind = resource.indexOf(PROTOCOL_DELIM);
-
         if (ind > 1) {
             String protocol = resource.substring(0, ind);
             resource = resource.substring(ind + PROTOCOL_DELIM_LEN);
-
             for (String p : URL_PROTOCOLS) {
                 if (protocol.regionMatches(true, 0, p, 0, p.length())) {
                     return new URL(p + PROTOCOL_DELIM + resource).openStream();
                 }
             }
         }
-
         return Files.newInputStream(Paths.get(resource));
     }
-    // ---------------------------------------------------------------------------------------------------------------
-    public static Map<String, String> getConfig(SettingsSecurity sec, String name) {
-        if (name == null) return null;
 
-        List<Config> cl = sec.getConfigurations();
-
-        if (cl == null || cl.isEmpty()) return null;
-
-        for (Config cf : cl) {
-            if (!name.equals(cf.getName())) {
-                continue;
-            }
-
-            List<ConfigProperty> pl = cf.getProperties();
-
-            if (pl == null || pl.isEmpty()) {
-                return null;
-            }
-
-            Map<String, String> res = new HashMap<>(pl.size());
-
-            for (ConfigProperty p : pl) {
-                res.put(p.getName(), p.getValue());
+    public static Map<String, String> getConfig(SettingsSecurity sec, String name) {
+        if (sec != null && name != null) {
+            List<Config> cl = sec.getConfigurations();
+            if (!cl.isEmpty()) {
+                for (Config cf : cl) {
+                    if (!name.equals(cf.getName())) {
+                        continue;
+                    }
+                    List<ConfigProperty> pl = cf.getProperties();
+                    if (pl.isEmpty()) {
+                        break;
+                    }
+                    Map<String, String> res = new HashMap<>(pl.size());
+                    for (ConfigProperty p : pl) {
+                        res.put(p.getName(), p.getValue());
+                    }
+                    return res;
+                }
             }
-
-            return res;
         }
-
         return null;
     }
 }

src/test/java/org/codehaus/plexus/components/secdispatcher/internal/DefaultSecDispatcherTest.java

@@ -21,6 +21,7 @@
 
 import org.codehaus.plexus.components.cipher.internal.DefaultPlexusCipher;
 import org.codehaus.plexus.components.secdispatcher.SecDispatcher;
+import org.codehaus.plexus.components.secdispatcher.SecDispatcherException;
 import org.codehaus.plexus.components.secdispatcher.internal.dispatcher.StaticDispatcher;
 import org.codehaus.plexus.components.secdispatcher.internal.sources.EnvMasterPasswordSource;
 import org.codehaus.plexus.components.secdispatcher.internal.sources.GpgAgentMasterPasswordSource;
@@ -172,4 +173,40 @@ void testDecryptWithDispatcher() throws Exception {
         assertNotNull(pass);
         assertEquals("decrypted", pass);
     }
+
+    @Test
+    void testDecryptWithDispatcherConf() throws Exception {
+        String bare = Base64.getEncoder().encodeToString("whatever".getBytes(StandardCharsets.UTF_8));
+        DefaultSecDispatcher sd = new DefaultSecDispatcher(
+                new DefaultPlexusCipher(),
+                Map.of("static", new StaticMasterPasswordSource(masterPassword)),
+                Map.of("magic", new Dispatcher() {
+                    @Override
+                    public String encrypt(String str, Map<String, String> attributes, Map<String, String> config)
+                            throws SecDispatcherException {
+                        throw new IllegalStateException("should not be called");
+                    }
+
+                    @Override
+                    public String decrypt(String str, Map<String, String> attributes, Map<String, String> config)
+                            throws SecDispatcherException {
+                        assertEquals(bare, str);
+                        assertEquals(2, attributes.size());
+                        assertEquals("magic", attributes.get(SecDispatcher.DISPATCHER_NAME_ATTR));
+                        assertEquals("value", attributes.get("key"));
+
+                        assertEquals(1, config.size());
+                        assertEquals(masterPassword, config.get(Dispatcher.CONF_MASTER_PASSWORD));
+
+                        return "magic";
+                    }
+                }),
+                DefaultSecDispatcher.DEFAULT_CONFIGURATION);
+
+        assertEquals(Set.of("magic"), sd.availableDispatchers());
+        String pass = sd.decrypt("{" + "[key=value," + SecDispatcher.DISPATCHER_NAME_ATTR + "=magic]"
+                + Base64.getEncoder().encodeToString("whatever".getBytes(StandardCharsets.UTF_8)) + "}");
+        assertNotNull(pass);
+        assertEquals("magic", pass);
+    }
 }