Report is fallback possible

Author: cstamas

src/main/java/org/codehaus/plexus/components/secdispatcher/internal/DefaultSecDispatcher.java

@@ -212,6 +212,27 @@ public ValidationResponse validateConfiguration() {
                             valid = true;
                             report.computeIfAbsent(ValidationResponse.Level.INFO, k -> new ArrayList<>())
                                     .add("Default dispatcher " + defaultDispatcher + " configuration is valid");
+
+                            Dispatcher legacy = dispatchers.get(LegacyDispatcher.NAME);
+                            if (legacy == null) {
+                                report.computeIfAbsent(ValidationResponse.Level.INFO, k -> new ArrayList<>())
+                                        .add("Legacy dispatcher not present in system");
+                            } else {
+                                // legacy is just "informational" does not affect overall status; merely allows fallback
+                                report.computeIfAbsent(ValidationResponse.Level.INFO, k -> new ArrayList<>())
+                                        .add("Legacy dispatcher present in system");
+                                ValidationResponse legacyResponse =
+                                        legacy.validateConfiguration(prepareDispatcherConfig(LegacyDispatcher.NAME));
+                                subsystems.add(legacyResponse);
+                                if (!legacyResponse.isValid()) {
+                                    report.computeIfAbsent(ValidationResponse.Level.WARNING, k -> new ArrayList<>())
+                                            .add(
+                                                    "Legacy dispatcher not operational; transparent fallback not possible");
+                                } else {
+                                    report.computeIfAbsent(ValidationResponse.Level.INFO, k -> new ArrayList<>())
+                                            .add("Legacy dispatcher is operational; transparent fallback possible");
+                                }
+                            }
                         }
                     }
                 }

src/main/java/org/codehaus/plexus/components/secdispatcher/internal/dispatchers/LegacyDispatcher.java

@@ -31,8 +31,10 @@
 import java.security.InvalidKeyException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
+import java.util.ArrayList;
 import java.util.Base64;
 import java.util.Collection;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
@@ -94,25 +96,42 @@ public EncryptPayload encrypt(String str, Map<String, String> attributes, Map<St
     public String decrypt(String str, Map<String, String> attributes, Map<String, String> config)
             throws SecDispatcherException {
         try {
-            return legacyCipher.decrypt64(str, getMasterPassword());
+            String masterPassword = getMasterPassword();
+            if (masterPassword == null) {
+                throw new SecDispatcherException("Master password could not be obtained");
+            }
+            return legacyCipher.decrypt64(str, masterPassword);
         } catch (PlexusCipherException e) {
             throw new SecDispatcherException("Decrypt failed", e);
         }
     }
 
     @Override
     public SecDispatcher.ValidationResponse validateConfiguration(Map<String, String> config) {
-        return new SecDispatcher.ValidationResponse(
-                getClass().getSimpleName(),
-                false,
-                Map.of(
-                        SecDispatcher.ValidationResponse.Level.ERROR,
-                        List.of("This dispatcher cannot and must not be directly used via configuration")),
-                List.of());
+        HashMap<SecDispatcher.ValidationResponse.Level, List<String>> report = new HashMap<>();
+        boolean valid = false;
+        try {
+            String mp = getMasterPassword();
+            if (mp == null) {
+                report.computeIfAbsent(SecDispatcher.ValidationResponse.Level.ERROR, k -> new ArrayList<>())
+                        .add("Master Password not found");
+            } else {
+                report.computeIfAbsent(SecDispatcher.ValidationResponse.Level.INFO, k -> new ArrayList<>())
+                        .add("Master Password found and decrypted");
+                valid = true;
+            }
+        } catch (PlexusCipherException e) {
+            report.computeIfAbsent(SecDispatcher.ValidationResponse.Level.ERROR, k -> new ArrayList<>())
+                    .add("Master Password could not be decrypted");
+        }
+        return new SecDispatcher.ValidationResponse(getClass().getSimpleName(), valid, report, List.of());
     }
 
     private String getMasterPassword() throws SecDispatcherException {
         String encryptedMasterPassword = getMasterMasterPasswordFromSettingsSecurityXml();
+        if (encryptedMasterPassword == null) {
+            return null;
+        }
         return legacyCipher.decrypt64(plexusCipher.unDecorate(encryptedMasterPassword), MASTER_MASTER_PASSWORD);
     }
 
@@ -133,7 +152,7 @@ private String getMasterMasterPasswordFromSettingsSecurityXml() {
                 // just ignore whatever it is
             }
         }
-        throw new SecDispatcherException("Could not locate legacy master password: " + xml);
+        return null;
     }
 
     private static final class LegacyCipher {

src/test/java/org/codehaus/plexus/components/secdispatcher/internal/DefaultSecDispatcherTest.java

@@ -23,6 +23,7 @@
 import org.codehaus.plexus.components.cipher.internal.AESGCMNoPadding;
 import org.codehaus.plexus.components.cipher.internal.DefaultPlexusCipher;
 import org.codehaus.plexus.components.secdispatcher.SecDispatcher;
+import org.codehaus.plexus.components.secdispatcher.internal.dispatchers.LegacyDispatcher;
 import org.codehaus.plexus.components.secdispatcher.internal.dispatchers.MasterDispatcher;
 import org.codehaus.plexus.components.secdispatcher.internal.sources.EnvMasterSource;
 import org.codehaus.plexus.components.secdispatcher.internal.sources.GpgAgentMasterSource;
@@ -84,11 +85,11 @@ void validate() throws Exception {
         SecDispatcher.ValidationResponse response = secDispatcher.validateConfiguration();
         assertTrue(response.isValid());
         // secDispatcher
-        assertTrue(response.getReport().size() == 1);
-        assertTrue(response.getSubsystems().size() == 1);
+        assertEquals(1, response.getReport().size());
+        assertEquals(2, response.getSubsystems().size());
         // master dispatcher
-        assertTrue(response.getSubsystems().get(0).getReport().size() == 1);
-        assertTrue(response.getSubsystems().get(0).getSubsystems().size() == 1);
+        assertEquals(1, response.getSubsystems().get(0).getReport().size());
+        assertEquals(1, response.getSubsystems().get(0).getSubsystems().size());
         // master source
         assertTrue(response.getSubsystems()
                         .get(0)
@@ -109,7 +110,7 @@ void validate() throws Exception {
     protected void roundtrip() throws Exception {
         DefaultSecDispatcher sd = construct();
 
-        assertEquals(1, sd.availableDispatchers().size());
+        assertEquals(2, sd.availableDispatchers().size());
         String encrypted = sd.encrypt("supersecret", Map.of(SecDispatcher.DISPATCHER_NAME_ATTR, "master", "a", "b"));
         // example:
         // {[name=master,cipher=AES/GCM/NoPadding,a=b]vvq66pZ7rkvzSPStGTI9q4QDnsmuDwo+LtjraRel2b0XpcGJFdXcYAHAS75HUA6GLpcVtEkmyQ==}
@@ -136,7 +137,9 @@ protected DefaultSecDispatcher construct() {
                                         SystemPropertyMasterSource.NAME,
                                         new SystemPropertyMasterSource(),
                                         GpgAgentMasterSource.NAME,
-                                        new GpgAgentMasterSource()))),
+                                        new GpgAgentMasterSource())),
+                        "legacy",
+                        new LegacyDispatcher(dpc)),
                 CONFIG_PATH);
     }
 }