Merge pull request #9 from FZachlod/develop

overheadhunter · web-flow · commit 398716266b4d · 2017-03-29T16:55:02.000+02:00
Adding passwordfile option to securely read password for each vault f…
diff --git a/src/main/java/org/cryptomator/cli/Args.java b/src/main/java/org/cryptomator/cli/Args.java
@@ -8,9 +8,14 @@
  *******************************************************************************/
 package org.cryptomator.cli;
 
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
 import java.util.Properties;
 import java.util.Set;
 import java.util.stream.Collectors;
+import java.util.stream.Stream;
 
 import org.apache.commons.cli.CommandLine;
 import org.apache.commons.cli.DefaultParser;
@@ -27,7 +32,8 @@ public class Args {
 	private static final String USAGE = "java -jar cryptomator-cli.jar" //
 			+ " --bind localhost --port 8080" //
 			+ " --vault mySecretVault=/path/to/vault --password mySecretVault=FooBar3000" //
-			+ " --vault myOtherVault=/path/to/other/vault --password myOtherVault=BarFoo4000";
+			+ " --vault myOtherVault=/path/to/other/vault --password myOtherVault=BarFoo4000"
+	        + " --vault myThirdVault=/path/to/third/vault --passwordfile myThirdVault=/path/to/passwordfile";
 	private static final Options OPTIONS = new Options();
 	static {
 		OPTIONS.addOption(Option.builder() //
@@ -56,18 +62,31 @@ public class Args {
 				.valueSeparator() //
 				.hasArgs() //
 				.build());
+		OPTIONS.addOption(Option.builder() //
+				.longOpt("passwordfile") //
+				.argName("Passwordfile for a vault") //
+				.desc("Format must be vaultName=passwordfile") //
+				.valueSeparator() //
+				.hasArgs() //
+				.build());
 	}
 
 	private final String bindAddr;
 	private final int port;
 	private final Properties vaultPaths;
 	private final Properties vaultPasswords;
+	private final Properties vaultPasswordFiles;
+
+	private boolean hasPasswordOrPasswordFile(Object vaultPath) {
+		return vaultPasswords.containsKey(vaultPath) || vaultPasswordFiles.containsKey(vaultPath);
+	}
 
 	public Args(CommandLine commandLine) throws ParseException {
 		this.bindAddr = commandLine.getOptionValue("bind", "localhost");
 		this.port = Integer.parseInt(commandLine.getOptionValue("port", "0"));
 		this.vaultPaths = commandLine.getOptionProperties("vault");
 		this.vaultPasswords = commandLine.getOptionProperties("password");
+		this.vaultPasswordFiles = commandLine.getOptionProperties("passwordfile");
 	}
 
 	public String getBindAddr() {
@@ -79,14 +98,29 @@ public int getPort() {
 	}
 
 	public Set<String> getVaultNames() {
-		return vaultPaths.keySet().stream().filter(vaultPasswords::containsKey).map(String.class::cast).collect(Collectors.toSet());
+		return vaultPaths.keySet().stream().filter(this::hasPasswordOrPasswordFile).map(String.class::cast).collect(Collectors.toSet());
 	}
 
 	public String getVaultPath(String vaultName) {
 		return vaultPaths.getProperty(vaultName);
 	}
 
+	public String getVaultPasswordPath(String vaultName) {
+		return vaultPasswordFiles.getProperty(vaultName);
+	}
+
 	public String getVaultPassword(String vaultName) {
+		if (vaultPasswords.getProperty(vaultName) == null){
+			Path vaultPasswordPath = Paths.get(vaultPasswordFiles.getProperty(vaultName));
+			if (Files.isReadable(vaultPasswordPath) && Files.isRegularFile(vaultPasswordPath)){
+				try (Stream<String> lines = Files.lines(vaultPasswordPath)) {
+					return lines.findFirst().get().toString();
+				} catch (IOException e) {
+					return null;
+				}
+			}
+			return null;
+		}
 		return vaultPasswords.getProperty(vaultName);
 	}
 
diff --git a/src/main/java/org/cryptomator/cli/CryptomatorCli.java b/src/main/java/org/cryptomator/cli/CryptomatorCli.java
@@ -49,6 +49,9 @@ private static void validate(Args args) throws IllegalArgumentException {
 
 		for (String vaultName : args.getVaultNames()) {
 			Path vaultPath = Paths.get(args.getVaultPath(vaultName));
+			if ((args.getVaultPasswordPath(vaultName) != null) && args.getVaultPassword(vaultName) == null) {
+				throw new IllegalArgumentException("Cannot read password from file: " + Paths.get(args.getVaultPasswordPath(vaultName)));
+			}
 			if (!Files.isDirectory(vaultPath)) {
 				throw new IllegalArgumentException("Not a directory: " + vaultPath);
 			}

Original file line number	Diff line number	Diff line change
`@@ -49,6 +49,9 @@ private static void validate(Args args) throws IllegalArgumentException {`
`49`	`49`
`50`	`50`	`for (String vaultName : args.getVaultNames()) {`
`51`	`51`	`Path vaultPath = Paths.get(args.getVaultPath(vaultName));`
	`52`	`+ if ((args.getVaultPasswordPath(vaultName) != null) && args.getVaultPassword(vaultName) == null) {`
	`53`	`+ throw new IllegalArgumentException("Cannot read password from file: " + Paths.get(args.getVaultPasswordPath(vaultName)));`
	`54`	`+ }`
`52`	`55`	`if (!Files.isDirectory(vaultPath)) {`
`53`	`56`	`throw new IllegalArgumentException("Not a directory: " + vaultPath);`
`54`	`57`	`}`