SCANMAVEN-217 Fix broken integration with maven encrypted secret (#221)

Co-authored-by: Evgeny Mandrikov <[email protected]>

its/src/test/java/com/sonar/maven/it/suite/MavenTest.java

@@ -24,10 +24,13 @@
 import com.sonar.orchestrator.build.BuildRunner;
 import com.sonar.orchestrator.build.MavenBuild;
 import java.io.File;
+import java.nio.file.Files;
 import java.nio.file.Path;
+import java.nio.file.Paths;
 import java.util.Map;
 import org.apache.commons.io.FileUtils;
 import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.io.TempDir;
 import org.sonarqube.ws.Components;
@@ -425,21 +428,64 @@ void shouldSkipWithEnvVar() {
    */
   @Test
   void supportMavenEncryption() throws Exception {
-    wsClient.settings().set(new SetRequest().setKey("sonar.forceAuthentication").setValue("true"));
-    wsClient.users().create(new CreateRequest().setLogin("julien").setName("Julien").setPassword("123abc"));
+    Assertions.assertDoesNotThrow(() -> {
+      wsClient.settings().set(new SetRequest().setKey("sonar.forceAuthentication").setValue("true"));
+      wsClient.users().create(new CreateRequest().setLogin("julien").setName("Julien").setPassword("123abc"));
+
+      MavenBuild build = MavenBuild.create(ItUtils.locateProjectPom("maven/maven-only-test-dir"))
+              .setGoals(cleanSonarGoal());
+
+      File securityXml = new File(this.getClass().getResource("/security-settings.xml").toURI());
+      File settingsXml = new File(this.getClass().getResource("/settings-with-encrypted-sonar-password.xml").toURI());
+
+      build.addArgument("--settings=" + settingsXml.getAbsolutePath());
+      // MNG-4853
+      build.addArgument("-Dsettings.security=" + securityXml.getAbsolutePath());
+      build.setProperty("sonar.login", "julien");
+      build.addArgument("-Psonar-password");
+      ORCHESTRATOR.executeBuild(build);
+    });
+  }
 
-    MavenBuild build = MavenBuild.create(ItUtils.locateProjectPom("maven/maven-only-test-dir"))
-      .setGoals(cleanSonarGoal());
+  @Test
+  void supportMavenEncryptionWithDefaultSecuritySettings() throws Exception {
+    // Should fail because settings-security.xml is missing
+    Assertions.assertThrows(Exception.class, () -> {
+      wsClient.settings().set(new SetRequest().setKey("sonar.forceAuthentication").setValue("true"));
+      wsClient.users().create(new CreateRequest().setLogin("julien3").setName("Julien3").setPassword("123abc"));
 
-    File securityXml = new File(this.getClass().getResource("/security-settings.xml").toURI());
-    File settingsXml = new File(this.getClass().getResource("/settings-with-encrypted-sonar-password.xml").toURI());
+      MavenBuild build = MavenBuild.create(ItUtils.locateProjectPom("maven/maven-only-test-dir"))
+              .setGoals(cleanSonarGoal());
 
-    build.addArgument("--settings=" + settingsXml.getAbsolutePath());
-    // MNG-4853
-    build.addArgument("-Dsettings.security=" + securityXml.getAbsolutePath());
-    build.setProperty("sonar.login", "julien");
-    build.addArgument("-Psonar-password");
-    ORCHESTRATOR.executeBuild(build);
-  }
+      File settingsXml = new File(this.getClass().getResource("/settings-with-encrypted-sonar-password.xml").toURI());
+
+      build.addArgument("--settings=" + settingsXml.getAbsolutePath());
 
+      build.setProperty("sonar.login", "julien3");
+      build.addArgument("-Psonar-password");
+      ORCHESTRATOR.executeBuild(build);
+    });
+
+    Assertions.assertDoesNotThrow(() -> {
+      wsClient.settings().set(new SetRequest().setKey("sonar.forceAuthentication").setValue("true"));
+      wsClient.users().create(new CreateRequest().setLogin("julien2").setName("Julien2").setPassword("123abc"));
+
+      MavenBuild build = MavenBuild.create(ItUtils.locateProjectPom("maven/maven-only-test-dir"))
+              .setGoals(cleanSonarGoal());
+
+      File securityXml = new File(this.getClass().getResource("/security-settings.xml").toURI());
+      File settingsXml = new File(this.getClass().getResource("/settings-with-encrypted-sonar-password.xml").toURI());
+
+      // Adding ~/.m2/settings-security.xml
+      String userHomeDir = System.getProperty("user.home");
+      Path defaultPath = Paths.get(userHomeDir, ".m2", "settings-security.xml");
+      Files.copy(securityXml.toPath(), defaultPath);
+
+      build.addArgument("--settings=" + settingsXml.getAbsolutePath());
+
+      build.setProperty("sonar.login", "julien2");
+      build.addArgument("-Psonar-password");
+      ORCHESTRATOR.executeBuild(build);
+    });
+  }
 }

pom.xml

@@ -78,7 +78,11 @@
   </distributionManagement>
 
   <properties>
-    <mavenVersion>3.9.4</mavenVersion>
+    <!--
+      We can't update the Maven core dependencies unless we remove the dependency on SecDispatcher
+      For more details see this ticket https://sonarsource.atlassian.net/browse/SCANMAVEN-222
+    -->
+    <mavenVersion>3.6.3</mavenVersion>
     <mojo.java.target>11</mojo.java.target>
     <maven.compiler.release>11</maven.compiler.release>
     <sonar.exclusions>src/main/java/org/apache/maven/shared/dependency/tree/DependencyTreeResolutionListener.java,target/generated-sources/**/*</sonar.exclusions>
@@ -111,9 +115,9 @@
       <scope>provided</scope>
     </dependency>
     <dependency>
-      <groupId>org.codehaus.plexus</groupId>
+      <groupId>org.sonatype.plexus</groupId>
       <artifactId>plexus-sec-dispatcher</artifactId>
-      <version>2.0</version>
+      <version>1.4</version>
     </dependency>
 
     <dependency>
@@ -185,12 +189,6 @@
       <version>${mavenVersion}</version>
       <scope>test</scope>
     </dependency>
-    <dependency>
-      <groupId>org.apache.maven</groupId>
-      <artifactId>maven-compat</artifactId>
-      <version>${mavenVersion}</version>
-      <scope>test</scope>
-    </dependency>
   </dependencies>
 
   <build>

src/main/java/org/sonarsource/scanner/maven/SonarQubeMojo.java

@@ -67,7 +67,7 @@ public class SonarQubeMojo extends AbstractMojo {
   @Component
   private LifecycleExecutor lifecycleExecutor;
 
-  @Component(role = SecDispatcher.class, hint = "default")
+  @Component(hint = "mng-4384")
   private SecDispatcher securityDispatcher;
 
   @Component

src/main/resources/META-INF/plexus/components.xml

@@ -0,0 +1,24 @@
+<component-set>
+    <components>
+        <component>
+            <role>org.sonatype.plexus.components.sec.dispatcher.SecDispatcher</role>
+            <role-hint>mng-4384</role-hint>
+            <implementation>org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher</implementation>
+            <requirements>
+                <requirement>
+                    <role>org.sonatype.plexus.components.cipher.PlexusCipher</role>
+                    <role-hint>mng-4384</role-hint>
+                    <field-name>_cipher</field-name>
+                </requirement>
+            </requirements>
+            <configuration>
+                <_configuration-file>~/.m2/settings-security.xml</_configuration-file>
+            </configuration>
+        </component>
+        <component>
+            <role>org.sonatype.plexus.components.cipher.PlexusCipher</role>
+            <role-hint>mng-4384</role-hint>
+            <implementation>org.sonatype.plexus.components.cipher.DefaultPlexusCipher</implementation>
+        </component>
+    </components>
+</component-set>