Merge branch 'develop'

.gitlab-ci.yml

@@ -1,3 +1,6 @@
+variables:
+  ALLOW_QUALITY_GATE_FAILURE: 'false'
+
 stages:
   - build
   - test
@@ -27,8 +30,8 @@ cache:
     SONAR_DOMAIN:
       vault: Sonar/domain@Build-Environment
       file: false
-    SONAR_LOGIN:
-      vault: Sonar/access-key@Build-Environment
+    SONAR_TOKEN:
+      vault: Sonar/token@Build-Environment
       file: false
     SONATYPE_OSSRH_SIGN_KEY_NAME:
       vault: sonatype-ossrh-signing/name@Build-Environment
@@ -65,7 +68,7 @@ unit test:
   extends: .job-template
   stage: test
   needs:
-    - build
+    - job: build
   script:
     - mvn test
     - mvn jacoco:report
@@ -83,7 +86,7 @@ integration test:
   extends: .job-template
   stage: test
   needs:
-    - build
+    - job: build
   script:
     - mvn verify
     - mvn jacoco:report-integration
@@ -100,7 +103,7 @@ dependencies check:
   extends: .job-template
   stage: report
   needs:
-    - build
+    - job: build
   script:
     - mvn dependency-check:check
   artifacts:
@@ -111,46 +114,51 @@ sonar:
   extends: .job-template
   stage: analyze
   needs:
-    - build
-    - unit test
-    - integration test
-    - dependencies check
+    - job: build
+    - job: unit test
+    - job: integration test
+    - job: dependencies check
   script:
-    - mvn -Dsonar.scm.revision=$CI_COMMIT_SHORT_SHA -Dsonar.branch.name=$CI_COMMIT_REF_NAME sonar:sonar
+    - mvn -Dsonar.scm.revision=$CI_COMMIT_SHA -Dsonar.branch.name=$CI_COMMIT_REF_NAME sonar:sonar
+  rules:
+    - if: $ALLOW_QUALITY_GATE_FAILURE == 'true' || ($CI_COMMIT_TAG == null && $CI_COMMIT_REF_NAME != 'main' && $CI_COMMIT_REF_NAME != 'develop')
+      when: on_success
+      allow_failure: true
+    - allow_failure: false
 
 deploy development:
   extends: .job-template
   stage: deploy
   needs:
-    - build
-    - unit test
-    - integration test
+    - job: build
+    - job: sonar
+      artifacts: false
   except:
-    - master
+    - tags
   script:
     - mvn -Pdevelopment deploy -DskipTests
 
 deploy release:
   extends: .job-template
   stage: deploy
   needs:
-    - build
-    - unit test
-    - integration test
+    - job: build
+    - job: sonar
+      artifacts: false
   only:
-    - master
+    - tags
   script:
     - mvn -Prelease deploy -DskipTests
 
 rollout:
   extends: .job-template
   stage: rollout
   needs:
-    - build
-    - unit test
-    - integration test
+    - job: build
+    - job: sonar
+      artifacts: false
   only:
-    - master
+    - tags
   when: manual
   script:
     - mvn -Prollout deploy -DskipTests -Dgpg.keyname=$SONATYPE_OSSRH_SIGN_KEY_NAME -Dgpg.passphrase=$SONATYPE_OSSRH_SIGN_KEY_PASSPHRASE

README.md

@@ -1,4 +1,4 @@
-[![Build Status](https://travis-ci.com/dracoon/dracoon-java-crypto-sdk.svg?branch=master)](https://travis-ci.org/dracoon/)
+[![Build Status](https://travis-ci.com/dracoon/dracoon-java-crypto-sdk.svg?branch=main)](https://travis-ci.org/dracoon/)
 [![Maven Central](https://maven-badges.herokuapp.com/maven-central/com.dracoon/dracoon-crypto-sdk/badge.svg)](https://maven-badges.herokuapp.com/maven-central/com.dracoon/dracoon-crypto-sdk)
 # Dracoon Java Crypto SDK
 
@@ -23,13 +23,13 @@ Maven: Add this dependency to your pom.xml:
 <dependency>
     <groupId>com.dracoon</groupId>
     <artifactId>dracoon-crypto-sdk</artifactId>
-    <version>2.0.3</version>
+    <version>2.1.0</version>
 </dependency>
 ```
 
 Gradle: Add this dependency to your build.gradle:
 ```groovy
-compile 'com.dracoon:dracoon-crypto-sdk:2.0.3'
+compile 'com.dracoon:dracoon-crypto-sdk:2.1.0'
 ```
 
 JAR import: The latest JAR can be found [here](

configure_maven.sh

@@ -20,8 +20,8 @@ if [ -z "${SONAR_DOMAIN}" ]; then
     exit 4
 fi
 
-if [ -z "${SONAR_LOGIN}" ]; then
-    echo "Environment variable SONAR_LOGIN is not set. Aborting ..."
+if [ -z "${SONAR_TOKEN}" ]; then
+    echo "Environment variable SONAR_TOKEN is not set. Aborting ..."
     exit 5
 fi
 

dependency-check-suppressions.xml

@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+</suppressions>

pom.xml

@@ -7,9 +7,9 @@
 
     <groupId>com.dracoon</groupId>
     <artifactId>dracoon-crypto-sdk</artifactId>
-    <version>2.0.3</version>
+    <version>2.1.0</version>
 
-    <name>dracoon-crypto-sdk</name>
+    <name>Dracoon Crypto SDK</name>
     <description>A library which implements the client-side encryption of Dracoon.</description>
     <url>https://github.com/dracoon/dracoon-java-crypto-sdk</url>
 
@@ -46,47 +46,50 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 
         <!-- plugin versions -->
-        <maven-compiler-plugin.version>3.8.1</maven-compiler-plugin.version>
+        <maven-compiler-plugin.version>3.11.0</maven-compiler-plugin.version>
         <maven-source-plugin.version>3.2.1</maven-source-plugin.version>
-        <maven-javadoc-plugin.version>2.10.4</maven-javadoc-plugin.version>
-        <maven-surefire-plugin.version>2.22.2</maven-surefire-plugin.version>
-        <maven-failsafe-plugin.version>2.22.2</maven-failsafe-plugin.version>
+        <maven-javadoc-plugin.version>3.5.0</maven-javadoc-plugin.version>
+        <maven-surefire-plugin.version>3.0.0</maven-surefire-plugin.version>
+        <maven-failsafe-plugin.version>3.0.0</maven-failsafe-plugin.version>
         <maven-jacoco-plugin.version>0.8.8</maven-jacoco-plugin.version>
-        <maven-dependency-check-plugin.version>7.1.1</maven-dependency-check-plugin.version>
+        <maven-dependency-check-plugin.version>7.4.4</maven-dependency-check-plugin.version>
         <maven-sonar-plugin.version>3.9.1.2184</maven-sonar-plugin.version>
-        <maven-deploy-plugin.version>3.0.0-M2</maven-deploy-plugin.version>
+        <maven-deploy-plugin.version>3.1.0</maven-deploy-plugin.version>
         <maven-gpg-plugin.version>3.0.1</maven-gpg-plugin.version>
-        <maven-nexus-staging-plugin.version>1.6.8</maven-nexus-staging-plugin.version>
+        <maven-nexus-staging-plugin.version>1.6.13</maven-nexus-staging-plugin.version>
 
         <!-- dependencies versions -->
-        <bouncycastle.version>1.70</bouncycastle.version>
+        <bouncycastle.version>1.76</bouncycastle.version>
 
         <!-- test dependencies versions -->
         <junit.version>4.13.2</junit.version>
         <gson.version>2.9.0</gson.version>
 
         <!-- sonar -->
         <sonar.host.url>https://${sonar.domain}</sonar.host.url>
-        <sonar.projectName>${project.name}</sonar.projectName>
+        <sonar.projectKey>dracoon-java-crypto-sdk</sonar.projectKey>
+        <sonar.projectName>DRACOON Java Crypto SDK</sonar.projectName>
         <sonar.projectVersion>${project.version}</sonar.projectVersion>
         <sonar.scm.provider>git</sonar.scm.provider>
         <sonar.scm.revision>unknown</sonar.scm.revision> <!-- Overwritten by GitLab pipeline -->
         <sonar.branch.name>unknown</sonar.branch.name> <!-- Overwritten by GitLab pipeline -->
         <sonar.sources>src/main/java/</sonar.sources>
         <sonar.tests>src/test/java/</sonar.tests>
+        <sonar.coverage.jacoco.xmlReportPaths>target/site/jacoco/jacoco.xml,target/site/jacoco-it/jacoco.xml</sonar.coverage.jacoco.xmlReportPaths>
         <sonar.dependencyCheck.htmlReportPath>target/dependency-check-reports/dependency-check-report.html</sonar.dependencyCheck.htmlReportPath>
         <sonar.dependencyCheck.jsonReportPath>target/dependency-check-reports/dependency-check-report.json</sonar.dependencyCheck.jsonReportPath>
+        <sonar.qualitygate.wait>true</sonar.qualitygate.wait>
     </properties>
 
     <dependencies>
         <dependency>
             <groupId>org.bouncycastle</groupId>
-            <artifactId>bcprov-jdk15on</artifactId>
+            <artifactId>bcprov-jdk18on</artifactId>
             <version>${bouncycastle.version}</version>
         </dependency>
         <dependency>
             <groupId>org.bouncycastle</groupId>
-            <artifactId>bcpkix-jdk15on</artifactId>
+            <artifactId>bcpkix-jdk18on</artifactId>
             <version>${bouncycastle.version}</version>
         </dependency>
 
@@ -189,6 +192,7 @@
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-javadoc-plugin</artifactId>
                 <configuration>
+                    <source>${java-version}</source>
                     <failOnError>false</failOnError>
                 </configuration>
                 <executions>
@@ -261,13 +265,13 @@
                 <groupId>org.owasp</groupId>
                 <artifactId>dependency-check-maven</artifactId>
                 <configuration>
-                    <assemblyAnalyzerEnabled>false</assemblyAnalyzerEnabled>
-                    <yarnAuditAnalyzerEnabled>false</yarnAuditAnalyzerEnabled>
                     <outputDirectory>target/dependency-check-reports</outputDirectory>
                     <formats>
                         <format>HTML</format>
                         <format>JSON</format>
                     </formats>
+                    <assemblyAnalyzerEnabled>false</assemblyAnalyzerEnabled>
+                    <suppressionFile>dependency-check-suppressions.xml</suppressionFile>
                 </configuration>
             </plugin>
         </plugins>

settings.xml.tmpl

@@ -84,7 +84,7 @@
             </activation>
             <properties>
                 <sonar.domain>${env.SONAR_DOMAIN}</sonar.domain>
-                <sonar.login>${env.SONAR_LOGIN}</sonar.login>
+                <sonar.login>${env.SONAR_TOKEN}</sonar.login>
             </properties>
         </profile>
     </profiles>

src/main/java/com/dracoon/sdk/crypto/Crypto.java

@@ -71,7 +71,7 @@ public class Crypto {
         Security.insertProviderAt(new org.bouncycastle.jce.provider.BouncyCastleProvider(), 1);
     }
 
-    private static final int HASH_ITERATION_COUNT = 10000;
+    private static final int HASH_ITERATION_COUNT = 1300000;
     private static final int FILE_KEY_SIZE = 32;
     private static final int IV_SIZE = 12;
 

src/test/java/com/dracoon/sdk/crypto/CryptoBaseTest.java

@@ -42,7 +42,7 @@ protected void validateKeyPair(UserKeyPair testUkp, String version) {
                 "-----BEGIN PUBLIC KEY-----"));
     }
 
-    protected UserKeyPair testGenerateUserKeyPair(String version, String password)
+    protected UserKeyPair generateUserKeyPair(String version, String password)
             throws UnknownVersionException, InvalidKeyPairException, InvalidPasswordException,
             CryptoSystemException {
         UserKeyPair.Version kpv = null;
@@ -78,7 +78,7 @@ protected void validateEncryptedFileKey(EncryptedFileKey efk, EncryptedFileKey t
         assertEquals("Version is incorrect!", efk.getVersion(), testEfk.getVersion());
     }
 
-    protected EncryptedFileKey testEncryptFileKey(String pfkFileName, String upkFileName)
+    protected EncryptedFileKey encryptFileKey(String pfkFileName, String upkFileName)
             throws UnknownVersionException, InvalidFileKeyException, InvalidKeyPairException,
             CryptoSystemException {
         PlainFileKey pfk = readPlainFileKey(pfkFileName);
@@ -95,7 +95,7 @@ protected void validatePlainFileKey(PlainFileKey pfk, PlainFileKey testPfk) {
         assertEquals("Version is incorrect!", pfk.getVersion(), testPfk.getVersion());
     }
 
-    protected PlainFileKey testDecryptFileKey(String efkFileName, String upkFileName, String pw)
+    protected PlainFileKey decryptFileKey(String efkFileName, String upkFileName, String pw)
             throws UnknownVersionException, InvalidFileKeyException, InvalidKeyPairException,
             InvalidPasswordException, CryptoSystemException {
         EncryptedFileKey efk = readEncryptedFileKey(efkFileName);
@@ -110,7 +110,7 @@ protected void validateFileKey(PlainFileKey testPfk, String version) {
         assertEquals("File key version is invalid!", version, testPfk.getVersion().getValue());
     }
 
-    protected PlainFileKey testGenerateFileKey(String version) throws UnknownVersionException {
+    protected PlainFileKey generateFileKey(String version) throws UnknownVersionException {
         PlainFileKey.Version pfkv = null;
         if (version != null) {
             pfkv = PlainFileKey.Version.getByValue(version);

src/test/java/com/dracoon/sdk/crypto/integration/CryptoTest.java

@@ -43,14 +43,24 @@ public void testCheckUserKeyPair_Rsa4096_Success() throws UnknownVersionExceptio
                 true);
     }
 
+    @Test
+    public void testCheckUserKeyPair_Rsa4096_KdfV2_Success() throws UnknownVersionException,
+            InvalidKeyPairException, CryptoSystemException {
+        testCheckUserKeyPair(
+                data("kp_rsa4096_kdfv2/private_key.json"),
+                data("kp_rsa4096_kdfv2/public_key.json"),
+                password(UserKeyPair.Version.RSA4096),
+                true);
+    }
+
     // ### FILE KEY ENCRYPTION TESTS ###
 
     @Test
     public void testEncryptFileKey_Rsa2048_Success() throws UnknownVersionException,
             InvalidFileKeyException, InvalidKeyPairException, CryptoSystemException {
         EncryptedFileKey efk = readEncryptedFileKey(data("fk_rsa2048_aes256gcm/enc_file_key.json"));
 
-        EncryptedFileKey testEfk = testEncryptFileKey(
+        EncryptedFileKey testEfk = encryptFileKey(
                 data("fk_rsa2048_aes256gcm/plain_file_key.json"),
                 data("kp_rsa2048/public_key.json"));
 
@@ -62,7 +72,7 @@ public void testEncryptFileKey_Rsa4096_Success() throws UnknownVersionException,
             InvalidFileKeyException, InvalidKeyPairException, CryptoSystemException {
         EncryptedFileKey efk = readEncryptedFileKey(data("fk_rsa4096_aes256gcm/enc_file_key.json"));
 
-        EncryptedFileKey testEfk = testEncryptFileKey(
+        EncryptedFileKey testEfk = encryptFileKey(
                 data("fk_rsa4096_aes256gcm/plain_file_key.json"),
                 data("kp_rsa4096/public_key.json"));
 
@@ -77,7 +87,7 @@ public void testDecryptFileKey_Rsa2048_Success() throws UnknownVersionException,
             CryptoSystemException {
         PlainFileKey pfk = readPlainFileKey(data("fk_rsa2048_aes256gcm/plain_file_key.json"));
 
-        PlainFileKey testPfk = testDecryptFileKey(
+        PlainFileKey testPfk = decryptFileKey(
                 data("fk_rsa2048_aes256gcm/enc_file_key.json"),
                 data("kp_rsa2048/private_key.json"),
                 password(UserKeyPair.Version.RSA2048));
@@ -91,7 +101,7 @@ public void testDecryptFileKey_Rsa4096_Success() throws UnknownVersionException,
             CryptoSystemException {
         PlainFileKey pfk = readPlainFileKey(data("fk_rsa4096_aes256gcm/plain_file_key.json"));
 
-        PlainFileKey testPfk = testDecryptFileKey(
+        PlainFileKey testPfk = decryptFileKey(
                 data("fk_rsa4096_aes256gcm/enc_file_key.json"),
                 data("kp_rsa4096/private_key.json"),
                 password(UserKeyPair.Version.RSA4096));