Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

Retrieve the encryption key that is going to be needed to read a Bugzilla API key

Download Browse

On the first run, a read only file to store the key material is created at /etc/tuleap/conf/encryption_secret.key. Once the file exists, the key material is read from it. The key material is stored in a read only file to limit the risk of a mistake made by an administrator. If the file is deleted or altered all encrypted data are definively lost. As of today, since Tuleap still needs to support PHP 5.3 we need to rely exclusively on the libsodium polyfill for PHP, paragonie/sodium_compat. That means we are not at the capacity of zeroing buffers that contains secrets. This will be possible once Tuleap drop the support of PHP 5.3 since we would be able to access to the libsodium PECL package. This is part of story #10606: encrypt bugzilla credentials (API key) before storing in the DB Change-Id: I272f2aea7691d766116f2a476f520489448d189b

+547 −7
Thomas Gerbet (tgerbet) 2017-09-26 18:24
Thomas Gerbet (tgerbet) 2017-09-27 09:52
f6a008fcb7c96dc266dcc1787a2f3e7272671a5c
8b8fc2a57fcde4aa467f8da6a3d0074b042547e1
git #tuleap/stable/f6a008fcb7c96dc266dcc1787a2f3e7272671a5c

Modified Files

Side by side diff
Inline diff
Name
M plugins/bugzilla_reference/include/bugzilla_referencePlugin.class.php +3 −2 Go to diff View file
A src/common/Cryptography/Exception/CannotPerformIOOperationException.php +29 −0 Go to diff View file
A src/common/Cryptography/Exception/CannotSerializeKeyException.php +25 −0 Go to diff View file
A src/common/Cryptography/Exception/InvalidKeyException.php +29 −0 Go to diff View file
A src/common/Cryptography/Key.php +67 −0 Go to diff View file
A src/common/Cryptography/KeyFactory.php +84 −0 Go to diff View file
A src/common/Cryptography/Symmetric/EncryptionKey.php +35 −0 Go to diff View file
M src/common/autoload.php +8 −2 Go to diff View file
M src/composer.json +2 −1 Go to diff View file
M src/composer.lock +82 −1 Go to diff View file
M src/etc/local.inc.dist +1 −1 Go to diff View file
A tests/simpletest/common/Cryptography/KeyFactoryTest.php +92 −0 Go to diff View file
A tests/simpletest/common/Cryptography/KeyTest.php +53 −0 Go to diff View file
A tests/simpletest/common/Cryptography/Symmetric/EncryptionKeyTest.php +37 −0 Go to diff View file