Password encription

pom.xml

@@ -5,7 +5,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>io.github.mzmine</groupId>
 	<artifactId>mzmine2</artifactId>
-	<version>2.37.corr17.7_library_stats</version>
+	<version>2.37.1.corr17.7</version>
 	<name>MZmine</name>
 	<description>MZmine is an open-source project delivering a software for mass spectrometry data processing, with the main focus on LC-MS data.</description>
 	<url>https://mzmine.github.io</url>

src/main/java/net/sf/mzmine/desktop/preferences/ErrorMailSettings.java

@@ -33,16 +33,16 @@ public class ErrorMailSettings extends SimpleParameterSet {
 
   // we use the same address to send and receive emails
   public static final StringParameter eMailAddress =
-      new StringParameter("E-mail address", "Enter your e-Mail address");
+      new StringParameter("E-mail address", "Enter your e-Mail address", true);
 
   public static final PasswordParameter eMailPassword =
       new PasswordParameter("E-mail password", "Enter your e-Mail password", true);
 
   public static final StringParameter smtpHost =
-      new StringParameter("Host server smtp", "Enter host server smtp, e.g. smtp.gmail.com");
+      new StringParameter("Host server smtp", "Enter host server smtp, e.g. smtp.gmail.com", true);
 
   public static final IntegerParameter smtpPort =
-      new IntegerParameter("smtp port", "Enter smtp port, for gmail 465");
+      new IntegerParameter("smtp port", "Enter smtp port, for gmail 465", true);
 
 
   public ErrorMailSettings() {

src/main/java/net/sf/mzmine/main/MZmineConfiguration.java

@@ -21,17 +21,17 @@
 import java.io.File;
 import java.io.IOException;
 import java.text.NumberFormat;
-
 import net.sf.mzmine.desktop.preferences.MZminePreferences;
 import net.sf.mzmine.modules.MZmineModule;
 import net.sf.mzmine.parameters.ParameterSet;
+import net.sf.mzmine.util.StringCrypter;
 
 /**
  * MZmine configuration interface
  */
 public interface MZmineConfiguration {
 
-  public static final File CONFIG_FILE = new File("conf/config.xml");
+  public static final File CONFIG_FILE = new File(System.getProperty("user.home"), ".mzmine.conf");
 
   public ParameterSet getModuleParameters(Class<? extends MZmineModule> module);
 
@@ -53,4 +53,6 @@ public interface MZmineConfiguration {
 
   public Boolean getSendStatistics();
 
+  public StringCrypter getEncrypter();
+
 }

src/main/java/net/sf/mzmine/main/impl/MZmineConfigurationImpl.java

@@ -21,11 +21,12 @@
 import java.io.File;
 import java.io.FileOutputStream;
 import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.LinkOption;
 import java.text.NumberFormat;
 import java.util.Hashtable;
 import java.util.Map;
 import java.util.logging.Logger;
-
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.transform.OutputKeys;
@@ -37,16 +38,18 @@
 import javax.xml.xpath.XPathConstants;
 import javax.xml.xpath.XPathExpression;
 import javax.xml.xpath.XPathFactory;
-
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
 import net.sf.mzmine.desktop.preferences.MZminePreferences;
 import net.sf.mzmine.main.MZmineConfiguration;
 import net.sf.mzmine.main.MZmineCore;
 import net.sf.mzmine.modules.MZmineModule;
+import net.sf.mzmine.parameters.Parameter;
 import net.sf.mzmine.parameters.ParameterSet;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.NodeList;
+import net.sf.mzmine.parameters.impl.SimpleParameterSet;
+import net.sf.mzmine.parameters.parametertypes.EncryptionKeyParameter;
+import net.sf.mzmine.util.StringCrypter;
 
 /**
  * MZmine configuration class
@@ -57,11 +60,20 @@ public class MZmineConfigurationImpl implements MZmineConfiguration {
 
   private final MZminePreferences preferences;
 
+  private final EncryptionKeyParameter globalEncrypter;
   private final Map<Class<? extends MZmineModule>, ParameterSet> moduleParameters;
 
   public MZmineConfigurationImpl() {
     moduleParameters = new Hashtable<Class<? extends MZmineModule>, ParameterSet>();
     preferences = new MZminePreferences();
+    globalEncrypter = new EncryptionKeyParameter();
+  }
+
+  @Override
+  public StringCrypter getEncrypter() {
+    if (globalEncrypter.getValue() == null)
+      globalEncrypter.setValue(new StringCrypter());
+    return globalEncrypter.getValue();
   }
 
   @Override
@@ -137,6 +149,12 @@ public void loadConfiguration(File file) throws IOException {
       NodeList nodes = (NodeList) expr.evaluate(configuration, XPathConstants.NODESET);
       if (nodes.getLength() == 1) {
         Element preferencesElement = (Element) nodes.item(0);
+        // loading encryption key
+        // this has to be read first because following parameters may already contain encrypted data
+        // that needs this key for encryption
+        if (file.equals(MZmineConfiguration.CONFIG_FILE))
+          new SimpleParameterSet(new Parameter[] {globalEncrypter})
+              .loadValuesFromXML(preferencesElement);
         preferences.loadValuesFromXML(preferencesElement);
       }
 
@@ -166,6 +184,10 @@ public void loadConfiguration(File file) throws IOException {
   @Override
   public void saveConfiguration(File file) throws IOException {
     try {
+      // write sensitive parameters only to the local config file
+      final boolean skipSensitive = !file.equals(MZmineConfiguration.CONFIG_FILE);
+
+
       DocumentBuilderFactory dbFactory = DocumentBuilderFactory.newInstance();
       DocumentBuilder dBuilder = dbFactory.newDocumentBuilder();
 
@@ -175,6 +197,7 @@ public void saveConfiguration(File file) throws IOException {
 
       Element prefElement = configuration.createElement("preferences");
       configRoot.appendChild(prefElement);
+      preferences.setSkipSensitiveParameters(skipSensitive);
       preferences.saveValuesToXML(prefElement);
 
       Element modulesElement = configuration.createElement("modules");
@@ -193,10 +216,17 @@ public void saveConfiguration(File file) throws IOException {
         moduleElement.appendChild(paramElement);
 
         ParameterSet moduleParameters = getModuleParameters(module.getClass());
+        moduleParameters.setSkipSensitiveParameters(skipSensitive);
         moduleParameters.saveValuesToXML(paramElement);
 
       }
 
+      // save encryption key to local config only
+      // ATTENTION: this should to be written after all other configs
+      final SimpleParameterSet encSet = new SimpleParameterSet(new Parameter[] {globalEncrypter});
+      encSet.setSkipSensitiveParameters(skipSensitive);
+      encSet.saveValuesToXML(prefElement);
+
       TransformerFactory transfac = TransformerFactory.newInstance();
       Transformer transformer = transfac.newTransformer();
       transformer.setOutputProperty(OutputKeys.METHOD, "xml");
@@ -214,6 +244,10 @@ public void saveConfiguration(File file) throws IOException {
       DOMSource source = new DOMSource(configuration);
       transformer.transform(source, result);
 
+      // make user home config file invisible on windows
+      if (!skipSensitive)
+        Files.setAttribute(file.toPath(), "dos:hidden", Boolean.TRUE, LinkOption.NOFOLLOW_LINKS);
+
       logger.info("Saved configuration to file " + file);
     } catch (Exception e) {
       throw new IOException(e);

src/main/java/net/sf/mzmine/modules/peaklistmethods/io/gnpsexport/GNPSSubmitParameters.java

@@ -66,12 +66,12 @@ public enum Preset {
   /**
    * Email to be notified on job status
    */
-  public static final StringParameter EMAIL =
-      new StringParameter("Email", "Email adresse for notifications about the job", "", false);
+  public static final StringParameter EMAIL = new StringParameter("Email",
+      "Email adresse for notifications about the job", "", false, true);
 
   public static final StringParameter USER =
-      new StringParameter("Username", "Username for login", "", false);
-  public static final PasswordParameter PASSWORD = new PasswordParameter("Password (unencrypted)",
+      new StringParameter("Username", "Username for login", "", false, true);
+  public static final PasswordParameter PASSWORD = new PasswordParameter("Password",
       "The password is sent without encryption, until the server has has moved to its final destination.",
       "", false);
   /**

src/main/java/net/sf/mzmine/modules/peaklistmethods/io/spectraldbsubmit/param/GnpsLibrarySubmitParameters.java

@@ -42,8 +42,10 @@
  */
 public class GnpsLibrarySubmitParameters extends SimpleParameterSet {
 
-  public static StringParameter user = new StringParameter("Username", "GNPS username");
-  public static PasswordParameter pass = new PasswordParameter("Password", "GNPS password");
+  public static StringParameter user =
+      new StringParameter("Username", "GNPS username", null, false, true);
+  public static PasswordParameter pass = new PasswordParameter("Password",
+      "GNPS password is sent unencripted (until server is moved to final location)");
 
   public GnpsLibrarySubmitParameters() {
     super(new Parameter[] {user, pass});

src/main/java/net/sf/mzmine/parameters/Parameter.java

@@ -19,7 +19,6 @@
 package net.sf.mzmine.parameters;
 
 import java.util.Collection;
-
 import org.w3c.dom.Element;
 
 /**
@@ -50,4 +49,7 @@ public interface Parameter<ValueType> {
    */
   public Parameter<ValueType> cloneParameter();
 
+  default boolean isSensitive() {
+    return false;
+  }
 }

src/main/java/net/sf/mzmine/parameters/ParameterContainer.java

@@ -0,0 +1,29 @@
+/*
+ * Copyright 2006-2020 The MZmine Development Team
+ *
+ * This file is part of MZmine.
+ *
+ * MZmine is free software; you can redistribute it and/or modify it under the terms of the GNU
+ * General Public License as published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * MZmine is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+ * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with MZmine; if not,
+ * write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+ * USA
+ */
+package net.sf.mzmine.parameters;
+
+/**
+ * Classes who handle (read/write) parameters like a ParameterSet should be able to handle sensitive
+ * parameters
+ */
+public interface ParameterContainer {
+  /**
+   * Specify whether sensitive parameters should be skipped during saveValuesToXML().
+   */
+  public void setSkipSensitiveParameters(boolean skipSensitiveParameters);
+}

src/main/java/net/sf/mzmine/parameters/ParameterSet.java

@@ -20,18 +20,16 @@
 
 import java.awt.Window;
 import java.util.Collection;
-
-import net.sf.mzmine.util.ExitCode;
-
 import org.w3c.dom.Element;
+import net.sf.mzmine.util.ExitCode;
 
 /**
  * This class represents a general parameter set of a module. Typical module will use a
  * SimpleParameterSet instance.
  * 
  * @param <T>
  */
-public interface ParameterSet {
+public interface ParameterSet extends ParameterContainer {
 
   public Parameter<?>[] getParameters();
 
@@ -48,6 +46,7 @@ public interface ParameterSet {
   /**
    * Represent method's parameters and their values in human-readable format
    */
+  @Override
   public String toString();
 
   public ExitCode showSetupDialog(Window parent, boolean valueCheckRequired);

src/main/java/net/sf/mzmine/parameters/impl/SimpleParameterSet.java

@@ -23,17 +23,16 @@
 import java.util.Collection;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
 import net.sf.mzmine.main.MZmineCore;
 import net.sf.mzmine.parameters.Parameter;
+import net.sf.mzmine.parameters.ParameterContainer;
 import net.sf.mzmine.parameters.ParameterSet;
 import net.sf.mzmine.parameters.dialogs.ParameterSetupDialog;
 import net.sf.mzmine.util.ExitCode;
 
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.NodeList;
-
 /**
  * Simple storage for the parameters. A typical MZmine module will inherit this class and define the
  * parameters for the constructor.
@@ -46,6 +45,7 @@ public class SimpleParameterSet implements ParameterSet {
   private static final String nameAttribute = "name";
 
   private Parameter<?> parameters[];
+  private boolean skipSensitiveParameters = false;
 
   public SimpleParameterSet() {
     this.parameters = new Parameter<?>[0];
@@ -55,10 +55,21 @@ public SimpleParameterSet(Parameter<?> parameters[]) {
     this.parameters = parameters;
   }
 
+  @Override
   public Parameter<?>[] getParameters() {
     return parameters;
   }
 
+  @Override
+  public void setSkipSensitiveParameters(boolean skipSensitiveParameters) {
+    this.skipSensitiveParameters = skipSensitiveParameters;
+    for (Parameter<?> parameter : parameters) {
+      if (parameter instanceof ParameterContainer)
+        ((ParameterContainer) parameter).setSkipSensitiveParameters(skipSensitiveParameters);
+    }
+  }
+
+  @Override
   public void loadValuesFromXML(Element xmlElement) {
     NodeList list = xmlElement.getElementsByTagName(parameterElement);
     for (int i = 0; i < list.getLength(); i++) {
@@ -77,9 +88,12 @@ public void loadValuesFromXML(Element xmlElement) {
     }
   }
 
+  @Override
   public void saveValuesToXML(Element xmlElement) {
     Document parentDocument = xmlElement.getOwnerDocument();
     for (Parameter<?> param : parameters) {
+      if (skipSensitiveParameters && param.isSensitive())
+        continue;
       Element paramElement = parentDocument.createElement(parameterElement);
       paramElement.setAttribute(nameAttribute, param.getName());
       xmlElement.appendChild(paramElement);
@@ -90,6 +104,7 @@ public void saveValuesToXML(Element xmlElement) {
   /**
    * Represent method's parameters and their values in human-readable format
    */
+  @Override
   public String toString() {
 
     StringBuilder s = new StringBuilder();
@@ -117,6 +132,7 @@ public String toString() {
   /**
    * Make a deep copy
    */
+  @Override
   public ParameterSet cloneParameterSet() {
 
     // Make a deep copy of the parameters
@@ -133,13 +149,15 @@ public ParameterSet cloneParameterSet() {
 
       SimpleParameterSet newSet = this.getClass().newInstance();
       newSet.parameters = newParameters;
+      newSet.setSkipSensitiveParameters(skipSensitiveParameters);
       return newSet;
     } catch (Exception e) {
       e.printStackTrace();
       return null;
     }
   }
 
+  @Override
   @SuppressWarnings("unchecked")
   public <T extends Parameter<?>> T getParameter(T parameter) {
     for (Parameter<?> p : parameters) {