FIPS Flopped

.github/workflows/publish.yml

@@ -17,25 +17,38 @@ jobs:
         os: [ubuntu-latest]
     steps:
       - uses: actions/checkout@v4
-      - name: Set up Java Maven Central Repository
+      - name: Setup Repository
         uses: actions/setup-java@v4
         with:
-          java-version: '21'
+          cache: 'maven'
+          check-latest: true
           distribution: 'temurin'
+          gpg-passphrase: GPG_KEY_PASS
+          gpg-private-key: ${{ secrets.GPG_KEY }}
+          java-package: 'jdk'
+          java-version: '21'
           server-id: ossrh
-          server-username: MAVEN_USERNAME
-          server-password: MAVEN_PASSWORD
+          server-password: OSSRH_PASSWORD
+          server-username: OSSRH_USERNAME
       - name: Publish to the Maven Central Repository
-        run: mvn --batch-mode -P ossrh deploy
+        run: mvn -B -P ossrh -U deploy
         env:
-          MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
-          MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }}
-      - name: Set up Java GitHub Packages
+          GPG_KEY_PASS: ${{ secrets.GPG_KEY_PASS }}
+          OSSRH_PASSWORD: ${{ secrets.OSSRH_TOKEN }}
+          OSSRH_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+      - name: Publish to GitHub Packages
         uses: actions/setup-java@v4
         with:
-          java-version: '21'
+          cache: 'maven'
+          check-latest: true
           distribution: 'temurin'
+          gpg-passphrase: GPG_KEY_PASS
+          gpg-private-key: ${{ secrets.GPG_KEY }}
+          java-package: 'jdk'
+          java-version: '21'
+          server-id: github
       - name: Publish to GitHub Packages
-        run: mvn --batch-mode deploy
+        run: mvn -B -U deploy
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GPG_KEY_PASS: ${{ secrets.GPG_KEY_PASS }}

.github/workflows/test.yml

@@ -12,22 +12,16 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        java-distribution: ['corretto', 'dragonwell', 'jetbrains', 'liberica', 'microsoft', 'oracle', 'sapmachine', 'semeru', 'zulu']
+        java-distribution: ['corretto', 'dragonwell', 'liberica', 'microsoft', 'oracle', 'sapmachine', 'semeru', 'zulu']
         java-version: ['17', '21']
-        os: [macos-13, macos-latest, ubuntu-22.04, ubuntu-latest, windows-latest]
+        os: [macos-15-intel, macos-latest, ubuntu-22.04, ubuntu-latest, windows-latest]
         exclude:
-          - os: macos-13
+          - os: macos-15-intel
             java-distribution: 'dragonwell'
             java-version: '17'
-          - os: macos-13
-            java-distribution: 'jetbrains'
-            java-version: '17'
-          - os: macos-13
+          - os: macos-15-intel
             java-distribution: 'dragonwell'
             java-version: '21'
-          - os: macos-13
-            java-distribution: 'jetbrains'
-            java-version: '21'
           - os: macos-latest
             java-distribution: 'dragonwell'
             java-version: '17'

README.md

@@ -143,7 +143,7 @@ packages like maven will be needed to utilize the provided pom file.
   Move-Item -Destination $maven_home -Path "$parentDir\*" -Force
   [Environment]::SetEnvironmentVariable('M2_HOME', $maven_home, [System.EnvironmentVariableTarget]::User)
   [Environment]::SetEnvironmentVariable('MAVEN_HOME', $maven_home, [System.EnvironmentVariableTarget]::User)
-  [Environment]::SetEnvironmentVariable('Path', "$env:PATH;$maven_home\bin", [System.EnvironmentVariableTarget]::User)
+  [Environment]::SetEnvironmentVariable('PATH', "$env:PATH;$maven_home\bin", [System.EnvironmentVariableTarget]::User)
   Remove-Item "$env:USERPROFILE\Downloads\jdk-21.msi"
   Remove-Item "$env:USERPROFILE\Downloads\maven.zip"
   Remove-Item "$env:USERPROFILE\Downloads\maven" -Recurse -Force
@@ -165,7 +165,7 @@ packages like maven will be needed to utilize the provided pom file.
    mvn install
 
    # prepare package for official release
-   mvn release
+   mvn package
    ```
 3. Run tests, (optional). Making changes, (required)
    ```sh
@@ -183,22 +183,23 @@ packages like maven will be needed to utilize the provided pom file.
 <!-- USAGE EXAMPLES -->
 ## Usage
 
-You will need to generate a base64 device config for your KSM application folder
-or use one for an existing authorized device. The local path location to this
-file can be passed as a means to switch between application vaults. You can pass
+You will need to generate a device config for your KSM application in either
+base64 or json format. You can also use the one time password feature to generate
+the config dynamically using the clientKey parameter instead. Using the config
+parameter provides the means to switch between application vaults. You can pass
 one or more of either titles and/or record uid's to retrive multiple records at
 once. Exact matches only. Any files are downloaded locally and their save
 location is returned in the response.
 
    ```sh
-   Usage: java -jar credcat.jar '{ "config": "config.base64", "titles": ["RECORD_TITLE"], "uids": ["RECORD_UID"] }'
+   Usage: java -jar credcat.jar [ -server | '{ "config": ".keeper/config.base64", "titles": ["RECORD_TITLE"], "uids": ["RECORD_UID"] }' ]
    ```
 
 1. Payload can be any of the following.
    ```sh
    ADVANCED='{ "clientKey": "7dae669a419ee250d0fd0e12d527f5f1", "config": "config.base64", "saveLocation": "/mnt/share/keeper", "titles": ["development ldap"], "uids": ["chnmFhEC38YCHhNY1pA8Vg"] }'
-   TITLE_ONLY='{ "config": "config.base64", "titles": ["Production ClickToCall API Key", "development ldap"] }'
-   UID_ONLY='{ "config": "config.base64", "uids": ["7bN_ceW-p3_alVUNmI09Tw", "chnmGhEC39YCHhNy1pA8vg"] }'
+   TITLE_ONLY='{ "config": ".keeper/config.base64", "titles": ["Production ClickToCall API Key", "development ldap"] }'
+   UID_ONLY='{ "config": ".keeper/config.base64", "uids": ["7bN_ceW-p3_alVUNmI09Tw", "chnmGhEC39YCHhNy1pA8vg"] }'
    ```
 
 2. Whether passing title or uid, records are returned nested under its respective uid.
@@ -238,6 +239,17 @@ location is returned in the response.
    }
    ```
 
+3. Running in server mode accepts the same request payload, passed by the http client of your choice.
+   You can set your preferred host and port in the credcat properties file.
+   ```sh
+   java -cp "target/classes:target/dependency/*" -server
+   java -jar target/credcat.jar -server
+   ```
+   ```sh
+   curl -d $UID_ONLY -H 'Content-Type: application/json' -v -XPOST http://127.0.0.1:8888/api/getSecrets
+   curl -H 'Content-Type: application/json' -v http://127.0.0.1:8888/api/getVersion
+   ```
+
 
 
 [![Product Name Screen Shot][product-screenshot]](https://github.com/byteskeptical/credcat)
@@ -249,9 +261,10 @@ location is returned in the response.
 <!-- ROADMAP -->
 ## Roadmap
 
+- [x] Handle all field types including files & notes
 - [x] Handle title & uid searches
 - [x] Retrieve more than one record in a single request
-- [x] Handle all field types including files & notes
+- [x] Support stand-alone and server modes
 
 See the [open issues](https://github.com/byteskeptical/credcat/issues) for a full list of proposed features (and known issues).
 
@@ -296,7 +309,7 @@ Distributed under the project_license. See `LICENSE` for more information.
 <!-- CONTACT -->
 ## Contact
 
-byteskeptical - [@byteskeptical](https://github.com/byteskeptical) - bugs@byteskeptical.com
+byteskeptical - [@byteskeptical](https://github.com/byteskeptical) - bug@byteskeptical.com
 
 Project Link: [https://github.com/byteskeptical/credcat](https://github.com/byteskeptical/credcat)
 
@@ -307,7 +320,7 @@ Project Link: [https://github.com/byteskeptical/credcat](https://github.com/byte
 <!-- ACKNOWLEDGMENTS -->
 ## Acknowledgments
 
-* [@byteskeptical](bugs@byteskeptical.com)
+* [@byteskeptical](bug@byteskeptical.com)
 
 <p align="right">(<a href="#readme-top">back to top</a>)</p>
 

pom.xml

@@ -74,8 +74,56 @@
                 <version>3.8.1</version>
             </plugin>
 
+            <plugin>
+                <artifactId>maven-gpg-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <configuration>
+                            <gpgArguments>
+                                <arg>--batch</arg>
+                                <arg>--pinentry-mode</arg>
+                                <arg>loopback</arg>
+                            </gpgArguments>
+                            <keyname>${gpg.keyname}</keyname>
+                            <passphraseServerId>${gpg.keyname}</passphraseServerId>
+                            <useAgent>true</useAgent>
+                        </configuration>
+                        <goals>
+                            <goal>sign</goal>
+                        </goals>
+                        <id>sign-artifacts</id>
+                        <phase>verify</phase>
+                    </execution>
+                </executions>
+                <groupId>org.apache.maven.plugins</groupId>
+                <version>1.6</version>
+            </plugin>
+
             <plugin>
                 <artifactId>maven-shade-plugin</artifactId>
+                <configuration>
+                    <artifactSet>
+                        <excludes>
+                            <exclude>org.bouncycastle:bc-fips</exclude>
+                        </excludes>
+                        <includes>
+                            <include>com.keepersecurity:secretsManager:*</include>
+                        </includes>
+                    </artifactSet>
+                    <filters>
+                        <filter>
+                            <artifact>*:*</artifact>
+                            <excludes>
+                                <exclude>META-INF/LICENSE</exclude>
+                                <exclude>META-INF/MANIFEST.MF</exclude>
+                                <exclude>META-INF/NOTICE</exclude>
+                                <exclude>META-INF/*.DSA</exclude>
+                                <exclude>META-INF/*.RSA</exclude>
+                                <exclude>META-INF/*.SF</exclude>
+                            </excludes>
+                        </filter>
+                    </filters>
+                </configuration>
                 <executions>
                     <execution>
                         <configuration>
@@ -95,6 +143,21 @@
                 <version>3.6.0</version>
             </plugin>
 
+            <plugin>
+                <artifactId>maven-jar-plugin</artifactId>
+                <configuration>
+                    <archive>
+                        <manifest>
+                            <addClasspath>true</addClasspath>
+                            <classpathPrefix>dependency/</classpathPrefix>
+                            <mainClass>${project.groupId}.credcat.SecretsService</mainClass>
+                        </manifest>
+                    </archive>
+                </configuration>
+                <groupId>org.apache.maven.plugins</groupId>
+                <version>3.4.2</version>
+            </plugin>
+
             <plugin>
                 <artifactId>maven-surefire-plugin</artifactId>
                 <groupId>org.apache.maven.plugins</groupId>
@@ -141,7 +204,7 @@
             </exclusions>
             <groupId>org.junit.jupiter</groupId>
             <scope>test</scope>
-            <version>5.13.4</version>
+            <version>6.0.1</version>
         </dependency>
 
         <dependency>
@@ -158,7 +221,14 @@
             </exclusions>
             <groupId>org.junit.jupiter</groupId>
             <scope>test</scope>
-            <version>5.13.4</version>
+            <version>6.0.1</version>
+        </dependency>
+
+        <dependency>
+            <artifactId>junit-jupiter-params</artifactId>
+            <groupId>org.junit.jupiter</groupId>
+            <scope>test</scope>
+            <version>6.0.1</version>
         </dependency>
 
         <dependency>
@@ -217,8 +287,15 @@
                     <name>GitHub Packages</name>
                     <url>https://maven.pkg.${source.host}/${source.account}/${project.artifactId}</url>
                 </repository>
+                <snapshotRepository>
+                    <id>github</id>
+                    <url>https://maven.pkg.${source.host}/${source.account}/${project.artifactId}</url>
+                </snapshotRepository>
             </distributionManagement>
             <id>github</id>
+            <properties>
+                <gpg.keyname>github</gpg.keyname>
+            </properties>
         </profile>
         <profile>
             <distributionManagement>
@@ -227,8 +304,15 @@
                     <name>Central Repository OSSRH</name>
                     <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
                 </repository>
+                <snapshotRepository>
+                    <id>ossrh</id>
+                    <url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
+                </snapshotRepository>
             </distributionManagement>
             <id>ossrh</id>
+            <properties>
+                <gpg.keyname>ossrh</gpg.keyname>
+            </properties>
         </profile>
     </profiles>