feat: password encrypt/decrypt

2025-08-24 11:54:08 +08:00
parent b834644e0c
commit 72ea9a2e9a
5 changed files with 53 additions and 6 deletions
--- a/dependency-reduced-pom.xml
+++ b/dependency-reduced-pom.xml
@@ -4,7 +4,7 @@
  <groupId>me.hatter</groupId>
  <artifactId>card-cryptomator</artifactId>
  <name>card-cryptomator</name>
-  <version>1.0.0</version>
+  <version>1.0.1</version>
  <description>Plug-in for Cryptomator to store vault passwords with card-cli encryption.</description>
  <url>https://git.hatter.ink/hatter/card-cryptomator</url>
  <developers>
--- a/7
+++ b/7
@@ -0,0 +1,7 @@
+_:
+  @just --list
+
+# build pacakge
+build:
+  buildj package
+
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
    <modelVersion>4.0.0</modelVersion>
    <groupId>me.hatter</groupId>
    <artifactId>card-cryptomator</artifactId>
-    <version>1.0.0</version>
+    <version>1.0.1</version>

    <name>card-cryptomator</name>
    <description>Plug-in for Cryptomator to store vault passwords with card-cli encryption.</description>
--- a/src/main/java/me/hatter/integrations/card/CardConfig.java
+++ b/src/main/java/me/hatter/integrations/card/CardConfig.java
@@ -11,6 +11,8 @@ public class CardConfig {
     */
    private String encryptKeyBasePath;

+    private Long passwordCacheTimeMillis;
+
    public String getEncryptKeyBasePath() {
        return encryptKeyBasePath;
    }
@@ -18,4 +20,12 @@ public class CardConfig {
    public void setEncryptKeyBasePath(String encryptKeyBasePath) {
        this.encryptKeyBasePath = encryptKeyBasePath;
    }
+
+    public Long getPasswordCacheTimeMillis() {
+        return passwordCacheTimeMillis;
+    }
+
+    public void setPasswordCacheTimeMillis(Long passwordCacheTimeMillis) {
+        this.passwordCacheTimeMillis = passwordCacheTimeMillis;
+    }
 }
--- a/src/main/java/me/hatter/integrations/card/Utils.java
+++ b/src/main/java/me/hatter/integrations/card/Utils.java
@@ -14,6 +14,7 @@ import java.util.Base64;
 import java.util.List;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
+import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicReference;

 /**
@@ -27,7 +28,36 @@ public class Utils {
    private static final File CARD_CONFIG_FILE2 = new File(USER_HOME, ".config/cryptomator/card_config.json");
    private static final File DEFAULT_ENCRYPTION_KEY_BASE_PATH = new File(USER_HOME, ".config/cryptomator/card_keys/");

-    private static final ConcurrentMap<String, String> PASSWORD_CACHE_MAP = new ConcurrentHashMap<>();
+    private static final ConcurrentMap<String, CachedPasswordWithTime> PASSWORD_CACHE_MAP = new ConcurrentHashMap<>();
+
+    private static class CachedPasswordWithTime {
+        private String password;
+        private long timestamp;
+    }
+
+    private static void putCachedPassword(CardConfig cardConfig, String key, String password) {
+        final CachedPasswordWithTime cachedPasswordWithTime = new CachedPasswordWithTime();
+        cachedPasswordWithTime.password = password;
+        cachedPasswordWithTime.timestamp = System.currentTimeMillis();
+        PASSWORD_CACHE_MAP.put(key, cachedPasswordWithTime);
+    }
+
+    private static String getCachedPassword(CardConfig cardConfig, String key) {
+        final CachedPasswordWithTime cachedPasswordWithTime = PASSWORD_CACHE_MAP.get(key);
+        if (cachedPasswordWithTime == null) {
+            return null;
+        }
+        final long defaultPasswordCacheTimeMillis = TimeUnit.DAYS.toMillis(1);
+        final long passwordCacheTimeMillis = (cardConfig.getPasswordCacheTimeMillis() == null)
+                ? defaultPasswordCacheTimeMillis
+                : cardConfig.getPasswordCacheTimeMillis();
+        if ((System.currentTimeMillis() - cachedPasswordWithTime.timestamp) > passwordCacheTimeMillis) {
+            PASSWORD_CACHE_MAP.remove(key);
+            return null;
+        }
+        cachedPasswordWithTime.timestamp = System.currentTimeMillis();
+        return cachedPasswordWithTime.password;
+    }

    public static boolean isCheckPassphraseStored() {
        final StackTraceElement stack = getCallerStackTrace();
@@ -161,7 +191,7 @@ public class Utils {
        params.add("--auto-pbe");
        params.add("--json");

-        final String password = PASSWORD_CACHE_MAP.get(vault);
+        final String password = getCachedPassword(cardConfig, vault);
        if (password != null) {
            params.add("--password");
            params.add(password);
@@ -180,7 +210,7 @@ public class Utils {
        final String resultString = new String(decryptResult.getStdout(), StandardCharsets.UTF_8);
        final CardHmacDecryptResult result = new Gson().fromJson(resultString, CardHmacDecryptResult.class);
        if (result.getPassword() != null) {
-            PASSWORD_CACHE_MAP.put(vault, result.getPassword());
+            putCachedPassword(cardConfig, vault, result.getPassword());
        }
        return Base64.getDecoder().decode(result.getPlaintext());
    }
@@ -195,7 +225,7 @@ public class Utils {
        params.add("1000000");
        params.add("--json");

-        final String password = PASSWORD_CACHE_MAP.get(vault);
+        final String password = getCachedPassword(cardConfig, vault);
        if (password != null) {
            params.add("--password");
            params.add(password);