fixed bug: decryption not working when used in combination with variable substitution

Luigi R. Viggiano · Luigi R. Viggiano · commit 2479d4718c59 · 2020-04-08T14:51:38.000+02:00
diff --git a/owner/src/main/java/org/aeonbits/owner/PropertiesInvocationHandler.java b/owner/src/main/java/org/aeonbits/owner/PropertiesInvocationHandler.java
@@ -85,11 +85,11 @@ private Object resolveProperty(Method method, Object... args) {
         }
         if (value == null)
             return null;
-        // Before processing the value, we decrypt it if necessary.
-        // It is a security hole store the decrypted value, so every time we need it it should be decrypted.
-        value = this.propertiesManager.decryptIfNecessary(method, value);
         value = preProcess(method, value);
-        Object result = convert(method, method.getReturnType(), format(method, expandVariables(method, value), args));
+        Object result = convert(method, method.getReturnType(),
+                format(method, propertiesManager
+                    .decryptIfNecessary(method, expandVariables(method, value)),
+                    args));
         if (result == NULL) return null;
         return result;
     }
diff --git a/owner/src/test/java/org/aeonbits/owner/crypto/CryptoConfigTest.java b/owner/src/test/java/org/aeonbits/owner/crypto/CryptoConfigTest.java
@@ -50,6 +50,15 @@ public interface SampleConfig extends Config {
         @Separator(",")
         @DefaultValue("Pfzoiet5E5zN2/7tfgrGLQ==")
         List<String> cryptoList();
+
+        @Key("encryptedValue")
+        @DefaultValue("tzH7IKLCVc0AC72fh5DiZA==")
+        String encryptedValue();
+
+        @Key("password.variable.expanded")
+        @EncryptedValue
+        @DefaultValue("${encryptedValue}")
+        String passwordVariableExpanded();
     }
 
 
@@ -93,6 +102,17 @@ public void salutationNotDecryptedTest() {
         assertEquals( "Salutation value is not expected", SALUTATION_EXPECTED, salutation );
     }
 
+    /**
+     * This test checks that the decrypted value is not cached.
+     * So we recover it twice.
+     */
+    @Test
+    public void passwordDecryptedWhenVariableSubstitutionIsSet() {
+        SampleConfig config = ConfigFactory.create( SampleConfig.class );
+        String decryptedPassword = config.passwordVariableExpanded();
+        assertEquals( "May be property password was decrypted twice.", PASSWORD_EXPECTED, decryptedPassword );
+    }
+
     public static class Decryptor1 extends SampleDecryptor {
         public Decryptor1() {
             super( "AES", SECRET_KEY );
