/
Authentication.java
348 lines (311 loc) · 12.4 KB
/
Authentication.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
package com.redhat.ceylon.common.config;
import java.io.Console;
import java.io.IOException;
import java.net.Authenticator;
import java.net.InetSocketAddress;
import java.net.PasswordAuthentication;
import java.net.ProxySelector;
import java.net.SocketAddress;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.UnrecoverableKeyException;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import com.redhat.ceylon.common.config.Keystores.Store;
import com.redhat.ceylon.common.config.Proxies.Proxy;
/**
* Utility class for making use of {@link Credentials} and {@link Proxies}
*/
public class Authentication {
public static class UsernamePassword {
private final String username;
private final Password password;
public UsernamePassword(String user, Password p) {
this.username = user;
this.password = p;
}
public String getUser() {
return username;
}
public char[] getPassword() {
return password.getPassword();
}
}
/**
* Provides access to a password
*/
private interface Password {
/**
* Gets the password. A {@code char} array is used rather than a
* {@code String} because a String would reside in memory until
* garbage collected, whereas the caller can zero the returned array
* manually once they're finished with it.
* @return The password
*/
public char[] getPassword();
}
/**
* Implementation of {@link Password} that simply returns a given string
*/
private static class PlaintextPassword implements Password {
private final String password;
private PlaintextPassword(String password) {
this.password = password;
}
public char[] getPassword() {
return password != null ? password.toCharArray() : null;
}
}
/** A way of getting a password interactively from the user */
public static interface PasswordPrompt {
public char[] getPassword(String prompt);
}
/** Prompts the user for a password on the system console */
public static class ConsolePasswordPrompt implements PasswordPrompt {
private final Console console;
public ConsolePasswordPrompt() {
console = System.console();
if (console == null) {
throw new RuntimeException("No console available");
}
}
@Override
public char[] getPassword(String prompt) {
return console.readPassword("%s: ", prompt);
}
}
/**
* Implementation of {@link Password} which prompts the user for the password
* via a pluggable {@link PasswordPrompt}. {@link ConsolePasswordPrompt}
* provides an implementation for prompting via the system console.
* Applications without access to a system console must provide their own
* {@link PasswordPrompt}.
* @author tom
*/
private static class PromptedPassword implements Password {
private final String prompt;
public PromptedPassword(String prompt) {
this.prompt = prompt;
}
@Override
public char[] getPassword() {
return getPasswordPrompt().getPassword(prompt);
}
}
/** Implementation of {@link Password} which retrieves a password using
* its alias within a given {@link Keystores}
*/
private static final class StoredPassword implements Password {
private final String passwordKeystore;
private final Keystores.Store store;
private final String alias;
private char[] password = null;
private StoredPassword(String passwordKeystore, Keystores.Store store,
String alias) {
this.passwordKeystore = passwordKeystore;
this.store = store;
this.alias = alias;
}
private String msg(String key, Object... args) {
return ConfigMessages.msg(
(passwordKeystore == null ? "keystore.default." :"keystore.named.") + key,
args);
}
@Override
public char[] getPassword() {
if (password != null) {
// Only prompt for store/entry password once
return password;
}
char[] storePass = null;
char[] entryPass = null;
try {
if (store.getFilename() != null && !store.fileExists()) {
throw new RuntimeException(msg("missing", store.getFilename(), passwordKeystore));
}
String protection = store.getProtection();
switch (protection) {
case "both":
case "store":
PromptedPassword storePassword = new PromptedPassword(
msg("keystore.password.prompt", store.getFilename(), passwordKeystore));
storePass = storePassword.getPassword();
break;
case "entry":
PromptedPassword entryPassword = new PromptedPassword(
msg("entry.password.prompt", store.getFilename(), passwordKeystore));
entryPass = entryPassword.getPassword();
case "none":
break;
default:
throw new RuntimeException(msg("unknown.protection", store.getFilename(), passwordKeystore, protection));
}
if ("both".equals(protection)) {
entryPass = storePass;
}
password = store.getPassword(alias, storePass, entryPass);
if (password == null) {
throw new RuntimeException(msg("no.alias", store.getFilename(), passwordKeystore, alias));
}
return password;
} catch (UnrecoverableKeyException e) {
throw new RuntimeException(msg("password.bad", store.getFilename(), passwordKeystore, alias));
} catch (GeneralSecurityException e) {
throw new RuntimeException(e);
} catch (Exception e) {
throw new RuntimeException(e);
} finally {
if (storePass != null) {
Arrays.fill(storePass, ' ');
}
if (entryPass != null) {
Arrays.fill(entryPass, ' ');
}
}
}
}
/**
* <p>Configures {@code java.net} according to the given Proxy's
* settings.</p>
* <ul>
* <li>If the Proxy is null then the OS's default
* proxy settings are used if possible by setting the
* system property {@code java.net.useSystemProxies} to {@code true}.
* <li>If the Proxy is has a null nost then no proxy
* is used (the
* system property {@code java.net.useSystemProxies} is set to
* {@code false}).</li>
* <li>If the Proxy and its hosts are not null then an appropriate
* {@code ProxySelector} is installed using
* {@link ProxySelector#setDefault(ProxySelector)}. If the
* Proxy has a {@code user} property then an
* appropriate {@link Authenticator} is installed using
* {@link Authenticator#setDefault(Authenticator)}
* </li>
*/
public void installProxy() {
if (proxy == null) {
System.setProperty("java.net.useSystemProxies", "true");
} if (proxy.getHost() == null) {
System.setProperty("java.net.useSystemProxies", "false");
} else {
ProxySelector.setDefault(getProxySelector());
Authenticator authenticator = getProxyAuthenticator();
if (authenticator != null) {
Authenticator.setDefault(authenticator);
}
}
}
/**
* Gets a new {@link java.net.Proxy} using the information in the given
* Proxy configuration
* @see #installProxy(Proxy)
*/
public java.net.Proxy getProxy() {
if (proxy != null && proxy.getHost() != null) {
return new java.net.Proxy(java.net.Proxy.Type.valueOf(proxy.getType()), new InetSocketAddress(proxy.getHost(), proxy.getPort()));
}
return null;
}
/**
* Gets a new {@link java.net.ProxySelector} using the information in the given
* Proxy configuration
* @see #installProxy(Proxy)
*/
public ProxySelector getProxySelector() {
ProxySelector selector = null;
if (proxy != null && proxy.getHost() != null) {
selector = new ProxySelector() {
@Override
public List<java.net.Proxy> select(URI uri) {
String host = uri.getHost();
java.net.Proxy netProxy = null;
if (proxy.getNonProxyHosts() != null) {
for (String nonProxiable : proxy.getNonProxyHosts()) {
if (nonProxiable.equals(host)) {
netProxy = java.net.Proxy.NO_PROXY;
}
}
}
if (netProxy == null) {
netProxy = getProxy();
}
return Collections.singletonList(netProxy);
}
@Override
public void connectFailed(URI uri, SocketAddress sa, IOException ioe) {
// No nothing
}
};
}
return selector;
}
/**
* Gets a new {@link Authenticator} using the information in the given
* Proxy configuration
* @see #installProxy(Proxy)
*/
public Authenticator getProxyAuthenticator() {
Authenticator authenticator = null;
if (proxy != null
&& proxy.getCredentials() != null
&& proxy.getCredentials().getUser() != null) {
authenticator = new Authenticator() {
public PasswordAuthentication getPasswordAuthentication() {
UsernamePassword usernameAndPassword = getUsernameAndPassword(proxy.getCredentials());
return new PasswordAuthentication(usernameAndPassword.getUser(), usernameAndPassword.getPassword());
}
};
}
return authenticator;
}
public UsernamePassword getUsernameAndPassword(Credentials credentials) {
Password p;
if (credentials == null || credentials.getUser() == null) {
return null;
}
if (credentials.getAlias() != null) {
final String passwordKeystore = credentials.getKeystore();
final Store store = keystores.getStore(passwordKeystore);
p = new StoredPassword(passwordKeystore, store, credentials.getAlias());
} else if (credentials.getUser() != null && credentials.getPassword() == null) {
p = new PromptedPassword(credentials.getCredentialPrompt());
} else {
// else no password, or plain text password
p = new PlaintextPassword(credentials.getPassword());
}
return new UsernamePassword(credentials.getUser(), p);
}
private static PasswordPrompt passwordPrompt = null;
/**
* Gets the password prompt for the application,
* using a {@link ConsolePasswordPrompt} if not prompt has been configured.
* @return
*/
public static synchronized PasswordPrompt getPasswordPrompt() {
if (passwordPrompt == null) {
passwordPrompt = new ConsolePasswordPrompt();
}
return passwordPrompt;
}
/**
* Sets the password prompt
* @param passwordPrompt
*/
public static synchronized void setPasswordPrompt(PasswordPrompt passwordPrompt) {
Authentication.passwordPrompt = passwordPrompt;
}
private Keystores keystores;
private Proxies.Proxy proxy;
public Authentication(Keystores keystores, Proxies.Proxy proxy) {
this.keystores = keystores;
this.proxy = proxy;
}
public static Authentication get() {
return fromConfig(CeylonConfig.get());
}
public static Authentication fromConfig(CeylonConfig config) {
return new Authentication(Keystores.withConfig(config), Proxies.withConfig(config).getProxy());
}
}