private boolean savePassword(String password, IPreferencesContainer container) {
byte[] data = winencrypt(password.getBytes());
if (data == null) { // this is bad. Something wrong with OS or JNI.
StorageException e =
new StorageException(
StorageException.ENCRYPTION_ERROR, WinCryptoMessages.encryptPasswordFailed);
AuthPlugin.getDefault().logError(WinCryptoMessages.encryptPasswordFailed, e);
return false;
}
String encodedEncryptyedPassword = Base64.encode(data);
ISecurePreferences node = container.getPreferences().node(WIN_PROVIDER_NODE);
try {
node.put(
PASSWORD_KEY,
encodedEncryptyedPassword,
false); // note we don't recursively try to encrypt
} catch (StorageException e) { // should never happen in this scenario
AuthPlugin.getDefault().logError(SecAuthMessages.errorOnSave, e);
return false;
}
try {
node.flush(); // save right away
} catch (IOException e) {
AuthPlugin.getDefault().logError(SecAuthMessages.errorOnSave, e);
return false;
}
return true;
}
public PBEKeySpec getPassword(IPreferencesContainer container, int passwordType) {
byte[] encryptedPassword;
if ((passwordType & CREATE_NEW_PASSWORD) == 0)
encryptedPassword = getEncryptedPassword(container);
else encryptedPassword = null;
if (encryptedPassword != null) {
byte[] decryptedPassword = windecrypt(encryptedPassword);
if (decryptedPassword != null) {
String password = new String(decryptedPassword);
return new PBEKeySpec(password.toCharArray());
} else {
StorageException e =
new StorageException(
StorageException.ENCRYPTION_ERROR, WinCryptoMessages.decryptPasswordFailed);
AuthPlugin.getDefault().logError(WinCryptoMessages.decryptPasswordFailed, e);
return null;
}
}
// add info message in the log
AuthPlugin.getDefault().logMessage(WinCryptoMessages.newPasswordGenerated);
byte[] rawPassword = new byte[PASSWORD_LENGTH];
SecureRandom random = new SecureRandom();
random.setSeed(System.currentTimeMillis());
random.nextBytes(rawPassword);
String password = Base64.encode(rawPassword);
if (savePassword(password, container)) return new PBEKeySpec(password.toCharArray());
else return null;
}
private byte[] getEncryptedPassword(IPreferencesContainer container) {
ISecurePreferences node = container.getPreferences().node(WIN_PROVIDER_NODE);
String passwordHint;
try {
passwordHint = node.get(PASSWORD_KEY, null);
} catch (StorageException e) { // should never happen in this scenario
AuthPlugin.getDefault().logError(WinCryptoMessages.decryptPasswordFailed, e);
return null;
}
if (passwordHint == null) return null;
return Base64.decode(passwordHint);
}
/**
* Provides decoding of Base64-encoded string
*
* @param string data encoded as Base64
* @return decoded data
*/
public static byte[] decodeBase64(String string) {
return Base64.decode(string);
}
/**
* Provides Base64 encoding of the data. This Base64 encoding does not insert end-of-line
* characters (but can properly decode strings with EOLs inserted).
*
* @param bytes data to be encoded
* @return data encoded as Base64 string
*/
public static String encodeBase64(byte[] bytes) {
return Base64.encode(bytes);
}
