private boolean savePassword(String password, IPreferencesContainer container) {
byte[] data = winencrypt(password.getBytes());
if (data == null) { // this is bad. Something wrong with OS or JNI.
StorageException e =
new StorageException(
StorageException.ENCRYPTION_ERROR, WinCryptoMessages.encryptPasswordFailed);
AuthPlugin.getDefault().logError(WinCryptoMessages.encryptPasswordFailed, e);
return false;
}
String encodedEncryptyedPassword = Base64.encode(data);
ISecurePreferences node = container.getPreferences().node(WIN_PROVIDER_NODE);
try {
node.put(
PASSWORD_KEY,
encodedEncryptyedPassword,
false); // note we don't recursively try to encrypt
} catch (StorageException e) { // should never happen in this scenario
AuthPlugin.getDefault().logError(SecAuthMessages.errorOnSave, e);
return false;
}
try {
node.flush(); // save right away
} catch (IOException e) {
AuthPlugin.getDefault().logError(SecAuthMessages.errorOnSave, e);
return false;
}
return true;
}
public synchronized Authorization authorize(URI uri) {
String host = getHost(uri);
if (host != null) {
Authorization cachedAuthorization = authorizations.get(host);
if (cachedAuthorization == Authorization.UNAUTHORIZEABLE) {
return cachedAuthorization;
}
if (securePreferences != null) {
try {
ISecurePreferences node = securePreferences.node(host);
String user = node.get("user", "");
String password = node.get("password", "");
Authorization authorization = new Authorization(user, password);
if (authorization.isAuthorized()) {
authorizations.put(host, authorization);
return authorization;
}
} catch (StorageException ex) {
SetupCorePlugin.INSTANCE.log(ex);
}
}
if (cachedAuthorization != null) {
return cachedAuthorization;
}
}
return Authorization.UNAUTHORIZED;
}
/**
* An internal method only available for the {@link PlatformCredentialsProvider} to clear all
* secure preferences nodes. This method is called e.g. when the master password is to be changed
* or disabled.
*/
public void clear() {
/* Clear In-Memory Store */
fInMemoryStore.clear();
/* Clear unprotected links cache */
fUnprotectedLinksCache.clear();
/* Clear cached info */
InternalExchangeUtils.passwordProvidersReset();
/* Remove all Nodes */
ISecurePreferences secureRoot = getSecurePreferences();
/* Check if Bundle is Stopped */
if (secureRoot == null) return;
String[] childrenNames = secureRoot.childrenNames();
for (String child : childrenNames) {
secureRoot.node(child).removeNode();
}
/* Flush to Disk */
try {
secureRoot.flush();
} catch (IOException e) {
Activator.getDefault().logError(e.getMessage(), e);
}
}
/**
* Answer secured preferences which can be used for storing sensitive information of this tab
*
* @return default instance of secure preferences for this tab, <code>null</code> if application
* was unable to create secure preferences using default location
*/
private ISecurePreferences getPreferences(String sectionName) {
ISecurePreferences preferences = SecurePreferencesFactory.getDefault();
if (preferences == null) {
return null;
}
return preferences.node(IPDEUIConstants.PLUGIN_ID).node(sectionName);
}
private String loadSecurePassword(String login) {
ISecurePreferences node = getPasswordNode(login);
if (node != null)
try {
return node.get("password", null);
} catch (StorageException e) {
}
return null;
}
private void saveSecurePassword(String login, String password) {
ISecurePreferences node = getPasswordNode(login);
if (node != null) {
try {
node.put("password", password, true); // $NON-NLS-1$
} catch (StorageException ex) {
/* ignored on purpose */
}
}
}
private byte[] getEncryptedPassword(IPreferencesContainer container) {
ISecurePreferences node = container.getPreferences().node(WIN_PROVIDER_NODE);
String passwordHint;
try {
passwordHint = node.get(PASSWORD_KEY, null);
} catch (StorageException e) { // should never happen in this scenario
AuthPlugin.getDefault().logError(WinCryptoMessages.decryptPasswordFailed, e);
return null;
}
if (passwordHint == null) return null;
return Base64.decode(passwordHint);
}
private String getString(ISecurePreferences settings, String key) {
try {
return settings.get(key, ""); // $NON-NLS-1$
} catch (StorageException e) {
return ""; //$NON-NLS-1$
}
}
private boolean getBoolean(ISecurePreferences settings, String key) {
try {
return settings.getBoolean(key, false);
} catch (StorageException e) {
return false;
}
}
private ISecurePreferences getPasswordNode(String login) {
if (login == null) return null;
ISecurePreferences preferences = SecurePreferencesFactory.getDefault();
if (preferences == null) return null;
String host = Strings.trimToNull(preferenceHelper.getForgeURI());
if (host == null) return null;
StringBuilder bld = new StringBuilder();
bld.append("/Puppetforge Credentials/"); // $NON-NLS-1$
bld.append(login);
bld.append('/');
Checksums.appendSHA1(bld, host);
return preferences.node(bld.toString());
}
public synchronized Authorization reauthorize(URI uri, Authorization authorization) {
// Double check that another thread hasn't already prompted and updated the secure store or
// has not already permanently failed to authorize.
Authorization currentAuthorization = authorize(uri);
if (!currentAuthorization.equals(authorization)
|| currentAuthorization == Authorization.UNAUTHORIZEABLE) {
return currentAuthorization;
}
if (uiServices != null) {
String host = getHost(uri);
if (host != null) {
AuthenticationInfo authenticationInfo = uiServices.getUsernamePassword(uri.toString());
String user = authenticationInfo.getUserName();
String password = authenticationInfo.getPassword();
Authorization reauthorization = new Authorization(user, password);
if (reauthorization.isAuthorized()) {
if (authenticationInfo.saveResult() && securePreferences != null) {
try {
ISecurePreferences node = securePreferences.node(host);
node.put("user", user, false);
node.put("password", password, true);
node.flush();
} catch (IOException ex) {
SetupCorePlugin.INSTANCE.log(ex);
} catch (StorageException ex) {
SetupCorePlugin.INSTANCE.log(ex);
}
}
authorizations.put(host, reauthorization);
return reauthorization;
} else {
authorizations.put(host, Authorization.UNAUTHORIZEABLE);
return Authorization.UNAUTHORIZEABLE;
}
}
}
return currentAuthorization;
}
protected void saveSettings(IDialogSettings settings) {
ISecurePreferences preferences = getPreferences(settings.getName());
if (preferences == null) {
// only in case it is not possible to create secured storage in
// default location -> in that case do not persist settings
return;
}
try {
preferences.putBoolean(S_SIGN_JARS, fButton.getSelection(), true);
preferences.put(S_KEYSTORE, fKeystoreText.getText().trim(), true);
preferences.put(S_ALIAS, fAliasText.getText().trim(), true);
preferences.put(S_PASSWORD, fPasswordText.getText().trim(), true);
preferences.put(S_KEYPASS, fKeypassText.getText().trim(), true);
// bug387565 - for keys which are starting with this bugfix to be
// stored
// in secured storage, replace value in settings with empty string
// to avoid keeping sensitive info in plain text
String[] obsoleted = new String[] {S_KEYSTORE, S_ALIAS, S_PASSWORD, S_KEYPASS};
for (String key : obsoleted) {
if (settings.get(key) != null) {
settings.put(key, ""); // $NON-NLS-1$
}
}
} catch (StorageException e) {
PDEPlugin.log(
"Failed to store JarSigning settings in secured preferences store"); //$NON-NLS-1$
}
}
/**
* Stores the username and matching password for a particular user.
*
* @param forUser the user for whom the credentials are stored
* @param username the username to store
* @param password the password to store
*/
public static void storeCredentials(Optional<String> forUser, String username, char[] password) {
String user = forUser.orElse(System.getProperty(SYSTEM_PROPERTY_USER_NAME));
try {
ISecurePreferences prefs =
SecurePreferences.getSecurePreferences().node(Activator.ID).node(user);
if (username == null) {
return;
} else {
prefs.put(PREF_USERNAME, username, false);
}
if (password == null) {
prefs.node(username).remove(PREF_PASSWORD);
} else {
ByteBuffer buffer = StandardCharsets.UTF_8.newEncoder().encode(CharBuffer.wrap(password));
byte[] passwordData = Arrays.copyOfRange(buffer.array(), buffer.position(), buffer.limit());
prefs.node(username).putByteArray(PREF_PASSWORD, passwordData, false);
}
SaveRestoreService.LOGGER.log(
Level.FINE, "Stored new username and password for {0}.", new Object[] {user});
} catch (StorageException | IOException e) {
SaveRestoreService.LOGGER.log(Level.WARNING, "Could not store the username and password.", e);
}
}
protected void initialize(IDialogSettings settings) {
ISecurePreferences preferences = getPreferences(settings.getName());
if (preferences == null) {
// only in case it is not possible to create secured storage in
// default location -> in that case default values are used
return;
}
String keystore = ""; // $NON-NLS-1$
String keypass = ""; // $NON-NLS-1$
String alias = ""; // $NON-NLS-1$
String password = ""; // $NON-NLS-1$
boolean signJars = false;
if (preferences.keys().length <= 0) {
// nothing stored in secured preferences, check settings for values
// from before bug387565 fix
keystore = getString(settings, S_KEYSTORE);
keypass = getString(settings, S_KEYPASS);
alias = getString(settings, S_ALIAS);
password = getString(settings, S_PASSWORD);
signJars = getBoolean(settings, S_SIGN_JARS);
} else {
// from secured preferences after bug387565 fix
keystore = getString(preferences, S_KEYSTORE);
keypass = getString(preferences, S_KEYPASS);
alias = getString(preferences, S_ALIAS);
password = getString(preferences, S_PASSWORD);
signJars = getBoolean(preferences, S_SIGN_JARS);
}
fKeystoreText.setText(keystore);
fKeypassText.setText(keypass);
fAliasText.setText(alias);
fPasswordText.setText(password);
fButton.setSelection(signJars);
updateGroup(fButton.getSelection());
}
public ProxyPreferencesHandler() {
try {
ISecurePreferences securePref = SecurePreferencesFactory.getDefault();
node = securePref.node("proxy");
staticMethod = node.get("method", "No proxy");
staticAuthRequired = false;
staticHost = node.get("host", "");
staticPort = node.get("port", "");
staticAuthRequired = node.getBoolean("authRequired", false);
if (staticAuthRequired) {
staticUser = node.get("user", "");
staticPass = node.get("password", "");
}
} catch (StorageException e1) {
e1.printStackTrace();
staticMethod = "No proxy";
}
}
private ICredentials getAuthorizationInfo(URI link, String realm) throws CredentialsException {
ISecurePreferences securePreferences = getSecurePreferences();
/* Check if Bundle is Stopped */
if (securePreferences == null) return null;
/* Return from Equinox Security Storage */
if (securePreferences.nodeExists(SECURE_FEED_NODE)) { // Global Feed Node
ISecurePreferences allFeedsPreferences = securePreferences.node(SECURE_FEED_NODE);
if (allFeedsPreferences.nodeExists(
EncodingUtils.encodeSlashes(link.toString()))) { // Feed Node
ISecurePreferences feedPreferences =
allFeedsPreferences.node(EncodingUtils.encodeSlashes(link.toString()));
if (feedPreferences.nodeExists(
EncodingUtils.encodeSlashes(realm != null ? realm : REALM))) { // Realm Node
ISecurePreferences realmPreferences =
feedPreferences.node(EncodingUtils.encodeSlashes(realm != null ? realm : REALM));
try {
String username = realmPreferences.get(USERNAME, null);
String password = realmPreferences.get(PASSWORD, null);
String domain = realmPreferences.get(DOMAIN, null);
if (username != null && password != null)
return new Credentials(username, password, domain);
} catch (StorageException e) {
throw new CredentialsException(
Activator.getDefault().createErrorStatus(e.getMessage(), e));
}
}
}
}
return null;
}
private void internalSetAuthCredentials(
ICredentials credentials, URI link, String realm, boolean persist)
throws CredentialsException {
/* Store Credentials in In-Memory Store */
if (!persist) {
fInMemoryStore.put(toCacheKey(link, realm), credentials);
}
/* Store Credentials in secure Storage */
else {
ISecurePreferences securePreferences = getSecurePreferences();
/* Check if Bundle is Stopped */
if (securePreferences == null) return;
/* Store in Equinox Security Storage */
ISecurePreferences allFeedsPreferences = securePreferences.node(SECURE_FEED_NODE);
ISecurePreferences feedPreferences =
allFeedsPreferences.node(EncodingUtils.encodeSlashes(link.toString()));
ISecurePreferences realmPreference =
feedPreferences.node(EncodingUtils.encodeSlashes(realm != null ? realm : REALM));
IPreferenceScope globalScope = Owl.getPreferenceService().getGlobalScope();
/* OS Password is only supported on Windows and Mac */
boolean useOSPassword = globalScope.getBoolean(DefaultPreferences.USE_OS_PASSWORD);
if (!Platform.OS_WIN32.equals(Platform.getOS())
&& !Platform.OS_MACOSX.equals(Platform.getOS())) useOSPassword = false;
boolean encryptPW =
useOSPassword || globalScope.getBoolean(DefaultPreferences.USE_MASTER_PASSWORD);
try {
if (credentials.getUsername() != null)
realmPreference.put(USERNAME, credentials.getUsername(), encryptPW);
if (credentials.getPassword() != null)
realmPreference.put(PASSWORD, credentials.getPassword(), encryptPW);
if (credentials.getDomain() != null)
realmPreference.put(DOMAIN, credentials.getDomain(), encryptPW);
realmPreference.flush(); // Flush to disk early
} catch (StorageException e) {
throw new CredentialsException(Activator.getDefault().createErrorStatus(e.getMessage(), e));
} catch (IOException e) {
throw new CredentialsException(Activator.getDefault().createErrorStatus(e.getMessage(), e));
}
}
/* Uncache */
removeUnprotected(link, realm);
}
/*
* @see
* org.rssowl.core.connection.ICredentialsProvider#deleteAuthCredentials(java
* .net.URI, java.lang.String)
*/
public synchronized void deleteAuthCredentials(URI link, String realm)
throws CredentialsException {
/* Delete from In-Memory Store if present */
fInMemoryStore.remove(toCacheKey(link, realm));
/* Delete from Cache */
removeUnprotected(link, realm);
/* Check if Bundle is Stopped */
ISecurePreferences securePreferences = getSecurePreferences();
if (securePreferences == null) return;
/* Remove from Equinox Security Storage */
if (securePreferences.nodeExists(SECURE_FEED_NODE)) { // Global Feed Node
ISecurePreferences allFeedsPreferences = securePreferences.node(SECURE_FEED_NODE);
if (allFeedsPreferences.nodeExists(
EncodingUtils.encodeSlashes(link.toString()))) { // Feed Node
ISecurePreferences feedPreferences =
allFeedsPreferences.node(EncodingUtils.encodeSlashes(link.toString()));
if (feedPreferences.nodeExists(
EncodingUtils.encodeSlashes(realm != null ? realm : REALM))) { // Realm Node
ISecurePreferences realmPreferences =
feedPreferences.node(EncodingUtils.encodeSlashes(realm != null ? realm : REALM));
realmPreferences.clear();
realmPreferences.removeNode();
try {
feedPreferences.flush();
} catch (IOException e) {
throw new CredentialsException(
Activator.getDefault().createErrorStatus(e.getMessage(), e));
}
}
}
}
}