| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
| <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> |
| <head><meta http-equiv="content-type" content="text/html; charset=UTF-8" /> |
| <title>FilePasswordProvider xref</title> |
| <link type="text/css" rel="stylesheet" href="../../../../../../../stylesheet.css" /> |
| </head> |
| <body> |
| <div id="overview"><a href="../../../../../../../../apidocs/org/apache/logging/log4j/core/net/ssl/FilePasswordProvider.html">View Javadoc</a></div><pre> |
| <a class="jxr_linenumber" name="L1" href="#L1">1</a> <em class="jxr_comment">/*</em> |
| <a class="jxr_linenumber" name="L2" href="#L2">2</a> <em class="jxr_comment"> * Licensed to the Apache Software Foundation (ASF) under one or more</em> |
| <a class="jxr_linenumber" name="L3" href="#L3">3</a> <em class="jxr_comment"> * contributor license agreements. See the NOTICE file distributed with</em> |
| <a class="jxr_linenumber" name="L4" href="#L4">4</a> <em class="jxr_comment"> * this work for additional information regarding copyright ownership.</em> |
| <a class="jxr_linenumber" name="L5" href="#L5">5</a> <em class="jxr_comment"> * The ASF licenses this file to You under the Apache license, Version 2.0</em> |
| <a class="jxr_linenumber" name="L6" href="#L6">6</a> <em class="jxr_comment"> * (the "License"); you may not use this file except in compliance with</em> |
| <a class="jxr_linenumber" name="L7" href="#L7">7</a> <em class="jxr_comment"> * the License. You may obtain a copy of the License at</em> |
| <a class="jxr_linenumber" name="L8" href="#L8">8</a> <em class="jxr_comment"> *</em> |
| <a class="jxr_linenumber" name="L9" href="#L9">9</a> <em class="jxr_comment"> * <a href="http://www.apache.org/licenses/LICENSE-2." target="alexandria_uri">http://www.apache.org/licenses/LICENSE-2.</a>0</em> |
| <a class="jxr_linenumber" name="L10" href="#L10">10</a> <em class="jxr_comment"> *</em> |
| <a class="jxr_linenumber" name="L11" href="#L11">11</a> <em class="jxr_comment"> * Unless required by applicable law or agreed to in writing, software</em> |
| <a class="jxr_linenumber" name="L12" href="#L12">12</a> <em class="jxr_comment"> * distributed under the License is distributed on an "AS IS" BASIS,</em> |
| <a class="jxr_linenumber" name="L13" href="#L13">13</a> <em class="jxr_comment"> * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.</em> |
| <a class="jxr_linenumber" name="L14" href="#L14">14</a> <em class="jxr_comment"> * See the license for the specific language governing permissions and</em> |
| <a class="jxr_linenumber" name="L15" href="#L15">15</a> <em class="jxr_comment"> * limitations under the license.</em> |
| <a class="jxr_linenumber" name="L16" href="#L16">16</a> <em class="jxr_comment"> */</em> |
| <a class="jxr_linenumber" name="L17" href="#L17">17</a> <strong class="jxr_keyword">package</strong> org.apache.logging.log4j.core.net.ssl; |
| <a class="jxr_linenumber" name="L18" href="#L18">18</a> |
| <a class="jxr_linenumber" name="L19" href="#L19">19</a> <strong class="jxr_keyword">import</strong> java.io.IOException; |
| <a class="jxr_linenumber" name="L20" href="#L20">20</a> <strong class="jxr_keyword">import</strong> java.nio.ByteBuffer; |
| <a class="jxr_linenumber" name="L21" href="#L21">21</a> <strong class="jxr_keyword">import</strong> java.nio.CharBuffer; |
| <a class="jxr_linenumber" name="L22" href="#L22">22</a> <strong class="jxr_keyword">import</strong> java.nio.charset.Charset; |
| <a class="jxr_linenumber" name="L23" href="#L23">23</a> <strong class="jxr_keyword">import</strong> java.nio.file.Files; |
| <a class="jxr_linenumber" name="L24" href="#L24">24</a> <strong class="jxr_keyword">import</strong> java.nio.file.NoSuchFileException; |
| <a class="jxr_linenumber" name="L25" href="#L25">25</a> <strong class="jxr_keyword">import</strong> java.nio.file.Path; |
| <a class="jxr_linenumber" name="L26" href="#L26">26</a> <strong class="jxr_keyword">import</strong> java.nio.file.Paths; |
| <a class="jxr_linenumber" name="L27" href="#L27">27</a> <strong class="jxr_keyword">import</strong> java.util.Arrays; |
| <a class="jxr_linenumber" name="L28" href="#L28">28</a> |
| <a class="jxr_linenumber" name="L29" href="#L29">29</a> <em class="jxr_javadoccomment">/**</em> |
| <a class="jxr_linenumber" name="L30" href="#L30">30</a> <em class="jxr_javadoccomment"> * PasswordProvider that reads password from a file.</em> |
| <a class="jxr_linenumber" name="L31" href="#L31">31</a> <em class="jxr_javadoccomment"> * <p></em> |
| <a class="jxr_linenumber" name="L32" href="#L32">32</a> <em class="jxr_javadoccomment"> * This is a relatively secure way to handle passwords:</em> |
| <a class="jxr_linenumber" name="L33" href="#L33">33</a> <em class="jxr_javadoccomment"> * <ul></em> |
| <a class="jxr_linenumber" name="L34" href="#L34">34</a> <em class="jxr_javadoccomment"> * <li>Managing file access privileges can be delegated to the operating system.</li></em> |
| <a class="jxr_linenumber" name="L35" href="#L35">35</a> <em class="jxr_javadoccomment"> * <li>The password file can be in a separate location from the logging configuration.</em> |
| <a class="jxr_linenumber" name="L36" href="#L36">36</a> <em class="jxr_javadoccomment"> * This gives flexibility to have different passwords in different environments while</em> |
| <a class="jxr_linenumber" name="L37" href="#L37">37</a> <em class="jxr_javadoccomment"> * using the same logging configuration. It also allows for separation of responsibilities:</em> |
| <a class="jxr_linenumber" name="L38" href="#L38">38</a> <em class="jxr_javadoccomment"> * developers don't need to know the password that is used in the production environment.</li></em> |
| <a class="jxr_linenumber" name="L39" href="#L39">39</a> <em class="jxr_javadoccomment"> * <li>There is only a small window of opportunity for attackers to obtain the password from a memory</em> |
| <a class="jxr_linenumber" name="L40" href="#L40">40</a> <em class="jxr_javadoccomment"> * dump: the password data is only resident in memory from the moment the caller calls the</em> |
| <a class="jxr_linenumber" name="L41" href="#L41">41</a> <em class="jxr_javadoccomment"> * {@link #getPassword()} method and the password file is read until the moment that the caller</em> |
| <a class="jxr_linenumber" name="L42" href="#L42">42</a> <em class="jxr_javadoccomment"> * completes authentication and overwrites the password char[] array.</li></em> |
| <a class="jxr_linenumber" name="L43" href="#L43">43</a> <em class="jxr_javadoccomment"> * </ul></em> |
| <a class="jxr_linenumber" name="L44" href="#L44">44</a> <em class="jxr_javadoccomment"> * </p><p></em> |
| <a class="jxr_linenumber" name="L45" href="#L45">45</a> <em class="jxr_javadoccomment"> * Less secure implementations are {@link MemoryPasswordProvider} and {@link EnvironmentPasswordProvider}.</em> |
| <a class="jxr_linenumber" name="L46" href="#L46">46</a> <em class="jxr_javadoccomment"> * </p></em> |
| <a class="jxr_linenumber" name="L47" href="#L47">47</a> <em class="jxr_javadoccomment"> */</em> |
| <a class="jxr_linenumber" name="L48" href="#L48">48</a> <strong class="jxr_keyword">class</strong> <a href="../../../../../../../org/apache/logging/log4j/core/net/ssl/FilePasswordProvider.html">FilePasswordProvider</a> <strong class="jxr_keyword">implements</strong> <a href="../../../../../../../org/apache/logging/log4j/core/net/ssl/PasswordProvider.html">PasswordProvider</a> { |
| <a class="jxr_linenumber" name="L49" href="#L49">49</a> <strong class="jxr_keyword">private</strong> <strong class="jxr_keyword">final</strong> Path passwordPath; |
| <a class="jxr_linenumber" name="L50" href="#L50">50</a> |
| <a class="jxr_linenumber" name="L51" href="#L51">51</a> <em class="jxr_javadoccomment">/**</em> |
| <a class="jxr_linenumber" name="L52" href="#L52">52</a> <em class="jxr_javadoccomment"> * Constructs a new FilePasswordProvider with the specified path.</em> |
| <a class="jxr_linenumber" name="L53" href="#L53">53</a> <em class="jxr_javadoccomment"> * @param passwordFile the path to the password file</em> |
| <a class="jxr_linenumber" name="L54" href="#L54">54</a> <em class="jxr_javadoccomment"> * @throws NoSuchFileException if the password file does not exist when this FilePasswordProvider is constructed</em> |
| <a class="jxr_linenumber" name="L55" href="#L55">55</a> <em class="jxr_javadoccomment"> */</em> |
| <a class="jxr_linenumber" name="L56" href="#L56">56</a> <strong class="jxr_keyword">public</strong> <a href="../../../../../../../org/apache/logging/log4j/core/net/ssl/FilePasswordProvider.html">FilePasswordProvider</a>(<strong class="jxr_keyword">final</strong> String passwordFile) <strong class="jxr_keyword">throws</strong> NoSuchFileException { |
| <a class="jxr_linenumber" name="L57" href="#L57">57</a> <strong class="jxr_keyword">this</strong>.passwordPath = Paths.get(passwordFile); |
| <a class="jxr_linenumber" name="L58" href="#L58">58</a> <strong class="jxr_keyword">if</strong> (!Files.exists(passwordPath)) { |
| <a class="jxr_linenumber" name="L59" href="#L59">59</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> NoSuchFileException(<span class="jxr_string">"PasswordFile '"</span> + passwordFile + <span class="jxr_string">"' does not exist"</span>); |
| <a class="jxr_linenumber" name="L60" href="#L60">60</a> } |
| <a class="jxr_linenumber" name="L61" href="#L61">61</a> } |
| <a class="jxr_linenumber" name="L62" href="#L62">62</a> |
| <a class="jxr_linenumber" name="L63" href="#L63">63</a> @Override |
| <a class="jxr_linenumber" name="L64" href="#L64">64</a> <strong class="jxr_keyword">public</strong> <strong class="jxr_keyword">char</strong>[] getPassword() { |
| <a class="jxr_linenumber" name="L65" href="#L65">65</a> byte[] bytes = <strong class="jxr_keyword">null</strong>; |
| <a class="jxr_linenumber" name="L66" href="#L66">66</a> <strong class="jxr_keyword">try</strong> { |
| <a class="jxr_linenumber" name="L67" href="#L67">67</a> bytes = Files.readAllBytes(passwordPath); |
| <a class="jxr_linenumber" name="L68" href="#L68">68</a> <strong class="jxr_keyword">final</strong> ByteBuffer bb = ByteBuffer.wrap(bytes); |
| <a class="jxr_linenumber" name="L69" href="#L69">69</a> <strong class="jxr_keyword">final</strong> CharBuffer decoded = Charset.defaultCharset().decode(bb); |
| <a class="jxr_linenumber" name="L70" href="#L70">70</a> <strong class="jxr_keyword">final</strong> <strong class="jxr_keyword">char</strong>[] result = <strong class="jxr_keyword">new</strong> <strong class="jxr_keyword">char</strong>[decoded.limit()]; |
| <a class="jxr_linenumber" name="L71" href="#L71">71</a> decoded.get(result, 0, result.length); |
| <a class="jxr_linenumber" name="L72" href="#L72">72</a> decoded.rewind(); |
| <a class="jxr_linenumber" name="L73" href="#L73">73</a> decoded.put(<strong class="jxr_keyword">new</strong> <strong class="jxr_keyword">char</strong>[result.length]); <em class="jxr_comment">// erase decoded CharBuffer</em> |
| <a class="jxr_linenumber" name="L74" href="#L74">74</a> <strong class="jxr_keyword">return</strong> result; |
| <a class="jxr_linenumber" name="L75" href="#L75">75</a> } <strong class="jxr_keyword">catch</strong> (<strong class="jxr_keyword">final</strong> IOException e) { |
| <a class="jxr_linenumber" name="L76" href="#L76">76</a> <strong class="jxr_keyword">throw</strong> <strong class="jxr_keyword">new</strong> IllegalStateException(<span class="jxr_string">"Could not read password from "</span> + passwordPath + <span class="jxr_string">": "</span> + e, e); |
| <a class="jxr_linenumber" name="L77" href="#L77">77</a> } <strong class="jxr_keyword">finally</strong> { |
| <a class="jxr_linenumber" name="L78" href="#L78">78</a> <strong class="jxr_keyword">if</strong> (bytes != <strong class="jxr_keyword">null</strong>) { |
| <a class="jxr_linenumber" name="L79" href="#L79">79</a> Arrays.fill(bytes, (byte) 0x0); |
| <a class="jxr_linenumber" name="L80" href="#L80">80</a> } |
| <a class="jxr_linenumber" name="L81" href="#L81">81</a> } |
| <a class="jxr_linenumber" name="L82" href="#L82">82</a> } |
| <a class="jxr_linenumber" name="L83" href="#L83">83</a> } |
| </pre> |
| <hr/> |
| <div id="footer">Copyright © 1999–2020 <a href="https://www.apache.org/">The Apache Software Foundation</a>. All rights reserved.</div> |
| </body> |
| </html> |
