| /* | |
| * Licensed to the Apache Software Foundation (ASF) under one | |
| * or more contributor license agreements. See the NOTICE file | |
| * distributed with this work for additional information | |
| * regarding copyright ownership. The ASF licenses this file | |
| * to you under the Apache License, Version 2.0 (the | |
| * "License"); you may not use this file except in compliance | |
| * with the License. You may obtain a copy of the License at | |
| * | |
| * http://www.apache.org/licenses/LICENSE-2.0 | |
| * | |
| * Unless required by applicable law or agreed to in writing, | |
| * software distributed under the License is distributed on an | |
| * * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |
| * KIND, either express or implied. See the License for the | |
| * specific language governing permissions and limitations | |
| * under the License. | |
| */ | |
| package org.apache.synapse.securevault; | |
| import org.apache.commons.logging.Log; | |
| import org.apache.commons.logging.LogFactory; | |
| import org.apache.synapse.securevault.secret.SecretCallback; | |
| import org.apache.synapse.securevault.secret.SecretCallbackHandler; | |
| import org.apache.synapse.securevault.secret.SecretLoadingModule; | |
| import org.apache.synapse.securevault.secret.SingleSecretCallback; | |
| import java.util.ArrayList; | |
| /** | |
| * Responsible for resolving secrets such as password. The secrets this SecretResolver should be | |
| * resolved , can be given as protected Tokens and the use of this class can explicitly check | |
| * whether a token is protected. | |
| */ | |
| public class SecretResolver { | |
| private static Log log = LogFactory.getLog(SecretResolver.class); | |
| private boolean initialized = false; | |
| private final ArrayList<String> protectedTokens = new ArrayList<String>(); | |
| private SecretLoadingModule secretLoadingModule; | |
| private final static String DEFAULT_PROMPT = "password > "; | |
| /** | |
| * Initializes by giving an instance of <code>SecretCallbackHandler </code> to be used to | |
| * retrieve secrets | |
| * | |
| * @param secretCallbackHandler <code>SecretCallbackHandler </code> instance | |
| */ | |
| public void init(SecretCallbackHandler secretCallbackHandler) { | |
| if (initialized) { | |
| if (log.isDebugEnabled()) { | |
| log.debug("SecretResolver already has been started."); | |
| } | |
| return; | |
| } | |
| if (secretCallbackHandler == null) { | |
| throw new SecureVaultException("SecretResolver cannot be initialized. " + | |
| "The provided SecretCallbackHandler is null", log); | |
| } | |
| this.secretLoadingModule = new SecretLoadingModule(); | |
| this.secretLoadingModule.init(new SecretCallbackHandler[]{secretCallbackHandler}); | |
| this.initialized = true; | |
| } | |
| /** | |
| * Resolved given password using an instance of a PasswordProvider | |
| * | |
| * @param encryptedPassword Encrypted password | |
| * @return resolved password | |
| */ | |
| public String resolve(String encryptedPassword) { | |
| return resolve(encryptedPassword, DEFAULT_PROMPT); | |
| } | |
| /** | |
| * Resolved given password using an instance of a PasswordProvider | |
| * | |
| * @param encryptedPassword Encrypted password | |
| * @param prompt to be used to interact with user | |
| * @return resolved password | |
| */ | |
| public String resolve(String encryptedPassword, String prompt) { | |
| assertInitialized(); | |
| if (encryptedPassword == null || "".equals(encryptedPassword)) { | |
| if (log.isDebugEnabled()) { | |
| log.debug("Given Encrypted Password is empty or null. Returning itself"); | |
| } | |
| return encryptedPassword; | |
| } | |
| SingleSecretCallback secretCallback = new SingleSecretCallback(encryptedPassword); | |
| secretCallback.setPrompt(prompt); | |
| secretLoadingModule.load(new SecretCallback[]{secretCallback}); | |
| String plainText = secretCallback.getSecret(); | |
| return plainText; | |
| } | |
| /** | |
| * Registers a token as a Protected Token | |
| * | |
| * @param token <code>String</code> representation of a token | |
| */ | |
| public void addProtectedToken(String token) { | |
| assertInitialized(); | |
| if (token != null && !"".equals(token)) { | |
| protectedTokens.add(token.trim()); | |
| } | |
| } | |
| /** | |
| * Checks whether a token is a Protected Token | |
| * | |
| * @param token <code>String</code> representation of a token | |
| * @return <code>true</code> if the token is a Protected Token | |
| */ | |
| public boolean isTokenProtected(String token) { | |
| assertInitialized(); | |
| return token != null && !"".equals(token) && protectedTokens.contains(token.trim()); | |
| } | |
| /** | |
| * Checks the state of the rule engine. | |
| * It is recommended to check state of the this component prior to access any methods of this | |
| * | |
| * @return <code>true<code> if the rule engine has been initialized | |
| */ | |
| public boolean isInitialized() { | |
| return initialized; | |
| } | |
| private void assertInitialized() { | |
| if (!initialized) { | |
| throw new SecureVaultException("SecretResolver has not been initialized, " + | |
| "it requires to be initialized, with the required " + | |
| "configurations before starting", log); | |
| } | |
| } | |
| /** | |
| * Shutdown the secret resolver | |
| */ | |
| public void shutDown() { | |
| initialized = false; | |
| secretLoadingModule = null; | |
| protectedTokens.clear(); | |
| } | |
| } |