/* | |
* Licensed to the Apache Software Foundation (ASF) under one | |
* or more contributor license agreements. See the NOTICE file | |
* distributed with this work for additional information | |
* regarding copyright ownership. The ASF licenses this file | |
* to you under the Apache License, Version 2.0 (the | |
* "License"); you may not use this file except in compliance | |
* with the License. You may obtain a copy of the License at | |
* | |
* http://www.apache.org/licenses/LICENSE-2.0 | |
* | |
* Unless required by applicable law or agreed to in writing, | |
* software distributed under the License is distributed on an | |
* * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |
* KIND, either express or implied. See the License for the | |
* specific language governing permissions and limitations | |
* under the License. | |
*/ | |
package org.apache.synapse.securevault; | |
import org.apache.commons.logging.Log; | |
import org.apache.commons.logging.LogFactory; | |
import org.apache.synapse.securevault.secret.SecretCallback; | |
import org.apache.synapse.securevault.secret.SecretCallbackHandler; | |
import org.apache.synapse.securevault.secret.SecretLoadingModule; | |
import org.apache.synapse.securevault.secret.SingleSecretCallback; | |
import java.util.ArrayList; | |
/** | |
* Responsible for resolving secrets such as password. The secrets this SecretResolver should be | |
* resolved , can be given as protected Tokens and the use of this class can explicitly check | |
* whether a token is protected. | |
*/ | |
public class SecretResolver { | |
private static Log log = LogFactory.getLog(SecretResolver.class); | |
private boolean initialized = false; | |
private final ArrayList<String> protectedTokens = new ArrayList<String>(); | |
private SecretLoadingModule secretLoadingModule; | |
private final static String DEFAULT_PROMPT = "password > "; | |
/** | |
* Initializes by giving an instance of <code>SecretCallbackHandler </code> to be used to | |
* retrieve secrets | |
* | |
* @param secretCallbackHandler <code>SecretCallbackHandler </code> instance | |
*/ | |
public void init(SecretCallbackHandler secretCallbackHandler) { | |
if (initialized) { | |
if (log.isDebugEnabled()) { | |
log.debug("SecretResolver already has been started."); | |
} | |
return; | |
} | |
if (secretCallbackHandler == null) { | |
throw new SecureVaultException("SecretResolver cannot be initialized. " + | |
"The provided SecretCallbackHandler is null", log); | |
} | |
this.secretLoadingModule = new SecretLoadingModule(); | |
this.secretLoadingModule.init(new SecretCallbackHandler[]{secretCallbackHandler}); | |
this.initialized = true; | |
} | |
/** | |
* Resolved given password using an instance of a PasswordProvider | |
* | |
* @param encryptedPassword Encrypted password | |
* @return resolved password | |
*/ | |
public String resolve(String encryptedPassword) { | |
return resolve(encryptedPassword, DEFAULT_PROMPT); | |
} | |
/** | |
* Resolved given password using an instance of a PasswordProvider | |
* | |
* @param encryptedPassword Encrypted password | |
* @param prompt to be used to interact with user | |
* @return resolved password | |
*/ | |
public String resolve(String encryptedPassword, String prompt) { | |
assertInitialized(); | |
if (encryptedPassword == null || "".equals(encryptedPassword)) { | |
if (log.isDebugEnabled()) { | |
log.debug("Given Encrypted Password is empty or null. Returning itself"); | |
} | |
return encryptedPassword; | |
} | |
SingleSecretCallback secretCallback = new SingleSecretCallback(encryptedPassword); | |
secretCallback.setPrompt(prompt); | |
secretLoadingModule.load(new SecretCallback[]{secretCallback}); | |
String plainText = secretCallback.getSecret(); | |
return plainText; | |
} | |
/** | |
* Registers a token as a Protected Token | |
* | |
* @param token <code>String</code> representation of a token | |
*/ | |
public void addProtectedToken(String token) { | |
assertInitialized(); | |
if (token != null && !"".equals(token)) { | |
protectedTokens.add(token.trim()); | |
} | |
} | |
/** | |
* Checks whether a token is a Protected Token | |
* | |
* @param token <code>String</code> representation of a token | |
* @return <code>true</code> if the token is a Protected Token | |
*/ | |
public boolean isTokenProtected(String token) { | |
assertInitialized(); | |
return token != null && !"".equals(token) && protectedTokens.contains(token.trim()); | |
} | |
/** | |
* Checks the state of the rule engine. | |
* It is recommended to check state of the this component prior to access any methods of this | |
* | |
* @return <code>true<code> if the rule engine has been initialized | |
*/ | |
public boolean isInitialized() { | |
return initialized; | |
} | |
private void assertInitialized() { | |
if (!initialized) { | |
throw new SecureVaultException("SecretResolver has not been initialized, " + | |
"it requires to be initialized, with the required " + | |
"configurations before starting", log); | |
} | |
} | |
/** | |
* Shutdown the secret resolver | |
*/ | |
public void shutDown() { | |
initialized = false; | |
secretLoadingModule = null; | |
protectedTokens.clear(); | |
} | |
} |