+++ /dev/null
-/*******************************************************************************
- * Copyright (c) 2012, 2014 Sonatype, Inc.
- * All rights reserved. This program and the accompanying materials
- * are made available under the terms of the Eclipse Public License v1.0
- * which accompanies this distribution, and is available at
- * http://www.eclipse.org/legal/epl-v10.html
- *
- * Contributors:
- * Sonatype, Inc. - initial API and implementation
- *******************************************************************************/
-package org.eclipse.aether.repository;
-
-import java.io.Closeable;
-import java.io.File;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.Map;
-
-import org.eclipse.aether.RepositorySystemSession;
-
-/**
- * A glorified map of key value pairs holding (cleartext) authentication data. Authentication contexts are used
- * internally when network operations need to access secured repositories or proxies. Each authentication context
- * manages the credentials required to access a single host. Unlike {@link Authentication} callbacks which exist for a
- * potentially long time like the duration of a repository system session, an authentication context has a supposedly
- * short lifetime and should be {@link #close() closed} as soon as the corresponding network operation has finished:
- *
- * <pre>
- * AuthenticationContext context = AuthenticationContext.forRepository( session, repository );
- * try {
- * // get credentials
- * char[] password = context.get( AuthenticationContext.PASSWORD, char[].class );
- * // perform network operation using retrieved credentials
- * ...
- * } finally {
- * // erase confidential authentication data from heap memory
- * AuthenticationContext.close( context );
- * }
- * </pre>
- *
- * The same authentication data can often be presented using different data types, e.g. a password can be presented
- * using a character array or (less securely) using a string. For ease of use, an authentication context treats the
- * following groups of data types as equivalent and converts values automatically during retrieval:
- * <ul>
- * <li>{@code String}, {@code char[]}</li>
- * <li>{@code String}, {@code File}</li>
- * </ul>
- * An authentication context is thread-safe.
- */
-public final class AuthenticationContext
- implements Closeable
-{
-
- /**
- * The key used to store the username. The corresponding authentication data should be of type {@link String}.
- */
- public static final String USERNAME = "username";
-
- /**
- * The key used to store the password. The corresponding authentication data should be of type {@code char[]} or
- * {@link String}.
- */
- public static final String PASSWORD = "password";
-
- /**
- * The key used to store the NTLM domain. The corresponding authentication data should be of type {@link String}.
- */
- public static final String NTLM_DOMAIN = "ntlm.domain";
-
- /**
- * The key used to store the NTML workstation. The corresponding authentication data should be of type
- * {@link String}.
- */
- public static final String NTLM_WORKSTATION = "ntlm.workstation";
-
- /**
- * The key used to store the pathname to a private key file. The corresponding authentication data should be of type
- * {@link String} or {@link File}.
- */
- public static final String PRIVATE_KEY_PATH = "privateKey.path";
-
- /**
- * The key used to store the passphrase protecting the private key. The corresponding authentication data should be
- * of type {@code char[]} or {@link String}.
- */
- public static final String PRIVATE_KEY_PASSPHRASE = "privateKey.passphrase";
-
- /**
- * The key used to store the acceptance policy for unknown host keys. The corresponding authentication data should
- * be of type {@link Boolean}. When querying this authentication data, the extra data should provide
- * {@link #HOST_KEY_REMOTE} and {@link #HOST_KEY_LOCAL}, e.g. to enable a well-founded decision of the user during
- * an interactive prompt.
- */
- public static final String HOST_KEY_ACCEPTANCE = "hostKey.acceptance";
-
- /**
- * The key used to store the fingerprint of the public key advertised by remote host. Note that this key is used to
- * query the extra data passed to {@link #get(String, Map, Class)} when getting {@link #HOST_KEY_ACCEPTANCE}, not
- * the authentication data in a context.
- */
- public static final String HOST_KEY_REMOTE = "hostKey.remote";
-
- /**
- * The key used to store the fingerprint of the public key expected from remote host as recorded in a known hosts
- * database. Note that this key is used to query the extra data passed to {@link #get(String, Map, Class)} when
- * getting {@link #HOST_KEY_ACCEPTANCE}, not the authentication data in a context.
- */
- public static final String HOST_KEY_LOCAL = "hostKey.local";
-
- /**
- * The key used to store the SSL context. The corresponding authentication data should be of type
- * {@link javax.net.ssl.SSLContext}.
- */
- public static final String SSL_CONTEXT = "ssl.context";
-
- /**
- * The key used to store the SSL hostname verifier. The corresponding authentication data should be of type
- * {@link javax.net.ssl.HostnameVerifier}.
- */
- public static final String SSL_HOSTNAME_VERIFIER = "ssl.hostnameVerifier";
-
- private final RepositorySystemSession session;
-
- private final RemoteRepository repository;
-
- private final Proxy proxy;
-
- private final Authentication auth;
-
- private final Map<String, Object> authData;
-
- private boolean fillingAuthData;
-
- /**
- * Gets an authentication context for the specified repository.
- *
- * @param session The repository system session during which the repository is accessed, must not be {@code null}.
- * @param repository The repository for which to create an authentication context, must not be {@code null}.
- * @return An authentication context for the repository or {@code null} if no authentication is configured for it.
- */
- public static AuthenticationContext forRepository( RepositorySystemSession session, RemoteRepository repository )
- {
- return newInstance( session, repository, null, repository.getAuthentication() );
- }
-
- /**
- * Gets an authentication context for the proxy of the specified repository.
- *
- * @param session The repository system session during which the repository is accessed, must not be {@code null}.
- * @param repository The repository for whose proxy to create an authentication context, must not be {@code null}.
- * @return An authentication context for the proxy or {@code null} if no proxy is set or no authentication is
- * configured for it.
- */
- public static AuthenticationContext forProxy( RepositorySystemSession session, RemoteRepository repository )
- {
- Proxy proxy = repository.getProxy();
- return newInstance( session, repository, proxy, ( proxy != null ) ? proxy.getAuthentication() : null );
- }
-
- private static AuthenticationContext newInstance( RepositorySystemSession session, RemoteRepository repository,
- Proxy proxy, Authentication auth )
- {
- if ( auth == null )
- {
- return null;
- }
- return new AuthenticationContext( session, repository, proxy, auth );
- }
-
- private AuthenticationContext( RepositorySystemSession session, RemoteRepository repository, Proxy proxy,
- Authentication auth )
- {
- if ( session == null )
- {
- throw new IllegalArgumentException( "repository system session missing" );
- }
- this.session = session;
- this.repository = repository;
- this.proxy = proxy;
- this.auth = auth;
- authData = new HashMap<String, Object>();
- }
-
- /**
- * Gets the repository system session during which the authentication happens.
- *
- * @return The repository system session, never {@code null}.
- */
- public RepositorySystemSession getSession()
- {
- return session;
- }
-
- /**
- * Gets the repository requiring authentication. If {@link #getProxy()} is not {@code null}, the data gathered by
- * this authentication context does not apply to the repository's host but rather the proxy.
- *
- * @return The repository to be contacted, never {@code null}.
- */
- public RemoteRepository getRepository()
- {
- return repository;
- }
-
- /**
- * Gets the proxy (if any) to be authenticated with.
- *
- * @return The proxy or {@code null} if authenticating directly with the repository's host.
- */
- public Proxy getProxy()
- {
- return proxy;
- }
-
- /**
- * Gets the authentication data for the specified key.
- *
- * @param key The key whose authentication data should be retrieved, must not be {@code null}.
- * @return The requested authentication data or {@code null} if none.
- */
- public String get( String key )
- {
- return get( key, null, String.class );
- }
-
- /**
- * Gets the authentication data for the specified key.
- *
- * @param <T> The data type of the authentication data.
- * @param key The key whose authentication data should be retrieved, must not be {@code null}.
- * @param type The expected type of the authentication data, must not be {@code null}.
- * @return The requested authentication data or {@code null} if none or if the data doesn't match the expected type.
- */
- public <T> T get( String key, Class<T> type )
- {
- return get( key, null, type );
- }
-
- /**
- * Gets the authentication data for the specified key.
- *
- * @param <T> The data type of the authentication data.
- * @param key The key whose authentication data should be retrieved, must not be {@code null}.
- * @param data Any (read-only) extra data in form of key value pairs that might be useful when getting the
- * authentication data, may be {@code null}.
- * @param type The expected type of the authentication data, must not be {@code null}.
- * @return The requested authentication data or {@code null} if none or if the data doesn't match the expected type.
- */
- public <T> T get( String key, Map<String, String> data, Class<T> type )
- {
- if ( key == null )
- {
- throw new IllegalArgumentException( "authentication data key missing" );
- }
- Object value;
- synchronized ( authData )
- {
- value = authData.get( key );
- if ( value == null && !authData.containsKey( key ) && !fillingAuthData )
- {
- if ( auth != null )
- {
- try
- {
- fillingAuthData = true;
- auth.fill( this, key, data );
- }
- finally
- {
- fillingAuthData = false;
- }
- value = authData.get( key );
- }
- if ( value == null )
- {
- authData.put( key, value );
- }
- }
- }
-
- return convert( value, type );
- }
-
- private <T> T convert( Object value, Class<T> type )
- {
- if ( !type.isInstance( value ) )
- {
- if ( String.class.equals( type ) )
- {
- if ( value instanceof File )
- {
- value = ( (File) value ).getPath();
- }
- else if ( value instanceof char[] )
- {
- value = new String( (char[]) value );
- }
- }
- else if ( File.class.equals( type ) )
- {
- if ( value instanceof String )
- {
- value = new File( (String) value );
- }
- }
- else if ( char[].class.equals( type ) )
- {
- if ( value instanceof String )
- {
- value = ( (String) value ).toCharArray();
- }
- }
- }
-
- if ( type.isInstance( value ) )
- {
- return type.cast( value );
- }
-
- return null;
- }
-
- /**
- * Puts the specified authentication data into this context. This method should only be called from implementors of
- * {@link Authentication#fill(AuthenticationContext, String, Map)}. Passed in character arrays are not cloned and
- * become owned by this context, i.e. get erased when the context gets closed.
- *
- * @param key The key to associate the authentication data with, must not be {@code null}.
- * @param value The (cleartext) authentication data to store, may be {@code null}.
- */
- public void put( String key, Object value )
- {
- if ( key == null )
- {
- throw new IllegalArgumentException( "authentication data key missing" );
- }
- synchronized ( authData )
- {
- Object oldValue = authData.put( key, value );
- if ( oldValue instanceof char[] )
- {
- Arrays.fill( (char[]) oldValue, '\0' );
- }
- }
- }
-
- /**
- * Closes this authentication context and erases sensitive authentication data from heap memory. Closing an already
- * closed context has no effect.
- */
- public void close()
- {
- synchronized ( authData )
- {
- for ( Object value : authData.values() )
- {
- if ( value instanceof char[] )
- {
- Arrays.fill( (char[]) value, '\0' );
- }
- }
- authData.clear();
- }
- }
-
- /**
- * Closes the specified authentication context. This is a convenience method doing a {@code null} check before
- * calling {@link #close()} on the given context.
- *
- * @param context The authentication context to close, may be {@code null}.
- */
- public static void close( AuthenticationContext context )
- {
- if ( context != null )
- {
- context.close();
- }
- }
-
-}
projects / gpl / argeo-slc.git / blobdiff