| /******************************************************************************* |
| * Copyright (c) 2008 IBM Corporation and others. |
| * All rights reserved. This program and the accompanying materials |
| * are made available under the terms of the Eclipse Public License v1.0 |
| * which accompanies this distribution, and is available at |
| * http://www.eclipse.org/legal/epl-v10.html |
| * |
| * Contributors: |
| * IBM Corporation - initial API and implementation |
| *******************************************************************************/ |
| package org.eclipse.equinox.internal.security.osx; |
| |
| import java.security.SecureRandom; |
| import javax.crypto.spec.PBEKeySpec; |
| import org.eclipse.equinox.internal.security.auth.AuthPlugin; |
| import org.eclipse.equinox.internal.security.osx.nls.OSXProviderMessages; |
| import org.eclipse.equinox.internal.security.storage.Base64; |
| import org.eclipse.equinox.security.storage.provider.IPreferencesContainer; |
| import org.eclipse.equinox.security.storage.provider.PasswordProvider; |
| |
| public class OSXProvider extends PasswordProvider { |
| |
| static { |
| System.loadLibrary("keystoreNative"); //$NON-NLS-1$ |
| } |
| |
| static final private String serviceName = "equinox.secure.storage"; //$NON-NLS-1$ |
| |
| private String accountName = System.getProperty("user.name"); //$NON-NLS-1$ |
| |
| private native String getPassword(String service, String account) throws SecurityException; |
| |
| private native String setPassword(String serviceName, String accountName, String password) throws SecurityException; |
| |
| public PBEKeySpec getPassword(IPreferencesContainer container, int passwordType) { |
| if (accountName == null) |
| return null; |
| |
| boolean newPassword = ((passwordType & CREATE_NEW_PASSWORD) != 0); |
| boolean passwordChange = ((passwordType & PASSWORD_CHANGE) != 0); |
| |
| // simple auth |
| if (!newPassword && !passwordChange) { |
| try { |
| return new PBEKeySpec(getPassword(serviceName, accountName).toCharArray()); |
| } catch (SecurityException e) { |
| AuthPlugin.getDefault().logError(OSXProviderMessages.getPasswordError, e); |
| return null; |
| } |
| } |
| |
| try { |
| byte[] rawPassword = new byte[64]; |
| SecureRandom random = new SecureRandom(); |
| random.setSeed(System.currentTimeMillis()); |
| random.nextBytes(rawPassword); |
| String newPasswordString = Base64.encode(rawPassword); |
| // checking again in the retrieval case to minimize possible collisions |
| if (!newPassword && !passwordChange) { |
| try { |
| return new PBEKeySpec(getPassword(serviceName, accountName).toCharArray()); |
| } catch (SecurityException e) { |
| // ignore - we have already logged it above |
| } |
| } |
| // encode the data to ensure it's ascii |
| setPassword(serviceName, accountName, newPasswordString); |
| return new PBEKeySpec(newPasswordString.toCharArray()); |
| } catch (SecurityException e) { |
| AuthPlugin.getDefault().logError(OSXProviderMessages.setPasswordError, e); |
| return null; |
| } |
| } |
| } |