bundles/org.eclipse.equinox.security/src/org/eclipse/equinox/internal/security/storage/friends/ReEncrypter.java - equinox/rt.equinox.bundles - Git at Google

 /*******************************************************************************
  * Copyright (c) 2008 IBM Corporation and others.
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License v1.0
  * which accompanies this distribution, and is available at
  * http://www.eclipse.org/legal/epl-v10.html
  *
  * Contributors:
  *     IBM Corporation - initial API and implementation
  *******************************************************************************/
 package org.eclipse.equinox.internal.security.storage.friends;

 import java.util.*;
 import org.eclipse.equinox.internal.security.auth.AuthPlugin;
 import org.eclipse.equinox.internal.security.auth.nls.SecAuthMessages;
 import org.eclipse.equinox.internal.security.storage.SecurePreferencesContainer;
 import org.eclipse.equinox.internal.security.storage.SecurePreferencesWrapper;
 import org.eclipse.equinox.security.storage.ISecurePreferences;
 import org.eclipse.equinox.security.storage.StorageException;
 import org.eclipse.equinox.security.storage.provider.IProviderHints;
 import org.eclipse.osgi.util.NLS;

 /**
  * The class will re-encrypt the whole preferences tree (any node on the tree
  * can be passed in as a starting point).
  */
 public class ReEncrypter {

 	private class TmpElement {
 		private String path; // absolute node path
 		private Map values; // <String>key -> <String>value

 		public TmpElement(String path, Map values) {
 			this.path = path;
 			this.values = values;
 		}

 		public String getPath() {
 			return path;
 		}

 		public Map getValues() {
 			return values;
 		}
 	}

 	final private ISecurePreferences root;
 	final private String moduleID;
 	private boolean processedOK = true;

 	private ArrayList elements = new ArrayList(); // List<TmpElement>

 	public ReEncrypter(ISecurePreferences prefs, String moduleID) {
 		this.moduleID = moduleID;
 		root = prefs.node("/"); //$NON-NLS-1$
 	}

 	/**
 	 * The method will decrypt all data that can be decrypted into a local
 	 * memory structure.
 	 */
 	public boolean decrypt() {
 		decrypt(root);
 		return processedOK;
 	}

 	private void decrypt(ISecurePreferences node) {
 		String[] keys = node.keys();
 		if (keys.length > 0) {
 			Map map = new HashMap(keys.length); // could be less than that
 			for (int i = 0; i < keys.length; i++) {
 				try {
 					if (!node.isEncrypted(keys[i]))
 						continue;
 					if (!(node instanceof SecurePreferencesWrapper))
 						continue;
 					String encryptionModule = ((SecurePreferencesWrapper) node).getModule(keys[i]);
 					if (encryptionModule == null)
 						continue;
 					if (!encryptionModule.equals(moduleID))
 						continue;

 					map.put(keys[i], node.get(keys[i], null));
 				} catch (StorageException e) {
 					// this value will not be re-coded
 					String msg = NLS.bind(SecAuthMessages.decryptingError, keys[i], node.absolutePath());
 					AuthPlugin.getDefault().logError(msg, e);
 					processedOK = false;
 				}
 			}
 			if (map.size() != 0)
 				elements.add(new TmpElement(node.absolutePath(), map));
 		}
 		String[] childrenNames = node.childrenNames();
 		for (int i = 0; i < childrenNames.length; i++) {
 			decrypt(node.node(childrenNames[i]));
 		}
 	}

 	/**
 	 * The method try to create new password.
 	 * <p>
 	 * <strong>Note</strong> that after the successful completion of this method the secure storage has
 	 * new verification string and previously decoded values <b>must</b> be added via encrypt() method
 	 * or they will become unavailable via conventional APIs.
 	 * </p>
 	 */
 	public boolean switchToNewPassword() {
 		return ((SecurePreferencesWrapper) root).passwordChanging(moduleID);
 	}

 	/**
 	 * The method will encrypt all data from the memory structure created by decrypt using current
 	 * passwords and providers. The original encrypted data will be overwritten.
 	 */
 	public boolean encrypt() {
 		boolean result = true;

 		// we'll directly inject here a requirement to use the specified module to encrypt data
 		SecurePreferencesContainer container = ((SecurePreferencesWrapper) root).getContainer();
 		Object originalProperty = container.getOption(IProviderHints.REQUIRED_MODULE_ID);
 		container.setOption(IProviderHints.REQUIRED_MODULE_ID, moduleID);
 		for (Iterator i = elements.iterator(); i.hasNext();) {
 			TmpElement element = (TmpElement) i.next();
 			ISecurePreferences node = root.node(element.getPath());
 			Map values = element.getValues();
 			for (Iterator j = values.keySet().iterator(); j.hasNext();) {
 				String key = (String) j.next();
 				try {
 					node.put(key, (String) values.get(key), true);
 				} catch (StorageException e) {
 					// this value will not be re-coded
 					String msg = NLS.bind(SecAuthMessages.encryptingError, key, node.absolutePath());
 					AuthPlugin.getDefault().logError(msg, e);
 					result = false;
 				}
 			}
 		}
 		if (originalProperty != null)
 			container.setOption(IProviderHints.REQUIRED_MODULE_ID, originalProperty);
 		else
 			container.removeOption(IProviderHints.REQUIRED_MODULE_ID);
 		return result;
 	}

 }
	/*******************************************************************************
	* Copyright (c) 2008 IBM Corporation and others.
	* All rights reserved. This program and the accompanying materials
	* are made available under the terms of the Eclipse Public License v1.0
	* which accompanies this distribution, and is available at
	* http://www.eclipse.org/legal/epl-v10.html
	*
	* Contributors:
	* IBM Corporation - initial API and implementation
	*******************************************************************************/
	package org.eclipse.equinox.internal.security.storage.friends;

	import java.util.*;
	import org.eclipse.equinox.internal.security.auth.AuthPlugin;
	import org.eclipse.equinox.internal.security.auth.nls.SecAuthMessages;
	import org.eclipse.equinox.internal.security.storage.SecurePreferencesContainer;
	import org.eclipse.equinox.internal.security.storage.SecurePreferencesWrapper;
	import org.eclipse.equinox.security.storage.ISecurePreferences;
	import org.eclipse.equinox.security.storage.StorageException;
	import org.eclipse.equinox.security.storage.provider.IProviderHints;
	import org.eclipse.osgi.util.NLS;

	/**
	* The class will re-encrypt the whole preferences tree (any node on the tree
	* can be passed in as a starting point).
	*/
	public class ReEncrypter {

	private class TmpElement {
	private String path; // absolute node path
	private Map values; // <String>key -> <String>value

	public TmpElement(String path, Map values) {
	this.path = path;
	this.values = values;
	}

	public String getPath() {
	return path;
	}

	public Map getValues() {
	return values;
	}
	}

	final private ISecurePreferences root;
	final private String moduleID;
	private boolean processedOK = true;

	private ArrayList elements = new ArrayList(); // List<TmpElement>

	public ReEncrypter(ISecurePreferences prefs, String moduleID) {
	this.moduleID = moduleID;
	root = prefs.node("/"); //$NON-NLS-1$
	}

	/**
	* The method will decrypt all data that can be decrypted into a local
	* memory structure.
	*/
	public boolean decrypt() {
	decrypt(root);
	return processedOK;
	}

	private void decrypt(ISecurePreferences node) {
	String[] keys = node.keys();
	if (keys.length > 0) {
	Map map = new HashMap(keys.length); // could be less than that
	for (int i = 0; i < keys.length; i++) {
	try {
	if (!node.isEncrypted(keys[i]))
	continue;
	if (!(node instanceof SecurePreferencesWrapper))
	continue;
	String encryptionModule = ((SecurePreferencesWrapper) node).getModule(keys[i]);
	if (encryptionModule == null)
	continue;
	if (!encryptionModule.equals(moduleID))
	continue;

	map.put(keys[i], node.get(keys[i], null));
	} catch (StorageException e) {
	// this value will not be re-coded
	String msg = NLS.bind(SecAuthMessages.decryptingError, keys[i], node.absolutePath());
	AuthPlugin.getDefault().logError(msg, e);
	processedOK = false;
	}
	}
	if (map.size() != 0)
	elements.add(new TmpElement(node.absolutePath(), map));
	}
	String[] childrenNames = node.childrenNames();
	for (int i = 0; i < childrenNames.length; i++) {
	decrypt(node.node(childrenNames[i]));
	}
	}

	/**
	* The method try to create new password.
	* <p>
	* <strong>Note</strong> that after the successful completion of this method the secure storage has
	* new verification string and previously decoded values <b>must</b> be added via encrypt() method
	* or they will become unavailable via conventional APIs.
	* </p>
	*/
	public boolean switchToNewPassword() {
	return ((SecurePreferencesWrapper) root).passwordChanging(moduleID);
	}

	/**
	* The method will encrypt all data from the memory structure created by decrypt using current
	* passwords and providers. The original encrypted data will be overwritten.
	*/
	public boolean encrypt() {
	boolean result = true;

	// we'll directly inject here a requirement to use the specified module to encrypt data
	SecurePreferencesContainer container = ((SecurePreferencesWrapper) root).getContainer();
	Object originalProperty = container.getOption(IProviderHints.REQUIRED_MODULE_ID);
	container.setOption(IProviderHints.REQUIRED_MODULE_ID, moduleID);
	for (Iterator i = elements.iterator(); i.hasNext();) {
	TmpElement element = (TmpElement) i.next();
	ISecurePreferences node = root.node(element.getPath());
	Map values = element.getValues();
	for (Iterator j = values.keySet().iterator(); j.hasNext();) {
	String key = (String) j.next();
	try {
	node.put(key, (String) values.get(key), true);
	} catch (StorageException e) {
	// this value will not be re-coded
	String msg = NLS.bind(SecAuthMessages.encryptingError, key, node.absolutePath());
	AuthPlugin.getDefault().logError(msg, e);
	result = false;
	}
	}
	}
	if (originalProperty != null)
	container.setOption(IProviderHints.REQUIRED_MODULE_ID, originalProperty);
	else
	container.removeOption(IProviderHints.REQUIRED_MODULE_ID);
	return result;
	}

	}