SecureCredentialsStore.java

/*******************************************************************************
 * Copyright (c) 2010, 2014 Tasktop Technologies and others.
 * All rights reserved. This program and the accompanying materials
 * are made available under the terms of the Eclipse Public License v1.0
 * which accompanies this distribution, and is available at
 * http://www.eclipse.org/legal/epl-v10.html
 *
 * Contributors:
 *     Tasktop Technologies - initial API and implementation
 *******************************************************************************/

package org.eclipse.mylyn.internal.commons.repositories.core;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;

import org.eclipse.core.runtime.Assert;
import org.eclipse.core.runtime.IStatus;
import org.eclipse.core.runtime.Status;
import org.eclipse.equinox.security.storage.EncodingUtils;
import org.eclipse.equinox.security.storage.ISecurePreferences;
import org.eclipse.equinox.security.storage.SecurePreferencesFactory;
import org.eclipse.equinox.security.storage.StorageException;
import org.eclipse.mylyn.commons.core.StatusHandler;
import org.eclipse.mylyn.commons.repositories.core.auth.ICredentialsStore;
import org.eclipse.mylyn.commons.repositories.core.auth.UnavailableException;

/**
 * @author Steffen Pingel
 */
public class SecureCredentialsStore implements ICredentialsStore {

	private static final String ID_NODE = "org.eclipse.mylyn.commons.repository"; //$NON-NLS-1$

	private final String id;

	private InMemoryCredentialsStore inMemoryStore;

	private boolean loggedStorageException;

	public SecureCredentialsStore(String id) {
		this.id = id;
	}

	public void clear() {
		//getSecurePreferences().clear();
		getSecurePreferences().removeNode();
		getInMemoryStore().clear();
	}

	public synchronized void copyTo(ICredentialsStore target) {
		Assert.isNotNull(target);
		if (!(target instanceof SecureCredentialsStore)) {
			throw new IllegalArgumentException(
					"SecureCredentialsStore may only by copied to stores of the same type: " + target.getClass()); //$NON-NLS-1$
		}

		ISecurePreferences preferences = getSecurePreferences();
		for (String key : preferences.keys()) {
			try {
				String value = preferences.get(key, null);
				boolean encrypted = preferences.isEncrypted(key);
				target.put(key, value, encrypted);
			} catch (StorageException e) {
				handle(e);
			}
		}
		if (inMemoryStore != null) {
			inMemoryStore.copyTo(target);
		}
	}

	public void flush() throws IOException {
		getSecurePreferences().flush();
	}

	public String get(final String key, final String def) {
		InMemoryCredentialsStore memoryStore = getInMemoryStore();
		synchronized (memoryStore) {
			if (memoryStore.hasKey(key)) {
				return memoryStore.get(key, def);
			}
		}
		try {
			return getSecurePreferences().get(key, def);
		} catch (StorageException e) {
			handle(e);
			return memoryStore.get(key, def);
		}
	}

	public boolean getBoolean(String key, boolean def) {
		InMemoryCredentialsStore memoryStore = getInMemoryStore();
		synchronized (memoryStore) {
			if (memoryStore.hasKey(key)) {
				return memoryStore.getBoolean(key, def);
			}
		}
		try {
			return getSecurePreferences().getBoolean(key, def);
		} catch (StorageException e) {
			handle(e);
			return memoryStore.getBoolean(key, def);
		}
	}

	public byte[] getByteArray(String key, byte[] def) {
		InMemoryCredentialsStore memoryStore = getInMemoryStore();
		synchronized (memoryStore) {
			if (memoryStore.hasKey(key)) {
				return memoryStore.getByteArray(key, def);
			}
		}
		try {
			return getSecurePreferences().getByteArray(key, def);
		} catch (StorageException e) {
			handle(e);
			return memoryStore.getByteArray(key, def);
		}
	}

	public String getId() {
		return id;
	}

	public String[] keys() {
		return getSecurePreferences().keys();
	}

	public void put(String key, String value, boolean encrypt) {
		put(key, value, encrypt, true);
	}

	public void put(String key, String value, boolean encrypt, boolean persist) {
		if (persist) {
			try {
				getSecurePreferences().put(key, value, encrypt);
				getInMemoryStore().remove(key);
			} catch (StorageException e) {
				handle(e);
				getInMemoryStore().put(key, value, encrypt, true);
			}
		} else {
			getInMemoryStore().put(key, value, encrypt, false);
			getSecurePreferences().remove(key);
		}
	}

	public void putBoolean(String key, boolean value, boolean encrypt) {
		try {
			getSecurePreferences().putBoolean(key, value, encrypt);
			getInMemoryStore().remove(key);
		} catch (StorageException e) {
			handle(e);
			getInMemoryStore().putBoolean(key, value, encrypt);
		}
	}

	public void putByteArray(String key, byte[] value, boolean encrypt) {
		try {
			getSecurePreferences().putByteArray(key, value, encrypt);
			getInMemoryStore().remove(key);
		} catch (StorageException e) {
			handle(e);
			getInMemoryStore().putByteArray(key, value, encrypt);
		}
	}

	public void remove(String key) {
		getSecurePreferences().remove(key);
	}

	@Override
	public void testAvailability() throws UnavailableException {
		try {
			String key = "org.eclipse.mylyn.commons.repositories.core.SecureCredentialsStore"; //$NON-NLS-1$
			// in some cases, we can get the list of keys even though the secure store is broken, so if we just try to get
			// a non-existant key, it won't try to access the secure store and we won't detect that it's broken. So, create a key
			// and try to access it.
			getSecurePreferences().put(key, Boolean.toString(true), true);
			getSecurePreferences().get(key, null);
		} catch (StorageException e) {
			throw new UnavailableException(e);
		}
	}

	protected synchronized InMemoryCredentialsStore getInMemoryStore() {
		if (inMemoryStore == null) {
			inMemoryStore = InMemoryCredentialsStore.getStore(id);
		}
		return inMemoryStore;
	}

	protected ISecurePreferences getSecurePreferences() {
		ISecurePreferences securePreferences = openSecurePreferences().node(ID_NODE);
		securePreferences = securePreferences.node(getEncodedId());
		return securePreferences;
	}

	private String getEncodedId() {
		String id = getId();
		if (containsOnlyValidCharacters(id)) {
			// bug 429094: this was the format used before Mylyn 3.11 so we continue to use it where possible,
			// but we can't use it for URLs with characters outside the allowed range for the secure store
			return EncodingUtils.encodeSlashes(id);
		}
		try {
			return URLEncoder.encode(id, "UTF-8"); //$NON-NLS-1$
		} catch (UnsupportedEncodingException e) {
			// should never happen
			StatusHandler.log(new Status(IStatus.ERROR, RepositoriesCoreInternal.ID_PLUGIN, "Error encoding id", e)); //$NON-NLS-1$
			return null;
		}
	}

	/**
	 * @return whether id contains only characters that are valid for a path in the secure storage
	 */
	private boolean containsOnlyValidCharacters(String id) {
		char[] chars = id.toCharArray();
		for (char c : chars) {
			if (c < 32 || c > 126) {
				return false;
			}
		}
		return true;
	}

	protected ISecurePreferences openSecurePreferences() {
		return SecurePreferencesFactory.getDefault();
	}

	private void handle(StorageException e) {
		if (!loggedStorageException) {
			loggedStorageException = true;
			StatusHandler.log(new Status(
					IStatus.ERROR,
					RepositoriesCoreInternal.ID_PLUGIN,
					"Unexpected error accessing secure storage, falling back to in memory store for credentials. Some credentials may not be saved.", //$NON-NLS-1$
					e));
		}
	}

}