PropertyObfuscationVault.java

/*
 * RHQ Management Platform
 * Copyright 2011, Red Hat Middleware LLC, and individual contributors
 * as indicated by the @author tags. See the copyright.txt file in the
 * distribution for a full listing of individual contributors.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation version 2 of the License.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */

package org.rhq.core.util.obfuscation;

import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

import org.jboss.security.vault.SecurityVault;
import org.jboss.security.vault.SecurityVaultException;

import org.rhq.core.util.obfuscation.ObfuscatedPreferences.RestrictedFormat;

/**
 * @author Stefan Negrea
 *
 */
public class PropertyObfuscationVault implements SecurityVault {

    private static final Log LOG = LogFactory.getLog(SecurityVault.class);

    private static final String RESTRICTED = "restricted";

    private volatile Map<String, Object> options;

    @Override
    public void init(Map<String, Object> options) throws SecurityVaultException {
        this.options = Collections.synchronizedMap(new HashMap<String, Object>());
        this.options.putAll(options);
    }

    @Override
    public boolean isInitialized() {
        return true;
    }

    @Override
    public byte[] handshake(Map<String, Object> handshakeOptions) throws SecurityVaultException {
        return null;
    }

    @Override
    public Set<String> keyList() throws SecurityVaultException {
        return options.keySet();
    }

    @Override
    public boolean exists(String vaultBlock, String attributeName) throws SecurityVaultException {
        return true;
    }

    @Override
    public void store(String vaultBlock, String attributeName, char[] attributeValue, byte[] sharedKey)
        throws SecurityVaultException {
        //nothing to do because this vault does not have any backing store
    }

    /**
     * Documentation provided since slightly changing the meaning of method parameters
     * from the overriden method.
     *
     * @param blockType  if 'restricted' then the value is obfuscated; if 'open' then value is not obfuscated
     * @param systemProperty name of system property where that contains the value
     * @param defaultValue default value if no system property found or empty
     * @return value
     * @throws SecurityVaultException
     */
    @Override
    public char[] retrieve(String blockType, String systemProperty, byte[] defaultValue) throws SecurityVaultException {
        try {
            boolean isRestricted = false;
            if (RESTRICTED.equalsIgnoreCase(blockType)) {
                isRestricted = true;
            }

            char[] result = null;

            String systemPropertyValue = System.getProperty(systemProperty);
            if (systemPropertyValue != null && !systemPropertyValue.trim().isEmpty()) {
                if (isRestricted) {
                    String actualSystemPropertyValue = systemPropertyValue;
                    if (RestrictedFormat.isRestrictedFormat(actualSystemPropertyValue)) {
                        actualSystemPropertyValue = RestrictedFormat.retrieveValue(actualSystemPropertyValue);
                    }

                    try {
                        result = PicketBoxObfuscator.decode(actualSystemPropertyValue).toCharArray();
                    } catch (Exception e) {
                        //have a fallback in case the password not obfuscated
                        result = actualSystemPropertyValue.toCharArray();
                    }
                } else {
                    result = systemPropertyValue.toCharArray();
                }

            } else if (defaultValue != null && defaultValue.length != 0) {
                if (isRestricted) {
                    try {
                        result = PicketBoxObfuscator.decode(new String(defaultValue)).toCharArray();
                    } catch (Exception e) {
                        //have a fallback in case the password not obfuscated
                        result = new String(defaultValue).toCharArray();
                    }
                } else {
                    result = new String(defaultValue).toCharArray();
                }
            } else {
                //ran out of options to de-obfuscate so throw an exception
                throw new IllegalArgumentException();
            }

            return result;
        } catch (Exception e) {
            throw new SecurityVaultException(e);
        }
    }

    @Override
    public boolean remove(String vaultBlock, String attributeName, byte[] sharedKey) throws SecurityVaultException {
        return true;
    }
}