View Javadoc
1   /*
2    * Copyright (C) 2018, Thomas Wolf <thomas.wolf@paranor.ch>
3    * and other copyright owners as documented in the project's IP log.
4    *
5    * This program and the accompanying materials are made available
6    * under the terms of the Eclipse Distribution License v1.0 which
7    * accompanies this distribution, is reproduced below, and is
8    * available at http://www.eclipse.org/org/documents/edl-v10.php
9    *
10   * All rights reserved.
11   *
12   * Redistribution and use in source and binary forms, with or
13   * without modification, are permitted provided that the following
14   * conditions are met:
15   *
16   * - Redistributions of source code must retain the above copyright
17   *   notice, this list of conditions and the following disclaimer.
18   *
19   * - Redistributions in binary form must reproduce the above
20   *   copyright notice, this list of conditions and the following
21   *   disclaimer in the documentation and/or other materials provided
22   *   with the distribution.
23   *
24   * - Neither the name of the Eclipse Foundation, Inc. nor the
25   *   names of its contributors may be used to endorse or promote
26   *   products derived from this software without specific prior
27   *   written permission.
28   *
29   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
30   * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
31   * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
32   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
33   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
34   * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
35   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
36   * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
37   * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
38   * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
39   * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
40   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
41   * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
42   */
43  package org.eclipse.jgit.internal.transport.sshd;
44  
45  import java.io.IOException;
46  import java.net.URISyntaxException;
47  import java.security.GeneralSecurityException;
48  import java.util.Arrays;
49  import java.util.Map;
50  import java.util.concurrent.ConcurrentHashMap;
51  import java.util.concurrent.atomic.AtomicInteger;
52  
53  import org.apache.sshd.common.NamedResource;
54  import org.apache.sshd.common.session.SessionContext;
55  import org.eclipse.jgit.annotations.NonNull;
56  import org.eclipse.jgit.transport.CredentialsProvider;
57  import org.eclipse.jgit.transport.URIish;
58  import org.eclipse.jgit.transport.sshd.KeyPasswordProvider;
59  
60  /**
61   * A bridge from sshd's {@link RepeatingFilePasswordProvider} to our
62   * {@link KeyPasswordProvider} API.
63   */
64  public class PasswordProviderWrapper implements RepeatingFilePasswordProvider {
65  
66  	private final KeyPasswordProvider delegate;
67  
68  	private Map<String, AtomicInteger> counts = new ConcurrentHashMap<>();
69  
70  	/**
71  	 * @param delegate
72  	 */
73  	public PasswordProviderWrapper(@NonNull KeyPasswordProvider delegate) {
74  		this.delegate = delegate;
75  	}
76  
77  	@Override
78  	public void setAttempts(int numberOfPasswordPrompts) {
79  		delegate.setAttempts(numberOfPasswordPrompts);
80  	}
81  
82  	@Override
83  	public int getAttempts() {
84  		return delegate.getAttempts();
85  	}
86  
87  	@Override
88  	public String getPassword(SessionContext session, NamedResource resource,
89  			int attemptIndex) throws IOException {
90  		String key = resource.getName();
91  		int attempt = counts
92  				.computeIfAbsent(key, k -> new AtomicInteger()).get();
93  		char[] passphrase = delegate.getPassphrase(toUri(key), attempt);
94  		if (passphrase == null) {
95  			return null;
96  		}
97  		try {
98  			return new String(passphrase);
99  		} finally {
100 			Arrays.fill(passphrase, '\000');
101 		}
102 	}
103 
104 	@Override
105 	public ResourceDecodeResult handleDecodeAttemptResult(
106 			SessionContext session, NamedResource resource, int retryIndex,
107 			String password, Exception err)
108 			throws IOException, GeneralSecurityException {
109 		String key = resource.getName();
110 		AtomicInteger count = counts.get(key);
111 		int numberOfAttempts = count == null ? 0 : count.incrementAndGet();
112 		ResourceDecodeResult result = null;
113 		try {
114 			if (delegate.keyLoaded(toUri(key), numberOfAttempts, err)) {
115 				result = ResourceDecodeResult.RETRY;
116 			} else {
117 				result = ResourceDecodeResult.TERMINATE;
118 			}
119 		} finally {
120 			if (result != ResourceDecodeResult.RETRY) {
121 				counts.remove(key);
122 			}
123 		}
124 		return result;
125 	}
126 
127 	/**
128 	 * Creates a {@link URIish} from a given string. The
129 	 * {@link CredentialsProvider} uses uris as resource identifications.
130 	 *
131 	 * @param resourceKey
132 	 *            to convert
133 	 * @return the uri
134 	 */
135 	private URIish toUri(String resourceKey) {
136 		try {
137 			return new URIish(resourceKey);
138 		} catch (URISyntaxException e) {
139 			return new URIish().setPath(resourceKey); // Doesn't check!!
140 		}
141 	}
142 
143 }