All Downloads are FREE. Search and download functionalities are using the official Maven repository.

src.com.ibm.as400.access.ProfileTokenVault Maven / Gradle / Ivy

///////////////////////////////////////////////////////////////////////////////
//
// JTOpen (IBM Toolbox for Java - OSS version)
//
// Filename:  ProfileTokenVault.java
//
// The source code contained herein is licensed under the IBM Public License
// Version 1.0, which has been approved by the Open Source Initiative.
// Copyright (C) 2009-2009 International Business Machines Corporation and
// others.  All rights reserved.
//
///////////////////////////////////////////////////////////////////////////////

package com.ibm.as400.access;

import com.ibm.as400.security.auth.ProfileTokenCredential;
import java.io.Serializable;

/**
 * A vault which holds a profile token.  The profile token represents the credentials
 * of an IBM i user profile for a system, and can be used for authenticating
 * to one or more IBM i host servers on that system.
 */
class ProfileTokenVault extends CredentialVault implements Cloneable, Serializable
{
  /**
   * Constructs an ProfileTokenVault object that does not contain a credential
   */
  protected ProfileTokenVault() {
    super();
    if (Trace.traceOn_) Trace.log(Trace.INFORMATION, "ProfileTokenVault() called");
    
  }

  /**
   * Constructs an ProfileTokenVault object that contains the provided profile token credential.
   *
   * @param existingToken The profile token bytes
   */
  protected ProfileTokenVault(byte[] existingToken) {
    super(existingToken);
    
    if (Trace.traceOn_) Trace.log(Trace.INFORMATION, "ProfileTokenVault(byte[] existingToken) called");

  }

  /**
   * Constructs an ProfileTokenVault object that contains the provided profile token credential.
   *
   * @param existingCredential The profile token credential.  The raw bytes from the profile
   *                           token object are extracted and stored in the vault.
   */
  protected ProfileTokenVault(ProfileTokenCredential existingCredential) {
    super();
    
    if (Trace.traceOn_) Trace.log(Trace.INFORMATION, "ProfileTokenVault(ProfileTokenCredential existingCredential) called");

    // Note:  The logic to set the encodedCredential_ was move to getClearCredential
    //encodedCredential_ = store(existingCredential.getToken());
    // With a profile token that may be refreshed, we do not save the 
    // encodedCredential but must obtain it every time.    Setting the encodedCredential_
    // to null causes the overridden methods in this class to use the profileToken
    // instead of the encodedCredential.  @E1A
    
    encodedCredential_ = null; 
    storeProfileTokenCredential(existingCredential);
  }

  /**
   * Returns a copy of this ProfileTokenVault.  The new copy will be
   * an exact copy of this vault, which means the new copy will
   * contain the same profile token credential as this vault.
   *
   * @return A newly created ProfileTokenVault that is a copy of this one
   */
  public Object clone() {
    
    ProfileTokenVault vaultClone = (ProfileTokenVault)super.clone();
    return vaultClone;
  }

  /**
   * {@inheritDoc}
   */
  protected int getType() {
    return AS400.AUTHENTICATION_SCHEME_PROFILE_TOKEN;
  }
  
  public void storeProfileTokenCredential(ProfileTokenCredential credential) {
    this.profileTokenCredential_ = credential; //@D3C cache profile token credential in a vault
  }
  
  private ProfileTokenCredential profileTokenCredential_;

  //@D3A - Start
  /**
   * Retrieves unencoded credential from a vault
   */
  protected synchronized byte[] getClearCredential() {
    if (profileTokenCredential_!=null){
      byte[] encodedCredential = store(profileTokenCredential_.getToken());
      return resolve(encodedCredential);
    } else {
      return super.getClearCredential();
    }
  }
  
  /**
   * Block the thread to refresh profile token credential from the vault.
   */
  public void preventRefresh() {
    if (profileTokenCredential_!=null){
      try {
        if (Trace.traceOn_) Trace.log(Trace.INFORMATION, "ProfileTokenVault preventRefresh called");
        profileTokenCredential_.preventRefresh();
      } catch (InterruptedException e) {
        e.printStackTrace();
      }
    }
  }
  
  /**
   * Notify the wait thread to refresh profile token credential from the vault.
   */
  public void allowRefresh() {
    if (profileTokenCredential_!=null){
      if (Trace.traceOn_) Trace.log(Trace.INFORMATION, "ProfileTokenVault allowRefresh called");
      profileTokenCredential_.allowRefresh();
    }
  }
  
  /**
   * Queries the vault to see if it contains a credential.
   */
  protected boolean isEmpty() {
   /* if the profileTokenCredential_ is null, we must call the superclass @E1A */ 
    if (profileTokenCredential_ != null ) {
      if (Trace.traceOn_) Trace.log(Trace.INFORMATION, "ProfileTokenVault isEmpty called");
      return false; 
    } else { 
      return super.isEmpty(); 
    }
  }
  
  //@D3A - End
  
  // @E1A -- Additional methods needed (See CredentialVault for list of methods to update if not using encodedCredential_
  /**
   * Disposes of the credential, thus emptying the vault.
   */
  protected void disposeOfCredential() {
    if (profileTokenCredential_ != null ) {
      if (Trace.traceOn_) Trace.log(Trace.INFORMATION, "ProfileTokenVault disposeOfCredential called");
      profileTokenCredential_ = null; 
    }    
    super.disposeOfCredential();
  }

  /**
   * Provides a minimal amount of tracing information about the credential
   * vault in a nicely formatted string.
   *
   * @return The tracing information represented as a string
   */
  protected String trace() {
    if (profileTokenCredential_ != null ) {
      StringBuffer sb = new StringBuffer();
      sb.append("type=");
      sb.append(getType());
      sb.append(" : profileTokenCredential=");
      sb.append(profileTokenCredential_.toString()); 

      return sb.toString();

    } else {     
      return super.trace();
    }
  }
  
  /**
   * Decodes the credential bytes using the provided adder and mask.
   * The decoded credential is returned in a newly allocated byte array.
   *
   * @param adder Used for encoding
   * @param mask Used for encoding
   *
   * @return A newly allocated array of bytes representing the decoded credential
   */
  protected byte[] decode(byte[] adder, byte[] mask) {
    if (profileTokenCredential_ != null ) {
      if (Trace.traceOn_) Trace.log(Trace.INFORMATION, "ProfileTokenVault decode called");
      byte[] encodedCredential = store(profileTokenCredential_.getToken());
      return CredentialVault.decode(adder, mask, encodedCredential);
    } else {
      return super.decode(adder, mask); 
    }
  }

  
  
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy