All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.eclipse.aether.util.repository.SecretAuthentication Maven / Gradle / Ivy

/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.eclipse.aether.util.repository;

import java.util.Arrays;
import java.util.Map;
import java.util.Objects;

import org.eclipse.aether.repository.Authentication;
import org.eclipse.aether.repository.AuthenticationContext;
import org.eclipse.aether.repository.AuthenticationDigest;

import static java.util.Objects.requireNonNull;

/**
 * Authentication block that manages a single authentication key and its secret string value (password, passphrase).
 * Unlike {@link StringAuthentication}, the string value is kept in an encrypted buffer and only decrypted when needed
 * to reduce the potential of leaking the secret in a heap dump.
 */
final class SecretAuthentication implements Authentication {

    private static final Object[] KEYS;

    static {
        KEYS = new Object[16];
        for (int i = 0; i < KEYS.length; i++) {
            KEYS[i] = new Object();
        }
    }

    private final String key;

    private final char[] value;

    private final int secretHash;

    SecretAuthentication(String key, String value) {
        this((value != null) ? value.toCharArray() : null, key);
    }

    SecretAuthentication(String key, char[] value) {
        this(copy(value), key);
    }

    private SecretAuthentication(char[] value, String key) {
        this.key = requireNonNull(key, "authentication key cannot be null");
        if (key.isEmpty()) {
            throw new IllegalArgumentException("authentication key cannot be empty");
        }
        this.secretHash = Arrays.hashCode(value) ^ KEYS[0].hashCode();
        this.value = xor(value);
    }

    private static char[] copy(char[] chars) {
        return (chars != null) ? chars.clone() : null;
    }

    @SuppressWarnings("checkstyle:magicnumber")
    private char[] xor(char[] chars) {
        if (chars != null) {
            int mask = System.identityHashCode(this);
            for (int i = 0; i < chars.length; i++) {
                int key = KEYS[(i >> 1) % KEYS.length].hashCode();
                key ^= mask;
                chars[i] ^= ((i & 1) == 0) ? (key & 0xFFFF) : (key >>> 16);
            }
        }
        return chars;
    }

    private static void clear(char[] chars) {
        if (chars != null) {
            for (int i = 0; i < chars.length; i++) {
                chars[i] = '\0';
            }
        }
    }

    public void fill(AuthenticationContext context, String key, Map data) {
        requireNonNull(context, "context cannot be null");
        char[] secret = copy(value);
        xor(secret);
        context.put(this.key, secret);
        // secret will be cleared upon AuthenticationContext.close()
    }

    public void digest(AuthenticationDigest digest) {
        char[] secret = copy(value);
        try {
            xor(secret);
            digest.update(key);
            digest.update(secret);
        } finally {
            clear(secret);
        }
    }

    @Override
    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || !getClass().equals(obj.getClass())) {
            return false;
        }
        SecretAuthentication that = (SecretAuthentication) obj;
        if (!Objects.equals(key, that.key) || secretHash != that.secretHash) {
            return false;
        }
        char[] secret = copy(value);
        char[] thatSecret = copy(that.value);
        try {
            xor(secret);
            that.xor(thatSecret);
            return Arrays.equals(secret, thatSecret);
        } finally {
            clear(secret);
            clear(thatSecret);
        }
    }

    @Override
    public int hashCode() {
        int hash = 17;
        hash = hash * 31 + key.hashCode();
        hash = hash * 31 + secretHash;
        return hash;
    }

    @Override
    public String toString() {
        return key + "=" + ((value != null) ? "***" : "null");
    }
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy