All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.jboss.security.ExternalPasswordCache Maven / Gradle / Ivy

/*
* JBoss, Home of Professional Open Source
* Copyright 2005, JBoss Inc., and individual contributors as indicated
* by the @authors tag. See the copyright.txt in the distribution for a
* full listing of individual contributors.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/

package org.jboss.security;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;

/**
 * External command password cache.
 * Singleton password cache.
 * 
 * @author Peter Skopek 
 * @version $Revision:$
 */
public class ExternalPasswordCache implements PasswordCache {

   private static final ExternalPasswordCache PASSWORD_CACHE = new ExternalPasswordCache(); 

   private Map cache;
   private MessageDigest md5Digest = null;

   private ExternalPasswordCache() {
      cache = Collections.synchronizedMap(new HashMap());
      try {
         md5Digest = MessageDigest.getInstance("MD5");
      }
      catch (NoSuchAlgorithmException e) {
         // Cannot get MD5 algorithm instance for hashing password commands. Using NULL.
         PicketBoxLogger.LOGGER.errorCannotGetMD5AlgorithmInstance();
      }
   }

   public static ExternalPasswordCache getExternalPasswordCacheInstance() {
      SecurityManager sm = System.getSecurityManager();
      if (sm != null) {
         sm.checkPermission(new RuntimePermission(ExternalPasswordCache.class.getName() + ".getExternalPasswordCacheInstance"));
      }
      return PASSWORD_CACHE;
   }
   
   /* (non-Javadoc)
    * @see org.jboss.security.PasswordCache#contains(java.lang.String)
    */
   @Override
   public boolean contains(String key, long timeOut) {
      String transformedKey = transformKey(key);
      PasswordRecord pr = cache.get(transformedKey);
      if (pr != null && (timeOut == 0 || System.currentTimeMillis() - pr.timeOut < timeOut)) {
         return true;
      }      
      return false;
   }

   /* (non-Javadoc)
    * @see org.jboss.security.PasswordCache#getPassword(java.lang.String)
    */
   @Override
   public char[] getPassword(String key) {
      String newKey = transformKey(key);
      PicketBoxLogger.LOGGER.traceRetrievingPasswordFromCache(newKey);
      PasswordRecord pr = cache.get(newKey);
      return pr.password;
   }

   /* (non-Javadoc)
    * @see org.jboss.security.PasswordCache#storePassword(java.lang.String, char[])
    */
   @Override
   public void storePassword(String key, char[] password) {
      String newKey = transformKey(key);
      PicketBoxLogger.LOGGER.traceStoringPasswordToCache(newKey);
      PasswordRecord pr = new PasswordRecord();
      pr.timeOut = System.currentTimeMillis();
      pr.password = password;
      cache.put(newKey, pr);
   }
   
   private String transformKey(String key) {
      String newKey = key;
      if (md5Digest != null) {
         md5Digest.reset();
         byte[] bt = key.getBytes();
         byte[] md5 = md5Digest.digest(bt);
         newKey = new String(Base64Utils.tob64(md5));
      }
      return newKey;
   }
   
   /**
    * Get number of cached passwords. 
    * Mainly for testing purpose.
    */
   public int getCachedPasswordsCount() {
      return cache.size();
   }

   /* (non-Javadoc)
    * @see org.jboss.security.PasswordCache#reset()
    */
   @Override
   public void reset() {
      PicketBoxLogger.LOGGER.traceResettingCache();
      cache.clear();
   }
   
   
}

class PasswordRecord {

   long timeOut;
   char[] password;
   
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy