BasicAuthentication.java
/*
* Copyright (C) 2018, Thomas Wolf <thomas.wolf@paranor.ch> and others
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Distribution License v. 1.0 which is available at
* https://www.eclipse.org/org/documents/edl-v10.php.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
package org.eclipse.jgit.internal.transport.sshd.auth;
import static java.nio.charset.StandardCharsets.UTF_8;
import java.net.Authenticator;
import java.net.Authenticator.RequestorType;
import java.net.InetSocketAddress;
import java.net.PasswordAuthentication;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Arrays;
import java.util.concurrent.CancellationException;
import org.eclipse.jgit.internal.transport.sshd.SshdText;
import org.eclipse.jgit.transport.SshConstants;
/**
* An abstract implementation of a username-password authentication. It can be
* given an initial known username-password pair; if so, this will be tried
* first. Subsequent rounds will then try to obtain a user name and password via
* the global {@link Authenticator}.
*
* @param <ParameterType>
* defining the parameter type for the authentication
* @param <TokenType>
* defining the token type for the authentication
*/
public abstract class BasicAuthentication<ParameterType, TokenType>
extends AbstractAuthenticationHandler<ParameterType, TokenType> {
/** The current user name. */
protected String user;
/** The current password. */
protected byte[] password;
/**
* Creates a new {@link BasicAuthentication} to authenticate with the given
* {@code proxy}.
*
* @param proxy
* {@link InetSocketAddress} of the proxy to connect to
* @param initialUser
* initial user name to try; may be {@code null}
* @param initialPassword
* initial password to try, may be {@code null}
*/
public BasicAuthentication(InetSocketAddress proxy, String initialUser,
char[] initialPassword) {
super(proxy);
this.user = initialUser;
this.password = convert(initialPassword);
}
private byte[] convert(char[] pass) {
if (pass == null) {
return new byte[0];
}
ByteBuffer bytes = UTF_8.encode(CharBuffer.wrap(pass));
byte[] pwd = new byte[bytes.remaining()];
bytes.get(pwd);
if (bytes.hasArray()) {
Arrays.fill(bytes.array(), (byte) 0);
}
Arrays.fill(pass, '\000');
return pwd;
}
/**
* Clears the {@link #password}.
*/
protected void clearPassword() {
if (password != null) {
Arrays.fill(password, (byte) 0);
}
password = new byte[0];
}
@Override
public final void close() {
clearPassword();
done = true;
}
@Override
public final void start() throws Exception {
if ((user != null && !user.isEmpty())
|| (password != null && password.length > 0)) {
return;
}
askCredentials();
}
@Override
public void process() throws Exception {
askCredentials();
}
/**
* Asks for credentials via the global {@link Authenticator}.
*/
protected void askCredentials() {
clearPassword();
PasswordAuthentication auth = AccessController.doPrivileged(
(PrivilegedAction<PasswordAuthentication>) () -> Authenticator
.requestPasswordAuthentication(proxy.getHostString(),
proxy.getAddress(), proxy.getPort(),
SshConstants.SSH_SCHEME,
SshdText.get().proxyPasswordPrompt, "Basic", //$NON-NLS-1$
null, RequestorType.PROXY));
if (auth == null) {
user = ""; //$NON-NLS-1$
throw new CancellationException(
SshdText.get().authenticationCanceled);
}
user = auth.getUserName();
password = convert(auth.getPassword());
}
}