8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster/**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The contents of this file are subject to the terms
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of the Common Development and Distribution License
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * (the License). You may not use this file except in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * compliance with the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * You can obtain a copy of the License at
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * opensso/legal/CDDLv1.0.txt
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * See the License for the specific language governing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * permission and limitations under the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When distributing Covered Code, include this CDDL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Header Notice in each file and include the License file
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * at opensso/legal/CDDLv1.0.txt.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If applicable, add the following below the CDDL Header,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with the fields enclosed by brackets [] replaced by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * your own identifying information:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * $Id: AMCrypt.java,v 1.2 2008/06/25 05:41:19 qcheng Exp $
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterpackage com.iplanet.am.sdk;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.security.AccessController;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.util.HashSet;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.util.Iterator;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.util.Map;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.util.Set;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.security.DecodeAction;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.security.EncodeAction;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.sm.AttributeSchema;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.sm.ServiceSchema;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster// Just for code-review reference. Implementation has not changed.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster/**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This class has methods to encrypt and decrypt password attributes.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterpublic class AMCrypt {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static Map encryptPasswords(Map attributes,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceSchema serviceSchema) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (serviceSchema == null || attributes == null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return attributes;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Iterator iter = attributes.keySet().iterator();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster while (iter.hasNext()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String attributeName = (String) (iter.next());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AttributeSchema as = serviceSchema
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster .getAttributeSchema(attributeName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (as != null
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster && (as.getSyntax().equals(AttributeSchema.Syntax.PASSWORD)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster || as.getSyntax().equals(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AttributeSchema.Syntax.ENCRYPTED_PASSWORD)))
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set valueSet = (Set) (attributes.get(attributeName));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (valueSet != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster HashSet tmpValueSet = new HashSet(valueSet);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster valueSet.clear();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Iterator valIter = tmpValueSet.iterator();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster while (valIter.hasNext()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String value = (String) valIter.next();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (value != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster value = (String) AccessController
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster .doPrivileged(new EncodeAction(value));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster valueSet.add(value);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return attributes;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static Map decryptPasswords(Map attributes,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceSchema serviceSchema) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (serviceSchema == null || attributes == null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return attributes;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Iterator iter = attributes.keySet().iterator();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster while (iter.hasNext()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String attributeName = (String) (iter.next());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AttributeSchema as = serviceSchema
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster .getAttributeSchema(attributeName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (as != null
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster && (as.getSyntax().equals(AttributeSchema.Syntax.PASSWORD)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster || as.getSyntax().equals(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AttributeSchema.Syntax.ENCRYPTED_PASSWORD)))
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set valueSet = (Set) (attributes.get(attributeName));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (valueSet != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster HashSet tmpValueSet = new HashSet(valueSet);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster valueSet.clear();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Iterator valIter = tmpValueSet.iterator();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster while (valIter.hasNext()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String value = (String) valIter.next();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (value != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster value = (String) AccessController
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster .doPrivileged(new DecodeAction(value));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster valueSet.add(value);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return attributes;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static Set decryptPasswords(Set values, String attributeName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceSchema serviceSchema) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (values == null || values.isEmpty()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return values;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AttributeSchema as = serviceSchema.getAttributeSchema(attributeName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (as == null
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster || (!as.getSyntax().equals(AttributeSchema.Syntax.PASSWORD) &&
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster !as.getSyntax().equals(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AttributeSchema.Syntax.ENCRYPTED_PASSWORD))) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return values;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster HashSet result = new HashSet();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Iterator iter = values.iterator();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster while (iter.hasNext()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String value = (String) iter.next();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (value != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster value = (String) AccessController
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster .doPrivileged(new DecodeAction(value));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster result.add(value);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return result;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster}