identity/security/DecodeAction.java

/*
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 *
 * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
 *
 * The contents of this file are subject to the terms
 * of the Common Development and Distribution License
 * (the License). You may not use this file except in
 * compliance with the License.
 *
 * You can obtain a copy of the License at
 * https://opensso.dev.java.net/public/CDDLv1.0.html or
 * opensso/legal/CDDLv1.0.txt
 * See the License for the specific language governing
 * permission and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL
 * Header Notice in each file and include the License file
 * at opensso/legal/CDDLv1.0.txt.
 * If applicable, add the following below the CDDL Header,
 * with the fields enclosed by brackets [] replaced by
 * your own identifying information:
 * "Portions Copyrighted [year] [name of copyright owner]"
 *
 * $Id: DecodeAction.java,v 1.4 2008/08/19 19:14:55 veiming Exp $
 *
 * Portions Copyrighted 2011-2015 ForgeRock AS.
 */

package com.sun.identity.security;

import java.security.PrivilegedAction;

import com.iplanet.services.util.AMEncryption;
import com.iplanet.services.util.Crypt;

/**
 *
 * The class is used to perform privileged operations with
 * <code>AccessController.doPrivileged()
 * </code> when using
 * <code> com.iplanet.services.util.Crypt</code> to decode passwords. Ths class
 * implements the interface <code>
 * PrivilegedAction </code> with a non-default
 * constructor. This class should be used in order to perform the privileged
 * operation of <code> com.iplanet.services.util.Crypt.decode/decrypt()</code>.
 *
 * <PRE>
 *
 * This line of code: String decStr =
 * com.iplanet.services.util.Crypt.decode(str) should be replaced with: String
 * decStr = (String) AccessController.doPrivileged( new DecodeAction(str)); If
 * this is not done and Java security permissions check is enabled, then the
 * operation will fail and return a null every time.
 *
 * Note: Java security permissions check for OpenAM can be enabled by
 * setting the property <code>com.sun.identity.security.checkcaller</code> to
 * true in AMConfig properties file.
 *
 * </PRE>
 *
 * @supported.all.api
 */
public class DecodeAction implements PrivilegedAction<String> {

    protected String value;
    protected AMEncryption encr;

    /**
     * Non default constructor to be used when a <code>doPrivileged()</code>
     * is performed for the decryption operations.
     *
     * @param svalue
     *            Value of string to be encoded/decoded
     *
     */
    public DecodeAction(String svalue) {
        super();
        value = svalue;
    }

    /**
     * @param value
     *            Value to be decoded
     * @param encrKey
     *            Encryption object to be used for decoding
     */
    public DecodeAction(String value, AMEncryption encrKey) {
        super();
        this.value = value;
        this.encr = encrKey;
    }

    /*
     * (non-Javadoc)
     *
     * @see java.security.PrivilegedAction#run()
     */
    public String run() {
        if (encr != null) {
            return Crypt.decode(value, encr);
        } else {
            return Crypt.decode(value);
        }
    }

}