identity/security/EncodeAction.java

a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington/*
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * The contents of this file are subject to the terms
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * of the Common Development and Distribution License
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * (the License). You may not use this file except in
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * compliance with the License.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * You can obtain a copy of the License at
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * opensso/legal/CDDLv1.0.txt
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * See the License for the specific language governing
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * permission and limitations under the License.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * When distributing Covered Code, include this CDDL
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * Header Notice in each file and include the License file
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * at opensso/legal/CDDLv1.0.txt.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * If applicable, add the following below the CDDL Header,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * with the fields enclosed by brackets [] replaced by
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * your own identifying information:
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * $Id: EncodeAction.java,v 1.4 2008/08/19 19:14:56 veiming Exp $
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington * Portions Copyrighted 2011-2015 ForgeRock AS.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster */
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterpackage com.sun.identity.security;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport java.security.PrivilegedAction;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport com.iplanet.services.util.AMEncryption;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterimport com.iplanet.services.util.Crypt;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster/**
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * The class is used to perform privileged operation with
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * <code>AccessController.doPrivileged()
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * </code> when using
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * <code> com.iplanet.services.util.Crypt</code> to encode passwords. Ths class
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * implements the interface <code>
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * PrivilegedAction </code> with a non-default
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * constructor. This class should be used in order to perform the privileged
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * operation of
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * <code> com.iplanet.services.util.Crypt.encode/encrypt(str)</code>.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * <PRE>
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * This line of code: String encStr =
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * com.iplanet.services.util.Crypt.encode(str) should be replaced with: String
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * encStr = (String) AccessController.doPrivileged( new EncodeAction(str)); If
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * this is not done and Java security permissions check is enabled, then the
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee * operation will fail and return a null every time.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee * Note: Java security permissions check for OpenAM can be enabled by
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * setting the property <code>com.sun.identity.security.checkcaller</code> to
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * true in AMConfig properties file.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * </PRE>
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster * @supported.all.api
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster */
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Fosterpublic class EncodeAction implements PrivilegedAction<String> {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    protected String value;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    protected boolean useSpecifiedKey = false;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    protected AMEncryption encr;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    /**
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * Non default constructor to be used when a <code>doPrivileged()</code>
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * is performed for the encryption operations.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * @param svalue
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     *            Value of string to be encoded/decoded
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     */
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    public EncodeAction(String svalue) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        super();
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        value = svalue;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    /**
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * Non default constructor to be used when a <code>doPrivileged()</code>
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * is performed.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * @param svalue
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     *            Value to be encoded
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * @param encrKey
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     *            <code>AMEncryption</code> Object to be used
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     */
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    public EncodeAction(String svalue, AMEncryption encrKey) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        super();
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        value = svalue;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        useSpecifiedKey = true;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        encr = encrKey;
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    /*
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * (non-Javadoc)
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     *
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     * @see java.security.PrivilegedAction#run()
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster     */
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    public String run() {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        if (useSpecifiedKey) {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            return Crypt.encode(value, encr);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        } else {
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster            return Crypt.encode(value);
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster        }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster    }
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster}