Source Code of org.apache.synapse.securevault.SecretResolver

/*
 *  Licensed to the Apache Software Foundation (ASF) under one
 *  or more contributor license agreements.  See the NOTICE file
 *  distributed with this work for additional information
 *  regarding copyright ownership.  The ASF licenses this file
 *  to you under the Apache License, Version 2.0 (the
 *  "License"); you may not use this file except in compliance
 *  with the License.  You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing,
 *  software distributed under the License is distributed on an
 *   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 *  KIND, either express or implied.  See the License for the
 *  specific language governing permissions and limitations
 *  under the License.
 */
package org.apache.synapse.securevault;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.securevault.secret.SecretCallback;
import org.apache.synapse.securevault.secret.SecretCallbackHandler;
import org.apache.synapse.securevault.secret.SecretLoadingModule;
import org.apache.synapse.securevault.secret.SingleSecretCallback;

import java.util.ArrayList;

/**
 * Responsible for resolving secrets such as password. The secrets this SecretResolver should be
 * resolved , can be  given as protected Tokens and the use of this class can explicitly check
 * whether a token is protected.
 */
public class SecretResolver {

    private static Log log = LogFactory.getLog(SecretResolver.class);

    private boolean initialized = false;

    private final ArrayList<String> protectedTokens = new ArrayList<String>();

    private SecretLoadingModule secretLoadingModule;

    private final static String DEFAULT_PROMPT = "password > ";

    /**
     * Initializes by giving an instance of <code>SecretCallbackHandler </code> to be used to
     * retrieve secrets
     *
     * @param secretCallbackHandler <code>SecretCallbackHandler </code> instance
     */
    public void init(SecretCallbackHandler secretCallbackHandler) {

        if (initialized) {
            if (log.isDebugEnabled()) {
                log.debug("SecretResolver already has been started.");
            }
            return;
        }

        if (secretCallbackHandler == null) {
            throw new SecureVaultException("SecretResolver cannot be initialized. " +
                    "The provided SecretCallbackHandler is null", log);

        }

        this.secretLoadingModule = new SecretLoadingModule();
        this.secretLoadingModule.init(new SecretCallbackHandler[]{secretCallbackHandler});
        this.initialized = true;
    }

    /**
     * Resolved given password using an instance of a PasswordProvider
     *
     * @param encryptedPassword Encrypted password
     * @return resolved password
     */
    public String resolve(String encryptedPassword) {

        return resolve(encryptedPassword, DEFAULT_PROMPT);
    }

    /**
     * Resolved given password using an instance of a PasswordProvider
     *
     * @param encryptedPassword Encrypted password
     * @param prompt            to be used to interact with user
     * @return resolved password
     */
    public String resolve(String encryptedPassword, String prompt) {

        assertInitialized();

        if (encryptedPassword == null || "".equals(encryptedPassword)) {
            if (log.isDebugEnabled()) {
                log.debug("Given Encrypted Password is empty or null. Returning itself");
            }
            return encryptedPassword;
        }

        SingleSecretCallback secretCallback = new SingleSecretCallback(encryptedPassword);

        secretCallback.setPrompt(prompt);

        secretLoadingModule.load(new SecretCallback[]{secretCallback});

        String plainText = secretCallback.getSecret();

        return plainText;
    }

    /**
     * Registers a token as a Protected Token
     *
     * @param token <code>String</code> representation of a token
     */
    public void addProtectedToken(String token) {
        assertInitialized();
        if (token != null && !"".equals(token)) {
            protectedTokens.add(token.trim());
        }
    }

    /**
     * Checks whether a token is a Protected Token
     *
     * @param token <code>String</code> representation of a token
     * @return <code>true</code> if the token is a Protected Token
     */
    public boolean isTokenProtected(String token) {
        assertInitialized();
        return token != null && !"".equals(token) && protectedTokens.contains(token.trim());
    }

    /**
     * Checks the state of the rule engine.
     * It is recommended to check state of the this component prior to access any methods of this
     *
     * @return <code>true<code> if the rule engine has been initialized
     */
    public boolean isInitialized() {
        return initialized;
    }

    private void assertInitialized() {
        if (!initialized) {
            throw new SecureVaultException("SecretResolver has not been initialized, " +
                    "it requires to be initialized, with the required " +
                    "configurations before starting", log);
        }
    }

    /**
     * Shutdown the secret resolver
     */
    public void shutDown() {
        initialized = false;
        secretLoadingModule = null;
        protectedTokens.clear();
    }
}