org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/PasswordProviderWrapper.java - jgit - Git at Google

 /*
  * Copyright (C) 2018, 2020 Thomas Wolf <thomas.wolf@paranor.ch> and others
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Distribution License v. 1.0 which is available at
  * https://www.eclipse.org/org/documents/edl-v10.php.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
 package org.eclipse.jgit.internal.transport.sshd;

 import static org.apache.sshd.core.CoreModuleProperties.PASSWORD_PROMPTS;

 import java.io.IOException;
 import java.net.URISyntaxException;
 import java.security.GeneralSecurityException;
 import java.util.Arrays;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.atomic.AtomicInteger;
 import java.util.function.Supplier;

 import org.apache.sshd.common.AttributeRepository.AttributeKey;
 import org.apache.sshd.common.NamedResource;
 import org.apache.sshd.common.config.keys.FilePasswordProvider;
 import org.apache.sshd.common.session.SessionContext;
 import org.eclipse.jgit.annotations.NonNull;
 import org.eclipse.jgit.transport.CredentialsProvider;
 import org.eclipse.jgit.transport.URIish;
 import org.eclipse.jgit.transport.sshd.KeyPasswordProvider;

 /**
  * A bridge from sshd's {@link FilePasswordProvider} to our per-session
  * {@link KeyPasswordProvider} API.
  */
 public class PasswordProviderWrapper implements FilePasswordProvider {

 	private static final AttributeKey<PerSessionState> STATE = new AttributeKey<>();

 	private static class PerSessionState {

 		Map<String, AtomicInteger> counts = new ConcurrentHashMap<>();

 		KeyPasswordProvider delegate;

 	}

 	private final Supplier<KeyPasswordProvider> factory;

 	/**
 	 * Creates a new {@link PasswordProviderWrapper}.
 	 *
 	 * @param factory
 	 *            to use to create per-session {@link KeyPasswordProvider}s
 	 */
 	public PasswordProviderWrapper(
 			@NonNull Supplier<KeyPasswordProvider> factory) {
 		this.factory = factory;
 	}

 	private PerSessionState getState(SessionContext context) {
 		PerSessionState state = context.getAttribute(STATE);
 		if (state == null) {
 			state = new PerSessionState();
 			state.delegate = factory.get();
 			state.delegate.setAttempts(
 					PASSWORD_PROMPTS.getRequiredDefault().intValue());
 			context.setAttribute(STATE, state);
 		}
 		return state;
 	}

 	@Override
 	public String getPassword(SessionContext session, NamedResource resource,
 			int attemptIndex) throws IOException {
 		String key = resource.getName();
 		PerSessionState state = getState(session);
 		int attempt = state.counts
 				.computeIfAbsent(key, k -> new AtomicInteger()).get();
 		char[] passphrase = state.delegate.getPassphrase(toUri(key), attempt);
 		if (passphrase == null) {
 			return null;
 		}
 		try {
 			return new String(passphrase);
 		} finally {
 			Arrays.fill(passphrase, '\000');
 		}
 	}

 	@Override
 	public ResourceDecodeResult handleDecodeAttemptResult(
 			SessionContext session, NamedResource resource, int retryIndex,
 			String password, Exception err)
 			throws IOException, GeneralSecurityException {
 		String key = resource.getName();
 		PerSessionState state = getState(session);
 		AtomicInteger count = state.counts.get(key);
 		int numberOfAttempts = count == null ? 0 : count.incrementAndGet();
 		ResourceDecodeResult result = null;
 		try {
 			if (state.delegate.keyLoaded(toUri(key), numberOfAttempts, err)) {
 				result = ResourceDecodeResult.RETRY;
 			} else {
 				result = ResourceDecodeResult.TERMINATE;
 			}
 		} finally {
 			if (result != ResourceDecodeResult.RETRY) {
 				state.counts.remove(key);
 			}
 		}
 		return result;
 	}

 	/**
 	 * Creates a {@link URIish} from a given string. The
 	 * {@link CredentialsProvider} uses uris as resource identifications.
 	 *
 	 * @param resourceKey
 	 *            to convert
 	 * @return the uri
 	 */
 	private URIish toUri(String resourceKey) {
 		try {
 			return new URIish(resourceKey);
 		} catch (URISyntaxException e) {
 			return new URIish().setPath(resourceKey); // Doesn't check!!
 		}
 	}

 }
	/*
	* Copyright (C) 2018, 2020 Thomas Wolf <thomas.wolf@paranor.ch> and others
	*
	* This program and the accompanying materials are made available under the
	* terms of the Eclipse Distribution License v. 1.0 which is available at
	* https://www.eclipse.org/org/documents/edl-v10.php.
	*
	* SPDX-License-Identifier: BSD-3-Clause
	*/
	package org.eclipse.jgit.internal.transport.sshd;

	import static org.apache.sshd.core.CoreModuleProperties.PASSWORD_PROMPTS;

	import java.io.IOException;
	import java.net.URISyntaxException;
	import java.security.GeneralSecurityException;
	import java.util.Arrays;
	import java.util.Map;
	import java.util.concurrent.ConcurrentHashMap;
	import java.util.concurrent.atomic.AtomicInteger;
	import java.util.function.Supplier;

	import org.apache.sshd.common.AttributeRepository.AttributeKey;
	import org.apache.sshd.common.NamedResource;
	import org.apache.sshd.common.config.keys.FilePasswordProvider;
	import org.apache.sshd.common.session.SessionContext;
	import org.eclipse.jgit.annotations.NonNull;
	import org.eclipse.jgit.transport.CredentialsProvider;
	import org.eclipse.jgit.transport.URIish;
	import org.eclipse.jgit.transport.sshd.KeyPasswordProvider;

	/**
	* A bridge from sshd's {@link FilePasswordProvider} to our per-session
	* {@link KeyPasswordProvider} API.
	*/
	public class PasswordProviderWrapper implements FilePasswordProvider {

	private static final AttributeKey<PerSessionState> STATE = new AttributeKey<>();

	private static class PerSessionState {

	Map<String, AtomicInteger> counts = new ConcurrentHashMap<>();

	KeyPasswordProvider delegate;

	}

	private final Supplier<KeyPasswordProvider> factory;

	/**
	* Creates a new {@link PasswordProviderWrapper}.
	*
	* @param factory
	* to use to create per-session {@link KeyPasswordProvider}s
	*/
	public PasswordProviderWrapper(
	@NonNull Supplier<KeyPasswordProvider> factory) {
	this.factory = factory;
	}

	private PerSessionState getState(SessionContext context) {
	PerSessionState state = context.getAttribute(STATE);
	if (state == null) {
	state = new PerSessionState();
	state.delegate = factory.get();
	state.delegate.setAttempts(
	PASSWORD_PROMPTS.getRequiredDefault().intValue());
	context.setAttribute(STATE, state);
	}
	return state;
	}

	@Override
	public String getPassword(SessionContext session, NamedResource resource,
	int attemptIndex) throws IOException {
	String key = resource.getName();
	PerSessionState state = getState(session);
	int attempt = state.counts
	.computeIfAbsent(key, k -> new AtomicInteger()).get();
	char[] passphrase = state.delegate.getPassphrase(toUri(key), attempt);
	if (passphrase == null) {
	return null;
	}
	try {
	return new String(passphrase);
	} finally {
	Arrays.fill(passphrase, '\000');
	}
	}

	@Override
	public ResourceDecodeResult handleDecodeAttemptResult(
	SessionContext session, NamedResource resource, int retryIndex,
	String password, Exception err)
	throws IOException, GeneralSecurityException {
	String key = resource.getName();
	PerSessionState state = getState(session);
	AtomicInteger count = state.counts.get(key);
	int numberOfAttempts = count == null ? 0 : count.incrementAndGet();
	ResourceDecodeResult result = null;
	try {
	if (state.delegate.keyLoaded(toUri(key), numberOfAttempts, err)) {
	result = ResourceDecodeResult.RETRY;
	} else {
	result = ResourceDecodeResult.TERMINATE;
	}
	} finally {
	if (result != ResourceDecodeResult.RETRY) {
	state.counts.remove(key);
	}
	}
	return result;
	}

	/**
	* Creates a {@link URIish} from a given string. The
	* {@link CredentialsProvider} uses uris as resource identifications.
	*
	* @param resourceKey
	* to convert
	* @return the uri
	*/
	private URIish toUri(String resourceKey) {
	try {
	return new URIish(resourceKey);
	} catch (URISyntaxException e) {
	return new URIish().setPath(resourceKey); // Doesn't check!!
	}
	}

	}