github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/GitHubOAuthConfig.java - plugins/github - Git at Google

 // Copyright (C) 2013 The Android Open Source Project
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 // http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package com.googlesource.gerrit.plugins.github.oauth;

 import static com.googlesource.gerrit.plugins.github.oauth.CanonicalWebUrls.trimTrailingSlash;
 import static com.googlesource.gerrit.plugins.github.oauth.GitHubOAuthConfig.KeyConfig.PASSWORD_DEVICE_CONFIG_LABEL;

 import com.google.common.base.MoreObjects;
 import com.google.common.base.Preconditions;
 import com.google.common.base.Strings;
 import com.google.common.collect.ImmutableSortedMap;
 import com.google.gerrit.extensions.client.AuthType;
 import com.google.gerrit.server.config.ConfigUtil;
 import com.google.gerrit.server.config.GerritServerConfig;
 import com.google.inject.Inject;
 import com.google.inject.Singleton;
 import com.googlesource.gerrit.plugins.github.oauth.OAuthProtocol.Scope;
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.util.ArrayList;
 import java.util.Comparator;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
 import java.util.SortedMap;
 import java.util.concurrent.TimeUnit;
 import java.util.function.Function;
 import java.util.stream.Collectors;
 import lombok.Getter;
 import org.eclipse.jgit.lib.Config;

 @Singleton
 public class GitHubOAuthConfig {
   private final Config config;

   public static final String CONF_SECTION = "github";
   public static final String CONF_KEY_SECTION = "github-key";
   public static final String GITHUB_OAUTH_AUTHORIZE = "/login/oauth/authorize";
   public static final String GITHUB_OAUTH_ACCESS_TOKEN = "/login/oauth/access_token";
   public static final String GERRIT_OAUTH_FINAL = "/oauth";
   public static final String GITHUB_URL_DEFAULT = "https://github.com";
   public static final String GITHUB_API_URL_DEFAULT = "https://api.github.com";
   public static final String GERRIT_LOGIN = "/login";
   public static final String GERRIT_LOGOUT = "/logout";
   public static final String GITHUB_PLUGIN_OAUTH_SCOPE = "/plugins/github-plugin/static/scope.html";
   public static final ScopeKey GITHUB_DEFAULT_SCOPES_KEY = new ScopeKey("scopes", null, 0);

   public final String gitHubUrl;
   public final String gitHubApiUrl;
   public final String gitHubClientId;
   public final String gitHubClientSecret;
   public final String logoutRedirectUrl;
   public final String httpHeader;
   public final String gitHubOAuthUrl;
   public final String gitHubOAuthAccessTokenUrl;
   public final String scopeSelectionUrl;
   public final boolean enabled;

   @Getter public final SortedMap<ScopeKey, List<OAuthProtocol.Scope>> scopes;
   @Getter public final Map<String, SortedMap<ScopeKey, List<OAuthProtocol.Scope>>> virtualScopes;

   public final int fileUpdateMaxRetryCount;
   public final int fileUpdateMaxRetryIntervalMsec;
   public final String oauthHttpHeader;

   public final long httpConnectionTimeout;
   public final long httpReadTimeout;
   private final Map<String, KeyConfig> keyConfigMap;
   private final KeyConfig currentKeyConfig;
   private final Optional<String> cookieDomain;

   @Inject
   protected GitHubOAuthConfig(@GerritServerConfig Config config) {
     this.config = config;

     httpHeader =
         Preconditions.checkNotNull(
             config.getString("auth", null, "httpHeader"),
             "HTTP Header for GitHub user must be provided");
     gitHubUrl =
         trimTrailingSlash(
             MoreObjects.firstNonNull(
                 config.getString(CONF_SECTION, null, "url"), GITHUB_URL_DEFAULT));
     gitHubApiUrl =
         trimTrailingSlash(
             MoreObjects.firstNonNull(
                 config.getString(CONF_SECTION, null, "apiUrl"), GITHUB_API_URL_DEFAULT));
     gitHubClientId =
         Preconditions.checkNotNull(
             config.getString(CONF_SECTION, null, "clientId"), "GitHub `clientId` must be provided");
     gitHubClientSecret =
         Preconditions.checkNotNull(
             config.getString(CONF_SECTION, null, "clientSecret"),
             "GitHub `clientSecret` must be provided");
     scopeSelectionUrl = config.getString(CONF_SECTION, null, "scopeSelectionUrl");

     oauthHttpHeader = config.getString("auth", null, "httpExternalIdHeader");
     gitHubOAuthUrl = gitHubUrl + GITHUB_OAUTH_AUTHORIZE;
     gitHubOAuthAccessTokenUrl = gitHubUrl + GITHUB_OAUTH_ACCESS_TOKEN;
     logoutRedirectUrl = config.getString(CONF_SECTION, null, "logoutRedirectUrl");

     enabled = config.getString("auth", null, "type").equalsIgnoreCase(AuthType.HTTP.toString());
     cookieDomain = Optional.ofNullable(config.getString("auth", null, "cookieDomain"));
     scopes = getScopes(config);
     virtualScopes = getVirtualScopes(config);

     fileUpdateMaxRetryCount = config.getInt(CONF_SECTION, "fileUpdateMaxRetryCount", 3);
     fileUpdateMaxRetryIntervalMsec =
         config.getInt(CONF_SECTION, "fileUpdateMaxRetryIntervalMsec", 3000);

     httpConnectionTimeout =
         TimeUnit.MILLISECONDS.convert(
             ConfigUtil.getTimeUnit(
                 config, CONF_SECTION, null, "httpConnectionTimeout", 30, TimeUnit.SECONDS),
             TimeUnit.SECONDS);

     httpReadTimeout =
         TimeUnit.MILLISECONDS.convert(
             ConfigUtil.getTimeUnit(
                 config, CONF_SECTION, null, "httpReadTimeout", 30, TimeUnit.SECONDS),
             TimeUnit.SECONDS);

     Map<String, KeyConfig> configuredKeyConfig =
         config.getSubsections(CONF_KEY_SECTION).stream()
             .map(KeyConfig::new)
             .collect(Collectors.toMap(KeyConfig::getKeyId, Function.identity()));
     keyConfigMap = configuredKeyConfig;
     List<KeyConfig> currentKeyConfigs =
         keyConfigMap.values().stream().filter(KeyConfig::isCurrent).collect(Collectors.toList());
     if (currentKeyConfigs.size() != 1) {
       throw new IllegalStateException(
           String.format(
               "Expected exactly 1 subsection of '%s' to be configured as 'current', %d found",
               CONF_KEY_SECTION, currentKeyConfigs.size()));
     }
     currentKeyConfig = currentKeyConfigs.get(0);
   }

   private SortedMap<ScopeKey, List<Scope>> getScopes(Config config) {
     return getScopesInSection(config, null);
   }

   private Map<String, SortedMap<ScopeKey, List<Scope>>> getVirtualScopes(Config config) {
     return config.getSubsections(CONF_SECTION).stream()
         .collect(Collectors.toMap(k -> k, v -> getScopesInSection(config, v)));
   }

   private SortedMap<ScopeKey, List<Scope>> getScopesInSection(Config config, String subsection) {
     return config.getNames(CONF_SECTION, subsection, true).stream()
         .filter(k -> k.startsWith("scopes"))
         .filter(k -> !k.endsWith("Description"))
         .filter(k -> !k.endsWith("Sequence"))
         .collect(
             ImmutableSortedMap.toImmutableSortedMap(
                 Comparator.comparing(ScopeKey::getSequence),
                 k ->
                     new ScopeKey(
                         k,
                         config.getString(CONF_SECTION, subsection, k + "Description"),
                         config.getInt(CONF_SECTION, subsection, k + "Sequence", 0)),
                 v -> parseScopesString(config.getString(CONF_SECTION, subsection, v))));
   }

   private List<Scope> parseScopesString(String scopesString) {
     ArrayList<Scope> result = new ArrayList<>();
     if (Strings.emptyToNull(scopesString) != null) {
       String[] scopesStrings = scopesString.split(",");
       for (String scope : scopesStrings) {
         result.add(Enum.valueOf(Scope.class, scope.trim()));
       }
     }

     return result;
   }

   public Scope[] getDefaultScopes() {
     if (scopes == null || scopes.get(GITHUB_DEFAULT_SCOPES_KEY) == null) {
       return new Scope[0];
     }
     return scopes.get(GITHUB_DEFAULT_SCOPES_KEY).toArray(new Scope[0]);
   }

   public KeyConfig getCurrentKeyConfig() {
     return currentKeyConfig;
   }

   public KeyConfig getKeyConfig(String subsection) {
     return keyConfigMap.get(subsection);
   }

   public Optional<String> getCookieDomain() {
     return cookieDomain;
   }

   public class KeyConfig {

     public static final int PASSWORD_LENGTH_DEFAULT = 16;
     public static final String CIPHER_ALGORITHM_DEFAULT = "AES/ECB/PKCS5Padding";
     public static final String SECRET_KEY_ALGORITHM_DEFAULT = "AES";
     public static final boolean IS_CURRENT_DEFAULT = false;
     public static final String KEY_ID_DEFAULT = "current";

     public static final String PASSWORD_DEVICE_CONFIG_LABEL = "passwordDevice";
     public static final String PASSWORD_LENGTH_CONFIG_LABEL = "passwordLength";
     public static final String SECRET_KEY_CONFIG_LABEL = "secretKeyAlgorithm";
     public static final String CIPHER_ALGO_CONFIG_LABEL = "cipherAlgorithm";
     public static final String CURRENT_CONFIG_LABEL = "current";

     public static final String KEY_DELIMITER = ":";

     private final String passwordDevice;
     private final Integer passwordLength;
     private final String cipherAlgorithm;
     private final String secretKeyAlgorithm;
     private final String keyId;
     private final Boolean isCurrent;

     KeyConfig(String keyId) {

       if (keyId.contains(KEY_DELIMITER)) {
         throw new IllegalStateException(
             String.format(
                 "Configuration error. %s.%s should not contain '%s'",
                 CONF_KEY_SECTION, keyId, KEY_DELIMITER));
       }

       this.passwordDevice = trimTrailingSlash(getPasswordDeviceOrThrow(config, keyId));
       this.passwordLength =
           config.getInt(
               CONF_KEY_SECTION, keyId, PASSWORD_LENGTH_CONFIG_LABEL, PASSWORD_LENGTH_DEFAULT);
       isCurrent =
           config.getBoolean(CONF_KEY_SECTION, keyId, CURRENT_CONFIG_LABEL, IS_CURRENT_DEFAULT);

       this.cipherAlgorithm =
           MoreObjects.firstNonNull(
               config.getString(CONF_KEY_SECTION, keyId, CIPHER_ALGO_CONFIG_LABEL),
               CIPHER_ALGORITHM_DEFAULT);

       this.secretKeyAlgorithm =
           MoreObjects.firstNonNull(
               config.getString(CONF_KEY_SECTION, keyId, SECRET_KEY_CONFIG_LABEL),
               SECRET_KEY_ALGORITHM_DEFAULT);
       this.keyId = keyId;
     }

     public byte[] readPassword() throws IOException {
       Path devicePath = Paths.get(passwordDevice);
       try (FileInputStream in = new FileInputStream(devicePath.toFile())) {
         byte[] passphrase = new byte[passwordLength];
         if (in.read(passphrase) < passwordLength) {
           throw new IOException("End of password device has already been reached");
         }

         return passphrase;
       }
     }

     public String getCipherAlgorithm() {
       return cipherAlgorithm;
     }

     public String getSecretKeyAlgorithm() {
       return secretKeyAlgorithm;
     }

     public Boolean isCurrent() {
       return isCurrent;
     }

     public String getKeyId() {
       return keyId;
     }
   }

   /**
    * Method returns the password device value for a given {@code keyId}.
    *
    * @throws {@link IllegalStateException} when password device is not configured for {@code keyId}
    */
   private static String getPasswordDeviceOrThrow(Config config, String keyId) {
     String passwordDevice =
         config.getString(CONF_KEY_SECTION, keyId, KeyConfig.PASSWORD_DEVICE_CONFIG_LABEL);
     if (Strings.isNullOrEmpty(passwordDevice)) {
       throw new IllegalStateException(
           String.format(
               "Configuration error. Missing %s.%s for key-id '%s'",
               CONF_KEY_SECTION, PASSWORD_DEVICE_CONFIG_LABEL, keyId));
     }

     return passwordDevice;
   }
 }
	// Copyright (C) 2013 The Android Open Source Project
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.
	package com.googlesource.gerrit.plugins.github.oauth;

	import static com.googlesource.gerrit.plugins.github.oauth.CanonicalWebUrls.trimTrailingSlash;
	import static com.googlesource.gerrit.plugins.github.oauth.GitHubOAuthConfig.KeyConfig.PASSWORD_DEVICE_CONFIG_LABEL;

	import com.google.common.base.MoreObjects;
	import com.google.common.base.Preconditions;
	import com.google.common.base.Strings;
	import com.google.common.collect.ImmutableSortedMap;
	import com.google.gerrit.extensions.client.AuthType;
	import com.google.gerrit.server.config.ConfigUtil;
	import com.google.gerrit.server.config.GerritServerConfig;
	import com.google.inject.Inject;
	import com.google.inject.Singleton;
	import com.googlesource.gerrit.plugins.github.oauth.OAuthProtocol.Scope;
	import java.io.FileInputStream;
	import java.io.IOException;
	import java.nio.file.Path;
	import java.nio.file.Paths;
	import java.util.ArrayList;
	import java.util.Comparator;
	import java.util.List;
	import java.util.Map;
	import java.util.Optional;
	import java.util.SortedMap;
	import java.util.concurrent.TimeUnit;
	import java.util.function.Function;
	import java.util.stream.Collectors;
	import lombok.Getter;
	import org.eclipse.jgit.lib.Config;

	@Singleton
	public class GitHubOAuthConfig {
	private final Config config;

	public static final String CONF_SECTION = "github";
	public static final String CONF_KEY_SECTION = "github-key";
	public static final String GITHUB_OAUTH_AUTHORIZE = "/login/oauth/authorize";
	public static final String GITHUB_OAUTH_ACCESS_TOKEN = "/login/oauth/access_token";
	public static final String GERRIT_OAUTH_FINAL = "/oauth";
	public static final String GITHUB_URL_DEFAULT = "https://github.com";
	public static final String GITHUB_API_URL_DEFAULT = "https://api.github.com";
	public static final String GERRIT_LOGIN = "/login";
	public static final String GERRIT_LOGOUT = "/logout";
	public static final String GITHUB_PLUGIN_OAUTH_SCOPE = "/plugins/github-plugin/static/scope.html";
	public static final ScopeKey GITHUB_DEFAULT_SCOPES_KEY = new ScopeKey("scopes", null, 0);

	public final String gitHubUrl;
	public final String gitHubApiUrl;
	public final String gitHubClientId;
	public final String gitHubClientSecret;
	public final String logoutRedirectUrl;
	public final String httpHeader;
	public final String gitHubOAuthUrl;
	public final String gitHubOAuthAccessTokenUrl;
	public final String scopeSelectionUrl;
	public final boolean enabled;

	@Getter public final SortedMap<ScopeKey, List<OAuthProtocol.Scope>> scopes;
	@Getter public final Map<String, SortedMap<ScopeKey, List<OAuthProtocol.Scope>>> virtualScopes;

	public final int fileUpdateMaxRetryCount;
	public final int fileUpdateMaxRetryIntervalMsec;
	public final String oauthHttpHeader;

	public final long httpConnectionTimeout;
	public final long httpReadTimeout;
	private final Map<String, KeyConfig> keyConfigMap;
	private final KeyConfig currentKeyConfig;
	private final Optional<String> cookieDomain;

	@Inject
	protected GitHubOAuthConfig(@GerritServerConfig Config config) {
	this.config = config;

	httpHeader =
	Preconditions.checkNotNull(
	config.getString("auth", null, "httpHeader"),
	"HTTP Header for GitHub user must be provided");
	gitHubUrl =
	trimTrailingSlash(
	MoreObjects.firstNonNull(
	config.getString(CONF_SECTION, null, "url"), GITHUB_URL_DEFAULT));
	gitHubApiUrl =
	trimTrailingSlash(
	MoreObjects.firstNonNull(
	config.getString(CONF_SECTION, null, "apiUrl"), GITHUB_API_URL_DEFAULT));
	gitHubClientId =
	Preconditions.checkNotNull(
	config.getString(CONF_SECTION, null, "clientId"), "GitHub `clientId` must be provided");
	gitHubClientSecret =
	Preconditions.checkNotNull(
	config.getString(CONF_SECTION, null, "clientSecret"),
	"GitHub `clientSecret` must be provided");
	scopeSelectionUrl = config.getString(CONF_SECTION, null, "scopeSelectionUrl");

	oauthHttpHeader = config.getString("auth", null, "httpExternalIdHeader");
	gitHubOAuthUrl = gitHubUrl + GITHUB_OAUTH_AUTHORIZE;
	gitHubOAuthAccessTokenUrl = gitHubUrl + GITHUB_OAUTH_ACCESS_TOKEN;
	logoutRedirectUrl = config.getString(CONF_SECTION, null, "logoutRedirectUrl");

	enabled = config.getString("auth", null, "type").equalsIgnoreCase(AuthType.HTTP.toString());
	cookieDomain = Optional.ofNullable(config.getString("auth", null, "cookieDomain"));
	scopes = getScopes(config);
	virtualScopes = getVirtualScopes(config);

	fileUpdateMaxRetryCount = config.getInt(CONF_SECTION, "fileUpdateMaxRetryCount", 3);
	fileUpdateMaxRetryIntervalMsec =
	config.getInt(CONF_SECTION, "fileUpdateMaxRetryIntervalMsec", 3000);

	httpConnectionTimeout =
	TimeUnit.MILLISECONDS.convert(
	ConfigUtil.getTimeUnit(
	config, CONF_SECTION, null, "httpConnectionTimeout", 30, TimeUnit.SECONDS),
	TimeUnit.SECONDS);

	httpReadTimeout =
	TimeUnit.MILLISECONDS.convert(
	ConfigUtil.getTimeUnit(
	config, CONF_SECTION, null, "httpReadTimeout", 30, TimeUnit.SECONDS),
	TimeUnit.SECONDS);

	Map<String, KeyConfig> configuredKeyConfig =
	config.getSubsections(CONF_KEY_SECTION).stream()
	.map(KeyConfig::new)
	.collect(Collectors.toMap(KeyConfig::getKeyId, Function.identity()));
	keyConfigMap = configuredKeyConfig;
	List<KeyConfig> currentKeyConfigs =
	keyConfigMap.values().stream().filter(KeyConfig::isCurrent).collect(Collectors.toList());
	if (currentKeyConfigs.size() != 1) {
	throw new IllegalStateException(
	String.format(
	"Expected exactly 1 subsection of '%s' to be configured as 'current', %d found",
	CONF_KEY_SECTION, currentKeyConfigs.size()));
	}
	currentKeyConfig = currentKeyConfigs.get(0);
	}

	private SortedMap<ScopeKey, List<Scope>> getScopes(Config config) {
	return getScopesInSection(config, null);
	}

	private Map<String, SortedMap<ScopeKey, List<Scope>>> getVirtualScopes(Config config) {
	return config.getSubsections(CONF_SECTION).stream()
	.collect(Collectors.toMap(k -> k, v -> getScopesInSection(config, v)));
	}

	private SortedMap<ScopeKey, List<Scope>> getScopesInSection(Config config, String subsection) {
	return config.getNames(CONF_SECTION, subsection, true).stream()
	.filter(k -> k.startsWith("scopes"))
	.filter(k -> !k.endsWith("Description"))
	.filter(k -> !k.endsWith("Sequence"))
	.collect(
	ImmutableSortedMap.toImmutableSortedMap(
	Comparator.comparing(ScopeKey::getSequence),
	k ->
	new ScopeKey(
	k,
	config.getString(CONF_SECTION, subsection, k + "Description"),
	config.getInt(CONF_SECTION, subsection, k + "Sequence", 0)),
	v -> parseScopesString(config.getString(CONF_SECTION, subsection, v))));
	}

	private List<Scope> parseScopesString(String scopesString) {
	ArrayList<Scope> result = new ArrayList<>();
	if (Strings.emptyToNull(scopesString) != null) {
	String[] scopesStrings = scopesString.split(",");
	for (String scope : scopesStrings) {
	result.add(Enum.valueOf(Scope.class, scope.trim()));
	}
	}

	return result;
	}

	public Scope[] getDefaultScopes() {
	if (scopes == null \|\| scopes.get(GITHUB_DEFAULT_SCOPES_KEY) == null) {
	return new Scope[0];
	}
	return scopes.get(GITHUB_DEFAULT_SCOPES_KEY).toArray(new Scope[0]);
	}

	public KeyConfig getCurrentKeyConfig() {
	return currentKeyConfig;
	}

	public KeyConfig getKeyConfig(String subsection) {
	return keyConfigMap.get(subsection);
	}

	public Optional<String> getCookieDomain() {
	return cookieDomain;
	}

	public class KeyConfig {

	public static final int PASSWORD_LENGTH_DEFAULT = 16;
	public static final String CIPHER_ALGORITHM_DEFAULT = "AES/ECB/PKCS5Padding";
	public static final String SECRET_KEY_ALGORITHM_DEFAULT = "AES";
	public static final boolean IS_CURRENT_DEFAULT = false;
	public static final String KEY_ID_DEFAULT = "current";

	public static final String PASSWORD_DEVICE_CONFIG_LABEL = "passwordDevice";
	public static final String PASSWORD_LENGTH_CONFIG_LABEL = "passwordLength";
	public static final String SECRET_KEY_CONFIG_LABEL = "secretKeyAlgorithm";
	public static final String CIPHER_ALGO_CONFIG_LABEL = "cipherAlgorithm";
	public static final String CURRENT_CONFIG_LABEL = "current";

	public static final String KEY_DELIMITER = ":";

	private final String passwordDevice;
	private final Integer passwordLength;
	private final String cipherAlgorithm;
	private final String secretKeyAlgorithm;
	private final String keyId;
	private final Boolean isCurrent;

	KeyConfig(String keyId) {

	if (keyId.contains(KEY_DELIMITER)) {
	throw new IllegalStateException(
	String.format(
	"Configuration error. %s.%s should not contain '%s'",
	CONF_KEY_SECTION, keyId, KEY_DELIMITER));
	}

	this.passwordDevice = trimTrailingSlash(getPasswordDeviceOrThrow(config, keyId));
	this.passwordLength =
	config.getInt(
	CONF_KEY_SECTION, keyId, PASSWORD_LENGTH_CONFIG_LABEL, PASSWORD_LENGTH_DEFAULT);
	isCurrent =
	config.getBoolean(CONF_KEY_SECTION, keyId, CURRENT_CONFIG_LABEL, IS_CURRENT_DEFAULT);

	this.cipherAlgorithm =
	MoreObjects.firstNonNull(
	config.getString(CONF_KEY_SECTION, keyId, CIPHER_ALGO_CONFIG_LABEL),
	CIPHER_ALGORITHM_DEFAULT);

	this.secretKeyAlgorithm =
	MoreObjects.firstNonNull(
	config.getString(CONF_KEY_SECTION, keyId, SECRET_KEY_CONFIG_LABEL),
	SECRET_KEY_ALGORITHM_DEFAULT);
	this.keyId = keyId;
	}

	public byte[] readPassword() throws IOException {
	Path devicePath = Paths.get(passwordDevice);
	try (FileInputStream in = new FileInputStream(devicePath.toFile())) {
	byte[] passphrase = new byte[passwordLength];
	if (in.read(passphrase) < passwordLength) {
	throw new IOException("End of password device has already been reached");
	}

	return passphrase;
	}
	}

	public String getCipherAlgorithm() {
	return cipherAlgorithm;
	}

	public String getSecretKeyAlgorithm() {
	return secretKeyAlgorithm;
	}

	public Boolean isCurrent() {
	return isCurrent;
	}

	public String getKeyId() {
	return keyId;
	}
	}

	/**
	* Method returns the password device value for a given {@code keyId}.
	*
	* @throws {@link IllegalStateException} when password device is not configured for {@code keyId}
	*/
	private static String getPasswordDeviceOrThrow(Config config, String keyId) {
	String passwordDevice =
	config.getString(CONF_KEY_SECTION, keyId, KeyConfig.PASSWORD_DEVICE_CONFIG_LABEL);
	if (Strings.isNullOrEmpty(passwordDevice)) {
	throw new IllegalStateException(
	String.format(
	"Configuration error. Missing %s.%s for key-id '%s'",
	CONF_KEY_SECTION, PASSWORD_DEVICE_CONFIG_LABEL, keyId));
	}

	return passwordDevice;
	}
	}