-
SecretAuthentication
-
KEYS: Object[]
-
static class initializer
-
key: String
-
value: char[]
-
secretHash: int
-
SecretAuthentication(String, String): void
-
SecretAuthentication(String, char[]): void
-
SecretAuthentication(char[], String): void
-
copy(char[]): char[]
-
xor(char[]): char[]
-
clear(char[]): void
-
fill(AuthenticationContext, String, Map<String, String>): void
-
digest(AuthenticationDigest): void
-
equals(Object): boolean
-
hashCode(): int
-
toString(): String
-
https://maven.apache.org/resolver/maven-resolver-util/: A collection of utility classes to ease usage of the repository system.
(The Apache Software Foundation)
- Matej Cimbora
- Robert Scholte
- Arnaud Héritier
- Anders Hammar
- Barrie Treloar
- Benson Margulies
- Brian Fox (Sonatype)
- Tamas Cservenak
- Dennis Lundberg (ASF)
- Daniel Kulp (ASF)
- Emmanuel Venisse (ASF)
- Guillaume Boué
- Hervé Boutemy (ASF)
- Igor Fedorenko (Sonatype)
- Jason van Zyl
- Karl Heinz Marbaise
- Kristian Rosenvold
- Milos Kleint
- Olivier Lamy
- Michael Osipov
- Ralph Goers (Intuit)
- Stephane Nicoll (ASF)
- Stephen Connolly
- Tibor Digaňa
- Vincent Siveton (ASF)
- Wayne Fay (ASF)
- Andreas Dangel
- Brian Demers (Sonatype)
- Fabrice Bellingard
- Benjamin Bentmann (Sonatype)
- Chris Graham
- Dan Tran
- Damian Bradicich (Sonatype)
- Brett Porter (ASF)
- Daniel Fabulich
- Fabrizio Giustina (openmind)
- Evgeny Mandrikov (SonarSource)
- Andrew Williams
- Dominik Bartholdi
- Jeff Jensen
- Lukas Theussl
- Mark Hobson
- Mauro Talevi
- Mirko Friedenhagen
- Manfred Moser
- Nicolas de Loof
- Maria Odea B. Ching
- Paul Gier (Red Hat)
- Petar Tahchiev
- Raphaël Piéroni (Dexem)
- Christian Schulte
- Simone Tripodi
- Christian Stein
- Mark Struberg
- Tony Chemit (CodeLutin)
- Vincent Massol (ASF)
- Andreas Gudian
- Allan Q. Ramirez
- Henri Yandell
- Carlos Sanchez (ASF)
- Chris Stevenson
- David Blevins
- Daniel Rall
- Edwin Punzalan
- Felipe Leme
- John Casey (ASF)
- Jesse McConnell (ASF)
- Joakim Erdfelt (ASF)
- Johnny Ruiz III
- James Strachan
- Ernesto Tolentino Jr. (ASF)
- Kenney Westerhof (Neonics)
- Mike Perham (IBM)
- Oleg Gusakov
- Patrick Schneider
- Rahul Thakur
- Shinobu Kuwai
- Torbjorn Eikli Smorgrav
- Trygve Laugstol (ASF)
- Wendy Smoak
package org.eclipse.aether.util.repository;
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
import java.util.Arrays;
import java.util.Map;
import java.util.Objects;
import static java.util.Objects.requireNonNull;
import org.eclipse.aether.repository.Authentication;
import org.eclipse.aether.repository.AuthenticationContext;
import org.eclipse.aether.repository.AuthenticationDigest;
Authentication block that manages a single authentication key and its secret string value (password, passphrase). Unlike StringAuthentication, the string value is kept in an encrypted buffer and only decrypted when needed to reduce the potential of leaking the secret in a heap dump. /**
* Authentication block that manages a single authentication key and its secret string value (password, passphrase).
* Unlike {@link StringAuthentication}, the string value is kept in an encrypted buffer and only decrypted when needed
* to reduce the potential of leaking the secret in a heap dump.
*/
final class SecretAuthentication
implements Authentication
{
private static final Object[] KEYS;
static
{
KEYS = new Object[16];
for ( int i = 0; i < KEYS.length; i++ )
{
KEYS[i] = new Object();
}
}
private final String key;
private final char[] value;
private final int secretHash;
SecretAuthentication( String key, String value )
{
this( ( value != null ) ? value.toCharArray() : null, key );
}
SecretAuthentication( String key, char[] value )
{
this( copy( value ), key );
}
private SecretAuthentication( char[] value, String key )
{
this.key = requireNonNull( key, "authentication key cannot be null" );
if ( key.length() == 0 )
{
throw new IllegalArgumentException( "authentication key cannot be empty" );
}
this.secretHash = Arrays.hashCode( value ) ^ KEYS[0].hashCode();
this.value = xor( value );
}
private static char[] copy( char[] chars )
{
return ( chars != null ) ? chars.clone() : null;
}
@SuppressWarnings( "checkstyle:magicnumber" )
private char[] xor( char[] chars )
{
if ( chars != null )
{
int mask = System.identityHashCode( this );
for ( int i = 0; i < chars.length; i++ )
{
int key = KEYS[( i >> 1 ) % KEYS.length].hashCode();
key ^= mask;
chars[i] ^= ( ( i & 1 ) == 0 ) ? ( key & 0xFFFF ) : ( key >>> 16 );
}
}
return chars;
}
private static void clear( char[] chars )
{
if ( chars != null )
{
for ( int i = 0; i < chars.length; i++ )
{
chars[i] = '\0';
}
}
}
public void fill( AuthenticationContext context, String key, Map<String, String> data )
{
char[] secret = copy( value );
xor( secret );
context.put( this.key, secret );
// secret will be cleared upon AuthenticationContext.close()
}
public void digest( AuthenticationDigest digest )
{
char[] secret = copy( value );
try
{
xor( secret );
digest.update( key );
digest.update( secret );
}
finally
{
clear( secret );
}
}
@Override
public boolean equals( Object obj )
{
if ( this == obj )
{
return true;
}
if ( obj == null || !getClass().equals( obj.getClass() ) )
{
return false;
}
SecretAuthentication that = (SecretAuthentication) obj;
if ( !Objects.equals( key, that.key ) || secretHash != that.secretHash )
{
return false;
}
char[] secret = copy( value );
char[] thatSecret = copy( that.value );
try
{
xor( secret );
that.xor( thatSecret );
return Arrays.equals( secret, thatSecret );
}
finally
{
clear( secret );
clear( thatSecret );
}
}
@Override
public int hashCode()
{
int hash = 17;
hash = hash * 31 + key.hashCode();
hash = hash * 31 + secretHash;
return hash;
}
@Override
public String toString()
{
return key + "=" + ( ( value != null ) ? "***" : "null" );
}
}