1 /*******************************************************************************
2 * Copyright (c) 2012 Sonatype, Inc.
3 * All rights reserved. This program and the accompanying materials
4 * are made available under the terms of the Eclipse Public License v1.0
5 * which accompanies this distribution, and is available at
6 * http://www.eclipse.org/legal/epl-v10.html
7 *
8 * Contributors:
9 * Sonatype, Inc. - initial API and implementation
10 *******************************************************************************/
11 package org.eclipse.aether.repository;
12
13 import java.io.UnsupportedEncodingException;
14 import java.security.MessageDigest;
15 import java.security.NoSuchAlgorithmException;
16
17 import org.eclipse.aether.RepositorySystemSession;
18
19 /**
20 * A helper to calculate a fingerprint/digest for the authentication data of a repository/proxy. Such a fingerprint can
21 * be used to detect changes in the authentication data across JVM restarts without exposing sensitive information.
22 */
23 public final class AuthenticationDigest
24 {
25
26 private final MessageDigest digest;
27
28 private final RepositorySystemSession session;
29
30 private final RemoteRepository repository;
31
32 private final Proxy proxy;
33
34 /**
35 * Gets the fingerprint for the authentication of the specified repository.
36 *
37 * @param session The repository system session during which the fingerprint is requested, must not be {@code null}.
38 * @param repository The repository whose authentication is to be fingerprinted, must not be {@code null}.
39 * @return The fingerprint of the repository authentication or an empty string if no authentication is configured,
40 * never {@code null}.
41 */
42 public static String forRepository( RepositorySystemSession session, RemoteRepository repository )
43 {
44 String digest = "";
45 Authentication auth = repository.getAuthentication();
46 if ( auth != null )
47 {
48 AuthenticationDigest authDigest = new AuthenticationDigest( session, repository, null );
49 auth.digest( authDigest );
50 digest = authDigest.digest();
51 }
52 return digest;
53 }
54
55 /**
56 * Gets the fingerprint for the authentication of the specified repository's proxy.
57 *
58 * @param session The repository system session during which the fingerprint is requested, must not be {@code null}.
59 * @param repository The repository whose proxy authentication is to be fingerprinted, must not be {@code null}.
60 * @return The fingerprint of the proxy authentication or an empty string if no proxy is present or if no proxy
61 * authentication is configured, never {@code null}.
62 */
63 public static String forProxy( RepositorySystemSession session, RemoteRepository repository )
64 {
65 String digest = "";
66 Proxy proxy = repository.getProxy();
67 if ( proxy != null )
68 {
69 Authentication auth = proxy.getAuthentication();
70 if ( auth != null )
71 {
72 AuthenticationDigest authDigest = new AuthenticationDigest( session, repository, proxy );
73 auth.digest( authDigest );
74 digest = authDigest.digest();
75 }
76 }
77 return digest;
78 }
79
80 private AuthenticationDigest( RepositorySystemSession session, RemoteRepository repository, Proxy proxy )
81 {
82 this.session = session;
83 this.repository = repository;
84 this.proxy = proxy;
85 digest = newDigest();
86 }
87
88 private static MessageDigest newDigest()
89 {
90 try
91 {
92 return MessageDigest.getInstance( "SHA-1" );
93 }
94 catch ( NoSuchAlgorithmException e )
95 {
96 try
97 {
98 return MessageDigest.getInstance( "MD5" );
99 }
100 catch ( NoSuchAlgorithmException ne )
101 {
102 throw new IllegalStateException( ne );
103 }
104 }
105 }
106
107 /**
108 * Gets the repository system session during which the authentication fingerprint is calculated.
109 *
110 * @return The repository system session, never {@code null}.
111 */
112 public RepositorySystemSession getSession()
113 {
114 return session;
115 }
116
117 /**
118 * Gets the repository requiring authentication. If {@link #getProxy()} is not {@code null}, the data gathered by
119 * this authentication digest does not apply to the repository's host but rather the proxy.
120 *
121 * @return The repository to be contacted, never {@code null}.
122 */
123 public RemoteRepository getRepository()
124 {
125 return repository;
126 }
127
128 /**
129 * Gets the proxy (if any) to be authenticated with.
130 *
131 * @return The proxy or {@code null} if authenticating directly with the repository's host.
132 */
133 public Proxy getProxy()
134 {
135 return proxy;
136 }
137
138 /**
139 * Updates the digest with the specified strings.
140 *
141 * @param strings The strings to update the digest with, may be {@code null} or contain {@code null} elements.
142 */
143 public void update( String... strings )
144 {
145 if ( strings != null )
146 {
147 for ( String string : strings )
148 {
149 if ( string != null )
150 {
151 try
152 {
153 digest.update( string.getBytes( "UTF-8" ) );
154 }
155 catch ( UnsupportedEncodingException e )
156 {
157 throw new IllegalStateException( e );
158 }
159 }
160 }
161 }
162 }
163
164 /**
165 * Updates the digest with the specified characters.
166 *
167 * @param chars The characters to update the digest with, may be {@code null}.
168 */
169 public void update( char... chars )
170 {
171 if ( chars != null )
172 {
173 for ( char c : chars )
174 {
175 digest.update( (byte) ( c >> 8 ) );
176 digest.update( (byte) ( c & 0xFF ) );
177 }
178 }
179 }
180
181 /**
182 * Updates the digest with the specified bytes.
183 *
184 * @param bytes The bytes to update the digest with, may be {@code null}.
185 */
186 public void update( byte... bytes )
187 {
188 if ( bytes != null )
189 {
190 digest.update( bytes );
191 }
192 }
193
194 private String digest()
195 {
196 byte[] bytes = digest.digest();
197 StringBuilder buffer = new StringBuilder( bytes.length * 2 );
198 for ( byte aByte : bytes )
199 {
200 int b = aByte & 0xFF;
201 if ( b < 0x10 )
202 {
203 buffer.append( '0' );
204 }
205 buffer.append( Integer.toHexString( b ) );
206 }
207 return buffer.toString();
208 }
209
210 }