View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements. See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache license, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License. You may obtain a copy of the License at
8    *
9    *      http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the license for the specific language governing permissions and
15   * limitations under the license.
16   */
17  package org.apache.logging.log4j.core.net.ssl;
18  
19  import java.io.IOException;
20  import java.nio.ByteBuffer;
21  import java.nio.CharBuffer;
22  import java.nio.charset.Charset;
23  import java.nio.file.Files;
24  import java.nio.file.NoSuchFileException;
25  import java.nio.file.Path;
26  import java.nio.file.Paths;
27  import java.util.Arrays;
28  
29  /**
30   * PasswordProvider that reads password from a file.
31   * <p>
32   * This is a relatively secure way to handle passwords:
33   * <ul>
34   *     <li>Managing file access privileges can be delegated to the operating system.</li>
35   *     <li>The password file can be in a separate location from the logging configuration.
36   *       This gives flexibility to have different passwords in different environments while
37   *       using the same logging configuration. It also allows for separation of responsibilities:
38   *       developers don't need to know the password that is used in the production environment.</li>
39   *     <li>There is only a small window of opportunity for attackers to obtain the password from a memory
40   *       dump: the password data is only resident in memory from the moment the caller calls the
41   *       {@link #getPassword()} method and the password file is read until the moment that the caller
42   *       completes authentication and overwrites the password char[] array.</li>
43   * </ul>
44   * </p><p>
45   * Less secure implementations are {@link MemoryPasswordProvider} and {@link EnvironmentPasswordProvider}.
46   * </p>
47   */
48  class FilePasswordProvider implements PasswordProvider {
49      private final Path passwordPath;
50  
51      /**
52       * Constructs a new FilePasswordProvider with the specified path.
53       * @param passwordFile the path to the password file
54       * @throws NoSuchFileException if the password file does not exist when this FilePasswordProvider is constructed
55       */
56      public FilePasswordProvider(final String passwordFile) throws NoSuchFileException {
57          this.passwordPath = Paths.get(passwordFile);
58          if (!Files.exists(passwordPath)) {
59              throw new NoSuchFileException("PasswordFile '" + passwordFile + "' does not exist");
60          }
61      }
62  
63      @Override
64      public char[] getPassword() {
65          byte[] bytes = null;
66          try {
67              bytes = Files.readAllBytes(passwordPath);
68              final ByteBuffer bb = ByteBuffer.wrap(bytes);
69              final CharBuffer decoded = Charset.defaultCharset().decode(bb);
70              final char[] result = new char[decoded.limit()];
71              decoded.get(result, 0, result.length);
72              decoded.rewind();
73              decoded.put(new char[result.length]); // erase decoded CharBuffer
74              return result;
75          } catch (final IOException e) {
76              throw new IllegalStateException("Could not read password from " + passwordPath + ": " + e, e);
77          } finally {
78              if (bytes != null) {
79                  Arrays.fill(bytes, (byte) 0x0);
80              }
81          }
82      }
83  }