View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.shiro.crypto.cipher;
21  
22  import org.apache.shiro.lang.util.ByteSource;
23  import org.apache.shiro.lang.util.Destroyable;
24  
25  import java.io.IOException;
26  
27  import org.apache.shiro.lang.util.ByteSourceWrapper;
28  import org.apache.shiro.lang.util.ByteUtils;
29  
30  /**
31   * A simple implementation that maintains cipher service, ciphertext and key for decrypting it later.
32   * {@link #useBytes(ByteSourceUser)} guarantees the sensitive data in byte array will be erased at end of use.
33   */
34  public class SimpleByteSourceBroker implements ByteSourceBroker, Destroyable {
35      private JcaCipherService cipherService;
36      private byte[] ciphertext;
37      private byte[] key;
38      private boolean destroyed;
39  
40      public SimpleByteSourceBroker(JcaCipherService cipherService, byte[] ciphertext, byte[] key) {
41          this.cipherService = cipherService;
42          this.ciphertext = ciphertext.clone();
43          this.key = key.clone();
44      }
45  
46      public synchronized void useBytes(ByteSourceUser user) {
47          if (destroyed || user == null) {
48              return;
49          }
50          ByteSource byteSource = cipherService.decryptInternal(ciphertext, key);
51  
52          try (ByteSourceWrapper temp = ByteSourceWrapper.wrap(byteSource.getBytes())) {
53              user.use(temp.getBytes());
54          } catch (IOException e) {
55              // ignore
56          }
57  
58      }
59  
60      public byte[] getClonedBytes() {
61          ByteSource byteSource = cipherService.decryptInternal(ciphertext, key);
62          // this's a newly created byte array
63          return byteSource.getBytes();
64      }
65  
66      public void destroy() throws Exception {
67          if (!destroyed) {
68              synchronized (this) {
69                  destroyed = true;
70                  cipherService = null;
71                  ByteUtils.wipe(ciphertext);
72                  ciphertext = null;
73                  ByteUtils.wipe(key);
74                  key = null;
75              }
76          }
77      }
78  }