Line data    Source code

       1             : // Copyright (C) 2013 The Android Open Source Project
       2             : //
       3             : // Licensed under the Apache License, Version 2.0 (the "License");
       4             : // you may not use this file except in compliance with the License.
       5             : // You may obtain a copy of the License at
       6             : //
       7             : // http://www.apache.org/licenses/LICENSE-2.0
       8             : //
       9             : // Unless required by applicable law or agreed to in writing, software
      10             : // distributed under the License is distributed on an "AS IS" BASIS,
      11             : // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      12             : // See the License for the specific language governing permissions and
      13             : // limitations under the License.
      14             : 
      15             : package com.google.gerrit.server.securestore;
      16             : 
      17             : import com.google.common.collect.Lists;
      18             : import com.google.gerrit.common.Nullable;
      19             : import java.util.List;
      20             : 
      21             : /**
      22             :  * Abstract class for providing new SecureStore implementation for Gerrit.
      23             :  *
      24             :  * <p>SecureStore is responsible for storing sensitive data like passwords in a secure manner.
      25             :  *
      26             :  * <p>It is implementator's responsibility to encrypt and store values.
      27             :  *
      28             :  * <p>To deploy new SecureStore one needs to provide a jar file with explicitly one class that
      29             :  * extends {@code SecureStore} and put it in Gerrit server. Then run:
      30             :  *
      31             :  * <p>`java -jar gerrit.war SwitchSecureStore -d $gerrit_site --new-secure-store-lib
      32             :  * $path_to_new_secure_store.jar`
      33             :  *
      34             :  * <p>on stopped Gerrit instance.
      35             :  */
      36         151 : public abstract class SecureStore {
      37             :   /** Describes {@link SecureStore} entry */
      38             :   public static class EntryKey {
      39             :     public final String name;
      40             :     public final String section;
      41             :     public final String subsection;
      42             : 
      43             :     /** Creates EntryKey */
      44           0 :     public EntryKey(String section, String subsection, String name) {
      45           0 :       this.name = name;
      46           0 :       this.section = section;
      47           0 :       this.subsection = subsection;
      48           0 :     }
      49             :   }
      50             : 
      51             :   /**
      52             :    * Extract decrypted value of stored property from SecureStore or {@code null} when property was
      53             :    * not found.
      54             :    *
      55             :    * @return decrypted String value or {@code null} if not found
      56             :    */
      57             :   @Nullable
      58             :   public final String get(String section, String subsection, String name) {
      59          16 :     String[] values = getList(section, subsection, name);
      60          16 :     if (values != null && values.length > 0) {
      61          15 :       return values[0];
      62             :     }
      63          16 :     return null;
      64             :   }
      65             : 
      66             :   /**
      67             :    * Extract decrypted value of stored plugin config property from SecureStore or {@code null} when
      68             :    * property was not found.
      69             :    *
      70             :    * @return decrypted String value or {@code null} if not found
      71             :    */
      72             :   @Nullable
      73             :   public final String getForPlugin(
      74             :       String pluginName, String section, String subsection, String name) {
      75           1 :     String[] values = getListForPlugin(pluginName, section, subsection, name);
      76           1 :     if (values != null && values.length > 0) {
      77           0 :       return values[0];
      78             :     }
      79           1 :     return null;
      80             :   }
      81             : 
      82             :   /**
      83             :    * Extract list of plugin config values from SecureStore and decrypt every value in that list, or
      84             :    * {@code null} when property was not found.
      85             :    *
      86             :    * @return decrypted list of string values or {@code null}
      87             :    */
      88             :   public abstract String[] getListForPlugin(
      89             :       String pluginName, String section, String subsection, String name);
      90             : 
      91             :   /**
      92             :    * Extract list of values from SecureStore and decrypt every value in that list or {@code null}
      93             :    * when property was not found.
      94             :    *
      95             :    * @return decrypted list of string values or {@code null}
      96             :    */
      97             :   public abstract String[] getList(String section, String subsection, String name);
      98             : 
      99             :   /**
     100             :    * Store single value in SecureStore.
     101             :    *
     102             :    * <p>This method is responsible for encrypting value and storing it.
     103             :    *
     104             :    * @param value plain text value
     105             :    */
     106             :   public final void set(String section, String subsection, String name, String value) {
     107          15 :     setList(section, subsection, name, Lists.newArrayList(value));
     108          15 :   }
     109             : 
     110             :   /**
     111             :    * Store list of values in SecureStore.
     112             :    *
     113             :    * <p>This method is responsible for encrypting all values in the list and storing them.
     114             :    *
     115             :    * @param values list of plain text values
     116             :    */
     117             :   public abstract void setList(String section, String subsection, String name, List<String> values);
     118             : 
     119             :   /**
     120             :    * Remove value for given {@code section}, {@code subsection} and {@code name} from SecureStore.
     121             :    */
     122             :   public abstract void unset(String section, String subsection, String name);
     123             : 
     124             :   /** Returns list of stored entries. */
     125             :   public abstract Iterable<EntryKey> list();
     126             : 
     127             :   /** Returns <code>true</code> if currently loaded values are outdated */
     128             :   public abstract boolean isOutdated();
     129             : 
     130             :   /** Reload the values */
     131             :   public abstract void reload();
     132             : }