001/* 002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 003 * 004 * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved 005 * 006 * The contents of this file are subject to the terms 007 * of the Common Development and Distribution License 008 * (the License). You may not use this file except in 009 * compliance with the License. 010 * 011 * You can obtain a copy of the License at 012 * https://opensso.dev.java.net/public/CDDLv1.0.html or 013 * opensso/legal/CDDLv1.0.txt 014 * See the License for the specific language governing 015 * permission and limitations under the License. 016 * 017 * When distributing Covered Code, include this CDDL 018 * Header Notice in each file and include the License file 019 * at opensso/legal/CDDLv1.0.txt. 020 * If applicable, add the following below the CDDL Header, 021 * with the fields enclosed by brackets [] replaced by 022 * your own identifying information: 023 * "Portions Copyrighted [year] [name of copyright owner]" 024 * 025 * $Id: DecodeAction.java,v 1.4 2008/08/19 19:14:55 veiming Exp $ 026 * 027 * Portions Copyrighted 2011-2015 ForgeRock AS. 028 */ 029 030package com.sun.identity.security; 031 032import java.security.PrivilegedAction; 033 034import com.iplanet.services.util.AMEncryption; 035import com.iplanet.services.util.Crypt; 036 037/** 038 * 039 * The class is used to perform privileged operations with 040 * <code>AccessController.doPrivileged() 041 * </code> when using 042 * <code> com.iplanet.services.util.Crypt</code> to decode passwords. Ths class 043 * implements the interface <code> 044 * PrivilegedAction </code> with a non-default 045 * constructor. This class should be used in order to perform the privileged 046 * operation of <code> com.iplanet.services.util.Crypt.decode/decrypt()</code>. 047 * 048 * <PRE> 049 * 050 * This line of code: String decStr = 051 * com.iplanet.services.util.Crypt.decode(str) should be replaced with: String 052 * decStr = (String) AccessController.doPrivileged( new DecodeAction(str)); If 053 * this is not done and Java security permissions check is enabled, then the 054 * operation will fail and return a null every time. 055 * 056 * Note: Java security permissions check for OpenAM can be enabled by 057 * setting the property <code>com.sun.identity.security.checkcaller</code> to 058 * true in AMConfig properties file. 059 * 060 * </PRE> 061 * 062 * @supported.all.api 063 */ 064public class DecodeAction implements PrivilegedAction<String> { 065 066 protected String value; 067 protected AMEncryption encr; 068 069 /** 070 * Non default constructor to be used when a <code>doPrivileged()</code> 071 * is performed for the decryption operations. 072 * 073 * @param svalue 074 * Value of string to be encoded/decoded 075 * 076 */ 077 public DecodeAction(String svalue) { 078 super(); 079 value = svalue; 080 } 081 082 /** 083 * @param value 084 * Value to be decoded 085 * @param encrKey 086 * Encryption object to be used for decoding 087 */ 088 public DecodeAction(String value, AMEncryption encrKey) { 089 super(); 090 this.value = value; 091 this.encr = encrKey; 092 } 093 094 /* 095 * (non-Javadoc) 096 * 097 * @see java.security.PrivilegedAction#run() 098 */ 099 public String run() { 100 if (encr != null) { 101 return Crypt.decode(value, encr); 102 } else { 103 return Crypt.decode(value); 104 } 105 } 106 107}