001/*
002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003 *
004 * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
005 *
006 * The contents of this file are subject to the terms
007 * of the Common Development and Distribution License
008 * (the License). You may not use this file except in
009 * compliance with the License.
010 *
011 * You can obtain a copy of the License at
012 * https://opensso.dev.java.net/public/CDDLv1.0.html or
013 * opensso/legal/CDDLv1.0.txt
014 * See the License for the specific language governing
015 * permission and limitations under the License.
016 *
017 * When distributing Covered Code, include this CDDL
018 * Header Notice in each file and include the License file
019 * at opensso/legal/CDDLv1.0.txt.
020 * If applicable, add the following below the CDDL Header,
021 * with the fields enclosed by brackets [] replaced by
022 * your own identifying information:
023 * "Portions Copyrighted [year] [name of copyright owner]"
024 *
025 * $Id: DecryptAction.java,v 1.4 2008/08/19 19:14:55 veiming Exp $
026 *
027 * Portions Copyrighted 2015 ForgeRock AS.
028 */
029
030package com.sun.identity.security;
031
032import java.security.PrivilegedAction;
033
034import com.iplanet.am.util.AMPasswordUtil;
035
036/**
037 * 
038 * The class is used to perform privileged operation with
039 * <code>AccessController.doPrivileged()
040 * </code> when using
041 * <code> com.iplanet.am.util.AMPasswordUtil</code> to decrypt passwords. Ths
042 * class implements the interface <code>
043 * PrivilegedAction </code> with a
044 * non-default constructor. This class should be used in order to perform the
045 * privileged operation of
046 * <code> com.iplanet.am.util.AMPasswordUtil.decrypt()</code>.
047 * 
048 * <PRE>
049 * 
050 * This line of code: String encStr =
051 * com.iplanet.am.util.AMPasswordUtil.decrypt(str); should be replaced with:
052 * String encStr = (String) AccessController.doPrivileged( new
053 * DecryptAction(str)); If this is not done and Java security permissions check
054 * is enabled, then the operation will fail and return a null everytime.
055 * 
056 * Note: Java security permissions check for OpenAM can be enabled by
057 * setting the property <code>com.sun.identity.security.checkcaller</code> to
058 * true in AMConfig properties file.
059 * 
060 * </PRE>
061 *
062 * @supported.all.api
063 */
064public class DecryptAction implements PrivilegedAction {
065    protected String value;
066
067    /**
068     * Non default constructor to be used when a <code>doPrivileged()</code>
069     * is performed for the decryption operations.
070     * 
071     * @param svalue
072     *            Value of string to be encoded/decoded
073     * 
074     */
075    public DecryptAction(String svalue) {
076        super();
077        value = svalue;
078    }
079
080    /*
081     * (non-Javadoc)
082     * 
083     * @see java.security.PrivilegedAction#run()
084     */
085    public Object run() {
086        return AMPasswordUtil.decrypt(value);
087    }
088
089}