Bug 230242 [sec] Add hints describing capabilities of the password providers

author: Oleg Besedin 2008-05-09 19:29:11 +0000
committer: Oleg Besedin 2008-05-09 19:29:11 +0000
commit: 7c405d7881009743d9f6e1379a1469541c5cdf3f (patch)
tree: e0f46319c9d6399941335c5f4e994b629e410a4a /bundles
parent: 8d2d2977ba69a4b84022b1199e1d9e83e7f80029 (diff)
download: rt.equinox.bundles-7c405d7881009743d9f6e1379a1469541c5cdf3f.tar.gz
rt.equinox.bundles-7c405d7881009743d9f6e1379a1469541c5cdf3f.tar.xz
rt.equinox.bundles-7c405d7881009743d9f6e1379a1469541c5cdf3f.zip
13 files changed, 172 insertions, 11 deletions
diff --git a/bundles/org.eclipse.equinox.security.macosx/fragment.properties b/bundles/org.eclipse.equinox.security.macosx/fragment.properties
index 2c8c86653..06f0dd1a5 100644
--- a/bundles/org.eclipse.equinox.security.macosx/fragment.properties
+++ b/bundles/org.eclipse.equinox.security.macosx/fragment.properties
@@ -11,3 +11,4 @@
 fragmentName = OS X Keystore service integration
 providerName = Eclipse.org
 macModuleName = OS X Keystore Integration
+providerDescription = The provider uses the operating system\'s keyring to store a randomly generated user-specific \'master\' password. Users who can log into the operating system account can access contents of the secure storage.
diff --git a/bundles/org.eclipse.equinox.security.macosx/fragment.xml b/bundles/org.eclipse.equinox.security.macosx/fragment.xml
index c53b3b0f8..8a646834c 100644
--- a/bundles/org.eclipse.equinox.security.macosx/fragment.xml
+++ b/bundles/org.eclipse.equinox.security.macosx/fragment.xml
@@ -7,7 +7,11 @@
          point="org.eclipse.equinox.security.secureStorage">
       <provider
             class="org.eclipse.equinox.internal.security.osx.OSXProvider"
+            description="%providerDescription"
             priority="5">
+         <hint
+               value="AutomaticPasswordGeneration">
+         </hint>
       </provider>
    </extension>
 </fragment>
diff --git a/bundles/org.eclipse.equinox.security.ui/plugin.properties b/bundles/org.eclipse.equinox.security.ui/plugin.properties
index d3f9c120a..f197a55bf 100644
--- a/bundles/org.eclipse.equinox.security.ui/plugin.properties
+++ b/bundles/org.eclipse.equinox.security.ui/plugin.properties
@@ -19,3 +19,4 @@ certificateFile = Certificate File
 certificateFileDescription = Import certificates into the platform.
 storage = Secure Storage
 uiPasswordProviderName = UI Prompt
+providerDescription = The provider brings up a secure storage login dialog for the user to input the \'master\' password. This provider does not persist \'master\' password in any way but relies on the user to input it.
diff --git a/bundles/org.eclipse.equinox.security.ui/plugin.xml b/bundles/org.eclipse.equinox.security.ui/plugin.xml
index 2d287a6a8..71835d4b8 100644
--- a/bundles/org.eclipse.equinox.security.ui/plugin.xml
+++ b/bundles/org.eclipse.equinox.security.ui/plugin.xml
@@ -63,6 +63,7 @@
          point="org.eclipse.equinox.security.secureStorage">
       <provider
             class="org.eclipse.equinox.internal.security.ui.storage.DefaultPasswordProvider"
+            description="%providerDescription"
             priority="2">
       </provider>
    </extension>
diff --git a/bundles/org.eclipse.equinox.security.ui/src/org/eclipse/equinox/internal/security/ui/nls/SecUIMessages.java b/bundles/org.eclipse.equinox.security.ui/src/org/eclipse/equinox/internal/security/ui/nls/SecUIMessages.java
index 2127edf42..22c083b1f 100644
--- a/bundles/org.eclipse.equinox.security.ui/src/org/eclipse/equinox/internal/security/ui/nls/SecUIMessages.java
+++ b/bundles/org.eclipse.equinox.security.ui/src/org/eclipse/equinox/internal/security/ui/nls/SecUIMessages.java
@@ -70,6 +70,7 @@ public class SecUIMessages extends NLS {
 	public static String passwordCacheGroup;
 	public static String providerGroup;
 	public static String passwordCacheNote;
+	public static String providerDetails;
 
 	// secure storage view
 	public static String generalTitle;
@@ -145,6 +146,7 @@ public class SecUIMessages extends NLS {
 	public static String wizardSwitchError;
 	public static String wizardDoneTitle;
 	public static String wizardDone;
+	public static String passwordChangeDone;
 
 	// challenge-response dialog
 	public static String pswdRecoveryOptionTitle;
diff --git a/bundles/org.eclipse.equinox.security.ui/src/org/eclipse/equinox/internal/security/ui/nls/messages.properties b/bundles/org.eclipse.equinox.security.ui/src/org/eclipse/equinox/internal/security/ui/nls/messages.properties
index bb0c7b67c..a3aabfd71 100644
--- a/bundles/org.eclipse.equinox.security.ui/src/org/eclipse/equinox/internal/security/ui/nls/messages.properties
+++ b/bundles/org.eclipse.equinox.security.ui/src/org/eclipse/equinox/internal/security/ui/nls/messages.properties
@@ -64,6 +64,7 @@ saveButton = &Save
 exportButton = &Export...
 locationButton = S&torage location:
 providerDescription = Providers supply \'master\' passwords used to encrypt information. The enabled provider with the highest priority is chosen. A provider can be disabled by un-checking it from this list.
+providerDetails = Details:
 
 ## Secure storage view
 generalTitle = Secure Storage
@@ -139,6 +140,7 @@ wizardDecodeWarning = An error occurred while decrypting stored values (see log
 wizardSwitchError = An error occurred while creating new password. See error log for details. 
 wizardDoneTitle = Complete
 wizardDone = Password change complete.
+passwordChangeDone = The \'master\' password has been successfully changed for the provider \"{0}\".
 
 ## challenge-response dialog
 pswdRecoveryOptionTitle = Secure Storage
diff --git a/bundles/org.eclipse.equinox.security.ui/src/org/eclipse/equinox/internal/security/ui/storage/TabPassword.java b/bundles/org.eclipse.equinox.security.ui/src/org/eclipse/equinox/internal/security/ui/storage/TabPassword.java
index 1c297c220..d3bcd8629 100644
--- a/bundles/org.eclipse.equinox.security.ui/src/org/eclipse/equinox/internal/security/ui/storage/TabPassword.java
+++ b/bundles/org.eclipse.equinox.security.ui/src/org/eclipse/equinox/internal/security/ui/storage/TabPassword.java
@@ -18,9 +18,11 @@ import org.eclipse.equinox.internal.security.storage.friends.*;
 import org.eclipse.equinox.internal.security.ui.nls.SecUIMessages;
 import org.eclipse.equinox.security.storage.ISecurePreferences;
 import org.eclipse.equinox.security.storage.SecurePreferencesFactory;
+import org.eclipse.jface.dialogs.MessageDialog;
 import org.eclipse.jface.layout.*;
 import org.eclipse.jface.viewers.ColumnWeightData;
 import org.eclipse.jface.viewers.TableLayout;
+import org.eclipse.osgi.util.NLS;
 import org.eclipse.swt.SWT;
 import org.eclipse.swt.events.*;
 import org.eclipse.swt.layout.GridData;
@@ -40,6 +42,8 @@ public class TabPassword {
 	protected Button buttonChangePassword;
 	protected Button buttonRecoverPassword;
 
+	protected Text detailsText;
+
 	protected boolean providerModified = false;
 
 	public TabPassword(TabFolder folder, int index, final Shell shell) {
@@ -107,6 +111,7 @@ public class TabPassword {
 				if ((e.detail & SWT.CHECK) != 0)
 					providerModified = true;
 				enableButtons();
+				updateDescription();
 			}
 		});
 		GridDataFactory.defaultsFor(providerTable).span(1, 2).applyTo(providerTable);
@@ -121,10 +126,19 @@ public class TabPassword {
 			}
 
 			public void widgetSelected(SelectionEvent e) {
+				PasswordProviderDescription selectedModule = getSelectedModule();
+				if (selectedModule == null)
+					return;
 				String moduleID = getSelectedModuleID();
 				ISecurePreferences rootNode = SecurePreferencesFactory.getDefault();
-				ChangePasswordWizardDialog dialog = new ChangePasswordWizardDialog(shell, rootNode, moduleID);
-				dialog.open();
+				if (selectedModule.hasHint(InternalExchangeUtils.HINT_PASSWORD_AUTOGEN)) {
+					// do replacement behind the scene without showing the wizard
+					changePassword(rootNode, moduleID, selectedModule.getName(), shell);
+				} else {
+					// show the wizard to provide separate "old" and "new" password entries
+					ChangePasswordWizardDialog dialog = new ChangePasswordWizardDialog(shell, rootNode, moduleID);
+					dialog.open();
+				}
 				enableLogout();
 			}
 		});
@@ -153,6 +167,19 @@ public class TabPassword {
 		setButtonSize(buttonRecoverPassword);
 
 		enableButtons();
+
+		Label descriptionLabel = new Label(providersComp, SWT.NONE);
+		descriptionLabel.setLayoutData(new GridData(SWT.FILL, SWT.CENTER, false, false, 2, 1));
+		descriptionLabel.setText(SecUIMessages.providerDetails);
+
+		detailsText = new Text(providersComp, SWT.MULTI | SWT.LEAD | SWT.BORDER | SWT.READ_ONLY | SWT.WRAP);
+		detailsText.setBackground(detailsText.getDisplay().getSystemColor(SWT.COLOR_LIST_BACKGROUND));
+		gridData = new GridData(SWT.FILL, SWT.FILL, false, false, 1, 1);
+		gridData.widthHint = 300;
+		gridData.heightHint = 65;
+		detailsText.setLayoutData(gridData);
+		updateDescription();
+
 		GridLayoutFactory.fillDefaults().margins(LayoutConstants.getSpacing()).generateLayout(page);
 	}
 
@@ -169,7 +196,7 @@ public class TabPassword {
 			PasswordProviderDescription module = (PasswordProviderDescription) i.next();
 			TableItem item = new TableItem(providerTable, SWT.NONE);
 			item.setText(new String[] {module.getName(), Integer.toString(module.getPriority())});
-			item.setData(module.getId());
+			item.setData(module);
 			if (disabledModules == null)
 				item.setChecked(true);
 			else
@@ -180,15 +207,25 @@ public class TabPassword {
 		layout.addColumnData(new ColumnWeightData(5));
 		layout.addColumnData(new ColumnWeightData(1));
 		providerTable.setLayout(layout);
+
+		if (providerTable.getItemCount() > 0)
+			providerTable.select(0);
 	}
 
-	protected String getSelectedModuleID() {
+	protected PasswordProviderDescription getSelectedModule() {
 		if (providerTable == null)
 			return null;
 		TableItem[] items = providerTable.getSelection();
 		if (items.length == 0)
 			return null;
-		return (String) items[0].getData();
+		return ((PasswordProviderDescription) items[0].getData());
+	}
+
+	protected String getSelectedModuleID() {
+		PasswordProviderDescription selectedModule = getSelectedModule();
+		if (selectedModule == null)
+			return null;
+		return selectedModule.getId();
 	}
 
 	protected void enableButtons() {
@@ -246,7 +283,7 @@ public class TabPassword {
 				tmp.append(',');
 			else
 				first = false;
-			tmp.append((String) items[i].getData());
+			tmp.append(((PasswordProviderDescription) items[i].getData()).getId());
 		}
 
 		IEclipsePreferences node = new ConfigurationScope().getNode(PREFERENCES_PLUGIN);
@@ -276,4 +313,35 @@ public class TabPassword {
 		GridDataFactory.defaultsFor(button).align(SWT.FILL, SWT.BEGINNING).grab(false, false).applyTo(button);
 	}
 
+	protected boolean changePassword(ISecurePreferences node, String moduleID, String name, Shell shell) {
+		ReEncrypter reEncrypter = new ReEncrypter(node, moduleID);
+		if (!reEncrypter.decrypt()) {
+			MessageBox messageBox = new MessageBox(shell, SWT.YES | SWT.NO | SWT.ICON_WARNING);
+			messageBox.setText(SecUIMessages.changePasswordWizardTitle);
+			messageBox.setMessage(SecUIMessages.wizardDecodeWarning);
+			if (messageBox.open() == SWT.YES)
+				return false;
+		}
+
+		if (!reEncrypter.switchToNewPassword()) {
+			MessageBox messageBox = new MessageBox(shell, SWT.OK | SWT.ICON_ERROR);
+			messageBox.setText(SecUIMessages.changePasswordWizardTitle);
+			messageBox.setMessage(SecUIMessages.wizardSwitchError);
+			messageBox.open();
+			return false;
+		}
+		reEncrypter.encrypt();
+
+		// all good
+		String msg = NLS.bind(SecUIMessages.passwordChangeDone, name);
+		MessageDialog.openInformation(StorageUtils.getShell(), SecUIMessages.generalDialogTitle, msg);
+		return true;
+	}
+
+	protected void updateDescription() {
+		PasswordProviderDescription selectedModule = getSelectedModule();
+		if (selectedModule != null && detailsText != null)
+			detailsText.setText(selectedModule.getDescription());
+	}
+
 }
diff --git a/bundles/org.eclipse.equinox.security.win32.x86/fragment.properties b/bundles/org.eclipse.equinox.security.win32.x86/fragment.properties
index d93ef4622..e8db1426b 100644
--- a/bundles/org.eclipse.equinox.security.win32.x86/fragment.properties
+++ b/bundles/org.eclipse.equinox.security.win32.x86/fragment.properties
@@ -11,3 +11,4 @@
 fragmentName = Windows Data Protection services integration
 providerName = Eclipse.org
 windowsModuleName = Windows Integration
+providerDescription = The provider uses Windows APIs to encrypt a randomly generated \'master\' password in a way specific to the login credentials. Users who can log into the Windows account can access contents of the secure storage.
diff --git a/bundles/org.eclipse.equinox.security.win32.x86/fragment.xml b/bundles/org.eclipse.equinox.security.win32.x86/fragment.xml
index 15f8f0602..371d17f2e 100644
--- a/bundles/org.eclipse.equinox.security.win32.x86/fragment.xml
+++ b/bundles/org.eclipse.equinox.security.win32.x86/fragment.xml
@@ -7,7 +7,11 @@
          point="org.eclipse.equinox.security.secureStorage">
       <provider
             class="org.eclipse.equinox.internal.security.win32.WinCrypto"
+            description="%providerDescription"
             priority="5">
+         <hint
+               value="AutomaticPasswordGeneration">
+         </hint>
       </provider>
    </extension>
 
diff --git a/bundles/org.eclipse.equinox.security/schema/secureStorage.exsd b/bundles/org.eclipse.equinox.security/schema/secureStorage.exsd
index 90270e3db..2031ae3a6 100644
--- a/bundles/org.eclipse.equinox.security/schema/secureStorage.exsd
+++ b/bundles/org.eclipse.equinox.security/schema/secureStorage.exsd
@@ -44,6 +44,9 @@
 
    <element name="provider">
       <complexType>
+         <sequence>
+            <element ref="hint" minOccurs="0" maxOccurs="unbounded"/>
+         </sequence>
          <attribute name="class" type="string" use="required">
             <annotation>
                <documentation>
@@ -61,6 +64,34 @@
                </documentation>
             </annotation>
          </attribute>
+         <attribute name="description" type="string">
+            <annotation>
+               <documentation>
+                  Optional text describing to the user functionality of this password provider.
+               </documentation>
+               <appinfo>
+                  <meta.attribute translatable="true"/>
+               </appinfo>
+            </annotation>
+         </attribute>
+      </complexType>
+   </element>
+
+   <element name="hint">
+      <complexType>
+         <attribute name="value" use="required">
+            <annotation>
+               <documentation>
+                  To help secure storage optimize workflows, providers that acquire master passwords without input from the user the should specify &lt;tt&gt;AutomaticPasswordGeneration&lt;/tt&gt; hint.
+               </documentation>
+            </annotation>
+            <simpleType>
+               <restriction base="string">
+                  <enumeration value="AutomaticPasswordGeneration">
+                  </enumeration>
+               </restriction>
+            </simpleType>
+         </attribute>
       </complexType>
    </element>
 
@@ -100,7 +131,6 @@
       <documentation>
          &lt;p&gt;The &lt;code&gt;org.eclipse.equinox.security.ui&lt;/code&gt; bundle supplies default password provider that prompts user to enter the password.&lt;/p&gt;
 &lt;p&gt;The &lt;code&gt;org.eclipse.equinox.security.win32.x86&lt;/code&gt; fragment provides Windows OS integration.&lt;/p&gt;
-
       </documentation>
    </annotation>
 
diff --git a/bundles/org.eclipse.equinox.security/src/org/eclipse/equinox/internal/security/storage/PasswordProviderSelector.java b/bundles/org.eclipse.equinox.security/src/org/eclipse/equinox/internal/security/storage/PasswordProviderSelector.java
index 3b223d8ed..bbdf7ed71 100644
--- a/bundles/org.eclipse.equinox.security/src/org/eclipse/equinox/internal/security/storage/PasswordProviderSelector.java
+++ b/bundles/org.eclipse.equinox.security/src/org/eclipse/equinox/internal/security/storage/PasswordProviderSelector.java
@@ -32,7 +32,10 @@ public class PasswordProviderSelector implements IRegistryEventListener {
 	final private static String EXTENSION_POINT = "org.eclipse.equinox.security.secureStorage"; //$NON-NLS-1$
 	final private static String STORAGE_MODULE = "provider";//$NON-NLS-1$
 	final private static String MODULE_PRIORITY = "priority";//$NON-NLS-1$
+	final private static String MODULE_DESCRIPTION = "description";//$NON-NLS-1$
 	final private static String CLASS_NAME = "class";//$NON-NLS-1$
+	final private static String HINTS_NAME = "hint";//$NON-NLS-1$
+	final private static String HINT_VALUE = "value";//$NON-NLS-1$
 
 	private Map modules = new HashMap(5); // cache of modules found
 
@@ -41,13 +44,17 @@ public class PasswordProviderSelector implements IRegistryEventListener {
 		public IConfigurationElement element;
 		public int priority;
 		public String name;
+		public String description;
+		public List hints;
 
-		public ExtStorageModule(String id, IConfigurationElement element, int priority, String name) {
+		public ExtStorageModule(String id, IConfigurationElement element, int priority, String name, String description, List hints) {
 			super();
 			this.element = element;
 			this.moduleID = id;
 			this.priority = priority;
 			this.name = name;
+			this.description = description;
+			this.hints = hints;
 		}
 	}
 
@@ -107,7 +114,21 @@ public class PasswordProviderSelector implements IRegistryEventListener {
 					priority = 10;
 			}
 			String name = extensions[i].getLabel();
-			allAvailableModules.add(new ExtStorageModule(moduleID, element, priority, name));
+
+			String description = element.getAttribute(MODULE_DESCRIPTION);
+
+			List suppliedHints = null;
+			IConfigurationElement[] hints = element.getChildren(HINTS_NAME);
+			if (hints.length != 0) {
+				suppliedHints = new ArrayList(hints.length);
+				for (int j = 0; j < hints.length; j++) {
+					String hint = hints[j].getAttribute(HINT_VALUE);
+					if (hint != null)
+						suppliedHints.add(hint);
+				}
+			}
+
+			allAvailableModules.add(new ExtStorageModule(moduleID, element, priority, name, description, suppliedHints));
 		}
 
 		Collections.sort(allAvailableModules, new Comparator() {
diff --git a/bundles/org.eclipse.equinox.security/src/org/eclipse/equinox/internal/security/storage/friends/InternalExchangeUtils.java b/bundles/org.eclipse.equinox.security/src/org/eclipse/equinox/internal/security/storage/friends/InternalExchangeUtils.java
index 3c8d1d138..5ee5a6179 100644
--- a/bundles/org.eclipse.equinox.security/src/org/eclipse/equinox/internal/security/storage/friends/InternalExchangeUtils.java
+++ b/bundles/org.eclipse.equinox.security/src/org/eclipse/equinox/internal/security/storage/friends/InternalExchangeUtils.java
@@ -27,6 +27,8 @@ import org.osgi.framework.BundleContext;
  */
 public class InternalExchangeUtils {
 
+	static public final String HINT_PASSWORD_AUTOGEN = "AutomaticPasswordGeneration"; //$NON-NLS-1$
+
 	static private final String JUNIT_APPS1 = "org.eclipse.pde.junit.runtime."; //$NON-NLS-1$
 	static private final String JUNIT_APPS2 = "org.eclipse.test."; //$NON-NLS-1$
 
@@ -52,7 +54,7 @@ public class InternalExchangeUtils {
 		List result = new ArrayList(availableModules.size());
 		for (Iterator i = availableModules.iterator(); i.hasNext();) {
 			ExtStorageModule module = (ExtStorageModule) i.next();
-			result.add(new PasswordProviderDescription(module.name, module.moduleID, module.priority));
+			result.add(new PasswordProviderDescription(module.name, module.moduleID, module.priority, module.description, module.hints));
 		}
 		return result;
 	}
diff --git a/bundles/org.eclipse.equinox.security/src/org/eclipse/equinox/internal/security/storage/friends/PasswordProviderDescription.java b/bundles/org.eclipse.equinox.security/src/org/eclipse/equinox/internal/security/storage/friends/PasswordProviderDescription.java
index e4a3e8f8a..4fea54f42 100644
--- a/bundles/org.eclipse.equinox.security/src/org/eclipse/equinox/internal/security/storage/friends/PasswordProviderDescription.java
+++ b/bundles/org.eclipse.equinox.security/src/org/eclipse/equinox/internal/security/storage/friends/PasswordProviderDescription.java
@@ -10,19 +10,28 @@
  *******************************************************************************/
 package org.eclipse.equinox.internal.security.storage.friends;
 
+import java.util.Iterator;
+import java.util.List;
+
 /**
  * This class is used to pass description of a password provider module.
  */
 public class PasswordProviderDescription {
 
+	static final private String EMPTY_STRING = ""; //$NON-NLS-1$
+
 	private int priority;
 	private String id;
 	private String name;
+	private String description;
+	private List hints;
 
-	public PasswordProviderDescription(String name, String id, int priority) {
+	public PasswordProviderDescription(String name, String id, int priority, String description, List hints) {
 		this.id = id;
 		this.name = name;
 		this.priority = priority;
+		this.description = description;
+		this.hints = hints;
 	}
 
 	public int getPriority() {
@@ -33,6 +42,21 @@ public class PasswordProviderDescription {
 		return id;
 	}
 
+	public String getDescription() {
+		return (description == null) ? EMPTY_STRING : description;
+	}
+
+	public boolean hasHint(String hint) {
+		if (hints == null)
+			return false;
+		for (Iterator i = hints.iterator(); i.hasNext();) {
+			String candidate = (String) i.next();
+			if (hint.equalsIgnoreCase(candidate))
+				return true;
+		}
+		return false;
+	}
+
 	public String getName() {
 		if (name == null || name.length() == 0)
 			return id;
author	Oleg Besedin	2008-05-09 19:29:11 +0000
committer	Oleg Besedin	2008-05-09 19:29:11 +0000
commit	7c405d7881009743d9f6e1379a1469541c5cdf3f (patch)
tree	e0f46319c9d6399941335c5f4e994b629e410a4a /bundles
parent	8d2d2977ba69a4b84022b1199e1d9e83e7f80029 (diff)
download	rt.equinox.bundles-7c405d7881009743d9f6e1379a1469541c5cdf3f.tar.gz rt.equinox.bundles-7c405d7881009743d9f6e1379a1469541c5cdf3f.tar.xz rt.equinox.bundles-7c405d7881009743d9f6e1379a1469541c5cdf3f.zip