| 1 | // License: GPL. For details, see LICENSE file.
|
|---|
| 2 | package org.openstreetmap.josm.io.auth;
|
|---|
| 3 |
|
|---|
| 4 | import java.net.Authenticator;
|
|---|
| 5 | import java.net.PasswordAuthentication;
|
|---|
| 6 | import java.util.Collection;
|
|---|
| 7 | import java.util.HashSet;
|
|---|
| 8 | import java.util.Objects;
|
|---|
| 9 |
|
|---|
| 10 | import org.openstreetmap.josm.io.OsmApi;
|
|---|
| 11 | import org.openstreetmap.josm.tools.Logging;
|
|---|
| 12 | import org.openstreetmap.josm.tools.Pair;
|
|---|
| 13 |
|
|---|
| 14 | /**
|
|---|
| 15 | * This is the default authenticator used in JOSM. It delegates lookup of credentials
|
|---|
| 16 | * for the OSM API and an optional proxy server to the currently configured {@link CredentialsManager}.
|
|---|
| 17 | * @since 2641
|
|---|
| 18 | */
|
|---|
| 19 | public final class DefaultAuthenticator extends Authenticator {
|
|---|
| 20 | private static final DefaultAuthenticator INSTANCE = new DefaultAuthenticator();
|
|---|
| 21 |
|
|---|
| 22 | /**
|
|---|
| 23 | * Returns the unique instance
|
|---|
| 24 | * @return The unique instance
|
|---|
| 25 | */
|
|---|
| 26 | public static DefaultAuthenticator getInstance() {
|
|---|
| 27 | return INSTANCE;
|
|---|
| 28 | }
|
|---|
| 29 |
|
|---|
| 30 | private final Collection<Pair<String, RequestorType>> failedCredentials = new HashSet<>();
|
|---|
| 31 | private boolean enabled = true;
|
|---|
| 32 |
|
|---|
| 33 | private DefaultAuthenticator() {
|
|---|
| 34 | }
|
|---|
| 35 |
|
|---|
| 36 | /**
|
|---|
| 37 | * Called by the Java HTTP stack when either the OSM API server or a proxy requires authentication.
|
|---|
| 38 | */
|
|---|
| 39 | @Override
|
|---|
| 40 | protected PasswordAuthentication getPasswordAuthentication() {
|
|---|
| 41 | if (!enabled)
|
|---|
| 42 | return null;
|
|---|
| 43 | try {
|
|---|
| 44 | if (OsmApi.isUsingOAuth()
|
|---|
| 45 | && Objects.equals(OsmApi.getOsmApi().getHost(), getRequestingHost())
|
|---|
| 46 | && RequestorType.SERVER.equals(getRequestorType())) {
|
|---|
| 47 | // if we are working with OAuth we don't prompt for a password
|
|---|
| 48 | return null;
|
|---|
| 49 | }
|
|---|
| 50 | final Pair<String, RequestorType> hostTypePair = Pair.create(getRequestingHost(), getRequestorType());
|
|---|
| 51 | final boolean hasFailedPreviously = failedCredentials.contains(hostTypePair);
|
|---|
| 52 | final CredentialsAgentResponse response = CredentialsManager.getInstance().getCredentials(
|
|---|
| 53 | getRequestorType(), getRequestingHost(), hasFailedPreviously);
|
|---|
| 54 | if (response == null || response.isCanceled()) {
|
|---|
| 55 | return null;
|
|---|
| 56 | }
|
|---|
| 57 | if (RequestorType.PROXY.equals(getRequestorType())) {
|
|---|
| 58 | // Query user in case this authenticator is called (indicating that the authentication failed) the next time.
|
|---|
| 59 | failedCredentials.add(hostTypePair);
|
|---|
| 60 | } else {
|
|---|
| 61 | // Other parallel requests should not ask the user again, thus wait till this request is finished.
|
|---|
| 62 | // In case of invalid authentication, the host is added again to failedCredentials at HttpClient.connect()
|
|---|
| 63 | failedCredentials.remove(hostTypePair);
|
|---|
| 64 | }
|
|---|
| 65 | return new PasswordAuthentication(response.getUsername(), response.getPassword());
|
|---|
| 66 | } catch (CredentialsAgentException e) {
|
|---|
| 67 | Logging.error(e);
|
|---|
| 68 | return null;
|
|---|
| 69 | }
|
|---|
| 70 | }
|
|---|
| 71 |
|
|---|
| 72 | /**
|
|---|
| 73 | * Determines whether this authenticator is enabled, i.e.,
|
|---|
| 74 | * provides {@link #getPasswordAuthentication() password authentication} via {@link CredentialsManager}.
|
|---|
| 75 | * @return whether this authenticator is enabled
|
|---|
| 76 | */
|
|---|
| 77 | public boolean isEnabled() {
|
|---|
| 78 | return enabled;
|
|---|
| 79 | }
|
|---|
| 80 |
|
|---|
| 81 | /**
|
|---|
| 82 | * Enabled/disables this authenticator, i.e., decides whether it
|
|---|
| 83 | * should provide {@link #getPasswordAuthentication() password authentication} via {@link CredentialsManager}.
|
|---|
| 84 | * @param enabled whether this authenticator should be enabled
|
|---|
| 85 | */
|
|---|
| 86 | public void setEnabled(boolean enabled) {
|
|---|
| 87 | this.enabled = enabled;
|
|---|
| 88 | }
|
|---|
| 89 |
|
|---|
| 90 | /**
|
|---|
| 91 | * Marks for this host that the authentication failed, i.e.,
|
|---|
| 92 | * the {@link CredentialsManager} will show a dialog at the next time.
|
|---|
| 93 | * @param host the host to mark
|
|---|
| 94 | * @return as per {@link Collection#add(Object)}
|
|---|
| 95 | */
|
|---|
| 96 | public boolean addFailedCredentialHost(String host) {
|
|---|
| 97 | return failedCredentials.add(Pair.create(host, RequestorType.SERVER));
|
|---|
| 98 | }
|
|---|
| 99 |
|
|---|
| 100 | /**
|
|---|
| 101 | * Un-marks the failed authentication attempt for the host
|
|---|
| 102 | * @param host the host to un-mark
|
|---|
| 103 | * @return as per {@link Collection#remove(Object)}
|
|---|
| 104 | */
|
|---|
| 105 | public boolean removeFailedCredentialHost(String host) {
|
|---|
| 106 | return failedCredentials.remove(Pair.create(host, RequestorType.SERVER));
|
|---|
| 107 | }
|
|---|
| 108 | }
|
|---|
