org.omegat.util

Class CredentialsManager

java.lang.Object

org.omegat.util.CredentialsManager

public final class CredentialsManager
extends java.lang.Object

A class for storing and retrieving sensitive values such as login credentials, API keys, etc., from the program-wide Preferences store.

Stored values are encrypted with a "master password" (=encryption key). If this has not yet been supplied to the encryption engine, the user will be prompted to create it. Upon creating a master password, a "canary" value is saved to preferences; the canary is used to ensure that all values are encrypted with the same master password (thus ensuring that the user only needs to remember one password).

The user can choose not to set a master password; in this case a master password is generated for the user and stored in Preferences in plain text. Values stored with the CredentialsManager will still be encrypted, but because the master password is readily accessible the actual security is greatly diminished. This feature was deemed required for usability, despite the drawbacks.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static interface	CredentialsManager.IPasswordPrompt
static class	CredentialsManager.PasswordSetResult
static class	CredentialsManager.ResponseType

Method Summary

Modifier and Type	Method and Description
void	clear(java.lang.String key) Clear the value for the given key.
void	clearMasterPassword() Clear the stored master password (if present) and the canary value.
static CredentialsManager	getInstance()
boolean	isMasterPasswordSet() Check whether or not the master password has been set.
boolean	isMasterPasswordStored() Check whether or not the master password is stored in plain text so the user doesn't need to input it.
boolean	isStored(java.lang.String key) Check to see if a value has been securely stored for the given key.
java.util.Optional<java.lang.String>	retrieve(java.lang.String key) Retrieve the securely stored value for the given key.
boolean	store(java.lang.String key, java.lang.String value) Securely store a key-value pair.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getInstance

public static CredentialsManager getInstance()

store

public boolean store(java.lang.String key,
                     java.lang.String value)

Securely store a key-value pair. If the master password is not stored and has not been input, the user will be prompted to input it.

Parameters:

key - The key for the value to store (not encrypted)

value - The value to store (encrypted)

Returns:

True if the value was stored successfully; false if otherwise (e.g. the user canceled)

isStored

public boolean isStored(java.lang.String key)

Check to see if a value has been securely stored for the given key.

If the master password has not been set, this will return false for all keys.

See Also:

isMasterPasswordSet()

isMasterPasswordSet

public boolean isMasterPasswordSet()

Check whether or not the master password has been set. This checks only for the presence of the canary value.

isMasterPasswordStored

public boolean isMasterPasswordStored()

Check whether or not the master password is stored in plain text so the user doesn't need to input it. The master password is considered to not be stored if isMasterPasswordSet() returns false.

clearMasterPassword

public void clearMasterPassword()

Clear the stored master password (if present) and the canary value. Afterwards, any encrypted values will be considered to be not set (isStored(String) returns false; retrieve(String) returns Optional.empty()).

clear

public void clear(java.lang.String key)

Clear the value for the given key.

retrieve

public java.util.Optional<java.lang.String> retrieve(java.lang.String key)

Retrieve the securely stored value for the given key. If the master password is not stored and has not been input, the user will be prompted to input it.

Parameters:

key - The key for the value to store (not encrypted)

Returns:

The Optional-wrapped value, which can be empty if the user declines to enter the master password or the master password is not the correct encryption key for the value