Package org.omegat.util

Class CredentialsManager

  • public final class CredentialsManager
extends java.lang.Object
    A class for storing and retrieving sensitive values such as login credentials, API keys, etc., from the program-wide Preferences store.

    Stored values are encrypted with a "master password" (=encryption key). If this has not yet been supplied to the encryption engine, the user will be prompted to create it. Upon creating a master password, a "canary" value is saved to preferences; the canary is used to ensure that all values are encrypted with the same master password (thus ensuring that the user only needs to remember one password).

    The user can choose not to set a master password; in this case a master password is generated for the user and stored in Preferences in plain text. Values stored with the CredentialsManager will still be encrypted, but because the master password is readily accessible the actual security is greatly diminished. This feature was deemed required for usability, despite the drawbacks.

    • Method Detail

      • store

        public boolean store​(java.lang.String key,
                     java.lang.String value)
        Securely store a key-value pair. If the master password is not stored and has not been input, the user will be prompted to input it.
        Parameters:
        key - The key for the value to store (not encrypted)
        value - The value to store (encrypted)
        Returns:
        True if the value was stored successfully; false if otherwise (e.g. the user canceled)

      • isStored

        public boolean isStored​(java.lang.String key)
        Check to see if a value has been securely stored for the given key.

        If the master password has not been set, this will return false for all keys.

        See Also:
        isMasterPasswordSet()

      • isMasterPasswordSet

        public boolean isMasterPasswordSet()
        Check whether or not the master password has been set. This checks only for the presence of the canary value.

      • isMasterPasswordStored

        public boolean isMasterPasswordStored()
        Check whether or not the master password is stored in plain text so the user doesn't need to input it. The master password is considered to not be stored if isMasterPasswordSet() returns false.

      • clearMasterPassword

        public void clearMasterPassword()
        Clear the stored master password (if present) and the canary value. Afterwards, any encrypted values will be considered to be not set (isStored(String) returns false; retrieve(String) returns Optional.empty()).

      • clear

        public void clear​(java.lang.String key)
        Clear the value for the given key.

      • retrieve

        public java.util.Optional<java.lang.String> retrieve​(java.lang.String key)
        Retrieve the securely stored value for the given key. If the master password is not stored and has not been input, the user will be prompted to input it.
        Parameters:
        key - The key for the value to store (not encrypted)
        Returns:
        The Optional-wrapped value, which can be empty if the user declines to enter the master password or the master password is not the correct encryption key for the value