1 /* 2 * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.util; 27 28 import java.io.*; 29 import java.nio.*; 30 import java.nio.charset.*; 31 import java.util.Arrays; 32 import jdk.internal.access.SharedSecrets; 33 34 /** 35 * A utility class for reading passwords 36 * 37 */ 38 public class Password { 39 /** Reads user password from given input stream. */ readPassword(InputStream in)40 public static char[] readPassword(InputStream in) throws IOException { 41 return readPassword(in, false); 42 } 43 44 /** Reads user password from given input stream. 45 * @param isEchoOn true if the password should be echoed on the screen 46 */ 47 @SuppressWarnings("fallthrough") readPassword(InputStream in, boolean isEchoOn)48 public static char[] readPassword(InputStream in, boolean isEchoOn) 49 throws IOException { 50 51 char[] consoleEntered = null; 52 byte[] consoleBytes = null; 53 54 try { 55 // Use the new java.io.Console class 56 Console con = null; 57 if (!isEchoOn && in == System.in && ((con = System.console()) != null)) { 58 consoleEntered = con.readPassword(); 59 // readPassword returns "" if you just print ENTER, 60 // to be compatible with old Password class, change to null 61 if (consoleEntered != null && consoleEntered.length == 0) { 62 return null; 63 } 64 consoleBytes = convertToBytes(consoleEntered); 65 in = new ByteArrayInputStream(consoleBytes); 66 } 67 68 // Rest of the lines still necessary for KeyStoreLoginModule 69 // and when there is no console. 70 71 char[] lineBuffer; 72 char[] buf; 73 int i; 74 75 buf = lineBuffer = new char[128]; 76 77 int room = buf.length; 78 int offset = 0; 79 int c; 80 81 boolean done = false; 82 while (!done) { 83 switch (c = in.read()) { 84 case -1: 85 case '\n': 86 done = true; 87 break; 88 89 case '\r': 90 int c2 = in.read(); 91 if ((c2 != '\n') && (c2 != -1)) { 92 if (!(in instanceof PushbackInputStream)) { 93 in = new PushbackInputStream(in); 94 } 95 ((PushbackInputStream)in).unread(c2); 96 } else { 97 done = true; 98 break; 99 } 100 /* fall through */ 101 default: 102 if (--room < 0) { 103 buf = new char[offset + 128]; 104 room = buf.length - offset - 1; 105 System.arraycopy(lineBuffer, 0, buf, 0, offset); 106 Arrays.fill(lineBuffer, ' '); 107 lineBuffer = buf; 108 } 109 buf[offset++] = (char) c; 110 break; 111 } 112 } 113 114 if (offset == 0) { 115 return null; 116 } 117 118 char[] ret = new char[offset]; 119 System.arraycopy(buf, 0, ret, 0, offset); 120 Arrays.fill(buf, ' '); 121 122 return ret; 123 } finally { 124 if (consoleEntered != null) { 125 Arrays.fill(consoleEntered, ' '); 126 } 127 if (consoleBytes != null) { 128 Arrays.fill(consoleBytes, (byte)0); 129 } 130 } 131 } 132 133 /** 134 * Change a password read from Console.readPassword() into 135 * its original bytes. 136 * 137 * @param pass a char[] 138 * @return its byte[] format, similar to new String(pass).getBytes() 139 */ convertToBytes(char[] pass)140 private static byte[] convertToBytes(char[] pass) { 141 if (enc == null) { 142 synchronized (Password.class) { 143 enc = SharedSecrets.getJavaIOAccess() 144 .charset() 145 .newEncoder() 146 .onMalformedInput(CodingErrorAction.REPLACE) 147 .onUnmappableCharacter(CodingErrorAction.REPLACE); 148 } 149 } 150 byte[] ba = new byte[(int)(enc.maxBytesPerChar() * pass.length)]; 151 ByteBuffer bb = ByteBuffer.wrap(ba); 152 synchronized (enc) { 153 enc.reset().encode(CharBuffer.wrap(pass), bb, true); 154 } 155 if (bb.position() < ba.length) { 156 ba[bb.position()] = '\n'; 157 } 158 return ba; 159 } 160 private static volatile CharsetEncoder enc; 161 } 162