It's time to think about how to put everything together. Clearly there must be some generic solution that allows easily adding new external password storage utilities such as KWallet or OSX utility. Well, the obvious way to do this is to use something like the following from the ProtocolProviderFactory.storePassword (which I talked about in Part 2). Just a sketch:
public static class PasswordStore {
public void storePassword(String account, String password) {
Runtime runtime = Runtime.getRuntime();
if (OSUtils.IS_LINUX) {
// can we check if gnome is running in some other way?
if (runtime.exec(new String[] { "which", "gnome-keyring" })
.waitFor() == 0) {
password = new GnomeKeyring().storePassword(account,
password);
// probably add a property that says we're using
// gnome-keyring,
// this would make loading easier
} else if (runtime.exec(new String[] { "which", "kwallet" })
.waitFor() == 0) {
// store to KWallet
}
} else if (OSUtils.IS_MAC) {
// osx storage
} else {
// fall back to default behaviour (base-64 encode)
}
}
}
I did a quick search in the code and it seems that OSUtils.IS_* is used everywhere to check the OS type. I didn't find anything to check what desktop environment is used, but inside BrowserLauncherImpl I found similar code that finds browsers using unix which command, that's one way I guess, but maybe there's a better solution.
Anyway, the idea is that when the password is stored a new property is written in the configuration that tells what storage mechanism is used. With this property present, password loading is easy. Sketch:
public static class PasswordLoad {
public String loadPassword(String account) {
String password = null;
String property = configurationService.getString(storageType);
if (property.equals("gnome-keyring")) {
password = new GnomeKeyRing().loadPassword(account);
} else {
// fall back to default and get password from the properties
}
return password;
}
}
Clearly, default behavior should be used when no other option is possible. Also, maybe when the password was not found in gnome-keyring we should also look in the configuration, just in case.
Concerning KWallet, I haven't researched it much (being a gnome user), but there is this thing. A whole java library for KWallet, excellent! So, I guess it should not be a problem to talk to it. I certainly can do that if gnome-keyring is already working and integrated.
Well, that seems to be it. I've described in 5 parts what I would do to implement a secure password storage with GnomeKeyring for SIP Communicator. I think the application is complete and I really need some feedback from the development team. If they like it and my application becomes accepted I'll continue posting on my progress here.
No comments:
Post a Comment