Class PasswordProvider


  • public abstract class PasswordProvider
    extends Object
    Password provider modules should extend this class. Secure storage will ask modules for passwords used to encrypt entries stored in the secure preferences.

    Password provider modules can be thought of as trusted 3rd parties used to provide passwords to open keyrings containing secure preferences. They can do it, for instance, by asking the user to enter password, or integrating with operating system login, or exchanging information with a device such as a smart card reader.

    Use org.eclipse.equinox.security.secureStorage extension point to contribute password provider module to the secure storage system.

    • Field Detail

      • CREATE_NEW_PASSWORD

        public static final int CREATE_NEW_PASSWORD
        Bit mask for the password type field of the getPassword(IPreferencesContainer, int) method. If value at this bit set to 1, it indicates that a new password should be created; otherwise this is a request for the password previously used for this secure storage.
        See Also:
        Constant Field Values
      • PASSWORD_CHANGE

        public static final int PASSWORD_CHANGE
        Bit mask for the password type field of the getPassword(IPreferencesContainer, int) method. If value at this bit set to 1, it indicates that a new password is requested as a part of the password change operation.
        See Also:
        Constant Field Values
    • Constructor Detail

      • PasswordProvider

        public PasswordProvider()
        Constructor.
    • Method Detail

      • getPassword

        public abstract PBEKeySpec getPassword​(IPreferencesContainer container,
                                               int passwordType)
        This method should return the password used to encrypt entries in the secure preferences.
        Parameters:
        container - container of the secure preferences
        passwordType - the collection of bits that describes password type requested. See CREATE_NEW_PASSWORD and PASSWORD_CHANGE. When evaluating value of this field use bit-wise filters as additional bits might be used in future versions
        Returns:
        password used to encrypt entries in the secure preferences, null if unable to obtain password
      • retryOnError

        public boolean retryOnError​(Exception e,
                                    IPreferencesContainer container)
        The framework might call this method if it suspects that the password is invalid (for instance, due to a failed data decryption).
        Parameters:
        e - exception that occurred in the secure preferences processing
        container - container of the secure preferences
        Returns:
        true if a different password might be provided; false otherwise. If in doubt, return false