001: /*
002: * Copyright 2004-2008 H2 Group. Licensed under the H2 License, Version 1.0
003: * (http://h2database.com/html/license.html).
004: * Initial Developer: H2 Group
005: */
006: package org.h2.tools;
007:
008: import java.io.IOException;
009: import java.sql.SQLException;
010: import java.util.ArrayList;
011:
012: import org.h2.engine.Database;
013: import org.h2.message.Message;
014: import org.h2.security.SHA256;
015: import org.h2.store.FileLister;
016: import org.h2.store.FileStore;
017: import org.h2.util.FileUtils;
018:
019: /**
020: * A tools to change, remove or set a file password of a database without
021: * opening it.
022: */
023: public class ChangePassword {
024:
025: private String dir;
026: private String cipher;
027: private byte[] decrypt;
028: private byte[] encrypt;
029:
030: // TODO security: maybe allow functions in the url
031: // jdbc:h2:test;action=[decrypt|encrypt|check|reindex|recover|compress...]
032: // and/or implement SQL commands that call this functions (only for the admin)
033:
034: private void showUsage() {
035: System.out
036: .println("java "
037: + getClass().getName()
038: + " [-dir <dir>] [-db <database>] [-cipher <cipher>] [-decrypt <pwd>] [-encrypt <pwd>] [-quiet]");
039: System.out
040: .println("See also http://h2database.com/javadoc/org/h2/tools/ChangePassword.html");
041: }
042:
043: /**
044: * The command line interface for this tool.
045: * The options must be split into strings like this: "-db", "test",...
046: * Options are case sensitive. The following options are supported:
047: * <ul>
048: * <li>-help or -? (print the list of options)
049: * </li><li>-dir database directory (the default is the current directory)
050: * </li><li>-db database name (all databases if no name is specified)
051: * </li><li>-cipher type (AES or XTEA)
052: * </li><li>-decrypt password (null if the database is not encrypted)
053: * </li><li>-encrypt password (null if the database should not be encrypted)
054: * </li><li>-quiet does not print progress information
055: * </li></ul>
056: *
057: * @param args the command line arguments
058: * @throws SQLException
059: */
060: public static void main(String[] args) throws SQLException {
061: new ChangePassword().run(args);
062: }
063:
064: private void run(String[] args) throws SQLException {
065: String dir = ".";
066: String cipher = null;
067: char[] decryptPassword = null;
068: char[] encryptPassword = null;
069: String db = null;
070: boolean quiet = false;
071: for (int i = 0; args != null && i < args.length; i++) {
072: if (args[i].equals("-dir")) {
073: dir = args[++i];
074: } else if (args[i].equals("-cipher")) {
075: cipher = args[++i];
076: } else if (args[i].equals("-db")) {
077: db = args[++i];
078: } else if (args[i].equals("-decrypt")) {
079: decryptPassword = args[++i].toCharArray();
080: } else if (args[i].equals("-encrypt")) {
081: encryptPassword = args[++i].toCharArray();
082: } else if (args[i].equals("-quiet")) {
083: quiet = true;
084: } else {
085: showUsage();
086: return;
087: }
088: }
089: if (encryptPassword == null && decryptPassword == null) {
090: showUsage();
091: return;
092: }
093: execute(dir, db, cipher, decryptPassword, encryptPassword,
094: quiet);
095: }
096:
097: /**
098: * Get the file encryption key for a given password.
099: * The password must be supplied as char arrays and is cleaned in this method.
100: *
101: * @param password the password as a char array
102: * @return the encryption key
103: */
104: private static byte[] getFileEncryptionKey(char[] password) {
105: if (password == null) {
106: return null;
107: }
108: SHA256 sha = new SHA256();
109: return sha.getKeyPasswordHash("file", password);
110: }
111:
112: /**
113: * Changes the password for a database.
114: * The passwords must be supplied as char arrays and are cleaned in this method.
115: *
116: * @param dir the directory (. for the current directory)
117: * @param db the database name (null for all databases)
118: * @param cipher the cipher (AES, XTEA)
119: * @param decryptPassword the decryption password as a char array
120: * @param encryptPassword the encryption password as a char array
121: * @param quiet don't print progress information
122: * @throws SQLException
123: */
124: public static void execute(String dir, String db, String cipher,
125: char[] decryptPassword, char[] encryptPassword,
126: boolean quiet) throws SQLException {
127: ChangePassword change = new ChangePassword();
128: change.dir = dir;
129: change.cipher = cipher;
130: change.decrypt = getFileEncryptionKey(decryptPassword);
131: change.encrypt = getFileEncryptionKey(encryptPassword);
132:
133: // first, test only if the file can be renamed
134: // (to find errors with locked files early)
135: ArrayList files = FileLister.getDatabaseFiles(dir, db, false);
136: for (int i = 0; i < files.size(); i++) {
137: String fileName = (String) files.get(i);
138: String temp = dir + "/temp.db";
139: FileUtils.delete(temp);
140: FileUtils.rename(fileName, temp);
141: FileUtils.rename(temp, fileName);
142: }
143: // if this worked, the operation will (hopefully) be successful
144: // TODO changePassword: this is a workaround!
145: // make the operation atomic (all files or none)
146: for (int i = 0; i < files.size(); i++) {
147: String fileName = (String) files.get(i);
148: change.process(fileName);
149: }
150: if (files.size() == 0 && !quiet) {
151: System.out.println("No database files found");
152: }
153: }
154:
155: private void process(String fileName) throws SQLException {
156: boolean textStorage = Database.isTextStorage(fileName, false);
157: byte[] magic = Database.getMagic(textStorage);
158: FileStore in;
159: if (decrypt == null) {
160: in = FileStore.open(null, fileName, "r", magic);
161: } else {
162: in = FileStore.open(null, fileName, "r", magic, cipher,
163: decrypt);
164: }
165: in.init();
166: copy(fileName, textStorage, in, encrypt);
167: }
168:
169: private void copy(String fileName, boolean textStorage,
170: FileStore in, byte[] key) throws SQLException {
171: String temp = dir + "/temp.db";
172: FileUtils.delete(temp);
173: byte[] magic = Database.getMagic(textStorage);
174: FileStore out;
175: if (key == null) {
176: out = FileStore.open(null, temp, "rw", magic);
177: } else {
178: out = FileStore.open(null, temp, "rw", magic, cipher, key);
179: }
180: out.init();
181: byte[] buffer = new byte[4 * 1024];
182: long remaining = in.length() - FileStore.HEADER_LENGTH;
183: long total = remaining;
184: in.seek(FileStore.HEADER_LENGTH);
185: out.seek(FileStore.HEADER_LENGTH);
186: long time = System.currentTimeMillis();
187: while (remaining > 0) {
188: if (System.currentTimeMillis() - time > 1000) {
189: System.out.println(fileName + ": "
190: + (100 - 100 * remaining / total) + "%");
191: time = System.currentTimeMillis();
192: }
193: int len = (int) Math.min(buffer.length, remaining);
194: in.readFully(buffer, 0, len);
195: out.write(buffer, 0, len);
196: remaining -= len;
197: }
198: try {
199: in.close();
200: out.close();
201: } catch (IOException e) {
202: throw Message.convertIOException(e, null);
203: }
204: FileUtils.delete(fileName);
205: FileUtils.rename(temp, fileName);
206: }
207:
208: }
|