-/*
- * Copyright (C) 2007-2012 Argeo GmbH
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
package org.argeo.cms.auth;
import java.security.AccessController;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
-import org.argeo.cms.security.PasswordBasedEncryption;
-import org.argeo.node.security.PBEKeySpecCallback;
+import org.argeo.api.security.PBEKeySpecCallback;
+import org.argeo.util.PasswordEncryption;
/** Adds a secret key to the private credentials */
public class KeyringLoginModule implements LoginModule {
private CallbackHandler callbackHandler;
private SecretKey secretKey;
- public void initialize(Subject subject, CallbackHandler callbackHandler,
- Map<String, ?> sharedState, Map<String, ?> options) {
+ public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
+ Map<String, ?> options) {
this.subject = subject;
if (subject == null) {
subject = Subject.getSubject(AccessController.getContext());
}
public boolean login() throws LoginException {
- Set<SecretKey> pbes = subject.getPrivateCredentials(SecretKey.class);
- if (pbes.size() > 0)
- return true;
+// Set<SecretKey> pbes = subject.getPrivateCredentials(SecretKey.class);
+// if (pbes.size() > 0)
+// return true;
PasswordCallback pc = new PasswordCallback("Master password", false);
PBEKeySpecCallback pbeCb = new PBEKeySpecCallback();
Callback[] callbacks = { pc, pbeCb };
callbackHandler.handle(callbacks);
char[] password = pc.getPassword();
- SecretKeyFactory keyFac = SecretKeyFactory.getInstance(pbeCb
- .getSecretKeyFactory());
+ SecretKeyFactory keyFac = SecretKeyFactory.getInstance(pbeCb.getSecretKeyFactory());
PBEKeySpec keySpec;
if (pbeCb.getKeyLength() != null)
- keySpec = new PBEKeySpec(password, pbeCb.getSalt(),
- pbeCb.getIterationCount(), pbeCb.getKeyLength());
+ keySpec = new PBEKeySpec(password, pbeCb.getSalt(), pbeCb.getIterationCount(), pbeCb.getKeyLength());
else
- keySpec = new PBEKeySpec(password, pbeCb.getSalt(),
- pbeCb.getIterationCount());
+ keySpec = new PBEKeySpec(password, pbeCb.getSalt(), pbeCb.getIterationCount());
String secKeyEncryption = pbeCb.getSecretKeyEncryption();
if (secKeyEncryption != null) {
SecretKey tmp = keyFac.generateSecret(keySpec);
- secretKey = new SecretKeySpec(tmp.getEncoded(),
- secKeyEncryption);
+ secretKey = new SecretKeySpec(tmp.getEncoded(), secKeyEncryption);
} else {
secretKey = keyFac.generateSecret(keySpec);
}
}
public boolean commit() throws LoginException {
- if (secretKey != null)
+ if (secretKey != null) {
+ subject.getPrivateCredentials().removeAll(subject.getPrivateCredentials(SecretKey.class));
subject.getPrivateCredentials().add(secretKey);
+ }
return true;
}
}
public boolean logout() throws LoginException {
- Set<PasswordBasedEncryption> pbes = subject
- .getPrivateCredentials(PasswordBasedEncryption.class);
+ Set<PasswordEncryption> pbes = subject.getPrivateCredentials(PasswordEncryption.class);
pbes.clear();
return true;
}