X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.server.jcr%2Fsrc%2Forg%2Fargeo%2Fjcr%2Fsecurity%2FJcrKeyring.java;h=8ab6ed3556ec64288dd7c964e22a1616913c5db0;hb=8260f4470f514ea347ca53f5b4dfc632c4a4de66;hp=77e969509ea44298b031711a5ceb95dadaa6ff79;hpb=0a7d938324d33848ac7dc4ef4007c73a714171ee;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.server.jcr/src/org/argeo/jcr/security/JcrKeyring.java b/org.argeo.server.jcr/src/org/argeo/jcr/security/JcrKeyring.java
index 77e969509..8ab6ed355 100644
--- a/org.argeo.server.jcr/src/org/argeo/jcr/security/JcrKeyring.java
+++ b/org.argeo.server.jcr/src/org/argeo/jcr/security/JcrKeyring.java
@@ -19,6 +19,7 @@ import java.io.ByteArrayInputStream;
 import java.io.CharArrayReader;
 import java.io.InputStream;
 import java.io.Reader;
+import java.security.Provider;
 import java.security.SecureRandom;
 
 import javax.crypto.Cipher;
@@ -32,7 +33,7 @@ import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 
 import org.apache.commons.io.IOUtils;
-import org.argeo.ArgeoException;
+import org.argeo.jcr.ArgeoJcrException;
 import org.argeo.jcr.ArgeoNames;
 import org.argeo.jcr.ArgeoTypes;
 import org.argeo.jcr.JcrUtils;
@@ -83,7 +84,7 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames {
 			Node userHome = UserJcrUtils.getUserHome(session);
 			return userHome.hasNode(ARGEO_KEYRING);
 		} catch (RepositoryException e) {
-			throw new ArgeoException("Cannot check whether keyring is setup", e);
+			throw new ArgeoJcrException("Cannot check whether keyring is setup", e);
 		}
 	}
 
@@ -94,7 +95,7 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames {
 		try {
 			Node userHome = UserJcrUtils.getUserHome(session);
 			if (userHome.hasNode(ARGEO_KEYRING))
-				throw new ArgeoException("Keyring already setup");
+				throw new ArgeoJcrException("Keyring already setup");
 			Node keyring = userHome.addNode(ARGEO_KEYRING);
 			keyring.addMixin(ArgeoTypes.ARGEO_PBE_SPEC);
 
@@ -119,10 +120,11 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames {
 			// TODO check if algo and key length are available, use DES if not
 			keyring.setProperty(ARGEO_SECRET_KEY_FACTORY, secreteKeyFactoryName);
 			keyring.setProperty(ARGEO_KEY_LENGTH, secreteKeyLength);
-			keyring.setProperty(ARGEO_SECRET_KEY_ENCRYPTION,
-					secreteKeyEncryption);
+			keyring.setProperty(ARGEO_SECRET_KEY_ENCRYPTION, secreteKeyEncryption);
 			keyring.setProperty(ARGEO_CIPHER, cipherName);
 
+			// keyring.getSession().save();
+
 			// encrypted password hash
 			// IOUtils.closeQuietly(in);
 			// JcrUtils.closeQuietly(binary);
@@ -133,7 +135,7 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames {
 
 			notYetSavedKeyring.set(keyring);
 		} catch (Exception e) {
-			throw new ArgeoException("Cannot setup keyring", e);
+			throw new ArgeoJcrException("Cannot setup keyring", e);
 		} finally {
 			JcrUtils.closeQuietly(binary);
 			IOUtils.closeQuietly(in);
@@ -151,20 +153,18 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames {
 			else if (notYetSavedKeyring.get() != null)
 				keyring = notYetSavedKeyring.get();
 			else
-				throw new ArgeoException("Keyring not setup");
+				throw new ArgeoJcrException("Keyring not setup");
 
-			pbeCallback.set(keyring.getProperty(ARGEO_SECRET_KEY_FACTORY)
-					.getString(), JcrUtils.getBinaryAsBytes(keyring
-					.getProperty(ARGEO_SALT)),
+			pbeCallback.set(keyring.getProperty(ARGEO_SECRET_KEY_FACTORY).getString(),
+					JcrUtils.getBinaryAsBytes(keyring.getProperty(ARGEO_SALT)),
 					(int) keyring.getProperty(ARGEO_ITERATION_COUNT).getLong(),
 					(int) keyring.getProperty(ARGEO_KEY_LENGTH).getLong(),
-					keyring.getProperty(ARGEO_SECRET_KEY_ENCRYPTION)
-							.getString());
+					keyring.getProperty(ARGEO_SECRET_KEY_ENCRYPTION).getString());
 
 			if (notYetSavedKeyring.get() != null)
 				notYetSavedKeyring.remove();
 		} catch (RepositoryException e) {
-			throw new ArgeoException("Cannot handle key spec callback", e);
+			throw new ArgeoJcrException("Cannot handle key spec callback", e);
 		}
 	}
 
@@ -182,7 +182,7 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames {
 			if (!session.nodeExists(path)) {
 				String parentPath = JcrUtils.parentPath(path);
 				if (!session.nodeExists(parentPath))
-					throw new ArgeoException("No parent node of " + path);
+					throw new ArgeoJcrException("No parent node of " + path);
 				Node parentNode = session.getNode(parentPath);
 				node = parentNode.addNode(JcrUtils.nodeNameFromPath(path));
 			} else {
@@ -200,7 +200,7 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames {
 			node.setProperty(Property.JCR_DATA, binary);
 			session.save();
 		} catch (Exception e) {
-			throw new ArgeoException("Cannot encrypt", e);
+			throw new ArgeoJcrException("Cannot encrypt", e);
 		} finally {
 			IOUtils.closeQuietly(unencrypted);
 			IOUtils.closeQuietly(in);
@@ -226,10 +226,8 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames {
 
 				Node node = session.getNode(path);
 				if (node.hasProperty(ARGEO_IV)) {
-					byte[] iv = JcrUtils.getBinaryAsBytes(node
-							.getProperty(ARGEO_IV));
-					cipher.init(Cipher.DECRYPT_MODE, secretKey,
-							new IvParameterSpec(iv));
+					byte[] iv = JcrUtils.getBinaryAsBytes(node.getProperty(ARGEO_IV));
+					cipher.init(Cipher.DECRYPT_MODE, secretKey, new IvParameterSpec(iv));
 				} else {
 					cipher.init(Cipher.DECRYPT_MODE, secretKey);
 				}
@@ -239,7 +237,7 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames {
 				return new CipherInputStream(encrypted, cipher);
 			}
 		} catch (Exception e) {
-			throw new ArgeoException("Cannot decrypt", e);
+			throw new ArgeoJcrException("Cannot decrypt", e);
 		} finally {
 			IOUtils.closeQuietly(encrypted);
 			IOUtils.closeQuietly(reader);
@@ -251,19 +249,22 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames {
 		try {
 			Node userHome = UserJcrUtils.getUserHome(session);
 			if (!userHome.hasNode(ARGEO_KEYRING))
-				throw new ArgeoException("Keyring not setup");
+				throw new ArgeoJcrException("Keyring not setup");
 			Node keyring = userHome.getNode(ARGEO_KEYRING);
-			Cipher cipher = Cipher.getInstance(keyring
-					.getProperty(ARGEO_CIPHER).getString(),
-					getSecurityProvider());
+			String cipherName = keyring.getProperty(ARGEO_CIPHER).getString();
+			Provider securityProvider = getSecurityProvider();
+			Cipher cipher;
+			if (securityProvider == null)// TODO use BC?
+				cipher = Cipher.getInstance(cipherName);
+			else
+				cipher = Cipher.getInstance(cipherName, securityProvider);
 			return cipher;
 		} catch (Exception e) {
-			throw new ArgeoException("Cannot get cipher", e);
+			throw new ArgeoJcrException("Cannot get cipher", e);
 		}
 	}
 
-	public synchronized void changePassword(char[] oldPassword,
-			char[] newPassword) {
+	public synchronized void changePassword(char[] oldPassword, char[] newPassword) {
 		// TODO decrypt with old pw / encrypt with new pw all argeo:encrypted
 	}