X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=server%2Fruntime%2Forg.argeo.server.jcr%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fjcr%2Fsecurity%2FJcrKeyring.java;h=91dd202011f261de9e9d7838ef3abfee1dea9319;hb=2c4852dcd20d4cde88776c527ae935f242ae1e77;hp=2a323f8b7ad1d9c35189e4c0a393960b7f7ecdbb;hpb=484dcb1507e4e35cc282e50522ea7eac7e99a7f9;p=lgpl%2Fargeo-commons.git

diff --git a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/JcrKeyring.java b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/JcrKeyring.java
index 2a323f8b7..91dd20201 100644
--- a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/JcrKeyring.java
+++ b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/JcrKeyring.java
@@ -1,3 +1,18 @@
+/*
+ * Copyright (C) 2007-2012 Mathieu Baudier
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package org.argeo.jcr.security;
 
 import java.io.ByteArrayInputStream;
@@ -16,6 +31,7 @@ import javax.jcr.Session;
 
 import org.apache.commons.io.IOUtils;
 import org.argeo.ArgeoException;
+import org.argeo.jcr.ArgeoJcrUtils;
 import org.argeo.jcr.ArgeoNames;
 import org.argeo.jcr.ArgeoTypes;
 import org.argeo.jcr.JcrUtils;
@@ -47,7 +63,7 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames {
 			if (notYetSavedKeyring.get() != null)
 				return true;
 
-			Node userHome = JcrUtils.getUserHome(session);
+			Node userHome = ArgeoJcrUtils.getUserHome(session);
 			return userHome.hasNode(ARGEO_KEYRING);
 		} catch (RepositoryException e) {
 			throw new ArgeoException("Cannot check whether keyring is setup", e);
@@ -59,7 +75,7 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames {
 		Binary binary = null;
 		InputStream in = null;
 		try {
-			Node userHome = JcrUtils.getUserHome(session);
+			Node userHome = ArgeoJcrUtils.getUserHome(session);
 			if (userHome.hasNode(ARGEO_KEYRING))
 				throw new ArgeoException("Keyring already setup");
 			Node keyring = userHome.addNode(ARGEO_KEYRING);
@@ -110,7 +126,7 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames {
 	@Override
 	protected void handleKeySpecCallback(PBEKeySpecCallback pbeCallback) {
 		try {
-			Node userHome = JcrUtils.getUserHome(session);
+			Node userHome = ArgeoJcrUtils.getUserHome(session);
 			Node keyring;
 			if (userHome.hasNode(ARGEO_KEYRING))
 				keyring = userHome.getNode(ARGEO_KEYRING);
@@ -134,9 +150,9 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames {
 		}
 	}
 
-	/** The node must already exist at this path */
+	/** The node must already exist at this path. Session is saved. */
 	@Override
-	protected void encrypt(String path, InputStream unencrypted) {
+	protected synchronized void encrypt(String path, InputStream unencrypted) {
 		// should be called first for lazy initialization
 		SecretKey secretKey = getSecretKey();
 
@@ -149,6 +165,8 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames {
 			Cipher cipher = createCipher();
 			if (!session.nodeExists(path))
 				throw new ArgeoException("No node at " + path);
+			if (session.hasPendingChanges())
+				session.save();
 			Node node = session.getNode(path);
 			node.addMixin(ArgeoTypes.ARGEO_ENCRYPTED);
 			SecureRandom random = new SecureRandom();
@@ -179,6 +197,7 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames {
 			in = new CipherInputStream(unencrypted, cipher);
 			binary = session.getValueFactory().createBinary(in);
 			node.setProperty(Property.JCR_DATA, binary);
+			session.save();
 		} catch (Exception e) {
 			throw new ArgeoException("Cannot encrypt", e);
 		} finally {
@@ -191,7 +210,7 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames {
 	}
 
 	@Override
-	protected InputStream decrypt(String path) {
+	protected synchronized InputStream decrypt(String path) {
 		// should be called first for lazy initialization
 		SecretKey secretKey = getSecretKey();
 
@@ -231,7 +250,7 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames {
 
 	protected Cipher createCipher() {
 		try {
-			Node userHome = JcrUtils.getUserHome(session);
+			Node userHome = ArgeoJcrUtils.getUserHome(session);
 			if (!userHome.hasNode(ARGEO_KEYRING))
 				throw new ArgeoException("Keyring not setup");
 			Node keyring = userHome.getNode(ARGEO_KEYRING);
@@ -243,16 +262,16 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames {
 		}
 	}
 
-	public void changePassword(char[] oldPassword, char[] newPassword) {
-		// TODO Auto-generated method stub
-
+	public synchronized void changePassword(char[] oldPassword,
+			char[] newPassword) {
+		// TODO decrypt with old pw / encrypt with new pw all argeo:encrypted
 	}
 
-	public Session getSession() {
+	public synchronized Session getSession() {
 		return session;
 	}
 
-	public void setSession(Session session) {
+	public synchronized void setSession(Session session) {
 		this.session = session;
 	}