X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=server%2Fruntime%2Forg.argeo.server.jcr%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fjcr%2Fsecurity%2FJcrKeyring.java;h=a35bbd2724a878f30bc8cdd0a3d15f6b25d67d57;hb=2134dd19734711b05710c1250b665c32fbe7263c;hp=7383b39ad301e20f2ab5488747228c67d6b9ccf1;hpb=70538e1286a2b47ecd58cb1cfb7ede8dddff5859;p=lgpl%2Fargeo-commons.git

diff --git a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/JcrKeyring.java b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/JcrKeyring.java
index 7383b39ad..a35bbd272 100644
--- a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/JcrKeyring.java
+++ b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/JcrKeyring.java
@@ -1,15 +1,26 @@
+/*
+ * Copyright (C) 2007-2012 Mathieu Baudier
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package org.argeo.jcr.security;
 
 import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
 import java.io.InputStream;
-import java.io.OutputStream;
-import java.security.AlgorithmParameters;
 import java.security.SecureRandom;
 
 import javax.crypto.Cipher;
 import javax.crypto.CipherInputStream;
-import javax.crypto.CipherOutputStream;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.IvParameterSpec;
 import javax.jcr.Binary;
@@ -23,6 +34,7 @@ import org.argeo.ArgeoException;
 import org.argeo.jcr.ArgeoNames;
 import org.argeo.jcr.ArgeoTypes;
 import org.argeo.jcr.JcrUtils;
+import org.argeo.jcr.UserJcrUtils;
 import org.argeo.util.crypto.AbstractKeyring;
 import org.argeo.util.crypto.PBEKeySpecCallback;
 
@@ -51,7 +63,7 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames {
 			if (notYetSavedKeyring.get() != null)
 				return true;
 
-			Node userHome = JcrUtils.getUserHome(session);
+			Node userHome = UserJcrUtils.getUserHome(session);
 			return userHome.hasNode(ARGEO_KEYRING);
 		} catch (RepositoryException e) {
 			throw new ArgeoException("Cannot check whether keyring is setup", e);
@@ -63,7 +75,7 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames {
 		Binary binary = null;
 		InputStream in = null;
 		try {
-			Node userHome = JcrUtils.getUserHome(session);
+			Node userHome = UserJcrUtils.getUserHome(session);
 			if (userHome.hasNode(ARGEO_KEYRING))
 				throw new ArgeoException("Keyring already setup");
 			Node keyring = userHome.addNode(ARGEO_KEYRING);
@@ -114,7 +126,7 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames {
 	@Override
 	protected void handleKeySpecCallback(PBEKeySpecCallback pbeCallback) {
 		try {
-			Node userHome = JcrUtils.getUserHome(session);
+			Node userHome = UserJcrUtils.getUserHome(session);
 			Node keyring;
 			if (userHome.hasNode(ARGEO_KEYRING))
 				keyring = userHome.getNode(ARGEO_KEYRING);
@@ -138,9 +150,9 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames {
 		}
 	}
 
-	/** The node must already exist at this path */
+	/** The node must already exist at this path. Session is saved. */
 	@Override
-	protected void encrypt(String path, InputStream unencrypted) {
+	protected synchronized void encrypt(String path, InputStream unencrypted) {
 		// should be called first for lazy initialization
 		SecretKey secretKey = getSecretKey();
 
@@ -153,6 +165,8 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames {
 			Cipher cipher = createCipher();
 			if (!session.nodeExists(path))
 				throw new ArgeoException("No node at " + path);
+			if (session.hasPendingChanges())
+				session.save();
 			Node node = session.getNode(path);
 			node.addMixin(ArgeoTypes.ARGEO_ENCRYPTED);
 			SecureRandom random = new SecureRandom();
@@ -183,6 +197,7 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames {
 			in = new CipherInputStream(unencrypted, cipher);
 			binary = session.getValueFactory().createBinary(in);
 			node.setProperty(Property.JCR_DATA, binary);
+			session.save();
 		} catch (Exception e) {
 			throw new ArgeoException("Cannot encrypt", e);
 		} finally {
@@ -195,7 +210,7 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames {
 	}
 
 	@Override
-	protected InputStream decrypt(String path) {
+	protected synchronized InputStream decrypt(String path) {
 		// should be called first for lazy initialization
 		SecretKey secretKey = getSecretKey();
 
@@ -235,7 +250,7 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames {
 
 	protected Cipher createCipher() {
 		try {
-			Node userHome = JcrUtils.getUserHome(session);
+			Node userHome = UserJcrUtils.getUserHome(session);
 			if (!userHome.hasNode(ARGEO_KEYRING))
 				throw new ArgeoException("Keyring not setup");
 			Node keyring = userHome.getNode(ARGEO_KEYRING);
@@ -247,16 +262,16 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames {
 		}
 	}
 
-	public void changePassword(char[] oldPassword, char[] newPassword) {
-		// TODO Auto-generated method stub
-
+	public synchronized void changePassword(char[] oldPassword,
+			char[] newPassword) {
+		// TODO decrypt with old pw / encrypt with new pw all argeo:encrypted
 	}
 
-	public Session getSession() {
+	public synchronized Session getSession() {
 		return session;
 	}
 
-	public void setSession(Session session) {
+	public synchronized void setSession(Session session) {
 		this.session = session;
 	}