X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=server%2Fruntime%2Forg.argeo.server.jcr%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fjcr%2Fsecurity%2FJcrKeyring.java;h=c09209a7cd22b45a148bfb287c9d22dd395de602;hb=0efe603f0843d9b7aa7c384f6a9de0a8213ae0f4;hp=7d9baad956ed9b9481230619ed80b4cafbc6a6cc;hpb=78469faf92044c7ad7b3a829ae2b5e4f943748b7;p=lgpl%2Fargeo-commons.git diff --git a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/JcrKeyring.java b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/JcrKeyring.java index 7d9baad95..c09209a7c 100644 --- a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/JcrKeyring.java +++ b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/JcrKeyring.java @@ -1,7 +1,23 @@ +/* + * Copyright (C) 2007-2012 Mathieu Baudier + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.argeo.jcr.security; import java.io.ByteArrayInputStream; import java.io.InputStream; +import java.security.SecureRandom; import javax.crypto.Cipher; import javax.crypto.CipherInputStream; @@ -54,7 +70,7 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames { } @Override - protected void setup() { + protected void setup(char[] password) { Binary binary = null; InputStream in = null; try { @@ -78,7 +94,7 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames { binary = session.getValueFactory().createBinary(in); keyring.setProperty(ARGEO_SALT, binary); - Long iterationCount = username.length() * 200l; + Integer iterationCount = username.length() * 200; keyring.setProperty(ARGEO_ITERATION_COUNT, iterationCount); // default algo @@ -88,8 +104,16 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames { keyring.setProperty(ARGEO_SECRET_KEY_ENCRYPTION, "AES"); keyring.setProperty(ARGEO_CIPHER, "AES/CBC/PKCS5Padding"); + // encrypted password hash + // IOUtils.closeQuietly(in); + // JcrUtils.closeQuietly(binary); + // byte[] btPass = hash(password, salt, iterationCount); + // in = new ByteArrayInputStream(btPass); + // binary = session.getValueFactory().createBinary(in); + // keyring.setProperty(ARGEO_PASSWORD, binary); + notYetSavedKeyring.set(keyring); - } catch (RepositoryException e) { + } catch (Exception e) { throw new ArgeoException("Cannot setup keyring", e); } finally { JcrUtils.closeQuietly(binary); @@ -109,6 +133,7 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames { keyring = notYetSavedKeyring.get(); else throw new ArgeoException("Keyring not setup"); + pbeCallback.set(keyring.getProperty(ARGEO_SECRET_KEY_FACTORY) .getString(), JcrUtils.getBinaryAsBytes(keyring .getProperty(ARGEO_SALT)), @@ -132,6 +157,8 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames { Binary binary = null; InputStream in = null; + // ByteArrayOutputStream out = null; + // OutputStream encrypted = null; try { Cipher cipher = createCipher(); @@ -139,19 +166,41 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames { throw new ArgeoException("No node at " + path); Node node = session.getNode(path); node.addMixin(ArgeoTypes.ARGEO_ENCRYPTED); - cipher.init(Cipher.ENCRYPT_MODE, secretKey); - byte[] iv = cipher.getIV(); - if (iv != null) { - JcrUtils.setBinaryAsBytes(node, ARGEO_IV, iv); - } + SecureRandom random = new SecureRandom(); + byte[] iv = new byte[16]; + random.nextBytes(iv); + cipher.init(Cipher.ENCRYPT_MODE, secretKey, new IvParameterSpec(iv)); + // AlgorithmParameters params = cipher.getParameters(); + // byte[] iv = + // params.getParameterSpec(IvParameterSpec.class).getIV(); + // if (iv != null) + JcrUtils.setBinaryAsBytes(node, ARGEO_IV, iv); + + // out = new ByteArrayOutputStream(); + // // encrypted = new CipherOutputStream(out, cipher); + // IOUtils.copy(unencrypted, out); + // byte[] unenc = out.toByteArray(); + // byte[] crypted = cipher.doFinal(unenc); + + // Cipher decipher = createCipher(); + // decipher.init(Cipher.DECRYPT_MODE, secretKey, new + // IvParameterSpec( + // iv)); + // byte[] decrypted = decipher.doFinal(crypted); + // System.out.println("Password :'" + new String(decrypted) + "'"); + + // JcrUtils.setBinaryAsBytes(node, Property.JCR_DATA, crypted); + in = new CipherInputStream(unencrypted, cipher); binary = session.getValueFactory().createBinary(in); node.setProperty(Property.JCR_DATA, binary); } catch (Exception e) { throw new ArgeoException("Cannot encrypt", e); } finally { - IOUtils.closeQuietly(in); + // IOUtils.closeQuietly(out); + // IOUtils.closeQuietly(encrypted); IOUtils.closeQuietly(unencrypted); + IOUtils.closeQuietly(in); JcrUtils.closeQuietly(binary); } } @@ -177,13 +226,20 @@ public class JcrKeyring extends AbstractKeyring implements ArgeoNames { } else { cipher.init(Cipher.DECRYPT_MODE, secretKey); } + + // byte[] arr = JcrUtils.getBinaryAsBytes(node + // .getProperty(Property.JCR_DATA)); + // byte[] arr2 = cipher.doFinal(arr); + // + // return new ByteArrayInputStream(arr2); + binary = node.getProperty(Property.JCR_DATA).getBinary(); encrypted = binary.getStream(); return new CipherInputStream(encrypted, cipher); } catch (Exception e) { throw new ArgeoException("Cannot decrypt", e); } finally { - // IOUtils.closeQuietly(encrypted); + IOUtils.closeQuietly(encrypted); JcrUtils.closeQuietly(binary); } }