]> git.argeo.org Git - lgpl/argeo-commons.git/blob - org.argeo.cms/src/org/argeo/cms/auth/KeyringLoginModule.java
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Mini desktop graalvm packaging.
[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / auth / KeyringLoginModule.java
1 package org.argeo.cms.auth;
2
3 import java.security.AccessController;
4 import java.util.Map;
5 import java.util.Set;
6
7 import javax.crypto.SecretKey;
8 import javax.crypto.SecretKeyFactory;
9 import javax.crypto.spec.PBEKeySpec;
10 import javax.crypto.spec.SecretKeySpec;
11 import javax.security.auth.Subject;
12 import javax.security.auth.callback.Callback;
13 import javax.security.auth.callback.CallbackHandler;
14 import javax.security.auth.callback.PasswordCallback;
15 import javax.security.auth.login.LoginException;
16 import javax.security.auth.spi.LoginModule;
17
18 import org.argeo.cms.security.PBEKeySpecCallback;
19 import org.argeo.util.PasswordEncryption;
20
21 /** Adds a secret key to the private credentials */
22 public class KeyringLoginModule implements LoginModule {
23 private Subject subject;
24 private CallbackHandler callbackHandler;
25 private SecretKey secretKey;
26
27 public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
28 Map<String, ?> options) {
29 this.subject = subject;
30 if (subject == null) {
31 subject = Subject.getSubject(AccessController.getContext());
32 }
33 this.callbackHandler = callbackHandler;
34 }
35
36 public boolean login() throws LoginException {
37 // Set<SecretKey> pbes = subject.getPrivateCredentials(SecretKey.class);
38 // if (pbes.size() > 0)
39 // return true;
40 PasswordCallback pc = new PasswordCallback("Master password", false);
41 PBEKeySpecCallback pbeCb = new PBEKeySpecCallback();
42 Callback[] callbacks = { pc, pbeCb };
43 try {
44 callbackHandler.handle(callbacks);
45 char[] password = pc.getPassword();
46
47 SecretKeyFactory keyFac = SecretKeyFactory.getInstance(pbeCb.getSecretKeyFactory());
48 PBEKeySpec keySpec;
49 if (pbeCb.getKeyLength() != null)
50 keySpec = new PBEKeySpec(password, pbeCb.getSalt(), pbeCb.getIterationCount(), pbeCb.getKeyLength());
51 else
52 keySpec = new PBEKeySpec(password, pbeCb.getSalt(), pbeCb.getIterationCount());
53
54 String secKeyEncryption = pbeCb.getSecretKeyEncryption();
55 if (secKeyEncryption != null) {
56 SecretKey tmp = keyFac.generateSecret(keySpec);
57 secretKey = new SecretKeySpec(tmp.getEncoded(), secKeyEncryption);
58 } else {
59 secretKey = keyFac.generateSecret(keySpec);
60 }
61 } catch (Exception e) {
62 LoginException le = new LoginException("Cannot login keyring");
63 le.initCause(e);
64 throw le;
65 }
66 return true;
67 }
68
69 public boolean commit() throws LoginException {
70 if (secretKey != null) {
71 subject.getPrivateCredentials().removeAll(subject.getPrivateCredentials(SecretKey.class));
72 subject.getPrivateCredentials().add(secretKey);
73 }
74 return true;
75 }
76
77 public boolean abort() throws LoginException {
78 return true;
79 }
80
81 public boolean logout() throws LoginException {
82 Set<PasswordEncryption> pbes = subject.getPrivateCredentials(PasswordEncryption.class);
83 pbes.clear();
84 return true;
85 }
86
87 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi