-/*
- * Copyright (C) 2007-2012 Argeo GmbH
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
package org.argeo.cms.security;
import java.io.ByteArrayInputStream;
import java.io.Reader;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
+import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
+import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.jcr.Binary;
import org.apache.commons.io.IOUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.argeo.api.NodeConstants;
+import org.argeo.api.NodeUtils;
+import org.argeo.api.security.PBEKeySpecCallback;
import org.argeo.cms.ArgeoNames;
import org.argeo.cms.ArgeoTypes;
-import org.argeo.cms.CmsException;
-import org.argeo.jcr.ArgeoJcrException;
+import org.argeo.jcr.JcrException;
import org.argeo.jcr.JcrUtils;
-import org.argeo.node.NodeUtils;
-import org.argeo.node.security.PBEKeySpecCallback;
/** JCR based implementation of a keyring */
public class JcrKeyring extends AbstractKeyring implements ArgeoNames {
private Session login() {
try {
- return repository.login();
+ return repository.login(NodeConstants.HOME_WORKSPACE);
} catch (RepositoryException e) {
- throw new CmsException("Cannot login key ring session", e);
+ throw new JcrException("Cannot login key ring session", e);
}
}
Node userHome = NodeUtils.getUserHome(session);
return userHome.hasNode(ARGEO_KEYRING);
} catch (RepositoryException e) {
- throw new ArgeoJcrException("Cannot check whether keyring is setup", e);
+ throw new JcrException("Cannot check whether keyring is setup", e);
} finally {
JcrUtils.logoutQuietly(session);
}
Node userHome = NodeUtils.getUserHome(session());
Node keyring;
if (userHome.hasNode(ARGEO_KEYRING)) {
- throw new CmsException("Keyring already set up");
+ throw new IllegalArgumentException("Keyring already set up");
} else {
keyring = userHome.addNode(ARGEO_KEYRING);
}
}
try (InputStream in = new ByteArrayInputStream(salt);) {
binary = session().getValueFactory().createBinary(in);
+ keyring.setProperty(ARGEO_SALT, binary);
+ } catch (IOException e) {
+ throw new RuntimeException("Cannot set keyring salt", e);
}
- keyring.setProperty(ARGEO_SALT, binary);
Integer iterationCount = username.length() * iterationCountFactor;
keyring.setProperty(ARGEO_ITERATION_COUNT, iterationCount);
// keyring.setProperty(ARGEO_PASSWORD, binary);
// notYetSavedKeyring.set(keyring);
- } catch (Exception e) {
- throw new ArgeoJcrException("Cannot setup keyring", e);
+ } catch (RepositoryException e) {
+ throw new JcrException("Cannot setup keyring", e);
} finally {
JcrUtils.closeQuietly(binary);
// IOUtils.closeQuietly(in);
// else if (notYetSavedKeyring.get() != null)
// keyring = notYetSavedKeyring.get();
else
- throw new ArgeoJcrException("Keyring not setup");
+ throw new IllegalStateException("Keyring not setup");
pbeCallback.set(keyring.getProperty(ARGEO_SECRET_KEY_FACTORY).getString(),
JcrUtils.getBinaryAsBytes(keyring.getProperty(ARGEO_SALT)),
// if (notYetSavedKeyring.get() != null)
// notYetSavedKeyring.remove();
} catch (RepositoryException e) {
- throw new ArgeoJcrException("Cannot handle key spec callback", e);
+ throw new JcrException("Cannot handle key spec callback", e);
} finally {
JcrUtils.logoutQuietly(session);
}
if (!session().nodeExists(path)) {
String parentPath = JcrUtils.parentPath(path);
if (!session().nodeExists(parentPath))
- throw new ArgeoJcrException("No parent node of " + path);
+ throw new IllegalStateException("No parent node of " + path);
Node parentNode = session().getNode(parentPath);
node = parentNode.addNode(JcrUtils.nodeNameFromPath(path));
} else {
// session().save();
// }
} catch (RepositoryException e) {
- throw new ArgeoJcrException("Cannot encrypt", e);
+ throw new JcrException("Cannot encrypt", e);
} finally {
try {
unencrypted.close();
} finally {
JcrUtils.closeQuietly(binary);
}
- } catch (Exception e) {
- throw new ArgeoJcrException("Cannot encrypt", e);
- } finally {
- try {
- unencrypted.close();
- } catch (IOException e) {
- // silent
- }
- // IOUtils.closeQuietly(unencrypted);
- // IOUtils.closeQuietly(in);
- // JcrUtils.closeQuietly(binary);
- // JcrUtils.logoutQuietly(session());
+ } catch (RepositoryException e) {
+ throw new JcrException("Cannot encrypt", e);
+ } catch (GeneralSecurityException | IOException e) {
+ throw new RuntimeException("Cannot encrypt", e);
}
}
@Override
protected synchronized InputStream decrypt(String path) {
Binary binary = null;
- // InputStream encrypted = null;
try {
session().refresh(true);
if (!session().nodeExists(path)) {
Node node = session().getNode(path);
return decrypt(secretKey, cipher, node);
}
- } catch (Exception e) {
- throw new ArgeoJcrException("Cannot decrypt", e);
+ } catch (RepositoryException e) {
+ throw new JcrException("Cannot decrypt", e);
+ } catch (GeneralSecurityException | IOException e) {
+ throw new RuntimeException("Cannot decrypt", e);
} finally {
- // IOUtils.closeQuietly(encrypted);
- // IOUtils.closeQuietly(reader);
JcrUtils.closeQuietly(binary);
JcrUtils.logoutQuietly(session());
}
try {
Node userHome = NodeUtils.getUserHome(session());
if (!userHome.hasNode(ARGEO_KEYRING))
- throw new ArgeoJcrException("Keyring not setup");
+ throw new IllegalArgumentException("Keyring not setup");
Node keyring = userHome.getNode(ARGEO_KEYRING);
String cipherName = keyring.getProperty(ARGEO_CIPHER).getString();
Provider securityProvider = getSecurityProvider();
else
cipher = Cipher.getInstance(cipherName, securityProvider);
return cipher;
- } catch (Exception e) {
- throw new ArgeoJcrException("Cannot get cipher", e);
+ } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
+ throw new IllegalArgumentException("Cannot get cipher", e);
+ } catch (RepositoryException e) {
+ throw new JcrException("Cannot get cipher", e);
+ } finally {
+
}
}
if (log.isDebugEnabled())
log.debug("Converted keyring encrypted value of " + node.getPath());
}
- } catch (RepositoryException | GeneralSecurityException e) {
- throw new CmsException("Cannot change JCR keyring password", e);
+ } catch (GeneralSecurityException e) {
+ throw new RuntimeException("Cannot change JCR keyring password", e);
+ } catch (RepositoryException e) {
+ throw new JcrException("Cannot change JCR keyring password", e);
} finally {
JcrUtils.logoutQuietly(session);
}