X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fauth%2FKeyringLoginModule.java;h=ebab12f2cc4cd24149787663aa52dad44c651961;hb=54df376a9c2dd458a82eaa09bfbb718fe699dd0d;hp=2c495825456fa5c231e18bf0210a08d81aef81c6;hpb=77a5498dd5d10d2442127022efd6501a7dbddbae;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/auth/KeyringLoginModule.java b/org.argeo.cms/src/org/argeo/cms/auth/KeyringLoginModule.java
index 2c4958254..ebab12f2c 100644
--- a/org.argeo.cms/src/org/argeo/cms/auth/KeyringLoginModule.java
+++ b/org.argeo.cms/src/org/argeo/cms/auth/KeyringLoginModule.java
@@ -1,21 +1,5 @@
-/*
- * Copyright (C) 2007-2012 Argeo GmbH
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *         http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
 package org.argeo.cms.auth;
 
-import java.security.AccessController;
 import java.util.Map;
 import java.util.Set;
 
@@ -30,8 +14,9 @@ import javax.security.auth.callback.PasswordCallback;
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
 
-import org.argeo.cms.security.PasswordBasedEncryption;
-import org.argeo.node.security.PBEKeySpecCallback;
+import org.argeo.api.cms.keyring.PBEKeySpecCallback;
+import org.argeo.cms.util.CurrentSubject;
+import org.argeo.cms.util.PasswordEncryption;
 
 /** Adds a secret key to the private credentials */
 public class KeyringLoginModule implements LoginModule {
@@ -39,19 +24,19 @@ public class KeyringLoginModule implements LoginModule {
 	private CallbackHandler callbackHandler;
 	private SecretKey secretKey;
 
-	public void initialize(Subject subject, CallbackHandler callbackHandler,
-			Map<String, ?> sharedState, Map<String, ?> options) {
+	public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState,
+			Map<String, ?> options) {
 		this.subject = subject;
 		if (subject == null) {
-			subject = Subject.getSubject(AccessController.getContext());
+			this.subject = CurrentSubject.current();
 		}
 		this.callbackHandler = callbackHandler;
 	}
 
 	public boolean login() throws LoginException {
-		Set<SecretKey> pbes = subject.getPrivateCredentials(SecretKey.class);
-		if (pbes.size() > 0)
-			return true;
+//		Set<SecretKey> pbes = subject.getPrivateCredentials(SecretKey.class);
+//		if (pbes.size() > 0)
+//			return true;
 		PasswordCallback pc = new PasswordCallback("Master password", false);
 		PBEKeySpecCallback pbeCb = new PBEKeySpecCallback();
 		Callback[] callbacks = { pc, pbeCb };
@@ -59,21 +44,17 @@ public class KeyringLoginModule implements LoginModule {
 			callbackHandler.handle(callbacks);
 			char[] password = pc.getPassword();
 
-			SecretKeyFactory keyFac = SecretKeyFactory.getInstance(pbeCb
-					.getSecretKeyFactory());
+			SecretKeyFactory keyFac = SecretKeyFactory.getInstance(pbeCb.getSecretKeyFactory());
 			PBEKeySpec keySpec;
 			if (pbeCb.getKeyLength() != null)
-				keySpec = new PBEKeySpec(password, pbeCb.getSalt(),
-						pbeCb.getIterationCount(), pbeCb.getKeyLength());
+				keySpec = new PBEKeySpec(password, pbeCb.getSalt(), pbeCb.getIterationCount(), pbeCb.getKeyLength());
 			else
-				keySpec = new PBEKeySpec(password, pbeCb.getSalt(),
-						pbeCb.getIterationCount());
+				keySpec = new PBEKeySpec(password, pbeCb.getSalt(), pbeCb.getIterationCount());
 
 			String secKeyEncryption = pbeCb.getSecretKeyEncryption();
 			if (secKeyEncryption != null) {
 				SecretKey tmp = keyFac.generateSecret(keySpec);
-				secretKey = new SecretKeySpec(tmp.getEncoded(),
-						secKeyEncryption);
+				secretKey = new SecretKeySpec(tmp.getEncoded(), secKeyEncryption);
 			} else {
 				secretKey = keyFac.generateSecret(keySpec);
 			}
@@ -86,8 +67,10 @@ public class KeyringLoginModule implements LoginModule {
 	}
 
 	public boolean commit() throws LoginException {
-		if (secretKey != null)
+		if (secretKey != null) {
+			subject.getPrivateCredentials().removeAll(subject.getPrivateCredentials(SecretKey.class));
 			subject.getPrivateCredentials().add(secretKey);
+		}
 		return true;
 	}
 
@@ -96,8 +79,7 @@ public class KeyringLoginModule implements LoginModule {
 	}
 
 	public boolean logout() throws LoginException {
-		Set<PasswordBasedEncryption> pbes = subject
-				.getPrivateCredentials(PasswordBasedEncryption.class);
+		Set<PasswordEncryption> pbes = subject.getPrivateCredentials(PasswordEncryption.class);
 		pbes.clear();
 		return true;
 	}