X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fsecurity%2FAbstractKeyring.java;h=10b583fdfa6b9e5eba23c91fe8b052a1dd96c294;hb=dca2b13e0e3ca3e7a9469e089b980c48c880ad1a;hp=08ac5493613758af5d4123f6441a83f3674b2e9e;hpb=4e8d82137c2dce7145175eacbd225a52227b6f73;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/security/AbstractKeyring.java b/org.argeo.cms/src/org/argeo/cms/security/AbstractKeyring.java index 08ac54936..10b583fdf 100644 --- a/org.argeo.cms/src/org/argeo/cms/security/AbstractKeyring.java +++ b/org.argeo.cms/src/org/argeo/cms/security/AbstractKeyring.java @@ -9,7 +9,6 @@ import java.io.InputStreamReader; import java.io.OutputStreamWriter; import java.io.Reader; import java.io.Writer; -import java.security.AccessController; import java.security.Provider; import java.security.Security; import java.util.Arrays; @@ -27,7 +26,7 @@ import javax.security.auth.login.LoginException; import org.apache.commons.io.IOUtils; import org.argeo.api.cms.CmsAuth; -import org.argeo.cms.CmsException; +import org.argeo.util.CurrentSubject; /** username / password based keyring. TODO internationalize */ public abstract class AbstractKeyring implements Keyring, CryptoKeyring { @@ -65,23 +64,24 @@ public abstract class AbstractKeyring implements Keyring, CryptoKeyring { /** Triggers lazy initialization */ protected SecretKey getSecretKey(char[] password) { - Subject subject = Subject.getSubject(AccessController.getContext()); + Subject subject = CurrentSubject.current(); + if (subject == null) + throw new IllegalStateException("Current subject cannot be null"); // we assume only one secrete key is available Iterator iterator = subject.getPrivateCredentials(SecretKey.class).iterator(); - if (!iterator.hasNext() || password!=null) {// not initialized + if (!iterator.hasNext() || password != null) {// not initialized CallbackHandler callbackHandler = password == null ? new KeyringCallbackHandler() : new PasswordProvidedCallBackHandler(password); ClassLoader currentContextClassLoader = Thread.currentThread().getContextClassLoader(); Thread.currentThread().setContextClassLoader(getClass().getClassLoader()); try { - LoginContext loginContext = new LoginContext(CmsAuth.LOGIN_CONTEXT_KEYRING, subject, - callbackHandler); + LoginContext loginContext = new LoginContext(CmsAuth.LOGIN_CONTEXT_KEYRING, subject, callbackHandler); loginContext.login(); // FIXME will login even if password is wrong iterator = subject.getPrivateCredentials(SecretKey.class).iterator(); return iterator.next(); } catch (LoginException e) { - throw new CmsException("Keyring login failed", e); + throw new IllegalStateException("Keyring login failed", e); } finally { Thread.currentThread().setContextClassLoader(currentContextClassLoader); } @@ -89,7 +89,7 @@ public abstract class AbstractKeyring implements Keyring, CryptoKeyring { } else { SecretKey secretKey = iterator.next(); if (iterator.hasNext()) - throw new CmsException("More than one secret key in private credentials"); + throw new IllegalStateException("More than one secret key in private credentials"); return secretKey; } } @@ -112,7 +112,7 @@ public abstract class AbstractKeyring implements Keyring, CryptoKeyring { IOUtils.copy(reader, writer); return writer.toCharArray(); } catch (IOException e) { - throw new CmsException("Cannot decrypt to char array", e); + throw new IllegalStateException("Cannot decrypt to char array", e); } finally { // IOUtils.closeQuietly(reader); // IOUtils.closeQuietly(in); @@ -134,7 +134,7 @@ public abstract class AbstractKeyring implements Keyring, CryptoKeyring { set(path, in); } } catch (IOException e) { - throw new CmsException("Cannot encrypt to char array", e); + throw new IllegalStateException("Cannot encrypt to char array", e); } finally { // IOUtils.closeQuietly(writer); // IOUtils.closeQuietly(out); @@ -147,7 +147,7 @@ public abstract class AbstractKeyring implements Keyring, CryptoKeyring { setup(password); SecretKey secretKey = getSecretKey(password); if (secretKey == null) - throw new CmsException("Could not unlock keyring"); + throw new IllegalStateException("Could not unlock keyring"); } protected Provider getSecurityProvider() { @@ -205,7 +205,7 @@ public abstract class AbstractKeyring implements Keyring, CryptoKeyring { char[] password = passwordCb.getPassword(); return password; } catch (Exception e) { - throw new CmsException("Cannot ask for a password", e); + throw new IllegalStateException("Cannot ask for a password", e); } }