use of org.mozilla.jss.util.PasswordCallbackInfo in project jss by dogtagpki.
the class TokenCallbackInfo method changePassword.
/**
* Change password. This changes the user's PIN after it has already
* been initialized.
*
* @param oldPINcb The user's old PIN callback.
* @param newPINcb The new PIN callback.
* @exception IncorrectPasswordException If the old PIN is incorrect.
* @exception TokenException If some other error occurs on the token.
*/
@Override
public void changePassword(PasswordCallback oldPINcb, PasswordCallback newPINcb) throws IncorrectPasswordException, TokenException {
byte[] oldPW = null;
byte[] newPW = null;
Password oldPIN = null;
Password newPIN = null;
PasswordCallbackInfo pwcb = makePWCBInfo();
if (oldPINcb == null) {
oldPINcb = new NullPasswordCallback();
}
if (newPINcb == null) {
newPINcb = new NullPasswordCallback();
}
try {
// Verify the old password
oldPIN = oldPINcb.getPasswordFirstAttempt(pwcb);
oldPW = Tunnel.getPasswordByteCopy(oldPIN);
if (!userPasswordIsCorrect(oldPW)) {
do {
Password.wipeBytes(oldPW);
oldPIN.clear();
oldPIN = oldPINcb.getPasswordAgain(pwcb);
oldPW = Tunnel.getPasswordByteCopy(oldPIN);
} while (!userPasswordIsCorrect(oldPW));
}
// Now change the PIN
newPIN = newPINcb.getPasswordFirstAttempt(pwcb);
newPW = Tunnel.getPasswordByteCopy(newPIN);
changePassword(oldPW, newPW);
} catch (PasswordCallback.GiveUpException e) {
throw new IncorrectPasswordException(e.toString());
} finally {
if (oldPW != null) {
Password.wipeBytes(oldPW);
}
if (oldPIN != null) {
oldPIN.clear();
}
if (newPW != null) {
Password.wipeBytes(newPW);
}
if (newPIN != null) {
newPIN.clear();
}
}
}
use of org.mozilla.jss.util.PasswordCallbackInfo in project jss by dogtagpki.
the class TokenCallbackInfo method initPassword.
/**
* Determines whether this is a removable token. For example, a smart card
* is removable, while the Netscape internal module and a hardware
* accelerator card are not removable.
* @return true if the token is removable, false otherwise.
*/
// public native boolean isRemovable();
/**
* Initialize PIN. This sets the user's new PIN, using the current
* security officer PIN for authentication.
*
* @param ssopwcb The security officer's current password callback.
* @param userpwcb The user's new password callback.
* @exception IncorrectPasswordException If the security officer PIN is
* incorrect.
* @exception AlreadyInitializedException If the password hasn't already
* been set.
* @exception TokenException If the PIN was already initialized,
* or there was an unspecified error in the token.
*/
@Override
public void initPassword(PasswordCallback ssopwcb, PasswordCallback userpwcb) throws IncorrectPasswordException, AlreadyInitializedException, TokenException {
byte[] ssopwArray = null;
byte[] userpwArray = null;
Password ssopw = null;
Password userpw = null;
PasswordCallbackInfo pwcb = makePWCBInfo();
if (ssopwcb == null) {
ssopwcb = new NullPasswordCallback();
}
if (userpwcb == null) {
userpwcb = new NullPasswordCallback();
}
try {
// checks for the internal module
if (!PWInitable()) {
throw new AlreadyInitializedException();
}
// Verify the SSO Password, except on internal module
if (isInternalKeyStorageToken()) {
ssopwArray = new byte[] { 0 };
} else {
ssopw = ssopwcb.getPasswordFirstAttempt(pwcb);
ssopwArray = Tunnel.getPasswordByteCopy(ssopw);
while (!SSOPasswordIsCorrect(ssopwArray)) {
Password.wipeBytes(ssopwArray);
ssopw.clear();
ssopw = ssopwcb.getPasswordAgain(pwcb);
ssopwArray = Tunnel.getPasswordByteCopy(ssopw);
}
}
// Now change the PIN
userpw = userpwcb.getPasswordFirstAttempt(pwcb);
userpwArray = Tunnel.getPasswordByteCopy(userpw);
initPassword(ssopwArray, userpwArray);
} catch (PasswordCallback.GiveUpException e) {
throw new IncorrectPasswordException(e.toString());
} finally {
// zero-out the arrays
if (ssopwArray != null) {
Password.wipeBytes(ssopwArray);
}
if (ssopw != null) {
ssopw.clear();
}
if (userpwArray != null) {
Password.wipeBytes(userpwArray);
}
if (userpw != null) {
userpw.clear();
}
}
}
Aggregations