Search in sources :

Example 6 with PasswordResolverException

use of org.xipki.password.PasswordResolverException in project xipki by xipki.

the class PBEConsumerPasswordCallback method init.

@Override
public void init(String conf) throws PasswordResolverException {
    ParamUtil.requireNonBlank("conf", conf);
    ConfPairs pairs = new ConfPairs(conf);
    String str = pairs.value("name");
    if (StringUtil.isBlank(str)) {
        throw new PasswordResolverException("name must not be null");
    }
    this.passwordName = str;
    PasswordProducer.registerPasswordConsumer(this.passwordName);
    str = pairs.value("tries");
    if (StringUtil.isNotBlank(str)) {
        int intValue = Integer.parseInt(str);
        if (intValue > 0) {
            this.tries = intValue;
        }
    }
}
Also used : PasswordResolverException(org.xipki.password.PasswordResolverException) ConfPairs(org.xipki.common.ConfPairs)

Example 7 with PasswordResolverException

use of org.xipki.password.PasswordResolverException in project xipki by xipki.

the class CaManagerImpl method canonicalizeSignerConf.

static String canonicalizeSignerConf(String keystoreType, String signerConf, X509Certificate[] certChain, SecurityFactory securityFactory) throws CaMgmtException {
    if (!signerConf.contains("file:") && !signerConf.contains("base64:")) {
        return signerConf;
    }
    ConfPairs pairs = new ConfPairs(signerConf);
    String keystoreConf = pairs.value("keystore");
    String passwordHint = pairs.value("password");
    String keyLabel = pairs.value("key-label");
    byte[] ksBytes;
    if (StringUtil.startsWithIgnoreCase(keystoreConf, "file:")) {
        String keystoreFile = keystoreConf.substring("file:".length());
        try {
            ksBytes = IoUtil.read(keystoreFile);
        } catch (IOException ex) {
            throw new CaMgmtException("IOException: " + ex.getMessage(), ex);
        }
    } else if (StringUtil.startsWithIgnoreCase(keystoreConf, "base64:")) {
        ksBytes = Base64.decode(keystoreConf.substring("base64:".length()));
    } else {
        return signerConf;
    }
    try {
        char[] password = securityFactory.getPasswordResolver().resolvePassword(passwordHint);
        ksBytes = securityFactory.extractMinimalKeyStore(keystoreType, ksBytes, keyLabel, password, certChain);
    } catch (KeyStoreException ex) {
        throw new CaMgmtException("KeyStoreException: " + ex.getMessage(), ex);
    } catch (PasswordResolverException ex) {
        throw new CaMgmtException("PasswordResolverException: " + ex.getMessage(), ex);
    }
    pairs.putPair("keystore", "base64:" + Base64.encodeToString(ksBytes));
    return pairs.getEncoded();
}
Also used : CaMgmtException(org.xipki.ca.server.mgmt.api.CaMgmtException) PasswordResolverException(org.xipki.password.PasswordResolverException) ConfPairs(org.xipki.common.ConfPairs) IOException(java.io.IOException) KeyStoreException(java.security.KeyStoreException)

Example 8 with PasswordResolverException

use of org.xipki.password.PasswordResolverException in project xipki by xipki.

the class PBEConsumerPasswordCallback method getPassword.

@Override
public char[] getPassword(String prompt, String testToken) throws PasswordResolverException {
    if (passwordName == null) {
        throw new PasswordResolverException("please initialize me first");
    }
    try {
        for (int i = 0; i < tries; i++) {
            char[] password;
            try {
                password = PasswordProducer.takePassword(passwordName);
            } catch (InterruptedException ex) {
                throw new PasswordResolverException("interrupted");
            }
            boolean valid = isPasswordValid(password, testToken);
            PasswordProducer.setPasswordCorrect(passwordName, valid);
            if (valid) {
                return password;
            }
        }
    } finally {
        PasswordProducer.unregisterPasswordConsumer(passwordName);
    }
    String msg = "Could not get the password " + passwordName + "after " + tries + " tries";
    LOG.error(msg);
    System.out.println(msg);
    throw new PasswordResolverException(msg);
}
Also used : PasswordResolverException(org.xipki.password.PasswordResolverException)

Example 9 with PasswordResolverException

use of org.xipki.password.PasswordResolverException in project xipki by xipki.

the class SignerFactoryRegisterImpl method newKeystoreSigner.

private ConcurrentContentSigner newKeystoreSigner(SecurityFactory securityFactory, String type, SignerConf conf, X509Certificate[] certificateChain) throws ObjectCreationException {
    String str = conf.getConfValue("parallelism");
    int parallelism = securityFactory.getDefaultSignerParallelism();
    if (str != null) {
        try {
            parallelism = Integer.parseInt(str);
        } catch (NumberFormatException ex) {
            throw new ObjectCreationException("invalid parallelism " + str);
        }
        if (parallelism < 1) {
            throw new ObjectCreationException("invalid parallelism " + str);
        }
    }
    String passwordHint = conf.getConfValue("password");
    char[] password;
    if (passwordHint == null) {
        password = null;
    } else {
        PasswordResolver passwordResolver = securityFactory.getPasswordResolver();
        if (passwordResolver == null) {
            password = passwordHint.toCharArray();
        } else {
            try {
                password = passwordResolver.resolvePassword(passwordHint);
            } catch (PasswordResolverException ex) {
                throw new ObjectCreationException("could not resolve password. Message: " + ex.getMessage());
            }
        }
    }
    str = conf.getConfValue("keystore");
    String keyLabel = conf.getConfValue("key-label");
    InputStream keystoreStream;
    if (StringUtil.startsWithIgnoreCase(str, "base64:")) {
        keystoreStream = new ByteArrayInputStream(Base64.decode(str.substring("base64:".length())));
    } else if (StringUtil.startsWithIgnoreCase(str, "file:")) {
        String fn = str.substring("file:".length());
        try {
            keystoreStream = new FileInputStream(IoUtil.expandFilepath(fn));
        } catch (FileNotFoundException ex) {
            throw new ObjectCreationException("file not found: " + fn);
        }
    } else {
        throw new ObjectCreationException("unknown keystore content format");
    }
    try {
        AlgorithmIdentifier macAlgId = null;
        String algoName = conf.getConfValue("algo");
        if (algoName != null) {
            try {
                macAlgId = AlgorithmUtil.getMacAlgId(algoName);
            } catch (NoSuchAlgorithmException ex) {
            // do nothing
            }
        }
        if (macAlgId != null) {
            SoftTokenMacContentSignerBuilder signerBuilder = new SoftTokenMacContentSignerBuilder(type, keystoreStream, password, keyLabel, password);
            return signerBuilder.createSigner(macAlgId, parallelism, securityFactory.getRandom4Sign());
        } else {
            SoftTokenContentSignerBuilder signerBuilder = new SoftTokenContentSignerBuilder(type, keystoreStream, password, keyLabel, password, certificateChain);
            AlgorithmIdentifier signatureAlgId;
            if (conf.getHashAlgo() == null) {
                signatureAlgId = AlgorithmUtil.getSigAlgId(null, conf);
            } else {
                PublicKey pubKey = signerBuilder.getCertificate().getPublicKey();
                signatureAlgId = AlgorithmUtil.getSigAlgId(pubKey, conf);
            }
            return signerBuilder.createSigner(signatureAlgId, parallelism, securityFactory.getRandom4Sign());
        }
    } catch (NoSuchAlgorithmException | NoSuchPaddingException | XiSecurityException ex) {
        throw new ObjectCreationException(String.format("%s: %s", ex.getClass().getName(), ex.getMessage()));
    }
}
Also used : PasswordResolver(org.xipki.password.PasswordResolver) ByteArrayInputStream(java.io.ByteArrayInputStream) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) PublicKey(java.security.PublicKey) FileNotFoundException(java.io.FileNotFoundException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) FileInputStream(java.io.FileInputStream) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) XiSecurityException(org.xipki.security.exception.XiSecurityException) ByteArrayInputStream(java.io.ByteArrayInputStream) ObjectCreationException(org.xipki.common.ObjectCreationException) SoftTokenContentSignerBuilder(org.xipki.security.pkcs12.SoftTokenContentSignerBuilder) PasswordResolverException(org.xipki.password.PasswordResolverException) SoftTokenMacContentSignerBuilder(org.xipki.security.pkcs12.SoftTokenMacContentSignerBuilder)

Aggregations

PasswordResolverException (org.xipki.password.PasswordResolverException)9 IOException (java.io.IOException)4 ConfPairs (org.xipki.common.ConfPairs)4 FileInputStream (java.io.FileInputStream)2 Properties (java.util.Properties)2 CaMgmtException (org.xipki.ca.server.mgmt.api.CaMgmtException)2 BufferedReader (java.io.BufferedReader)1 ByteArrayInputStream (java.io.ByteArrayInputStream)1 FileNotFoundException (java.io.FileNotFoundException)1 FileReader (java.io.FileReader)1 InputStream (java.io.InputStream)1 KeyStoreException (java.security.KeyStoreException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 PublicKey (java.security.PublicKey)1 Connection (java.sql.Connection)1 Date (java.util.Date)1 NoSuchPaddingException (javax.crypto.NoSuchPaddingException)1 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)1 CertificateStore (org.xipki.ca.server.impl.store.CertificateStore)1 ObjectCreationException (org.xipki.common.ObjectCreationException)1