use of org.xipki.password.PasswordResolverException in project xipki by xipki.
the class PBEConsumerPasswordCallback method init.
@Override
public void init(String conf) throws PasswordResolverException {
ParamUtil.requireNonBlank("conf", conf);
ConfPairs pairs = new ConfPairs(conf);
String str = pairs.value("name");
if (StringUtil.isBlank(str)) {
throw new PasswordResolverException("name must not be null");
}
this.passwordName = str;
PasswordProducer.registerPasswordConsumer(this.passwordName);
str = pairs.value("tries");
if (StringUtil.isNotBlank(str)) {
int intValue = Integer.parseInt(str);
if (intValue > 0) {
this.tries = intValue;
}
}
}
use of org.xipki.password.PasswordResolverException in project xipki by xipki.
the class CaManagerImpl method canonicalizeSignerConf.
static String canonicalizeSignerConf(String keystoreType, String signerConf, X509Certificate[] certChain, SecurityFactory securityFactory) throws CaMgmtException {
if (!signerConf.contains("file:") && !signerConf.contains("base64:")) {
return signerConf;
}
ConfPairs pairs = new ConfPairs(signerConf);
String keystoreConf = pairs.value("keystore");
String passwordHint = pairs.value("password");
String keyLabel = pairs.value("key-label");
byte[] ksBytes;
if (StringUtil.startsWithIgnoreCase(keystoreConf, "file:")) {
String keystoreFile = keystoreConf.substring("file:".length());
try {
ksBytes = IoUtil.read(keystoreFile);
} catch (IOException ex) {
throw new CaMgmtException("IOException: " + ex.getMessage(), ex);
}
} else if (StringUtil.startsWithIgnoreCase(keystoreConf, "base64:")) {
ksBytes = Base64.decode(keystoreConf.substring("base64:".length()));
} else {
return signerConf;
}
try {
char[] password = securityFactory.getPasswordResolver().resolvePassword(passwordHint);
ksBytes = securityFactory.extractMinimalKeyStore(keystoreType, ksBytes, keyLabel, password, certChain);
} catch (KeyStoreException ex) {
throw new CaMgmtException("KeyStoreException: " + ex.getMessage(), ex);
} catch (PasswordResolverException ex) {
throw new CaMgmtException("PasswordResolverException: " + ex.getMessage(), ex);
}
pairs.putPair("keystore", "base64:" + Base64.encodeToString(ksBytes));
return pairs.getEncoded();
}
use of org.xipki.password.PasswordResolverException in project xipki by xipki.
the class PBEConsumerPasswordCallback method getPassword.
@Override
public char[] getPassword(String prompt, String testToken) throws PasswordResolverException {
if (passwordName == null) {
throw new PasswordResolverException("please initialize me first");
}
try {
for (int i = 0; i < tries; i++) {
char[] password;
try {
password = PasswordProducer.takePassword(passwordName);
} catch (InterruptedException ex) {
throw new PasswordResolverException("interrupted");
}
boolean valid = isPasswordValid(password, testToken);
PasswordProducer.setPasswordCorrect(passwordName, valid);
if (valid) {
return password;
}
}
} finally {
PasswordProducer.unregisterPasswordConsumer(passwordName);
}
String msg = "Could not get the password " + passwordName + "after " + tries + " tries";
LOG.error(msg);
System.out.println(msg);
throw new PasswordResolverException(msg);
}
use of org.xipki.password.PasswordResolverException in project xipki by xipki.
the class SignerFactoryRegisterImpl method newKeystoreSigner.
private ConcurrentContentSigner newKeystoreSigner(SecurityFactory securityFactory, String type, SignerConf conf, X509Certificate[] certificateChain) throws ObjectCreationException {
String str = conf.getConfValue("parallelism");
int parallelism = securityFactory.getDefaultSignerParallelism();
if (str != null) {
try {
parallelism = Integer.parseInt(str);
} catch (NumberFormatException ex) {
throw new ObjectCreationException("invalid parallelism " + str);
}
if (parallelism < 1) {
throw new ObjectCreationException("invalid parallelism " + str);
}
}
String passwordHint = conf.getConfValue("password");
char[] password;
if (passwordHint == null) {
password = null;
} else {
PasswordResolver passwordResolver = securityFactory.getPasswordResolver();
if (passwordResolver == null) {
password = passwordHint.toCharArray();
} else {
try {
password = passwordResolver.resolvePassword(passwordHint);
} catch (PasswordResolverException ex) {
throw new ObjectCreationException("could not resolve password. Message: " + ex.getMessage());
}
}
}
str = conf.getConfValue("keystore");
String keyLabel = conf.getConfValue("key-label");
InputStream keystoreStream;
if (StringUtil.startsWithIgnoreCase(str, "base64:")) {
keystoreStream = new ByteArrayInputStream(Base64.decode(str.substring("base64:".length())));
} else if (StringUtil.startsWithIgnoreCase(str, "file:")) {
String fn = str.substring("file:".length());
try {
keystoreStream = new FileInputStream(IoUtil.expandFilepath(fn));
} catch (FileNotFoundException ex) {
throw new ObjectCreationException("file not found: " + fn);
}
} else {
throw new ObjectCreationException("unknown keystore content format");
}
try {
AlgorithmIdentifier macAlgId = null;
String algoName = conf.getConfValue("algo");
if (algoName != null) {
try {
macAlgId = AlgorithmUtil.getMacAlgId(algoName);
} catch (NoSuchAlgorithmException ex) {
// do nothing
}
}
if (macAlgId != null) {
SoftTokenMacContentSignerBuilder signerBuilder = new SoftTokenMacContentSignerBuilder(type, keystoreStream, password, keyLabel, password);
return signerBuilder.createSigner(macAlgId, parallelism, securityFactory.getRandom4Sign());
} else {
SoftTokenContentSignerBuilder signerBuilder = new SoftTokenContentSignerBuilder(type, keystoreStream, password, keyLabel, password, certificateChain);
AlgorithmIdentifier signatureAlgId;
if (conf.getHashAlgo() == null) {
signatureAlgId = AlgorithmUtil.getSigAlgId(null, conf);
} else {
PublicKey pubKey = signerBuilder.getCertificate().getPublicKey();
signatureAlgId = AlgorithmUtil.getSigAlgId(pubKey, conf);
}
return signerBuilder.createSigner(signatureAlgId, parallelism, securityFactory.getRandom4Sign());
}
} catch (NoSuchAlgorithmException | NoSuchPaddingException | XiSecurityException ex) {
throw new ObjectCreationException(String.format("%s: %s", ex.getClass().getName(), ex.getMessage()));
}
}
Aggregations