Search in sources :

Example 1 with KeyStoreIOException

use of won.owner.model.KeyStoreIOException in project webofneeds by researchstudio-sat.

the class RestUserController method changePassword.

/**
 * Changes the user's password
 *
 * @param changePasswordPojo password changing data
 * @param errors
 * @return ResponseEntity with Http Status Code
 */
@ResponseBody
@RequestMapping(value = "/changePassword", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.POST)
// TODO: move transactionality annotation into the service layer
@Transactional(propagation = Propagation.REQUIRED)
public ResponseEntity changePassword(@RequestBody ChangePasswordPojo changePasswordPojo, Errors errors, HttpServletRequest request, HttpServletResponse response) {
    logger.debug("processing request to /changePassword");
    String username = SecurityContextHolder.getContext().getAuthentication().getName();
    if (username == null) {
        return generateStatusResponse(RestStatusResponse.USER_NOT_SIGNED_IN);
    }
    if (!username.equals(changePasswordPojo.getUsername())) {
        return generateStatusResponse(RestStatusResponse.USERNAME_MISMATCH);
    }
    try {
        passwordChangeValidator.validate(changePasswordPojo, errors);
        if (errors.hasErrors()) {
            if (errors.getFieldErrorCount() > 0) {
                return generateStatusResponse(RestStatusResponse.PASSWORDCHANGE_BAD_PASSWORD);
            } else {
                // username is not found
                return generateStatusResponse(RestStatusResponse.PASSWORDCHANGE_USER_NOT_FOUND);
            }
        }
        User user = userService.changePassword(changePasswordPojo.getUsername(), changePasswordPojo.getNewPassword(), changePasswordPojo.getOldPassword());
        eventPublisher.publishEvent(new OnPasswordChangedEvent(user, request.getLocale(), request.getContextPath()));
        String recoveryKey = userService.generateRecoveryKey(changePasswordPojo.getUsername(), changePasswordPojo.getNewPassword());
        eventPublisher.publishEvent(new OnRecoveryKeyGeneratedEvent(user, recoveryKey));
        return generateUserResponse(user);
    } catch (IncorrectPasswordException e) {
        return generateStatusResponse(RestStatusResponse.PASSWORDCHANGE_WRONG_OLD_PASSWORD);
    } catch (UserNotFoundException e) {
        return generateStatusResponse(RestStatusResponse.USER_NOT_FOUND);
    } catch (KeyStoreIOException e) {
        return generateStatusResponse(RestStatusResponse.PASSWORDCHANGE_KEYSTORE_PROBLEM);
    }
}
Also used : OnRecoveryKeyGeneratedEvent(won.owner.web.events.OnRecoveryKeyGeneratedEvent) UserNotFoundException(won.owner.service.impl.UserNotFoundException) KeyStoreIOException(won.owner.model.KeyStoreIOException) User(won.owner.model.User) OnPasswordChangedEvent(won.owner.web.events.OnPasswordChangedEvent) IncorrectPasswordException(won.owner.service.impl.IncorrectPasswordException) ResponseBody(org.springframework.web.bind.annotation.ResponseBody) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) Transactional(org.springframework.transaction.annotation.Transactional)

Example 2 with KeyStoreIOException

use of won.owner.model.KeyStoreIOException in project webofneeds by researchstudio-sat.

the class RestUserController method resetPassword.

/**
 * Resets the user's password using the recovery key.
 *
 * @param resetPasswordPojo password changing data
 * @param errors
 * @return ResponseEntity with Http Status Code
 */
@ResponseBody
@RequestMapping(value = "/resetPassword", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.POST)
// TODO: move transactionality annotation into the service layer
@Transactional(propagation = Propagation.REQUIRED)
public ResponseEntity resetPassword(@RequestBody ResetPasswordPojo resetPasswordPojo, Errors errors, HttpServletRequest request, HttpServletResponse response) {
    logger.debug("processing request to /resetPassword");
    try {
        resetPasswordValidator.validate(resetPasswordPojo, errors);
        if (errors.hasErrors()) {
            if (errors.getFieldErrorCount() > 0) {
                return generateStatusResponse(RestStatusResponse.PASSWORDCHANGE_BAD_PASSWORD);
            } else {
                // username is not found
                return generateStatusResponse(RestStatusResponse.PASSWORDCHANGE_USER_NOT_FOUND);
            }
        }
        User user = userService.useRecoveryKey(resetPasswordPojo.getUsername(), resetPasswordPojo.getNewPassword(), resetPasswordPojo.getRecoveryKey());
        eventPublisher.publishEvent(new OnPasswordChangedEvent(user, request.getLocale(), request.getContextPath()));
        String recoveryKey = userService.generateRecoveryKey(resetPasswordPojo.getUsername(), resetPasswordPojo.getNewPassword());
        eventPublisher.publishEvent(new OnRecoveryKeyGeneratedEvent(user, recoveryKey));
        return generateUserResponse(user);
    } catch (IncorrectPasswordException e) {
        return generateStatusResponse(RestStatusResponse.PASSWORDCHANGE_WRONG_OLD_PASSWORD);
    } catch (UserNotFoundException e) {
        return generateStatusResponse(RestStatusResponse.USER_NOT_FOUND);
    } catch (KeyStoreIOException e) {
        return generateStatusResponse(RestStatusResponse.PASSWORDCHANGE_KEYSTORE_PROBLEM);
    }
}
Also used : OnRecoveryKeyGeneratedEvent(won.owner.web.events.OnRecoveryKeyGeneratedEvent) UserNotFoundException(won.owner.service.impl.UserNotFoundException) KeyStoreIOException(won.owner.model.KeyStoreIOException) User(won.owner.model.User) OnPasswordChangedEvent(won.owner.web.events.OnPasswordChangedEvent) IncorrectPasswordException(won.owner.service.impl.IncorrectPasswordException) ResponseBody(org.springframework.web.bind.annotation.ResponseBody) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) Transactional(org.springframework.transaction.annotation.Transactional)

Example 3 with KeyStoreIOException

use of won.owner.model.KeyStoreIOException in project webofneeds by researchstudio-sat.

the class UserService method changeKeystorePassword.

/**
 * Changes the keystore password, re-encrypting the private keys with the new
 * password.
 *
 * @return the new keystore password
 */
private String changeKeystorePassword(User user, String oldKeystorePassword) throws KeyStoreIOException {
    String newKeystorePassword = KeystorePasswordUtils.generatePassword(KeystorePasswordUtils.KEYSTORE_PASSWORD_BYTES);
    KeyStore keyStore = user.getKeystoreHolder().getKeystore(oldKeystorePassword);
    // re-encrypt all private keys with the new password
    try {
        Enumeration aliases = keyStore.aliases();
        try {
            while (aliases.hasMoreElements()) {
                String alias = (String) aliases.nextElement();
                if (keyStore.isKeyEntry(alias)) {
                    Key key = keyStore.getKey(alias, oldKeystorePassword.toCharArray());
                    Certificate[] chain = keyStore.getCertificateChain(alias);
                    keyStore.setKeyEntry(alias, key, newKeystorePassword.toCharArray(), chain);
                } else if (keyStore.isCertificateEntry(alias)) {
                // ignore - certificates are not encrypted with a key
                }
                logger.debug("re-encrypted key for alias: {} ", alias);
            }
        } catch (UnrecoverableKeyException e) {
            throw new KeyStoreIOException("could not re-encrypt key", e);
        } catch (NoSuchAlgorithmException e) {
            throw new KeyStoreIOException("could not re-encrypt key", e);
        }
    } catch (KeyStoreException e) {
        throw new KeyStoreIOException("could not re-encrypt key", e);
    }
    user.getKeystoreHolder().setKeystore(keyStore, newKeystorePassword);
    return newKeystorePassword;
}
Also used : KeyStoreIOException(won.owner.model.KeyStoreIOException) Enumeration(java.util.Enumeration) UnrecoverableKeyException(java.security.UnrecoverableKeyException) ExpensiveSecureRandomString(won.protocol.util.ExpensiveSecureRandomString) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyStoreException(java.security.KeyStoreException) KeyStore(java.security.KeyStore) Key(java.security.Key) Certificate(java.security.cert.Certificate)

Aggregations

KeyStoreIOException (won.owner.model.KeyStoreIOException)3 Transactional (org.springframework.transaction.annotation.Transactional)2 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)2 ResponseBody (org.springframework.web.bind.annotation.ResponseBody)2 User (won.owner.model.User)2 IncorrectPasswordException (won.owner.service.impl.IncorrectPasswordException)2 UserNotFoundException (won.owner.service.impl.UserNotFoundException)2 OnPasswordChangedEvent (won.owner.web.events.OnPasswordChangedEvent)2 OnRecoveryKeyGeneratedEvent (won.owner.web.events.OnRecoveryKeyGeneratedEvent)2 Key (java.security.Key)1 KeyStore (java.security.KeyStore)1 KeyStoreException (java.security.KeyStoreException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 UnrecoverableKeyException (java.security.UnrecoverableKeyException)1 Certificate (java.security.cert.Certificate)1 Enumeration (java.util.Enumeration)1 ExpensiveSecureRandomString (won.protocol.util.ExpensiveSecureRandomString)1