use of won.owner.model.KeyStoreIOException in project webofneeds by researchstudio-sat.
the class RestUserController method changePassword.
/**
* Changes the user's password
*
* @param changePasswordPojo password changing data
* @param errors
* @return ResponseEntity with Http Status Code
*/
@ResponseBody
@RequestMapping(value = "/changePassword", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.POST)
// TODO: move transactionality annotation into the service layer
@Transactional(propagation = Propagation.REQUIRED)
public ResponseEntity changePassword(@RequestBody ChangePasswordPojo changePasswordPojo, Errors errors, HttpServletRequest request, HttpServletResponse response) {
logger.debug("processing request to /changePassword");
String username = SecurityContextHolder.getContext().getAuthentication().getName();
if (username == null) {
return generateStatusResponse(RestStatusResponse.USER_NOT_SIGNED_IN);
}
if (!username.equals(changePasswordPojo.getUsername())) {
return generateStatusResponse(RestStatusResponse.USERNAME_MISMATCH);
}
try {
passwordChangeValidator.validate(changePasswordPojo, errors);
if (errors.hasErrors()) {
if (errors.getFieldErrorCount() > 0) {
return generateStatusResponse(RestStatusResponse.PASSWORDCHANGE_BAD_PASSWORD);
} else {
// username is not found
return generateStatusResponse(RestStatusResponse.PASSWORDCHANGE_USER_NOT_FOUND);
}
}
User user = userService.changePassword(changePasswordPojo.getUsername(), changePasswordPojo.getNewPassword(), changePasswordPojo.getOldPassword());
eventPublisher.publishEvent(new OnPasswordChangedEvent(user, request.getLocale(), request.getContextPath()));
String recoveryKey = userService.generateRecoveryKey(changePasswordPojo.getUsername(), changePasswordPojo.getNewPassword());
eventPublisher.publishEvent(new OnRecoveryKeyGeneratedEvent(user, recoveryKey));
return generateUserResponse(user);
} catch (IncorrectPasswordException e) {
return generateStatusResponse(RestStatusResponse.PASSWORDCHANGE_WRONG_OLD_PASSWORD);
} catch (UserNotFoundException e) {
return generateStatusResponse(RestStatusResponse.USER_NOT_FOUND);
} catch (KeyStoreIOException e) {
return generateStatusResponse(RestStatusResponse.PASSWORDCHANGE_KEYSTORE_PROBLEM);
}
}
use of won.owner.model.KeyStoreIOException in project webofneeds by researchstudio-sat.
the class RestUserController method resetPassword.
/**
* Resets the user's password using the recovery key.
*
* @param resetPasswordPojo password changing data
* @param errors
* @return ResponseEntity with Http Status Code
*/
@ResponseBody
@RequestMapping(value = "/resetPassword", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.POST)
// TODO: move transactionality annotation into the service layer
@Transactional(propagation = Propagation.REQUIRED)
public ResponseEntity resetPassword(@RequestBody ResetPasswordPojo resetPasswordPojo, Errors errors, HttpServletRequest request, HttpServletResponse response) {
logger.debug("processing request to /resetPassword");
try {
resetPasswordValidator.validate(resetPasswordPojo, errors);
if (errors.hasErrors()) {
if (errors.getFieldErrorCount() > 0) {
return generateStatusResponse(RestStatusResponse.PASSWORDCHANGE_BAD_PASSWORD);
} else {
// username is not found
return generateStatusResponse(RestStatusResponse.PASSWORDCHANGE_USER_NOT_FOUND);
}
}
User user = userService.useRecoveryKey(resetPasswordPojo.getUsername(), resetPasswordPojo.getNewPassword(), resetPasswordPojo.getRecoveryKey());
eventPublisher.publishEvent(new OnPasswordChangedEvent(user, request.getLocale(), request.getContextPath()));
String recoveryKey = userService.generateRecoveryKey(resetPasswordPojo.getUsername(), resetPasswordPojo.getNewPassword());
eventPublisher.publishEvent(new OnRecoveryKeyGeneratedEvent(user, recoveryKey));
return generateUserResponse(user);
} catch (IncorrectPasswordException e) {
return generateStatusResponse(RestStatusResponse.PASSWORDCHANGE_WRONG_OLD_PASSWORD);
} catch (UserNotFoundException e) {
return generateStatusResponse(RestStatusResponse.USER_NOT_FOUND);
} catch (KeyStoreIOException e) {
return generateStatusResponse(RestStatusResponse.PASSWORDCHANGE_KEYSTORE_PROBLEM);
}
}
use of won.owner.model.KeyStoreIOException in project webofneeds by researchstudio-sat.
the class UserService method changeKeystorePassword.
/**
* Changes the keystore password, re-encrypting the private keys with the new
* password.
*
* @return the new keystore password
*/
private String changeKeystorePassword(User user, String oldKeystorePassword) throws KeyStoreIOException {
String newKeystorePassword = KeystorePasswordUtils.generatePassword(KeystorePasswordUtils.KEYSTORE_PASSWORD_BYTES);
KeyStore keyStore = user.getKeystoreHolder().getKeystore(oldKeystorePassword);
// re-encrypt all private keys with the new password
try {
Enumeration aliases = keyStore.aliases();
try {
while (aliases.hasMoreElements()) {
String alias = (String) aliases.nextElement();
if (keyStore.isKeyEntry(alias)) {
Key key = keyStore.getKey(alias, oldKeystorePassword.toCharArray());
Certificate[] chain = keyStore.getCertificateChain(alias);
keyStore.setKeyEntry(alias, key, newKeystorePassword.toCharArray(), chain);
} else if (keyStore.isCertificateEntry(alias)) {
// ignore - certificates are not encrypted with a key
}
logger.debug("re-encrypted key for alias: {} ", alias);
}
} catch (UnrecoverableKeyException e) {
throw new KeyStoreIOException("could not re-encrypt key", e);
} catch (NoSuchAlgorithmException e) {
throw new KeyStoreIOException("could not re-encrypt key", e);
}
} catch (KeyStoreException e) {
throw new KeyStoreIOException("could not re-encrypt key", e);
}
user.getKeystoreHolder().setKeystore(keyStore, newKeystorePassword);
return newKeystorePassword;
}
Aggregations