Examples with KeystorePasswordHolder won.owner.model.KeystorePasswordHolder used on opensource projects

Search in sources :

Example 6 with KeystorePasswordHolder

use of won.owner.model.KeystorePasswordHolder in project webofneeds by researchstudio-sat.

the class RestUserController method registerUser.

/**
 * Registers the specified user with password and an opional role.
 * Assumes values have already been checked for syntactic validity.
 * @param email
 * @param password
 * @param role
 * @throws UserAlreadyExistsException
 */
private void registerUser(String email, String password, String role) throws UserAlreadyExistsException {
    User user = userRepository.findByUsername(email);
    if (user != null) {
        throw new UserAlreadyExistsException();
    }
    try {
        PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
        user = new User(email, passwordEncoder.encode(password), role);
        user.setEmail(email);
        KeystorePasswordHolder keystorePassword = new KeystorePasswordHolder();
        // generate a password for the keystore and save it in the database, encrypted with a symmetric key
        // derived from the user's password
        keystorePassword.setPassword(KeystorePasswordUtils.generatePassword(KeystorePasswordUtils.KEYSTORE_PASSWORD_BYTES), password);
        // keystorePassword = keystorePasswordRepository.save(keystorePassword);
        // generate the keystore for the user
        KeystoreHolder keystoreHolder = new KeystoreHolder();
        try {
            // create the keystore if it doesnt exist yet
            keystoreHolder.getKeystore(keystorePassword.getPassword(password));
        } catch (Exception e) {
            throw new IllegalStateException("could not create keystore for user " + email);
        }
        // keystoreHolder = keystoreHolderRepository.save(keystoreHolder);
        user.setKeystorePasswordHolder(keystorePassword);
        user.setKeystoreHolder(keystoreHolder);
        userRepository.save(user);
    } catch (DataIntegrityViolationException e) {
        // username is already in database
        throw new UserAlreadyExistsException();
    }
}
Also used : User(won.owner.model.User) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder) KeystoreHolder(won.owner.model.KeystoreHolder) UserAlreadyExistsException(won.owner.service.impl.UserAlreadyExistsException) KeystorePasswordHolder(won.owner.model.KeystorePasswordHolder) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) URISyntaxException(java.net.URISyntaxException) DataIntegrityViolationException(org.springframework.dao.DataIntegrityViolationException) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) UserAlreadyExistsException(won.owner.service.impl.UserAlreadyExistsException) DataIntegrityViolationException(org.springframework.dao.DataIntegrityViolationException)

Example 7 with KeystorePasswordHolder

use of won.owner.model.KeystorePasswordHolder in project webofneeds by researchstudio-sat.

the class UserService method useRecoveryKey.

/**
 * Uses the recoveryKey to unlock the keystore password, then generates a new
 * keystore password and if that all works, changes the user's password and
 * deletes the recovery key.
 */
@Transactional(propagation = Propagation.REQUIRED)
public User useRecoveryKey(String username, String newPassword, String recoveryKey) throws UserNotFoundException, KeyStoreIOException, IncorrectPasswordException {
    logger.debug("using recoery key to reset password for user {}", username);
    PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
    User user = getByUsernameWithKeystorePassword(username);
    if (user == null) {
        throw new UserNotFoundException("cannot change password: user not found");
    }
    KeystorePasswordHolder keystorePasswordHolder = user.getRecoverableKeystorePasswordHolder();
    String oldKeystorePassword = keystorePasswordHolder.getPassword(recoveryKey);
    logger.debug("re-encrypting keystore for user {} with new keystore password", username);
    String newKeystorePassword = changeKeystorePassword(user, oldKeystorePassword);
    user.setKeystorePasswordHolder(keystorePasswordHolder);
    user.getKeystorePasswordHolder().setPassword(newKeystorePassword, newPassword);
    // everything has worked so far, now we can also change the user's password
    user.setPassword(passwordEncoder.encode(newPassword));
    // we delete the recoverable keystore key as it will no longer work
    user.setRecoverableKeystorePasswordHolder(null);
    save(user);
    logger.debug("password changed for user {}", username);
    // persistent logins won't work any more as we changed the keystore password, so
    // let's delete them
    persistentLoginRepository.deleteByUsername(username);
    return user;
}
Also used : User(won.owner.model.User) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder) ExpensiveSecureRandomString(won.protocol.util.ExpensiveSecureRandomString) KeystorePasswordHolder(won.owner.model.KeystorePasswordHolder) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) Transactional(org.springframework.transaction.annotation.Transactional)

Example 8 with KeystorePasswordHolder

use of won.owner.model.KeystorePasswordHolder in project webofneeds by researchstudio-sat.

the class UserService method transferUser.

/**
 * Transfers the specific user to a non existant new user with password and an
 * optional role.
 *
 * @param newEmail
 * @param newPassword
 * @param privateUsername
 * @param privatePassword
 * @param role
 * @throws UserAlreadyExistsException when the new User already exists
 * @throws won.owner.service.impl.UserNotFoundException when the private User is
 * not found
 */
public User transferUser(String newEmail, String newPassword, String privateUsername, String privatePassword, String role) throws UserAlreadyExistsException, UserNotFoundException {
    User user = getByUsername(newEmail);
    if (user != null) {
        throw new UserAlreadyExistsException();
    }
    try {
        PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
        User privateUser = getByUsernameWithKeystorePassword(privateUsername);
        if (privateUser == null) {
            throw new UserNotFoundException();
        }
        // change the username/email and keystorpw holder
        privateUser.setUsername(newEmail);
        privateUser.setPassword(passwordEncoder.encode(newPassword));
        privateUser.setEmail(newEmail);
        privateUser.setEmailVerified(false);
        privateUser.setPrivateId(null);
        // transfer only available when flag is set therefore we can
        privateUser.setAcceptedTermsOfService(true);
        // this to true (i think)
        if (role != null) {
            privateUser.setRole(role);
        }
        KeystorePasswordHolder privateKeystorePassword = privateUser.getKeystorePasswordHolder();
        String keystorePassword = privateKeystorePassword.getPassword(privatePassword);
        // ************************************************
        KeystorePasswordHolder newKeystorePassword = new KeystorePasswordHolder();
        // generate a newPassword for the keystore and save it in the database,
        // encrypted with a symmetric key
        // derived from the user's new password
        newKeystorePassword.setPassword(keystorePassword, newPassword);
        privateUser.setKeystorePasswordHolder(newKeystorePassword);
        // we delete the recoverable keystore key as it will no longer work
        privateUser.setRecoverableKeystorePasswordHolder(null);
        save(privateUser);
        return privateUser;
    } catch (DataIntegrityViolationException e) {
        throw new UserAlreadyExistsException();
    }
}
Also used : User(won.owner.model.User) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder) ExpensiveSecureRandomString(won.protocol.util.ExpensiveSecureRandomString) KeystorePasswordHolder(won.owner.model.KeystorePasswordHolder) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) DataIntegrityViolationException(org.springframework.dao.DataIntegrityViolationException)

Example 9 with KeystorePasswordHolder

use of won.owner.model.KeystorePasswordHolder in project webofneeds by researchstudio-sat.

the class OwnerPersistenceTest method createUserWithAtom.

private void createUserWithAtom(URI atomUri, String email) {
    UserAtom a = new UserAtom();
    a.setUri(atomUri);
    a = userAtomRepository.save(a);
    String password = "password";
    String role = "SOMEROLE";
    PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
    User user = new User(email, passwordEncoder.encode(password), role);
    user.setEmail(email);
    // transfer only available when flag is set therefore we can just set
    user.setAcceptedTermsOfService(true);
    // this
    // to true (i think)
    KeystorePasswordHolder keystorePassword = new KeystorePasswordHolder();
    // generate a password for the keystore and save it in the database, encrypted
    // with a symmetric key
    // derived from the user's password
    keystorePassword.setPassword(KeystorePasswordUtils.generatePassword(KeystorePasswordUtils.KEYSTORE_PASSWORD_BYTES), password);
    // keystorePassword = keystorePasswordRepository.save(keystorePassword);
    // generate the keystore for the user
    KeystoreHolder keystoreHolder = new KeystoreHolder();
    try {
        // create the keystore if it doesnt exist yet
        keystoreHolder.getKeystore(keystorePassword.getPassword(password));
    } catch (Exception e) {
        throw new IllegalStateException("could not create keystore for user " + email);
    }
    // keystoreHolder = keystoreHolderRepository.save(keystoreHolder);
    user.setKeystorePasswordHolder(keystorePassword);
    user.setKeystoreHolder(keystoreHolder);
    user = userRepository.save(user);
    user.addUserAtom(a);
    user = userRepository.save(user);
}
Also used : UserAtom(won.owner.model.UserAtom) User(won.owner.model.User) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder) KeystoreHolder(won.owner.model.KeystoreHolder) KeystorePasswordHolder(won.owner.model.KeystorePasswordHolder) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) DataIntegrityViolationException(org.springframework.dao.DataIntegrityViolationException)

Example 10 with KeystorePasswordHolder

use of won.owner.model.KeystorePasswordHolder in project webofneeds by researchstudio-sat.

the class KeystoreEnabledDaoAuthenticationProvider method authenticate.

@Override
@Transactional
public Authentication authenticate(Authentication authentication) {
    String password = (String) authentication.getCredentials();
    String username = (String) authentication.getPrincipal();
    UsernamePasswordAuthenticationToken auth = (UsernamePasswordAuthenticationToken) super.authenticate(authentication);
    User user = (User) auth.getPrincipal();
    // can't use that object as it's detached. load the user again:
    user = userRepository.findById(user.getId()).get();
    KeystorePasswordHolder keystorePasswordHolder = user.getKeystorePasswordHolder();
    if (keystorePasswordHolder == null || keystorePasswordHolder.getEncryptedPassword() == null || keystorePasswordHolder.getEncryptedPassword().length() == 0) {
        keystorePasswordHolder = new KeystorePasswordHolder();
        // generate a password for the keystore and save it in the database, encrypted
        // with a symmetric key
        // derived from the user's password
        keystorePasswordHolder.setPassword(KeystorePasswordUtils.generatePassword(KeystorePasswordUtils.KEYSTORE_PASSWORD_BYTES), password);
        // keystorePasswordHolder =
        // keystorePasswordRepository.save(keystorePasswordHolder);
        // generate the keystore for the user
        user.setKeystorePasswordHolder(keystorePasswordHolder);
    }
    String keystorePassword = keystorePasswordHolder.getPassword(password);
    KeystoreHolder keystoreHolder = user.getKeystoreHolder();
    KeyStore keystore = null;
    if (keystoreHolder == null || keystoreHolder.getKeystoreBytes() == null || keystoreHolder.getKeystoreBytes().length == 0) {
        // new user or legacy user that has no keystore yet: create keystoreHolder
        keystoreHolder = new KeystoreHolder();
        keystore = openOrCreateKeyStore(keystorePassword, auth.getName(), keystoreHolder);
        // keystoreHolder = keystoreHolderRepository.save(keystoreHolder);
        user.setKeystoreHolder(keystoreHolder);
    } else {
        try {
            keystore = keystoreHolder.getKeystore(keystorePassword);
        } catch (Exception e) {
            throw new IllegalStateException("could not open keystore for user " + username);
        }
    }
    userRepository.save(user);
    KeystoreEnabledUserDetails ud = new KeystoreEnabledUserDetails(user, keystore, keystorePassword);
    return new UsernamePasswordAuthenticationToken(ud, null, auth.getAuthorities());
}
Also used : User(won.owner.model.User) KeystoreHolder(won.owner.model.KeystoreHolder) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) KeystorePasswordHolder(won.owner.model.KeystorePasswordHolder) KeyStore(java.security.KeyStore) Transactional(javax.transaction.Transactional)

Aggregations

KeystorePasswordHolder (won.owner.model.KeystorePasswordHolder)10 User (won.owner.model.User)9 BCryptPasswordEncoder (org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder)7 PasswordEncoder (org.springframework.security.crypto.password.PasswordEncoder)7 KeystoreHolder (won.owner.model.KeystoreHolder)6 Transactional (org.springframework.transaction.annotation.Transactional)5 DataIntegrityViolationException (org.springframework.dao.DataIntegrityViolationException)4 ExpensiveSecureRandomString (won.protocol.util.ExpensiveSecureRandomString)4 KeyStore (java.security.KeyStore)2 Date (java.util.Date)2 PersistentLogin (won.owner.model.PersistentLogin)2 URISyntaxException (java.net.URISyntaxException)1 KeyStoreException (java.security.KeyStoreException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 UnrecoverableKeyException (java.security.UnrecoverableKeyException)1 Optional (java.util.Optional)1 Transactional (javax.transaction.Transactional)1 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)1 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)1 UserDetails (org.springframework.security.core.userdetails.UserDetails)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial