org.argeo.cms.security

Class JcrKeyring

java.lang.Object

org.argeo.cms.security.AbstractKeyring

org.argeo.cms.security.JcrKeyring

All Implemented Interfaces:

CryptoKeyring, Keyring, ArgeoNames

public class JcrKeyring
extends AbstractKeyring
implements ArgeoNames

JCR based implementation of a keyring

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	DEFAULT_CIPHER_NAME
static java.lang.String	DEFAULT_SECRETE_KEY_ENCRYPTION
static java.lang.String	DEFAULT_SECRETE_KEY_FACTORY
static java.lang.Long	DEFAULT_SECRETE_KEY_LENGTH Stronger with 256, but causes problem with Oracle JVM, force 128 in this case

Fields inherited from interface org.argeo.cms.ArgeoNames

ARGEO_CIPHER, ARGEO_IS_KEY, ARGEO_ITERATION_COUNT, ARGEO_IV, ARGEO_KEY_LENGTH, ARGEO_KEYRING, ARGEO_NAMESPACE, ARGEO_PASSWORD, ARGEO_REMOTE, ARGEO_SALT, ARGEO_SECRET_KEY_ENCRYPTION, ARGEO_SECRET_KEY_FACTORY, ARGEO_URI, ARGEO_USER_ID

Constructor Summary

Constructors

Constructor and Description
JcrKeyring(Repository repository) When setup is called the session has not yet been saved and we don't want to save it since there maybe other data which would be inconsistent.

Method Summary

Modifier and Type	Method and Description
void	changePassword(char[] oldPassword, char[] newPassword)
protected javax.crypto.Cipher	createCipher()
protected java.io.InputStream	decrypt(javax.crypto.SecretKey secretKey, javax.crypto.Cipher cipher, Node node)
protected java.io.InputStream	decrypt(java.lang.String path)
protected void	encrypt(javax.crypto.SecretKey secretKey, javax.crypto.Cipher cipher, Node node, java.io.InputStream unencrypted)
protected void	encrypt(java.lang.String path, java.io.InputStream unencrypted) The parent node must already exist at this path.
protected void	handleKeySpecCallback(PBEKeySpecCallback pbeCallback) Populates the key spec callback
protected java.lang.Boolean	isSetup() Whether the keyring has already been created in the past with a master password
void	setCipherName(java.lang.String cipherName)
void	setIterationCountFactor(java.lang.Integer iterationCountFactor)
void	setSecretKeyEncryption(java.lang.String secreteKeyEncryption)
void	setSecretKeyFactoryName(java.lang.String secreteKeyFactoryName)
void	setSecretKeyLength(java.lang.Long keyLength)
protected void	setup(char[] password) Setup the keyring persistently, AbstractKeyring.isSetup() must return true afterwards

Methods inherited from class org.argeo.cms.security.AbstractKeyring

ask, getAsChars, getAsStream, getSecretKey, getSecurityProvider, set, set, setCharset, setDefaultCallbackHandler, setSecurityProviderName, unlock

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_SECRETE_KEY_LENGTH

public static final java.lang.Long DEFAULT_SECRETE_KEY_LENGTH

Stronger with 256, but causes problem with Oracle JVM, force 128 in this case

DEFAULT_SECRETE_KEY_FACTORY

public static final java.lang.String DEFAULT_SECRETE_KEY_FACTORY

See Also:

Constant Field Values

DEFAULT_SECRETE_KEY_ENCRYPTION

public static final java.lang.String DEFAULT_SECRETE_KEY_ENCRYPTION

See Also:

Constant Field Values

DEFAULT_CIPHER_NAME

public static final java.lang.String DEFAULT_CIPHER_NAME

See Also:

Constant Field Values

Constructor Detail

JcrKeyring

public JcrKeyring(Repository repository)

When setup is called the session has not yet been saved and we don't want to save it since there maybe other data which would be inconsistent. So we keep a reference to this node which will then be used (an reset to null) when handling the PBE callback. We keep one per thread in case multiple users are accessing the same instance of a keyring.

Method Detail

isSetup

protected java.lang.Boolean isSetup()

Description copied from class: AbstractKeyring

Whether the keyring has already been created in the past with a master password

Specified by:

isSetup in class AbstractKeyring

setup

protected void setup(char[] password)

Description copied from class: AbstractKeyring

Setup the keyring persistently, AbstractKeyring.isSetup() must return true afterwards

Specified by:

setup in class AbstractKeyring

handleKeySpecCallback

protected void handleKeySpecCallback(PBEKeySpecCallback pbeCallback)

Description copied from class: AbstractKeyring

Populates the key spec callback

Specified by:

handleKeySpecCallback in class AbstractKeyring

encrypt

protected void encrypt(java.lang.String path,
                       java.io.InputStream unencrypted)

The parent node must already exist at this path.

Specified by:

encrypt in class AbstractKeyring

encrypt

protected void encrypt(javax.crypto.SecretKey secretKey,
                       javax.crypto.Cipher cipher,
                       Node node,
                       java.io.InputStream unencrypted)

decrypt

protected java.io.InputStream decrypt(java.lang.String path)

Specified by:

decrypt in class AbstractKeyring

decrypt

protected java.io.InputStream decrypt(javax.crypto.SecretKey secretKey,
                                      javax.crypto.Cipher cipher,
                                      Node node)
                               throws RepositoryException,
                                      java.security.GeneralSecurityException

Throws:

RepositoryException

java.security.GeneralSecurityException

createCipher

protected javax.crypto.Cipher createCipher()

changePassword

public void changePassword(char[] oldPassword,
                           char[] newPassword)

Specified by:

changePassword in interface CryptoKeyring

setIterationCountFactor

public void setIterationCountFactor(java.lang.Integer iterationCountFactor)

setSecretKeyLength

public void setSecretKeyLength(java.lang.Long keyLength)

setSecretKeyFactoryName

public void setSecretKeyFactoryName(java.lang.String secreteKeyFactoryName)

setSecretKeyEncryption

public void setSecretKeyEncryption(java.lang.String secreteKeyEncryption)

setCipherName

public void setCipherName(java.lang.String cipherName)