001    package org.cumulus4j.keymanager.api.internal.local;
002    
003    import java.io.File;
004    import java.io.IOException;
005    import java.net.MalformedURLException;
006    import java.net.URI;
007    import java.net.URISyntaxException;
008    import java.net.URL;
009    import java.util.Collections;
010    import java.util.HashMap;
011    import java.util.Map;
012    
013    import org.cumulus4j.keymanager.AppServer;
014    import org.cumulus4j.keymanager.AppServerManager;
015    import org.cumulus4j.keymanager.api.AuthenticationException;
016    import org.cumulus4j.keymanager.api.CannotDeleteLastUserException;
017    import org.cumulus4j.keymanager.api.CryptoSession;
018    import org.cumulus4j.keymanager.api.DateDependentKeyStrategyInitParam;
019    import org.cumulus4j.keymanager.api.DateDependentKeyStrategyInitResult;
020    import org.cumulus4j.keymanager.api.KeyManagerAPIConfiguration;
021    import org.cumulus4j.keymanager.api.KeyManagerAPIInstantiationException;
022    import org.cumulus4j.keymanager.api.KeyStoreNotEmptyException;
023    import org.cumulus4j.keymanager.api.internal.AbstractKeyManagerAPI;
024    import org.cumulus4j.keystore.DateDependentKeyStrategy;
025    import org.cumulus4j.keystore.KeyStore;
026    import org.cumulus4j.keystore.UserNotFoundException;
027    
028    /**
029     * @author Marco หงุ่ยตระกูล-Schulze - marco at nightlabs dot de
030     */
031    public class LocalKeyManagerAPI extends AbstractKeyManagerAPI
032    {
033            private KeyStore keyStore;
034            private AppServerManager appServerManager;
035            private Map<String, String> appServerBaseURL2appServerID = Collections.synchronizedMap(new HashMap<String, String>());
036    
037            private KeyStore getKeyStore() throws IOException
038            {
039                    KeyStore ks = this.keyStore;
040    
041                    if (ks == null) {
042                            ks = new KeyStore(getKeyStoreID(), getKeyStoreFile());
043                            this.keyStore = ks;
044                    }
045    
046                    return ks;
047            }
048    
049            private AppServerManager getAppServerManager() throws IOException
050            {
051                    AppServerManager asm = this.appServerManager;
052    
053                    if (asm == null) {
054                            asm = new AppServerManager(getKeyStore());
055                            this.appServerManager = asm;
056                    }
057    
058                    return asm;
059            }
060    
061            private File getKeyStoreFile() throws IOException
062            {
063                    File keyStoreDir;
064                    String keyManagerBaseURL = getKeyManagerBaseURL();
065    
066                    if (keyManagerBaseURL == null) {
067                            String userHome = System.getProperty("user.home"); //$NON-NLS-1$
068                            if (userHome == null)
069                                    throw new IllegalStateException("System property user.home is not set! This should never happen!"); //$NON-NLS-1$
070    
071                            keyStoreDir = new File(userHome, ".cumulus4j");
072                    }
073                    else {
074                            if (!keyManagerBaseURL.startsWith(FILE_URL_PREFIX))
075                                    throw new IllegalStateException("keyManagerBaseURL does not start with \"" + FILE_URL_PREFIX + "\"!!!");
076    
077                            // see: http://weblogs.java.net/blog/kohsuke/archive/2007/04/how_to_convert.html
078                            try {
079                                    keyStoreDir = new File(new URI(keyManagerBaseURL));
080                            } catch (URISyntaxException x) {
081                                    try {
082                                            keyStoreDir = new File(new URL(keyManagerBaseURL).getPath());
083                                    } catch (MalformedURLException e) {
084                                            throw new IllegalStateException("keyManagerBaseURL is malformed: " + e, e);
085                                    }
086                            }
087                    }
088    
089                    if (!keyStoreDir.isDirectory()) {
090                            keyStoreDir.mkdirs();
091    
092                            if (!keyStoreDir.isDirectory())
093                                    throw new IOException("Creating directory \"" + keyStoreDir.getAbsolutePath() + "\" failed! Check permissions!");
094                    }
095    
096                    return new File(keyStoreDir, getKeyStoreID() + ".keystore");
097            }
098    
099            @Override
100            public void setConfiguration(KeyManagerAPIConfiguration configuration) throws IllegalArgumentException, KeyManagerAPIInstantiationException
101            {
102                    super.setConfiguration(configuration);
103                    this.keyStore = null;
104                    this.appServerManager = null;
105                    appServerBaseURL2appServerID.clear();
106            }
107    
108            public LocalKeyManagerAPI()
109            throws KeyManagerAPIInstantiationException
110            {
111                    // We test here, whether the KeyStore is accessible. If it is not, it means the local stuff is not deployed
112                    // and it should not be possible to instantiate a LocalKeyManagerAPI.
113                    KeyStore.class.getConstructors();
114            }
115    
116            @Override
117            public DateDependentKeyStrategyInitResult initDateDependentKeyStrategy(DateDependentKeyStrategyInitParam param)
118            throws KeyStoreNotEmptyException, IOException
119            {
120                    if (param == null)
121                            throw new IllegalArgumentException("param == null");
122    
123                    DateDependentKeyStrategyInitResult result = new DateDependentKeyStrategyInitResult();
124    
125                    try {
126                            KeyStore keyStore = getKeyStore();
127                            DateDependentKeyStrategy keyStrategy = new DateDependentKeyStrategy(keyStore);
128                            keyStrategy.init(getAuthUserName(), getAuthPassword(), param.getKeyActivityPeriodMSec(), param.getKeyStorePeriodMSec());
129    
130                            result.setGeneratedKeyCount(
131                                            keyStore.getKeyIDs(getAuthUserName(), getAuthPassword()).size()
132                            );
133    
134                            return result;
135                    } catch (org.cumulus4j.keystore.KeyStoreNotEmptyException e) {
136                            throw new KeyStoreNotEmptyException(e);
137                    } catch (org.cumulus4j.keystore.AuthenticationException e) {
138                            throw new IOException(e); // Should never happen, because we were able to initialise the key-store with this auth-data.
139                    }
140            }
141    
142            @Override
143            public void putUser(String userName, char[] password) throws AuthenticationException, IOException
144            {
145                    KeyStore keyStore = getKeyStore();
146                    try {
147                            try {
148                                    keyStore.createUser(getAuthUserName(), getAuthPassword(), userName, password);
149                            } catch (org.cumulus4j.keystore.UserAlreadyExistsException e) {
150                                    try {
151                                            keyStore.changeUserPassword(getAuthUserName(), getAuthPassword(), userName, password);
152                                    } catch (UserNotFoundException e1) {
153                                            throw new RuntimeException("What the hell?! Just caught a UserAlreadyExistsException - why is the user not existing now?!", e1);
154                                    }
155                            }
156                    } catch (org.cumulus4j.keystore.AuthenticationException e) {
157                            throw new AuthenticationException(e);
158                    }
159    
160                    // If we changed the current user's password, we automatically re-configure this API instance.
161                    KeyManagerAPIConfiguration conf = getConf();
162                    if (conf.getAuthUserName() != null && conf.getAuthUserName().equals(userName)) {
163                            KeyManagerAPIConfiguration newConf = new KeyManagerAPIConfiguration(conf);
164                            newConf.setAuthPassword(password);
165                            try {
166                                    setConfiguration(newConf);
167                            } catch (KeyManagerAPIInstantiationException e) {
168                                    throw new RuntimeException(e); // Shouldn't happen, because we copied the old configuration.
169                            }
170                    }
171            }
172    
173            @Override
174            public void deleteUser(String userName) throws AuthenticationException, CannotDeleteLastUserException, IOException
175            {
176                    KeyStore keyStore = getKeyStore();
177                    try {
178                            keyStore.deleteUser(getAuthUserName(), getAuthPassword(), userName);
179                    } catch (org.cumulus4j.keystore.UserNotFoundException e) {
180                            // silently ignore
181                            doNothing();
182                    } catch (org.cumulus4j.keystore.CannotDeleteLastUserException e) {
183                            throw new CannotDeleteLastUserException(e);
184                    } catch (org.cumulus4j.keystore.AuthenticationException e) {
185                            throw new AuthenticationException(e);
186                    }
187            }
188    
189            private static final void doNothing() { }
190    
191            @Override
192            public CryptoSession getCryptoSession(String appServerBaseURL) throws IOException, AuthenticationException
193            {
194    //              try {
195                            AppServerManager appServerManager = getAppServerManager();
196                            AppServer appServer;
197                            synchronized (appServerBaseURL2appServerID) {
198                                    String appServerID = appServerBaseURL2appServerID.get(appServerBaseURL);
199                                    if (appServerID == null) {
200                                            appServer = new AppServer(appServerManager, appServerID, appServerBaseURL);
201                                            appServerManager.putAppServer(appServer);
202                                            appServer.getAppServerID();
203                                    }
204                                    else
205                                            appServer = appServerManager.getAppServerForAppServerID(appServerID);
206                            }
207    
208    //                      // Try to open the session already now, so that we know already here, whether this works (but lock it immediately, again).
209    //                      appServer.getSessionManager().acquireSession(getAuthUserName(), getAuthPassword()).release();
210    
211                            return new LocalCryptoSession(this, appServer);
212    //              } catch (org.cumulus4j.keystore.AuthenticationException e) {
213    //                      throw new AuthenticationException(e);
214    //              }
215            }
216    
217    }