cache keystore password in memory cf. #68 #69

todo: sanitize config loading behavior
author: Jakob Heher <jakob.heher@iaik.tugraz.at> 2022-07-08 13:42:20 +0200
committer: Jakob Heher <jakob.heher@iaik.tugraz.at> 2022-07-08 13:42:20 +0200
commit: b3ae550f4196dfc7b3b45739a04c5b1ae1859623 (patch)
tree: 599876d3b3552cf9208792a9ff2f52df3c4bde32 /pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow
parent: 486692a4cf587739481db3668268c3cd41070a76 (diff)
download: pdf-over-b3ae550f4196dfc7b3b45739a04c5b1ae1859623.tar.gz
pdf-over-b3ae550f4196dfc7b3b45739a04c5b1ae1859623.tar.bz2
pdf-over-b3ae550f4196dfc7b3b45739a04c5b1ae1859623.zip
2 files changed, 107 insertions, 28 deletions
diff --git a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/config/ConfigurationManager.java b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/config/ConfigurationManager.java
index 1cfa72b3..340c125a 100644
--- a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/config/ConfigurationManager.java
+++ b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/config/ConfigurationManager.java
@@ -230,8 +230,8 @@ public class ConfigurationManager {
 		setKeyStoreFile(diskConfig.getProperty(Constants.CFG_KEYSTORE_FILE));
 		setKeyStoreType(diskConfig.getProperty(Constants.CFG_KEYSTORE_TYPE));
 		setKeyStoreAlias(diskConfig.getProperty(Constants.CFG_KEYSTORE_ALIAS));
-		setKeyStoreStorePass(diskConfig.getProperty(Constants.CFG_KEYSTORE_STOREPASS));
-		setKeyStoreKeyPass(diskConfig.getProperty(Constants.CFG_KEYSTORE_KEYPASS));
+		setKeyStoreStorePassPersistent(diskConfig.getProperty(Constants.CFG_KEYSTORE_STOREPASS));
+		setKeyStoreKeyPassPersistent(diskConfig.getProperty(Constants.CFG_KEYSTORE_KEYPASS));
 		String storeTypeOnDisk = diskConfig.getProperty(Constants.CFG_KEYSTORE_PASSSTORETYPE);
 		if (storeTypeOnDisk == null) /* auto-detect based on old config */
 		{
@@ -877,7 +877,7 @@ public class ConfigurationManager {
 		return this.configuration.keystorePassStorageType;
 	}
 
-	public void setKeyStoreStorePass(String storePass) {
+	public void setKeyStoreStorePassPersistent(String storePass) {
 		this.configuration.keystoreStorePass = storePass;
 	}
 
@@ -898,7 +898,7 @@ public class ConfigurationManager {
 		return this.configuration.keystoreStorePass;
 	}
 
-	public void setKeyStoreKeyPass(String keyPass) {
+	public void setKeyStoreKeyPassPersistent(String keyPass) {
 		this.configuration.keystoreKeyPass = keyPass;
 	}
 
diff --git a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/KSState.java b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/KSState.java
index 94f6993c..d8231e99 100644
--- a/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/KSState.java
+++ b/pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow/states/KSState.java
@@ -17,6 +17,10 @@ package at.asit.pdfover.gui.workflow.states;
 
 // Imports
 import java.io.File;
+import java.security.Key;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.UnrecoverableKeyException;
 
 import org.eclipse.swt.SWT;
 import org.slf4j.Logger;
@@ -25,12 +29,14 @@ import org.slf4j.LoggerFactory;
 import at.asit.pdfover.gui.MainWindow.Buttons;
 import at.asit.pdfover.gui.MainWindowBehavior;
 import at.asit.pdfover.gui.controls.Dialog.BUTTONS;
+import at.asit.pdfover.gui.keystore.KeystoreUtils;
 import at.asit.pdfover.gui.controls.ErrorDialog;
 import at.asit.pdfover.gui.controls.PasswordInputDialog;
 import at.asit.pdfover.commons.Messages;
 import at.asit.pdfover.gui.workflow.StateMachine;
 import at.asit.pdfover.gui.workflow.Status;
 import at.asit.pdfover.gui.workflow.config.ConfigurationManager;
+import at.asit.pdfover.gui.workflow.config.ConfigurationDataInMemory.KeyStorePassStorageType;
 import at.asit.pdfover.signator.SignatureException;
 import at.asit.pdfover.signator.SigningState;
 
@@ -52,6 +58,16 @@ public class KSState extends State {
 		super(stateMachine);
 	}
 
+	private void showError(String messageKey, Object... args)
+	{
+		new ErrorDialog(getStateMachine().getMainShell(), String.format(Messages.getString(messageKey), args), BUTTONS.OK).open();
+	}
+
+	private boolean askShouldRetry(String messageKey, Object... args)
+	{
+		return SWT.RETRY == (new ErrorDialog(getStateMachine().getMainShell(), String.format(Messages.getString(messageKey), args), BUTTONS.RETRY_CANCEL).open());
+	}
+
 	/*
 	 * (non-Javadoc)
 	 *
@@ -71,37 +87,100 @@ public class KSState extends State {
 			File f = new File(file);
 			if (!f.isFile()) {
 				log.error("Keystore not found");
-				ErrorDialog dialog = new ErrorDialog(
-						getStateMachine().getMainShell(),
-						String.format(Messages.getString("error.KeyStoreFileNotExist"), f.getName()),
-						BUTTONS.RETRY_CANCEL);
-				if (dialog.open() != SWT.RETRY) {
-					//getStateMachine().exit();
+				if (askShouldRetry("error.KeyStoreFileNotExist", f.getName()))
+					this.run();
+				else
 					this.setNextState(new BKUSelectionState(getStateMachine()));
-					return;
-				}
-				this.run();
 				return;
 			}
-			String alias = config.getKeyStoreAlias();
+			String type = config.getKeyStoreType();
+			KeyStore keyStore = null;
 			String storePass = config.getKeyStoreStorePass();
-			// TODO trial and error
-			if (storePass == null) {
-				PasswordInputDialog pwd = new PasswordInputDialog(
-						getStateMachine().getMainShell(),
-						Messages.getString("keystore_config.KeystoreStorePass"),
-						Messages.getString("keystore.KeystoreStorePassEntry"));
-				storePass = pwd.open();
+			while (keyStore == null) {
+				if (storePass == null)
+				{
+					PasswordInputDialog pwd = new PasswordInputDialog(
+							getStateMachine().getMainShell(),
+							Messages.getString("keystore_config.KeystoreStorePass"),
+							Messages.getString("keystore.KeystoreStorePassEntry"));
+					storePass = pwd.open();
+					if (storePass == null)
+					{
+						this.setNextState(new BKUSelectionState(getStateMachine()));
+						return;
+					}
+				}
+
+				try {
+					keyStore = KeystoreUtils.tryLoadKeystore(f, type, storePass);
+				} catch (UnrecoverableKeyException e) {
+					showError("error.KeyStoreStorePass");
+					storePass = null;
+				} catch (Exception e) {
+					throw new SignatureException("Failed to load keystore", e);
+				}
 			}
+
+			/* we've successfully unlocked the key store, save the entered password if requested */
+			if (config.getKeyStorePassStorageType() == KeyStorePassStorageType.DISK)
+			{
+				/* only save to disk if the current keystore file is the one saved to disk */
+				/* (might not be true if overridden from CLI) */
+				if (file.equals(config.getKeyStoreFilePersistent()))
+					config.setKeyStoreStorePassPersistent(storePass);
+				else
+					config.setKeyStoreStorePassOverlay(storePass);
+			}
+			else if (config.getKeyStorePassStorageType() == KeyStorePassStorageType.MEMORY)
+				config.setKeyStoreStorePassOverlay(storePass);
+
+			/* next, try to load the key from the now-unlocked keystore */
+			String alias = config.getKeyStoreAlias();
+			Key key = null;
 			String keyPass = config.getKeyStoreKeyPass();
-			if (keyPass == null) {
-				PasswordInputDialog pwd = new PasswordInputDialog(
-						getStateMachine().getMainShell(),
-						Messages.getString("keystore_config.KeystoreKeyPass"),
-						Messages.getString("keystore.KeystoreKeyPassEntry"));
-				keyPass = pwd.open();
+			while (key == null) {
+				if (keyPass == null) {
+					PasswordInputDialog pwd = new PasswordInputDialog(
+							getStateMachine().getMainShell(),
+							Messages.getString("keystore_config.KeystoreKeyPass"),
+							Messages.getString("keystore.KeystoreKeyPassEntry"));
+					keyPass = pwd.open();
+					if (keyPass == null)
+					{
+						this.setNextState(new BKUSelectionState(getStateMachine()));
+						return;
+					}
+				}
+
+				try {
+					key = keyStore.getKey(alias, keyPass.toCharArray());
+					if (key == null) /* alias does not exist */
+					{
+						if (!askShouldRetry("error.KeyStoreAliasExist", alias))
+						{
+							this.setNextState(new BKUSelectionState(getStateMachine()));
+							return;
+						}
+						continue;
+					}
+				} catch (UnrecoverableKeyException e) {
+					showError("error.KeyStoreKeyPass");
+					keyPass = null;
+				} catch (Exception e) {
+					throw new SignatureException("Failed to load key from store", e);
+				}
 			}
-			String type = config.getKeyStoreType();
+
+			if (config.getKeyStorePassStorageType() == KeyStorePassStorageType.DISK)
+			{
+				if (file.equals(config.getKeyStoreFilePersistent()))
+					config.setKeyStoreKeyPassPersistent(keyPass);
+				else
+					config.setKeyStoreKeyPassOverlay(keyPass);
+			}
+			else if (config.getKeyStorePassStorageType() == KeyStorePassStorageType.MEMORY)
+				config.setKeyStoreKeyPassOverlay(keyPass);
+
 			signingState.setKSSigner(file, alias, storePass, keyPass, type);
 		} catch (SignatureException e) {
 			log.error("Error loading keystore", e);
author	Jakob Heher <jakob.heher@iaik.tugraz.at>	2022-07-08 13:42:20 +0200
committer	Jakob Heher <jakob.heher@iaik.tugraz.at>	2022-07-08 13:42:20 +0200
commit	b3ae550f4196dfc7b3b45739a04c5b1ae1859623 (patch)
tree	599876d3b3552cf9208792a9ff2f52df3c4bde32 /pdf-over-gui/src/main/java/at/asit/pdfover/gui/workflow
parent	486692a4cf587739481db3668268c3cd41070a76 (diff)
download	pdf-over-b3ae550f4196dfc7b3b45739a04c5b1ae1859623.tar.gz pdf-over-b3ae550f4196dfc7b3b45739a04c5b1ae1859623.tar.bz2 pdf-over-b3ae550f4196dfc7b3b45739a04c5b1ae1859623.zip