/** * * @param keystorePersistence * @param keyStoreAccess bei Passworte muessen gesetzt sein * @return */ public static KeySource getForPrivateKey(KeystorePersistence keystorePersistence, KeyStoreAccess keyStoreAccess) { LOGGER.debug("get keysource for private key of " + keyStoreAccess.getKeyStorePath()); KeyStore userKeystore = keystorePersistence.loadKeystore(keyStoreAccess.getKeyStorePath().getObjectHandle(), keyStoreAccess.getKeyStoreAuth().getReadStoreHandler()); KeySource keySource = new KeyStoreBasedPrivateKeySourceImpl(userKeystore, keyStoreAccess.getKeyStoreAuth().getReadKeyPassword()); return keySource; }
private KeyStoreAccess getKeyStoreAccess(UserIDAuth userIDAuth) { BucketPath keyStorePath = UserIDUtil.getKeyStorePath(userIDAuth.getUserID()); KeyStoreAuth keyStoreAuth = UserIDUtil.getKeyStoreAuth(userIDAuth); KeyStoreAccess keyStoreAccess = new KeyStoreAccess(keyStorePath, keyStoreAuth); return keyStoreAccess; }
private void deleteGuardForBucket(KeyStoreAccess keyStoreAccess, DocumentKeyIDWithKeyAndAccessType documentKeyIDWithKeyAndAccessType, BucketDirectory documentDirectory ) { LOGGER.debug("start delete guard for " + documentDirectory); BucketPath documentGuardFileBucketPath = DocumentGuardLocation.getBucketPathOfGuard(keyStoreAccess.getKeyStorePath(), documentKeyIDWithKeyAndAccessType.getDocumentKeyIDWithKey().getDocumentKeyID()); bucketService.deletePlainFile(documentGuardFileBucketPath); GuardUtil.deleteBucketGuardKeyFile(bucketService, keyStoreAccess.getKeyStorePath().getBucketDirectory(), documentDirectory); LOGGER.debug("finished delete guard for " + documentDirectory); }
private DocumentKeyIDWithKeyAndAccessType loadCachedOrRealDocumentKeyIDWithKeyAndAccessTypeFromDocumentGuard(KeyStoreAccess keyStoreAccess, DocumentKeyID documentKeyID) { DocumentKeyIDWithKeyAndAccessType fromCache = get(keyStoreAccess, documentKeyID); if (fromCache != null) { return fromCache; } DocumentKeyIDWithKeyAndAccessType documentKeyIDWithKeyAndAccessType = documentGuardService.loadDocumentKeyIDWithKeyAndAccessTypeFromDocumentGuard(keyStoreAccess, documentKeyID); DocumentGuardCache documentGuardCache = docusafeCacheWrapper != null ? docusafeCacheWrapper.getDocumentGuardCache() : null; if (documentGuardCache != null) { String cacheKey = DocumentGuardCache.cacheKeyToString(keyStoreAccess, documentKeyID); documentGuardCache.put(cacheKey, new PasswordAndDocumentKeyIDWithKeyAndAccessType(keyStoreAccess.getKeyStoreAuth().getReadKeyPassword(), documentKeyIDWithKeyAndAccessType)); LOGGER.debug("AAA insert document key for cache key " + cacheKey); } return documentKeyIDWithKeyAndAccessType; }
private DocumentKeyID createAsymmetricGuardForBucket(KeyStoreAccess keyStoreAccess, DocumentKeyIDWithKeyAndAccessType documentKeyIDWithKeyAndAccessType, BucketDirectory documentDirectory, OverwriteFlag overwriteFlag) { LOGGER.debug("start create asymmetric guard for " + documentDirectory + " " + keyStoreAccess.getKeyStorePath().getBucketDirectory()); createCachedDocumentGuardFor(GuardKeyType.PUBLIC_KEY, keyStoreAccess, documentKeyIDWithKeyAndAccessType, overwriteFlag); GuardUtil.saveBucketGuardKeyFile(bucketService, keyStoreAccess.getKeyStorePath().getBucketDirectory(), documentDirectory, documentKeyIDWithKeyAndAccessType.getDocumentKeyIDWithKey().getDocumentKeyID()); LOGGER.debug("finished create asymmetric guard for " + documentDirectory + " " + keyStoreAccess.getKeyStorePath().getBucketDirectory()); return documentKeyIDWithKeyAndAccessType.getDocumentKeyIDWithKey().getDocumentKeyID(); }
@Override public DocumentKeyIDWithKeyAndAccessType get(KeyStoreAccess keyStoreAccess, DocumentKeyID documentKeyID) { DocumentGuardCache documentGuardCache = docusafeCacheWrapper != null ? docusafeCacheWrapper.getDocumentGuardCache() : null; if (documentGuardCache != null) { String cacheKey = DocumentGuardCache.cacheKeyToString(keyStoreAccess, documentKeyID); PasswordAndDocumentKeyIDWithKeyAndAccessType passwordAndDocumentKeyIDWithKeyAndAccessTypeFromCache = documentGuardCache.get(cacheKey); if (passwordAndDocumentKeyIDWithKeyAndAccessTypeFromCache != null) { if (passwordAndDocumentKeyIDWithKeyAndAccessTypeFromCache.getReadKeyPassword().equals(keyStoreAccess.getKeyStoreAuth().getReadKeyPassword())) { LOGGER.debug("AAA return document key for cache key " + cacheKey); return documentGuardCache.get(cacheKey).getDocumentKeyIDWithKeyAndAccessType(); } // Password war falsch, wir lassen den Aufrufer abtauchen und die original Exception erhalten documentGuardCache.remove(cacheKey); } } return null; }
static String cacheKeyToString(KeyStoreAccess keyStoreAccess, DocumentKeyID documentKeyID) { return keyStoreAccess.getKeyStoreAuth().getReadStorePassword() + " " + keyStoreAccess.getKeyStorePath().toString() + " " + documentKeyID.toString(); }
private DocumentKeyIDWithKeyAndAccessType getDocumentKeyIDwithKeyForBucketPath(UserIDAuth userIDAuth, BucketDirectory documentDirectory) { LOGGER.debug("get key for " + documentDirectory); KeyStoreAccess keyStoreAccess = getKeyStoreAccess(userIDAuth); DocumentKeyID documentKeyID = GuardUtil.loadBucketGuardKeyFile(bucketService, keyStoreAccess.getKeyStorePath().getBucketDirectory(), documentDirectory); DocumentKeyIDWithKeyAndAccessType documentKeyIDWithKeyAndAccessType = loadCachedOrRealDocumentKeyIDWithKeyAndAccessTypeFromDocumentGuard(keyStoreAccess, documentKeyID); LOGGER.debug("found " + documentKeyIDWithKeyAndAccessType + " for " + documentDirectory); return documentKeyIDWithKeyAndAccessType; }
void createCachedDocumentGuardFor(GuardKeyType guardKeyType, KeyStoreAccess keyStoreAccess, DocumentKeyIDWithKeyAndAccessType documentKeyIDWithKeyAndAccessType, OverwriteFlag overwriteFlag) { documentGuardService.createDocumentGuardFor(guardKeyType, keyStoreAccess, documentKeyIDWithKeyAndAccessType, overwriteFlag); DocumentGuardCache documentGuardCache = docusafeCacheWrapper != null ? docusafeCacheWrapper.getDocumentGuardCache() : null; if (documentGuardCache != null) { String cacheKey = DocumentGuardCache.cacheKeyToString(keyStoreAccess, documentKeyIDWithKeyAndAccessType.getDocumentKeyIDWithKey().getDocumentKeyID()); if (guardKeyType.equals(GuardKeyType.PUBLIC_KEY)) { // Wenn es sich um den public key handelt, dann kennen wir das Passwort nicht, da es nicht unser KeyStore ist. // dann können wir den Eintrag nur löschen, aber nicht speichern. // löschen, damit ein alter Eintrag mit anderem AccessType ggf. gelöscht wird. // Nicht speichern, damit beim ersten Lesen der Eintrag gecached wird und dann mit Password. deleteCacheKey(keyStoreAccess, documentKeyIDWithKeyAndAccessType.getDocumentKeyIDWithKey().getDocumentKeyID()); } else { documentGuardCache.put(cacheKey, new PasswordAndDocumentKeyIDWithKeyAndAccessType(keyStoreAccess.getKeyStoreAuth().getReadKeyPassword(), documentKeyIDWithKeyAndAccessType)); } } }
BucketPath keyStorePath = UserIDUtil.getKeyStorePath(userIDAuth.getUserID()); keyStoreService.createKeyStore(keyStoreAuth, KeyStoreType.DEFAULT, keyStorePath, null); keyStoreAccess = new KeyStoreAccess(keyStorePath, keyStoreAuth);
public static PublicKeyJWK getPublicKeyJWK(KeystorePersistence keystorePersistence, KeyStoreAccess keyStoreAccess){ LOGGER.debug("get keysource for public key of " + keyStoreAccess.getKeyStorePath()); KeyStore userKeystore = keystorePersistence.loadKeystore(keyStoreAccess.getKeyStorePath().getObjectHandle(), keyStoreAccess.getKeyStoreAuth().getReadStoreHandler()); JWKSet exportKeys = load(userKeystore, null); LOGGER.debug("number of public keys found:" + exportKeys.getKeys().size()); List<JWK> encKeys = selectEncKeys(exportKeys); if (encKeys.isEmpty()) { throw new AsymmetricEncryptionException("did not find any public keys in keystore " + keyStoreAccess.getKeyStorePath()); } return new PublicKeyJWK(JwkExport.randomKey(encKeys)); }
private DocumentKeyIDWithKeyAndAccessType getOrCreateDocumentKeyIDwithKeyForBucketPath(UserIDAuth userIDAuth, BucketDirectory documentDirectory, AccessType accessType) { LOGGER.debug("search key for " + documentDirectory); KeyStoreAccess keyStoreAccess = getKeyStoreAccess(userIDAuth); DocumentKeyID documentKeyID = loadCachedDocumentKeyIDForDocumentDirectory(documentDirectory); if (documentKeyID == null) { documentKeyID = GuardUtil.tryToLoadBucketGuardKeyFile(bucketService, keyStoreAccess.getKeyStorePath().getBucketDirectory(), documentDirectory); } if (documentKeyID == null) { documentKeyID = createSymmetricGuardForBucket(keyStoreAccess, documentDirectory, accessType); } cacheDocumentKeyIDForDocumentDirectory(documentDirectory, documentKeyID); DocumentKeyIDWithKeyAndAccessType documentKeyIDWithKeyAndAccessType = loadCachedOrRealDocumentKeyIDWithKeyAndAccessTypeFromDocumentGuard(keyStoreAccess, documentKeyID); LOGGER.debug("found " + documentKeyIDWithKeyAndAccessType + " for " + documentDirectory); return documentKeyIDWithKeyAndAccessType; }
/** * * @param keystorePersistence * @param keyStoreAccess bei Passworte muessen gesetzt sein * @return */ public static KeySourceAndKeyID getForSecretKey(KeystorePersistence keystorePersistence, KeyStoreAccess keyStoreAccess) { LOGGER.debug("get keysource for secret key of " + keyStoreAccess.getKeyStorePath()); // KeyStore laden KeyStore userKeystore = keystorePersistence.loadKeystore(keyStoreAccess.getKeyStorePath().getObjectHandle(), keyStoreAccess.getKeyStoreAuth().getReadStoreHandler()); KeySource keySource = new KeyStoreBasedSecretKeySourceImpl(userKeystore, keyStoreAccess.getKeyStoreAuth().getReadKeyHandler()); // Willkürlich einen SecretKey aus dem KeyStore nehmen für die Verschlüsselung des Guards JWKSet jwkSet = JwkExport.exportKeys(userKeystore, keyStoreAccess.getKeyStoreAuth().getReadKeyHandler()); if (jwkSet.getKeys().isEmpty()) { throw new SymmetricEncryptionException("did not find any secret keys in keystore with id: " + keyStoreAccess.getKeyStorePath()); } ServerKeyMap serverKeyMap = new ServerKeyMap(jwkSet); KeyAndJwk randomSecretKey = serverKeyMap.randomSecretKey(); KeyID keyID = new KeyID(randomSecretKey.jwk.getKeyID()); return new KeySourceAndKeyID(keySource, keyID); }
/** * Es wird extra nur die KeyID zurückgegeben. Damit der Zugriff auf den Key wirklich über den * KeyStore erfolgt und damit dann auch getestet ist. */ private DocumentKeyID createSymmetricGuardForBucket(KeyStoreAccess keyStoreAccess, BucketDirectory documentDirectory, AccessType accessType) { LOGGER.debug("start create new guard for " + documentDirectory); DocumentKeyIDWithKeyAndAccessType documentKeyIDWithKeyAndAccessType = new DocumentKeyIDWithKeyAndAccessType(documentGuardService.createDocumentKeyIdWithKey(), accessType); createCachedDocumentGuardFor(GuardKeyType.SECRET_KEY, keyStoreAccess, documentKeyIDWithKeyAndAccessType, OverwriteFlag.FALSE); GuardUtil.saveBucketGuardKeyFile(bucketService, keyStoreAccess.getKeyStorePath().getBucketDirectory(), documentDirectory, documentKeyIDWithKeyAndAccessType.getDocumentKeyIDWithKey().getDocumentKeyID()); LOGGER.debug("finished create new guard for " + documentDirectory); return documentKeyIDWithKeyAndAccessType.getDocumentKeyIDWithKey().getDocumentKeyID(); }
/** * * @param keystorePersistence * @param keyStoreAccess Muss nur das ReadStorePassword enthalten. ReadKeyPassword darf null sein * @return */ public static KeySourceAndKeyID getForPublicKey(KeystorePersistence keystorePersistence, KeyStoreAccess keyStoreAccess) { LOGGER.debug("get keysource for public key of " + keyStoreAccess.getKeyStorePath()); KeyStore userKeystore = keystorePersistence.loadKeystore(keyStoreAccess.getKeyStorePath().getObjectHandle(), keyStoreAccess.getKeyStoreAuth().getReadStoreHandler()); JWKSet exportKeys = load(userKeystore, null); LOGGER.debug("number of public keys found:" + exportKeys.getKeys().size()); List<JWK> encKeys = selectEncKeys(exportKeys); if (encKeys.isEmpty()) { throw new AsymmetricEncryptionException("did not find any public keys in keystore " + keyStoreAccess.getKeyStorePath()); } JWK randomKey = JwkExport.randomKey(encKeys); KeyID keyID = new KeyID(randomKey.getKeyID()); KeySource keySource = new KeyStoreBasedPublicKeySourceImpl(exportKeys); return new KeySourceAndKeyID(keySource, keyID); }
DocumentKeyID documentKeyID = GuardUtil.tryToLoadBucketGuardKeyFile(bucketService, keyStoreAccess.getKeyStorePath().getBucketDirectory(), documentDirectory); if (documentKeyID == null) { throw new UserIDDoesNotExistException(userIDAuth.getUserID());