mirrors/cryptomator
1
0
Fork 0
mirror of https://github.com/cryptomator/cryptomator.git synced 2026-05-19 19:21:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

regenerate keypair if .p12 _or_ keychain item is missing

Browse Source 
it used to depend only on the keychain item
This commit is contained in:
Sebastian Stenzel
2022-08-31 11:25:25 +02:00
parent 2448963161
commit 659123fe7a
1 changed files with 10 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/main/java/org/cryptomator/common/settings/DeviceKey.java
View File

@@ -2,7 +2,6 @@ package org.cryptomator.common.settings;
import com.google.common.base.Preconditions;
import com.google.common.base.Suppliers;
import com.google.common.io.BaseEncoding;
import org.cryptomator.common.Environment;
import org.cryptomator.common.keychain.KeychainManager;
import org.cryptomator.cryptolib.common.P384KeyPair;
@@ -16,6 +15,7 @@ import javax.inject.Singleton;
import java.io.IOException;
import java.nio.CharBuffer;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.UUID;
@@ -26,6 +26,7 @@ public class DeviceKey {
private static final Logger LOG = LoggerFactory.getLogger(DeviceKey.class);
private static final String KEYCHAIN_KEY = "cryptomator-device-p12";
private static final String KEYCHAIN_DISPLAY_NAME = "Cryptomator Device Keypair .p12 Passphrase";
private final KeychainManager keychainManager;
private final Environment env;
@@ -46,15 +47,16 @@ public class DeviceKey {
}
private P384KeyPair loadOrCreate() throws DeviceKeyRetrievalException {
Path p12File = env.getP12Path().findFirst().orElseThrow(() -> new DeviceKeyRetrievalException("No path for .p12 file configured"));
char[] passphrase = null;
try {
passphrase = keychainManager.loadPassphrase(KEYCHAIN_KEY);
if (passphrase != null) {
return loadExistingKeyPair(passphrase);
} else {
if (passphrase != null && Files.isRegularFile(p12File)) {
return loadExistingKeyPair(passphrase, p12File);
} else { // (re)generate new key pair if either file or password got lost
passphrase = randomPassword();
keychainManager.storePassphrase(KEYCHAIN_KEY, CharBuffer.wrap(passphrase));
return createAndStoreNewKeyPair(passphrase);
keychainManager.storePassphrase(KEYCHAIN_KEY, KEYCHAIN_DISPLAY_NAME, CharBuffer.wrap(passphrase));
return createAndStoreNewKeyPair(passphrase, p12File);
}
} catch (KeychainAccessException e) {
throw new DeviceKeyRetrievalException("Failed to access system keychain", e);
@@ -67,19 +69,12 @@ public class DeviceKey {
}
}
private P384KeyPair loadExistingKeyPair(char[] passphrase) throws IOException {
var p12File = env.getP12Path() //
.filter(Files::isRegularFile) //
.findFirst() //
.orElseThrow(() -> new DeviceKeyRetrievalException("Missing .p12 file"));
private P384KeyPair loadExistingKeyPair(char[] passphrase, Path p12File) throws IOException {
LOG.debug("Loading existing device key from {}", p12File);
return P384KeyPair.load(p12File, passphrase);
}
private P384KeyPair createAndStoreNewKeyPair(char[] passphrase) throws IOException {
var p12File = env.getP12Path() //
.findFirst() //
.orElseThrow(() -> new DeviceKeyRetrievalException("No path for .p12 file configured"));
private P384KeyPair createAndStoreNewKeyPair(char[] passphrase, Path p12File) throws IOException {
var keyPair = P384KeyPair.generate();
LOG.debug("Store new device key to {}", p12File);
keyPair.store(p12File, passphrase);