Support different PINs, forced batch signing and live settings updates #342
Conversation
| this.driverDetector = driverDetector; | ||
| this.slotId = slotId; | ||
| this.shouldDisplayVisualizationError = shouldDisplayVisualizationError; | ||
| this.tspSource = tspSource; | ||
| this.passwordManager = new PasswordManager(ui, this.settings); |
There was a problem hiding this comment.
Tu uz password manager dostava svoje settings. Aby to boli "uzke" rozhrania, tak dostava ako parameter interface PasswordManagerSettings, kde su len pre neho relevantne nastavenia (ziadne settery). Ocakavanie je, ze "horny" settings bude implementovat vsetky potrebne "slize" settings a posielat ich dole ako cely settings.
src/main/java/digital/slovensko/autogram/core/PasswordManager.java
Outdated
Show resolved
Hide resolved
| package digital.slovensko.autogram.core; | ||
|
|
||
| public interface PasswordManagerSettings { | ||
| boolean cacheContextSpecificPasswordEnabled(); |
There was a problem hiding this comment.
Toto je to "uzke" rozhranie.
| return true; // TODO | ||
| } | ||
|
|
||
| @Override | ||
| public boolean forceContextSpecificLoginEnabled() { | ||
| return true; // TODO | ||
| } | ||
|
|
||
|
|
||
| public int getSlotId() { | ||
| return slotId; |
There was a problem hiding this comment.
Tu budu vsetky mozne nastavovacky - malo by to vo finale byt vlastne existujuce UserSettings s tym, ze sa to moze v case menit (tam su tie nastavenia z nejakeho dovodu immutable).
| @@ -57,22 +59,28 @@ private void runContextSpecificLoginIfNeeded(Signature signature, PrivateKey pk) | |||
| // TODO cache & short-circuit | |||
| var p11 = getP11(signature); | |||
| var sessionId = getSessionId(signature); | |||
| var keyID = getKeyID(pk); | |||
There was a problem hiding this comment.
Toto som strcil do isAlwaysAuthenticate aby to zbytocne nevolalo nejaku pomalu kartovu operaciu ak tam je ten force parameter true (co casto bude).
| } catch (PKCS11Exception e) { | ||
| if (e.getMessage().equals("CKR_PIN_INCORRECT")) | ||
| throw new KeyPinDifferentFromTokenPinException(e); |
| @Override | ||
| public char[] getKeystorePassword() { | ||
| return System.console().readPassword("Enter keystore password (hidden): "); | ||
| } | ||
|
|
||
| public char[] getContextSpecificPassword() { | ||
| return System.console().readPassword("Enter key password (hidden): "); | ||
| } |
There was a problem hiding this comment.
@celuchmarek toto treba vyskusat ci zafunguje
| var futurePassword = new FutureTask<>(() -> { | ||
| var controller = new PasswordController("Aký je kód k úložisku klúčov?", "Zadajte kód k úložisku klúčov.", false); | ||
| var root = GUIUtils.loadFXML(controller, "password-dialog.fxml"); | ||
|
|
||
| var stage = new Stage(); | ||
| stage.setTitle("Načítanie klúčov z úložiska"); | ||
| stage.setScene(new Scene(root)); | ||
| stage.setOnCloseRequest(e -> { | ||
| refreshKeyOnAllJobs(); | ||
| enableSigningOnAllJobs(); | ||
| }); | ||
| stage.setResizable(false); | ||
| stage.initModality(Modality.APPLICATION_MODAL); | ||
| stage.showAndWait(); | ||
|
|
||
| return controller.getPassword(); | ||
| }); | ||
|
|
||
| Platform.runLater(futurePassword); | ||
|
|
||
| try { | ||
| return futurePassword.get(); |
There was a problem hiding this comment.
Toto je to najvacsie kuzlo. Vyrobi to nejaky "async" task, ktory vsak spravi ako blokujuci cez stage.showAndWait, ktory caka az kym sa to okno zatvori. To okno nastavuje password field na controlleri, ktore si potom vytiahnem a vratim z future.
future sa vsak automaticky nespustale ale zavola sa cez platform.runlater (na inom vlakne niekedy neskor). nasledne futurepassword.get je blokujuca operacia az kym sa nevykona ten future (v tomto pripade ked zadas heslo alebo zavries okno)
| } | ||
|
|
||
|
|
||
| public char[] getContextSpecificPassword() { |
There was a problem hiding this comment.
To iste pre ctx specific password len ine nastavenie dialogu.
| @@ -33,10 +58,19 @@ public void onPasswordAction() { | |||
| formGroup.getScene().getWindow().sizeToScene(); | |||
| passwordField.requestFocus(); | |||
| } else { | |||
| this.password = passwordField.getText().toCharArray(); | |||
There was a problem hiding this comment.
Tu by sa patrilo tiez zmaznut ten text.
jsuchal
changed the title
src/main/java/digital/slovensko/autogram/drivers/PKCS12KeystoreTokenDriver.java
Outdated
Show resolved
Hide resolved
| () -> Collections.singletonList(params.getDriver()) | ||
| : new DefaultDriverDetector("", false), | ||
| params.getSlotId(), params.getTspSource()); | ||
| var settings = CliSettings.fromCmd(cmd); |
There was a problem hiding this comment.
Toto som dost prekopal, ale neviem to uplne spustit 😅 cize toto by si mohol skusit pretestovat? @celuchmarek
V podstate som uplne vyrazil tie CliParameters a vyrobil len CliSettings, ktora cosi naviac dava oproti beznemu UserSettings.
| private boolean shouldMakeParentDirectories; | ||
|
|
||
| public static CliSettings fromCmd(CommandLine cmd) { | ||
| var settings = new CliSettings(); |
There was a problem hiding this comment.
Do velkej miery len copy&paste a vyuziva to nastavovanie settings
There was a problem hiding this comment.
Toto som si predstavoval trochu inak. Teraz máme UserSettings nad týmto, ktoré majú aj nejaké save a load metódy a môžu mať aj iné parametre. Ja by som radšej spravil interface/abstract class AutogramSettings a ten by bol implementovaný v UserSettings aj CLISettings osobitne. A môže ostať, že interface/abstract class AutogramSettings by implementovali tie tri nové interfaces, čo si vyrobil.
There was a problem hiding this comment.
Ano, to bol dalsi krok, ktory som uz vcera nezvladol vecer lebo tie settings su zrele na upratovanie lebo aj nazvy su tam vselijake halabala is/has/should/_Enabled
src/main/java/digital/slovensko/autogram/ui/gui/SettingsDialogController.java
Show resolved
Hide resolved
src/main/java/digital/slovensko/autogram/drivers/NativePkcs11SignatureToken.java
Outdated
Show resolved
Hide resolved
src/main/java/digital/slovensko/autogram/drivers/NativePkcs11SignatureToken.java
Outdated
Show resolved
Hide resolved
Toto vyzera pomerne tucne, ale az tak velmi sa tam v skutocnosti nezmenilo.
Hlavne kuzla sa deju v
NativePkcs11SignatureTokena do konstruktorov vchadzaju nove veci akoPasswordManager, ktory cachuje ak to ma v settings.Viac komentov ku kodu je napisanych priamo kde to je relevantne.