}
log.info("Checking for existing password-recovery key");
{
Crypter crypter = null;
GenericKeyczar store = keyczarFactory.find(Secrets.KEY_FORGOT_PASSWORD_PUBLIC, crypter);
if (store != null) {
// TODO: Should we allow key rotation? Replacement?
log.info("Password-recovery key already exists");
return;
}
}
log.info("Creating password recovery key");
String nameFlag = "Password recovery keystore";
String metadata = null;
{
path.mkdirs();
KeyczarFileReader store = new KeyczarFileReader(path.getAbsolutePath());
try {
metadata = store.getMetadata();
} catch (Exception e) {
log.info("Metadata not found");
}
if (metadata == null) {
KeyMetadata kmd = new KeyMetadata(nameFlag, KeyPurpose.DECRYPT_AND_ENCRYPT, DefaultKeyType.RSA_PRIV);
GenericKeyczar.create(store, kmd);
}
}
{
KeyczarFileReader store = new KeyczarFileReader(path.getAbsolutePath());
GenericKeyczar keyczar = new GenericKeyczar(store);
for (KeyVersion version : keyczar.getVersions()) {
log.info("Local password recovery key already exists; exiting for safety");
return;
}
KeyParameters keyParameters = DefaultKeyType.RSA_PRIV.applyDefaultParameters(new RsaKeyParameters() {
@Override
public int getKeySize() throws KeyczarException {
return 4096;
}
@Override
public RsaPadding getRsaPadding() throws KeyczarException {
// Use default
return null;
}
});
keyczar.addVersion(KeyStatus.PRIMARY, keyParameters);
keyczar.write();
log.info("Storing public key in zookeeper");
keyczarFactory.publicKeyExport(Secrets.KEY_FORGOT_PASSWORD_PUBLIC, keyczar);