1 | |
|
2 | |
|
3 | |
|
4 | |
|
5 | |
|
6 | |
|
7 | |
|
8 | |
|
9 | |
|
10 | |
|
11 | |
package org.mule.extras.pgp.filters; |
12 | |
|
13 | |
import org.mule.MuleManager; |
14 | |
import org.mule.config.i18n.CoreMessages; |
15 | |
import org.mule.extras.pgp.PGPAuthentication; |
16 | |
import org.mule.extras.pgp.PGPCryptInfo; |
17 | |
import org.mule.extras.pgp.PGPKeyRing; |
18 | |
import org.mule.extras.pgp.i18n.PGPMessages; |
19 | |
import org.mule.impl.MuleMessage; |
20 | |
import org.mule.impl.RequestContext; |
21 | |
import org.mule.impl.security.AbstractEndpointSecurityFilter; |
22 | |
import org.mule.umo.UMOEncryptionStrategy; |
23 | |
import org.mule.umo.UMOEvent; |
24 | |
import org.mule.umo.UMOMessage; |
25 | |
import org.mule.umo.lifecycle.InitialisationException; |
26 | |
import org.mule.umo.security.UMOAuthentication; |
27 | |
import org.mule.umo.security.UMOSecurityContext; |
28 | |
import org.mule.umo.security.UnauthorisedException; |
29 | |
import org.mule.umo.security.UnknownAuthenticationTypeException; |
30 | |
|
31 | |
import java.io.ByteArrayInputStream; |
32 | |
import java.util.Collection; |
33 | |
|
34 | |
import cryptix.message.LiteralMessage; |
35 | |
import cryptix.message.Message; |
36 | |
import cryptix.message.MessageFactory; |
37 | |
import cryptix.message.SignedMessage; |
38 | |
import cryptix.pki.KeyBundle; |
39 | |
import org.apache.commons.logging.Log; |
40 | |
import org.apache.commons.logging.LogFactory; |
41 | |
|
42 | 0 | public class PGPSecurityFilter extends AbstractEndpointSecurityFilter |
43 | |
{ |
44 | |
|
45 | |
|
46 | |
|
47 | 0 | protected static final Log logger = LogFactory.getLog(PGPSecurityFilter.class); |
48 | |
|
49 | |
private UMOEncryptionStrategy strategy; |
50 | |
|
51 | |
private String strategyName; |
52 | |
|
53 | |
private boolean signRequired; |
54 | |
|
55 | |
private PGPKeyRing keyManager; |
56 | |
|
57 | |
|
58 | |
|
59 | |
|
60 | |
|
61 | |
|
62 | |
protected void authenticateInbound(UMOEvent event) |
63 | |
throws SecurityException, UnauthorisedException, UnknownAuthenticationTypeException |
64 | |
{ |
65 | 0 | UMOMessage message = event.getMessage(); |
66 | |
|
67 | 0 | String userId = (String)getCredentialsAccessor().getCredentials(event); |
68 | |
|
69 | 0 | byte[] creds = null; |
70 | |
|
71 | |
try |
72 | |
{ |
73 | 0 | creds = message.getPayloadAsBytes(); |
74 | 0 | creds = strategy.decrypt(creds, null); |
75 | |
} |
76 | 0 | catch (Exception e1) |
77 | |
{ |
78 | 0 | throw new UnauthorisedException( |
79 | |
CoreMessages.failedToReadPayload(), event.getMessage(), e1); |
80 | 0 | } |
81 | |
|
82 | |
UMOAuthentication authResult; |
83 | |
UMOAuthentication umoAuthentication; |
84 | |
|
85 | |
try |
86 | |
{ |
87 | 0 | umoAuthentication = new PGPAuthentication(userId, decodeMsgRaw(creds)); |
88 | |
} |
89 | 0 | catch (Exception e1) |
90 | |
{ |
91 | 0 | throw new UnauthorisedException( |
92 | |
CoreMessages.failedToReadPayload(), event.getMessage(), e1); |
93 | 0 | } |
94 | |
|
95 | |
try |
96 | |
{ |
97 | 0 | authResult = getSecurityManager().authenticate(umoAuthentication); |
98 | |
} |
99 | 0 | catch (Exception e) |
100 | |
{ |
101 | |
|
102 | 0 | if (logger.isDebugEnabled()) |
103 | |
{ |
104 | 0 | logger.debug("Authentication request for user: " + userId + " failed: " + e.toString()); |
105 | |
} |
106 | |
|
107 | 0 | throw new UnauthorisedException(CoreMessages.authFailedForUser(userId), event.getMessage(), e); |
108 | 0 | } |
109 | |
|
110 | |
|
111 | 0 | if (logger.isDebugEnabled()) |
112 | |
{ |
113 | 0 | logger.debug("Authentication success: " + authResult.toString()); |
114 | |
} |
115 | |
|
116 | 0 | UMOSecurityContext context = getSecurityManager().createSecurityContext(authResult); |
117 | 0 | event.getSession().setSecurityContext(context); |
118 | |
|
119 | |
try |
120 | |
{ |
121 | 0 | RequestContext.rewriteEvent(new MuleMessage( |
122 | |
getUnencryptedMessageWithoutSignature((PGPAuthentication)authResult))); |
123 | |
} |
124 | 0 | catch (Exception e2) |
125 | |
{ |
126 | 0 | throw new UnauthorisedException(event.getMessage(), context, event.getEndpoint(), this); |
127 | 0 | } |
128 | 0 | } |
129 | |
|
130 | |
private Message decodeMsgRaw(byte[] raw) throws Exception |
131 | |
{ |
132 | 0 | MessageFactory mf = MessageFactory.getInstance("OpenPGP"); |
133 | |
|
134 | 0 | ByteArrayInputStream in = new ByteArrayInputStream(raw); |
135 | |
|
136 | 0 | Collection msgs = mf.generateMessages(in); |
137 | |
|
138 | 0 | return (Message)msgs.iterator().next(); |
139 | |
} |
140 | |
|
141 | |
private String getUnencryptedMessageWithoutSignature(PGPAuthentication auth) throws Exception |
142 | |
{ |
143 | 0 | Message msg = (Message)auth.getCredentials(); |
144 | |
|
145 | 0 | if (msg instanceof SignedMessage) |
146 | |
{ |
147 | 0 | msg = ((SignedMessage)msg).getContents(); |
148 | |
} |
149 | |
|
150 | 0 | if (msg instanceof LiteralMessage) |
151 | |
{ |
152 | 0 | return ((LiteralMessage)msg).getTextData(); |
153 | |
} |
154 | |
else |
155 | |
{ |
156 | 0 | throw new Exception("Wrong data"); |
157 | |
} |
158 | |
} |
159 | |
|
160 | |
|
161 | |
|
162 | |
|
163 | |
|
164 | |
|
165 | |
protected void authenticateOutbound(UMOEvent event) throws SecurityException, UnauthorisedException |
166 | |
{ |
167 | 0 | logger.debug("authenticateOutbound:" + event.getId()); |
168 | |
|
169 | 0 | if (!isAuthenticate()) |
170 | |
{ |
171 | 0 | return; |
172 | |
} |
173 | |
|
174 | 0 | UMOMessage message = event.getMessage(); |
175 | |
|
176 | 0 | KeyBundle userKeyBundle = keyManager.getKeyBundle((String)getCredentialsAccessor().getCredentials( |
177 | |
event)); |
178 | |
|
179 | 0 | PGPCryptInfo cryptInfo = new PGPCryptInfo(userKeyBundle, signRequired); |
180 | |
|
181 | 0 | byte[] msg = null; |
182 | |
|
183 | |
try |
184 | |
{ |
185 | 0 | msg = message.getPayloadAsBytes(); |
186 | 0 | msg = strategy.encrypt(msg, cryptInfo); |
187 | |
} |
188 | 0 | catch (Exception e1) |
189 | |
{ |
190 | 0 | throw new UnauthorisedException(CoreMessages.failedToReadPayload(), event.getMessage(), e1); |
191 | 0 | } |
192 | |
|
193 | |
try |
194 | |
{ |
195 | 0 | String mesg = new String(msg); |
196 | 0 | RequestContext.rewriteEvent(new MuleMessage(mesg)); |
197 | 0 | logger.debug("Message:" + mesg); |
198 | |
} |
199 | 0 | catch (Exception e2) |
200 | |
{ |
201 | 0 | throw new UnauthorisedException(event.getMessage(), event.getSession().getSecurityContext(), |
202 | |
event.getEndpoint(), this); |
203 | 0 | } |
204 | 0 | } |
205 | |
|
206 | |
protected void doInitialise() throws InitialisationException |
207 | |
{ |
208 | 0 | if (strategyName != null) |
209 | |
{ |
210 | 0 | strategy = MuleManager.getInstance().getSecurityManager().getEncryptionStrategy(strategyName); |
211 | |
} |
212 | |
|
213 | 0 | if (strategy == null) |
214 | |
{ |
215 | 0 | throw new InitialisationException(PGPMessages.encryptionStrategyNotSet(), this); |
216 | |
} |
217 | 0 | } |
218 | |
|
219 | |
public UMOEncryptionStrategy getStrategy() |
220 | |
{ |
221 | 0 | return strategy; |
222 | |
} |
223 | |
|
224 | |
public void setStrategy(UMOEncryptionStrategy strategy) |
225 | |
{ |
226 | 0 | this.strategy = strategy; |
227 | 0 | } |
228 | |
|
229 | |
public void setStrategyName(String name) |
230 | |
{ |
231 | 0 | strategyName = name; |
232 | 0 | } |
233 | |
|
234 | |
public boolean isSignRequired() |
235 | |
{ |
236 | 0 | return signRequired; |
237 | |
} |
238 | |
|
239 | |
public void setSignRequired(boolean signRequired) |
240 | |
{ |
241 | 0 | this.signRequired = signRequired; |
242 | 0 | } |
243 | |
|
244 | |
public PGPKeyRing getKeyManager() |
245 | |
{ |
246 | 0 | return keyManager; |
247 | |
} |
248 | |
|
249 | |
public void setKeyManager(PGPKeyRing keyManager) |
250 | |
{ |
251 | 0 | this.keyManager = keyManager; |
252 | 0 | } |
253 | |
} |