1 | |
|
2 | |
|
3 | |
|
4 | |
|
5 | |
|
6 | |
|
7 | |
|
8 | |
|
9 | |
|
10 | |
|
11 | |
package org.mule.umo.security.tls; |
12 | |
|
13 | |
import org.mule.config.i18n.CoreMessages; |
14 | |
import org.mule.umo.lifecycle.InitialisationException; |
15 | |
import org.mule.umo.security.TlsDirectKeyStore; |
16 | |
import org.mule.umo.security.TlsDirectTrustStore; |
17 | |
import org.mule.umo.security.TlsIndirectKeyStore; |
18 | |
import org.mule.umo.security.provider.AutoDiscoverySecurityProviderFactory; |
19 | |
import org.mule.umo.security.provider.SecurityProviderFactory; |
20 | |
import org.mule.umo.security.provider.SecurityProviderInfo; |
21 | |
import org.mule.util.FileUtils; |
22 | |
import org.mule.util.IOUtils; |
23 | |
|
24 | |
import java.io.FileNotFoundException; |
25 | |
import java.io.IOException; |
26 | |
import java.io.InputStream; |
27 | |
import java.security.KeyManagementException; |
28 | |
import java.security.KeyStore; |
29 | |
import java.security.NoSuchAlgorithmException; |
30 | |
import java.security.Provider; |
31 | |
import java.security.Security; |
32 | |
|
33 | |
import javax.net.ssl.KeyManager; |
34 | |
import javax.net.ssl.KeyManagerFactory; |
35 | |
import javax.net.ssl.SSLContext; |
36 | |
import javax.net.ssl.SSLServerSocketFactory; |
37 | |
import javax.net.ssl.SSLSocketFactory; |
38 | |
import javax.net.ssl.TrustManager; |
39 | |
import javax.net.ssl.TrustManagerFactory; |
40 | |
|
41 | |
import org.apache.commons.logging.Log; |
42 | |
import org.apache.commons.logging.LogFactory; |
43 | |
|
44 | |
|
45 | |
|
46 | |
|
47 | |
|
48 | |
|
49 | |
|
50 | |
|
51 | |
|
52 | |
|
53 | |
|
54 | |
|
55 | |
|
56 | |
|
57 | |
|
58 | |
|
59 | |
|
60 | |
|
61 | |
|
62 | |
|
63 | |
|
64 | |
|
65 | |
|
66 | |
|
67 | |
|
68 | |
|
69 | |
|
70 | |
|
71 | |
|
72 | |
|
73 | |
|
74 | |
|
75 | |
|
76 | |
|
77 | |
|
78 | |
|
79 | |
|
80 | |
|
81 | |
|
82 | |
|
83 | |
|
84 | |
|
85 | |
|
86 | |
|
87 | |
|
88 | |
|
89 | |
|
90 | |
|
91 | |
|
92 | |
|
93 | |
|
94 | |
|
95 | |
|
96 | |
|
97 | |
|
98 | |
|
99 | |
|
100 | |
|
101 | |
|
102 | |
|
103 | |
|
104 | |
|
105 | |
|
106 | |
|
107 | |
|
108 | |
|
109 | |
|
110 | |
|
111 | |
public final class TlsConfiguration implements TlsDirectTrustStore, TlsDirectKeyStore, TlsIndirectKeyStore |
112 | |
{ |
113 | |
|
114 | |
public static final String DEFAULT_KEYSTORE = ".keystore"; |
115 | 0 | public static final String DEFAULT_KEYSTORE_TYPE = KeyStore.getDefaultType(); |
116 | |
public static final String DEFAULT_SSL_TYPE = "SSLv3"; |
117 | |
public static final String JSSE_NAMESPACE = "javax.net"; |
118 | |
|
119 | 0 | private Log logger = LogFactory.getLog(getClass()); |
120 | |
|
121 | 0 | private SecurityProviderFactory spFactory = new AutoDiscoverySecurityProviderFactory(); |
122 | 0 | private SecurityProviderInfo spInfo = spFactory.getSecurityProviderInfo(); |
123 | 0 | private Provider provider = spFactory.getProvider(); |
124 | 0 | private String sslType = DEFAULT_SSL_TYPE; |
125 | |
|
126 | |
|
127 | 0 | private String protocolHandler = spInfo.getProtocolHandler(); |
128 | |
|
129 | |
|
130 | |
|
131 | 0 | private String keyStoreName = DEFAULT_KEYSTORE; |
132 | 0 | private String keyPassword = null; |
133 | 0 | private String keyStorePassword = null; |
134 | 0 | private String keystoreType = DEFAULT_KEYSTORE_TYPE; |
135 | 0 | private String keyManagerAlgorithm = spInfo.getKeyManagerAlgorithm(); |
136 | 0 | private KeyManagerFactory keyManagerFactory = null; |
137 | |
|
138 | |
|
139 | |
|
140 | |
|
141 | |
|
142 | |
|
143 | 0 | private String clientKeyStoreName = null; |
144 | 0 | private String clientKeyStorePassword = null; |
145 | 0 | private String clientKeyStoreType = DEFAULT_KEYSTORE_TYPE; |
146 | |
|
147 | |
|
148 | |
|
149 | 0 | private String trustStoreName = null; |
150 | 0 | private String trustStorePassword = null; |
151 | 0 | private String trustStoreType = DEFAULT_KEYSTORE_TYPE; |
152 | 0 | private String trustManagerAlgorithm = spInfo.getKeyManagerAlgorithm(); |
153 | 0 | private TrustManagerFactory trustManagerFactory = null; |
154 | 0 | private boolean explicitTrustStoreOnly = false; |
155 | 0 | private boolean requireClientAuthentication = false; |
156 | |
|
157 | |
|
158 | |
|
159 | |
|
160 | |
|
161 | |
|
162 | |
public TlsConfiguration(String keyStore) |
163 | 0 | { |
164 | 0 | this.keyStoreName = keyStore; |
165 | 0 | } |
166 | |
|
167 | |
|
168 | |
|
169 | |
|
170 | |
|
171 | |
|
172 | |
|
173 | |
|
174 | |
|
175 | |
|
176 | |
public void initialise(boolean anon, String namespace) throws InitialisationException |
177 | |
{ |
178 | 0 | if (logger.isDebugEnabled()) |
179 | |
{ |
180 | 0 | logger.debug("initialising: anon " + anon); |
181 | |
} |
182 | 0 | validate(anon); |
183 | |
|
184 | 0 | Security.addProvider(provider); |
185 | 0 | System.setProperty("java.protocol.handler.pkgs", protocolHandler); |
186 | |
|
187 | 0 | if (!anon) |
188 | |
{ |
189 | 0 | initKeyManagerFactory(); |
190 | |
} |
191 | 0 | initTrustManagerFactory(); |
192 | |
|
193 | 0 | if (null != namespace) |
194 | |
{ |
195 | 0 | new TlsPropertiesMapper(namespace).writeToProperties(System.getProperties(), this); |
196 | |
} |
197 | 0 | } |
198 | |
|
199 | |
private void validate(boolean anon) throws InitialisationException |
200 | |
{ |
201 | 0 | assertNotNull(getProvider(), "The security provider cannot be null"); |
202 | 0 | if (!anon) |
203 | |
{ |
204 | 0 | assertNotNull(getKeyStore(), "The KeyStore location cannot be null"); |
205 | 0 | assertNotNull(getKeyPassword(), "The Key password cannot be null"); |
206 | 0 | assertNotNull(getStorePassword(), "The KeyStore password cannot be null"); |
207 | 0 | assertNotNull(getKeyManagerAlgorithm(), "The Key Manager Algorithm cannot be null"); |
208 | |
} |
209 | 0 | } |
210 | |
|
211 | |
private void initKeyManagerFactory() throws InitialisationException |
212 | |
{ |
213 | 0 | if (logger.isDebugEnabled()) |
214 | |
{ |
215 | 0 | logger.debug("initialising key manager factory from keystore data"); |
216 | |
} |
217 | |
KeyStore tempKeyStore; |
218 | |
try |
219 | |
{ |
220 | 0 | tempKeyStore = KeyStore.getInstance(keystoreType); |
221 | 0 | InputStream is = IOUtils.getResourceAsStream(keyStoreName, getClass()); |
222 | 0 | if (null == is) |
223 | |
{ |
224 | 0 | throw new FileNotFoundException( |
225 | |
CoreMessages.cannotLoadFromClasspath("Keystore: " + keyStoreName).getMessage()); |
226 | |
} |
227 | 0 | tempKeyStore.load(is, keyStorePassword.toCharArray()); |
228 | |
} |
229 | 0 | catch (Exception e) |
230 | |
{ |
231 | 0 | throw new InitialisationException( |
232 | |
CoreMessages.failedToLoad("KeyStore: " + keyStoreName), e, this); |
233 | 0 | } |
234 | |
try |
235 | |
{ |
236 | 0 | keyManagerFactory = KeyManagerFactory.getInstance(getKeyManagerAlgorithm()); |
237 | 0 | keyManagerFactory.init(tempKeyStore, keyPassword.toCharArray()); |
238 | |
} |
239 | 0 | catch (Exception e) |
240 | |
{ |
241 | 0 | throw new InitialisationException(CoreMessages.failedToLoad("Key Manager"), e, this); |
242 | 0 | } |
243 | 0 | } |
244 | |
|
245 | |
private void initTrustManagerFactory() throws InitialisationException |
246 | |
{ |
247 | 0 | if (null != trustStoreName) |
248 | |
{ |
249 | 0 | trustStorePassword = null == trustStorePassword ? "" : trustStorePassword; |
250 | |
|
251 | |
KeyStore trustStore; |
252 | |
try |
253 | |
{ |
254 | 0 | trustStore = KeyStore.getInstance(trustStoreType); |
255 | 0 | InputStream is = IOUtils.getResourceAsStream(trustStoreName, getClass()); |
256 | 0 | if (null == is) |
257 | |
{ |
258 | 0 | throw new FileNotFoundException( |
259 | |
"Failed to load truststore from classpath or local file: " + trustStoreName); |
260 | |
} |
261 | 0 | trustStore.load(is, trustStorePassword.toCharArray()); |
262 | |
} |
263 | 0 | catch (Exception e) |
264 | |
{ |
265 | 0 | throw new InitialisationException( |
266 | |
CoreMessages.failedToLoad("TrustStore: " + trustStoreName), e, this); |
267 | 0 | } |
268 | |
|
269 | |
try |
270 | |
{ |
271 | 0 | trustManagerFactory = TrustManagerFactory.getInstance(trustManagerAlgorithm); |
272 | 0 | trustManagerFactory.init(trustStore); |
273 | |
} |
274 | 0 | catch (Exception e) |
275 | |
{ |
276 | 0 | throw new InitialisationException( |
277 | |
CoreMessages.failedToLoad("Trust Manager (" + trustManagerAlgorithm + ")"), e, this); |
278 | 0 | } |
279 | |
} |
280 | 0 | } |
281 | |
|
282 | |
|
283 | |
private static void assertNotNull(Object value, String message) |
284 | |
{ |
285 | 0 | if (null == value) |
286 | |
{ |
287 | 0 | throw new IllegalArgumentException(message); |
288 | |
} |
289 | 0 | } |
290 | |
|
291 | |
private static String defaultForNull(String value, String deflt) |
292 | |
{ |
293 | 0 | if (null == value) |
294 | |
{ |
295 | 0 | return deflt; |
296 | |
} |
297 | |
else |
298 | |
{ |
299 | 0 | return value; |
300 | |
} |
301 | |
} |
302 | |
|
303 | |
|
304 | |
public SSLSocketFactory getSocketFactory() throws NoSuchAlgorithmException, KeyManagementException |
305 | |
{ |
306 | 0 | return getSslContext().getSocketFactory(); |
307 | |
} |
308 | |
|
309 | |
public SSLServerSocketFactory getServerSocketFactory() |
310 | |
throws NoSuchAlgorithmException, KeyManagementException |
311 | |
{ |
312 | 0 | return getSslContext().getServerSocketFactory(); |
313 | |
} |
314 | |
|
315 | |
public SSLContext getSslContext() throws NoSuchAlgorithmException, KeyManagementException |
316 | |
{ |
317 | 0 | KeyManager[] keyManagers = |
318 | |
null == getKeyManagerFactory() ? null : getKeyManagerFactory().getKeyManagers(); |
319 | 0 | TrustManager[] trustManagers = |
320 | |
null == getTrustManagerFactory() ? null : getTrustManagerFactory().getTrustManagers(); |
321 | |
|
322 | 0 | SSLContext context = SSLContext.getInstance(getSslType()); |
323 | |
|
324 | 0 | context.init(keyManagers, trustManagers, null); |
325 | 0 | return context; |
326 | |
} |
327 | |
|
328 | |
|
329 | |
public String getSslType() |
330 | |
{ |
331 | 0 | return sslType; |
332 | |
} |
333 | |
|
334 | |
public void setSslType(String sslType) |
335 | |
{ |
336 | 0 | this.sslType = sslType; |
337 | 0 | } |
338 | |
|
339 | |
public Provider getProvider() |
340 | |
{ |
341 | 0 | return provider; |
342 | |
} |
343 | |
|
344 | |
public void setProvider(Provider provider) |
345 | |
{ |
346 | 0 | this.provider = provider; |
347 | 0 | } |
348 | |
|
349 | |
public String getProtocolHandler() |
350 | |
{ |
351 | 0 | return protocolHandler; |
352 | |
} |
353 | |
|
354 | |
public void setProtocolHandler(String protocolHandler) |
355 | |
{ |
356 | 0 | this.protocolHandler = protocolHandler; |
357 | 0 | } |
358 | |
|
359 | |
public SecurityProviderFactory getSecurityProviderFactory() |
360 | |
{ |
361 | 0 | return spFactory; |
362 | |
} |
363 | |
|
364 | |
public void setSecurityProviderFactory(SecurityProviderFactory spFactory) |
365 | |
{ |
366 | 0 | this.spFactory = spFactory; |
367 | 0 | } |
368 | |
|
369 | |
|
370 | |
|
371 | |
|
372 | |
public String getKeyStore() |
373 | |
{ |
374 | 0 | return keyStoreName; |
375 | |
} |
376 | |
|
377 | |
public void setKeyStore(String name) throws IOException |
378 | |
{ |
379 | 0 | keyStoreName = name; |
380 | 0 | if (null != keyStoreName) |
381 | |
{ |
382 | 0 | keyStoreName = FileUtils.getResourcePath(keyStoreName, getClass()); |
383 | 0 | if (logger.isDebugEnabled()) |
384 | |
{ |
385 | 0 | logger.debug("Normalised keyStore path to: " + keyStoreName); |
386 | |
} |
387 | |
} |
388 | 0 | } |
389 | |
|
390 | |
public String getKeyPassword() |
391 | |
{ |
392 | 0 | return keyPassword; |
393 | |
} |
394 | |
|
395 | |
public void setKeyPassword(String keyPassword) |
396 | |
{ |
397 | 0 | this.keyPassword = keyPassword; |
398 | 0 | } |
399 | |
|
400 | |
public String getStorePassword() |
401 | |
{ |
402 | 0 | return keyStorePassword; |
403 | |
} |
404 | |
|
405 | |
public void setStorePassword(String storePassword) |
406 | |
{ |
407 | 0 | this.keyStorePassword = storePassword; |
408 | 0 | } |
409 | |
|
410 | |
public String getKeystoreType() |
411 | |
{ |
412 | 0 | return keystoreType; |
413 | |
} |
414 | |
|
415 | |
public void setKeystoreType(String keystoreType) |
416 | |
{ |
417 | 0 | this.keystoreType = keystoreType; |
418 | 0 | } |
419 | |
|
420 | |
public String getKeyManagerAlgorithm() |
421 | |
{ |
422 | 0 | return keyManagerAlgorithm; |
423 | |
} |
424 | |
|
425 | |
public void setKeyManagerAlgorithm(String keyManagerAlgorithm) |
426 | |
{ |
427 | 0 | this.keyManagerAlgorithm = keyManagerAlgorithm; |
428 | 0 | } |
429 | |
|
430 | |
public KeyManagerFactory getKeyManagerFactory() |
431 | |
{ |
432 | 0 | return keyManagerFactory; |
433 | |
} |
434 | |
|
435 | |
|
436 | |
|
437 | |
|
438 | |
public String getClientKeyStore() |
439 | |
{ |
440 | 0 | return clientKeyStoreName; |
441 | |
} |
442 | |
|
443 | |
public void setClientKeyStore(String name) throws IOException |
444 | |
{ |
445 | 0 | clientKeyStoreName = name; |
446 | 0 | if (null != clientKeyStoreName) |
447 | |
{ |
448 | 0 | clientKeyStoreName = FileUtils.getResourcePath(clientKeyStoreName, getClass()); |
449 | 0 | if (logger.isDebugEnabled()) |
450 | |
{ |
451 | 0 | logger.debug("Normalised clientKeyStore path to: " + clientKeyStoreName); |
452 | |
} |
453 | |
} |
454 | 0 | } |
455 | |
|
456 | |
public String getClientKeyStorePassword() |
457 | |
{ |
458 | 0 | return clientKeyStorePassword; |
459 | |
} |
460 | |
|
461 | |
public void setClientKeyStorePassword(String clientKeyStorePassword) |
462 | |
{ |
463 | 0 | this.clientKeyStorePassword = clientKeyStorePassword; |
464 | 0 | } |
465 | |
|
466 | |
public void setClientKeyStoreType(String clientKeyStoreType) |
467 | |
{ |
468 | 0 | this.clientKeyStoreType = clientKeyStoreType; |
469 | 0 | } |
470 | |
|
471 | |
public String getClientKeyStoreType() |
472 | |
{ |
473 | 0 | return clientKeyStoreType; |
474 | |
} |
475 | |
|
476 | |
|
477 | |
|
478 | |
|
479 | |
public String getTrustStore() |
480 | |
{ |
481 | 0 | return trustStoreName; |
482 | |
} |
483 | |
|
484 | |
public void setTrustStore(String name) throws IOException |
485 | |
{ |
486 | 0 | trustStoreName = name; |
487 | 0 | if (null != trustStoreName) |
488 | |
{ |
489 | 0 | trustStoreName = FileUtils.getResourcePath(trustStoreName, getClass()); |
490 | 0 | if (logger.isDebugEnabled()) |
491 | |
{ |
492 | 0 | logger.debug("Normalised trustStore path to: " + trustStoreName); |
493 | |
} |
494 | |
} |
495 | 0 | } |
496 | |
|
497 | |
public String getTrustStorePassword() |
498 | |
{ |
499 | 0 | return trustStorePassword; |
500 | |
} |
501 | |
|
502 | |
public void setTrustStorePassword(String trustStorePassword) |
503 | |
{ |
504 | 0 | this.trustStorePassword = trustStorePassword; |
505 | 0 | } |
506 | |
|
507 | |
public String getTrustStoreType() |
508 | |
{ |
509 | 0 | return trustStoreType; |
510 | |
} |
511 | |
|
512 | |
public void setTrustStoreType(String trustStoreType) |
513 | |
{ |
514 | 0 | this.trustStoreType = trustStoreType; |
515 | 0 | } |
516 | |
|
517 | |
public String getTrustManagerAlgorithm() |
518 | |
{ |
519 | 0 | return trustManagerAlgorithm; |
520 | |
} |
521 | |
|
522 | |
public void setTrustManagerAlgorithm(String trustManagerAlgorithm) |
523 | |
{ |
524 | 0 | this.trustManagerAlgorithm = defaultForNull(trustManagerAlgorithm, spInfo.getKeyManagerAlgorithm()); |
525 | 0 | } |
526 | |
|
527 | |
public TrustManagerFactory getTrustManagerFactory() |
528 | |
{ |
529 | 0 | return trustManagerFactory; |
530 | |
} |
531 | |
|
532 | |
public void setTrustManagerFactory(TrustManagerFactory trustManagerFactory) |
533 | |
{ |
534 | 0 | this.trustManagerFactory = trustManagerFactory; |
535 | 0 | } |
536 | |
|
537 | |
public boolean isExplicitTrustStoreOnly() |
538 | |
{ |
539 | 0 | return explicitTrustStoreOnly; |
540 | |
} |
541 | |
|
542 | |
public void setExplicitTrustStoreOnly(boolean explicitTrustStoreOnly) |
543 | |
{ |
544 | 0 | this.explicitTrustStoreOnly = explicitTrustStoreOnly; |
545 | 0 | } |
546 | |
|
547 | |
public boolean isRequireClientAuthentication() |
548 | |
{ |
549 | 0 | return requireClientAuthentication; |
550 | |
} |
551 | |
|
552 | |
public void setRequireClientAuthentication(boolean requireClientAuthentication) |
553 | |
{ |
554 | 0 | this.requireClientAuthentication = requireClientAuthentication; |
555 | 0 | } |
556 | |
|
557 | |
} |
558 | |
|
559 | |
|