View Javadoc

1   /*
2    * $Id: PGPSecurityFilter.java 10789 2008-02-12 20:04:43Z dfeist $
3    * --------------------------------------------------------------------------------------
4    * Copyright (c) MuleSource, Inc.  All rights reserved.  http://www.mulesource.com
5    *
6    * The software in this package is published under the terms of the CPAL v1.0
7    * license, a copy of which has been included with this distribution in the
8    * LICENSE.txt file.
9    */
10  
11  package org.mule.module.pgp.filters;
12  
13  import org.mule.api.EncryptionStrategy;
14  import org.mule.api.MuleEvent;
15  import org.mule.api.MuleMessage;
16  import org.mule.api.lifecycle.InitialisationException;
17  import org.mule.api.security.Authentication;
18  import org.mule.api.security.SecurityContext;
19  import org.mule.api.security.UnauthorisedException;
20  import org.mule.api.security.UnknownAuthenticationTypeException;
21  import org.mule.config.i18n.CoreMessages;
22  import org.mule.module.pgp.PGPAuthentication;
23  import org.mule.module.pgp.PGPCryptInfo;
24  import org.mule.module.pgp.PGPKeyRing;
25  import org.mule.module.pgp.i18n.PGPMessages;
26  import org.mule.security.AbstractEndpointSecurityFilter;
27  
28  import java.io.ByteArrayInputStream;
29  import java.util.Collection;
30  
31  import org.apache.commons.logging.Log;
32  import org.apache.commons.logging.LogFactory;
33  
34  import cryptix.message.LiteralMessage;
35  import cryptix.message.Message;
36  import cryptix.message.MessageFactory;
37  import cryptix.message.SignedMessage;
38  import cryptix.pki.KeyBundle;
39  
40  public class PGPSecurityFilter extends AbstractEndpointSecurityFilter
41  {
42      /**
43       * logger used by this class
44       */
45      protected static final Log logger = LogFactory.getLog(PGPSecurityFilter.class);
46  
47      private EncryptionStrategy strategy;
48  
49      private String strategyName;
50  
51      private boolean signRequired;
52  
53      private PGPKeyRing keyManager;
54  
55      /*
56       * (non-Javadoc)
57       * 
58       * @see org.mule.security.AbstractEndpointSecurityFilter#authenticateInbound(org.mule.api.MuleEvent)
59       */
60      protected void authenticateInbound(MuleEvent event)
61          throws SecurityException, UnauthorisedException, UnknownAuthenticationTypeException
62      {
63          MuleMessage message = event.getMessage();
64  
65          String userId = (String)getCredentialsAccessor().getCredentials(event);
66  
67          byte[] creds = null;
68  
69          try
70          {
71              creds = message.getPayloadAsBytes();
72              creds = strategy.decrypt(creds, null);
73          }
74          catch (Exception e1)
75          {
76              throw new UnauthorisedException(
77                  CoreMessages.failedToReadPayload(), event.getMessage(), e1);
78          }
79  
80          final Authentication authResult;
81          Authentication umoAuthentication;
82  
83          try
84          {
85              umoAuthentication = new PGPAuthentication(userId, decodeMsgRaw(creds));
86          }
87          catch (Exception e1)
88          {
89              throw new UnauthorisedException(
90                  CoreMessages.failedToReadPayload(), event.getMessage(), e1);
91          }
92  
93          try
94          {
95              authResult = getSecurityManager().authenticate(umoAuthentication);
96          }
97          catch (Exception e)
98          {
99              // Authentication failed
100             if (logger.isDebugEnabled())
101             {
102                 logger.debug("Authentication request for user: " + userId + " failed: " + e.toString());
103             }
104 
105             throw new UnauthorisedException(CoreMessages.authFailedForUser(userId), event.getMessage(), e);
106         }
107 
108         // Authentication success
109         if (logger.isDebugEnabled())
110         {
111             logger.debug("Authentication success: " + authResult.toString());
112         }
113 
114         SecurityContext context = getSecurityManager().createSecurityContext(authResult);
115         event.getSession().setSecurityContext(context);
116 
117         try
118         {
119             updatePayload(event.getMessage(), getUnencryptedMessageWithoutSignature((PGPAuthentication)authResult));
120 //            TODO RequestContext.rewriteEvent(new DefaultMuleMessage(
121 //                getUnencryptedMessageWithoutSignature((PGPAuthentication)authResult)));
122         }
123         catch (Exception e2)
124         {
125             throw new UnauthorisedException(event.getMessage(), context, event.getEndpoint(), this);
126         }
127     }
128 
129     private Message decodeMsgRaw(byte[] raw) throws Exception
130     {
131         MessageFactory mf = MessageFactory.getInstance("OpenPGP");
132 
133         ByteArrayInputStream in = new ByteArrayInputStream(raw);
134 
135         Collection msgs = mf.generateMessages(in);
136 
137         return (Message)msgs.iterator().next();
138     }
139 
140     private String getUnencryptedMessageWithoutSignature(PGPAuthentication auth) throws Exception
141     {
142         Message msg = (Message)auth.getCredentials();
143 
144         if (msg instanceof SignedMessage)
145         {
146             msg = ((SignedMessage)msg).getContents();
147         }
148 
149         if (msg instanceof LiteralMessage)
150         {
151             return ((LiteralMessage)msg).getTextData();
152         }
153         else
154         {
155             throw new Exception("Wrong data");
156         }
157     }
158 
159     /*
160      * (non-Javadoc)
161      * 
162      * @see org.mule.security.AbstractEndpointSecurityFilter#authenticateOutbound(org.mule.api.MuleEvent)
163      */
164     protected void authenticateOutbound(MuleEvent event) throws SecurityException, UnauthorisedException
165     {
166         logger.debug("authenticateOutbound:" + event.getId());
167 
168         if (!isAuthenticate())
169         {
170             return;
171         }
172 
173         MuleMessage message = event.getMessage();
174 
175         KeyBundle userKeyBundle = keyManager.getKeyBundle((String)getCredentialsAccessor().getCredentials(
176             event));
177 
178         final PGPCryptInfo cryptInfo = new PGPCryptInfo(userKeyBundle, signRequired);
179 
180         try
181         {
182             updatePayload(event.getMessage(), strategy.encrypt(message.getPayloadAsBytes(), cryptInfo));
183         }
184         catch (Exception e1)
185         {
186             throw new UnauthorisedException(CoreMessages.failedToReadPayload(), event.getMessage(), e1);
187         }
188     }
189 
190     protected void doInitialise() throws InitialisationException
191     {
192         if (strategyName != null)
193         {
194             strategy = endpoint.getMuleContext().getSecurityManager().getEncryptionStrategy(strategyName);
195         }
196 
197         if (strategy == null)
198         {
199             throw new InitialisationException(PGPMessages.encryptionStrategyNotSet(), this);
200         }
201     }
202 
203     public EncryptionStrategy getStrategy()
204     {
205         return strategy;
206     }
207 
208     public void setStrategy(EncryptionStrategy strategy)
209     {
210         this.strategy = strategy;
211     }
212 
213     public void setStrategyName(String name)
214     {
215         strategyName = name;
216     }
217 
218     public boolean isSignRequired()
219     {
220         return signRequired;
221     }
222 
223     public void setSignRequired(boolean signRequired)
224     {
225         this.signRequired = signRequired;
226     }
227 
228     public PGPKeyRing getKeyManager()
229     {
230         return keyManager;
231     }
232 
233     public void setKeyManager(PGPKeyRing keyManager)
234     {
235         this.keyManager = keyManager;
236     }
237 }