Coverage Report - org.mule.module.pgp.filters.PGPSecurityFilter
 
Classes in this File Line Coverage Branch Coverage Complexity
PGPSecurityFilter
0%
0/66
0%
0/14
2.75
 
 1  
 /*
 2  
  * $Id: PGPSecurityFilter.java 10789 2008-02-12 20:04:43Z dfeist $
 3  
  * --------------------------------------------------------------------------------------
 4  
  * Copyright (c) MuleSource, Inc.  All rights reserved.  http://www.mulesource.com
 5  
  *
 6  
  * The software in this package is published under the terms of the CPAL v1.0
 7  
  * license, a copy of which has been included with this distribution in the
 8  
  * LICENSE.txt file.
 9  
  */
 10  
 
 11  
 package org.mule.module.pgp.filters;
 12  
 
 13  
 import org.mule.api.EncryptionStrategy;
 14  
 import org.mule.api.MuleEvent;
 15  
 import org.mule.api.MuleMessage;
 16  
 import org.mule.api.lifecycle.InitialisationException;
 17  
 import org.mule.api.security.Authentication;
 18  
 import org.mule.api.security.SecurityContext;
 19  
 import org.mule.api.security.UnauthorisedException;
 20  
 import org.mule.api.security.UnknownAuthenticationTypeException;
 21  
 import org.mule.config.i18n.CoreMessages;
 22  
 import org.mule.module.pgp.PGPAuthentication;
 23  
 import org.mule.module.pgp.PGPCryptInfo;
 24  
 import org.mule.module.pgp.PGPKeyRing;
 25  
 import org.mule.module.pgp.i18n.PGPMessages;
 26  
 import org.mule.security.AbstractEndpointSecurityFilter;
 27  
 
 28  
 import java.io.ByteArrayInputStream;
 29  
 import java.util.Collection;
 30  
 
 31  
 import org.apache.commons.logging.Log;
 32  
 import org.apache.commons.logging.LogFactory;
 33  
 
 34  
 import cryptix.message.LiteralMessage;
 35  
 import cryptix.message.Message;
 36  
 import cryptix.message.MessageFactory;
 37  
 import cryptix.message.SignedMessage;
 38  
 import cryptix.pki.KeyBundle;
 39  
 
 40  0
 public class PGPSecurityFilter extends AbstractEndpointSecurityFilter
 41  
 {
 42  
     /**
 43  
      * logger used by this class
 44  
      */
 45  0
     protected static final Log logger = LogFactory.getLog(PGPSecurityFilter.class);
 46  
 
 47  
     private EncryptionStrategy strategy;
 48  
 
 49  
     private String strategyName;
 50  
 
 51  
     private boolean signRequired;
 52  
 
 53  
     private PGPKeyRing keyManager;
 54  
 
 55  
     /*
 56  
      * (non-Javadoc)
 57  
      * 
 58  
      * @see org.mule.security.AbstractEndpointSecurityFilter#authenticateInbound(org.mule.api.MuleEvent)
 59  
      */
 60  
     protected void authenticateInbound(MuleEvent event)
 61  
         throws SecurityException, UnauthorisedException, UnknownAuthenticationTypeException
 62  
     {
 63  0
         MuleMessage message = event.getMessage();
 64  
 
 65  0
         String userId = (String)getCredentialsAccessor().getCredentials(event);
 66  
 
 67  0
         byte[] creds = null;
 68  
 
 69  
         try
 70  
         {
 71  0
             creds = message.getPayloadAsBytes();
 72  0
             creds = strategy.decrypt(creds, null);
 73  
         }
 74  0
         catch (Exception e1)
 75  
         {
 76  0
             throw new UnauthorisedException(
 77  
                 CoreMessages.failedToReadPayload(), event.getMessage(), e1);
 78  0
         }
 79  
 
 80  
         final Authentication authResult;
 81  
         Authentication umoAuthentication;
 82  
 
 83  
         try
 84  
         {
 85  0
             umoAuthentication = new PGPAuthentication(userId, decodeMsgRaw(creds));
 86  
         }
 87  0
         catch (Exception e1)
 88  
         {
 89  0
             throw new UnauthorisedException(
 90  
                 CoreMessages.failedToReadPayload(), event.getMessage(), e1);
 91  0
         }
 92  
 
 93  
         try
 94  
         {
 95  0
             authResult = getSecurityManager().authenticate(umoAuthentication);
 96  
         }
 97  0
         catch (Exception e)
 98  
         {
 99  
             // Authentication failed
 100  0
             if (logger.isDebugEnabled())
 101  
             {
 102  0
                 logger.debug("Authentication request for user: " + userId + " failed: " + e.toString());
 103  
             }
 104  
 
 105  0
             throw new UnauthorisedException(CoreMessages.authFailedForUser(userId), event.getMessage(), e);
 106  0
         }
 107  
 
 108  
         // Authentication success
 109  0
         if (logger.isDebugEnabled())
 110  
         {
 111  0
             logger.debug("Authentication success: " + authResult.toString());
 112  
         }
 113  
 
 114  0
         SecurityContext context = getSecurityManager().createSecurityContext(authResult);
 115  0
         event.getSession().setSecurityContext(context);
 116  
 
 117  
         try
 118  
         {
 119  0
             updatePayload(event.getMessage(), getUnencryptedMessageWithoutSignature((PGPAuthentication)authResult));
 120  
 //            TODO RequestContext.rewriteEvent(new DefaultMuleMessage(
 121  
 //                getUnencryptedMessageWithoutSignature((PGPAuthentication)authResult)));
 122  
         }
 123  0
         catch (Exception e2)
 124  
         {
 125  0
             throw new UnauthorisedException(event.getMessage(), context, event.getEndpoint(), this);
 126  0
         }
 127  0
     }
 128  
 
 129  
     private Message decodeMsgRaw(byte[] raw) throws Exception
 130  
     {
 131  0
         MessageFactory mf = MessageFactory.getInstance("OpenPGP");
 132  
 
 133  0
         ByteArrayInputStream in = new ByteArrayInputStream(raw);
 134  
 
 135  0
         Collection msgs = mf.generateMessages(in);
 136  
 
 137  0
         return (Message)msgs.iterator().next();
 138  
     }
 139  
 
 140  
     private String getUnencryptedMessageWithoutSignature(PGPAuthentication auth) throws Exception
 141  
     {
 142  0
         Message msg = (Message)auth.getCredentials();
 143  
 
 144  0
         if (msg instanceof SignedMessage)
 145  
         {
 146  0
             msg = ((SignedMessage)msg).getContents();
 147  
         }
 148  
 
 149  0
         if (msg instanceof LiteralMessage)
 150  
         {
 151  0
             return ((LiteralMessage)msg).getTextData();
 152  
         }
 153  
         else
 154  
         {
 155  0
             throw new Exception("Wrong data");
 156  
         }
 157  
     }
 158  
 
 159  
     /*
 160  
      * (non-Javadoc)
 161  
      * 
 162  
      * @see org.mule.security.AbstractEndpointSecurityFilter#authenticateOutbound(org.mule.api.MuleEvent)
 163  
      */
 164  
     protected void authenticateOutbound(MuleEvent event) throws SecurityException, UnauthorisedException
 165  
     {
 166  0
         logger.debug("authenticateOutbound:" + event.getId());
 167  
 
 168  0
         if (!isAuthenticate())
 169  
         {
 170  0
             return;
 171  
         }
 172  
 
 173  0
         MuleMessage message = event.getMessage();
 174  
 
 175  0
         KeyBundle userKeyBundle = keyManager.getKeyBundle((String)getCredentialsAccessor().getCredentials(
 176  
             event));
 177  
 
 178  0
         final PGPCryptInfo cryptInfo = new PGPCryptInfo(userKeyBundle, signRequired);
 179  
 
 180  
         try
 181  
         {
 182  0
             updatePayload(event.getMessage(), strategy.encrypt(message.getPayloadAsBytes(), cryptInfo));
 183  
         }
 184  0
         catch (Exception e1)
 185  
         {
 186  0
             throw new UnauthorisedException(CoreMessages.failedToReadPayload(), event.getMessage(), e1);
 187  0
         }
 188  0
     }
 189  
 
 190  
     protected void doInitialise() throws InitialisationException
 191  
     {
 192  0
         if (strategyName != null)
 193  
         {
 194  0
             strategy = endpoint.getMuleContext().getSecurityManager().getEncryptionStrategy(strategyName);
 195  
         }
 196  
 
 197  0
         if (strategy == null)
 198  
         {
 199  0
             throw new InitialisationException(PGPMessages.encryptionStrategyNotSet(), this);
 200  
         }
 201  0
     }
 202  
 
 203  
     public EncryptionStrategy getStrategy()
 204  
     {
 205  0
         return strategy;
 206  
     }
 207  
 
 208  
     public void setStrategy(EncryptionStrategy strategy)
 209  
     {
 210  0
         this.strategy = strategy;
 211  0
     }
 212  
 
 213  
     public void setStrategyName(String name)
 214  
     {
 215  0
         strategyName = name;
 216  0
     }
 217  
 
 218  
     public boolean isSignRequired()
 219  
     {
 220  0
         return signRequired;
 221  
     }
 222  
 
 223  
     public void setSignRequired(boolean signRequired)
 224  
     {
 225  0
         this.signRequired = signRequired;
 226  0
     }
 227  
 
 228  
     public PGPKeyRing getKeyManager()
 229  
     {
 230  0
         return keyManager;
 231  
     }
 232  
 
 233  
     public void setKeyManager(PGPKeyRing keyManager)
 234  
     {
 235  0
         this.keyManager = keyManager;
 236  0
     }
 237  
 }