1 | |
|
2 | |
|
3 | |
|
4 | |
|
5 | |
|
6 | |
|
7 | |
|
8 | |
|
9 | |
|
10 | |
|
11 | |
package org.mule.module.pgp.filters; |
12 | |
|
13 | |
import org.mule.api.EncryptionStrategy; |
14 | |
import org.mule.api.MuleEvent; |
15 | |
import org.mule.api.MuleMessage; |
16 | |
import org.mule.api.lifecycle.InitialisationException; |
17 | |
import org.mule.api.security.Authentication; |
18 | |
import org.mule.api.security.SecurityContext; |
19 | |
import org.mule.api.security.UnauthorisedException; |
20 | |
import org.mule.api.security.UnknownAuthenticationTypeException; |
21 | |
import org.mule.config.i18n.CoreMessages; |
22 | |
import org.mule.module.pgp.PGPAuthentication; |
23 | |
import org.mule.module.pgp.PGPCryptInfo; |
24 | |
import org.mule.module.pgp.PGPKeyRing; |
25 | |
import org.mule.module.pgp.i18n.PGPMessages; |
26 | |
import org.mule.security.AbstractEndpointSecurityFilter; |
27 | |
|
28 | |
import java.io.ByteArrayInputStream; |
29 | |
import java.util.Collection; |
30 | |
|
31 | |
import org.apache.commons.logging.Log; |
32 | |
import org.apache.commons.logging.LogFactory; |
33 | |
|
34 | |
import cryptix.message.LiteralMessage; |
35 | |
import cryptix.message.Message; |
36 | |
import cryptix.message.MessageFactory; |
37 | |
import cryptix.message.SignedMessage; |
38 | |
import cryptix.pki.KeyBundle; |
39 | |
|
40 | 0 | public class PGPSecurityFilter extends AbstractEndpointSecurityFilter |
41 | |
{ |
42 | |
|
43 | |
|
44 | |
|
45 | 0 | protected static final Log logger = LogFactory.getLog(PGPSecurityFilter.class); |
46 | |
|
47 | |
private EncryptionStrategy strategy; |
48 | |
|
49 | |
private String strategyName; |
50 | |
|
51 | |
private boolean signRequired; |
52 | |
|
53 | |
private PGPKeyRing keyManager; |
54 | |
|
55 | |
|
56 | |
|
57 | |
|
58 | |
|
59 | |
|
60 | |
protected void authenticateInbound(MuleEvent event) |
61 | |
throws SecurityException, UnauthorisedException, UnknownAuthenticationTypeException |
62 | |
{ |
63 | 0 | MuleMessage message = event.getMessage(); |
64 | |
|
65 | 0 | String userId = (String)getCredentialsAccessor().getCredentials(event); |
66 | |
|
67 | 0 | byte[] creds = null; |
68 | |
|
69 | |
try |
70 | |
{ |
71 | 0 | creds = message.getPayloadAsBytes(); |
72 | 0 | creds = strategy.decrypt(creds, null); |
73 | |
} |
74 | 0 | catch (Exception e1) |
75 | |
{ |
76 | 0 | throw new UnauthorisedException( |
77 | |
CoreMessages.failedToReadPayload(), event.getMessage(), e1); |
78 | 0 | } |
79 | |
|
80 | |
final Authentication authResult; |
81 | |
Authentication umoAuthentication; |
82 | |
|
83 | |
try |
84 | |
{ |
85 | 0 | umoAuthentication = new PGPAuthentication(userId, decodeMsgRaw(creds)); |
86 | |
} |
87 | 0 | catch (Exception e1) |
88 | |
{ |
89 | 0 | throw new UnauthorisedException( |
90 | |
CoreMessages.failedToReadPayload(), event.getMessage(), e1); |
91 | 0 | } |
92 | |
|
93 | |
try |
94 | |
{ |
95 | 0 | authResult = getSecurityManager().authenticate(umoAuthentication); |
96 | |
} |
97 | 0 | catch (Exception e) |
98 | |
{ |
99 | |
|
100 | 0 | if (logger.isDebugEnabled()) |
101 | |
{ |
102 | 0 | logger.debug("Authentication request for user: " + userId + " failed: " + e.toString()); |
103 | |
} |
104 | |
|
105 | 0 | throw new UnauthorisedException(CoreMessages.authFailedForUser(userId), event.getMessage(), e); |
106 | 0 | } |
107 | |
|
108 | |
|
109 | 0 | if (logger.isDebugEnabled()) |
110 | |
{ |
111 | 0 | logger.debug("Authentication success: " + authResult.toString()); |
112 | |
} |
113 | |
|
114 | 0 | SecurityContext context = getSecurityManager().createSecurityContext(authResult); |
115 | 0 | event.getSession().setSecurityContext(context); |
116 | |
|
117 | |
try |
118 | |
{ |
119 | 0 | updatePayload(event.getMessage(), getUnencryptedMessageWithoutSignature((PGPAuthentication)authResult)); |
120 | |
|
121 | |
|
122 | |
} |
123 | 0 | catch (Exception e2) |
124 | |
{ |
125 | 0 | throw new UnauthorisedException(event.getMessage(), context, event.getEndpoint(), this); |
126 | 0 | } |
127 | 0 | } |
128 | |
|
129 | |
private Message decodeMsgRaw(byte[] raw) throws Exception |
130 | |
{ |
131 | 0 | MessageFactory mf = MessageFactory.getInstance("OpenPGP"); |
132 | |
|
133 | 0 | ByteArrayInputStream in = new ByteArrayInputStream(raw); |
134 | |
|
135 | 0 | Collection msgs = mf.generateMessages(in); |
136 | |
|
137 | 0 | return (Message)msgs.iterator().next(); |
138 | |
} |
139 | |
|
140 | |
private String getUnencryptedMessageWithoutSignature(PGPAuthentication auth) throws Exception |
141 | |
{ |
142 | 0 | Message msg = (Message)auth.getCredentials(); |
143 | |
|
144 | 0 | if (msg instanceof SignedMessage) |
145 | |
{ |
146 | 0 | msg = ((SignedMessage)msg).getContents(); |
147 | |
} |
148 | |
|
149 | 0 | if (msg instanceof LiteralMessage) |
150 | |
{ |
151 | 0 | return ((LiteralMessage)msg).getTextData(); |
152 | |
} |
153 | |
else |
154 | |
{ |
155 | 0 | throw new Exception("Wrong data"); |
156 | |
} |
157 | |
} |
158 | |
|
159 | |
|
160 | |
|
161 | |
|
162 | |
|
163 | |
|
164 | |
protected void authenticateOutbound(MuleEvent event) throws SecurityException, UnauthorisedException |
165 | |
{ |
166 | 0 | logger.debug("authenticateOutbound:" + event.getId()); |
167 | |
|
168 | 0 | if (!isAuthenticate()) |
169 | |
{ |
170 | 0 | return; |
171 | |
} |
172 | |
|
173 | 0 | MuleMessage message = event.getMessage(); |
174 | |
|
175 | 0 | KeyBundle userKeyBundle = keyManager.getKeyBundle((String)getCredentialsAccessor().getCredentials( |
176 | |
event)); |
177 | |
|
178 | 0 | final PGPCryptInfo cryptInfo = new PGPCryptInfo(userKeyBundle, signRequired); |
179 | |
|
180 | |
try |
181 | |
{ |
182 | 0 | updatePayload(event.getMessage(), strategy.encrypt(message.getPayloadAsBytes(), cryptInfo)); |
183 | |
} |
184 | 0 | catch (Exception e1) |
185 | |
{ |
186 | 0 | throw new UnauthorisedException(CoreMessages.failedToReadPayload(), event.getMessage(), e1); |
187 | 0 | } |
188 | 0 | } |
189 | |
|
190 | |
protected void doInitialise() throws InitialisationException |
191 | |
{ |
192 | 0 | if (strategyName != null) |
193 | |
{ |
194 | 0 | strategy = endpoint.getMuleContext().getSecurityManager().getEncryptionStrategy(strategyName); |
195 | |
} |
196 | |
|
197 | 0 | if (strategy == null) |
198 | |
{ |
199 | 0 | throw new InitialisationException(PGPMessages.encryptionStrategyNotSet(), this); |
200 | |
} |
201 | 0 | } |
202 | |
|
203 | |
public EncryptionStrategy getStrategy() |
204 | |
{ |
205 | 0 | return strategy; |
206 | |
} |
207 | |
|
208 | |
public void setStrategy(EncryptionStrategy strategy) |
209 | |
{ |
210 | 0 | this.strategy = strategy; |
211 | 0 | } |
212 | |
|
213 | |
public void setStrategyName(String name) |
214 | |
{ |
215 | 0 | strategyName = name; |
216 | 0 | } |
217 | |
|
218 | |
public boolean isSignRequired() |
219 | |
{ |
220 | 0 | return signRequired; |
221 | |
} |
222 | |
|
223 | |
public void setSignRequired(boolean signRequired) |
224 | |
{ |
225 | 0 | this.signRequired = signRequired; |
226 | 0 | } |
227 | |
|
228 | |
public PGPKeyRing getKeyManager() |
229 | |
{ |
230 | 0 | return keyManager; |
231 | |
} |
232 | |
|
233 | |
public void setKeyManager(PGPKeyRing keyManager) |
234 | |
{ |
235 | 0 | this.keyManager = keyManager; |
236 | 0 | } |
237 | |
} |