1 | |
|
2 | |
|
3 | |
|
4 | |
|
5 | |
|
6 | |
|
7 | |
|
8 | |
|
9 | |
|
10 | |
|
11 | |
package org.mule.api.security.tls; |
12 | |
|
13 | |
import org.mule.api.lifecycle.CreateException; |
14 | |
import org.mule.api.security.TlsDirectKeyStore; |
15 | |
import org.mule.api.security.TlsDirectTrustStore; |
16 | |
import org.mule.api.security.TlsIndirectKeyStore; |
17 | |
import org.mule.api.security.TlsProtocolHandler; |
18 | |
import org.mule.api.security.provider.AutoDiscoverySecurityProviderFactory; |
19 | |
import org.mule.api.security.provider.SecurityProviderFactory; |
20 | |
import org.mule.api.security.provider.SecurityProviderInfo; |
21 | |
import org.mule.config.i18n.CoreMessages; |
22 | |
import org.mule.util.FileUtils; |
23 | |
import org.mule.util.IOUtils; |
24 | |
|
25 | |
import java.io.FileNotFoundException; |
26 | |
import java.io.IOException; |
27 | |
import java.io.InputStream; |
28 | |
import java.security.KeyManagementException; |
29 | |
import java.security.KeyStore; |
30 | |
import java.security.NoSuchAlgorithmException; |
31 | |
import java.security.Provider; |
32 | |
import java.security.Security; |
33 | |
|
34 | |
import javax.net.ssl.KeyManager; |
35 | |
import javax.net.ssl.KeyManagerFactory; |
36 | |
import javax.net.ssl.SSLContext; |
37 | |
import javax.net.ssl.SSLServerSocketFactory; |
38 | |
import javax.net.ssl.SSLSocketFactory; |
39 | |
import javax.net.ssl.TrustManager; |
40 | |
import javax.net.ssl.TrustManagerFactory; |
41 | |
|
42 | |
import org.apache.commons.logging.Log; |
43 | |
import org.apache.commons.logging.LogFactory; |
44 | |
|
45 | |
|
46 | |
|
47 | |
|
48 | |
|
49 | |
|
50 | |
|
51 | |
|
52 | |
|
53 | |
|
54 | |
|
55 | |
|
56 | |
|
57 | |
|
58 | |
|
59 | |
|
60 | |
|
61 | |
|
62 | |
|
63 | |
|
64 | |
|
65 | |
|
66 | |
|
67 | |
|
68 | |
|
69 | |
|
70 | |
|
71 | |
|
72 | |
|
73 | |
|
74 | |
|
75 | |
|
76 | |
|
77 | |
|
78 | |
|
79 | |
|
80 | |
|
81 | |
|
82 | |
|
83 | |
|
84 | |
|
85 | |
|
86 | |
|
87 | |
|
88 | |
|
89 | |
|
90 | |
|
91 | |
|
92 | |
|
93 | |
|
94 | |
|
95 | |
|
96 | |
|
97 | |
|
98 | |
|
99 | |
|
100 | |
|
101 | |
|
102 | |
|
103 | |
|
104 | |
|
105 | |
|
106 | |
|
107 | |
|
108 | |
|
109 | |
|
110 | |
|
111 | |
|
112 | |
public final class TlsConfiguration |
113 | |
implements TlsDirectTrustStore, TlsDirectKeyStore, TlsIndirectKeyStore, TlsProtocolHandler |
114 | |
{ |
115 | |
|
116 | |
public static final String DEFAULT_KEYSTORE = ".keystore"; |
117 | 2 | public static final String DEFAULT_KEYSTORE_TYPE = KeyStore.getDefaultType(); |
118 | |
public static final String DEFAULT_SSL_TYPE = "SSLv3"; |
119 | |
public static final String JSSE_NAMESPACE = "javax.net"; |
120 | |
|
121 | 8 | private Log logger = LogFactory.getLog(getClass()); |
122 | |
|
123 | 8 | private SecurityProviderFactory spFactory = new AutoDiscoverySecurityProviderFactory(); |
124 | 8 | private SecurityProviderInfo spInfo = spFactory.getSecurityProviderInfo(); |
125 | 8 | private Provider provider = spFactory.getProvider(); |
126 | 8 | private String sslType = DEFAULT_SSL_TYPE; |
127 | |
|
128 | |
|
129 | 8 | private String protocolHandler = spInfo.getProtocolHandler(); |
130 | |
|
131 | |
|
132 | |
|
133 | 8 | private String keyStoreName = DEFAULT_KEYSTORE; |
134 | 8 | private String keyPassword = null; |
135 | 8 | private String keyStorePassword = null; |
136 | 8 | private String keystoreType = DEFAULT_KEYSTORE_TYPE; |
137 | 8 | private String keyManagerAlgorithm = spInfo.getKeyManagerAlgorithm(); |
138 | 8 | private KeyManagerFactory keyManagerFactory = null; |
139 | |
|
140 | |
|
141 | |
|
142 | |
|
143 | |
|
144 | |
|
145 | 8 | private String clientKeyStoreName = null; |
146 | 8 | private String clientKeyStorePassword = null; |
147 | 8 | private String clientKeyStoreType = DEFAULT_KEYSTORE_TYPE; |
148 | |
|
149 | |
|
150 | |
|
151 | 8 | private String trustStoreName = null; |
152 | 8 | private String trustStorePassword = null; |
153 | 8 | private String trustStoreType = DEFAULT_KEYSTORE_TYPE; |
154 | 8 | private String trustManagerAlgorithm = spInfo.getKeyManagerAlgorithm(); |
155 | 8 | private TrustManagerFactory trustManagerFactory = null; |
156 | 8 | private boolean explicitTrustStoreOnly = false; |
157 | 8 | private boolean requireClientAuthentication = false; |
158 | |
|
159 | |
|
160 | |
|
161 | |
|
162 | |
|
163 | |
|
164 | |
|
165 | |
public TlsConfiguration(String keyStore) |
166 | 8 | { |
167 | 8 | this.keyStoreName = keyStore; |
168 | 8 | } |
169 | |
|
170 | |
|
171 | |
|
172 | |
|
173 | |
|
174 | |
|
175 | |
|
176 | |
|
177 | |
|
178 | |
|
179 | |
public void initialise(boolean anon, String namespace) throws CreateException |
180 | |
{ |
181 | 12 | if (logger.isDebugEnabled()) |
182 | |
{ |
183 | 0 | logger.debug("initialising: anon " + anon); |
184 | |
} |
185 | 12 | validate(anon); |
186 | |
|
187 | 8 | Security.addProvider(provider); |
188 | 8 | System.setProperty("java.protocol.handler.pkgs", protocolHandler); |
189 | |
|
190 | 8 | if (!anon) |
191 | |
{ |
192 | 6 | initKeyManagerFactory(); |
193 | |
} |
194 | 6 | initTrustManagerFactory(); |
195 | |
|
196 | 6 | if (null != namespace) |
197 | |
{ |
198 | 6 | new TlsPropertiesMapper(namespace).writeToProperties(System.getProperties(), this); |
199 | |
} |
200 | 6 | } |
201 | |
|
202 | |
private void validate(boolean anon) throws CreateException |
203 | |
{ |
204 | 12 | assertNotNull(getProvider(), "The security provider cannot be null"); |
205 | 12 | if (!anon) |
206 | |
{ |
207 | 10 | assertNotNull(getKeyStore(), "The KeyStore location cannot be null"); |
208 | 10 | assertNotNull(getKeyPassword(), "The Key password cannot be null"); |
209 | 8 | assertNotNull(getKeyStorePassword(), "The KeyStore password cannot be null"); |
210 | 6 | assertNotNull(getKeyManagerAlgorithm(), "The Key Manager Algorithm cannot be null"); |
211 | |
} |
212 | 8 | } |
213 | |
|
214 | |
private void initKeyManagerFactory() throws CreateException |
215 | |
{ |
216 | 6 | if (logger.isDebugEnabled()) |
217 | |
{ |
218 | 0 | logger.debug("initialising key manager factory from keystore data"); |
219 | |
} |
220 | |
KeyStore tempKeyStore; |
221 | |
try |
222 | |
{ |
223 | 6 | tempKeyStore = KeyStore.getInstance(keystoreType); |
224 | 6 | InputStream is = IOUtils.getResourceAsStream(keyStoreName, getClass()); |
225 | 6 | if (null == is) |
226 | |
{ |
227 | 0 | throw new FileNotFoundException( |
228 | |
CoreMessages.cannotLoadFromClasspath("Keystore: " + keyStoreName).getMessage()); |
229 | |
} |
230 | 6 | tempKeyStore.load(is, keyStorePassword.toCharArray()); |
231 | |
} |
232 | 2 | catch (Exception e) |
233 | |
{ |
234 | 2 | throw new CreateException( |
235 | |
CoreMessages.failedToLoad("KeyStore: " + keyStoreName), e, this); |
236 | 4 | } |
237 | |
try |
238 | |
{ |
239 | 4 | keyManagerFactory = KeyManagerFactory.getInstance(getKeyManagerAlgorithm()); |
240 | 4 | keyManagerFactory.init(tempKeyStore, keyPassword.toCharArray()); |
241 | |
} |
242 | 0 | catch (Exception e) |
243 | |
{ |
244 | 0 | throw new CreateException(CoreMessages.failedToLoad("Key Manager"), e, this); |
245 | 4 | } |
246 | 4 | } |
247 | |
|
248 | |
private void initTrustManagerFactory() throws CreateException |
249 | |
{ |
250 | 6 | if (null != trustStoreName) |
251 | |
{ |
252 | 0 | trustStorePassword = null == trustStorePassword ? "" : trustStorePassword; |
253 | |
|
254 | |
KeyStore trustStore; |
255 | |
try |
256 | |
{ |
257 | 0 | trustStore = KeyStore.getInstance(trustStoreType); |
258 | 0 | InputStream is = IOUtils.getResourceAsStream(trustStoreName, getClass()); |
259 | 0 | if (null == is) |
260 | |
{ |
261 | 0 | throw new FileNotFoundException( |
262 | |
"Failed to load truststore from classpath or local file: " + trustStoreName); |
263 | |
} |
264 | 0 | trustStore.load(is, trustStorePassword.toCharArray()); |
265 | |
} |
266 | 0 | catch (Exception e) |
267 | |
{ |
268 | 0 | throw new CreateException( |
269 | |
CoreMessages.failedToLoad("TrustStore: " + trustStoreName), e, this); |
270 | 0 | } |
271 | |
|
272 | |
try |
273 | |
{ |
274 | 0 | trustManagerFactory = TrustManagerFactory.getInstance(trustManagerAlgorithm); |
275 | 0 | trustManagerFactory.init(trustStore); |
276 | |
} |
277 | 0 | catch (Exception e) |
278 | |
{ |
279 | 0 | throw new CreateException( |
280 | |
CoreMessages.failedToLoad("Trust Manager (" + trustManagerAlgorithm + ")"), e, this); |
281 | 0 | } |
282 | |
} |
283 | 6 | } |
284 | |
|
285 | |
|
286 | |
private static void assertNotNull(Object value, String message) |
287 | |
{ |
288 | 46 | if (null == value) |
289 | |
{ |
290 | 4 | throw new IllegalArgumentException(message); |
291 | |
} |
292 | 42 | } |
293 | |
|
294 | |
private static String defaultForNull(String value, String deflt) |
295 | |
{ |
296 | 2 | if (null == value) |
297 | |
{ |
298 | 0 | return deflt; |
299 | |
} |
300 | |
else |
301 | |
{ |
302 | 2 | return value; |
303 | |
} |
304 | |
} |
305 | |
|
306 | |
|
307 | |
public SSLSocketFactory getSocketFactory() throws NoSuchAlgorithmException, KeyManagementException |
308 | |
{ |
309 | 4 | return getSslContext().getSocketFactory(); |
310 | |
} |
311 | |
|
312 | |
public SSLServerSocketFactory getServerSocketFactory() |
313 | |
throws NoSuchAlgorithmException, KeyManagementException |
314 | |
{ |
315 | 0 | return getSslContext().getServerSocketFactory(); |
316 | |
} |
317 | |
|
318 | |
public SSLContext getSslContext() throws NoSuchAlgorithmException, KeyManagementException |
319 | |
{ |
320 | 4 | KeyManager[] keyManagers = |
321 | |
null == getKeyManagerFactory() ? null : getKeyManagerFactory().getKeyManagers(); |
322 | 4 | TrustManager[] trustManagers = |
323 | |
null == getTrustManagerFactory() ? null : getTrustManagerFactory().getTrustManagers(); |
324 | |
|
325 | 4 | SSLContext context = SSLContext.getInstance(getSslType()); |
326 | |
|
327 | 4 | context.init(keyManagers, trustManagers, null); |
328 | 4 | return context; |
329 | |
} |
330 | |
|
331 | |
|
332 | |
public String getSslType() |
333 | |
{ |
334 | 4 | return sslType; |
335 | |
} |
336 | |
|
337 | |
public void setSslType(String sslType) |
338 | |
{ |
339 | 0 | this.sslType = sslType; |
340 | 0 | } |
341 | |
|
342 | |
public Provider getProvider() |
343 | |
{ |
344 | 12 | return provider; |
345 | |
} |
346 | |
|
347 | |
public void setProvider(Provider provider) |
348 | |
{ |
349 | 0 | this.provider = provider; |
350 | 0 | } |
351 | |
|
352 | |
public String getProtocolHandler() |
353 | |
{ |
354 | 0 | return protocolHandler; |
355 | |
} |
356 | |
|
357 | |
public void setProtocolHandler(String protocolHandler) |
358 | |
{ |
359 | 0 | this.protocolHandler = protocolHandler; |
360 | 0 | } |
361 | |
|
362 | |
public SecurityProviderFactory getSecurityProviderFactory() |
363 | |
{ |
364 | 0 | return spFactory; |
365 | |
} |
366 | |
|
367 | |
public void setSecurityProviderFactory(SecurityProviderFactory spFactory) |
368 | |
{ |
369 | 0 | this.spFactory = spFactory; |
370 | 0 | } |
371 | |
|
372 | |
|
373 | |
|
374 | |
public String getKeyStore() |
375 | |
{ |
376 | 12 | return keyStoreName; |
377 | |
} |
378 | |
|
379 | |
public void setKeyStore(String name) throws IOException |
380 | |
{ |
381 | 8 | keyStoreName = name; |
382 | 8 | if (null != keyStoreName) |
383 | |
{ |
384 | 8 | keyStoreName = FileUtils.getResourcePath(keyStoreName, getClass()); |
385 | 8 | if (logger.isDebugEnabled()) |
386 | |
{ |
387 | 0 | logger.debug("Normalised keyStore path to: " + keyStoreName); |
388 | |
} |
389 | |
} |
390 | 8 | } |
391 | |
|
392 | |
public String getKeyPassword() |
393 | |
{ |
394 | 10 | return keyPassword; |
395 | |
} |
396 | |
|
397 | |
public void setKeyPassword(String keyPassword) |
398 | |
{ |
399 | 6 | this.keyPassword = keyPassword; |
400 | 6 | } |
401 | |
|
402 | |
public String getKeyStorePassword() |
403 | |
{ |
404 | 10 | return keyStorePassword; |
405 | |
} |
406 | |
|
407 | |
public void setKeyStorePassword(String storePassword) |
408 | |
{ |
409 | 8 | this.keyStorePassword = storePassword; |
410 | 8 | } |
411 | |
|
412 | |
public String getKeyStoreType() |
413 | |
{ |
414 | 2 | return keystoreType; |
415 | |
} |
416 | |
|
417 | |
public void setKeyStoreType(String keystoreType) |
418 | |
{ |
419 | 2 | this.keystoreType = keystoreType; |
420 | 2 | } |
421 | |
|
422 | |
public String getKeyManagerAlgorithm() |
423 | |
{ |
424 | 10 | return keyManagerAlgorithm; |
425 | |
} |
426 | |
|
427 | |
public void setKeyManagerAlgorithm(String keyManagerAlgorithm) |
428 | |
{ |
429 | 0 | this.keyManagerAlgorithm = keyManagerAlgorithm; |
430 | 0 | } |
431 | |
|
432 | |
public KeyManagerFactory getKeyManagerFactory() |
433 | |
{ |
434 | 6 | return keyManagerFactory; |
435 | |
} |
436 | |
|
437 | |
|
438 | |
|
439 | |
public String getClientKeyStore() |
440 | |
{ |
441 | 12 | return clientKeyStoreName; |
442 | |
} |
443 | |
|
444 | |
public void setClientKeyStore(String name) throws IOException |
445 | |
{ |
446 | 0 | clientKeyStoreName = name; |
447 | 0 | if (null != clientKeyStoreName) |
448 | |
{ |
449 | 0 | clientKeyStoreName = FileUtils.getResourcePath(clientKeyStoreName, getClass()); |
450 | 0 | if (logger.isDebugEnabled()) |
451 | |
{ |
452 | 0 | logger.debug("Normalised clientKeyStore path to: " + clientKeyStoreName); |
453 | |
} |
454 | |
} |
455 | 0 | } |
456 | |
|
457 | |
public String getClientKeyStorePassword() |
458 | |
{ |
459 | 6 | return clientKeyStorePassword; |
460 | |
} |
461 | |
|
462 | |
public void setClientKeyStorePassword(String clientKeyStorePassword) |
463 | |
{ |
464 | 0 | this.clientKeyStorePassword = clientKeyStorePassword; |
465 | 0 | } |
466 | |
|
467 | |
public void setClientKeyStoreType(String clientKeyStoreType) |
468 | |
{ |
469 | 0 | this.clientKeyStoreType = clientKeyStoreType; |
470 | 0 | } |
471 | |
|
472 | |
public String getClientKeyStoreType() |
473 | |
{ |
474 | 0 | return clientKeyStoreType; |
475 | |
} |
476 | |
|
477 | |
|
478 | |
|
479 | |
public String getTrustStore() |
480 | |
{ |
481 | 8 | return trustStoreName; |
482 | |
} |
483 | |
|
484 | |
public void setTrustStore(String name) throws IOException |
485 | |
{ |
486 | 2 | trustStoreName = name; |
487 | 2 | if (null != trustStoreName) |
488 | |
{ |
489 | 0 | trustStoreName = FileUtils.getResourcePath(trustStoreName, getClass()); |
490 | 0 | if (logger.isDebugEnabled()) |
491 | |
{ |
492 | 0 | logger.debug("Normalised trustStore path to: " + trustStoreName); |
493 | |
} |
494 | |
} |
495 | 2 | } |
496 | |
|
497 | |
public String getTrustStorePassword() |
498 | |
{ |
499 | 8 | return trustStorePassword; |
500 | |
} |
501 | |
|
502 | |
public void setTrustStorePassword(String trustStorePassword) |
503 | |
{ |
504 | 2 | this.trustStorePassword = trustStorePassword; |
505 | 2 | } |
506 | |
|
507 | |
public String getTrustStoreType() |
508 | |
{ |
509 | 2 | return trustStoreType; |
510 | |
} |
511 | |
|
512 | |
public void setTrustStoreType(String trustStoreType) |
513 | |
{ |
514 | 2 | this.trustStoreType = trustStoreType; |
515 | 2 | } |
516 | |
|
517 | |
public String getTrustManagerAlgorithm() |
518 | |
{ |
519 | 2 | return trustManagerAlgorithm; |
520 | |
} |
521 | |
|
522 | |
public void setTrustManagerAlgorithm(String trustManagerAlgorithm) |
523 | |
{ |
524 | 2 | this.trustManagerAlgorithm = defaultForNull(trustManagerAlgorithm, spInfo.getKeyManagerAlgorithm()); |
525 | 2 | } |
526 | |
|
527 | |
public TrustManagerFactory getTrustManagerFactory() |
528 | |
{ |
529 | 4 | return trustManagerFactory; |
530 | |
} |
531 | |
|
532 | |
public void setTrustManagerFactory(TrustManagerFactory trustManagerFactory) |
533 | |
{ |
534 | 0 | this.trustManagerFactory = trustManagerFactory; |
535 | 0 | } |
536 | |
|
537 | |
public boolean isExplicitTrustStoreOnly() |
538 | |
{ |
539 | 6 | return explicitTrustStoreOnly; |
540 | |
} |
541 | |
|
542 | |
public void setExplicitTrustStoreOnly(boolean explicitTrustStoreOnly) |
543 | |
{ |
544 | 0 | this.explicitTrustStoreOnly = explicitTrustStoreOnly; |
545 | 0 | } |
546 | |
|
547 | |
public boolean isRequireClientAuthentication() |
548 | |
{ |
549 | 0 | return requireClientAuthentication; |
550 | |
} |
551 | |
|
552 | |
public void setRequireClientAuthentication(boolean requireClientAuthentication) |
553 | |
{ |
554 | 0 | this.requireClientAuthentication = requireClientAuthentication; |
555 | 0 | } |
556 | |
|
557 | |
} |
558 | |
|
559 | |
|