1
2
3
4
5
6
7
8
9
10
11 package org.mule.api.security.tls;
12
13 import org.mule.api.lifecycle.CreateException;
14 import org.mule.api.security.TlsDirectKeyStore;
15 import org.mule.api.security.TlsDirectTrustStore;
16 import org.mule.api.security.TlsIndirectKeyStore;
17 import org.mule.api.security.TlsProtocolHandler;
18 import org.mule.api.security.provider.AutoDiscoverySecurityProviderFactory;
19 import org.mule.api.security.provider.SecurityProviderFactory;
20 import org.mule.api.security.provider.SecurityProviderInfo;
21 import org.mule.config.i18n.CoreMessages;
22 import org.mule.util.FileUtils;
23 import org.mule.util.IOUtils;
24
25 import java.io.FileNotFoundException;
26 import java.io.IOException;
27 import java.io.InputStream;
28 import java.security.KeyManagementException;
29 import java.security.KeyStore;
30 import java.security.NoSuchAlgorithmException;
31 import java.security.Provider;
32 import java.security.Security;
33
34 import javax.net.ssl.KeyManager;
35 import javax.net.ssl.KeyManagerFactory;
36 import javax.net.ssl.SSLContext;
37 import javax.net.ssl.SSLServerSocketFactory;
38 import javax.net.ssl.SSLSocketFactory;
39 import javax.net.ssl.TrustManager;
40 import javax.net.ssl.TrustManagerFactory;
41
42 import org.apache.commons.logging.Log;
43 import org.apache.commons.logging.LogFactory;
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112 public final class TlsConfiguration
113 implements TlsDirectTrustStore, TlsDirectKeyStore, TlsIndirectKeyStore, TlsProtocolHandler
114 {
115
116 public static final String DEFAULT_KEYSTORE = ".keystore";
117 public static final String DEFAULT_KEYSTORE_TYPE = KeyStore.getDefaultType();
118 public static final String DEFAULT_SSL_TYPE = "SSLv3";
119 public static final String JSSE_NAMESPACE = "javax.net";
120
121 private Log logger = LogFactory.getLog(getClass());
122
123 private SecurityProviderFactory spFactory = new AutoDiscoverySecurityProviderFactory();
124 private SecurityProviderInfo spInfo = spFactory.getSecurityProviderInfo();
125 private Provider provider = spFactory.getProvider();
126 private String sslType = DEFAULT_SSL_TYPE;
127
128
129 private String protocolHandler = spInfo.getProtocolHandler();
130
131
132
133 private String keyStoreName = DEFAULT_KEYSTORE;
134 private String keyPassword = null;
135 private String keyStorePassword = null;
136 private String keystoreType = DEFAULT_KEYSTORE_TYPE;
137 private String keyManagerAlgorithm = spInfo.getKeyManagerAlgorithm();
138 private KeyManagerFactory keyManagerFactory = null;
139
140
141
142
143
144
145 private String clientKeyStoreName = null;
146 private String clientKeyStorePassword = null;
147 private String clientKeyStoreType = DEFAULT_KEYSTORE_TYPE;
148
149
150
151 private String trustStoreName = null;
152 private String trustStorePassword = null;
153 private String trustStoreType = DEFAULT_KEYSTORE_TYPE;
154 private String trustManagerAlgorithm = spInfo.getKeyManagerAlgorithm();
155 private TrustManagerFactory trustManagerFactory = null;
156 private boolean explicitTrustStoreOnly = false;
157 private boolean requireClientAuthentication = false;
158
159
160
161
162
163
164
165 public TlsConfiguration(String keyStore)
166 {
167 this.keyStoreName = keyStore;
168 }
169
170
171
172
173
174
175
176
177
178
179 public void initialise(boolean anon, String namespace) throws CreateException
180 {
181 if (logger.isDebugEnabled())
182 {
183 logger.debug("initialising: anon " + anon);
184 }
185 validate(anon);
186
187 Security.addProvider(provider);
188 System.setProperty("java.protocol.handler.pkgs", protocolHandler);
189
190 if (!anon)
191 {
192 initKeyManagerFactory();
193 }
194 initTrustManagerFactory();
195
196 if (null != namespace)
197 {
198 new TlsPropertiesMapper(namespace).writeToProperties(System.getProperties(), this);
199 }
200 }
201
202 private void validate(boolean anon) throws CreateException
203 {
204 assertNotNull(getProvider(), "The security provider cannot be null");
205 if (!anon)
206 {
207 assertNotNull(getKeyStore(), "The KeyStore location cannot be null");
208 assertNotNull(getKeyPassword(), "The Key password cannot be null");
209 assertNotNull(getKeyStorePassword(), "The KeyStore password cannot be null");
210 assertNotNull(getKeyManagerAlgorithm(), "The Key Manager Algorithm cannot be null");
211 }
212 }
213
214 private void initKeyManagerFactory() throws CreateException
215 {
216 if (logger.isDebugEnabled())
217 {
218 logger.debug("initialising key manager factory from keystore data");
219 }
220 KeyStore tempKeyStore;
221 try
222 {
223 tempKeyStore = KeyStore.getInstance(keystoreType);
224 InputStream is = IOUtils.getResourceAsStream(keyStoreName, getClass());
225 if (null == is)
226 {
227 throw new FileNotFoundException(
228 CoreMessages.cannotLoadFromClasspath("Keystore: " + keyStoreName).getMessage());
229 }
230 tempKeyStore.load(is, keyStorePassword.toCharArray());
231 }
232 catch (Exception e)
233 {
234 throw new CreateException(
235 CoreMessages.failedToLoad("KeyStore: " + keyStoreName), e, this);
236 }
237 try
238 {
239 keyManagerFactory = KeyManagerFactory.getInstance(getKeyManagerAlgorithm());
240 keyManagerFactory.init(tempKeyStore, keyPassword.toCharArray());
241 }
242 catch (Exception e)
243 {
244 throw new CreateException(CoreMessages.failedToLoad("Key Manager"), e, this);
245 }
246 }
247
248 private void initTrustManagerFactory() throws CreateException
249 {
250 if (null != trustStoreName)
251 {
252 trustStorePassword = null == trustStorePassword ? "" : trustStorePassword;
253
254 KeyStore trustStore;
255 try
256 {
257 trustStore = KeyStore.getInstance(trustStoreType);
258 InputStream is = IOUtils.getResourceAsStream(trustStoreName, getClass());
259 if (null == is)
260 {
261 throw new FileNotFoundException(
262 "Failed to load truststore from classpath or local file: " + trustStoreName);
263 }
264 trustStore.load(is, trustStorePassword.toCharArray());
265 }
266 catch (Exception e)
267 {
268 throw new CreateException(
269 CoreMessages.failedToLoad("TrustStore: " + trustStoreName), e, this);
270 }
271
272 try
273 {
274 trustManagerFactory = TrustManagerFactory.getInstance(trustManagerAlgorithm);
275 trustManagerFactory.init(trustStore);
276 }
277 catch (Exception e)
278 {
279 throw new CreateException(
280 CoreMessages.failedToLoad("Trust Manager (" + trustManagerAlgorithm + ")"), e, this);
281 }
282 }
283 }
284
285
286 private static void assertNotNull(Object value, String message)
287 {
288 if (null == value)
289 {
290 throw new IllegalArgumentException(message);
291 }
292 }
293
294 private static String defaultForNull(String value, String deflt)
295 {
296 if (null == value)
297 {
298 return deflt;
299 }
300 else
301 {
302 return value;
303 }
304 }
305
306
307 public SSLSocketFactory getSocketFactory() throws NoSuchAlgorithmException, KeyManagementException
308 {
309 return getSslContext().getSocketFactory();
310 }
311
312 public SSLServerSocketFactory getServerSocketFactory()
313 throws NoSuchAlgorithmException, KeyManagementException
314 {
315 return getSslContext().getServerSocketFactory();
316 }
317
318 public SSLContext getSslContext() throws NoSuchAlgorithmException, KeyManagementException
319 {
320 KeyManager[] keyManagers =
321 null == getKeyManagerFactory() ? null : getKeyManagerFactory().getKeyManagers();
322 TrustManager[] trustManagers =
323 null == getTrustManagerFactory() ? null : getTrustManagerFactory().getTrustManagers();
324
325 SSLContext context = SSLContext.getInstance(getSslType());
326
327 context.init(keyManagers, trustManagers, null);
328 return context;
329 }
330
331
332 public String getSslType()
333 {
334 return sslType;
335 }
336
337 public void setSslType(String sslType)
338 {
339 this.sslType = sslType;
340 }
341
342 public Provider getProvider()
343 {
344 return provider;
345 }
346
347 public void setProvider(Provider provider)
348 {
349 this.provider = provider;
350 }
351
352 public String getProtocolHandler()
353 {
354 return protocolHandler;
355 }
356
357 public void setProtocolHandler(String protocolHandler)
358 {
359 this.protocolHandler = protocolHandler;
360 }
361
362 public SecurityProviderFactory getSecurityProviderFactory()
363 {
364 return spFactory;
365 }
366
367 public void setSecurityProviderFactory(SecurityProviderFactory spFactory)
368 {
369 this.spFactory = spFactory;
370 }
371
372
373
374 public String getKeyStore()
375 {
376 return keyStoreName;
377 }
378
379 public void setKeyStore(String name) throws IOException
380 {
381 keyStoreName = name;
382 if (null != keyStoreName)
383 {
384 keyStoreName = FileUtils.getResourcePath(keyStoreName, getClass());
385 if (logger.isDebugEnabled())
386 {
387 logger.debug("Normalised keyStore path to: " + keyStoreName);
388 }
389 }
390 }
391
392 public String getKeyPassword()
393 {
394 return keyPassword;
395 }
396
397 public void setKeyPassword(String keyPassword)
398 {
399 this.keyPassword = keyPassword;
400 }
401
402 public String getKeyStorePassword()
403 {
404 return keyStorePassword;
405 }
406
407 public void setKeyStorePassword(String storePassword)
408 {
409 this.keyStorePassword = storePassword;
410 }
411
412 public String getKeyStoreType()
413 {
414 return keystoreType;
415 }
416
417 public void setKeyStoreType(String keystoreType)
418 {
419 this.keystoreType = keystoreType;
420 }
421
422 public String getKeyManagerAlgorithm()
423 {
424 return keyManagerAlgorithm;
425 }
426
427 public void setKeyManagerAlgorithm(String keyManagerAlgorithm)
428 {
429 this.keyManagerAlgorithm = keyManagerAlgorithm;
430 }
431
432 public KeyManagerFactory getKeyManagerFactory()
433 {
434 return keyManagerFactory;
435 }
436
437
438
439 public String getClientKeyStore()
440 {
441 return clientKeyStoreName;
442 }
443
444 public void setClientKeyStore(String name) throws IOException
445 {
446 clientKeyStoreName = name;
447 if (null != clientKeyStoreName)
448 {
449 clientKeyStoreName = FileUtils.getResourcePath(clientKeyStoreName, getClass());
450 if (logger.isDebugEnabled())
451 {
452 logger.debug("Normalised clientKeyStore path to: " + clientKeyStoreName);
453 }
454 }
455 }
456
457 public String getClientKeyStorePassword()
458 {
459 return clientKeyStorePassword;
460 }
461
462 public void setClientKeyStorePassword(String clientKeyStorePassword)
463 {
464 this.clientKeyStorePassword = clientKeyStorePassword;
465 }
466
467 public void setClientKeyStoreType(String clientKeyStoreType)
468 {
469 this.clientKeyStoreType = clientKeyStoreType;
470 }
471
472 public String getClientKeyStoreType()
473 {
474 return clientKeyStoreType;
475 }
476
477
478
479 public String getTrustStore()
480 {
481 return trustStoreName;
482 }
483
484 public void setTrustStore(String name) throws IOException
485 {
486 trustStoreName = name;
487 if (null != trustStoreName)
488 {
489 trustStoreName = FileUtils.getResourcePath(trustStoreName, getClass());
490 if (logger.isDebugEnabled())
491 {
492 logger.debug("Normalised trustStore path to: " + trustStoreName);
493 }
494 }
495 }
496
497 public String getTrustStorePassword()
498 {
499 return trustStorePassword;
500 }
501
502 public void setTrustStorePassword(String trustStorePassword)
503 {
504 this.trustStorePassword = trustStorePassword;
505 }
506
507 public String getTrustStoreType()
508 {
509 return trustStoreType;
510 }
511
512 public void setTrustStoreType(String trustStoreType)
513 {
514 this.trustStoreType = trustStoreType;
515 }
516
517 public String getTrustManagerAlgorithm()
518 {
519 return trustManagerAlgorithm;
520 }
521
522 public void setTrustManagerAlgorithm(String trustManagerAlgorithm)
523 {
524 this.trustManagerAlgorithm = defaultForNull(trustManagerAlgorithm, spInfo.getKeyManagerAlgorithm());
525 }
526
527 public TrustManagerFactory getTrustManagerFactory()
528 {
529 return trustManagerFactory;
530 }
531
532 public void setTrustManagerFactory(TrustManagerFactory trustManagerFactory)
533 {
534 this.trustManagerFactory = trustManagerFactory;
535 }
536
537 public boolean isExplicitTrustStoreOnly()
538 {
539 return explicitTrustStoreOnly;
540 }
541
542 public void setExplicitTrustStoreOnly(boolean explicitTrustStoreOnly)
543 {
544 this.explicitTrustStoreOnly = explicitTrustStoreOnly;
545 }
546
547 public boolean isRequireClientAuthentication()
548 {
549 return requireClientAuthentication;
550 }
551
552 public void setRequireClientAuthentication(boolean requireClientAuthentication)
553 {
554 this.requireClientAuthentication = requireClientAuthentication;
555 }
556
557 }
558
559