1
2
3
4
5
6
7
8
9
10
11 package org.mule.module.pgp.filters;
12
13 import org.mule.api.EncryptionStrategy;
14 import org.mule.api.MuleEvent;
15 import org.mule.api.MuleMessage;
16 import org.mule.api.lifecycle.InitialisationException;
17 import org.mule.api.security.Authentication;
18 import org.mule.api.security.SecurityContext;
19 import org.mule.api.security.UnauthorisedException;
20 import org.mule.api.security.UnknownAuthenticationTypeException;
21 import org.mule.config.i18n.CoreMessages;
22 import org.mule.module.pgp.PGPAuthentication;
23 import org.mule.module.pgp.PGPCryptInfo;
24 import org.mule.module.pgp.PGPKeyRing;
25 import org.mule.module.pgp.i18n.PGPMessages;
26 import org.mule.security.AbstractEndpointSecurityFilter;
27
28 import java.io.ByteArrayInputStream;
29 import java.util.Collection;
30
31 import org.apache.commons.logging.Log;
32 import org.apache.commons.logging.LogFactory;
33
34 import cryptix.message.LiteralMessage;
35 import cryptix.message.Message;
36 import cryptix.message.MessageFactory;
37 import cryptix.message.SignedMessage;
38 import cryptix.pki.KeyBundle;
39
40 public class PGPSecurityFilter extends AbstractEndpointSecurityFilter
41 {
42
43
44
45 protected static final Log logger = LogFactory.getLog(PGPSecurityFilter.class);
46
47 private EncryptionStrategy strategy;
48
49 private String strategyName;
50
51 private boolean signRequired;
52
53 private PGPKeyRing keyManager;
54
55
56
57
58
59
60 protected void authenticateInbound(MuleEvent event)
61 throws SecurityException, UnauthorisedException, UnknownAuthenticationTypeException
62 {
63 MuleMessage message = event.getMessage();
64
65 String userId = (String)getCredentialsAccessor().getCredentials(event);
66
67 byte[] creds = null;
68
69 try
70 {
71 creds = message.getPayloadAsBytes();
72 creds = strategy.decrypt(creds, null);
73 }
74 catch (Exception e1)
75 {
76 throw new UnauthorisedException(
77 CoreMessages.failedToReadPayload(), event.getMessage(), e1);
78 }
79
80 final Authentication authResult;
81 Authentication umoAuthentication;
82
83 try
84 {
85 umoAuthentication = new PGPAuthentication(userId, decodeMsgRaw(creds));
86 }
87 catch (Exception e1)
88 {
89 throw new UnauthorisedException(
90 CoreMessages.failedToReadPayload(), event.getMessage(), e1);
91 }
92
93 try
94 {
95 authResult = getSecurityManager().authenticate(umoAuthentication);
96 }
97 catch (Exception e)
98 {
99
100 if (logger.isDebugEnabled())
101 {
102 logger.debug("Authentication request for user: " + userId + " failed: " + e.toString());
103 }
104
105 throw new UnauthorisedException(CoreMessages.authFailedForUser(userId), event.getMessage(), e);
106 }
107
108
109 if (logger.isDebugEnabled())
110 {
111 logger.debug("Authentication success: " + authResult.toString());
112 }
113
114 SecurityContext context = getSecurityManager().createSecurityContext(authResult);
115 event.getSession().setSecurityContext(context);
116
117 try
118 {
119 updatePayload(event.getMessage(), getUnencryptedMessageWithoutSignature((PGPAuthentication)authResult));
120
121
122 }
123 catch (Exception e2)
124 {
125 throw new UnauthorisedException(event.getMessage(), context, event.getEndpoint(), this);
126 }
127 }
128
129 private Message decodeMsgRaw(byte[] raw) throws Exception
130 {
131 MessageFactory mf = MessageFactory.getInstance("OpenPGP");
132
133 ByteArrayInputStream in = new ByteArrayInputStream(raw);
134
135 Collection msgs = mf.generateMessages(in);
136
137 return (Message)msgs.iterator().next();
138 }
139
140 private String getUnencryptedMessageWithoutSignature(PGPAuthentication auth) throws Exception
141 {
142 Message msg = (Message)auth.getCredentials();
143
144 if (msg instanceof SignedMessage)
145 {
146 msg = ((SignedMessage)msg).getContents();
147 }
148
149 if (msg instanceof LiteralMessage)
150 {
151 return ((LiteralMessage)msg).getTextData();
152 }
153 else
154 {
155 throw new Exception("Wrong data");
156 }
157 }
158
159
160
161
162
163
164 protected void authenticateOutbound(MuleEvent event) throws SecurityException, UnauthorisedException
165 {
166 logger.debug("authenticateOutbound:" + event.getId());
167
168 if (!isAuthenticate())
169 {
170 return;
171 }
172
173 MuleMessage message = event.getMessage();
174
175 KeyBundle userKeyBundle = keyManager.getKeyBundle((String)getCredentialsAccessor().getCredentials(
176 event));
177
178 final PGPCryptInfo cryptInfo = new PGPCryptInfo(userKeyBundle, signRequired);
179
180 try
181 {
182 updatePayload(event.getMessage(), strategy.encrypt(message.getPayloadAsBytes(), cryptInfo));
183 }
184 catch (Exception e1)
185 {
186 throw new UnauthorisedException(CoreMessages.failedToReadPayload(), event.getMessage(), e1);
187 }
188 }
189
190 protected void doInitialise() throws InitialisationException
191 {
192 if (strategyName != null)
193 {
194 strategy = endpoint.getMuleContext().getSecurityManager().getEncryptionStrategy(strategyName);
195 }
196
197 if (strategy == null)
198 {
199 throw new InitialisationException(PGPMessages.encryptionStrategyNotSet(), this);
200 }
201 }
202
203 public EncryptionStrategy getStrategy()
204 {
205 return strategy;
206 }
207
208 public void setStrategy(EncryptionStrategy strategy)
209 {
210 this.strategy = strategy;
211 }
212
213 public void setStrategyName(String name)
214 {
215 strategyName = name;
216 }
217
218 public boolean isSignRequired()
219 {
220 return signRequired;
221 }
222
223 public void setSignRequired(boolean signRequired)
224 {
225 this.signRequired = signRequired;
226 }
227
228 public PGPKeyRing getKeyManager()
229 {
230 return keyManager;
231 }
232
233 public void setKeyManager(PGPKeyRing keyManager)
234 {
235 this.keyManager = keyManager;
236 }
237 }