Coverage Report - org.mule.module.pgp.filters.PGPSecurityFilter
 
Classes in this File Line Coverage Branch Coverage Complexity
PGPSecurityFilter
0%
0/66
0%
0/14
0
 
 1  
 /*
 2  
  * $Id: PGPSecurityFilter.java 19191 2010-08-25 21:05:23Z tcarlson $
 3  
  * --------------------------------------------------------------------------------------
 4  
  * Copyright (c) MuleSoft, Inc.  All rights reserved.  http://www.mulesoft.com
 5  
  *
 6  
  * The software in this package is published under the terms of the CPAL v1.0
 7  
  * license, a copy of which has been included with this distribution in the
 8  
  * LICENSE.txt file.
 9  
  */
 10  
 
 11  
 package org.mule.module.pgp.filters;
 12  
 
 13  
 import org.mule.api.EncryptionStrategy;
 14  
 import org.mule.api.MuleEvent;
 15  
 import org.mule.api.MuleMessage;
 16  
 import org.mule.api.lifecycle.InitialisationException;
 17  
 import org.mule.api.security.Authentication;
 18  
 import org.mule.api.security.SecurityContext;
 19  
 import org.mule.api.security.UnauthorisedException;
 20  
 import org.mule.api.security.UnknownAuthenticationTypeException;
 21  
 import org.mule.config.i18n.CoreMessages;
 22  
 import org.mule.module.pgp.PGPAuthentication;
 23  
 import org.mule.module.pgp.PGPCryptInfo;
 24  
 import org.mule.module.pgp.PGPKeyRing;
 25  
 import org.mule.module.pgp.i18n.PGPMessages;
 26  
 import org.mule.security.AbstractEndpointSecurityFilter;
 27  
 
 28  
 import cryptix.message.LiteralMessage;
 29  
 import cryptix.message.Message;
 30  
 import cryptix.message.MessageFactory;
 31  
 import cryptix.message.SignedMessage;
 32  
 import cryptix.pki.KeyBundle;
 33  
 
 34  
 import java.io.ByteArrayInputStream;
 35  
 import java.util.Collection;
 36  
 
 37  
 import org.apache.commons.logging.Log;
 38  
 import org.apache.commons.logging.LogFactory;
 39  
 
 40  0
 public class PGPSecurityFilter extends AbstractEndpointSecurityFilter
 41  
 {
 42  
     /**
 43  
      * logger used by this class
 44  
      */
 45  0
     protected static final Log logger = LogFactory.getLog(PGPSecurityFilter.class);
 46  
 
 47  
     private EncryptionStrategy strategy;
 48  
 
 49  
     private String strategyName;
 50  
 
 51  
     private boolean signRequired;
 52  
 
 53  
     private PGPKeyRing keyManager;
 54  
 
 55  
     @Override
 56  
     protected void authenticateInbound(MuleEvent event)
 57  
         throws SecurityException, UnauthorisedException, UnknownAuthenticationTypeException
 58  
     {
 59  0
         MuleMessage message = event.getMessage();
 60  
 
 61  0
         String userId = (String)getCredentialsAccessor().getCredentials(event);
 62  
 
 63  0
         byte[] creds = null;
 64  
         try
 65  
         {
 66  0
             creds = message.getPayloadAsBytes();
 67  0
             creds = strategy.decrypt(creds, null);
 68  
         }
 69  0
         catch (Exception e1)
 70  
         {
 71  0
             throw new UnauthorisedException(CoreMessages.failedToReadPayload(), event, e1);
 72  0
         }
 73  
 
 74  
         Authentication authentication;
 75  
         try
 76  
         {
 77  0
             authentication = new PGPAuthentication(userId, decodeMsgRaw(creds));
 78  
         }
 79  0
         catch (Exception e1)
 80  
         {
 81  0
             throw new UnauthorisedException(CoreMessages.failedToReadPayload(), event, e1);
 82  0
         }
 83  
 
 84  
         final Authentication authResult;
 85  
         try
 86  
         {
 87  0
             authResult = getSecurityManager().authenticate(authentication);
 88  
         }
 89  0
         catch (Exception e)
 90  
         {
 91  
             // Authentication failed
 92  0
             if (logger.isDebugEnabled())
 93  
             {
 94  0
                 logger.debug("Authentication request for user: " + userId + " failed: " + e.toString());
 95  
             }
 96  
 
 97  0
             throw new UnauthorisedException(CoreMessages.authFailedForUser(userId), event, e);
 98  0
         }
 99  
 
 100  
         // Authentication success
 101  0
         if (logger.isDebugEnabled())
 102  
         {
 103  0
             logger.debug("Authentication success: " + authResult.toString());
 104  
         }
 105  
 
 106  0
         SecurityContext context = getSecurityManager().createSecurityContext(authResult);
 107  0
         event.getSession().setSecurityContext(context);
 108  
 
 109  
         try
 110  
         {
 111  0
             updatePayload(message, getUnencryptedMessageWithoutSignature((PGPAuthentication)authResult), event);
 112  
 //            TODO RequestContext.rewriteEvent(new DefaultMuleMessage(
 113  
 //                getUnencryptedMessageWithoutSignature((PGPAuthentication)authResult)));
 114  
         }
 115  0
         catch (Exception e2)
 116  
         {
 117  0
             throw new UnauthorisedException(event, context, event.getEndpoint(), this);
 118  0
         }
 119  0
     }
 120  
 
 121  
     private Message decodeMsgRaw(byte[] raw) throws Exception
 122  
     {
 123  0
         MessageFactory mf = MessageFactory.getInstance("OpenPGP");
 124  
 
 125  0
         ByteArrayInputStream in = new ByteArrayInputStream(raw);
 126  
 
 127  0
         Collection msgs = mf.generateMessages(in);
 128  
 
 129  0
         return (Message)msgs.iterator().next();
 130  
     }
 131  
 
 132  
     private String getUnencryptedMessageWithoutSignature(PGPAuthentication auth) throws Exception
 133  
     {
 134  0
         Message msg = (Message)auth.getCredentials();
 135  
 
 136  0
         if (msg instanceof SignedMessage)
 137  
         {
 138  0
             msg = ((SignedMessage)msg).getContents();
 139  
         }
 140  
 
 141  0
         if (msg instanceof LiteralMessage)
 142  
         {
 143  0
             return ((LiteralMessage)msg).getTextData();
 144  
         }
 145  
         else
 146  
         {
 147  0
             throw new Exception("Wrong data");
 148  
         }
 149  
     }
 150  
 
 151  
     @Override
 152  
     protected void authenticateOutbound(MuleEvent event) throws SecurityException, UnauthorisedException
 153  
     {
 154  0
         logger.debug("authenticateOutbound:" + event.getId());
 155  
 
 156  0
         if (!isAuthenticate())
 157  
         {
 158  0
             return;
 159  
         }
 160  
 
 161  0
         MuleMessage message = event.getMessage();
 162  
 
 163  0
         KeyBundle userKeyBundle = keyManager.getKeyBundle((String)getCredentialsAccessor().getCredentials(
 164  
             event));
 165  
 
 166  0
         final PGPCryptInfo cryptInfo = new PGPCryptInfo(userKeyBundle, signRequired);
 167  
 
 168  
         try
 169  
         {
 170  0
             updatePayload(event.getMessage(), strategy.encrypt(message.getPayloadAsBytes(), cryptInfo), event);
 171  
         }
 172  0
         catch (Exception e1)
 173  
         {
 174  0
             throw new UnauthorisedException(CoreMessages.failedToReadPayload(), event, e1);
 175  0
         }
 176  0
     }
 177  
 
 178  
     @Override
 179  
     protected void doInitialise() throws InitialisationException
 180  
     {
 181  0
         if (strategyName != null)
 182  
         {
 183  0
             strategy = endpoint.getMuleContext().getSecurityManager().getEncryptionStrategy(strategyName);
 184  
         }
 185  
 
 186  0
         if (strategy == null)
 187  
         {
 188  0
             throw new InitialisationException(PGPMessages.encryptionStrategyNotSet(), this);
 189  
         }
 190  0
     }
 191  
 
 192  
     public EncryptionStrategy getStrategy()
 193  
     {
 194  0
         return strategy;
 195  
     }
 196  
 
 197  
     public void setStrategy(EncryptionStrategy strategy)
 198  
     {
 199  0
         this.strategy = strategy;
 200  0
     }
 201  
 
 202  
     public void setStrategyName(String name)
 203  
     {
 204  0
         strategyName = name;
 205  0
     }
 206  
 
 207  
     public boolean isSignRequired()
 208  
     {
 209  0
         return signRequired;
 210  
     }
 211  
 
 212  
     public void setSignRequired(boolean signRequired)
 213  
     {
 214  0
         this.signRequired = signRequired;
 215  0
     }
 216  
 
 217  
     public PGPKeyRing getKeyManager()
 218  
     {
 219  0
         return keyManager;
 220  
     }
 221  
 
 222  
     public void setKeyManager(PGPKeyRing keyManager)
 223  
     {
 224  0
         this.keyManager = keyManager;
 225  0
     }
 226  
 }