1 | |
|
2 | |
|
3 | |
|
4 | |
|
5 | |
|
6 | |
|
7 | |
|
8 | |
|
9 | |
|
10 | |
|
11 | |
package org.mule.module.pgp; |
12 | |
|
13 | |
import org.mule.RequestContext; |
14 | |
import org.mule.api.MuleEvent; |
15 | |
import org.mule.api.lifecycle.InitialisationException; |
16 | |
import org.mule.api.security.CredentialsAccessor; |
17 | |
import org.mule.api.security.CryptoFailureException; |
18 | |
import org.mule.config.i18n.CoreMessages; |
19 | |
import org.mule.security.AbstractNamedEncryptionStrategy; |
20 | |
|
21 | |
import cryptix.message.EncryptedMessage; |
22 | |
import cryptix.message.EncryptedMessageBuilder; |
23 | |
import cryptix.message.LiteralMessageBuilder; |
24 | |
import cryptix.message.Message; |
25 | |
import cryptix.message.MessageFactory; |
26 | |
import cryptix.message.SignedMessageBuilder; |
27 | |
import cryptix.openpgp.PGPArmouredMessage; |
28 | |
import cryptix.openpgp.PGPDetachedSignatureMessage; |
29 | |
import cryptix.openpgp.PGPSignedMessage; |
30 | |
import cryptix.openpgp.packet.PGPSignaturePacket; |
31 | |
import cryptix.openpgp.provider.PGPDetachedSignatureMessageImpl; |
32 | |
import cryptix.pki.KeyBundle; |
33 | |
|
34 | |
import java.io.ByteArrayInputStream; |
35 | |
import java.util.Collection; |
36 | |
|
37 | |
import org.apache.commons.logging.Log; |
38 | |
import org.apache.commons.logging.LogFactory; |
39 | |
|
40 | 0 | public class KeyBasedEncryptionStrategy extends AbstractNamedEncryptionStrategy |
41 | |
{ |
42 | |
|
43 | |
|
44 | |
|
45 | 0 | protected static final Log logger = LogFactory.getLog(KeyBasedEncryptionStrategy.class); |
46 | |
|
47 | |
private PGPKeyRing keyManager; |
48 | |
private CredentialsAccessor credentialsAccessor; |
49 | |
|
50 | |
public byte[] encrypt(byte[] data, Object cryptInfo) throws CryptoFailureException |
51 | |
{ |
52 | |
try |
53 | |
{ |
54 | |
PGPCryptInfo pgpCryptInfo; |
55 | |
KeyBundle publicKey; |
56 | |
|
57 | 0 | if (cryptInfo == null) |
58 | |
{ |
59 | 0 | MuleEvent event = RequestContext.getEvent(); |
60 | 0 | publicKey = keyManager.getKeyBundle((String)credentialsAccessor.getCredentials( |
61 | |
event)); |
62 | |
|
63 | 0 | pgpCryptInfo = new PGPCryptInfo(publicKey, false); |
64 | 0 | } |
65 | |
else |
66 | |
{ |
67 | 0 | pgpCryptInfo = (PGPCryptInfo)cryptInfo; |
68 | 0 | publicKey = pgpCryptInfo.getKeyBundle(); |
69 | |
} |
70 | |
|
71 | 0 | LiteralMessageBuilder lmb = LiteralMessageBuilder.getInstance("OpenPGP"); |
72 | |
|
73 | 0 | lmb.init(data); |
74 | |
|
75 | 0 | Message msg = lmb.build(); |
76 | |
|
77 | 0 | if (pgpCryptInfo.isSignRequested()) |
78 | |
{ |
79 | 0 | SignedMessageBuilder smb = SignedMessageBuilder.getInstance("OpenPGP"); |
80 | |
|
81 | 0 | smb.init(msg); |
82 | 0 | smb.addSigner(keyManager.getSecretKeyBundle(), keyManager.getSecretPassphrase().toCharArray()); |
83 | |
|
84 | 0 | msg = smb.build(); |
85 | |
} |
86 | |
|
87 | 0 | EncryptedMessageBuilder emb = EncryptedMessageBuilder.getInstance("OpenPGP"); |
88 | 0 | emb.init(msg); |
89 | 0 | emb.addRecipient(publicKey); |
90 | 0 | msg = emb.build(); |
91 | |
|
92 | 0 | return new PGPArmouredMessage(msg).getEncoded(); |
93 | |
} |
94 | 0 | catch (Exception e) |
95 | |
{ |
96 | 0 | throw new CryptoFailureException(this, e); |
97 | |
} |
98 | |
} |
99 | |
|
100 | |
public byte[] decrypt(byte[] data, Object cryptInfo) throws CryptoFailureException |
101 | |
{ |
102 | |
try |
103 | |
{ |
104 | 0 | ByteArrayInputStream in = new ByteArrayInputStream(data); |
105 | 0 | MessageFactory mf = MessageFactory.getInstance("OpenPGP"); |
106 | 0 | Collection<?> msgs = mf.generateMessages(in); |
107 | 0 | Message msg = (Message) msgs.iterator().next(); |
108 | |
|
109 | 0 | if (msg instanceof EncryptedMessage) |
110 | |
{ |
111 | 0 | EncryptedMessage encryptedMessage = (EncryptedMessage) msg; |
112 | 0 | KeyBundle secretKeyBundle = keyManager.getSecretKeyBundle(); |
113 | 0 | char[] passphrase = keyManager.getSecretPassphrase().toCharArray(); |
114 | 0 | msg = encryptedMessage.decrypt(secretKeyBundle, passphrase); |
115 | |
|
116 | 0 | applyStrongEncryptionWorkaround(msg); |
117 | |
|
118 | 0 | return new PGPArmouredMessage(msg).getEncoded(); |
119 | |
} |
120 | |
} |
121 | 0 | catch (Exception e) |
122 | |
{ |
123 | 0 | throw new CryptoFailureException(this, e); |
124 | 0 | } |
125 | |
|
126 | 0 | return data; |
127 | |
} |
128 | |
|
129 | |
|
130 | |
|
131 | |
private void applyStrongEncryptionWorkaround(Message msg) throws Exception |
132 | |
{ |
133 | 0 | if (msg instanceof PGPSignedMessage) |
134 | |
{ |
135 | 0 | PGPSignedMessage signedMessage = (PGPSignedMessage) msg; |
136 | |
|
137 | 0 | PGPDetachedSignatureMessage signature = signedMessage.getDetachedSignature(); |
138 | 0 | if (signature instanceof PGPDetachedSignatureMessageImpl) |
139 | |
{ |
140 | 0 | PGPDetachedSignatureMessageImpl signatureImpl = |
141 | |
(PGPDetachedSignatureMessageImpl) signature; |
142 | 0 | PGPSignaturePacket packet = signatureImpl.getPacket(); |
143 | 0 | if (packet.getVersion() == 4) |
144 | |
{ |
145 | 0 | packet.parseSignatureSubPackets(); |
146 | |
} |
147 | |
} |
148 | |
} |
149 | 0 | } |
150 | |
|
151 | |
public void initialise() throws InitialisationException |
152 | |
{ |
153 | |
try |
154 | |
{ |
155 | 0 | java.security.Security.addProvider(new cryptix.jce.provider.CryptixCrypto()); |
156 | 0 | java.security.Security.addProvider(new cryptix.openpgp.provider.CryptixOpenPGP()); |
157 | |
} |
158 | 0 | catch (Exception e) |
159 | |
{ |
160 | 0 | throw new InitialisationException( |
161 | |
CoreMessages.failedToCreate("KeyBasedEncryptionStrategy"), e, this); |
162 | 0 | } |
163 | 0 | } |
164 | |
|
165 | |
public PGPKeyRing getKeyManager() |
166 | |
{ |
167 | 0 | return keyManager; |
168 | |
} |
169 | |
|
170 | |
public void setKeyManager(PGPKeyRing keyManager) |
171 | |
{ |
172 | 0 | this.keyManager = keyManager; |
173 | 0 | } |
174 | |
|
175 | |
public CredentialsAccessor getCredentialsAccessor() { |
176 | 0 | return credentialsAccessor; |
177 | |
} |
178 | |
|
179 | |
public void setCredentialsAccessor(CredentialsAccessor credentialsAccessor) { |
180 | 0 | this.credentialsAccessor = credentialsAccessor; |
181 | 0 | } |
182 | |
} |