View Javadoc

1   /*
2    * $Id: PGPSecurityFilter.java 20310 2010-11-24 10:40:35Z esteban.robles $
3    * --------------------------------------------------------------------------------------
4    * Copyright (c) MuleSoft, Inc.  All rights reserved.  http://www.mulesoft.com
5    *
6    * The software in this package is published under the terms of the CPAL v1.0
7    * license, a copy of which has been included with this distribution in the
8    * LICENSE.txt file.
9    */
10  
11  package org.mule.module.pgp.filters;
12  
13  import org.mule.api.EncryptionStrategy;
14  import org.mule.api.MuleEvent;
15  import org.mule.api.MuleMessage;
16  import org.mule.api.lifecycle.InitialisationException;
17  import org.mule.api.security.Authentication;
18  import org.mule.api.security.SecurityContext;
19  import org.mule.api.security.UnauthorisedException;
20  import org.mule.api.security.UnknownAuthenticationTypeException;
21  import org.mule.config.i18n.CoreMessages;
22  import org.mule.module.pgp.LiteralMessage;
23  import org.mule.module.pgp.Message;
24  import org.mule.module.pgp.MessageFactory;
25  import org.mule.module.pgp.PGPAuthentication;
26  import org.mule.module.pgp.PGPCryptInfo;
27  import org.mule.module.pgp.PGPKeyRing;
28  import org.mule.module.pgp.SignedMessage;
29  import org.mule.module.pgp.i18n.PGPMessages;
30  import org.mule.security.AbstractEndpointSecurityFilter;
31  
32  import org.apache.commons.logging.Log;
33  import org.apache.commons.logging.LogFactory;
34  import org.bouncycastle.openpgp.PGPPublicKey;
35  
36  public class PGPSecurityFilter extends AbstractEndpointSecurityFilter
37  {
38      /**
39       * logger used by this class
40       */
41      protected static final Log logger = LogFactory.getLog(PGPSecurityFilter.class);
42  
43      private EncryptionStrategy strategy;
44  
45      private String strategyName;
46  
47      private boolean signRequired;
48  
49      private PGPKeyRing keyManager;
50  
51      @Override
52      protected void authenticateInbound(MuleEvent event)
53          throws SecurityException, UnauthorisedException, UnknownAuthenticationTypeException
54      {
55          MuleMessage message = event.getMessage();
56  
57          String userId = (String)getCredentialsAccessor().getCredentials(event);
58  
59          byte[] creds = null;
60          try
61          {
62              creds = message.getPayloadAsBytes();
63              creds = strategy.decrypt(creds, null);
64          }
65          catch (Exception e1)
66          {
67              throw new UnauthorisedException(CoreMessages.failedToReadPayload(), event, e1);
68          }
69  
70          Authentication authentication;
71          try
72          {
73              authentication = new PGPAuthentication(userId, decodeMsgRaw(creds));
74          }
75          catch (Exception e1)
76          {
77              throw new UnauthorisedException(CoreMessages.failedToReadPayload(), event, e1);
78          }
79  
80          final Authentication authResult;
81          try
82          {
83              authResult = getSecurityManager().authenticate(authentication);
84          }
85          catch (Exception e)
86          {
87              // Authentication failed
88              if (logger.isDebugEnabled())
89              {
90                  logger.debug("Authentication request for user: " + userId + " failed: " + e.toString());
91              }
92  
93              throw new UnauthorisedException(CoreMessages.authFailedForUser(userId), event, e);
94          }
95  
96          // Authentication success
97          if (logger.isDebugEnabled())
98          {
99              logger.debug("Authentication success: " + authResult.toString());
100         }
101 
102         SecurityContext context = getSecurityManager().createSecurityContext(authResult);
103         event.getSession().setSecurityContext(context);
104 
105         try
106         {
107             updatePayload(message, getUnencryptedMessageWithoutSignature((PGPAuthentication)authResult), event);
108 //            TODO RequestContext.rewriteEvent(new DefaultMuleMessage(
109 //                getUnencryptedMessageWithoutSignature((PGPAuthentication)authResult)));
110         }
111         catch (Exception e2)
112         {
113             throw new UnauthorisedException(event, context, event.getEndpoint(), this);
114         }
115     }
116 
117     private Message decodeMsgRaw(byte[] raw) throws Exception
118     {
119         return MessageFactory.getMessage(raw);
120     }
121 
122     private String getUnencryptedMessageWithoutSignature(PGPAuthentication auth) throws Exception
123     {
124         Message msg = (Message)auth.getCredentials();
125 
126         if (msg instanceof SignedMessage)
127         {
128             msg = ((SignedMessage)msg).getContents();
129         }
130 
131         if (msg instanceof LiteralMessage)
132         {
133             return ((LiteralMessage)msg).getTextData();
134         }
135         else
136         {
137             throw new Exception("Wrong data");
138         }
139     }
140 
141     @Override
142     protected void authenticateOutbound(MuleEvent event) throws SecurityException, UnauthorisedException
143     {
144         logger.debug("authenticateOutbound:" + event.getId());
145 
146         if (!isAuthenticate())
147         {
148             return;
149         }
150 
151         MuleMessage message = event.getMessage();
152 
153         PGPPublicKey userKeyBundle = keyManager.getPublicKey((String)getCredentialsAccessor().getCredentials(
154             event));
155 
156         final PGPCryptInfo cryptInfo = new PGPCryptInfo(userKeyBundle, signRequired);
157 
158         try
159         {
160             updatePayload(event.getMessage(), strategy.encrypt(message.getPayloadAsBytes(), cryptInfo), event);
161         }
162         catch (Exception e1)
163         {
164             throw new UnauthorisedException(CoreMessages.failedToReadPayload(), event, e1);
165         }
166     }
167 
168     @Override
169     protected void doInitialise() throws InitialisationException
170     {
171         if (strategyName != null)
172         {
173             strategy = endpoint.getMuleContext().getSecurityManager().getEncryptionStrategy(strategyName);
174         }
175 
176         if (strategy == null)
177         {
178             throw new InitialisationException(PGPMessages.encryptionStrategyNotSet(), this);
179         }
180     }
181 
182     public EncryptionStrategy getStrategy()
183     {
184         return strategy;
185     }
186 
187     public void setStrategy(EncryptionStrategy strategy)
188     {
189         this.strategy = strategy;
190     }
191 
192     public void setStrategyName(String name)
193     {
194         strategyName = name;
195     }
196 
197     public boolean isSignRequired()
198     {
199         return signRequired;
200     }
201 
202     public void setSignRequired(boolean signRequired)
203     {
204         this.signRequired = signRequired;
205     }
206 
207     public PGPKeyRing getKeyManager()
208     {
209         return keyManager;
210     }
211 
212     public void setKeyManager(PGPKeyRing keyManager)
213     {
214         this.keyManager = keyManager;
215     }
216 }