1
2
3
4
5
6
7
8
9
10
11 package org.mule.module.pgp.filters;
12
13 import org.mule.api.EncryptionStrategy;
14 import org.mule.api.MuleEvent;
15 import org.mule.api.MuleMessage;
16 import org.mule.api.lifecycle.InitialisationException;
17 import org.mule.api.security.Authentication;
18 import org.mule.api.security.SecurityContext;
19 import org.mule.api.security.UnauthorisedException;
20 import org.mule.api.security.UnknownAuthenticationTypeException;
21 import org.mule.config.i18n.CoreMessages;
22 import org.mule.module.pgp.LiteralMessage;
23 import org.mule.module.pgp.Message;
24 import org.mule.module.pgp.MessageFactory;
25 import org.mule.module.pgp.PGPAuthentication;
26 import org.mule.module.pgp.PGPCryptInfo;
27 import org.mule.module.pgp.PGPKeyRing;
28 import org.mule.module.pgp.SignedMessage;
29 import org.mule.module.pgp.i18n.PGPMessages;
30 import org.mule.security.AbstractEndpointSecurityFilter;
31
32 import org.apache.commons.logging.Log;
33 import org.apache.commons.logging.LogFactory;
34 import org.bouncycastle.openpgp.PGPPublicKey;
35
36 public class PGPSecurityFilter extends AbstractEndpointSecurityFilter
37 {
38
39
40
41 protected static final Log logger = LogFactory.getLog(PGPSecurityFilter.class);
42
43 private EncryptionStrategy strategy;
44
45 private String strategyName;
46
47 private boolean signRequired;
48
49 private PGPKeyRing keyManager;
50
51 @Override
52 protected void authenticateInbound(MuleEvent event)
53 throws SecurityException, UnauthorisedException, UnknownAuthenticationTypeException
54 {
55 MuleMessage message = event.getMessage();
56
57 String userId = (String)getCredentialsAccessor().getCredentials(event);
58
59 byte[] creds = null;
60 try
61 {
62 creds = message.getPayloadAsBytes();
63 creds = strategy.decrypt(creds, null);
64 }
65 catch (Exception e1)
66 {
67 throw new UnauthorisedException(CoreMessages.failedToReadPayload(), event, e1);
68 }
69
70 Authentication authentication;
71 try
72 {
73 authentication = new PGPAuthentication(userId, decodeMsgRaw(creds));
74 }
75 catch (Exception e1)
76 {
77 throw new UnauthorisedException(CoreMessages.failedToReadPayload(), event, e1);
78 }
79
80 final Authentication authResult;
81 try
82 {
83 authResult = getSecurityManager().authenticate(authentication);
84 }
85 catch (Exception e)
86 {
87
88 if (logger.isDebugEnabled())
89 {
90 logger.debug("Authentication request for user: " + userId + " failed: " + e.toString());
91 }
92
93 throw new UnauthorisedException(CoreMessages.authFailedForUser(userId), event, e);
94 }
95
96
97 if (logger.isDebugEnabled())
98 {
99 logger.debug("Authentication success: " + authResult.toString());
100 }
101
102 SecurityContext context = getSecurityManager().createSecurityContext(authResult);
103 event.getSession().setSecurityContext(context);
104
105 try
106 {
107 updatePayload(message, getUnencryptedMessageWithoutSignature((PGPAuthentication)authResult), event);
108
109
110 }
111 catch (Exception e2)
112 {
113 throw new UnauthorisedException(event, context, event.getEndpoint(), this);
114 }
115 }
116
117 private Message decodeMsgRaw(byte[] raw) throws Exception
118 {
119 return MessageFactory.getMessage(raw);
120 }
121
122 private String getUnencryptedMessageWithoutSignature(PGPAuthentication auth) throws Exception
123 {
124 Message msg = (Message)auth.getCredentials();
125
126 if (msg instanceof SignedMessage)
127 {
128 msg = ((SignedMessage)msg).getContents();
129 }
130
131 if (msg instanceof LiteralMessage)
132 {
133 return ((LiteralMessage)msg).getTextData();
134 }
135 else
136 {
137 throw new Exception("Wrong data");
138 }
139 }
140
141 @Override
142 protected void authenticateOutbound(MuleEvent event) throws SecurityException, UnauthorisedException
143 {
144 logger.debug("authenticateOutbound:" + event.getId());
145
146 if (!isAuthenticate())
147 {
148 return;
149 }
150
151 MuleMessage message = event.getMessage();
152
153 PGPPublicKey userKeyBundle = keyManager.getPublicKey((String)getCredentialsAccessor().getCredentials(
154 event));
155
156 final PGPCryptInfo cryptInfo = new PGPCryptInfo(userKeyBundle, signRequired);
157
158 try
159 {
160 updatePayload(event.getMessage(), strategy.encrypt(message.getPayloadAsBytes(), cryptInfo), event);
161 }
162 catch (Exception e1)
163 {
164 throw new UnauthorisedException(CoreMessages.failedToReadPayload(), event, e1);
165 }
166 }
167
168 @Override
169 protected void doInitialise() throws InitialisationException
170 {
171 if (strategyName != null)
172 {
173 strategy = endpoint.getMuleContext().getSecurityManager().getEncryptionStrategy(strategyName);
174 }
175
176 if (strategy == null)
177 {
178 throw new InitialisationException(PGPMessages.encryptionStrategyNotSet(), this);
179 }
180 }
181
182 public EncryptionStrategy getStrategy()
183 {
184 return strategy;
185 }
186
187 public void setStrategy(EncryptionStrategy strategy)
188 {
189 this.strategy = strategy;
190 }
191
192 public void setStrategyName(String name)
193 {
194 strategyName = name;
195 }
196
197 public boolean isSignRequired()
198 {
199 return signRequired;
200 }
201
202 public void setSignRequired(boolean signRequired)
203 {
204 this.signRequired = signRequired;
205 }
206
207 public PGPKeyRing getKeyManager()
208 {
209 return keyManager;
210 }
211
212 public void setKeyManager(PGPKeyRing keyManager)
213 {
214 this.keyManager = keyManager;
215 }
216 }