1 | |
|
2 | |
|
3 | |
|
4 | |
|
5 | |
|
6 | |
|
7 | |
|
8 | |
|
9 | |
|
10 | |
|
11 | |
package org.mule.module.pgp.filters; |
12 | |
|
13 | |
import org.mule.api.EncryptionStrategy; |
14 | |
import org.mule.api.MuleEvent; |
15 | |
import org.mule.api.MuleMessage; |
16 | |
import org.mule.api.lifecycle.InitialisationException; |
17 | |
import org.mule.api.security.Authentication; |
18 | |
import org.mule.api.security.SecurityContext; |
19 | |
import org.mule.api.security.UnauthorisedException; |
20 | |
import org.mule.api.security.UnknownAuthenticationTypeException; |
21 | |
import org.mule.config.i18n.CoreMessages; |
22 | |
import org.mule.module.pgp.LiteralMessage; |
23 | |
import org.mule.module.pgp.Message; |
24 | |
import org.mule.module.pgp.MessageFactory; |
25 | |
import org.mule.module.pgp.PGPAuthentication; |
26 | |
import org.mule.module.pgp.PGPCryptInfo; |
27 | |
import org.mule.module.pgp.PGPKeyRing; |
28 | |
import org.mule.module.pgp.SignedMessage; |
29 | |
import org.mule.module.pgp.i18n.PGPMessages; |
30 | |
import org.mule.security.AbstractEndpointSecurityFilter; |
31 | |
|
32 | |
import org.apache.commons.logging.Log; |
33 | |
import org.apache.commons.logging.LogFactory; |
34 | |
import org.bouncycastle.openpgp.PGPPublicKey; |
35 | |
|
36 | 0 | public class PGPSecurityFilter extends AbstractEndpointSecurityFilter |
37 | |
{ |
38 | |
|
39 | |
|
40 | |
|
41 | 0 | protected static final Log logger = LogFactory.getLog(PGPSecurityFilter.class); |
42 | |
|
43 | |
private EncryptionStrategy strategy; |
44 | |
|
45 | |
private String strategyName; |
46 | |
|
47 | |
private boolean signRequired; |
48 | |
|
49 | |
private PGPKeyRing keyManager; |
50 | |
|
51 | |
@Override |
52 | |
protected void authenticateInbound(MuleEvent event) |
53 | |
throws SecurityException, UnauthorisedException, UnknownAuthenticationTypeException |
54 | |
{ |
55 | 0 | MuleMessage message = event.getMessage(); |
56 | |
|
57 | 0 | String userId = (String)getCredentialsAccessor().getCredentials(event); |
58 | |
|
59 | 0 | byte[] creds = null; |
60 | |
try |
61 | |
{ |
62 | 0 | creds = message.getPayloadAsBytes(); |
63 | 0 | creds = strategy.decrypt(creds, null); |
64 | |
} |
65 | 0 | catch (Exception e1) |
66 | |
{ |
67 | 0 | throw new UnauthorisedException(CoreMessages.failedToReadPayload(), event, e1); |
68 | 0 | } |
69 | |
|
70 | |
Authentication authentication; |
71 | |
try |
72 | |
{ |
73 | 0 | authentication = new PGPAuthentication(userId, decodeMsgRaw(creds)); |
74 | |
} |
75 | 0 | catch (Exception e1) |
76 | |
{ |
77 | 0 | throw new UnauthorisedException(CoreMessages.failedToReadPayload(), event, e1); |
78 | 0 | } |
79 | |
|
80 | |
final Authentication authResult; |
81 | |
try |
82 | |
{ |
83 | 0 | authResult = getSecurityManager().authenticate(authentication); |
84 | |
} |
85 | 0 | catch (Exception e) |
86 | |
{ |
87 | |
|
88 | 0 | if (logger.isDebugEnabled()) |
89 | |
{ |
90 | 0 | logger.debug("Authentication request for user: " + userId + " failed: " + e.toString()); |
91 | |
} |
92 | |
|
93 | 0 | throw new UnauthorisedException(CoreMessages.authFailedForUser(userId), event, e); |
94 | 0 | } |
95 | |
|
96 | |
|
97 | 0 | if (logger.isDebugEnabled()) |
98 | |
{ |
99 | 0 | logger.debug("Authentication success: " + authResult.toString()); |
100 | |
} |
101 | |
|
102 | 0 | SecurityContext context = getSecurityManager().createSecurityContext(authResult); |
103 | 0 | event.getSession().setSecurityContext(context); |
104 | |
|
105 | |
try |
106 | |
{ |
107 | 0 | updatePayload(message, getUnencryptedMessageWithoutSignature((PGPAuthentication)authResult), event); |
108 | |
|
109 | |
|
110 | |
} |
111 | 0 | catch (Exception e2) |
112 | |
{ |
113 | 0 | throw new UnauthorisedException(event, context, event.getEndpoint(), this); |
114 | 0 | } |
115 | 0 | } |
116 | |
|
117 | |
private Message decodeMsgRaw(byte[] raw) throws Exception |
118 | |
{ |
119 | 0 | return MessageFactory.getMessage(raw); |
120 | |
} |
121 | |
|
122 | |
private String getUnencryptedMessageWithoutSignature(PGPAuthentication auth) throws Exception |
123 | |
{ |
124 | 0 | Message msg = (Message)auth.getCredentials(); |
125 | |
|
126 | 0 | if (msg instanceof SignedMessage) |
127 | |
{ |
128 | 0 | msg = ((SignedMessage)msg).getContents(); |
129 | |
} |
130 | |
|
131 | 0 | if (msg instanceof LiteralMessage) |
132 | |
{ |
133 | 0 | return ((LiteralMessage)msg).getTextData(); |
134 | |
} |
135 | |
else |
136 | |
{ |
137 | 0 | throw new Exception("Wrong data"); |
138 | |
} |
139 | |
} |
140 | |
|
141 | |
@Override |
142 | |
protected void authenticateOutbound(MuleEvent event) throws SecurityException, UnauthorisedException |
143 | |
{ |
144 | 0 | logger.debug("authenticateOutbound:" + event.getId()); |
145 | |
|
146 | 0 | if (!isAuthenticate()) |
147 | |
{ |
148 | 0 | return; |
149 | |
} |
150 | |
|
151 | 0 | MuleMessage message = event.getMessage(); |
152 | |
|
153 | 0 | PGPPublicKey userKeyBundle = keyManager.getPublicKey((String)getCredentialsAccessor().getCredentials( |
154 | |
event)); |
155 | |
|
156 | 0 | final PGPCryptInfo cryptInfo = new PGPCryptInfo(userKeyBundle, signRequired); |
157 | |
|
158 | |
try |
159 | |
{ |
160 | 0 | updatePayload(event.getMessage(), strategy.encrypt(message.getPayloadAsBytes(), cryptInfo), event); |
161 | |
} |
162 | 0 | catch (Exception e1) |
163 | |
{ |
164 | 0 | throw new UnauthorisedException(CoreMessages.failedToReadPayload(), event, e1); |
165 | 0 | } |
166 | 0 | } |
167 | |
|
168 | |
@Override |
169 | |
protected void doInitialise() throws InitialisationException |
170 | |
{ |
171 | 0 | if (strategyName != null) |
172 | |
{ |
173 | 0 | strategy = endpoint.getMuleContext().getSecurityManager().getEncryptionStrategy(strategyName); |
174 | |
} |
175 | |
|
176 | 0 | if (strategy == null) |
177 | |
{ |
178 | 0 | throw new InitialisationException(PGPMessages.encryptionStrategyNotSet(), this); |
179 | |
} |
180 | 0 | } |
181 | |
|
182 | |
public EncryptionStrategy getStrategy() |
183 | |
{ |
184 | 0 | return strategy; |
185 | |
} |
186 | |
|
187 | |
public void setStrategy(EncryptionStrategy strategy) |
188 | |
{ |
189 | 0 | this.strategy = strategy; |
190 | 0 | } |
191 | |
|
192 | |
public void setStrategyName(String name) |
193 | |
{ |
194 | 0 | strategyName = name; |
195 | 0 | } |
196 | |
|
197 | |
public boolean isSignRequired() |
198 | |
{ |
199 | 0 | return signRequired; |
200 | |
} |
201 | |
|
202 | |
public void setSignRequired(boolean signRequired) |
203 | |
{ |
204 | 0 | this.signRequired = signRequired; |
205 | 0 | } |
206 | |
|
207 | |
public PGPKeyRing getKeyManager() |
208 | |
{ |
209 | 0 | return keyManager; |
210 | |
} |
211 | |
|
212 | |
public void setKeyManager(PGPKeyRing keyManager) |
213 | |
{ |
214 | 0 | this.keyManager = keyManager; |
215 | 0 | } |
216 | |
} |