1
2
3
4
5
6
7
8
9
10
11 package org.mule.api.security.tls;
12
13 import org.mule.api.lifecycle.CreateException;
14 import org.mule.api.security.TlsDirectKeyStore;
15 import org.mule.api.security.TlsDirectTrustStore;
16 import org.mule.api.security.TlsIndirectKeyStore;
17 import org.mule.api.security.TlsProtocolHandler;
18 import org.mule.api.security.provider.AutoDiscoverySecurityProviderFactory;
19 import org.mule.api.security.provider.SecurityProviderFactory;
20 import org.mule.api.security.provider.SecurityProviderInfo;
21 import org.mule.config.i18n.CoreMessages;
22 import org.mule.util.FileUtils;
23 import org.mule.util.IOUtils;
24
25 import java.io.FileNotFoundException;
26 import java.io.IOException;
27 import java.io.InputStream;
28 import java.security.KeyManagementException;
29 import java.security.KeyStore;
30 import java.security.NoSuchAlgorithmException;
31 import java.security.Provider;
32 import java.security.Security;
33
34 import javax.net.ssl.KeyManager;
35 import javax.net.ssl.KeyManagerFactory;
36 import javax.net.ssl.SSLContext;
37 import javax.net.ssl.SSLServerSocketFactory;
38 import javax.net.ssl.SSLSocketFactory;
39 import javax.net.ssl.TrustManager;
40 import javax.net.ssl.TrustManagerFactory;
41
42 import org.apache.commons.logging.Log;
43 import org.apache.commons.logging.LogFactory;
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112 public final class TlsConfiguration
113 implements TlsDirectTrustStore, TlsDirectKeyStore, TlsIndirectKeyStore, TlsProtocolHandler
114 {
115
116 public static final String DEFAULT_KEYSTORE = ".keystore";
117 public static final String DEFAULT_KEYSTORE_TYPE = KeyStore.getDefaultType();
118 public static final String JSSE_NAMESPACE = "javax.net";
119
120 private Log logger = LogFactory.getLog(getClass());
121
122 private SecurityProviderFactory spFactory = new AutoDiscoverySecurityProviderFactory();
123 private SecurityProviderInfo spInfo = spFactory.getSecurityProviderInfo();
124 private Provider provider = spFactory.getProvider();
125 private String sslType = spInfo.getDefaultSslType();
126
127
128 private String protocolHandler = spInfo.getProtocolHandler();
129
130
131
132 private String keyStoreName = DEFAULT_KEYSTORE;
133 private String keyPassword = null;
134 private String keyStorePassword = null;
135 private String keystoreType = DEFAULT_KEYSTORE_TYPE;
136 private String keyManagerAlgorithm = spInfo.getKeyManagerAlgorithm();
137 private KeyManagerFactory keyManagerFactory = null;
138
139
140
141
142
143
144 private String clientKeyStoreName = null;
145 private String clientKeyStorePassword = null;
146 private String clientKeyStoreType = DEFAULT_KEYSTORE_TYPE;
147
148
149
150 private String trustStoreName = null;
151 private String trustStorePassword = null;
152 private String trustStoreType = DEFAULT_KEYSTORE_TYPE;
153 private String trustManagerAlgorithm = spInfo.getKeyManagerAlgorithm();
154 private TrustManagerFactory trustManagerFactory = null;
155 private boolean explicitTrustStoreOnly = false;
156 private boolean requireClientAuthentication = false;
157
158
159
160
161
162
163 public TlsConfiguration(String keyStore)
164 {
165 this.keyStoreName = keyStore;
166 }
167
168
169
170
171
172
173
174
175
176
177 public void initialise(boolean anon, String namespace) throws CreateException
178 {
179 if (logger.isDebugEnabled())
180 {
181 logger.debug("initialising: anon " + anon);
182 }
183 validate(anon);
184
185 Security.addProvider(provider);
186 System.setProperty("java.protocol.handler.pkgs", protocolHandler);
187
188 if (!anon)
189 {
190 initKeyManagerFactory();
191 }
192 initTrustManagerFactory();
193
194 if (null != namespace)
195 {
196 new TlsPropertiesMapper(namespace).writeToProperties(System.getProperties(), this);
197 }
198 }
199
200 private void validate(boolean anon) throws CreateException
201 {
202 assertNotNull(getProvider(), "The security provider cannot be null");
203 if (!anon)
204 {
205 assertNotNull(getKeyStore(), "The KeyStore location cannot be null");
206 assertNotNull(getKeyPassword(), "The Key password cannot be null");
207 assertNotNull(getKeyStorePassword(), "The KeyStore password cannot be null");
208 assertNotNull(getKeyManagerAlgorithm(), "The Key Manager Algorithm cannot be null");
209 }
210 }
211
212 private void initKeyManagerFactory() throws CreateException
213 {
214 if (logger.isDebugEnabled())
215 {
216 logger.debug("initialising key manager factory from keystore data");
217 }
218 KeyStore tempKeyStore;
219 try
220 {
221 tempKeyStore = KeyStore.getInstance(keystoreType);
222 InputStream is = IOUtils.getResourceAsStream(keyStoreName, getClass());
223 if (null == is)
224 {
225 throw new FileNotFoundException(
226 CoreMessages.cannotLoadFromClasspath("Keystore: " + keyStoreName).getMessage());
227 }
228 tempKeyStore.load(is, keyStorePassword.toCharArray());
229 }
230 catch (Exception e)
231 {
232 throw new CreateException(
233 CoreMessages.failedToLoad("KeyStore: " + keyStoreName), e, this);
234 }
235 try
236 {
237 keyManagerFactory = KeyManagerFactory.getInstance(getKeyManagerAlgorithm());
238 keyManagerFactory.init(tempKeyStore, keyPassword.toCharArray());
239 }
240 catch (Exception e)
241 {
242 throw new CreateException(CoreMessages.failedToLoad("Key Manager"), e, this);
243 }
244 }
245
246 private void initTrustManagerFactory() throws CreateException
247 {
248 if (null != trustStoreName)
249 {
250 trustStorePassword = null == trustStorePassword ? "" : trustStorePassword;
251
252 KeyStore trustStore;
253 try
254 {
255 trustStore = KeyStore.getInstance(trustStoreType);
256 InputStream is = IOUtils.getResourceAsStream(trustStoreName, getClass());
257 if (null == is)
258 {
259 throw new FileNotFoundException(
260 "Failed to load truststore from classpath or local file: " + trustStoreName);
261 }
262 trustStore.load(is, trustStorePassword.toCharArray());
263 }
264 catch (Exception e)
265 {
266 throw new CreateException(
267 CoreMessages.failedToLoad("TrustStore: " + trustStoreName), e, this);
268 }
269
270 try
271 {
272 trustManagerFactory = TrustManagerFactory.getInstance(trustManagerAlgorithm);
273 trustManagerFactory.init(trustStore);
274 }
275 catch (Exception e)
276 {
277 throw new CreateException(
278 CoreMessages.failedToLoad("Trust Manager (" + trustManagerAlgorithm + ")"), e, this);
279 }
280 }
281 }
282
283
284 private static void assertNotNull(Object value, String message)
285 {
286 if (null == value)
287 {
288 throw new IllegalArgumentException(message);
289 }
290 }
291
292 private static String defaultForNull(String value, String deflt)
293 {
294 if (null == value)
295 {
296 return deflt;
297 }
298 else
299 {
300 return value;
301 }
302 }
303
304 public SSLSocketFactory getSocketFactory() throws NoSuchAlgorithmException, KeyManagementException
305 {
306 return getSslContext().getSocketFactory();
307 }
308
309 public SSLServerSocketFactory getServerSocketFactory()
310 throws NoSuchAlgorithmException, KeyManagementException
311 {
312 return getSslContext().getServerSocketFactory();
313 }
314
315 public SSLContext getSslContext() throws NoSuchAlgorithmException, KeyManagementException
316 {
317 KeyManager[] keyManagers =
318 null == getKeyManagerFactory() ? null : getKeyManagerFactory().getKeyManagers();
319 TrustManager[] trustManagers =
320 null == getTrustManagerFactory() ? null : getTrustManagerFactory().getTrustManagers();
321
322 SSLContext context = SSLContext.getInstance(getSslType());
323
324 context.init(keyManagers, trustManagers, null);
325 return context;
326 }
327
328 public String getSslType()
329 {
330 return sslType;
331 }
332
333 public void setSslType(String sslType)
334 {
335 this.sslType = sslType;
336 }
337
338 public Provider getProvider()
339 {
340 return provider;
341 }
342
343 public void setProvider(Provider provider)
344 {
345 this.provider = provider;
346 }
347
348 public String getProtocolHandler()
349 {
350 return protocolHandler;
351 }
352
353 public void setProtocolHandler(String protocolHandler)
354 {
355 this.protocolHandler = protocolHandler;
356 }
357
358 public SecurityProviderFactory getSecurityProviderFactory()
359 {
360 return spFactory;
361 }
362
363 public void setSecurityProviderFactory(SecurityProviderFactory spFactory)
364 {
365 this.spFactory = spFactory;
366 }
367
368
369
370 public String getKeyStore()
371 {
372 return keyStoreName;
373 }
374
375 public void setKeyStore(String name) throws IOException
376 {
377 keyStoreName = name;
378 if (null != keyStoreName)
379 {
380 keyStoreName = FileUtils.getResourcePath(keyStoreName, getClass());
381 if (logger.isDebugEnabled())
382 {
383 logger.debug("Normalised keyStore path to: " + keyStoreName);
384 }
385 }
386 }
387
388 public String getKeyPassword()
389 {
390 return keyPassword;
391 }
392
393 public void setKeyPassword(String keyPassword)
394 {
395 this.keyPassword = keyPassword;
396 }
397
398 public String getKeyStorePassword()
399 {
400 return keyStorePassword;
401 }
402
403 public void setKeyStorePassword(String storePassword)
404 {
405 this.keyStorePassword = storePassword;
406 }
407
408 public String getKeyStoreType()
409 {
410 return keystoreType;
411 }
412
413 public void setKeyStoreType(String keystoreType)
414 {
415 this.keystoreType = keystoreType;
416 }
417
418 public String getKeyManagerAlgorithm()
419 {
420 return keyManagerAlgorithm;
421 }
422
423 public void setKeyManagerAlgorithm(String keyManagerAlgorithm)
424 {
425 this.keyManagerAlgorithm = keyManagerAlgorithm;
426 }
427
428 public KeyManagerFactory getKeyManagerFactory()
429 {
430 return keyManagerFactory;
431 }
432
433
434
435 public String getClientKeyStore()
436 {
437 return clientKeyStoreName;
438 }
439
440 public void setClientKeyStore(String name) throws IOException
441 {
442 clientKeyStoreName = name;
443 if (null != clientKeyStoreName)
444 {
445 clientKeyStoreName = FileUtils.getResourcePath(clientKeyStoreName, getClass());
446 if (logger.isDebugEnabled())
447 {
448 logger.debug("Normalised clientKeyStore path to: " + clientKeyStoreName);
449 }
450 }
451 }
452
453 public String getClientKeyStorePassword()
454 {
455 return clientKeyStorePassword;
456 }
457
458 public void setClientKeyStorePassword(String clientKeyStorePassword)
459 {
460 this.clientKeyStorePassword = clientKeyStorePassword;
461 }
462
463 public void setClientKeyStoreType(String clientKeyStoreType)
464 {
465 this.clientKeyStoreType = clientKeyStoreType;
466 }
467
468 public String getClientKeyStoreType()
469 {
470 return clientKeyStoreType;
471 }
472
473
474
475 public String getTrustStore()
476 {
477 return trustStoreName;
478 }
479
480 public void setTrustStore(String name) throws IOException
481 {
482 trustStoreName = name;
483 if (null != trustStoreName)
484 {
485 trustStoreName = FileUtils.getResourcePath(trustStoreName, getClass());
486 if (logger.isDebugEnabled())
487 {
488 logger.debug("Normalised trustStore path to: " + trustStoreName);
489 }
490 }
491 }
492
493 public String getTrustStorePassword()
494 {
495 return trustStorePassword;
496 }
497
498 public void setTrustStorePassword(String trustStorePassword)
499 {
500 this.trustStorePassword = trustStorePassword;
501 }
502
503 public String getTrustStoreType()
504 {
505 return trustStoreType;
506 }
507
508 public void setTrustStoreType(String trustStoreType)
509 {
510 this.trustStoreType = trustStoreType;
511 }
512
513 public String getTrustManagerAlgorithm()
514 {
515 return trustManagerAlgorithm;
516 }
517
518 public void setTrustManagerAlgorithm(String trustManagerAlgorithm)
519 {
520 this.trustManagerAlgorithm = defaultForNull(trustManagerAlgorithm, spInfo.getKeyManagerAlgorithm());
521 }
522
523 public TrustManagerFactory getTrustManagerFactory()
524 {
525 return trustManagerFactory;
526 }
527
528 public void setTrustManagerFactory(TrustManagerFactory trustManagerFactory)
529 {
530 this.trustManagerFactory = trustManagerFactory;
531 }
532
533 public boolean isExplicitTrustStoreOnly()
534 {
535 return explicitTrustStoreOnly;
536 }
537
538 public void setExplicitTrustStoreOnly(boolean explicitTrustStoreOnly)
539 {
540 this.explicitTrustStoreOnly = explicitTrustStoreOnly;
541 }
542
543 public boolean isRequireClientAuthentication()
544 {
545 return requireClientAuthentication;
546 }
547
548 public void setRequireClientAuthentication(boolean requireClientAuthentication)
549 {
550 this.requireClientAuthentication = requireClientAuthentication;
551 }
552
553 }
554
555