View Javadoc
1   /*
2    * Copyright (c) MuleSoft, Inc.  All rights reserved.  http://www.mulesoft.com
3    * The software in this package is published under the terms of the CPAL v1.0
4    * license, a copy of which has been included with this distribution in the
5    * LICENSE.txt file.
6    */
7   package org.mule.security;
8   
9   import org.mule.api.EncryptionStrategy;
10  import org.mule.api.config.MuleProperties;
11  import org.mule.api.security.Credentials;
12  import org.mule.api.security.CryptoFailureException;
13  import org.mule.api.security.EncryptionStrategyNotFoundException;
14  import org.mule.api.security.SecurityManager;
15  import org.mule.config.i18n.CoreMessages;
16  import org.mule.util.ArrayUtils;
17  
18  import java.io.Serializable;
19  import java.util.StringTokenizer;
20  
21  /**
22   * <code>MuleCredentials</code> can be used to read and set Mule user information
23   * that can be stored in a message header.
24   */
25  
26  public class MuleCredentials implements Credentials, Serializable
27  {
28      public static final String TOKEN_DELIM = "::";
29  
30      private final String username;
31      private final char[] password;
32      private Object roles;
33  
34      public MuleCredentials(String username, char[] password)
35      {
36          this.username = username;
37          this.password = ArrayUtils.clone(password);
38      }
39  
40      public MuleCredentials(String username, char[] password, Object roles)
41      {
42          this.username = username;
43          this.password = ArrayUtils.clone(password);
44          this.roles = roles;
45      }
46  
47      public MuleCredentials(String header, SecurityManager sm) throws EncryptionStrategyNotFoundException, CryptoFailureException
48      {
49  
50          int i = header.indexOf(' ');
51          if (i == -1)
52          {
53              throw new IllegalArgumentException(
54                  CoreMessages.headerMalformedValueIs(MuleProperties.MULE_USER_PROPERTY, header).toString());
55          }
56  
57          String scheme = header.substring(0, i);
58          String creds = header.substring(i + 1);
59  
60          if (!scheme.equalsIgnoreCase("plain"))
61          {
62              EncryptionStrategy es = sm.getEncryptionStrategy(scheme);
63              if (es == null)
64              {
65                  throw new EncryptionStrategyNotFoundException(scheme);
66              }
67              else
68              {
69                  creds = new String(es.decrypt(creds.getBytes(), null));
70              }
71          }
72  
73          StringTokenizer st = new StringTokenizer(creds, TOKEN_DELIM);
74          username = st.nextToken();
75          password = st.nextToken().toCharArray();
76          if (st.hasMoreTokens())
77          {
78              roles = st.nextToken();
79          }
80      }
81  
82      public String getToken()
83      {
84          StringBuffer buf = new StringBuffer();
85          buf.append(username).append(TOKEN_DELIM);
86          buf.append(password).append(TOKEN_DELIM);
87  
88          if (roles != null)
89          {
90              buf.append(roles);
91          }
92  
93          return buf.toString();
94      }
95  
96      public String getUsername()
97      {
98          return username;
99      }
100 
101     public char[] getPassword()
102     {
103         return ArrayUtils.clone(password);
104     }
105 
106     public Object getRoles()
107     {
108         return roles;
109     }
110 
111     public static String createHeader(String username, char[] password)
112     {
113         StringBuffer buf = new StringBuffer(32);
114         buf.append("Plain ");
115         buf.append(username).append(TOKEN_DELIM);
116         buf.append(password).append(TOKEN_DELIM);
117         return buf.toString();
118     }
119 
120     public static String createHeader(String username,
121                                       String password,
122                                       String encryptionName,
123                                       EncryptionStrategy es) throws CryptoFailureException
124     {
125         StringBuffer buf = new StringBuffer();
126         buf.append(encryptionName).append(" ");
127         String creds = username + TOKEN_DELIM + password;
128         byte[] encrypted = es.encrypt(creds.getBytes(), null);
129         buf.append(new String(encrypted));
130         return buf.toString();
131     }
132 }