1 10 11 package org.mule.extras.pgp.filters; 12 13 import cryptix.message.LiteralMessage; 14 import cryptix.message.Message; 15 import cryptix.message.MessageFactory; 16 import cryptix.message.SignedMessage; 17 import cryptix.pki.KeyBundle; 18 19 import org.apache.commons.logging.Log; 20 import org.apache.commons.logging.LogFactory; 21 import org.mule.MuleManager; 22 import org.mule.config.i18n.Messages; 23 import org.mule.extras.pgp.PGPAuthentication; 24 import org.mule.extras.pgp.PGPCryptInfo; 25 import org.mule.extras.pgp.PGPKeyRing; 26 import org.mule.impl.MuleMessage; 27 import org.mule.impl.RequestContext; 28 import org.mule.impl.security.AbstractEndpointSecurityFilter; 29 import org.mule.umo.UMOEncryptionStrategy; 30 import org.mule.umo.UMOEvent; 31 import org.mule.umo.UMOMessage; 32 import org.mule.umo.lifecycle.InitialisationException; 33 import org.mule.umo.security.UMOAuthentication; 34 import org.mule.umo.security.UMOSecurityContext; 35 import org.mule.umo.security.UnauthorisedException; 36 import org.mule.umo.security.UnknownAuthenticationTypeException; 37 38 import java.io.ByteArrayInputStream ; 39 import java.util.Collection ; 40 41 44 public class PGPSecurityFilter extends AbstractEndpointSecurityFilter 45 { 46 protected static Log logger = LogFactory.getLog(PGPSecurityFilter.class); 47 48 private UMOEncryptionStrategy strategy; 49 50 private String strategyName; 51 52 private boolean signRequired; 53 54 private PGPKeyRing keyManager; 55 56 61 protected void authenticateInbound(UMOEvent event) 62 throws SecurityException , UnauthorisedException, UnknownAuthenticationTypeException 63 { 64 UMOMessage message = event.getMessage(); 65 66 String userId = (String )getCredentialsAccessor().getCredentials(event); 67 68 byte[] creds = null; 69 70 try 71 { 72 creds = message.getPayloadAsBytes(); 73 creds = strategy.decrypt(creds, null); 74 } 75 catch (Exception e1) 76 { 77 throw new UnauthorisedException( 78 new org.mule.config.i18n.Message(Messages.FAILED_TO_READ_PAYLOAD), event.getMessage(), e1); 79 } 80 81 UMOAuthentication authResult; 82 UMOAuthentication umoAuthentication; 83 84 try 85 { 86 umoAuthentication = new PGPAuthentication(userId, decodeMsgRaw(creds)); 87 } 88 catch (Exception e1) 89 { 90 throw new UnauthorisedException( 91 new org.mule.config.i18n.Message(Messages.FAILED_TO_READ_PAYLOAD), event.getMessage(), e1); 92 } 93 94 try 95 { 96 authResult = getSecurityManager().authenticate(umoAuthentication); 97 } 98 catch (Exception e) 99 { 100 if (logger.isDebugEnabled()) 102 { 103 logger.debug("Authentication request for user: " + userId + " failed: " + e.toString()); 104 } 105 106 throw new UnauthorisedException(new org.mule.config.i18n.Message(Messages.AUTH_FAILED_FOR_USER_X, 107 userId), event.getMessage(), e); 108 } 109 110 if (logger.isDebugEnabled()) 112 { 113 logger.debug("Authentication success: " + authResult.toString()); 114 } 115 116 UMOSecurityContext context = getSecurityManager().createSecurityContext(authResult); 117 event.getSession().setSecurityContext(context); 118 119 try 120 { 121 RequestContext.rewriteEvent(new MuleMessage( 122 getUnencryptedMessageWithoutSignature((PGPAuthentication)authResult))); 123 } 124 catch (Exception e2) 125 { 126 throw new UnauthorisedException(event.getMessage(), context, event.getEndpoint(), this); 127 } 128 } 129 130 private Message decodeMsgRaw(byte[] raw) throws Exception 131 { 132 MessageFactory mf = MessageFactory.getInstance("OpenPGP"); 133 134 ByteArrayInputStream in = new ByteArrayInputStream (raw); 135 136 Collection msgs = mf.generateMessages(in); 137 138 return (Message)msgs.iterator().next(); 139 } 140 141 private String getUnencryptedMessageWithoutSignature(PGPAuthentication auth) throws Exception 142 { 143 Message msg = (Message)auth.getCredentials(); 144 145 if (msg instanceof SignedMessage) 146 { 147 msg = ((SignedMessage)msg).getContents(); 148 } 149 150 if (msg instanceof LiteralMessage) 151 { 152 return ((LiteralMessage)msg).getTextData(); 153 } 154 else 155 { 156 throw new Exception ("Wrong data"); 157 } 158 } 159 160 165 protected void authenticateOutbound(UMOEvent event) throws SecurityException , UnauthorisedException 166 { 167 logger.debug("authenticateOutbound:" + event.getId()); 168 169 if (!isAuthenticate()) 170 { 171 return; 172 } 173 174 UMOMessage message = event.getMessage(); 175 176 KeyBundle userKeyBundle = keyManager.getKeyBundle((String )getCredentialsAccessor().getCredentials( 177 event)); 178 179 PGPCryptInfo cryptInfo = new PGPCryptInfo(userKeyBundle, signRequired); 180 181 byte[] msg = null; 182 183 try 184 { 185 msg = message.getPayloadAsBytes(); 186 msg = strategy.encrypt(msg, cryptInfo); 187 } 188 catch (Exception e1) 189 { 190 throw new UnauthorisedException( 191 new org.mule.config.i18n.Message(Messages.FAILED_TO_READ_PAYLOAD), event.getMessage(), e1); 192 } 193 194 try 195 { 196 String mesg = new String (msg); 197 RequestContext.rewriteEvent(new MuleMessage(mesg)); 198 logger.debug("Message:" + mesg); 199 } 200 catch (Exception e2) 201 { 202 throw new UnauthorisedException(event.getMessage(), event.getSession().getSecurityContext(), 203 event.getEndpoint(), this); 204 } 205 } 206 207 212 protected void doInitialise() throws InitialisationException 213 { 214 if (strategyName != null) 215 { 216 strategy = MuleManager.getInstance().getSecurityManager().getEncryptionStrategy(strategyName); 217 } 218 219 if (strategy == null) 220 { 221 throw new InitialisationException(new org.mule.config.i18n.Message( 222 Messages.ENCRYPT_STRATEGY_NOT_SET), this); 223 } 224 } 225 226 public UMOEncryptionStrategy getStrategy() 227 { 228 return strategy; 229 } 230 231 public void setStrategy(UMOEncryptionStrategy strategy) 232 { 233 this.strategy = strategy; 234 } 235 236 public void setStrategyName(String name) 237 { 238 strategyName = name; 239 } 240 241 public boolean isSignRequired() 242 { 243 return signRequired; 244 } 245 246 public void setSignRequired(boolean signRequired) 247 { 248 this.signRequired = signRequired; 249 } 250 251 public PGPKeyRing getKeyManager() 252 { 253 return keyManager; 254 } 255 256 public void setKeyManager(PGPKeyRing keyManager) 257 { 258 this.keyManager = keyManager; 259 } 260 } 261 | Popular Tags |