001: /*
002: * $Id: PGPSecurityProvider.java 10808 2008-02-14 20:36:57Z acooke $
003: * --------------------------------------------------------------------------------------
004: * Copyright (c) MuleSource, Inc. All rights reserved. http://www.mulesource.com
005: *
006: * The software in this package is published under the terms of the CPAL v1.0
007: * license, a copy of which has been included with this distribution in the
008: * LICENSE.txt file.
009: */
010:
011: package org.mule.module.pgp;
012:
013: import org.mule.api.lifecycle.InitialisationException;
014: import org.mule.api.lifecycle.LifecycleTransitionResult;
015: import org.mule.api.security.SecurityException;
016: import org.mule.api.security.Authentication;
017: import org.mule.api.security.SecurityContext;
018: import org.mule.api.security.SecurityContextFactory;
019: import org.mule.api.security.SecurityProvider;
020: import org.mule.api.security.UnauthorisedException;
021: import org.mule.api.security.UnknownAuthenticationTypeException;
022: import org.mule.config.i18n.CoreMessages;
023: import org.mule.module.pgp.i18n.PGPMessages;
024:
025: import cryptix.message.Message;
026: import cryptix.message.MessageException;
027: import cryptix.message.SignedMessage;
028: import cryptix.pki.KeyBundle;
029:
030: public class PGPSecurityProvider implements SecurityProvider {
031: private String name = "PGPSecurityProvider";
032:
033: private PGPKeyRing keyManager;
034:
035: private SecurityContextFactory factory;
036:
037: /*
038: * (non-Javadoc)
039: *
040: * @see org.mule.api.security.SecurityProvider#setName(java.lang.String)
041: */
042: public void setName(String name) {
043: this .name = name;
044: }
045:
046: /*
047: * (non-Javadoc)
048: *
049: * @see org.mule.api.security.SecurityProvider#getName()
050: */
051: public String getName() {
052: return name;
053: }
054:
055: /*
056: * (non-Javadoc)
057: *
058: * @see org.mule.api.security.SecurityProvider#authenticate(org.mule.api.security.Authentication)
059: */
060: public Authentication authenticate(Authentication authentication)
061: throws SecurityException {
062: PGPAuthentication auth = (PGPAuthentication) authentication;
063:
064: String userId = (String) auth.getPrincipal();
065:
066: if (userId == null) {
067: throw new UnauthorisedException(CoreMessages
068: .objectIsNull("UserId"));
069: }
070:
071: KeyBundle userKeyBundle = keyManager.getKeyBundle(userId);
072:
073: if (userKeyBundle == null) {
074: throw new UnauthorisedException(PGPMessages
075: .noPublicKeyForUser(userId));
076: }
077:
078: Message msg = (Message) auth.getCredentials();
079:
080: if (!((msg != null) && msg instanceof SignedMessage)) {
081: throw new UnauthorisedException(PGPMessages
082: .noSignedMessageFound());
083: }
084:
085: try {
086: if (!((SignedMessage) msg).verify(userKeyBundle)) {
087: throw new UnauthorisedException(PGPMessages
088: .invalidSignature());
089: }
090: } catch (MessageException e) {
091: throw new UnauthorisedException(PGPMessages
092: .errorVerifySignature(), e);
093: }
094:
095: auth.setAuthenticated(true);
096: auth.setDetails(userKeyBundle);
097:
098: return auth;
099: }
100:
101: /*
102: * (non-Javadoc)
103: *
104: * @see org.mule.api.security.SecurityProvider#supports(java.lang.Class)
105: */
106: public boolean supports(Class aClass) {
107: return PGPAuthentication.class.isAssignableFrom(aClass);
108: }
109:
110: /*
111: * (non-Javadoc)
112: *
113: * @see org.mule.api.security.SecurityProvider#createSecurityContext(org.mule.api.security.Authentication)
114: */
115: public SecurityContext createSecurityContext(Authentication auth)
116: throws UnknownAuthenticationTypeException {
117: return factory.create(auth);
118: }
119:
120: /*
121: * (non-Javadoc)
122: *
123: * @see org.mule.api.lifecycle.Initialisable#initialise()
124: */
125: public LifecycleTransitionResult initialise()
126: throws InitialisationException {
127: try {
128: java.security.Security
129: .addProvider(new cryptix.jce.provider.CryptixCrypto());
130: java.security.Security
131: .addProvider(new cryptix.openpgp.provider.CryptixOpenPGP());
132:
133: factory = new PGPSecurityContextFactory();
134: } catch (Exception e) {
135: throw new InitialisationException(CoreMessages
136: .failedToCreate("PGPProvider"), e, this );
137: }
138: return LifecycleTransitionResult.OK;
139: }
140:
141: public PGPKeyRing getKeyManager() {
142: return keyManager;
143: }
144:
145: public void setKeyManager(PGPKeyRing keyManager) {
146: this.keyManager = keyManager;
147: }
148: }
|