add support for PEM form of decryption key

README.md

@@ -11,7 +11,7 @@ To use the CPS connector in a Mule project, add this dependency to your applicat
 			<groupId>org.mule.cps</groupId>
 			<artifactId>cps-connector</artifactId>
 			<classifier>mule-plugin</classifier>
-			<version>1.0.1</version>
+			<version>1.0.5</version>
 		</dependency>
 ```
 Then add the Global Configuration-property-service Config element to your project's config.xml file. The XML looks like this:
@@ -65,7 +65,11 @@ To configure the keystore, add these properties to either your server environmen
 Note for CloudHub, place the keystore in the src/main/resources directory and specify only the filename in the mule_cps_keystore_filename. The keystore file name can also be a url which returns the keystore file (for instance, ```mule_cps_keystore_filename=https://privatelibrary.mydomain.com/keystores/cps_keystore_latest.jks```).
 
 ##Associated REST Service Project
-The CPS REST service project can be found [here](https://github.com/mulesoft-consulting/mule4-cps-rest-service):
+The CPS REST service project can be found [here](https://github.com/mulesoft-consulting/mule4-cps-rest-service)
+
+## PKCS8 PEM File for Deployment Injection of Decryption Key
+
+The use PEM flag can be set to "true" which will case the decryption to look for a system property with the same name as the keyId. The systemp property must be an unencrypted PKCS8 PEM format. This is useful for injecting the decryption key into the system properties during deployment. If the system property is not found, the a file named <keyId>.pkcs8 will be opened. The file contains an unencrypted PKCS8 PEM format. If neither form of PEM is found, no properties are decrypted.
 
 ## Invalid Key Size Error During Encryption or Decryption
 
@@ -75,4 +79,5 @@ This error will occur if the Java Cryptography Extension (JCE) Unlimited Strengt
 
 Orginal project is: https://github.com/mulesoft-consulting/mule4-cps-connector
 
-1.0.3 peter dunworth -Add additional headers into call to cps rest service, allows calls to RTF deployed cps
+1.0.3 peter dunworth -Add additional headers into call to cps rest service, allows calls to RTF deployed cps
+1.0.5 peter dunworth -Add support for PKCS8 decryption keys.

pom.xml

@@ -5,7 +5,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.mule.cps</groupId>
 	<artifactId>cps-connector</artifactId>
-	<version>1.0.4</version>
+	<version>1.0.5</version>
 	<packaging>mule-extension</packaging>
 	<name>Configuration-properties-service (CPS) Extension</name>
 
@@ -121,7 +121,7 @@
 		<dependency>
 			<groupId>org.mule.consulting</groupId>
 			<artifactId>mule4-cps-encryption</artifactId>
-			<version>1.1.2</version>
+			<version>1.1.3</version>
 		</dependency>
 	</dependencies>
 

src/main/java/org/mule/consulting/cps/extension/api/CpsPropertiesProviderFactory.java

@@ -59,6 +59,7 @@ public ConfigurationPropertiesProvider createProvider(ConfigurationParameters pa
             String clientId = parameters.getStringParameter("clientId");
             String clientSecret = parameters.getStringParameter("clientSecret");
             String passCredentialsAsHeaders = getOptionalStringParemeter(parameters, "passCredentialsAsHeaders");
+            String usePEM = getOptionalStringParemeter(parameters, "usePEM");
 
 
             Map<String, String> headers = new LinkedHashMap<>();
@@ -100,12 +101,14 @@ public ConfigurationPropertiesProvider createProvider(ConfigurationParameters pa
             config.setClientSecret(clientSecret);
             config.setPassCredentialsAsHeaders(passCredentialsAsHeaders);
             config.setAdditionalHeaders(headers);
+            config.setUsePEM(usePEM);
 
             ApplicationDataProvider provider = ApplicationDataProvider.factory.newApplicationDataProvider(config);
 
             ApplicationConfiguration appConfig = provider.loadApplicationConfiguration(config.getProjectName(),config.getBranchName(),
             		config.getInstanceId(), config.getEnvName(), config.getKeyId(), config.getClientId(), config.getClientSecret(), 
-            		CpsConfiguration.asBooleanValue(config.getPassCredentialsAsHeaders()), config.getAdditionalHeaders());
+            		CpsConfiguration.asBooleanValue(config.getPassCredentialsAsHeaders()), config.getAdditionalHeaders(),
+            		CpsConfiguration.asBooleanValue(config.getUsePEM()));
 
             //store in static config cache for further use.
             //StaticConfigCache.get().store(name, config, appConfig);

src/main/java/org/mule/consulting/cps/extension/api/common/ApplicationDataProvider.java

@@ -23,9 +23,9 @@ public interface ApplicationDataProvider {
      * @return
      * @throws ConfigurationServiceException
      */
-    ApplicationConfiguration loadApplicationConfiguration(String projectName, String branchName, String instanceId, String envName, String keyId, String clientId, String clientSecret, boolean passCredentialsAsHeaders, Map<String, String> additionalHeaders) throws CpsException;
+    ApplicationConfiguration loadApplicationConfiguration(String projectName, String branchName, String instanceId, String envName, String keyId, String clientId, String clientSecret, boolean passCredentialsAsHeaders, Map<String, String> additionalHeaders, boolean usePEM) throws CpsException;
 
 	Map<String, Object> loadApplication(String projectName, String branchName, String instanceId, String envName,
 			String keyId, String clientId, String clientSecret, boolean passCredentialsAsHeaders,
-			Map<String, String> additionalHeaders) throws CpsException;
+			Map<String, String> additionalHeaders, boolean usePEM) throws CpsException;
 }

src/main/java/org/mule/consulting/cps/extension/api/common/fileclient/LocalFileDataProvider.java

@@ -39,7 +39,7 @@ public LocalFileDataProvider(String path, String projectName, String branchName,
 
 	@Override
 	public Map<String, Object> loadApplication(String projectName, String branchName, String instanceId, String envName,
-			String keyId, String clientId, String clientSecret, boolean passCredentialsAsHeaders, Map<String, String> additionalHeaders) throws ConfigurationNotFoundException {
+			String keyId, String clientId, String clientSecret, boolean passCredentialsAsHeaders, Map<String, String> additionalHeaders, boolean usePEM) throws ConfigurationNotFoundException {
 
 		logger.info("Loading local file: {}", localFileName);
 		logger.info("Will attempt to load classpathResource {}", localFileName);
@@ -62,11 +62,11 @@ public Map<String, Object> loadApplication(String projectName, String branchName
 
 	@Override
 	public ApplicationConfiguration loadApplicationConfiguration(String projectName, String branchName,
-			String instanceId, String envName, String keyId, String clientId, String clientSecret, boolean passCredentialsAsHeaders, Map<String, String> additionalHeaders) throws CpsException {
+			String instanceId, String envName, String keyId, String clientId, String clientSecret, boolean passCredentialsAsHeaders, Map<String, String> additionalHeaders, boolean usePEM) throws CpsException {
 
 		ApplicationConfigurationBuilder builder = ApplicationConfiguration.builder();
 
-		Map<String, Object> app = loadApplication(projectName, branchName, instanceId, envName, keyId, null, null, false, null);
+		Map<String, Object> app = loadApplication(projectName, branchName, instanceId, envName, keyId, null, null, false, null, usePEM);
 
 		builder.setProjectName(projectName).setBranchName(branchName).setInstanceId(instanceId).setEnvName(envName)
 				.setKeyId(keyId).setProperties((Map) app.get("properties"));

src/main/java/org/mule/consulting/cps/extension/api/common/restclient/RestDataProvider.java

@@ -1,7 +1,9 @@
 package org.mule.consulting.cps.extension.api.common.restclient;
 
+import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
+import java.security.PrivateKey;
 import java.util.ArrayList;
 import java.util.LinkedHashMap;
 import java.util.List;
@@ -17,6 +19,7 @@
 
 import org.glassfish.jersey.internal.util.Base64;
 import org.mule.consulting.cps.encryption.CpsEncryptor;
+import org.mule.consulting.cps.encryption.KeyStoreHelper;
 import org.mule.consulting.cps.extension.api.common.ApplicationConfiguration;
 import org.mule.consulting.cps.extension.api.common.ApplicationConfigurationBuilder;
 import org.mule.consulting.cps.extension.api.common.ApplicationDataProvider;
@@ -56,12 +59,12 @@ public RestDataProvider(CpsConfiguration config, Client restClient) {
 	@Override
 	public ApplicationConfiguration loadApplicationConfiguration(String projectName, String branchName,
 			String instanceId, String envName, String keyId, String clientId, String clientSecret,
-			boolean passCredentialsAsHeaders, Map<String, String> additionalHeaders) throws CpsException {
+			boolean passCredentialsAsHeaders, Map<String, String> additionalHeaders, boolean usePEM) throws CpsException {
 
 		ApplicationConfigurationBuilder builder = ApplicationConfiguration.builder();
 
 		Map<String, Object> app = loadApplication(projectName, branchName, instanceId, envName, keyId, clientId,
-				clientSecret, passCredentialsAsHeaders, additionalHeaders);
+				clientSecret, passCredentialsAsHeaders, additionalHeaders, usePEM);
 
 		builder.setProjectName(projectName).setBranchName(branchName).setInstanceId(instanceId).setEnvName(envName)
 				.setKeyId(keyId).setProperties((Map) app.get("properties"));
@@ -77,7 +80,7 @@ public ApplicationConfiguration loadApplicationConfiguration(String projectName,
 			for (Map<String, String> importParent : imports) {
 				importList.add(loadApplicationConfiguration(importParent.get("projectName"),
 						importParent.get("branchName"), importParent.get("instanceId"), importParent.get("envName"),
-						importParent.get("keyId"), clientId, clientSecret, passCredentialsAsHeaders, additionalHeaders));
+						importParent.get("keyId"), clientId, clientSecret, passCredentialsAsHeaders, additionalHeaders, usePEM));
 			}
 			builder.setImports(importList);
 		}
@@ -87,7 +90,7 @@ public ApplicationConfiguration loadApplicationConfiguration(String projectName,
 
 	@Override
 	public Map<String, Object> loadApplication(String projectName, String branchName, String instanceId, String envName,
-			String keyId, String clientId, String clientSecret, boolean passCredentialsAsHeaders, Map<String, String> additionalHeaders) throws CpsException {
+			String keyId, String clientId, String clientSecret, boolean passCredentialsAsHeaders, Map<String, String> additionalHeaders, boolean usePEM) throws CpsException {
 
 		boolean useAuthorizationHeader = !passCredentialsAsHeaders;
 
@@ -196,7 +199,7 @@ public Map<String, Object> loadApplication(String projectName, String branchName
 			logger.warn("No configuration property server configured.");
 		}
 
-		decryptProperties(result);
+		decryptProperties(result, usePEM);
 		return result;
 
 	}
@@ -279,7 +282,7 @@ public InputStream loadClasspathResource(String resourceName) {
 
     }
 
-	private void decryptProperties(Map<String, Object> payload) {
+	private void decryptProperties(Map<String, Object> payload, boolean usePEM) {
 
 		String keyId = (String) payload.get("keyId");
 		String cipherKey = (String) payload.get("cipherKey");
@@ -307,7 +310,27 @@ private void decryptProperties(Map<String, Object> payload) {
 
 		try {
 			if (decryptRequired) {
-				CpsEncryptor cpsEncryptor = new CpsEncryptor(keyId, cipherKey);
+				CpsEncryptor cpsEncryptor = null;
+				if (usePEM) {
+					PrivateKey privateKey = null;
+					try {
+						privateKey = KeyStoreHelper.getPrivateKeyFromSystemVariable(keyId);
+					} catch (Exception e) {
+						logger.warn("Using System Variable PEM: " + e.toString());
+						File pkcs8File = new File(keyId + ".pkcs8");
+						if (!pkcs8File.exists() || !pkcs8File.isFile()) {
+							String msg = "Need the file " + pkcs8File.getAbsolutePath()
+									+ " to be present, cannot continue with decrypt";
+							logger.error(msg);
+							throw new Exception(msg);
+						}
+						privateKey = KeyStoreHelper.getPrivateKeyFromPkcsFile(pkcs8File.getAbsolutePath());
+					}
+					cpsEncryptor = new CpsEncryptor(privateKey, cipherKey);
+				} else {
+					cpsEncryptor = new CpsEncryptor(keyId, cipherKey);
+				}
+
 				for (String key : properties.keySet()) {
 					String encryptedValue = properties.get(key);
 					String value = cpsEncryptor.decrypt(encryptedValue);

src/main/java/org/mule/consulting/cps/extension/internal/CpsConfiguration.java

@@ -95,6 +95,13 @@ public class CpsConfiguration {
     @Summary("Additional headers to send.")
     private Map<String, String> additionalHeaders;
 
+	@Parameter
+	@Optional(defaultValue = "false")
+	@Placement(order = 12)
+	@Summary("Use PEM files for decryption keys.")
+	@Example("false")
+	private String usePEM;
+
 	public String getConfigId() {
 		return configId;
 	}
@@ -143,6 +150,10 @@ public Map<String, String> getAdditionalHeaders() {
 		return additionalHeaders;
 	}
 
+	public String getUsePEM() {
+		return usePEM;
+	}
+
 	public void setConfigId(String configId) {
 		this.configId = configId;
 	}
@@ -191,23 +202,23 @@ public void setAdditionalHeaders(Map<String, String> additionalHeaders) {
 		this.additionalHeaders = additionalHeaders;
 	}
 
+	public void setUsePEM(String usePEM) {
+		this.usePEM = usePEM;
+	}
+
 	public static boolean asBooleanValue(String booleanValueAsString) {
-		logger.debug("baseUrlIsInsecureSSL:" + booleanValueAsString);
 		String value = null;
 		try {
 			if (booleanValueAsString == null) {
-				logger.debug("booleanValueAsString: false");
 				return false;
 			} else if (booleanValueAsString.startsWith("${")) {
 				String systemProperty = booleanValueAsString.substring(2, booleanValueAsString.length() - 1);
 				value = System.getProperty(systemProperty);
-				logger.debug("booleanValueAsString: " + value);
 			} else {
 				value = booleanValueAsString;
 			}
 
 			if (value != null) {
-				logger.debug("booleanValueAsString: " + value);
 				if (value.trim().toLowerCase().equals("true"))
 					return true;
 				if (value.trim().toLowerCase().equals("yes"))
@@ -218,11 +229,9 @@ public static boolean asBooleanValue(String booleanValueAsString) {
 					return true;
 				return false;
 			} else {
-				logger.debug("booleanValueAsString: false due to null value");
 				return false;
 			}
 		} catch (Exception e) {
-			logger.debug("booleanValueAsString: false due to exception");
 			return false;
 		}
 	}