Repository: brooklyn-server Updated Branches: refs/heads/master 82511c3b1 -> 460db56a4
SecureKeys.readPem - accept byte[] key Callers were not closing the streams they were passing in - easier to deal with byte[] instead. Project: http://git-wip-us.apache.org/repos/asf/brooklyn-server/repo Commit: http://git-wip-us.apache.org/repos/asf/brooklyn-server/commit/7ad473e4 Tree: http://git-wip-us.apache.org/repos/asf/brooklyn-server/tree/7ad473e4 Diff: http://git-wip-us.apache.org/repos/asf/brooklyn-server/diff/7ad473e4 Branch: refs/heads/master Commit: 7ad473e40f5a51e21c5b02d74f568c236f5c6f28 Parents: a0e0f2c Author: Svetoslav Neykov <[email protected]> Authored: Wed Jun 15 15:54:34 2016 +0300 Committer: Svetoslav Neykov <[email protected]> Committed: Thu Jun 16 11:49:20 2016 +0300 ---------------------------------------------------------------------- .../core/location/LocationConfigUtils.java | 2 +- .../location/ssh/SshMachineLocation.java | 2 +- .../brooklyn/util/core/crypto/SecureKeys.java | 15 +++++++++----- .../core/crypto/SecureKeysAndSignerTest.java | 21 +++++++++++--------- 4 files changed, 24 insertions(+), 16 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/7ad473e4/core/src/main/java/org/apache/brooklyn/core/location/LocationConfigUtils.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/brooklyn/core/location/LocationConfigUtils.java b/core/src/main/java/org/apache/brooklyn/core/location/LocationConfigUtils.java index bc2eb49..17705f9 100644 --- a/core/src/main/java/org/apache/brooklyn/core/location/LocationConfigUtils.java +++ b/core/src/main/java/org/apache/brooklyn/core/location/LocationConfigUtils.java @@ -319,7 +319,7 @@ public class LocationConfigUtils { KeyPair privateKey = null; String passphrase = config.get(CloudLocationConfig.PRIVATE_KEY_PASSPHRASE); try { - privateKey = SecureKeys.readPem(new ByteArrayInputStream(privateKeyData.getBytes()), passphrase); + privateKey = SecureKeys.readPem(privateKeyData.getBytes(), passphrase); if (passphrase!=null) { // get the unencrypted key data for our internal use (jclouds requires this) privateKeyData = SecureKeys.toPem(privateKey); http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/7ad473e4/core/src/main/java/org/apache/brooklyn/location/ssh/SshMachineLocation.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/brooklyn/location/ssh/SshMachineLocation.java b/core/src/main/java/org/apache/brooklyn/location/ssh/SshMachineLocation.java index 3a91845..b66c94c 100644 --- a/core/src/main/java/org/apache/brooklyn/location/ssh/SshMachineLocation.java +++ b/core/src/main/java/org/apache/brooklyn/location/ssh/SshMachineLocation.java @@ -1113,7 +1113,7 @@ public class SshMachineLocation extends AbstractLocation implements MachineLocat OsCredential creds = LocationConfigUtils.getOsCredential(config().getBag()); if (creds.hasKey()) { String data = creds.getPrivateKeyData(); - return SecureKeys.readPem(new ReaderInputStream(new StringReader(data)), getConfig(SshTool.PROP_PRIVATE_KEY_PASSPHRASE)); + return SecureKeys.readPem(data.getBytes(), getConfig(SshTool.PROP_PRIVATE_KEY_PASSPHRASE)); } else { return null; } http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/7ad473e4/core/src/main/java/org/apache/brooklyn/util/core/crypto/SecureKeys.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/brooklyn/util/core/crypto/SecureKeys.java b/core/src/main/java/org/apache/brooklyn/util/core/crypto/SecureKeys.java index 3ddfc8a..a36b00a 100644 --- a/core/src/main/java/org/apache/brooklyn/util/core/crypto/SecureKeys.java +++ b/core/src/main/java/org/apache/brooklyn/util/core/crypto/SecureKeys.java @@ -78,12 +78,17 @@ public class SecureKeys extends SecureKeysWithoutBouncyCastle { return new X509Principal("" + "C=None," + "L=None," + "O=None," + "OU=None," + "CN=" + commonName); } + /** @deprecated since 0.10.0 - use {@link #readPem(byte[], String)} instead */ + @Deprecated + public static KeyPair readPem(InputStream input, final String passphrase) { + return readPem(Streams.readFully(input), passphrase); + } + /** reads RSA or DSA / pem style private key files (viz {@link #toPem(KeyPair)}), extracting also the public key if possible. Closes the stream. * @throws IllegalStateException on errors, in particular {@link PassphraseProblem} if that is the problem */ - public static KeyPair readPem(InputStream input, final String passphrase) { + public static KeyPair readPem(byte[] key, final String passphrase) { // TODO cache is only for fallback "reader" strategy (2015-01); delete when Parser confirmed working - byte[] cache = Streams.readFullyAndClose(input); - input = new ByteArrayInputStream(cache); + InputStream input = new ByteArrayInputStream(key); try { PEMParser pemParser = new PEMParser(new InputStreamReader(input)); @@ -122,7 +127,7 @@ public class SecureKeys extends SecureKeysWithoutBouncyCastle { // replaced with above based on http://stackoverflow.com/questions/14919048/bouncy-castle-pemreader-pemparser // passes the same tests (Jan 2015) but leaving the old code as a fallback for the time being - input = new ByteArrayInputStream(cache); + input = new ByteArrayInputStream(key); try { Security.addProvider(new BouncyCastleProvider()); @SuppressWarnings("deprecation") @@ -155,7 +160,7 @@ public class SecureKeys extends SecureKeysWithoutBouncyCastle { /** returns the PEM (base64, ie for id_rsa) string for the private key / key pair; * this starts -----BEGIN PRIVATE KEY----- and ends similarly, like id_rsa. - * also see {@link #readPem(InputStream, String)} */ + * also see {@link #readPem(byte[], String)} */ public static String toPem(KeyPair key) { return stringPem(key); } http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/7ad473e4/core/src/test/java/org/apache/brooklyn/util/core/crypto/SecureKeysAndSignerTest.java ---------------------------------------------------------------------- diff --git a/core/src/test/java/org/apache/brooklyn/util/core/crypto/SecureKeysAndSignerTest.java b/core/src/test/java/org/apache/brooklyn/util/core/crypto/SecureKeysAndSignerTest.java index 985ae47..54ec909 100644 --- a/core/src/test/java/org/apache/brooklyn/util/core/crypto/SecureKeysAndSignerTest.java +++ b/core/src/test/java/org/apache/brooklyn/util/core/crypto/SecureKeysAndSignerTest.java @@ -19,7 +19,6 @@ package org.apache.brooklyn.util.core.crypto; import java.io.File; -import java.io.FileInputStream; import java.nio.charset.Charset; import java.security.KeyPair; import java.security.PublicKey; @@ -30,6 +29,7 @@ import org.apache.brooklyn.util.core.ResourceUtils; import org.apache.brooklyn.util.core.crypto.SecureKeys.PassphraseProblem; import org.apache.brooklyn.util.crypto.AuthorizedKeysParser; import org.apache.brooklyn.util.os.Os; +import org.apache.brooklyn.util.stream.Streams; import org.testng.Assert; import org.testng.annotations.Test; @@ -91,21 +91,21 @@ public class SecureKeysAndSignerTest { @Test public void testReadRsaKey() throws Exception { - KeyPair key = SecureKeys.readPem(ResourceUtils.create(this).getResourceFromUrl("classpath://brooklyn/util/crypto/sample_rsa.pem"), null); + KeyPair key = readPem("classpath://brooklyn/util/crypto/sample_rsa.pem", null); checkNonTrivial(key); } @Test(expectedExceptions=IllegalStateException.class) public void testReadRsaPublicKeyAsPemFails() throws Exception { // should fail; see next test - SecureKeys.readPem(ResourceUtils.create(this).getResourceFromUrl("classpath://brooklyn/util/crypto/sample_rsa.pem.pub"), null); + readPem("classpath://brooklyn/util/crypto/sample_rsa.pem.pub", null); } @Test public void testReadRsaPublicKeyAsAuthKeysWorks() throws Exception { PublicKey key = AuthorizedKeysParser.decodePublicKey( ResourceUtils.create(this).getResourceAsString("classpath://brooklyn/util/crypto/sample_rsa.pem.pub")); - KeyPair fromPem = SecureKeys.readPem(ResourceUtils.create(this).getResourceFromUrl("classpath://brooklyn/util/crypto/sample_rsa.pem"), null); + KeyPair fromPem = readPem("classpath://brooklyn/util/crypto/sample_rsa.pem", null); Assert.assertEquals(key, fromPem.getPublic()); } @@ -131,28 +131,28 @@ public class SecureKeysAndSignerTest { @Test public void testReadDsaKey() throws Exception { - KeyPair key = SecureKeys.readPem(ResourceUtils.create(this).getResourceFromUrl("classpath://brooklyn/util/crypto/sample_dsa.pem"), null); + KeyPair key = readPem("classpath://brooklyn/util/crypto/sample_dsa.pem", null); checkNonTrivial(key); } @Test(expectedExceptions=Exception.class) public void testCantReadRsaPassphraseKeyWithoutPassphrase() throws Exception { - KeyPair key = SecureKeys.readPem(ResourceUtils.create(this).getResourceFromUrl("classpath://brooklyn/util/crypto/sample_rsa_passphrase.pem"), null); + KeyPair key = readPem("classpath://brooklyn/util/crypto/sample_rsa_passphrase.pem", null); checkNonTrivial(key); } @Test(expectedExceptions=PassphraseProblem.class) public void testReadRsaPassphraseWithoutKeyFails() throws Exception { - SecureKeys.readPem(ResourceUtils.create(this).getResourceFromUrl("classpath://brooklyn/util/crypto/sample_rsa_passphrase.pem"), null); + readPem("classpath://brooklyn/util/crypto/sample_rsa_passphrase.pem", null); } @Test public void testReadRsaPassphraseKeyAndWriteWithoutPassphrase() throws Exception { - KeyPair key = SecureKeys.readPem(ResourceUtils.create(this).getResourceFromUrl("classpath://brooklyn/util/crypto/sample_rsa_passphrase.pem"), "passphrase"); + KeyPair key = readPem("classpath://brooklyn/util/crypto/sample_rsa_passphrase.pem", "passphrase"); checkNonTrivial(key); File f = Os.newTempFile(getClass(), "brooklyn-sample_rsa_passphrase_without_passphrase.pem"); Files.write(SecureKeys.toPem(key), f, Charset.defaultCharset()); - KeyPair key2 = SecureKeys.readPem(new FileInputStream(f), null); + KeyPair key2 = readPem(f.toURI().toString(), null); checkNonTrivial(key2); Assert.assertEquals(key2.getPrivate().getEncoded(), key.getPrivate().getEncoded()); Assert.assertEquals(key2.getPublic().getEncoded(), key.getPublic().getEncoded()); @@ -163,4 +163,7 @@ public class SecureKeysAndSignerTest { Assert.assertNotEquals(key.getPublic().getEncoded().length, 0); } + private KeyPair readPem(String url, String passphrase) { + return SecureKeys.readPem(Streams.readFullyAndClose(ResourceUtils.create(this).getResourceFromUrl(url)), passphrase); + } }
