fix unit tests
Project: http://git-wip-us.apache.org/repos/asf/brooklyn-server/repo Commit: http://git-wip-us.apache.org/repos/asf/brooklyn-server/commit/9e29d226 Tree: http://git-wip-us.apache.org/repos/asf/brooklyn-server/tree/9e29d226 Diff: http://git-wip-us.apache.org/repos/asf/brooklyn-server/diff/9e29d226 Branch: refs/heads/master Commit: 9e29d226705aa7ae5a8eaf27e46cb767f1217f1f Parents: c3de628 Author: Andrea Turli <andrea.tu...@gmail.com> Authored: Sun Nov 6 22:41:58 2016 +0100 Committer: Andrea Turli <andrea.tu...@gmail.com> Committed: Tue Dec 6 15:29:57 2016 +0100 ---------------------------------------------------------------------- .../core/location/LocationConfigUtils.java | 5 +- .../util/core/crypto/FluentKeySigner.java | 11 +++-- .../brooklyn/util/core/crypto/SecureKeys.java | 51 ++++---------------- 3 files changed, 20 insertions(+), 47 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/9e29d226/core/src/main/java/org/apache/brooklyn/core/location/LocationConfigUtils.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/brooklyn/core/location/LocationConfigUtils.java b/core/src/main/java/org/apache/brooklyn/core/location/LocationConfigUtils.java index 17705f9..2ed7e1a 100644 --- a/core/src/main/java/org/apache/brooklyn/core/location/LocationConfigUtils.java +++ b/core/src/main/java/org/apache/brooklyn/core/location/LocationConfigUtils.java @@ -20,7 +20,6 @@ package org.apache.brooklyn.core.location; import static org.apache.brooklyn.util.JavaGroovyEquivalents.groovyTruth; -import java.io.ByteArrayInputStream; import java.io.File; import java.security.KeyPair; import java.security.PublicKey; @@ -36,8 +35,6 @@ import org.apache.brooklyn.core.BrooklynFeatureEnablement; import org.apache.brooklyn.core.config.ConfigKeys; import org.apache.brooklyn.core.location.cloud.CloudLocationConfig; import org.apache.brooklyn.core.location.internal.LocationInternal; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.apache.brooklyn.util.collections.MutableMap; import org.apache.brooklyn.util.collections.MutableSet; import org.apache.brooklyn.util.core.ResourceUtils; @@ -49,6 +46,8 @@ import org.apache.brooklyn.util.exceptions.Exceptions; import org.apache.brooklyn.util.os.Os; import org.apache.brooklyn.util.text.StringFunctions; import org.apache.brooklyn.util.text.Strings; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import com.google.common.annotations.Beta; import com.google.common.base.Objects; http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/9e29d226/core/src/main/java/org/apache/brooklyn/util/core/crypto/FluentKeySigner.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/brooklyn/util/core/crypto/FluentKeySigner.java b/core/src/main/java/org/apache/brooklyn/util/core/crypto/FluentKeySigner.java index ecc7c36..a2aaabd 100644 --- a/core/src/main/java/org/apache/brooklyn/util/core/crypto/FluentKeySigner.java +++ b/core/src/main/java/org/apache/brooklyn/util/core/crypto/FluentKeySigner.java @@ -32,7 +32,9 @@ import org.apache.brooklyn.core.internal.BrooklynInitialization; import org.apache.brooklyn.util.exceptions.Exceptions; import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier; import org.bouncycastle.asn1.x509.X509Extension; +import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils; import org.bouncycastle.jce.X509Principal; +import org.bouncycastle.x509.X509V3CertificateGenerator; /** A fluent API which simplifies generating certificates (signed keys) */ /* NB - re deprecation - we use deprecated X509V3CertificateGenerator still @@ -146,8 +148,10 @@ public class FluentKeySigner { // TODO see note re deprecation at start of file @SuppressWarnings("deprecation") public X509Certificate newCertificateFor(X500Principal subject, PublicKey keyToCertify) { + try { - org.bouncycastle.x509.X509V3CertificateGenerator v3CertGen = new org.bouncycastle.x509.X509V3CertificateGenerator(); + + X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator(); v3CertGen.setSerialNumber( serialNumber != null ? serialNumber : @@ -159,10 +163,11 @@ public class FluentKeySigner { v3CertGen.setSignatureAlgorithm(signatureAlgorithm); v3CertGen.setSubjectDN(subject); - v3CertGen.setPublicKey(keyToCertify); + v3CertGen.setPublicKey(keyToCertify); + JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils(); v3CertGen.addExtension(X509Extension.subjectKeyIdentifier, false, - new org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure(keyToCertify)); + jcaX509ExtensionUtils.createSubjectKeyIdentifier(keyToCertify)); if (authorityKeyIdentifier!=null) v3CertGen.addExtension(X509Extension.authorityKeyIdentifier, false, http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/9e29d226/core/src/main/java/org/apache/brooklyn/util/core/crypto/SecureKeys.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/brooklyn/util/core/crypto/SecureKeys.java b/core/src/main/java/org/apache/brooklyn/util/core/crypto/SecureKeys.java index a36b00a..5a1e54a 100644 --- a/core/src/main/java/org/apache/brooklyn/util/core/crypto/SecureKeys.java +++ b/core/src/main/java/org/apache/brooklyn/util/core/crypto/SecureKeys.java @@ -41,7 +41,6 @@ import org.bouncycastle.openssl.PEMEncryptedKeyPair; import org.bouncycastle.openssl.PEMKeyPair; import org.bouncycastle.openssl.PEMParser; import org.bouncycastle.openssl.PEMWriter; -import org.bouncycastle.openssl.PasswordFinder; import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter; import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder; import org.slf4j.Logger; @@ -89,67 +88,37 @@ public class SecureKeys extends SecureKeysWithoutBouncyCastle { public static KeyPair readPem(byte[] key, final String passphrase) { // TODO cache is only for fallback "reader" strategy (2015-01); delete when Parser confirmed working InputStream input = new ByteArrayInputStream(key); - + KeyPair keyPair; try { PEMParser pemParser = new PEMParser(new InputStreamReader(input)); - Object object = pemParser.readObject(); pemParser.close(); - + if (Security.getProvider("BC") == null) { + Security.addProvider(new BouncyCastleProvider()); + } JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC"); - KeyPair kp = null; if (object==null) { throw new IllegalStateException("PEM parsing failed: missing or invalid data"); } else if (object instanceof PEMEncryptedKeyPair) { if (passphrase==null) throw new PassphraseProblem("passphrase required"); try { PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(passphrase.toCharArray()); - kp = converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv)); + keyPair = converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv)); } catch (Exception e) { Exceptions.propagateIfFatal(e); throw new PassphraseProblem("wrong passphrase", e); } } else if (object instanceof PEMKeyPair) { - kp = converter.getKeyPair((PEMKeyPair) object); + keyPair = converter.getKeyPair((PEMKeyPair) object); } else if (object instanceof PrivateKeyInfo) { PrivateKey privKey = converter.getPrivateKey((PrivateKeyInfo) object); - kp = new KeyPair(null, privKey); + keyPair = new KeyPair(null, privKey); } else { throw new IllegalStateException("PEM parser support missing for: "+object); } - - return kp; - - } catch (Exception e) { - Exceptions.propagateIfFatal(e); - - // older code relied on PEMReader, now deprecated - // replaced with above based on http://stackoverflow.com/questions/14919048/bouncy-castle-pemreader-pemparser - // passes the same tests (Jan 2015) but leaving the old code as a fallback for the time being - - input = new ByteArrayInputStream(key); - try { - Security.addProvider(new BouncyCastleProvider()); - @SuppressWarnings("deprecation") - org.bouncycastle.openssl.PEMReader pr = new org.bouncycastle.openssl.PEMReader(new InputStreamReader(input), new PasswordFinder() { - public char[] getPassword() { - return passphrase!=null ? passphrase.toCharArray() : new char[0]; - } - }); - @SuppressWarnings("deprecation") - KeyPair result = (KeyPair) pr.readObject(); - pr.close(); - if (result==null) - throw Exceptions.propagate(e); - - log.warn("PEMParser failed when deprecated PEMReader succeeded, with "+result+"; had: "+e); - - return result; - - } catch (Exception e2) { - Exceptions.propagateIfFatal(e2); - throw Exceptions.propagate(e); - } + return keyPair; + } catch (IOException e) { + throw new RuntimeException("Invalid key", e); } }