Updated Branches: refs/heads/master c584871f5 -> dec4a2293
CAMEL-7039. Upgrade to BouncyCastle 1.50. Fixes for deprecated apis in camel-ssh. Project: http://git-wip-us.apache.org/repos/asf/camel/repo Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/dec4a229 Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/dec4a229 Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/dec4a229 Branch: refs/heads/master Commit: dec4a229357a6bc16d839da0cd35448c77910080 Parents: c584871 Author: Hadrian Zbarcea <[email protected]> Authored: Wed Dec 11 09:49:57 2013 -0500 Committer: Hadrian Zbarcea <[email protected]> Committed: Wed Dec 11 09:49:57 2013 -0500 ---------------------------------------------------------------------- .../ssh/ResourceHelperKeyPairProvider.java | 28 ++++- .../component/ssh/FileKeyPairProvider.java | 114 +++++++++++++++++++ .../component/ssh/SshComponentSecurityTest.java | 1 - .../component/ssh/SshComponentTestSupport.java | 1 - parent/pom.xml | 2 +- 5 files changed, 138 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/camel/blob/dec4a229/components/camel-ssh/src/main/java/org/apache/camel/component/ssh/ResourceHelperKeyPairProvider.java ---------------------------------------------------------------------- diff --git a/components/camel-ssh/src/main/java/org/apache/camel/component/ssh/ResourceHelperKeyPairProvider.java b/components/camel-ssh/src/main/java/org/apache/camel/component/ssh/ResourceHelperKeyPairProvider.java index 393159c..9457b05 100644 --- a/components/camel-ssh/src/main/java/org/apache/camel/component/ssh/ResourceHelperKeyPairProvider.java +++ b/components/camel-ssh/src/main/java/org/apache/camel/component/ssh/ResourceHelperKeyPairProvider.java @@ -28,8 +28,13 @@ import org.apache.camel.util.ResourceHelper; import org.apache.sshd.common.keyprovider.AbstractKeyPairProvider; import org.apache.sshd.common.util.IoUtils; import org.apache.sshd.common.util.SecurityUtils; -import org.bouncycastle.openssl.PEMReader; +import org.bouncycastle.openssl.PEMDecryptorProvider; +import org.bouncycastle.openssl.PEMEncryptedKeyPair; +import org.bouncycastle.openssl.PEMKeyPair; +import org.bouncycastle.openssl.PEMParser; import org.bouncycastle.openssl.PasswordFinder; +import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter; +import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -99,19 +104,31 @@ public class ResourceHelperKeyPairProvider extends AbstractKeyPairProvider { new ArrayList<KeyPair>(this.resources.length); for (String resource : resources) { - PEMReader r = null; + PEMParser r = null; InputStreamReader isr = null; InputStream is = null; try { is = ResourceHelper.resolveMandatoryResourceAsInputStream(classResolver, resource); isr = new InputStreamReader(is); - r = new PEMReader(isr, passwordFinder); + r = new PEMParser(isr); Object o = r.readObject(); - - if (o instanceof KeyPair) { + + JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter(); + pemConverter.setProvider("BC"); + if (passwordFinder != null && o instanceof PEMEncryptedKeyPair) { + JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder(); + PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(passwordFinder.getPassword()); + o = pemConverter.getKeyPair(((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor)); + } + + if (o instanceof PEMKeyPair) { + o = pemConverter.getKeyPair((PEMKeyPair)o); + keys.add((KeyPair) o); + } else if (o instanceof KeyPair) { keys.add((KeyPair) o); } + } catch (Exception e) { log.warn("Unable to read key", e); } finally { @@ -121,4 +138,5 @@ public class ResourceHelperKeyPairProvider extends AbstractKeyPairProvider { return keys.toArray(new KeyPair[keys.size()]); } + } http://git-wip-us.apache.org/repos/asf/camel/blob/dec4a229/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/FileKeyPairProvider.java ---------------------------------------------------------------------- diff --git a/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/FileKeyPairProvider.java b/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/FileKeyPairProvider.java new file mode 100644 index 0000000..e4f2b88 --- /dev/null +++ b/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/FileKeyPairProvider.java @@ -0,0 +1,114 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.camel.component.ssh; + +import java.io.FileInputStream; +import java.io.InputStreamReader; +import java.security.KeyPair; +import java.util.ArrayList; +import java.util.List; + +import org.apache.sshd.common.keyprovider.AbstractKeyPairProvider; +import org.apache.sshd.common.util.SecurityUtils; +import org.bouncycastle.openssl.PEMDecryptorProvider; +import org.bouncycastle.openssl.PEMEncryptedKeyPair; +import org.bouncycastle.openssl.PEMKeyPair; +import org.bouncycastle.openssl.PEMParser; +import org.bouncycastle.openssl.PasswordFinder; +import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter; +import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder; + +/** + * This host key provider loads private keys from the specified files. + * + * Note that this class has a direct dependency on BouncyCastle and won't work + * unless it has been correctly registered as a security provider. + * + * @author <a href="mailto:[email protected]";>Apache MINA SSHD Project</a> + */ +public class FileKeyPairProvider extends AbstractKeyPairProvider { + + private String[] files; + private PasswordFinder passwordFinder; + + public FileKeyPairProvider() { + } + + public FileKeyPairProvider(String[] files) { + this.files = files; + } + + public FileKeyPairProvider(String[] files, PasswordFinder passwordFinder) { + this.files = files; + this.passwordFinder = passwordFinder; + } + + public String[] getFiles() { + return files; + } + + public void setFiles(String[] files) { + this.files = files; + } + + public PasswordFinder getPasswordFinder() { + return passwordFinder; + } + + public void setPasswordFinder(PasswordFinder passwordFinder) { + this.passwordFinder = passwordFinder; + } + + public KeyPair[] loadKeys() { + if (!SecurityUtils.isBouncyCastleRegistered()) { + throw new IllegalStateException("BouncyCastle must be registered as a JCE provider"); + } + List<KeyPair> keys = new ArrayList<KeyPair>(); + for (int i = 0; i < files.length; i++) { + try { + PEMParser r = new PEMParser(new InputStreamReader(new FileInputStream(files[i]))); + try { + Object o = r.readObject(); + + JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter(); + pemConverter.setProvider("BC"); + if (passwordFinder != null && o instanceof PEMEncryptedKeyPair) { + JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder(); + PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(passwordFinder.getPassword()); + o = pemConverter.getKeyPair(((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor)); + } + + if (o instanceof PEMKeyPair) { + o = pemConverter.getKeyPair((PEMKeyPair)o); + keys.add((KeyPair) o); + } else if (o instanceof KeyPair) { + keys.add((KeyPair) o); + } + + } finally { + r.close(); + } + } catch (Exception e) { + log.warn("Unable to read key {}: {}", files[i], e); + } + } + return keys.toArray(new KeyPair[keys.size()]); + } + +} http://git-wip-us.apache.org/repos/asf/camel/blob/dec4a229/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentSecurityTest.java ---------------------------------------------------------------------- diff --git a/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentSecurityTest.java b/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentSecurityTest.java index cd5c2df..02220d6 100644 --- a/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentSecurityTest.java +++ b/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentSecurityTest.java @@ -19,7 +19,6 @@ package org.apache.camel.component.ssh; import org.apache.camel.builder.RouteBuilder; import org.apache.camel.component.mock.MockEndpoint; import org.apache.sshd.common.KeyPairProvider; -import org.apache.sshd.common.keyprovider.FileKeyPairProvider; import org.junit.Test; public class SshComponentSecurityTest extends SshComponentTestSupport { http://git-wip-us.apache.org/repos/asf/camel/blob/dec4a229/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentTestSupport.java ---------------------------------------------------------------------- diff --git a/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentTestSupport.java b/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentTestSupport.java index 3a2eb1d..b7e9ace 100644 --- a/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentTestSupport.java +++ b/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentTestSupport.java @@ -19,7 +19,6 @@ package org.apache.camel.component.ssh; import org.apache.camel.test.AvailablePortFinder; import org.apache.camel.test.junit4.CamelTestSupport; import org.apache.sshd.SshServer; -import org.apache.sshd.common.keyprovider.FileKeyPairProvider; public class SshComponentTestSupport extends CamelTestSupport { protected SshServer sshd; http://git-wip-us.apache.org/repos/asf/camel/blob/dec4a229/parent/pom.xml ---------------------------------------------------------------------- diff --git a/parent/pom.xml b/parent/pom.xml index 02c7d60..ced89db 100644 --- a/parent/pom.xml +++ b/parent/pom.xml @@ -66,7 +66,7 @@ <bcel-bundle-version>5.2_4</bcel-bundle-version> <beanio-version>2.0.7</beanio-version> <bsh-version>2.0b5</bsh-version> - <bouncycastle-version>1.49</bouncycastle-version> + <bouncycastle-version>1.50</bouncycastle-version> <build-helper-maven-plugin-version>1.8</build-helper-maven-plugin-version> <c3p0-version>0.9.1.2</c3p0-version> <castor-bundle-version>1.3.2_2</castor-bundle-version>
