Updated Branches: refs/heads/master e22356a77 -> c0957cc2b
[SSHD-268] Upgrade to BouncyCastle 1.49 Project: http://git-wip-us.apache.org/repos/asf/mina-sshd/repo Commit: http://git-wip-us.apache.org/repos/asf/mina-sshd/commit/c0957cc2 Tree: http://git-wip-us.apache.org/repos/asf/mina-sshd/tree/c0957cc2 Diff: http://git-wip-us.apache.org/repos/asf/mina-sshd/diff/c0957cc2 Branch: refs/heads/master Commit: c0957cc2bf562c4087fffc59632cbf701acda0be Parents: e22356a Author: Guillaume Nodet <[email protected]> Authored: Thu Jan 23 17:04:59 2014 +0100 Committer: Guillaume Nodet <[email protected]> Committed: Thu Jan 23 17:04:59 2014 +0100 ---------------------------------------------------------------------- assembly/pom.xml | 8 +++++-- pom.xml | 11 ++++++--- sshd-core/pom.xml | 9 ++++++-- .../common/keyprovider/FileKeyPairProvider.java | 23 ++++++++++++++++--- .../keyprovider/ResourceKeyPairProvider.java | 24 ++++++++++++++++---- .../PEMGeneratorHostKeyProvider.java | 4 ++-- sshd-sftp/pom.xml | 9 ++++++-- 7 files changed, 70 insertions(+), 18 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/c0957cc2/assembly/pom.xml ---------------------------------------------------------------------- diff --git a/assembly/pom.xml b/assembly/pom.xml index 5aa88a1..403a2a4 100644 --- a/assembly/pom.xml +++ b/assembly/pom.xml @@ -61,8 +61,12 @@ <artifactId>slf4j-simple</artifactId> </dependency> <dependency> - <groupId>bouncycastle</groupId> - <artifactId>bcprov-jdk15</artifactId> + <groupId>org.bouncycastle</groupId> + <artifactId>bcpg-jdk15on</artifactId> + </dependency> + <dependency> + <groupId>org.bouncycastle</groupId> + <artifactId>bcpkix-jdk15on</artifactId> </dependency> <dependency> <groupId>tomcat</groupId> http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/c0957cc2/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index edfa948..6cb8bd9 100644 --- a/pom.xml +++ b/pom.xml @@ -115,9 +115,14 @@ <version>1.1.1</version> </dependency> <dependency> - <groupId>bouncycastle</groupId> - <artifactId>bcprov-jdk15</artifactId> - <version>140</version> + <groupId>org.bouncycastle</groupId> + <artifactId>bcpg-jdk15on</artifactId> + <version>1.49</version> + </dependency> + <dependency> + <groupId>org.bouncycastle</groupId> + <artifactId>bcpkix-jdk15on</artifactId> + <version>1.49</version> </dependency> <dependency> <groupId>org.slf4j</groupId> http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/c0957cc2/sshd-core/pom.xml ---------------------------------------------------------------------- diff --git a/sshd-core/pom.xml b/sshd-core/pom.xml index 97d3b23..da5c00c 100644 --- a/sshd-core/pom.xml +++ b/sshd-core/pom.xml @@ -54,8 +54,13 @@ <optional>true</optional> </dependency> <dependency> - <groupId>bouncycastle</groupId> - <artifactId>bcprov-jdk15</artifactId> + <groupId>org.bouncycastle</groupId> + <artifactId>bcpg-jdk15on</artifactId> + <optional>true</optional> + </dependency> + <dependency> + <groupId>org.bouncycastle</groupId> + <artifactId>bcpkix-jdk15on</artifactId> <optional>true</optional> </dependency> <dependency> http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/c0957cc2/sshd-core/src/main/java/org/apache/sshd/common/keyprovider/FileKeyPairProvider.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/main/java/org/apache/sshd/common/keyprovider/FileKeyPairProvider.java b/sshd-core/src/main/java/org/apache/sshd/common/keyprovider/FileKeyPairProvider.java index 7085f12..8d2e979 100644 --- a/sshd-core/src/main/java/org/apache/sshd/common/keyprovider/FileKeyPairProvider.java +++ b/sshd-core/src/main/java/org/apache/sshd/common/keyprovider/FileKeyPairProvider.java @@ -25,8 +25,13 @@ import java.util.ArrayList; import java.util.List; import org.apache.sshd.common.util.SecurityUtils; -import org.bouncycastle.openssl.PEMReader; +import org.bouncycastle.openssl.PEMDecryptorProvider; +import org.bouncycastle.openssl.PEMEncryptedKeyPair; +import org.bouncycastle.openssl.PEMKeyPair; +import org.bouncycastle.openssl.PEMParser; import org.bouncycastle.openssl.PasswordFinder; +import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter; +import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder; /** * This host key provider loads private keys from the specified files. @@ -76,10 +81,22 @@ public class FileKeyPairProvider extends AbstractKeyPairProvider { List<KeyPair> keys = new ArrayList<KeyPair>(); for (int i = 0; i < files.length; i++) { try { - PEMReader r = new PEMReader(new InputStreamReader(new FileInputStream(files[i])), passwordFinder); + PEMParser r = new PEMParser(new InputStreamReader(new FileInputStream(files[i]))); try { Object o = r.readObject(); - if (o instanceof KeyPair) { + + JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter(); + pemConverter.setProvider("BC"); + if (passwordFinder != null && o instanceof PEMEncryptedKeyPair) { + JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder(); + PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(passwordFinder.getPassword()); + o = pemConverter.getKeyPair(((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor)); + } + + if (o instanceof PEMKeyPair) { + o = pemConverter.getKeyPair((PEMKeyPair)o); + keys.add((KeyPair) o); + } else if (o instanceof KeyPair) { keys.add((KeyPair) o); } } finally { http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/c0957cc2/sshd-core/src/main/java/org/apache/sshd/common/keyprovider/ResourceKeyPairProvider.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/main/java/org/apache/sshd/common/keyprovider/ResourceKeyPairProvider.java b/sshd-core/src/main/java/org/apache/sshd/common/keyprovider/ResourceKeyPairProvider.java index 83073c6..0ed6335 100644 --- a/sshd-core/src/main/java/org/apache/sshd/common/keyprovider/ResourceKeyPairProvider.java +++ b/sshd-core/src/main/java/org/apache/sshd/common/keyprovider/ResourceKeyPairProvider.java @@ -26,8 +26,13 @@ import java.util.List; import org.apache.sshd.common.util.IoUtils; import org.apache.sshd.common.util.SecurityUtils; -import org.bouncycastle.openssl.PEMReader; +import org.bouncycastle.openssl.PEMDecryptorProvider; +import org.bouncycastle.openssl.PEMEncryptedKeyPair; +import org.bouncycastle.openssl.PEMKeyPair; +import org.bouncycastle.openssl.PEMParser; import org.bouncycastle.openssl.PasswordFinder; +import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter; +import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -149,17 +154,28 @@ public class ResourceKeyPairProvider extends AbstractKeyPairProvider { new ArrayList<KeyPair>(this.resources.length); for (String resource : resources) { - PEMReader r = null; + PEMParser r = null; InputStreamReader isr = null; InputStream is = null; try { is = this.cloader.getResourceAsStream(resource); isr = new InputStreamReader(is); - r = new PEMReader(isr, passwordFinder); + r = new PEMParser(isr); Object o = r.readObject(); - if (o instanceof KeyPair) { + JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter(); + pemConverter.setProvider("BC"); + if (passwordFinder != null && o instanceof PEMEncryptedKeyPair) { + JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder(); + PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(passwordFinder.getPassword()); + o = pemConverter.getKeyPair(((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor)); + } + + if (o instanceof PEMKeyPair) { + o = pemConverter.getKeyPair((PEMKeyPair)o); + keys.add((KeyPair) o); + } else if (o instanceof KeyPair) { keys.add((KeyPair) o); } // end of if } catch (Exception e) { http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/c0957cc2/sshd-core/src/main/java/org/apache/sshd/server/keyprovider/PEMGeneratorHostKeyProvider.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/main/java/org/apache/sshd/server/keyprovider/PEMGeneratorHostKeyProvider.java b/sshd-core/src/main/java/org/apache/sshd/server/keyprovider/PEMGeneratorHostKeyProvider.java index 4ea8fca..cc70521 100644 --- a/sshd-core/src/main/java/org/apache/sshd/server/keyprovider/PEMGeneratorHostKeyProvider.java +++ b/sshd-core/src/main/java/org/apache/sshd/server/keyprovider/PEMGeneratorHostKeyProvider.java @@ -24,7 +24,7 @@ import java.io.OutputStream; import java.io.OutputStreamWriter; import java.security.KeyPair; -import org.bouncycastle.openssl.PEMReader; +import org.bouncycastle.openssl.PEMParser; import org.bouncycastle.openssl.PEMWriter; /** @@ -50,7 +50,7 @@ public class PEMGeneratorHostKeyProvider extends AbstractGeneratorHostKeyProvide } protected KeyPair doReadKeyPair(InputStream is) throws Exception { - PEMReader r = new PEMReader(new InputStreamReader(is)); + PEMParser r = new PEMParser(new InputStreamReader(is)); return (KeyPair) r.readObject(); } http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/c0957cc2/sshd-sftp/pom.xml ---------------------------------------------------------------------- diff --git a/sshd-sftp/pom.xml b/sshd-sftp/pom.xml index 24dc927..03330db 100644 --- a/sshd-sftp/pom.xml +++ b/sshd-sftp/pom.xml @@ -60,8 +60,13 @@ <scope>test</scope> </dependency> <dependency> - <groupId>bouncycastle</groupId> - <artifactId>bcprov-jdk15</artifactId> + <groupId>org.bouncycastle</groupId> + <artifactId>bcpg-jdk15on</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.bouncycastle</groupId> + <artifactId>bcpkix-jdk15on</artifactId> <scope>test</scope> </dependency> </dependencies>
