You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by ha...@apache.org on 2013/12/11 15:50:06 UTC
git commit: CAMEL-7039. Upgrade to BouncyCastle 1.50. Fixes for
deprecated apis in camel-ssh.
Updated Branches:
refs/heads/master c584871f5 -> dec4a2293
CAMEL-7039. Upgrade to BouncyCastle 1.50. Fixes for deprecated apis in camel-ssh.
Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/dec4a229
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/dec4a229
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/dec4a229
Branch: refs/heads/master
Commit: dec4a229357a6bc16d839da0cd35448c77910080
Parents: c584871
Author: Hadrian Zbarcea <hz...@gmail.com>
Authored: Wed Dec 11 09:49:57 2013 -0500
Committer: Hadrian Zbarcea <hz...@gmail.com>
Committed: Wed Dec 11 09:49:57 2013 -0500
----------------------------------------------------------------------
.../ssh/ResourceHelperKeyPairProvider.java | 28 ++++-
.../component/ssh/FileKeyPairProvider.java | 114 +++++++++++++++++++
.../component/ssh/SshComponentSecurityTest.java | 1 -
.../component/ssh/SshComponentTestSupport.java | 1 -
parent/pom.xml | 2 +-
5 files changed, 138 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/camel/blob/dec4a229/components/camel-ssh/src/main/java/org/apache/camel/component/ssh/ResourceHelperKeyPairProvider.java
----------------------------------------------------------------------
diff --git a/components/camel-ssh/src/main/java/org/apache/camel/component/ssh/ResourceHelperKeyPairProvider.java b/components/camel-ssh/src/main/java/org/apache/camel/component/ssh/ResourceHelperKeyPairProvider.java
index 393159c..9457b05 100644
--- a/components/camel-ssh/src/main/java/org/apache/camel/component/ssh/ResourceHelperKeyPairProvider.java
+++ b/components/camel-ssh/src/main/java/org/apache/camel/component/ssh/ResourceHelperKeyPairProvider.java
@@ -28,8 +28,13 @@ import org.apache.camel.util.ResourceHelper;
import org.apache.sshd.common.keyprovider.AbstractKeyPairProvider;
import org.apache.sshd.common.util.IoUtils;
import org.apache.sshd.common.util.SecurityUtils;
-import org.bouncycastle.openssl.PEMReader;
+import org.bouncycastle.openssl.PEMDecryptorProvider;
+import org.bouncycastle.openssl.PEMEncryptedKeyPair;
+import org.bouncycastle.openssl.PEMKeyPair;
+import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.PasswordFinder;
+import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
+import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -99,19 +104,31 @@ public class ResourceHelperKeyPairProvider extends AbstractKeyPairProvider {
new ArrayList<KeyPair>(this.resources.length);
for (String resource : resources) {
- PEMReader r = null;
+ PEMParser r = null;
InputStreamReader isr = null;
InputStream is = null;
try {
is = ResourceHelper.resolveMandatoryResourceAsInputStream(classResolver, resource);
isr = new InputStreamReader(is);
- r = new PEMReader(isr, passwordFinder);
+ r = new PEMParser(isr);
Object o = r.readObject();
-
- if (o instanceof KeyPair) {
+
+ JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
+ pemConverter.setProvider("BC");
+ if (passwordFinder != null && o instanceof PEMEncryptedKeyPair) {
+ JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder();
+ PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(passwordFinder.getPassword());
+ o = pemConverter.getKeyPair(((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor));
+ }
+
+ if (o instanceof PEMKeyPair) {
+ o = pemConverter.getKeyPair((PEMKeyPair)o);
+ keys.add((KeyPair) o);
+ } else if (o instanceof KeyPair) {
keys.add((KeyPair) o);
}
+
} catch (Exception e) {
log.warn("Unable to read key", e);
} finally {
@@ -121,4 +138,5 @@ public class ResourceHelperKeyPairProvider extends AbstractKeyPairProvider {
return keys.toArray(new KeyPair[keys.size()]);
}
+
}
http://git-wip-us.apache.org/repos/asf/camel/blob/dec4a229/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/FileKeyPairProvider.java
----------------------------------------------------------------------
diff --git a/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/FileKeyPairProvider.java b/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/FileKeyPairProvider.java
new file mode 100644
index 0000000..e4f2b88
--- /dev/null
+++ b/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/FileKeyPairProvider.java
@@ -0,0 +1,114 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.camel.component.ssh;
+
+import java.io.FileInputStream;
+import java.io.InputStreamReader;
+import java.security.KeyPair;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.sshd.common.keyprovider.AbstractKeyPairProvider;
+import org.apache.sshd.common.util.SecurityUtils;
+import org.bouncycastle.openssl.PEMDecryptorProvider;
+import org.bouncycastle.openssl.PEMEncryptedKeyPair;
+import org.bouncycastle.openssl.PEMKeyPair;
+import org.bouncycastle.openssl.PEMParser;
+import org.bouncycastle.openssl.PasswordFinder;
+import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
+import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
+
+/**
+ * This host key provider loads private keys from the specified files.
+ *
+ * Note that this class has a direct dependency on BouncyCastle and won't work
+ * unless it has been correctly registered as a security provider.
+ *
+ * @author <a href="mailto:dev@mina.apache.org">Apache MINA SSHD Project</a>
+ */
+public class FileKeyPairProvider extends AbstractKeyPairProvider {
+
+ private String[] files;
+ private PasswordFinder passwordFinder;
+
+ public FileKeyPairProvider() {
+ }
+
+ public FileKeyPairProvider(String[] files) {
+ this.files = files;
+ }
+
+ public FileKeyPairProvider(String[] files, PasswordFinder passwordFinder) {
+ this.files = files;
+ this.passwordFinder = passwordFinder;
+ }
+
+ public String[] getFiles() {
+ return files;
+ }
+
+ public void setFiles(String[] files) {
+ this.files = files;
+ }
+
+ public PasswordFinder getPasswordFinder() {
+ return passwordFinder;
+ }
+
+ public void setPasswordFinder(PasswordFinder passwordFinder) {
+ this.passwordFinder = passwordFinder;
+ }
+
+ public KeyPair[] loadKeys() {
+ if (!SecurityUtils.isBouncyCastleRegistered()) {
+ throw new IllegalStateException("BouncyCastle must be registered as a JCE provider");
+ }
+ List<KeyPair> keys = new ArrayList<KeyPair>();
+ for (int i = 0; i < files.length; i++) {
+ try {
+ PEMParser r = new PEMParser(new InputStreamReader(new FileInputStream(files[i])));
+ try {
+ Object o = r.readObject();
+
+ JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
+ pemConverter.setProvider("BC");
+ if (passwordFinder != null && o instanceof PEMEncryptedKeyPair) {
+ JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder();
+ PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(passwordFinder.getPassword());
+ o = pemConverter.getKeyPair(((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor));
+ }
+
+ if (o instanceof PEMKeyPair) {
+ o = pemConverter.getKeyPair((PEMKeyPair)o);
+ keys.add((KeyPair) o);
+ } else if (o instanceof KeyPair) {
+ keys.add((KeyPair) o);
+ }
+
+ } finally {
+ r.close();
+ }
+ } catch (Exception e) {
+ log.warn("Unable to read key {}: {}", files[i], e);
+ }
+ }
+ return keys.toArray(new KeyPair[keys.size()]);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/camel/blob/dec4a229/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentSecurityTest.java
----------------------------------------------------------------------
diff --git a/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentSecurityTest.java b/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentSecurityTest.java
index cd5c2df..02220d6 100644
--- a/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentSecurityTest.java
+++ b/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentSecurityTest.java
@@ -19,7 +19,6 @@ package org.apache.camel.component.ssh;
import org.apache.camel.builder.RouteBuilder;
import org.apache.camel.component.mock.MockEndpoint;
import org.apache.sshd.common.KeyPairProvider;
-import org.apache.sshd.common.keyprovider.FileKeyPairProvider;
import org.junit.Test;
public class SshComponentSecurityTest extends SshComponentTestSupport {
http://git-wip-us.apache.org/repos/asf/camel/blob/dec4a229/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentTestSupport.java
----------------------------------------------------------------------
diff --git a/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentTestSupport.java b/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentTestSupport.java
index 3a2eb1d..b7e9ace 100644
--- a/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentTestSupport.java
+++ b/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentTestSupport.java
@@ -19,7 +19,6 @@ package org.apache.camel.component.ssh;
import org.apache.camel.test.AvailablePortFinder;
import org.apache.camel.test.junit4.CamelTestSupport;
import org.apache.sshd.SshServer;
-import org.apache.sshd.common.keyprovider.FileKeyPairProvider;
public class SshComponentTestSupport extends CamelTestSupport {
protected SshServer sshd;
http://git-wip-us.apache.org/repos/asf/camel/blob/dec4a229/parent/pom.xml
----------------------------------------------------------------------
diff --git a/parent/pom.xml b/parent/pom.xml
index 02c7d60..ced89db 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -66,7 +66,7 @@
<bcel-bundle-version>5.2_4</bcel-bundle-version>
<beanio-version>2.0.7</beanio-version>
<bsh-version>2.0b5</bsh-version>
- <bouncycastle-version>1.49</bouncycastle-version>
+ <bouncycastle-version>1.50</bouncycastle-version>
<build-helper-maven-plugin-version>1.8</build-helper-maven-plugin-version>
<c3p0-version>0.9.1.2</c3p0-version>
<castor-bundle-version>1.3.2_2</castor-bundle-version>