You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@brooklyn.apache.org by al...@apache.org on 2016/12/13 15:58:56 UTC
[02/13] brooklyn-server git commit: fix unit tests
fix unit tests
Project: http://git-wip-us.apache.org/repos/asf/brooklyn-server/repo
Commit: http://git-wip-us.apache.org/repos/asf/brooklyn-server/commit/9e29d226
Tree: http://git-wip-us.apache.org/repos/asf/brooklyn-server/tree/9e29d226
Diff: http://git-wip-us.apache.org/repos/asf/brooklyn-server/diff/9e29d226
Branch: refs/heads/master
Commit: 9e29d226705aa7ae5a8eaf27e46cb767f1217f1f
Parents: c3de628
Author: Andrea Turli <an...@gmail.com>
Authored: Sun Nov 6 22:41:58 2016 +0100
Committer: Andrea Turli <an...@gmail.com>
Committed: Tue Dec 6 15:29:57 2016 +0100
----------------------------------------------------------------------
.../core/location/LocationConfigUtils.java | 5 +-
.../util/core/crypto/FluentKeySigner.java | 11 +++--
.../brooklyn/util/core/crypto/SecureKeys.java | 51 ++++----------------
3 files changed, 20 insertions(+), 47 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/9e29d226/core/src/main/java/org/apache/brooklyn/core/location/LocationConfigUtils.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/brooklyn/core/location/LocationConfigUtils.java b/core/src/main/java/org/apache/brooklyn/core/location/LocationConfigUtils.java
index 17705f9..2ed7e1a 100644
--- a/core/src/main/java/org/apache/brooklyn/core/location/LocationConfigUtils.java
+++ b/core/src/main/java/org/apache/brooklyn/core/location/LocationConfigUtils.java
@@ -20,7 +20,6 @@ package org.apache.brooklyn.core.location;
import static org.apache.brooklyn.util.JavaGroovyEquivalents.groovyTruth;
-import java.io.ByteArrayInputStream;
import java.io.File;
import java.security.KeyPair;
import java.security.PublicKey;
@@ -36,8 +35,6 @@ import org.apache.brooklyn.core.BrooklynFeatureEnablement;
import org.apache.brooklyn.core.config.ConfigKeys;
import org.apache.brooklyn.core.location.cloud.CloudLocationConfig;
import org.apache.brooklyn.core.location.internal.LocationInternal;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import org.apache.brooklyn.util.collections.MutableMap;
import org.apache.brooklyn.util.collections.MutableSet;
import org.apache.brooklyn.util.core.ResourceUtils;
@@ -49,6 +46,8 @@ import org.apache.brooklyn.util.exceptions.Exceptions;
import org.apache.brooklyn.util.os.Os;
import org.apache.brooklyn.util.text.StringFunctions;
import org.apache.brooklyn.util.text.Strings;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import com.google.common.annotations.Beta;
import com.google.common.base.Objects;
http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/9e29d226/core/src/main/java/org/apache/brooklyn/util/core/crypto/FluentKeySigner.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/brooklyn/util/core/crypto/FluentKeySigner.java b/core/src/main/java/org/apache/brooklyn/util/core/crypto/FluentKeySigner.java
index ecc7c36..a2aaabd 100644
--- a/core/src/main/java/org/apache/brooklyn/util/core/crypto/FluentKeySigner.java
+++ b/core/src/main/java/org/apache/brooklyn/util/core/crypto/FluentKeySigner.java
@@ -32,7 +32,9 @@ import org.apache.brooklyn.core.internal.BrooklynInitialization;
import org.apache.brooklyn.util.exceptions.Exceptions;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.X509Extension;
+import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.jce.X509Principal;
+import org.bouncycastle.x509.X509V3CertificateGenerator;
/** A fluent API which simplifies generating certificates (signed keys) */
/* NB - re deprecation - we use deprecated X509V3CertificateGenerator still
@@ -146,8 +148,10 @@ public class FluentKeySigner {
// TODO see note re deprecation at start of file
@SuppressWarnings("deprecation")
public X509Certificate newCertificateFor(X500Principal subject, PublicKey keyToCertify) {
+
try {
- org.bouncycastle.x509.X509V3CertificateGenerator v3CertGen = new org.bouncycastle.x509.X509V3CertificateGenerator();
+
+ X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
v3CertGen.setSerialNumber(
serialNumber != null ? serialNumber :
@@ -159,10 +163,11 @@ public class FluentKeySigner {
v3CertGen.setSignatureAlgorithm(signatureAlgorithm);
v3CertGen.setSubjectDN(subject);
- v3CertGen.setPublicKey(keyToCertify);
+ v3CertGen.setPublicKey(keyToCertify);
+ JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
v3CertGen.addExtension(X509Extension.subjectKeyIdentifier, false,
- new org.bouncycastle.x509.extension.SubjectKeyIdentifierStructure(keyToCertify));
+ jcaX509ExtensionUtils.createSubjectKeyIdentifier(keyToCertify));
if (authorityKeyIdentifier!=null)
v3CertGen.addExtension(X509Extension.authorityKeyIdentifier, false,
http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/9e29d226/core/src/main/java/org/apache/brooklyn/util/core/crypto/SecureKeys.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/brooklyn/util/core/crypto/SecureKeys.java b/core/src/main/java/org/apache/brooklyn/util/core/crypto/SecureKeys.java
index a36b00a..5a1e54a 100644
--- a/core/src/main/java/org/apache/brooklyn/util/core/crypto/SecureKeys.java
+++ b/core/src/main/java/org/apache/brooklyn/util/core/crypto/SecureKeys.java
@@ -41,7 +41,6 @@ import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.PEMWriter;
-import org.bouncycastle.openssl.PasswordFinder;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.slf4j.Logger;
@@ -89,67 +88,37 @@ public class SecureKeys extends SecureKeysWithoutBouncyCastle {
public static KeyPair readPem(byte[] key, final String passphrase) {
// TODO cache is only for fallback "reader" strategy (2015-01); delete when Parser confirmed working
InputStream input = new ByteArrayInputStream(key);
-
+ KeyPair keyPair;
try {
PEMParser pemParser = new PEMParser(new InputStreamReader(input));
-
Object object = pemParser.readObject();
pemParser.close();
-
+ if (Security.getProvider("BC") == null) {
+ Security.addProvider(new BouncyCastleProvider());
+ }
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
- KeyPair kp = null;
if (object==null) {
throw new IllegalStateException("PEM parsing failed: missing or invalid data");
} else if (object instanceof PEMEncryptedKeyPair) {
if (passphrase==null) throw new PassphraseProblem("passphrase required");
try {
PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(passphrase.toCharArray());
- kp = converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv));
+ keyPair = converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv));
} catch (Exception e) {
Exceptions.propagateIfFatal(e);
throw new PassphraseProblem("wrong passphrase", e);
}
} else if (object instanceof PEMKeyPair) {
- kp = converter.getKeyPair((PEMKeyPair) object);
+ keyPair = converter.getKeyPair((PEMKeyPair) object);
} else if (object instanceof PrivateKeyInfo) {
PrivateKey privKey = converter.getPrivateKey((PrivateKeyInfo) object);
- kp = new KeyPair(null, privKey);
+ keyPair = new KeyPair(null, privKey);
} else {
throw new IllegalStateException("PEM parser support missing for: "+object);
}
-
- return kp;
-
- } catch (Exception e) {
- Exceptions.propagateIfFatal(e);
-
- // older code relied on PEMReader, now deprecated
- // replaced with above based on http://stackoverflow.com/questions/14919048/bouncy-castle-pemreader-pemparser
- // passes the same tests (Jan 2015) but leaving the old code as a fallback for the time being
-
- input = new ByteArrayInputStream(key);
- try {
- Security.addProvider(new BouncyCastleProvider());
- @SuppressWarnings("deprecation")
- org.bouncycastle.openssl.PEMReader pr = new org.bouncycastle.openssl.PEMReader(new InputStreamReader(input), new PasswordFinder() {
- public char[] getPassword() {
- return passphrase!=null ? passphrase.toCharArray() : new char[0];
- }
- });
- @SuppressWarnings("deprecation")
- KeyPair result = (KeyPair) pr.readObject();
- pr.close();
- if (result==null)
- throw Exceptions.propagate(e);
-
- log.warn("PEMParser failed when deprecated PEMReader succeeded, with "+result+"; had: "+e);
-
- return result;
-
- } catch (Exception e2) {
- Exceptions.propagateIfFatal(e2);
- throw Exceptions.propagate(e);
- }
+ return keyPair;
+ } catch (IOException e) {
+ throw new RuntimeException("Invalid key", e);
}
}