You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by co...@apache.org on 2019/11/08 11:42:24 UTC
[camel] 02/02: CAMEL-14160 - Updating the default algorithm for the
Crypto Component
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git
commit 39539d66b5437527a5489be099d9f92e7ba26414
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Fri Nov 8 11:39:38 2019 +0000
CAMEL-14160 - Updating the default algorithm for the Crypto Component
---
.../src/main/docs/crypto-component.adoc | 4 ++--
.../src/main/docs/crypto-dataformat.adoc | 2 +-
.../crypto/DigitalSignatureConfiguration.java | 4 ++--
.../camel/component/crypto/SignatureTest.java | 23 ++++++++++++++++-----
.../component/crypto/SpringSignatureTest.java | 10 +++++++++
.../camel-crypto/src/test/resources/ks.keystore | Bin 3734 -> 2229 bytes
.../camel/component/crypto/SpringSignatureTest.xml | 6 ++++--
.../ROOT/pages/camel-3-migration-guide.adoc | 5 +++++
.../DigitalSignatureComponentConfiguration.java | 2 +-
9 files changed, 43 insertions(+), 13 deletions(-)
diff --git a/components/camel-crypto/src/main/docs/crypto-component.adoc b/components/camel-crypto/src/main/docs/crypto-component.adoc
index 2c908e4..25c4d3f 100644
--- a/components/camel-crypto/src/main/docs/crypto-component.adoc
+++ b/components/camel-crypto/src/main/docs/crypto-component.adoc
@@ -119,7 +119,7 @@ with the following path and query parameters:
[width="100%",cols="2,5,^1,2",options="header"]
|===
| Name | Description | Default | Type
-| *algorithm* (producer) | Sets the JCE name of the Algorithm that should be used for the signer. | SHA1WithDSA | String
+| *algorithm* (producer) | Sets the JCE name of the Algorithm that should be used for the signer. | SHA256withRSA | String
| *alias* (producer) | Sets the alias used to query the KeyStore for keys and {link java.security.cert.Certificate Certificates} to be used in signing and verifying exchanges. This value can be provided at runtime via the message header org.apache.camel.component.crypto.DigitalSignatureConstants#KEYSTORE_ALIAS | | String
| *certificateName* (producer) | Sets the reference name for a PrivateKey that can be found in the registry. | | String
| *keystore* (producer) | Sets the KeyStore that can contain keys and Certficates for use in signing and verifying exchanges. A KeyStore is typically used with an alias, either one supplied in the Route definition or dynamically via the message header CamelSignatureKeyStoreAlias. If no alias is supplied and there is only a single entry in the Keystore, then this single entry will be used. | | KeyStore
@@ -166,7 +166,7 @@ The component supports 33 options, which are listed below.
|===
| Name | Description | Default | Type
| *camel.component.crypto.basic-property-binding* | Whether the component should use basic property binding (Camel 2.x) or the newer property binding with additional capabilities | false | Boolean
-| *camel.component.crypto.configuration.algorithm* | Sets the JCE name of the Algorithm that should be used for the signer. | SHA1WithDSA | String
+| *camel.component.crypto.configuration.algorithm* | Sets the JCE name of the Algorithm that should be used for the signer. | SHA256withRSA | String
| *camel.component.crypto.configuration.alias* | Sets the alias used to query the KeyStore for keys and {@link java.security.cert.Certificate Certificates} to be used in signing and verifying exchanges. This value can be provided at runtime via the message header {@link org.apache.camel.component.crypto.DigitalSignatureConstants#KEYSTORE_ALIAS} | | String
| *camel.component.crypto.configuration.buffer-size* | Set the size of the buffer used to read in the Exchange payload data. | 2048 | Integer
| *camel.component.crypto.configuration.certificate* | Set the Certificate that should be used to verify the signature in the exchange based on its payload. | | Certificate
diff --git a/components/camel-crypto/src/main/docs/crypto-dataformat.adoc b/components/camel-crypto/src/main/docs/crypto-dataformat.adoc
index e7e69fa..5f61deb 100644
--- a/components/camel-crypto/src/main/docs/crypto-dataformat.adoc
+++ b/components/camel-crypto/src/main/docs/crypto-dataformat.adoc
@@ -57,7 +57,7 @@ The component supports 33 options, which are listed below.
|===
| Name | Description | Default | Type
| *camel.component.crypto.basic-property-binding* | Whether the component should use basic property binding (Camel 2.x) or the newer property binding with additional capabilities | false | Boolean
-| *camel.component.crypto.configuration.algorithm* | Sets the JCE name of the Algorithm that should be used for the signer. | SHA1WithDSA | String
+| *camel.component.crypto.configuration.algorithm* | Sets the JCE name of the Algorithm that should be used for the signer. | SHA256withRSA | String
| *camel.component.crypto.configuration.alias* | Sets the alias used to query the KeyStore for keys and {@link java.security.cert.Certificate Certificates} to be used in signing and verifying exchanges. This value can be provided at runtime via the message header {@link org.apache.camel.component.crypto.DigitalSignatureConstants#KEYSTORE_ALIAS} | | String
| *camel.component.crypto.configuration.buffer-size* | Set the size of the buffer used to read in the Exchange payload data. | 2048 | Integer
| *camel.component.crypto.configuration.certificate* | Set the Certificate that should be used to verify the signature in the exchange based on its payload. | | Certificate
diff --git a/components/camel-crypto/src/main/java/org/apache/camel/component/crypto/DigitalSignatureConfiguration.java b/components/camel-crypto/src/main/java/org/apache/camel/component/crypto/DigitalSignatureConfiguration.java
index 908abfb..900baf2 100644
--- a/components/camel-crypto/src/main/java/org/apache/camel/component/crypto/DigitalSignatureConfiguration.java
+++ b/components/camel-crypto/src/main/java/org/apache/camel/component/crypto/DigitalSignatureConfiguration.java
@@ -49,8 +49,8 @@ public class DigitalSignatureConfiguration implements Cloneable, CamelContextAwa
private KeyStore keystore;
@UriParam(label = "advanced", secret = true)
private SecureRandom secureRandom;
- @UriParam(defaultValue = "SHA1WithDSA")
- private String algorithm = "SHA1WithDSA";
+ @UriParam(defaultValue = "SHA256withRSA")
+ private String algorithm = "SHA256withRSA";
@UriParam(label = "advanced", defaultValue = "" + 2048)
private Integer bufferSize = 2048;
@UriParam
diff --git a/components/camel-crypto/src/test/java/org/apache/camel/component/crypto/SignatureTest.java b/components/camel-crypto/src/test/java/org/apache/camel/component/crypto/SignatureTest.java
index 47fb83f..90656e7 100644
--- a/components/camel-crypto/src/test/java/org/apache/camel/component/crypto/SignatureTest.java
+++ b/components/camel-crypto/src/test/java/org/apache/camel/component/crypto/SignatureTest.java
@@ -48,6 +48,7 @@ import static org.apache.camel.component.crypto.DigitalSignatureConstants.SIGNAT
public class SignatureTest extends CamelTestSupport {
private KeyPair keyPair;
+ private KeyPair dsaKeyPair;
private String payload = "Dear Alice, Rest assured it's me, signed Bob";
@BindToRegistry("someRandom")
@@ -110,7 +111,8 @@ public class SignatureTest extends CamelTestSupport {
}, new RouteBuilder() {
public void configure() throws Exception {
// START SNIPPET: provider
- from("direct:provider").to("crypto:sign:provider?privateKey=#myPrivateKey&provider=SUN", "crypto:verify:provider?publicKey=#myPublicKey&provider=SUN",
+ from("direct:provider").to("crypto:sign:provider?algorithm=SHA1withDSA&privateKey=#myDSAPrivateKey&provider=SUN",
+ "crypto:verify:provider?algorithm=SHA1withDSA&publicKey=#myDSAPublicKey&provider=SUN",
"mock:result");
// END SNIPPET: provider
}
@@ -288,7 +290,7 @@ public class SignatureTest extends CamelTestSupport {
unsigned.getIn().setBody(payload);
// create a keypair
- KeyPair pair = getKeyPair("DSA");
+ KeyPair pair = getKeyPair("RSA");
// sign with the private key
unsigned.getIn().setHeader(SIGNATURE_PRIVATE_KEY, pair.getPrivate());
@@ -375,13 +377,14 @@ public class SignatureTest extends CamelTestSupport {
@Override
@Before
public void setUp() throws Exception {
- setUpKeys("DSA");
+ setUpKeys();
disableJMX();
super.setUp();
}
- public void setUpKeys(String algorithm) throws Exception {
- keyPair = getKeyPair(algorithm);
+ public void setUpKeys() throws Exception {
+ keyPair = getKeyPair("RSA");
+ dsaKeyPair = getKeyPair("DSA");
}
public KeyPair getKeyPair(String algorithm) throws NoSuchAlgorithmException {
@@ -410,11 +413,21 @@ public class SignatureTest extends CamelTestSupport {
return c.getPublicKey();
}
+ @BindToRegistry("myDSAPublicKey")
+ public PublicKey getDSAPublicKey() throws Exception {
+ return dsaKeyPair.getPublic();
+ }
+
@BindToRegistry("myPrivateKey")
public PrivateKey getKeyFromKeystore() throws Exception {
return (PrivateKey)loadKeystore().getKey("bob", "letmein".toCharArray());
}
+ @BindToRegistry("myDSAPrivateKey")
+ public PrivateKey getDSAPrivateKey() throws Exception {
+ return dsaKeyPair.getPrivate();
+ }
+
@BindToRegistry("signatureParams")
public KeyStoreParameters getParams() {
KeyStoreParameters keystoreParameters = new KeyStoreParameters();
diff --git a/components/camel-crypto/src/test/java/org/apache/camel/component/crypto/SpringSignatureTest.java b/components/camel-crypto/src/test/java/org/apache/camel/component/crypto/SpringSignatureTest.java
index ec26064..a5c82f6 100644
--- a/components/camel-crypto/src/test/java/org/apache/camel/component/crypto/SpringSignatureTest.java
+++ b/components/camel-crypto/src/test/java/org/apache/camel/component/crypto/SpringSignatureTest.java
@@ -31,10 +31,12 @@ import org.springframework.context.support.ClassPathXmlApplicationContext;
public class SpringSignatureTest extends SignatureTest {
private static KeyPair rsaPair;
+ private static KeyPair dsaPair;
@Override
protected CamelContext createCamelContext() throws Exception {
rsaPair = getKeyPair("RSA");
+ dsaPair = getKeyPair("DSA");
return SpringCamelContext.springCamelContext(new ClassPathXmlApplicationContext("org/apache/camel/component/crypto/SpringSignatureTest.xml"), true);
}
@@ -66,10 +68,18 @@ public class SpringSignatureTest extends SignatureTest {
return rsaPair.getPrivate();
}
+ public static PrivateKey privateDSAKey() throws Exception {
+ return dsaPair.getPrivate();
+ }
+
public static PublicKey publicRSAKey() throws Exception {
return rsaPair.getPublic();
}
+ public static PublicKey publicDSAKey() throws Exception {
+ return dsaPair.getPublic();
+ }
+
public static SecureRandom random() throws Exception {
return new SecureRandom();
}
diff --git a/components/camel-crypto/src/test/resources/ks.keystore b/components/camel-crypto/src/test/resources/ks.keystore
index 7db483e..3bb8ca6 100644
Binary files a/components/camel-crypto/src/test/resources/ks.keystore and b/components/camel-crypto/src/test/resources/ks.keystore differ
diff --git a/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/SpringSignatureTest.xml b/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/SpringSignatureTest.xml
index 7ccbbc6..3e2882a 100644
--- a/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/SpringSignatureTest.xml
+++ b/components/camel-crypto/src/test/resources/org/apache/camel/component/crypto/SpringSignatureTest.xml
@@ -82,8 +82,8 @@
<!-- START SNIPPET: provider -->
<route>
<from uri="direct:provider"/>
- <to uri="crypto:sign:provider?privateKey=#myPrivateKey&provider=SUN" />
- <to uri="crypto:verify:provider?publicKey=#myPublicKey&provider=SUN" />
+ <to uri="crypto:sign:provider?algorithm=SHA1withDSA&privateKey=#dsaPrivateKey&provider=SUN" />
+ <to uri="crypto:verify:provider?algorithm=SHA1withDSA&publicKey=#dsaPublicKey&provider=SUN" />
<to uri="mock:result"/>
</route>
<!-- END SNIPPET: provider -->
@@ -163,6 +163,8 @@
<bean id="myPublicKey" class="org.apache.camel.component.crypto.SpringSignatureTest" factory-method="publicKey"/>
<bean id="rsaPrivateKey" class="org.apache.camel.component.crypto.SpringSignatureTest" factory-method="privateRSAKey"/>
<bean id="rsaPublicKey" class="org.apache.camel.component.crypto.SpringSignatureTest" factory-method="publicRSAKey"/>
+ <bean id="dsaPrivateKey" class="org.apache.camel.component.crypto.SpringSignatureTest" factory-method="privateDSAKey"/>
+ <bean id="dsaPublicKey" class="org.apache.camel.component.crypto.SpringSignatureTest" factory-method="publicDSAKey"/>
<bean id="someRandom" class="org.apache.camel.component.crypto.SpringSignatureTest" factory-method="random"/>
<keyStoreParameters xmlns="http://camel.apache.org/schema/spring" id="signatureParams"
diff --git a/docs/user-manual/modules/ROOT/pages/camel-3-migration-guide.adoc b/docs/user-manual/modules/ROOT/pages/camel-3-migration-guide.adoc
index c51416c..47ded17 100644
--- a/docs/user-manual/modules/ROOT/pages/camel-3-migration-guide.adoc
+++ b/docs/user-manual/modules/ROOT/pages/camel-3-migration-guide.adoc
@@ -323,6 +323,11 @@ The uri attribute has been deprecated, instead use value, which allows a shortha
In Camel 2.x you could have 2 or more inputs to Camel routes, however this was not supported in all use-cases in Camel, and this functionality is seldom in use. This has
also been deprecated in Camel 2.x. In Camel 3 we have removed the remaining code for specifying multiple inputs to routes, and its now only possible to specify exactly only 1 input to a route.
+=== Crypto Component
+
+The default signature algorithm has changed for the Crypto (JCE) Component - it
+is now SHA256withRSA (before it was SHA1WithDSA).
+
=== JSon DataFormat
The default JSon library with the JSon dataformat has changed from `XStream` to `Jackson`.
diff --git a/platforms/spring-boot/components-starter/camel-crypto-starter/src/main/java/org/apache/camel/component/crypto/springboot/DigitalSignatureComponentConfiguration.java b/platforms/spring-boot/components-starter/camel-crypto-starter/src/main/java/org/apache/camel/component/crypto/springboot/DigitalSignatureComponentConfiguration.java
index 9c48f9c..d93a6df 100644
--- a/platforms/spring-boot/components-starter/camel-crypto-starter/src/main/java/org/apache/camel/component/crypto/springboot/DigitalSignatureComponentConfiguration.java
+++ b/platforms/spring-boot/components-starter/camel-crypto-starter/src/main/java/org/apache/camel/component/crypto/springboot/DigitalSignatureComponentConfiguration.java
@@ -81,7 +81,7 @@ public class DigitalSignatureComponentConfiguration
* Sets the JCE name of the Algorithm that should be used for the
* signer.
*/
- private String algorithm = "SHA1WithDSA";
+ private String algorithm = "SHA256withRSA";
/**
* Sets the alias used to query the KeyStore for keys and {@link
* java.security.cert.Certificate Certificates} to be used in signing