git commit: CAMEL-7039. Upgrade to BouncyCastle 1.50. Fixes for deprecated apis in camel-ssh.

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

git commit: CAMEL-7039. Upgrade to BouncyCastle 1.50. Fixes for deprecated apis in camel-ssh.

hadrian-3
Updated Branches:
  refs/heads/master c584871f5 -> dec4a2293


CAMEL-7039. Upgrade to BouncyCastle 1.50. Fixes for deprecated apis in camel-ssh.


Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/dec4a229
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/dec4a229
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/dec4a229

Branch: refs/heads/master
Commit: dec4a229357a6bc16d839da0cd35448c77910080
Parents: c584871
Author: Hadrian Zbarcea <[hidden email]>
Authored: Wed Dec 11 09:49:57 2013 -0500
Committer: Hadrian Zbarcea <[hidden email]>
Committed: Wed Dec 11 09:49:57 2013 -0500

----------------------------------------------------------------------
 .../ssh/ResourceHelperKeyPairProvider.java      |  28 ++++-
 .../component/ssh/FileKeyPairProvider.java      | 114 +++++++++++++++++++
 .../component/ssh/SshComponentSecurityTest.java |   1 -
 .../component/ssh/SshComponentTestSupport.java  |   1 -
 parent/pom.xml                                  |   2 +-
 5 files changed, 138 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/camel/blob/dec4a229/components/camel-ssh/src/main/java/org/apache/camel/component/ssh/ResourceHelperKeyPairProvider.java
----------------------------------------------------------------------
diff --git a/components/camel-ssh/src/main/java/org/apache/camel/component/ssh/ResourceHelperKeyPairProvider.java b/components/camel-ssh/src/main/java/org/apache/camel/component/ssh/ResourceHelperKeyPairProvider.java
index 393159c..9457b05 100644
--- a/components/camel-ssh/src/main/java/org/apache/camel/component/ssh/ResourceHelperKeyPairProvider.java
+++ b/components/camel-ssh/src/main/java/org/apache/camel/component/ssh/ResourceHelperKeyPairProvider.java
@@ -28,8 +28,13 @@ import org.apache.camel.util.ResourceHelper;
 import org.apache.sshd.common.keyprovider.AbstractKeyPairProvider;
 import org.apache.sshd.common.util.IoUtils;
 import org.apache.sshd.common.util.SecurityUtils;
-import org.bouncycastle.openssl.PEMReader;
+import org.bouncycastle.openssl.PEMDecryptorProvider;
+import org.bouncycastle.openssl.PEMEncryptedKeyPair;
+import org.bouncycastle.openssl.PEMKeyPair;
+import org.bouncycastle.openssl.PEMParser;
 import org.bouncycastle.openssl.PasswordFinder;
+import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
+import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -99,19 +104,31 @@ public class ResourceHelperKeyPairProvider extends AbstractKeyPairProvider {
                 new ArrayList<KeyPair>(this.resources.length);
 
         for (String resource : resources) {
-            PEMReader r = null;
+            PEMParser r = null;
             InputStreamReader isr = null;
             InputStream is = null;
             try {
                 is = ResourceHelper.resolveMandatoryResourceAsInputStream(classResolver, resource);
                 isr = new InputStreamReader(is);
-                r = new PEMReader(isr, passwordFinder);
+                r = new PEMParser(isr);
 
                 Object o = r.readObject();
-
-                if (o instanceof KeyPair) {
+                
+                JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
+                pemConverter.setProvider("BC");
+                if (passwordFinder != null && o instanceof PEMEncryptedKeyPair) {
+                    JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder();
+                    PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(passwordFinder.getPassword());
+                    o = pemConverter.getKeyPair(((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor));
+                }
+                
+                if (o instanceof PEMKeyPair) {
+                    o = pemConverter.getKeyPair((PEMKeyPair)o);
+                    keys.add((KeyPair) o);
+                } else if (o instanceof KeyPair) {
                     keys.add((KeyPair) o);
                 }
+                
             } catch (Exception e) {
                 log.warn("Unable to read key", e);
             } finally {
@@ -121,4 +138,5 @@ public class ResourceHelperKeyPairProvider extends AbstractKeyPairProvider {
 
         return keys.toArray(new KeyPair[keys.size()]);
     }
+    
 }

http://git-wip-us.apache.org/repos/asf/camel/blob/dec4a229/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/FileKeyPairProvider.java
----------------------------------------------------------------------
diff --git a/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/FileKeyPairProvider.java b/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/FileKeyPairProvider.java
new file mode 100644
index 0000000..e4f2b88
--- /dev/null
+++ b/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/FileKeyPairProvider.java
@@ -0,0 +1,114 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.camel.component.ssh;
+
+import java.io.FileInputStream;
+import java.io.InputStreamReader;
+import java.security.KeyPair;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.sshd.common.keyprovider.AbstractKeyPairProvider;
+import org.apache.sshd.common.util.SecurityUtils;
+import org.bouncycastle.openssl.PEMDecryptorProvider;
+import org.bouncycastle.openssl.PEMEncryptedKeyPair;
+import org.bouncycastle.openssl.PEMKeyPair;
+import org.bouncycastle.openssl.PEMParser;
+import org.bouncycastle.openssl.PasswordFinder;
+import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
+import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
+
+/**
+ * This host key provider loads private keys from the specified files.
+ *
+ * Note that this class has a direct dependency on BouncyCastle and won't work
+ * unless it has been correctly registered as a security provider.
+ *
+ * @author <a href="mailto:[hidden email]">Apache MINA SSHD Project</a>
+ */
+public class FileKeyPairProvider extends AbstractKeyPairProvider {
+
+    private String[] files;
+    private PasswordFinder passwordFinder;
+
+    public FileKeyPairProvider() {
+    }
+
+    public FileKeyPairProvider(String[] files) {
+        this.files = files;
+    }
+
+    public FileKeyPairProvider(String[] files, PasswordFinder passwordFinder) {
+        this.files = files;
+        this.passwordFinder = passwordFinder;
+    }
+
+    public String[] getFiles() {
+        return files;
+    }
+
+    public void setFiles(String[] files) {
+        this.files = files;
+    }
+
+    public PasswordFinder getPasswordFinder() {
+        return passwordFinder;
+    }
+
+    public void setPasswordFinder(PasswordFinder passwordFinder) {
+        this.passwordFinder = passwordFinder;
+    }
+
+    public KeyPair[] loadKeys() {
+        if (!SecurityUtils.isBouncyCastleRegistered()) {
+            throw new IllegalStateException("BouncyCastle must be registered as a JCE provider");
+        }
+        List<KeyPair> keys = new ArrayList<KeyPair>();
+        for (int i = 0; i < files.length; i++) {
+            try {
+                PEMParser r = new PEMParser(new InputStreamReader(new FileInputStream(files[i])));
+                try {
+                    Object o = r.readObject();
+                    
+                    JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
+                    pemConverter.setProvider("BC");
+                    if (passwordFinder != null && o instanceof PEMEncryptedKeyPair) {
+                        JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder();
+                        PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(passwordFinder.getPassword());
+                        o = pemConverter.getKeyPair(((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor));
+                    }
+                    
+                    if (o instanceof PEMKeyPair) {
+                        o = pemConverter.getKeyPair((PEMKeyPair)o);
+                        keys.add((KeyPair) o);
+                    } else if (o instanceof KeyPair) {
+                        keys.add((KeyPair) o);
+                    }
+                    
+                } finally {
+                    r.close();
+                }
+            } catch (Exception e) {
+                log.warn("Unable to read key {}: {}", files[i], e);
+            }
+        }
+        return keys.toArray(new KeyPair[keys.size()]);
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/camel/blob/dec4a229/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentSecurityTest.java
----------------------------------------------------------------------
diff --git a/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentSecurityTest.java b/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentSecurityTest.java
index cd5c2df..02220d6 100644
--- a/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentSecurityTest.java
+++ b/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentSecurityTest.java
@@ -19,7 +19,6 @@ package org.apache.camel.component.ssh;
 import org.apache.camel.builder.RouteBuilder;
 import org.apache.camel.component.mock.MockEndpoint;
 import org.apache.sshd.common.KeyPairProvider;
-import org.apache.sshd.common.keyprovider.FileKeyPairProvider;
 import org.junit.Test;
 
 public class SshComponentSecurityTest extends SshComponentTestSupport {

http://git-wip-us.apache.org/repos/asf/camel/blob/dec4a229/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentTestSupport.java
----------------------------------------------------------------------
diff --git a/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentTestSupport.java b/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentTestSupport.java
index 3a2eb1d..b7e9ace 100644
--- a/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentTestSupport.java
+++ b/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentTestSupport.java
@@ -19,7 +19,6 @@ package org.apache.camel.component.ssh;
 import org.apache.camel.test.AvailablePortFinder;
 import org.apache.camel.test.junit4.CamelTestSupport;
 import org.apache.sshd.SshServer;
-import org.apache.sshd.common.keyprovider.FileKeyPairProvider;
 
 public class SshComponentTestSupport extends CamelTestSupport {
     protected SshServer sshd;

http://git-wip-us.apache.org/repos/asf/camel/blob/dec4a229/parent/pom.xml
----------------------------------------------------------------------
diff --git a/parent/pom.xml b/parent/pom.xml
index 02c7d60..ced89db 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -66,7 +66,7 @@
     <bcel-bundle-version>5.2_4</bcel-bundle-version>
     <beanio-version>2.0.7</beanio-version>
     <bsh-version>2.0b5</bsh-version>
-    <bouncycastle-version>1.49</bouncycastle-version>
+    <bouncycastle-version>1.50</bouncycastle-version>
     <build-helper-maven-plugin-version>1.8</build-helper-maven-plugin-version>
     <c3p0-version>0.9.1.2</c3p0-version>
     <castor-bundle-version>1.3.2_2</castor-bundle-version>