[07/11] karaf git commit: KARAF-3882: avoid BouncyCastle.

Sat, 22 Aug 2015 00:06:13 -0700 

KARAF-3882: avoid BouncyCastle.


Project: http://git-wip-us.apache.org/repos/asf/karaf/repo
Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/e5d5a40b
Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/e5d5a40b
Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/e5d5a40b

Branch: refs/heads/master
Commit: e5d5a40bf0c0a5cee310fd358ae2be6a07b22080
Parents: 169c2de
Author: Benson Margulies <[email protected]>
Authored: Mon Jul 27 13:00:33 2015 -0400
Committer: Benson Margulies <[email protected]>
Committed: Mon Jul 27 13:00:33 2015 -0400

----------------------------------------------------------------------
 .../apache/karaf/itests/SshKeyFormatTest.java   | 10 ++-
 shell/ssh/pom.xml                               | 14 ++++
 .../org/apache/karaf/shell/ssh/Activator.java   |  2 +-
 .../ssh/OpenSSHGeneratorFileKeyProvider.java    | 75 ++++++++++++++++++++
 .../OpenSSHGeneratorKeyFileProviderTest.java    | 16 +++++
 .../org/apache/karaf/shell/ssh/test.pem         | 27 +++++++
 6 files changed, 137 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/karaf/blob/e5d5a40b/itests/src/test/java/org/apache/karaf/itests/SshKeyFormatTest.java
----------------------------------------------------------------------
diff --git a/itests/src/test/java/org/apache/karaf/itests/SshKeyFormatTest.java 
b/itests/src/test/java/org/apache/karaf/itests/SshKeyFormatTest.java
index 2434dd5..23c4af5 100644
--- a/itests/src/test/java/org/apache/karaf/itests/SshKeyFormatTest.java
+++ b/itests/src/test/java/org/apache/karaf/itests/SshKeyFormatTest.java
@@ -42,17 +42,15 @@ public class SshKeyFormatTest extends SshCommandTestBase {
 
     @Configuration
     public Option[] config() {
-        File keyFile = new File("src/test/resources/test.pem");
+        File keyFile = new File("src/test/resources/etc/test.pem");
         return options(composite(super.config()),
                 editConfigurationFilePut("etc/org.apache.karaf.shell.cfg", 
"hostKey", keyFile.getAbsolutePath()),
-                editConfigurationFilePut("etc/org.apache.karaf.shell.cfg", 
"hostKeyFormat", "PEM"),
-                mavenBundle("org.apache.servicemix.bundles", 
"org.apache.servicemix.bundles.bcpg-jdk16")
-                ,
-                
vmOption("-Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=5005")
+                editConfigurationFilePut("etc/org.apache.karaf.shell.cfg", 
"hostKeyFormat", "PEM")
+//                ,
+//                
vmOption("-Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=5005")
                 );
     }
 
-
     @Test
     public void usePemKey() throws Exception {
         SshClient client = SshClient.setUpDefaultClient();

http://git-wip-us.apache.org/repos/asf/karaf/blob/e5d5a40b/shell/ssh/pom.xml
----------------------------------------------------------------------
diff --git a/shell/ssh/pom.xml b/shell/ssh/pom.xml
index 9904d6a..2f77c09 100644
--- a/shell/ssh/pom.xml
+++ b/shell/ssh/pom.xml
@@ -43,6 +43,8 @@
             <artifactId>org.apache.karaf.shell.core</artifactId>
         </dependency>
 
+
+
         <dependency>
             <groupId>org.apache.felix</groupId>
             <artifactId>org.apache.felix.gogo.runtime</artifactId>
@@ -73,6 +75,18 @@
         </dependency>
 
         <dependency>
+            <groupId>org.apache.servicemix.bundles</groupId>
+            
<artifactId>org.apache.servicemix.bundles.not-yet-commons-ssl</artifactId>
+            <version>0.3.11_1</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-jdk14</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
             <groupId>org.apache.karaf.jaas</groupId>
             <artifactId>org.apache.karaf.jaas.modules</artifactId>
         </dependency>

http://git-wip-us.apache.org/repos/asf/karaf/blob/e5d5a40b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/Activator.java
----------------------------------------------------------------------
diff --git a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/Activator.java 
b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/Activator.java
index 66b55e8..600407b 100644
--- a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/Activator.java
+++ b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/Activator.java
@@ -155,7 +155,7 @@ public class Activator extends BaseActivator implements 
ManagedService {
         if ("simple".equalsIgnoreCase(hostKeyFormat)) {
             keyPairProvider = new SimpleGeneratorHostKeyProvider();
         } else if ("PEM".equalsIgnoreCase(hostKeyFormat)) {
-            keyPairProvider = new PEMGeneratorHostKeyProvider();
+            keyPairProvider = new OpenSSHGeneratorFileKeyProvider();
         } else {
             LOGGER.error("Invalid host key format " + hostKeyFormat);
             return null;

http://git-wip-us.apache.org/repos/asf/karaf/blob/e5d5a40b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/OpenSSHGeneratorFileKeyProvider.java
----------------------------------------------------------------------
diff --git 
a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/OpenSSHGeneratorFileKeyProvider.java
 
b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/OpenSSHGeneratorFileKeyProvider.java
new file mode 100644
index 0000000..02baeff
--- /dev/null
+++ 
b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/OpenSSHGeneratorFileKeyProvider.java
@@ -0,0 +1,75 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.karaf.shell.ssh;
+
+import org.apache.commons.ssl.PEMUtil;
+import org.apache.commons.ssl.PKCS8Key;
+import org.apache.sshd.server.keyprovider.AbstractGeneratorHostKeyProvider;
+
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.security.KeyPair;
+import java.util.ArrayList;
+import java.util.Collection;
+
+/**
+ * Read SSH keys without resorting to BouncyCastle
+ */
+public class OpenSSHGeneratorFileKeyProvider extends 
AbstractGeneratorHostKeyProvider {
+    private String password;
+
+    public OpenSSHGeneratorFileKeyProvider() {
+    }
+
+    public OpenSSHGeneratorFileKeyProvider(String path) {
+        super(path);
+    }
+
+    public OpenSSHGeneratorFileKeyProvider(String path, String algorithm) {
+        super(path, algorithm);
+    }
+
+    public OpenSSHGeneratorFileKeyProvider(String path, String algorithm, int 
keySize) {
+        super(path, algorithm, keySize);
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+
+    @Override
+    protected KeyPair doReadKeyPair(InputStream is) throws Exception {
+        PKCS8Key pkcs8 = new PKCS8Key(is, password == null ? null : 
password.toCharArray());
+        return new KeyPair(pkcs8.getPublicKey(), pkcs8.getPrivateKey());
+    }
+
+    @Override
+    protected void doWriteKeyPair(KeyPair kp, OutputStream os) throws 
Exception {
+        Collection<Object> items = new ArrayList<>();
+        items.add(kp.getPrivate());
+        items.add(kp.getPublic());
+        byte[] bytes = PEMUtil.encode(items);
+        os.write(bytes);
+    }
+}

http://git-wip-us.apache.org/repos/asf/karaf/blob/e5d5a40b/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/OpenSSHGeneratorKeyFileProviderTest.java
----------------------------------------------------------------------
diff --git 
a/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/OpenSSHGeneratorKeyFileProviderTest.java
 
b/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/OpenSSHGeneratorKeyFileProviderTest.java
new file mode 100644
index 0000000..b977191
--- /dev/null
+++ 
b/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/OpenSSHGeneratorKeyFileProviderTest.java
@@ -0,0 +1,16 @@
+package org.apache.karaf.shell.ssh;
+
+import org.junit.Test;
+
+import java.security.KeyPair;
+
+public class OpenSSHGeneratorKeyFileProviderTest {
+
+    @Test
+    public void readSshKey() throws Exception {
+        OpenSSHGeneratorFileKeyProvider prov = new 
OpenSSHGeneratorFileKeyProvider("src/test/resources/org/apache/karaf/shell/ssh/test.pem");
+        prov.setOverwriteAllowed(false);
+        KeyPair keys = prov.loadKeys().iterator().next();
+        // how would we tell if they read 'correctly'? Well, the base class 
will throw if the key isn't reasonable.
+    }
+}

http://git-wip-us.apache.org/repos/asf/karaf/blob/e5d5a40b/shell/ssh/src/test/resources/org/apache/karaf/shell/ssh/test.pem
----------------------------------------------------------------------
diff --git a/shell/ssh/src/test/resources/org/apache/karaf/shell/ssh/test.pem 
b/shell/ssh/src/test/resources/org/apache/karaf/shell/ssh/test.pem
new file mode 100644
index 0000000..64c6eb4
--- /dev/null
+++ b/shell/ssh/src/test/resources/org/apache/karaf/shell/ssh/test.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAvHFgGEKjSgg5382ZMw4DUafHmWeQYp7nnvao9ME9O16czyAD
+BsdmyTH9rfKdZ14CkzC40LEAQ5kv/ZeDD4/8LsVfUpExhuh9g86hyG4zK9q3GfGg
+IeV26GlUeDlBV9W5xJRdJbbj4Cp0OzkxX0+BmgS+f0qUDxUGnTljOlZlnVLgJcbD
+YZ5nxHnQ4gtxHtkmmkkIwz4sMiWOdcIoDIV1OQ6dqZoRqwOkpfc+jdsEEnQJZzPx
+4BLkD9fcNW5g3uaJupD4idHDTtLhYeTx9c8KvPVurNoF8T2hvWZz9etAez0fmT6f
+tvp/9TProfrJQTC3JJeTHBuIfljfkSJ8ecJwTQIDAQABAoIBAQCAdEBvCS3KD2V0
+G/BsjwbQKLC075XKxEtbXwS5IuicidgWkNm/SznTuFIWuyV1Cu5ya2nwSFfHvKqs
+ERX0C9B6CWz7GaJLNjwpFzfNKuGS6VqbQsxHjuXJc9NyyIS0XSpuyDves5cOfaIR
+pOD0+Xt9A/LfTnUy+sAxeKcdYzuNS35Whi+VmYJZ+UgXc91O9YK0W9bNOQaHtxbW
+TO3kZxMwd5MmoiU817Fr3Xo1LFMytQrG2E0l3774NdHs7WALV3gA3uehGND/4UcO
+3PTJQpdJXc11sS+bB9qIp0sd/e7LJgUdXDBQhqewO43vlO/1r+u27IF7YYCxN9Wn
+h5/jbac5AoGBAPGWa8PG6JoRHioBYBOJyOzSBtTBHuO/kHbUqMlO4U75NbkbdmlU
+D3xpH6hS1poP5YvXjwKLiHryrbVCtmh4HSfolFLJXOOeINn8BnFi3RkD+oGzhk0V
+DIoI6XoEVHKSmH7oL6sxpkH1ozPmdjmDbcUrTEArJL6dpY4yr8i7/CGzAoGBAMev
+UQ+yUCtcfLo1MW4AOop6gWFCy+g0+5VHEHmzTzoo0W8ajLVDBJ/1syQckBW1uNRj
+iXOwqFGHIHGuA96iLeiY7gg2KA0slcup1OZsyMA/HHd7DFY3OmDbP+cszREV90Ui
+g06fHy1rv4i8lxLE4R0M1Wmz/KUG8TCSXqBJSiX/AoGBAMDlQhaH86FQma0ge/4d
+vfiZmiq2KFvg0RCQrFRQT0YnZeXvL5TaMaM8rLJRslhA6R/HdcCqeMbyjhB0vACe
+J2l+IzAW57w2vjRPLzXJopAexR5aoZlafTCZ/RIX8vWoZ2qtKaKfegiggTcnhK5X
+aoZMFA4IZMZuSYpInmLA9ohRAoGADSHUfOnHJ/LfKQfShl9xeiXwWEsiSdUiLoEL
+7lUCgtqoW1wtoMYViceIznkqaKMY0q7xHTCjASmX0qIVExErX76e+N9G5wblmw1C
+OR0yXqJH5vuqpgjfx/rjSvrBSbxeFKfeZs9EJ6KMaBuu+8cC3vw3FMqHdPrt5bna
+i0QGolUCgYAi7fZAo3BhS8GgAMAcg/Uu9rxNuupW+GHiQNaP53Quq+I9T2RyCvEn
+gUiOSRyqW+y7P7nqrL4NQe+PHSJQqWZypQZIoDdNvvIZvpHERjcOKKxPuPhdi0/j
+fPJkMBCIbjoRJoQDbiqZoQ7v2YCpYhT85MXX8PMtCeW1OWRKwpepMA==
+-----END RSA PRIVATE KEY-----

Reply via email to