This is an automated email from the ASF dual-hosted git repository.
ggrzybek pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new 9e58f40 [CAMEL-16554] Add support for private keys with OPENSSH
PRIVATE KEY header (#5467)
9e58f40 is described below
commit 9e58f40c2feb94220b887e28b5b0c1b582516ba7
Author: Grzegorz Grzybek <gr.grzy...@gmail.com>
AuthorDate: Mon Apr 26 16:29:48 2021 +0200
[CAMEL-16554] Add support for private keys with OPENSSH PRIVATE KEY header
(#5467)
---
.../ssh/ResourceHelperKeyPairProvider.java | 32 ++++++++++++++++++++
.../component/ssh/SshComponentSecurityTest.java | 35 ++++++++++++++++++++++
components/camel-ssh/src/test/resources/eddsa.pem | 7 +++++
.../camel-ssh/src/test/resources/eddsa.pem.pub | 1 +
.../camel-ssh/src/test/resources/enceddsa.pem | 8 +++++
.../camel-ssh/src/test/resources/enceddsa.pem.pub | 1 +
6 files changed, 84 insertions(+)
diff --git
a/components/camel-ssh/src/main/java/org/apache/camel/component/ssh/ResourceHelperKeyPairProvider.java
b/components/camel-ssh/src/main/java/org/apache/camel/component/ssh/ResourceHelperKeyPairProvider.java
index c5f8797..6ad55df 100644
---
a/components/camel-ssh/src/main/java/org/apache/camel/component/ssh/ResourceHelperKeyPairProvider.java
+++
b/components/camel-ssh/src/main/java/org/apache/camel/component/ssh/ResourceHelperKeyPairProvider.java
@@ -36,6 +36,8 @@ import java.util.function.Supplier;
import org.apache.camel.CamelContext;
import org.apache.camel.support.ResourceHelper;
+import org.apache.sshd.common.NamedResource;
+import org.apache.sshd.common.config.keys.FilePasswordProvider;
import org.apache.sshd.common.keyprovider.AbstractKeyPairProvider;
import org.apache.sshd.common.session.SessionContext;
import org.apache.sshd.common.util.io.IoUtils;
@@ -127,6 +129,36 @@ public class ResourceHelperKeyPairProvider extends
AbstractKeyPairProvider {
InputStream is = null;
try {
is =
ResourceHelper.resolveMandatoryResourceAsInputStream(camelContext, resource);
+
+ // first try with apache sshd itself
+ FilePasswordProvider passwordProvider = null;
+ if (passwordFinder != null) {
+ passwordProvider = new FilePasswordProvider() {
+ @Override
+ public String getPassword(SessionContext session,
NamedResource resourceKey, int retryIndex)
+ throws IOException {
+ return new String(passwordFinder.get());
+ }
+ };
+ }
+ try {
+ // this method uses aggregate parser, which includes:
+ // - DSSPEMResourceKeyPairParser
+ // - ECDSAPEMResourceKeyPairParser
+ // - PKCS8PEMResourceKeyPairParser
+ // - RSAPEMResourceKeyPairParser
+ // - OpenSSHKeyPairResourceParser
+ // but it doesn't read keys with "BEGIN ENCRYPTED PRIVATE
KEY"
+ Iterable<KeyPair> keyPairs
+ =
SecurityUtils.loadKeyPairIdentities(sessionContext, null, is, passwordProvider);
+ if (keyPairs != null) {
+ return keyPairs;
+ }
+ } catch (IOException | GeneralSecurityException e) {
+ log.debug("Unable to read key: {}", e.getMessage());
+ }
+
+ is =
ResourceHelper.resolveMandatoryResourceAsInputStream(camelContext, resource);
isr = new InputStreamReader(is);
r = new PEMParser(isr);
diff --git
a/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentSecurityTest.java
b/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentSecurityTest.java
index 631eaed..7210a85 100644
---
a/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentSecurityTest.java
+++
b/components/camel-ssh/src/test/java/org/apache/camel/component/ssh/SshComponentSecurityTest.java
@@ -79,6 +79,32 @@ public class SshComponentSecurityTest extends
SshComponentTestSupport {
}
@Test
+ public void testEdDSAFile() throws Exception {
+ final String msg = "test";
+
+ MockEndpoint mock = getMockEndpoint("mock:eddsaFile");
+ mock.expectedMinimumMessageCount(1);
+ mock.expectedBodiesReceived(msg);
+
+ template.sendBody("direct:ssh-eddsaFile", msg);
+
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
+ public void testEncryptedEdDSAFile() throws Exception {
+ final String msg = "test";
+
+ MockEndpoint mock = getMockEndpoint("mock:enceddsaFile");
+ mock.expectedMinimumMessageCount(1);
+ mock.expectedBodiesReceived(msg);
+
+ template.sendBody("direct:ssh-enceddsaFile", msg);
+
+ assertMockEndpointsSatisfied();
+ }
+
+ @Test
public void testECFile() throws Exception {
final String msg = "test";
@@ -147,6 +173,15 @@ public class SshComponentSecurityTest extends
SshComponentTestSupport {
from("direct:ssh-ecFilepkcs8")
.to("ssh://smx@localhost:" + port +
"?certResource=file:src/test/resources/ecpkcs8.pem")
.to("mock:ecFilepkcs8");
+
+ from("direct:ssh-eddsaFile")
+ .to("ssh://smx@localhost:" + port +
"?certResource=file:src/test/resources/eddsa.pem")
+ .to("mock:eddsaFile");
+
+ from("direct:ssh-enceddsaFile")
+ .to("ssh://smx@localhost:" + port
+ +
"?certResource=file:src/test/resources/enceddsa.pem&certResourcePassword=security")
+ .to("mock:enceddsaFile");
}
};
}
diff --git a/components/camel-ssh/src/test/resources/eddsa.pem
b/components/camel-ssh/src/test/resources/eddsa.pem
new file mode 100644
index 0000000..60552e1
--- /dev/null
+++ b/components/camel-ssh/src/test/resources/eddsa.pem
@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACDFsOMqxybLW8XmHg2V/87NekFKIGaHnWwsOT6hNPJyOwAAAKD899zx/Pfc
+8QAAAAtzc2gtZWQyNTUxOQAAACDFsOMqxybLW8XmHg2V/87NekFKIGaHnWwsOT6hNPJyOw
+AAAEBfxynGxSwtbwPcioXYRNb17HpjgQrjHpLM6lF2ggzRicWw4yrHJstbxeYeDZX/zs16
+QUogZoedbCw5PqE08nI7AAAAGGdncnp5YmVrQGV2ZXJmcmVlLmZvcmVzdAECAwQF
+-----END OPENSSH PRIVATE KEY-----
diff --git a/components/camel-ssh/src/test/resources/eddsa.pem.pub
b/components/camel-ssh/src/test/resources/eddsa.pem.pub
new file mode 100644
index 0000000..8840b01
--- /dev/null
+++ b/components/camel-ssh/src/test/resources/eddsa.pem.pub
@@ -0,0 +1 @@
+ssh-ed25519
AAAAC3NzaC1lZDI1NTE5AAAAIMWw4yrHJstbxeYeDZX/zs16QUogZoedbCw5PqE08nI7 ED25519
Camel Key
diff --git a/components/camel-ssh/src/test/resources/enceddsa.pem
b/components/camel-ssh/src/test/resources/enceddsa.pem
new file mode 100644
index 0000000..6bf4cc7
--- /dev/null
+++ b/components/camel-ssh/src/test/resources/enceddsa.pem
@@ -0,0 +1,8 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB3qDDCiU
+7Aga7N8v61T9oeAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIMGg5eMbgvEiQ81N
+tinKS473PPaUuq7/UQstm+ElYxUbAAAAoIMr9CLh/n5Klptu+Z8nSAw2jxtlUACfOdbPI7
+qbLN/LPVzYJCv54QYHLVQrz3SHaFlFw37lNUCh7uFfUeDMbH9SsAbX3ddVQKdRZL95qC3W
+0p2ih9K4N+9+RmpKCHhkGmyuiZ8KPF0UldwajkYJ2oLOy/nS9vB/Be8t11OQS6Gql4Utyx
+cixJD6RrgMRB3v+jfXqEl4QC2WD5aDrLmxmuM=
+-----END OPENSSH PRIVATE KEY-----
diff --git a/components/camel-ssh/src/test/resources/enceddsa.pem.pub
b/components/camel-ssh/src/test/resources/enceddsa.pem.pub
new file mode 100644
index 0000000..13e4128
--- /dev/null
+++ b/components/camel-ssh/src/test/resources/enceddsa.pem.pub
@@ -0,0 +1 @@
+ssh-ed25519
AAAAC3NzaC1lZDI1NTE5AAAAIMGg5eMbgvEiQ81NtinKS473PPaUuq7/UQstm+ElYxUb ED25519
Camel Key
