This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/master by this push:
new f8832c8 Remove custom Identity classes for RSA/DSA signing from
camel-ftp + improve security testing in general
f8832c8 is described below
commit f8832c812d380f06879b898f41de000fbba8e9ee
Author: Colm O hEigeartaigh <cohei...@apache.org>
AuthorDate: Thu Jul 4 10:33:11 2019 +0100
Remove custom Identity classes for RSA/DSA signing from camel-ftp + improve
security testing in general
---
.../component/file/remote/DSAKeyPairIdentity.java | 226 ---------------------
.../component/file/remote/RSAKeyPairIdentity.java | 144 -------------
.../component/file/remote/SftpOperations.java | 24 +--
...sumeTest.java => SftpECKeyFileConsumeTest.java} | 12 +-
.../file/remote/sftp/SftpKeyFileConsumeTest.java | 8 +
.../remote/sftp/SftpKeyPairDSAConsumeTest.java | 27 ++-
.../remote/sftp/SftpKeyPairRSAConsumeTest.java | 27 ++-
.../file/remote/sftp/SftpServerTestSupport.java | 7 +-
components/camel-ftp/src/test/resources/ec.pem | 7 +
9 files changed, 73 insertions(+), 409 deletions(-)
diff --git
a/components/camel-ftp/src/main/java/org/apache/camel/component/file/remote/DSAKeyPairIdentity.java
b/components/camel-ftp/src/main/java/org/apache/camel/component/file/remote/DSAKeyPairIdentity.java
deleted file mode 100644
index d95a2d1..0000000
---
a/components/camel-ftp/src/main/java/org/apache/camel/component/file/remote/DSAKeyPairIdentity.java
+++ /dev/null
@@ -1,226 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.camel.component.file.remote;
-
-import java.nio.ByteBuffer;
-import java.security.InvalidKeyException;
-import java.security.KeyPair;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.security.interfaces.DSAParams;
-import java.security.interfaces.DSAPublicKey;
-
-import com.jcraft.jsch.Identity;
-import com.jcraft.jsch.JSchException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class DSAKeyPairIdentity implements Identity {
- private static final String ALGORITHM_TYPE = "ssh-dss";
- private final Logger log = LoggerFactory.getLogger(getClass());
- private KeyPair keyPair;
- private String name;
-
- public DSAKeyPairIdentity(String name, KeyPair keyPair) {
- this.name = name;
- this.keyPair = keyPair;
- }
-
- @Override
- public boolean setPassphrase(byte[] passphrase) throws JSchException {
- return true;
- }
-
- @Override
- public byte[] getPublicKeyBlob() {
- DSAPublicKey publicKey = (DSAPublicKey) keyPair.getPublic();
- byte[] sshDss = ALGORITHM_TYPE.getBytes();
-
- DSAParams dsaParams = publicKey.getParams();
- byte[] pArray = dsaParams.getP().toByteArray();
- byte[] qArray = dsaParams.getQ().toByteArray();
- byte[] gArray = dsaParams.getG().toByteArray();
- byte[] yArray = publicKey.getY().toByteArray();
-
- byte[] result = new byte[sshDss.length + 4 + pArray.length + 4 +
qArray.length + 4 + gArray.length + 4 + yArray.length + 4];
- int index = 0;
-
- byte[] intAsByteArray =
ByteBuffer.allocate(4).putInt(sshDss.length).array();
- System.arraycopy(intAsByteArray, 0, result, index, 4);
- index += 4;
-
- System.arraycopy(sshDss, 0, result, index, sshDss.length);
- index += sshDss.length;
-
- intAsByteArray = ByteBuffer.allocate(4).putInt(pArray.length).array();
- System.arraycopy(intAsByteArray, 0, result, index, 4);
- index += 4;
-
- System.arraycopy(pArray, 0, result, index, pArray.length);
- index += pArray.length;
-
- intAsByteArray = ByteBuffer.allocate(4).putInt(qArray.length).array();
- System.arraycopy(intAsByteArray, 0, result, index, 4);
- index += 4;
-
- System.arraycopy(qArray, 0, result, index, qArray.length);
- index += qArray.length;
-
- intAsByteArray = ByteBuffer.allocate(4).putInt(gArray.length).array();
- System.arraycopy(intAsByteArray, 0, result, index, 4);
- index += 4;
-
- System.arraycopy(gArray, 0, result, index, gArray.length);
- index += gArray.length;
-
- intAsByteArray = ByteBuffer.allocate(4).putInt(yArray.length).array();
- System.arraycopy(intAsByteArray, 0, result, index, 4);
- index += 4;
-
- System.arraycopy(yArray, 0, result, index, yArray.length);
-
- return result;
- }
-
- @Override
- public byte[] getSignature(byte[] data) {
- try {
- PrivateKey prvKey = keyPair.getPrivate();
- Signature sig = Signature.getInstance("SHA1withDSA");
- sig.initSign(prvKey);
- sig.update(data);
- byte[] sshDss = ALGORITHM_TYPE.getBytes();
- byte[] signature = sig.sign();
-
- signature = convertDERToP1363(signature);
-
- byte[] result = new byte[sshDss.length + 4 + signature.length + 4];
- int index = 0;
-
- byte[] intAsByteArray =
ByteBuffer.allocate(4).putInt(sshDss.length).array();
- System.arraycopy(intAsByteArray, 0, result, index, 4);
- index += 4;
-
- System.arraycopy(sshDss, 0, result, index, sshDss.length);
- index += sshDss.length;
-
- intAsByteArray =
ByteBuffer.allocate(4).putInt(signature.length).array();
- System.arraycopy(intAsByteArray, 0, result, index, 4);
- index += 4;
-
- System.arraycopy(signature, 0, result, index, signature.length);
-
- return result;
- } catch (NoSuchAlgorithmException e) {
- log.error("Cannot sign", e);
- } catch (InvalidKeyException e) {
- log.error("Cannot sign", e);
- } catch (SignatureException e) {
- log.error("Cannot sign", e);
- }
- return null;
- }
-
- /**
- * "The signature on m is (r, s). Message m and (r, s) should be sent to
the
- * verifier. We need to observe that both r and s are 20 bytes, since a
- * modular reduction is being performed (steps 2 and 5) using q, a 160 bit
- * value. This will gain significance later when we begin verifying
messages
- * between Crypto++ and C# (which use the IEEE P1363 signature format) and
- * Java (which uses a DER encoding of a signature)." [taken from <a href=
- *
"http://www.codeproject.com/Articles/25590/Cryptographic-Interoperability-Digital-Signatures";
- * >Cryptographic Interoperability Digital Signatures</a>]
- *
- * @param sig
- * signature in DER format
- * @return signature in P1363 format; SEQUENCE ::= { r INTEGER, s INTEGER }
- */
- private byte[] convertDERToP1363(byte[] sig) {
- int index = 3;
- int len = sig[index++] & 0xff;
-
- byte[] r = new byte[len];
- System.arraycopy(sig, index, r, 0, r.length);
- index = index + len + 1;
-
- len = sig[index++] & 0xff;
- byte[] s = new byte[len];
- System.arraycopy(sig, index, s, 0, s.length);
-
- byte[] p1363Signature = new byte[40];
- if (r.length > 21 || (r.length == 21 && r[0] != 0)) {
- // Reject - signature verification failed
- } else if (r.length == 21) {
- // r[0] = 0
- // r[1]'s high bit *should* be set
- System.arraycopy(r, 1, p1363Signature, 0, 20);
- } else if (r.length == 20) {
- // r[0]'s high bit *should not* be set
- System.arraycopy(r, 0, p1363Signature, 0, 20);
- } else {
- // fewer than 20 bytes
- len = r.length;
- int off = 20 - len;
- System.arraycopy(r, 0, p1363Signature, off, len);
- }
-
- if (s.length > 21 || (s.length == 21 && s[0] != 0)) {
- // Reject - signature verification failed
- p1363Signature = new byte[0];
- } else if (s.length == 21) {
- // s[0] = 0
- // s[1]'s high bit *should* be set
- System.arraycopy(s, 1, p1363Signature, 20, 20);
- } else if (s.length == 20) {
- // s[0]'s high bit *should not* be set
- System.arraycopy(s, 0, p1363Signature, 20, 20);
- } else {
- // fewer than 20 bytes
- len = s.length;
- int off = 40 - len;
- System.arraycopy(s, 0, p1363Signature, off, len);
- }
-
- return p1363Signature;
- }
-
- @Override
- public boolean decrypt() {
- return true;
- }
-
- @Override
- public String getAlgName() {
- return ALGORITHM_TYPE;
- }
-
- @Override
- public String getName() {
- return name;
- }
-
- @Override
- public boolean isEncrypted() {
- return false;
- }
-
- @Override
- public void clear() {
- }
-}
diff --git
a/components/camel-ftp/src/main/java/org/apache/camel/component/file/remote/RSAKeyPairIdentity.java
b/components/camel-ftp/src/main/java/org/apache/camel/component/file/remote/RSAKeyPairIdentity.java
deleted file mode 100644
index f3af15a..0000000
---
a/components/camel-ftp/src/main/java/org/apache/camel/component/file/remote/RSAKeyPairIdentity.java
+++ /dev/null
@@ -1,144 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.camel.component.file.remote;
-
-import java.nio.ByteBuffer;
-import java.security.InvalidKeyException;
-import java.security.KeyPair;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.Signature;
-import java.security.SignatureException;
-import java.security.interfaces.RSAPublicKey;
-
-import com.jcraft.jsch.Identity;
-import com.jcraft.jsch.JSchException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-
-
-public class RSAKeyPairIdentity implements Identity {
- private static final String ALGORITHM_TYPE = "ssh-rsa";
- private final Logger log = LoggerFactory.getLogger(getClass());
-
- private KeyPair keyPair;
- private String name;
-
- public RSAKeyPairIdentity(String name, KeyPair keyPair) {
- this.name = name;
- this.keyPair = keyPair;
- }
-
- @Override
- public boolean setPassphrase(byte[] passphrase) throws JSchException {
- return true;
- }
-
- @Override
- public byte[] getPublicKeyBlob() {
- RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
- byte[] sshRsa = ALGORITHM_TYPE.getBytes();
- byte[] eArray = publicKey.getPublicExponent().toByteArray();
- byte[] nArray = publicKey.getModulus().toByteArray();
-
- byte[] result = new byte[sshRsa.length + 4 + eArray.length + 4 +
nArray.length + 4];
- int index = 0;
-
- byte[] intAsByteArray =
ByteBuffer.allocate(4).putInt(sshRsa.length).array();
- System.arraycopy(intAsByteArray, 0, result, index, 4);
- index += 4;
-
- System.arraycopy(sshRsa, 0, result, index, sshRsa.length);
- index += sshRsa.length;
-
- intAsByteArray = ByteBuffer.allocate(4).putInt(eArray.length).array();
- System.arraycopy(intAsByteArray, 0, result, index, 4);
- index += 4;
-
- System.arraycopy(eArray, 0, result, index, eArray.length);
- index += eArray.length;
-
- intAsByteArray = ByteBuffer.allocate(4).putInt(nArray.length).array();
- System.arraycopy(intAsByteArray, 0, result, index, 4);
- index += 4;
-
- System.arraycopy(nArray, 0, result, index, nArray.length);
-
- return result;
- }
-
- @Override
- public byte[] getSignature(byte[] data) {
- PrivateKey prvKey = keyPair.getPrivate();
- try {
- Signature sig = Signature.getInstance("SHA1withRSA");
- sig.initSign(prvKey);
- sig.update(data);
- byte[] sshRsa = ALGORITHM_TYPE.getBytes();
- byte[] signature = sig.sign();
- byte[] result = new byte[sshRsa.length + 4 + signature.length + 4];
- int index = 0;
-
- byte[] intAsByteArray =
ByteBuffer.allocate(4).putInt(sshRsa.length).array();
- System.arraycopy(intAsByteArray, 0, result, index, 4);
- index += 4;
-
- System.arraycopy(sshRsa, 0, result, index, sshRsa.length);
- index += sshRsa.length;
-
- intAsByteArray =
ByteBuffer.allocate(4).putInt(signature.length).array();
- System.arraycopy(intAsByteArray, 0, result, index, 4);
- index += 4;
-
- System.arraycopy(signature, 0, result, index, signature.length);
-
- return result;
- } catch (NoSuchAlgorithmException e) {
- log.error("Cannot sign", e);
- } catch (InvalidKeyException e) {
- log.error("Cannot sign", e);
- } catch (SignatureException e) {
- log.error("Cannot sign", e);
- }
- return null;
- }
-
- @Override
- public boolean decrypt() {
- return true;
- }
-
- @Override
- public String getAlgName() {
- return ALGORITHM_TYPE;
- }
-
- @Override
- public String getName() {
- return name;
- }
-
- @Override
- public boolean isEncrypted() {
- return false;
- }
-
- @Override
- public void clear() {
- }
-}
diff --git
a/components/camel-ftp/src/main/java/org/apache/camel/component/file/remote/SftpOperations.java
b/components/camel-ftp/src/main/java/org/apache/camel/component/file/remote/SftpOperations.java
index 237110e..8a333dc 100644
---
a/components/camel-ftp/src/main/java/org/apache/camel/component/file/remote/SftpOperations.java
+++
b/components/camel-ftp/src/main/java/org/apache/camel/component/file/remote/SftpOperations.java
@@ -29,11 +29,8 @@ import java.net.Socket;
import java.net.UnknownHostException;
import java.nio.charset.StandardCharsets;
import java.security.KeyPair;
-import java.security.interfaces.DSAPrivateKey;
-import java.security.interfaces.DSAPublicKey;
-import java.security.interfaces.RSAPrivateKey;
-import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
+import java.util.Base64;
import java.util.Hashtable;
import java.util.List;
import java.util.regex.Pattern;
@@ -240,20 +237,19 @@ public class SftpOperations implements
RemoteFileOperations<SftpRemoteFile> {
}
}
-
if (sftpConfig.getKeyPair() != null) {
LOG.debug("Using private key information from key pair");
KeyPair keyPair = sftpConfig.getKeyPair();
- if (keyPair.getPrivate() != null && keyPair.getPublic() != null) {
- if (keyPair.getPrivate() instanceof RSAPrivateKey &&
keyPair.getPublic() instanceof RSAPublicKey) {
- jsch.addIdentity(new RSAKeyPairIdentity("ID", keyPair),
null);
- } else if (keyPair.getPrivate() instanceof DSAPrivateKey &&
keyPair.getPublic() instanceof DSAPublicKey) {
- jsch.addIdentity(new DSAKeyPairIdentity("ID", keyPair),
null);
- } else {
- LOG.warn("Only RSA and DSA key pairs are supported");
- }
+ if (keyPair.getPrivate() != null) {
+ // Encode the private key in PEM format for JSCH
+ StringBuilder sb = new StringBuilder(256);
+ sb.append("-----BEGIN PRIVATE KEY-----").append("\n");
+
sb.append(Base64.getEncoder().encodeToString(keyPair.getPrivate().getEncoded())).append("\n");
+ sb.append("-----END PRIVATE KEY-----").append("\n");
+
+ jsch.addIdentity("ID",
sb.toString().getBytes(StandardCharsets.UTF_8), null, null);
} else {
- LOG.warn("PrivateKey and PublicKey in the KeyPair must be
filled");
+ LOG.warn("PrivateKey in the KeyPair must be filled");
}
}
diff --git
a/components/camel-ftp/src/test/java/org/apache/camel/component/file/remote/sftp/SftpKeyFileConsumeTest.java
b/components/camel-ftp/src/test/java/org/apache/camel/component/file/remote/sftp/SftpECKeyFileConsumeTest.java
similarity index 82%
copy from
components/camel-ftp/src/test/java/org/apache/camel/component/file/remote/sftp/SftpKeyFileConsumeTest.java
copy to
components/camel-ftp/src/test/java/org/apache/camel/component/file/remote/sftp/SftpECKeyFileConsumeTest.java
index d8ab39d..cb4ab0c 100644
---
a/components/camel-ftp/src/test/java/org/apache/camel/component/file/remote/sftp/SftpKeyFileConsumeTest.java
+++
b/components/camel-ftp/src/test/java/org/apache/camel/component/file/remote/sftp/SftpECKeyFileConsumeTest.java
@@ -16,12 +16,15 @@
*/
package org.apache.camel.component.file.remote.sftp;
+import java.security.interfaces.ECPublicKey;
+
import org.apache.camel.Exchange;
import org.apache.camel.builder.RouteBuilder;
import org.apache.camel.component.mock.MockEndpoint;
+import org.apache.sshd.server.auth.pubkey.PublickeyAuthenticator;
import org.junit.Test;
-public class SftpKeyFileConsumeTest extends SftpServerTestSupport {
+public class SftpECKeyFileConsumeTest extends SftpServerTestSupport {
@Test
public void testSftpSimpleConsume() throws Exception {
@@ -45,12 +48,17 @@ public class SftpKeyFileConsumeTest extends
SftpServerTestSupport {
}
@Override
+ protected PublickeyAuthenticator getPublickeyAuthenticator() {
+ return (username, key, session) -> key instanceof ECPublicKey;
+ }
+
+ @Override
protected RouteBuilder createRouteBuilder() throws Exception {
return new RouteBuilder() {
@Override
public void configure() throws Exception {
from("sftp://localhost:"; + getPort() + "/" + FTP_ROOT_DIR
- +
"?username=admin&knownHostsFile=./src/test/resources/known_hosts&privateKeyFile=./src/test/resources/id_rsa&privateKeyPassphrase=secret&delay=10s&disconnect=true")
+ +
"?username=admin&knownHostsFile=./src/test/resources/known_hosts&privateKeyFile=./src/test/resources/ec.pem&delay=10s&disconnect=true")
.routeId("foo").noAutoStartup()
.to("mock:result");
}
diff --git
a/components/camel-ftp/src/test/java/org/apache/camel/component/file/remote/sftp/SftpKeyFileConsumeTest.java
b/components/camel-ftp/src/test/java/org/apache/camel/component/file/remote/sftp/SftpKeyFileConsumeTest.java
index d8ab39d..41d9305 100644
---
a/components/camel-ftp/src/test/java/org/apache/camel/component/file/remote/sftp/SftpKeyFileConsumeTest.java
+++
b/components/camel-ftp/src/test/java/org/apache/camel/component/file/remote/sftp/SftpKeyFileConsumeTest.java
@@ -16,9 +16,12 @@
*/
package org.apache.camel.component.file.remote.sftp;
+import java.security.interfaces.RSAPublicKey;
+
import org.apache.camel.Exchange;
import org.apache.camel.builder.RouteBuilder;
import org.apache.camel.component.mock.MockEndpoint;
+import org.apache.sshd.server.auth.pubkey.PublickeyAuthenticator;
import org.junit.Test;
public class SftpKeyFileConsumeTest extends SftpServerTestSupport {
@@ -45,6 +48,11 @@ public class SftpKeyFileConsumeTest extends
SftpServerTestSupport {
}
@Override
+ protected PublickeyAuthenticator getPublickeyAuthenticator() {
+ return (username, key, session) -> key instanceof RSAPublicKey;
+ }
+
+ @Override
protected RouteBuilder createRouteBuilder() throws Exception {
return new RouteBuilder() {
@Override
diff --git
a/components/camel-ftp/src/test/java/org/apache/camel/component/file/remote/sftp/SftpKeyPairDSAConsumeTest.java
b/components/camel-ftp/src/test/java/org/apache/camel/component/file/remote/sftp/SftpKeyPairDSAConsumeTest.java
index c46ff54..7b3479f 100644
---
a/components/camel-ftp/src/test/java/org/apache/camel/component/file/remote/sftp/SftpKeyPairDSAConsumeTest.java
+++
b/components/camel-ftp/src/test/java/org/apache/camel/component/file/remote/sftp/SftpKeyPairDSAConsumeTest.java
@@ -27,12 +27,22 @@ import java.security.KeyPairGenerator;
import org.apache.camel.Exchange;
import org.apache.camel.builder.RouteBuilder;
import org.apache.camel.component.mock.MockEndpoint;
-import org.apache.camel.impl.JndiRegistry;
import org.apache.camel.util.IOHelper;
+import org.apache.sshd.server.auth.pubkey.PublickeyAuthenticator;
+import org.junit.BeforeClass;
import org.junit.Test;
public class SftpKeyPairDSAConsumeTest extends SftpServerTestSupport {
+ private static KeyPair keyPair;
+
+ @BeforeClass
+ public static void createKeys() throws Exception {
+ KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA");
+ keyGen.initialize(1024);
+ keyPair = keyGen.generateKeyPair();
+ }
+
@Test
public void testSftpSimpleConsume() throws Exception {
if (!canTest()) {
@@ -63,20 +73,15 @@ public class SftpKeyPairDSAConsumeTest extends
SftpServerTestSupport {
}
@Override
- protected JndiRegistry createRegistry() throws Exception {
- JndiRegistry registry = super.createRegistry();
-
- KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA");
- keyGen.initialize(1024);
- KeyPair pair = keyGen.generateKeyPair();
- registry.bind("keyPair", pair);
- registry.bind("knownHosts",
getBytesFromFile("./src/test/resources/known_hosts"));
-
- return registry;
+ protected PublickeyAuthenticator getPublickeyAuthenticator() {
+ return (username, key, session) -> key.equals(keyPair.getPublic());
}
@Override
protected RouteBuilder createRouteBuilder() throws Exception {
+ context.getRegistry().bind("keyPair", keyPair);
+ context.getRegistry().bind("knownHosts",
getBytesFromFile("./src/test/resources/known_hosts"));
+
return new RouteBuilder() {
@Override
public void configure() throws Exception {
diff --git
a/components/camel-ftp/src/test/java/org/apache/camel/component/file/remote/sftp/SftpKeyPairRSAConsumeTest.java
b/components/camel-ftp/src/test/java/org/apache/camel/component/file/remote/sftp/SftpKeyPairRSAConsumeTest.java
index 8f94a7e..f8b584a 100644
---
a/components/camel-ftp/src/test/java/org/apache/camel/component/file/remote/sftp/SftpKeyPairRSAConsumeTest.java
+++
b/components/camel-ftp/src/test/java/org/apache/camel/component/file/remote/sftp/SftpKeyPairRSAConsumeTest.java
@@ -27,12 +27,22 @@ import java.security.KeyPairGenerator;
import org.apache.camel.Exchange;
import org.apache.camel.builder.RouteBuilder;
import org.apache.camel.component.mock.MockEndpoint;
-import org.apache.camel.impl.JndiRegistry;
import org.apache.camel.util.IOHelper;
+import org.apache.sshd.server.auth.pubkey.PublickeyAuthenticator;
+import org.junit.BeforeClass;
import org.junit.Test;
public class SftpKeyPairRSAConsumeTest extends SftpServerTestSupport {
+ private static KeyPair keyPair;
+
+ @BeforeClass
+ public static void createKeys() throws Exception {
+ KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
+ keyGen.initialize(2048);
+ keyPair = keyGen.generateKeyPair();
+ }
+
@Test
public void testSftpSimpleConsume() throws Exception {
if (!canTest()) {
@@ -63,20 +73,15 @@ public class SftpKeyPairRSAConsumeTest extends
SftpServerTestSupport {
}
@Override
- protected JndiRegistry createRegistry() throws Exception {
- JndiRegistry registry = super.createRegistry();
-
- KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
- keyGen.initialize(2048);
- KeyPair pair = keyGen.generateKeyPair();
- registry.bind("keyPair", pair);
- registry.bind("knownHosts",
getBytesFromFile("./src/test/resources/known_hosts"));
-
- return registry;
+ protected PublickeyAuthenticator getPublickeyAuthenticator() {
+ return (username, key, session) -> key.equals(keyPair.getPublic());
}
@Override
protected RouteBuilder createRouteBuilder() throws Exception {
+ context.getRegistry().bind("keyPair", keyPair);
+ context.getRegistry().bind("knownHosts",
getBytesFromFile("./src/test/resources/known_hosts"));
+
return new RouteBuilder() {
@Override
public void configure() throws Exception {
diff --git
a/components/camel-ftp/src/test/java/org/apache/camel/component/file/remote/sftp/SftpServerTestSupport.java
b/components/camel-ftp/src/test/java/org/apache/camel/component/file/remote/sftp/SftpServerTestSupport.java
index fe34828..2fd292d 100644
---
a/components/camel-ftp/src/test/java/org/apache/camel/component/file/remote/sftp/SftpServerTestSupport.java
+++
b/components/camel-ftp/src/test/java/org/apache/camel/component/file/remote/sftp/SftpServerTestSupport.java
@@ -31,6 +31,7 @@ import
org.apache.sshd.common.file.virtualfs.VirtualFileSystemFactory;
import org.apache.sshd.common.keyprovider.FileKeyPairProvider;
import org.apache.sshd.common.session.helpers.AbstractSession;
import org.apache.sshd.server.SshServer;
+import org.apache.sshd.server.auth.pubkey.PublickeyAuthenticator;
import org.apache.sshd.server.scp.ScpCommandFactory;
import org.apache.sshd.server.subsystem.sftp.SftpSubsystemFactory;
import org.junit.After;
@@ -75,7 +76,7 @@ public class SftpServerTestSupport extends
BaseServerTestSupport {
sshd.setSubsystemFactories(Collections.singletonList(new
SftpSubsystemFactory()));
sshd.setCommandFactory(new ScpCommandFactory());
sshd.setPasswordAuthenticator((username, password, session) ->
true);
- sshd.setPublickeyAuthenticator((username, password, session) ->
true);
+ sshd.setPublickeyAuthenticator(getPublickeyAuthenticator());
if (rootDirMode) {
sshd.setFileSystemFactory(new
VirtualFileSystemFactory(FileSystems.getDefault().getPath(System.getProperty("user.dir")
+ "/target/res")));
}
@@ -96,6 +97,10 @@ public class SftpServerTestSupport extends
BaseServerTestSupport {
}
}
+ protected PublickeyAuthenticator getPublickeyAuthenticator() {
+ return (username, key, session) -> true;
+ }
+
@Override
@After
public void tearDown() throws Exception {
diff --git a/components/camel-ftp/src/test/resources/ec.pem
b/components/camel-ftp/src/test/resources/ec.pem
new file mode 100644
index 0000000..5cfea18
--- /dev/null
+++ b/components/camel-ftp/src/test/resources/ec.pem
@@ -0,0 +1,7 @@
+-----BEGIN EC PRIVATE KEY-----
+MIHcAgEBBEIB5Twq2mxiOAieZslZlOkOG1Pi4PEmAWJ78+bRLAV7Q4F5Nd4u0bAd
+zGIEMFARoeVb/2C8ZFjNhL8xgOUPWJqY316gBwYFK4EEACOhgYkDgYYABADMulfT
+EOAzU9gsMEfrOuTJj9J8c4SNaAeeUb6uDHYfKPnYvfMJrBcGlnRePjJjeWpGHOyk
+qB8NYpCFk/TPgYFGpQGpz51EZngsQwpEEQXw/jzBHZsVOdrTADYu09Cy/AMLu3wA
+naQ5rWm41G3eC8mfZ1Q0BQ7Fc0K103mxlayEM605jw==
+-----END EC PRIVATE KEY-----
