mirror of https://github.com/apache/jclouds.git
JCLOUDS-617: Use the configured JCE provider in the Cipher payloads
This commit is contained in:
Ignasi Barrera
parent
1fe6bca62d
commit
cd0f21d86b
|
|
@ -18,6 +18,7 @@ package org.jclouds.chef.filters;
|
|||
|
||||
import static com.google.common.base.Charsets.UTF_8;
|
||||
import static com.google.common.base.Preconditions.checkArgument;
|
||||
import static com.google.common.base.Preconditions.checkNotNull;
|
||||
import static com.google.common.hash.Hashing.sha1;
|
||||
import static com.google.common.io.BaseEncoding.base64;
|
||||
import static com.google.common.io.ByteStreams.toByteArray;
|
||||
|
|
@ -33,6 +34,7 @@ import javax.inject.Provider;
|
|||
import javax.inject.Singleton;
|
||||
|
||||
import org.jclouds.Constants;
|
||||
import org.jclouds.crypto.Crypto;
|
||||
import org.jclouds.date.TimeStamp;
|
||||
import org.jclouds.domain.Credentials;
|
||||
import org.jclouds.http.HttpException;
|
||||
|
|
@ -50,6 +52,7 @@ import org.jclouds.logging.Logger;
|
|||
import org.jclouds.util.Strings2;
|
||||
|
||||
import com.google.common.annotations.VisibleForTesting;
|
||||
import com.google.common.base.Preconditions;
|
||||
import com.google.common.base.Predicate;
|
||||
import com.google.common.base.Splitter;
|
||||
import com.google.common.base.Supplier;
|
||||
|
|
@ -74,6 +77,7 @@ public class SignedHeaderAuth implements HttpRequestFilter {
|
|||
private final Provider<String> timeStampProvider;
|
||||
private final String emptyStringHash;
|
||||
private final HttpUtils utils;
|
||||
private final Crypto crypto;
|
||||
|
||||
@Resource
|
||||
@Named(Constants.LOGGER_SIGNATURE)
|
||||
|
|
@ -81,13 +85,14 @@ public class SignedHeaderAuth implements HttpRequestFilter {
|
|||
|
||||
@Inject
|
||||
public SignedHeaderAuth(SignatureWire signatureWire, @org.jclouds.location.Provider Supplier<Credentials> creds,
|
||||
Supplier<PrivateKey> supplyKey, @TimeStamp Provider<String> timeStampProvider, HttpUtils utils) {
|
||||
this.signatureWire = signatureWire;
|
||||
this.creds = creds;
|
||||
this.supplyKey = supplyKey;
|
||||
this.timeStampProvider = timeStampProvider;
|
||||
Supplier<PrivateKey> supplyKey, @TimeStamp Provider<String> timeStampProvider, HttpUtils utils, Crypto crypto) {
|
||||
this.signatureWire = checkNotNull(signatureWire, "signatureWire");
|
||||
this.creds = checkNotNull(creds, "creds");
|
||||
this.supplyKey = checkNotNull(supplyKey, "supplyKey");
|
||||
this.timeStampProvider = checkNotNull(timeStampProvider, "timeStampProvider");
|
||||
this.emptyStringHash = hashBody(Payloads.newStringPayload(""));
|
||||
this.utils = utils;
|
||||
this.utils = checkNotNull(utils, "utils");
|
||||
this.crypto = checkNotNull(crypto, "crypto");
|
||||
}
|
||||
|
||||
public HttpRequest filter(HttpRequest input) throws HttpException {
|
||||
|
|
@ -186,7 +191,7 @@ public class SignedHeaderAuth implements HttpRequestFilter {
|
|||
|
||||
public String sign(String toSign) {
|
||||
try {
|
||||
byte[] encrypted = toByteArray(new RSAEncryptingPayload(Payloads.newStringPayload(toSign), supplyKey.get()));
|
||||
byte[] encrypted = toByteArray(new RSAEncryptingPayload(crypto, Payloads.newStringPayload(toSign), supplyKey.get()));
|
||||
return base64().encode(encrypted);
|
||||
} catch (IOException e) {
|
||||
throw new HttpException("error signing request", e);
|
||||
|
|
|
|||
|
|
@ -54,6 +54,7 @@ import org.jclouds.chef.strategy.ListNodesInEnvironment;
|
|||
import org.jclouds.chef.strategy.ListEnvironments;
|
||||
import org.jclouds.chef.strategy.ListNodes;
|
||||
import org.jclouds.chef.strategy.UpdateAutomaticAttributesOnNode;
|
||||
import org.jclouds.crypto.Crypto;
|
||||
import org.jclouds.domain.JsonBall;
|
||||
import org.jclouds.io.Payloads;
|
||||
import org.jclouds.io.payloads.RSADecryptingPayload;
|
||||
|
|
@ -90,6 +91,8 @@ public class BaseChefService implements ChefService {
|
|||
private final ListEnvironments listEnvironments;
|
||||
private final ListNodesInEnvironment listNodesInEnvironment;
|
||||
private final Json json;
|
||||
private final Crypto crypto;
|
||||
|
||||
@Resource
|
||||
@Named(ChefProperties.CHEF_LOGGER)
|
||||
protected Logger logger = Logger.NULL;
|
||||
|
|
@ -104,7 +107,7 @@ public class BaseChefService implements ChefService {
|
|||
@Named(CHEF_BOOTSTRAP_DATABAG) String databag, GroupToBootScript groupToBootScript,
|
||||
BootstrapConfigForGroup bootstrapConfigForGroup, RunListForGroup runListForGroup,
|
||||
ListEnvironments listEnvironments, ListNodesInEnvironment listNodesInEnvironment,
|
||||
ListCookbookVersionsInEnvironment listCookbookVersionsInEnvironment, Json json) {
|
||||
ListCookbookVersionsInEnvironment listCookbookVersionsInEnvironment, Json json, Crypto crypto) {
|
||||
this.chefContext = checkNotNull(chefContext, "chefContext");
|
||||
this.api = checkNotNull(api, "api");
|
||||
this.cleanupStaleNodesAndClients = checkNotNull(cleanupStaleNodesAndClients, "cleanupStaleNodesAndClients");
|
||||
|
|
@ -126,6 +129,7 @@ public class BaseChefService implements ChefService {
|
|||
this.listNodesInEnvironment = checkNotNull(listNodesInEnvironment, "listNodesInEnvironment");
|
||||
this.listCookbookVersionsInEnvironment = checkNotNull(listCookbookVersionsInEnvironment, "listCookbookVersionsInEnvironment");
|
||||
this.json = checkNotNull(json, "json");
|
||||
this.crypto = checkNotNull(crypto, "crypto");
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -135,13 +139,13 @@ public class BaseChefService implements ChefService {
|
|||
|
||||
@Override
|
||||
public byte[] encrypt(InputSupplier<? extends InputStream> supplier) throws IOException {
|
||||
return ByteStreams.toByteArray(new RSAEncryptingPayload(Payloads.newPayload(supplier.getInput()), privateKey
|
||||
return ByteStreams.toByteArray(new RSAEncryptingPayload(crypto, Payloads.newPayload(supplier.getInput()), privateKey
|
||||
.get()));
|
||||
}
|
||||
|
||||
@Override
|
||||
public byte[] decrypt(InputSupplier<? extends InputStream> supplier) throws IOException {
|
||||
return ByteStreams.toByteArray(new RSADecryptingPayload(Payloads.newPayload(supplier.getInput()), privateKey
|
||||
return ByteStreams.toByteArray(new RSADecryptingPayload(crypto, Payloads.newPayload(supplier.getInput()), privateKey
|
||||
.get()));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ import javax.ws.rs.HttpMethod;
|
|||
|
||||
import org.jclouds.ContextBuilder;
|
||||
import org.jclouds.chef.ChefApiMetadata;
|
||||
import org.jclouds.crypto.Crypto;
|
||||
import org.jclouds.domain.Credentials;
|
||||
import org.jclouds.http.HttpRequest;
|
||||
import org.jclouds.http.HttpUtils;
|
||||
|
|
@ -193,6 +194,7 @@ public class SignedHeaderAuthTest {
|
|||
.modules(ImmutableSet.<Module> of(new MockModule(), new NullLoggingModule())).buildInjector();
|
||||
|
||||
HttpUtils utils = injector.getInstance(HttpUtils.class);
|
||||
Crypto crypto = injector.getInstance(Crypto.class);
|
||||
|
||||
Supplier<PrivateKey> privateKey = injector.getInstance(Key.get(new TypeLiteral<Supplier<PrivateKey>>() {
|
||||
}));
|
||||
|
|
@ -205,7 +207,7 @@ public class SignedHeaderAuthTest {
|
|||
return TIMESTAMP_ISO8601;
|
||||
}
|
||||
|
||||
}, utils);
|
||||
}, utils, crypto);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@ package org.jclouds.chef.functions;
|
|||
import static org.testng.Assert.assertEquals;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.PrivateKey;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.security.cert.X509Certificate;
|
||||
|
|
@ -29,6 +30,7 @@ import org.jclouds.chef.config.ChefParserModule;
|
|||
import org.jclouds.chef.domain.Client;
|
||||
import org.jclouds.crypto.Crypto;
|
||||
import org.jclouds.crypto.Pems;
|
||||
import org.jclouds.encryption.internal.JCECrypto;
|
||||
import org.jclouds.http.HttpResponse;
|
||||
import org.jclouds.http.functions.ParseJson;
|
||||
import org.jclouds.io.Payloads;
|
||||
|
|
@ -77,16 +79,16 @@ public class ParseClientFromJsonTest {
|
|||
privateKey = crypto.rsaKeyFactory().generatePrivate(Pems.privateKeySpec(ByteSource.wrap(PRIVATE_KEY.getBytes(Charsets.UTF_8))));
|
||||
}
|
||||
|
||||
public void test() throws IOException {
|
||||
public void test() throws IOException, CertificateException, NoSuchAlgorithmException {
|
||||
|
||||
Client user = Client.builder().certificate(certificate).orgname("jclouds").clientname("adriancole-jcloudstest")
|
||||
.name("adriancole-jcloudstest").isValidator(false).privateKey(privateKey).build();
|
||||
|
||||
byte[] encrypted = ByteStreams.toByteArray(new RSAEncryptingPayload(Payloads.newPayload("fooya"), user
|
||||
byte[] encrypted = ByteStreams.toByteArray(new RSAEncryptingPayload(new JCECrypto(), Payloads.newPayload("fooya"), user
|
||||
.getCertificate().getPublicKey()));
|
||||
|
||||
assertEquals(
|
||||
ByteStreams.toByteArray(new RSADecryptingPayload(Payloads.newPayload(encrypted), user.getPrivateKey())),
|
||||
ByteStreams.toByteArray(new RSADecryptingPayload(new JCECrypto(), Payloads.newPayload(encrypted), user.getPrivateKey())),
|
||||
"fooya".getBytes());
|
||||
|
||||
assertEquals(
|
||||
|
|
|
|||
Loading…
Reference in New Issue