[jboss-svn-commits] JBL Code SVN: r20909 - in labs/jbossesb/trunk/product: rosetta/src/org/jboss/internal/soa/esb/util and 4 other directories.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Fri Jul 4 13:38:55 EDT 2008
Author: kevin.conner at jboss.com
Date: 2008-07-04 13:38:55 -0400 (Fri, 04 Jul 2008)
New Revision: 20909
Modified:
labs/jbossesb/trunk/product/etc/schemas/xml/jbossesb-1.0.1.xsd
labs/jbossesb/trunk/product/rosetta/src/org/jboss/internal/soa/esb/util/FtpImpl.java
labs/jbossesb/trunk/product/rosetta/src/org/jboss/internal/soa/esb/util/SecureFtpImpl.java
labs/jbossesb/trunk/product/rosetta/src/org/jboss/internal/soa/esb/util/SecureFtpUserInfo.java
labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/addressing/eprs/SFTPEpr.java
labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/listeners/ListenerUtil.java
labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/listeners/config/mappers/FtpListenerMapper.java
labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/util/RemoteFileSystem.java
Log:
Add certificate support: JBESB-1811
Modified: labs/jbossesb/trunk/product/etc/schemas/xml/jbossesb-1.0.1.xsd
===================================================================
--- labs/jbossesb/trunk/product/etc/schemas/xml/jbossesb-1.0.1.xsd 2008-07-04 16:26:02 UTC (rev 20908)
+++ labs/jbossesb/trunk/product/etc/schemas/xml/jbossesb-1.0.1.xsd 2008-07-04 17:38:55 UTC (rev 20909)
@@ -1003,8 +1003,7 @@
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
- <xsd:attribute name="password" type="xsd:string"
- use="required">
+ <xsd:attribute name="password" type="xsd:string">
<xsd:annotation>
<xsd:documentation xml:lang="en">
The password used to access the ftp server.
@@ -1118,8 +1117,9 @@
use="optional">
<xsd:annotation>
<xsd:documentation xml:lang="en">
- The url to a certificate, which can be needed
- for secure protocols (sftp and ftps).
+ The url to a public server certificate for ftps, or to a
+ private certificate for sftp client verification. sftp certificate
+ can be located via a resource.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
@@ -1127,11 +1127,19 @@
use="optional">
<xsd:annotation>
<xsd:documentation xml:lang="en">
- The common name of a certificate, which can be needed
- for secure protocols (sftp and ftps).
+ The common name of a certificate, which may be needed
+ for ftps.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
+ <xsd:attribute name="certificate-passphrase" type="xsd:string"
+ use="optional">
+ <xsd:annotation>
+ <xsd:documentation xml:lang="en">
+ The passphrase of the private key, if necessary, for sftp client verification.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
<xsd:attribute default="false" name="read-only"
type="xsd:boolean" use="optional">
<xsd:annotation>
Modified: labs/jbossesb/trunk/product/rosetta/src/org/jboss/internal/soa/esb/util/FtpImpl.java
===================================================================
--- labs/jbossesb/trunk/product/rosetta/src/org/jboss/internal/soa/esb/util/FtpImpl.java 2008-07-04 16:26:02 UTC (rev 20908)
+++ labs/jbossesb/trunk/product/rosetta/src/org/jboss/internal/soa/esb/util/FtpImpl.java 2008-07-04 17:38:55 UTC (rev 20909)
@@ -219,7 +219,7 @@
if (null == m_sUser)
throw new ConfigurationException("No username specified for FTP");
- m_sPasswd = (null != sa) ? sa[1] : m_oParms.getAttribute(PARMS_PASSWD);
+ m_sPasswd = ((null != sa) && (sa.length > 1)) ? sa[1] : m_oParms.getAttribute(PARMS_PASSWD);
m_sRemoteDir = (null != uri) ? uri.getPath() : m_oParms
.getAttribute(PARMS_REMOTE_DIR);
Modified: labs/jbossesb/trunk/product/rosetta/src/org/jboss/internal/soa/esb/util/SecureFtpImpl.java
===================================================================
--- labs/jbossesb/trunk/product/rosetta/src/org/jboss/internal/soa/esb/util/SecureFtpImpl.java 2008-07-04 16:26:02 UTC (rev 20908)
+++ labs/jbossesb/trunk/product/rosetta/src/org/jboss/internal/soa/esb/util/SecureFtpImpl.java 2008-07-04 17:38:55 UTC (rev 20909)
@@ -47,6 +47,7 @@
import org.jboss.soa.esb.common.ModulePropertyManager;
import org.jboss.soa.esb.helpers.ConfigTree;
import org.jboss.soa.esb.helpers.KeyValuePair;
+import org.jboss.soa.esb.util.ClassUtil;
import org.jboss.soa.esb.util.FileUtil;
import org.jboss.soa.esb.util.RemoteFileSystem;
import org.jboss.soa.esb.util.RemoteFileSystemException;
@@ -95,6 +96,9 @@
private String m_sRemoteDir, m_sLocalDir;
+ private URI m_oCertificate;
+ private String m_sPassphrase;
+
/*
* Constructor
*
@@ -158,6 +162,16 @@
ModulePropertyManager.TRANSPORTS_MODULE).getProperty(
Environment.FTP_LOCALDIR, tmpdir);
+ try
+ {
+ m_oCertificate = p_oP.getCertificateURI() ;
+ }
+ catch (final URISyntaxException urise)
+ {
+ _logger.warn(urise) ;
+ }
+ m_sPassphrase = p_oP.getPassphrase() ;
+
configTreeFromEpr();
initialize(p_bConnect);
@@ -195,12 +209,49 @@
if (m_sPasswd != null)
{
- final UserInfo ui = new SecureFtpUserInfo(m_sPasswd);
+ session.setPassword(m_sPasswd) ;
+ session.setConfig("PreferredAuthentications", "password") ;
+ }
+ else if (m_oCertificate != null)
+ {
+ final String certificate = m_oCertificate.toString() ;
+ final InputStream is ;
+ final String certificateName ;
+ final InputStream resourceIS = ClassUtil.getResourceAsStream(certificate, getClass()) ;
+ if (resourceIS != null)
+ {
+ is = resourceIS ;
+ certificateName = getSimpleName(certificate) ;
+ }
+ else
+ {
+ certificateName = getSimpleName(m_oCertificate.getPath()) ;
+ try
+ {
+ if (m_oCertificate.isAbsolute())
+ {
+ is = m_oCertificate.toURL().openStream() ;
+ }
+ else
+ {
+ final File file = new File(m_oCertificate.getPath()) ;
+ is = file.toURL().openStream() ;
+ }
+ }
+ catch (final IOException ioe)
+ {
+ throw new ConfigurationException("Unexpected IOException accessing: " + certificate, ioe) ;
+ }
+ }
+ final byte[] privateKey = StreamUtils.readStream(is) ;
+ m_oJSch.addIdentity(certificateName, privateKey, null, null) ;
+
+ final UserInfo ui = new SecureFtpUserInfo(m_sPassphrase);
session.setUserInfo(ui);
+ session.setConfig("PreferredAuthentications", "publickey") ;
}
session.setConfig("StrictHostKeyChecking", "no") ;
- session.setConfig("PreferredAuthentications", "password") ;
session.connect();
@@ -226,6 +277,26 @@
}
}
+ private static String getSimpleName(final String name)
+ throws ConfigurationException
+ {
+ if (name == null)
+ {
+ throw new ConfigurationException("Null certificate name") ;
+ }
+ final int lastIndex = name.lastIndexOf('/') ;
+ if (lastIndex >= 0)
+ {
+ final int startIndex = lastIndex+1 ;
+ if (startIndex == name.length())
+ {
+ throw new ConfigurationException("Invalid certificate name: " + name) ;
+ }
+ return name.substring(startIndex) ;
+ }
+ return name ;
+ }
+
private void checkParms() throws ConfigurationException
{
String att = m_oParms.getAttribute(FileEpr.URL_TAG);
@@ -250,7 +321,7 @@
if (null == m_sUser)
throw new ConfigurationException("No username specified for SFTP");
- m_sPasswd = (null != sa) ? sa[1] : m_oParms.getAttribute(PARMS_PASSWD);
+ m_sPasswd = ((null != sa) && (sa.length > 1)) ? sa[1] : m_oParms.getAttribute(PARMS_PASSWD);
m_sRemoteDir = (null != uri) ? uri.getPath() : m_oParms.getAttribute(PARMS_REMOTE_DIR);
if (null == m_sRemoteDir)
@@ -265,11 +336,18 @@
try
{
m_iPort = (null != uri) ? uri.getPort() : (null == sAux) ? 22 : Integer.parseInt(sAux);
+ final String certificate = m_oParms.getAttribute(PARMS_CERTIFICATE) ;
+ if (certificate != null)
+ {
+ m_oCertificate = new URI(certificate) ;
+ }
}
catch (Exception ex)
{
throw new ConfigurationException(ex);
}
+
+ m_sPassphrase = m_oParms.getAttribute(PARMS_PASSPHRASE) ;
}
/*
@@ -556,6 +634,10 @@
m_oParms.setAttribute(RemoteFileSystem.PARMS_LOCAL_DIR, m_sLocalDir);
m_oParms.setAttribute(RemoteFileSystem.PARMS_ASCII, Boolean
.toString(false));
+ if (m_oCertificate != null)
+ m_oParms.setAttribute(RemoteFileSystem.PARMS_CERTIFICATE, m_oCertificate.toString()) ;
+ if (m_sPassphrase != null)
+ m_oParms.setAttribute(RemoteFileSystem.PARMS_PASSPHRASE, m_sPassphrase) ;
}
catch (Exception e)
{
Modified: labs/jbossesb/trunk/product/rosetta/src/org/jboss/internal/soa/esb/util/SecureFtpUserInfo.java
===================================================================
--- labs/jbossesb/trunk/product/rosetta/src/org/jboss/internal/soa/esb/util/SecureFtpUserInfo.java 2008-07-04 16:26:02 UTC (rev 20908)
+++ labs/jbossesb/trunk/product/rosetta/src/org/jboss/internal/soa/esb/util/SecureFtpUserInfo.java 2008-07-04 17:38:55 UTC (rev 20909)
@@ -33,17 +33,17 @@
*/
public class SecureFtpUserInfo implements UserInfo {
- /** The user-password */
- String password = null;
+ /** The user-passphrase */
+ private final String passphrase ;
/**
* Constructor
*
- * @param password
- * The users password.
+ * @param passphrase
+ * The users passphrase.
*/
- public SecureFtpUserInfo(String password) {
- this.password = password;
+ public SecureFtpUserInfo(final String passphrase) {
+ this.passphrase = passphrase;
}
/*
@@ -52,7 +52,7 @@
* @see com.jcraft.jsch.UserInfo#getPassphrase()
*/
public String getPassphrase() {
- return null;
+ return passphrase;
}
/*
@@ -61,7 +61,7 @@
* @see com.jcraft.jsch.UserInfo#getPassword()
*/
public String getPassword() {
- return password;
+ return null;
}
/*
@@ -70,7 +70,7 @@
* @see com.jcraft.jsch.UserInfo#promptPassphrase(java.lang.String)
*/
public boolean promptPassphrase(String arg0) {
- return false;
+ return true;
}
/*
@@ -79,7 +79,7 @@
* @see com.jcraft.jsch.UserInfo#promptPassword(java.lang.String)
*/
public boolean promptPassword(String arg0) {
- return true;
+ return false;
}
/*
Modified: labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/addressing/eprs/SFTPEpr.java
===================================================================
--- labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/addressing/eprs/SFTPEpr.java 2008-07-04 16:26:02 UTC (rev 20908)
+++ labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/addressing/eprs/SFTPEpr.java 2008-07-04 17:38:55 UTC (rev 20909)
@@ -41,13 +41,16 @@
public class SFTPEpr extends FTPEpr
{
public static final String CERTIFICATE_TAG = "certificate";
+ public static final String PASSPHRASE_TAG = "passphrase" ;
public SFTPEpr(EPR epr)
{
super(epr);
if (epr instanceof SFTPEpr)
+ {
certificateSet = ((SFTPEpr) epr).certificateSet;
+ }
}
public SFTPEpr (EPR epr, Element header)
@@ -65,10 +68,17 @@
{
if ((prefix != null) && (prefix.equals(XMLUtil.JBOSSESB_PREFIX)))
{
- if ((tag != null) && (tag.equals(CERTIFICATE_TAG)))
+ if (tag != null)
{
- getAddr().addExtension(CERTIFICATE_TAG, nl.item(i).getTextContent());
- certificateSet = true;
+ if(tag.equals(CERTIFICATE_TAG))
+ {
+ getAddr().addExtension(CERTIFICATE_TAG, nl.item(i).getTextContent());
+ certificateSet = true;
+ }
+ else if (tag.equals(PASSPHRASE_TAG))
+ {
+ getAddr().addExtension(PASSPHRASE_TAG, nl.item(i).getTextContent()) ;
+ }
}
}
}
@@ -97,9 +107,24 @@
*/
public SFTPEpr(URI uri, URI cert) throws URISyntaxException
{
+ super(uri) ;
+
+ setCertificateURI(cert);
+ }
+
+ /**
+ * Construct the SFTP EPR with the specified URI, certificate and passphrase.
+ * @param uri
+ * @param cert
+ * @param passphrase
+ * @throws URISyntaxException
+ */
+ public SFTPEpr(URI uri, URI cert, final String passphrase) throws URISyntaxException
+ {
super(uri) ;
setCertificateURI(cert);
+ setPassphrase(passphrase) ;
}
public SFTPEpr(String url, String cert) throws URISyntaxException
@@ -109,6 +134,14 @@
setCertificateURI(new URI(cert));
}
+ public SFTPEpr(String url, String cert, final String passphrase) throws URISyntaxException
+ {
+ super(url);
+
+ setCertificateURI(new URI(cert));
+ setPassphrase(passphrase) ;
+ }
+
/**
* Set the Certificate URI for this endpoint.
*
@@ -152,6 +185,26 @@
}
}
+ /**
+ * Set the Certificate passphrase for this endpoint.
+ *
+ * @param passphrase the passphrase.
+ */
+ public final void setPassphrase(String passphrase)
+ {
+ if (passphrase == null)
+ throw new IllegalArgumentException();
+ getAddr().addExtension(PASSPHRASE_TAG, passphrase);
+ }
+
+ /**
+ * @return the certificate passphrase for this EPR.
+ */
+ public final String getPassphrase()
+ {
+ return getAddr().getExtensionValue(PASSPHRASE_TAG);
+ }
+
public EPR copy ()
{
return new SFTPEpr(this);
@@ -184,4 +237,4 @@
throw new ExceptionInInitializerError(ex.toString());
}
}
-}
\ No newline at end of file
+}
Modified: labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/listeners/ListenerUtil.java
===================================================================
--- labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/listeners/ListenerUtil.java 2008-07-04 16:26:02 UTC (rev 20908)
+++ labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/listeners/ListenerUtil.java 2008-07-04 17:38:55 UTC (rev 20909)
@@ -221,7 +221,8 @@
}
else
{
- epr = new SFTPEpr(uri,new URI(cert));
+ final String passphrase = tree.getAttribute(SFTPEpr.PASSPHRASE_TAG) ;
+ epr = new SFTPEpr(uri,new URI(cert), passphrase);
}
}
else
Modified: labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/listeners/config/mappers/FtpListenerMapper.java
===================================================================
--- labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/listeners/config/mappers/FtpListenerMapper.java 2008-07-04 16:26:02 UTC (rev 20908)
+++ labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/listeners/config/mappers/FtpListenerMapper.java 2008-07-04 17:38:55 UTC (rev 20909)
@@ -116,8 +116,10 @@
if ( ! inputDir.startsWith( FTP_SEPARATOR ) )
inputDir = FTP_SEPARATOR + inputDir;
- toElement.setAttribute(ListenerTagNames.URL_TAG, messageFilter.getProtocol() + "://" + messageFilter.getUsername() + ":"
- + messageFilter.getPassword() + "@" + provider.getHostname() + inputDir );
+ final String filterPassword = messageFilter.getPassword() ;
+ final String urlPassword = (filterPassword == null ? "" : ":" + filterPassword) ;
+ toElement.setAttribute(ListenerTagNames.URL_TAG, messageFilter.getProtocol() + "://" + messageFilter.getUsername()
+ + urlPassword + "@" + provider.getHostname() + inputDir );
toElement.setAttribute(FTPEpr.INPUT_SUFFIX_TAG, messageFilter.getInputSuffix());
toElement.setAttribute(FTPEpr.WORK_SUFFIX_TAG, messageFilter.getWorkSuffix());
toElement.setAttribute(FTPEpr.POST_DEL_TAG, String.valueOf(messageFilter.getPostDelete()));
@@ -133,6 +135,7 @@
toElement.setAttribute(FTPEpr.PASSIVE_TAG, String.valueOf(messageFilter.getPassive()));
if (Protocol.SFTP.equals(messageFilter.getProtocol())) {
toElement.setAttribute(SFTPEpr.CERTIFICATE_TAG, messageFilter.getCertificateUrl());
+ toElement.setAttribute(SFTPEpr.PASSPHRASE_TAG, messageFilter.getCertificatePassphrase()) ;
}
if (Protocol.FTPS.equals(messageFilter.getProtocol())) {
toElement.setAttribute(FTPSEpr.CERTIFICATE_TAG, messageFilter.getCertificateUrl());
Modified: labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/util/RemoteFileSystem.java
===================================================================
--- labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/util/RemoteFileSystem.java 2008-07-04 16:26:02 UTC (rev 20908)
+++ labs/jbossesb/trunk/product/rosetta/src/org/jboss/soa/esb/util/RemoteFileSystem.java 2008-07-04 17:38:55 UTC (rev 20909)
@@ -56,6 +56,8 @@
public static final String PARMS_CERTIFICATE_NAME = "certificateName";
+ public static final String PARMS_PASSPHRASE = "passphrase";
+
public String getRemoteDir ();
/**
More information about the jboss-svn-commits
mailing list