Ftp fails in the FIPS because of the not supported key.

apache · Oct 18, 2023 · b3691d5 · b3691d5
1 parent e95d9dd
commit b3691d5
Show file tree

Hide file tree

Showing 7 changed files with 59 additions and 19 deletions.
diff --git a/...-tests/ftp/src/test/java/org/apache/camel/quarkus/component/ftps/it/FtpsTestResource.java b/...-tests/ftp/src/test/java/org/apache/camel/quarkus/component/ftps/it/FtpsTestResource.java
@@ -37,9 +37,9 @@ public FtpsTestResource() {
 
     @Override
     public Map<String, String> start() {
-        try (InputStream stream = Thread.currentThread().getContextClassLoader().getResourceAsStream("server.jks")) {
-            Objects.requireNonNull(stream, "FTP keystore file server.jks could not be loaded");
-            keystoreFilePath = Files.createTempFile("camel-ftps-keystore", "jks");
+        try (InputStream stream = Thread.currentThread().getContextClassLoader().getResourceAsStream("keystore.p12")) {
+            Objects.requireNonNull(stream, "FTP keystore file keystore.p12 could not be loaded");
+            keystoreFilePath = Files.createTempFile("camel-ftps-keystore", "p12");
             Files.write(keystoreFilePath, stream.readAllBytes());
         } catch (IOException e) {
             throw new RuntimeException(e);

diff --git a/...-tests/ftp/src/test/java/org/apache/camel/quarkus/component/sftp/it/SftpTestResource.java b/...-tests/ftp/src/test/java/org/apache/camel/quarkus/component/sftp/it/SftpTestResource.java
@@ -64,7 +64,7 @@ public Map<String, String> start() {
 
             sshServer = SshServer.setUpDefaultServer();
             sshServer.setPort(port);
-            sshServer.setKeyPairProvider(new ClassLoadableResourceKeyPairProvider("hostkey.pem"));
+            sshServer.setKeyPairProvider(new ClassLoadableResourceKeyPairProvider("test.key"));
             sshServer.setSubsystemFactories(Collections.singletonList(new SftpSubsystemFactory()));
             sshServer.setCommandFactory(new ScpCommandFactory());
             sshServer.setPasswordAuthenticator((username, password, session) -> true);

diff --git a/integration-tests/ftp/src/test/resources/hostkey.pem b/integration-tests/ftp/src/test/resources/hostkey.pem
diff --git a/integration-tests/ftp/src/test/resources/keystore.p12 b/integration-tests/ftp/src/test/resources/keystore.p12
diff --git a/integration-tests/ftp/src/test/resources/readme.adoc b/integration-tests/ftp/src/test/resources/readme.adoc
@@ -0,0 +1,28 @@
+=== How to generate test.key
+
+1. Generate private certificate for client.
+[source]
+openssl genrsa -out test.key 2048
+
+=== How to generate keystore.p12
+
+[start=2]
+. Generate certificate signing request
+[source]
+openssl req -new -subj '/C=CA/L=camel-ftp/O=camel-ftp/CN=localhost' -key test.key -out test.csr
+. Generate a key for the cert. authority
+[source]
+openssl genrsa -out ca.key 2048
+. Generate a self-signed certificate for cert. authority
+[source]
+openssl req -new -subj '/C=CA/L=camel-ftp/O=camel-ftp/CN=localhost' -x509 -key ca.key -out ca.crt
+. Very easy way to sign a certificate
+[source]
+openssl x509 -req -in test.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out test.crt
+. Create a kyestore
+[source]
+openssl pkcs12 -export -in test.crt -inkey test.key -certfile ca.crt -name "serverftp" -out keystore.p12 -passout pass:password -keypbe aes-256-cbc -certpbe aes-256-cbc
+
+
+
+
diff --git a/integration-tests/ftp/src/test/resources/server.jks b/integration-tests/ftp/src/test/resources/server.jks
diff --git a/integration-tests/ftp/src/test/resources/test.key b/integration-tests/ftp/src/test/resources/test.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEAxuhZr4YA7l0S/yij3IXXf9jcLxgHdenjRGrF8tGbYp5n7IQb
+msbXcfBeUcsmtrBx02TB45nQ5Nox2Lqch5OyKbVo8FzO5m5RGmmHPUokgJGwBtgH
+SwxlX/dJ3X/T0Hk7s9X04t4wfbopWRPFIf+tUMp65XxgAdOpfM/yO4MjoRB3zL3X
+wI2KDecpwg10SMLiLXSuHZrMnYDMIie3WSBXur5OHQrNfLDLIvZQxAvgO0O3MaKn
+Pcq3XgtXonagYniwtUSi0VqUYUjDUTjwr5pc0v+UIJap610Mx8fiT1B63+YBUbQe
+C+Ol82FMUKGKM8igDm9xRBD1LFVYg1YLrdBCGwIDAQABAoIBAB8f1oDXuCeUWteg
+dVuZeeogdfvMh8ZUreJTztu7HtRksyBYX7VtbeL/WNL1tf4aSAVrG8fQltZoqioe
+sUWpv9Q09dG+xAVct8YpQyc9Bc80fNXlUebVbruAh4dobC2P+t6eGS6y0+WojrXI
+mS1Dw8wDkw17084VX80PAPl9AMM/+EzxJvf09nDBj1vn5JJm3TsPC7NhR0Fhe7pz
+yNY1CFu1sK6ZcaQdg4ratyRZ0LxBAbPK3fALnqJQqIMAwK9QW1lLQDpavZHKXooe
+UEj84kfmOJPT7wjOgh9CjFsjYOGPdkIDq0dGJ01X+mEQ4stdBToosPSl0NLdcItv
+KGR5F7ECgYEA/ofmSuZ2mO0e2MyUrBYdBj7NR4vW6Kprsvg0MzmGkj2SqPeYD/D2
+9AHRErkZ1Vns3m8OafpMSGRraMs3KxTCZBrCTRwvEVQBge9e+K3yiMzTpCznQ/I0
+7v7Vufn13gevgZmza0PelLemCuzOpF7jUfRw0d75sAYD0mxSRKC4GqMCgYEAyA5C
+uG9ykp+fJg9gp8m3N8ZOXLK+Dt7Eycght1k+l0NandMj/+9AU7AUZGKLEPHSUSOF
+15b7juerMiAvNv5AoUnJkUFdimC7jUJGv9TKxTOEhUgscZAScyppUU5lUk4oExdK
+O7ttbM/Ou9wEIRBJ0W3/pK29fWZ3yFIvfirJ6ikCgYAT44iiN6nyvyyW4j2HyN6R
+u1yNB6dOXOq3fF+P1SHn0XnhTB+Mt1aEsJOms+IJ4tH4e5MTwuQtD/O4p5BzBFdA
+PTsLjXU8FGVdwteX9Perqt2qyXt0urtaJX2L37VPmSgkp172tcHxuvv1hJWNEIEQ
+yVn7fEHkeEPaMG6pQCnCowKBgGJIh0TfE9Wu79wd7+les1GGblciRTc/AET1uoK+
+KH7dyzYAVg5Vty+mMM6Ejze65g2Qux+IgHvbmwKcRzXoQU471vgyucbS8TFb3zA9
+VYT+Y1urcpI0KqxDqMwWDLcbyJpgdcrUsNSlXzZxx+GKhAmM1exMouxpm+1hWw3L
+7bjJAoGAAep1Yg8/b0NRJtYQK6duFccrVzeXXSJ6nYcHgquVmg+VEQKwdaZBVDwv
+u5QZXEhcC7dziq07Sh4FziGJXKwNzV86860w+MxkJcqrWSuQkprw/3UcODtE+RyN
+j4b8grxg4ejd0KtCYzLy+ZpTqZZuotENpXhhcOH9VQRhWYXSSJg=
+-----END RSA PRIVATE KEY-----