Skip to content

Commit 6bd7cdb

Browse files
committed
test: Add RSA certificate test to mina-sftp
1 parent 9ca4929 commit 6bd7cdb

4 files changed

Lines changed: 111 additions & 37 deletions

File tree

integration-tests-support/sftp/src/main/java/org/apache/camel/quarkus/test/support/sftp/SftpCertificates.java

Lines changed: 59 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,8 @@ public class SftpCertificates {
3535
private final Path sshDir;
3636
private final Path userCaKeyPath;
3737
private final Path userCaPubKeyPath;
38+
private final Path userCaRsaKeyPath;
39+
private final Path userCaRsaPubKeyPath;
3840
private final Path userKeyPath;
3941
private final Path userPubKeyPath;
4042
private final Path userCertPath;
@@ -47,11 +49,16 @@ public class SftpCertificates {
4749
private final Path ftpPubKeyPath;
4850
private final Path ftpEncryptedKeyPath;
4951
private final Path ftpEncryptedPubKeyPath;
52+
private final Path userKeyRsaPath;
53+
private final Path userPubKeyRsaPath;
54+
private final Path userCertRsaPath;
5055

5156
private SftpCertificates(Path sshDir) {
5257
this.sshDir = sshDir;
5358
this.userCaKeyPath = sshDir.resolve("user_ca");
5459
this.userCaPubKeyPath = sshDir.resolve("user_ca.pub");
60+
this.userCaRsaKeyPath = sshDir.resolve("user_ca_rsa");
61+
this.userCaRsaPubKeyPath = sshDir.resolve("user_ca_rsa.pub");
5562
this.userKeyPath = sshDir.resolve("user_key");
5663
this.userPubKeyPath = sshDir.resolve("user_key.pub");
5764
this.userCertPath = sshDir.resolve("user_key-cert.pub");
@@ -64,6 +71,9 @@ private SftpCertificates(Path sshDir) {
6471
this.ftpPubKeyPath = sshDir.resolve("ftp.key.pub");
6572
this.ftpEncryptedKeyPath = sshDir.resolve("ftp-encrypted.key");
6673
this.ftpEncryptedPubKeyPath = sshDir.resolve("ftp-encrypted.key.pub");
74+
this.userKeyRsaPath = sshDir.resolve("user_key_rsa");
75+
this.userPubKeyRsaPath = sshDir.resolve("user_key_rsa.pub");
76+
this.userCertRsaPath = sshDir.resolve("user_key_rsa-cert.pub");
6777
}
6878

6979
/**
@@ -76,21 +86,37 @@ public static SftpCertificates generate(Path sshDir) throws IOException, Interru
7686
}
7787

7888
private void generateAll() throws IOException, InterruptedException {
79-
// Generate user CA key pair
80-
runSshKeygen("-t", "ed25519", "-f", userCaKeyPath.toString(), "-N", "", "-C", "user-ca");
81-
LOGGER.debug("Generated user CA key pair");
89+
// Generate Ed25519 user CA key pair
90+
runSshKeygen("-t", "ed25519", "-f", userCaKeyPath.toString(), "-N", "", "-C", "user-ca-ed25519");
91+
LOGGER.debug("Generated Ed25519 user CA key pair");
8292

83-
// Generate user key pair
84-
runSshKeygen("-t", "ed25519", "-f", userKeyPath.toString(), "-N", "", "-C", "test-user");
85-
LOGGER.debug("Generated user key pair");
93+
// Generate RSA user CA key pair
94+
runSshKeygen("-t", "rsa", "-b", "2048", "-f", userCaRsaKeyPath.toString(), "-N", "", "-C", "user-ca-rsa");
95+
LOGGER.debug("Generated RSA user CA key pair");
8696

87-
// Sign user certificate
97+
// Generate Ed25519 user key pair
98+
runSshKeygen("-t", "ed25519", "-f", userKeyPath.toString(), "-N", "", "-C", "test-user-ed25519");
99+
LOGGER.debug("Generated Ed25519 user key pair");
100+
101+
// Sign Ed25519 user certificate with Ed25519 CA
88102
runSshKeygen("-s", userCaKeyPath.toString(),
89-
"-I", "test-user",
103+
"-I", "test-user-ed25519",
90104
"-n", "admin",
91105
"-V", "-1m:+365d",
92106
userPubKeyPath.toString());
93-
LOGGER.debug("Signed user certificate");
107+
LOGGER.debug("Signed Ed25519 user certificate with Ed25519 CA");
108+
109+
// Generate RSA user key pair for certificate-based authentication
110+
runSshKeygen("-t", "rsa", "-b", "2048", "-f", userKeyRsaPath.toString(), "-N", "", "-C", "test-user-rsa");
111+
LOGGER.debug("Generated RSA user key pair");
112+
113+
// Sign RSA user certificate with RSA CA
114+
runSshKeygen("-s", userCaRsaKeyPath.toString(),
115+
"-I", "test-user-rsa",
116+
"-n", "admin",
117+
"-V", "-1m:+365d",
118+
userPubKeyRsaPath.toString());
119+
LOGGER.debug("Signed RSA user certificate with RSA CA");
94120

95121
// Generate host CA key pair
96122
runSshKeygen("-t", "ed25519", "-f", hostCaKeyPath.toString(), "-N", "", "-C", "host-ca");
@@ -155,6 +181,10 @@ public Path getUserCaPubKeyPath() {
155181
return userCaPubKeyPath;
156182
}
157183

184+
public Path getUserCaRsaPubKeyPath() {
185+
return userCaRsaPubKeyPath;
186+
}
187+
158188
public Path getUserPublicKeyPath() {
159189
return userPubKeyPath;
160190
}
@@ -210,4 +240,24 @@ public Path getFtpEncryptedPrivateKeyPath() {
210240
public Path getFtpEncryptedPublicKeyPath() {
211241
return ftpEncryptedPubKeyPath;
212242
}
243+
244+
public Path getUserRsaPrivateKeyPath() {
245+
return userKeyRsaPath;
246+
}
247+
248+
public Path getUserRsaPublicKeyPath() {
249+
return userPubKeyRsaPath;
250+
}
251+
252+
public Path getUserRsaCertificatePath() {
253+
return userCertRsaPath;
254+
}
255+
256+
public byte[] getUserRsaCertificateBytes() throws IOException {
257+
return Files.readAllBytes(userCertRsaPath);
258+
}
259+
260+
public byte[] getUserRsaPrivateKeyBytes() throws IOException {
261+
return Files.readAllBytes(userKeyRsaPath);
262+
}
213263
}

integration-tests-support/sftp/src/main/java/org/apache/camel/quarkus/test/support/sftp/SftpTestResource.java

Lines changed: 30 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -64,17 +64,20 @@ public Map<String, String> start() {
6464
// Create authorized_keys file with all public keys
6565
Path authorizedKeysPath = createAuthorizedKeys(sshDir);
6666

67+
// Create combined trusted CA file (Ed25519 + RSA CAs)
68+
Path trustedCaPath = createTrustedCaKeys(sshDir);
69+
6770
// Start OpenSSH container
6871
container = new GenericContainer<>(opensshImage)
6972
.withExposedPorts(SFTP_PORT)
7073
.withEnv("PASSWORD_ACCESS", "true")
7174
.withEnv("USER_NAME", USERNAME)
7275
.withEnv("USER_PASSWORD", PASSWORD)
7376
.withEnv("SUDO_ACCESS", "false")
74-
// Copy user CA for certificate verification
77+
// Copy trusted user CAs (Ed25519 + RSA) for certificate verification
7578
.withCopyFileToContainer(
76-
MountableFile.forHostPath(certificates.getUserCaPubKeyPath()),
77-
"/config/.ssh/user_ca.pub")
79+
MountableFile.forHostPath(trustedCaPath),
80+
"/config/.ssh/trusted_user_cas.pub")
7881
// Copy authorized_keys with all public keys
7982
.withCopyFileToContainer(
8083
MountableFile.forHostPath(authorizedKeysPath),
@@ -93,16 +96,22 @@ public Map<String, String> start() {
9396
// Set system properties for JVM mode AND return in map for native mode command-line args
9497
String userKeyPath = certificates.getUserPrivateKeyPath().toString();
9598
String userCertPath = certificates.getUserCertificatePath().toString();
99+
String userKeyRsaPath = certificates.getUserRsaPrivateKeyPath().toString();
100+
String userCertRsaPath = certificates.getUserRsaCertificatePath().toString();
96101
String ftpKeyPath = certificates.getFtpPrivateKeyPath().toString();
97102
String ftpEncryptedKeyPath = certificates.getFtpEncryptedPrivateKeyPath().toString();
98103

99104
System.setProperty("sftp.test.user.key", userKeyPath);
100105
System.setProperty("sftp.test.user.cert", userCertPath);
106+
System.setProperty("sftp.test.user.key.rsa", userKeyRsaPath);
107+
System.setProperty("sftp.test.user.cert.rsa", userCertRsaPath);
101108
System.setProperty("sftp.test.ftp.key", ftpKeyPath);
102109
System.setProperty("sftp.test.ftp.encrypted.key", ftpEncryptedKeyPath);
103110

104111
result.put("sftp.test.user.key", userKeyPath);
105112
result.put("sftp.test.user.cert", userCertPath);
113+
result.put("sftp.test.user.key.rsa", userKeyRsaPath);
114+
result.put("sftp.test.user.cert.rsa", userCertRsaPath);
106115
result.put("sftp.test.ftp.key", ftpKeyPath);
107116
result.put("sftp.test.ftp.encrypted.key", ftpEncryptedKeyPath);
108117

@@ -133,8 +142,8 @@ private Path createSshdConfig(Path sshDir) throws IOException {
133142
"PasswordAuthentication yes",
134143
"PermitRootLogin no",
135144
"",
136-
"# User certificate authentication - trust certificates signed by user CA",
137-
"TrustedUserCAKeys /config/.ssh/user_ca.pub",
145+
"# User certificate authentication - trust certificates signed by Ed25519 and RSA CAs",
146+
"TrustedUserCAKeys /config/.ssh/trusted_user_cas.pub",
138147
"",
139148
"# Standard public key authentication uses authorized_keys",
140149
"AuthorizedKeysFile /config/.ssh/authorized_keys",
@@ -152,6 +161,22 @@ private Path createSshdConfig(Path sshDir) throws IOException {
152161
return sshdConfig;
153162
}
154163

164+
/**
165+
* Create trusted CA keys file with both Ed25519 and RSA CAs.
166+
*/
167+
private Path createTrustedCaKeys(Path sshDir) throws IOException {
168+
Path trustedCaKeys = sshDir.resolve("trusted_user_cas.pub");
169+
170+
// Combine Ed25519 and RSA CA public keys
171+
StringBuilder cas = new StringBuilder();
172+
cas.append(Files.readString(certificates.getUserCaPubKeyPath()));
173+
cas.append(Files.readString(certificates.getUserCaRsaPubKeyPath()));
174+
175+
Files.writeString(trustedCaKeys, cas.toString());
176+
LOGGER.debug("Created trusted_user_cas.pub with Ed25519 and RSA CAs");
177+
return trustedCaKeys;
178+
}
179+
155180
/**
156181
* Create authorized_keys file with all public keys for testing.
157182
*/

integration-tests/mina-sftp/src/main/java/org/apache/camel/quarkus/component/mina/sftp/it/MinaSftpCertificateManager.java

Lines changed: 22 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -56,24 +56,39 @@ private void initializeCertificates() throws Exception {
5656

5757
String userKeyPath = System.getProperty("sftp.test.user.key");
5858
String userCertPath = System.getProperty("sftp.test.user.cert");
59+
String userKeyRsaPath = System.getProperty("sftp.test.user.key.rsa");
60+
String userCertRsaPath = System.getProperty("sftp.test.user.cert.rsa");
5961
String ftpKeyPath = System.getProperty("sftp.test.ftp.key");
6062
String ftpEncryptedKeyPath = System.getProperty("sftp.test.ftp.encrypted.key");
6163

62-
if (userKeyPath == null || userCertPath == null || ftpKeyPath == null || ftpEncryptedKeyPath == null) {
64+
if (userKeyPath == null || userCertPath == null || userKeyRsaPath == null || userCertRsaPath == null
65+
|| ftpKeyPath == null || ftpEncryptedKeyPath == null) {
6366
throw new IllegalStateException(
6467
"Certificate paths not set. Test resource not started? sftp.test.user.key=" + userKeyPath
6568
+ ", sftp.test.user.cert=" + userCertPath
69+
+ ", sftp.test.user.key.rsa=" + userKeyRsaPath
70+
+ ", sftp.test.user.cert.rsa=" + userCertRsaPath
6671
+ ", sftp.test.ftp.key=" + ftpKeyPath
6772
+ ", sftp.test.ftp.encrypted.key=" + ftpEncryptedKeyPath);
6873
}
6974

70-
byte[] privateKeyBytes = Files.readAllBytes(Path.of(userKeyPath));
71-
byte[] certificateBytes = Files.readAllBytes(Path.of(userCertPath));
75+
// Ed25519 certificate files
76+
byte[] ed25519PrivateKeyBytes = Files.readAllBytes(Path.of(userKeyPath));
77+
byte[] ed25519CertificateBytes = Files.readAllBytes(Path.of(userCertPath));
7278

73-
Files.write(targetCerts.resolve("test-key-rsa.key"), privateKeyBytes);
74-
Files.write(targetCerts.resolve("test-key-rsa-cert.pub"), certificateBytes);
75-
Files.write(classpathCerts.resolve("test-key-rsa.key"), privateKeyBytes);
76-
Files.write(classpathCerts.resolve("test-key-rsa-cert.pub"), certificateBytes);
79+
Files.write(targetCerts.resolve("test-key-ed25519.key"), ed25519PrivateKeyBytes);
80+
Files.write(targetCerts.resolve("test-key-ed25519-cert.pub"), ed25519CertificateBytes);
81+
Files.write(classpathCerts.resolve("test-key-ed25519.key"), ed25519PrivateKeyBytes);
82+
Files.write(classpathCerts.resolve("test-key-ed25519-cert.pub"), ed25519CertificateBytes);
83+
84+
// RSA certificate files
85+
byte[] rsaPrivateKeyBytes = Files.readAllBytes(Path.of(userKeyRsaPath));
86+
byte[] rsaCertificateBytes = Files.readAllBytes(Path.of(userCertRsaPath));
87+
88+
Files.write(targetCerts.resolve("test-key-rsa.key"), rsaPrivateKeyBytes);
89+
Files.write(targetCerts.resolve("test-key-rsa-cert.pub"), rsaCertificateBytes);
90+
Files.write(classpathCerts.resolve("test-key-rsa.key"), rsaPrivateKeyBytes);
91+
Files.write(classpathCerts.resolve("test-key-rsa-cert.pub"), rsaCertificateBytes);
7792

7893
Path ftpKeySource = Path.of(ftpKeyPath);
7994
Files.copy(ftpKeySource, targetCerts.resolve("ftp.key"), REPLACE_EXISTING);

integration-tests/mina-sftp/src/main/resources/application.properties

Lines changed: 0 additions & 16 deletions
This file was deleted.

0 commit comments

Comments
 (0)