From ed8156c111655deea7f2bb65bfe5a5529633925c Mon Sep 17 00:00:00 2001 From: JiriOndrusek Date: Fri, 28 Jun 2024 14:37:06 +0200 Subject: [PATCH] Extracion of crypto-pgp and making crypto work on FIPS --- catalog/pom.xml | 13 ++ .../modules/ROOT/examples/dataformats/pgp.yml | 13 ++ docs/modules/ROOT/nav.adoc | 1 + .../reference/extensions/crypto-pgp.adoc | 55 ++++++++ .../pages/reference/extensions/crypto.adoc | 42 ++++++ .../BouncyCastleSupportProcessor.java | 62 ++++++--- .../bouncycastle/BouncyCastleRecorder.java | 25 +++- extensions/crypto-pgp/deployment/pom.xml | 67 +++++++++ .../pgp/deployment/CryptoPgpProcessor.java | 65 +++++++++ extensions/crypto-pgp/pom.xml | 39 ++++++ extensions/crypto-pgp/runtime/pom.xml | 105 ++++++++++++++ .../runtime/src/main/doc/limitations.adoc | 4 + .../resources/META-INF/quarkus-extension.yaml | 32 +++++ extensions/crypto/deployment/pom.xml | 4 - .../crypto/deployment/CryptoProcessor.java | 33 ----- extensions/crypto/runtime/pom.xml | 12 -- .../runtime/src/main/doc/limitations.adoc | 2 + .../crypto/runtime/src/main/doc/usage.adoc | 29 ++++ extensions/pom.xml | 1 + integration-tests/crypto-pgp/pom.xml | 129 ++++++++++++++++++ .../crypto/pgp/it/CryptoPgpResource.java | 48 +++++++ .../crypto/pgp/it/CryptoPgpRoutes.java | 34 +++++ .../src/main/resources/application.properties | 17 +++ .../src/main/resources/pubring.pgp | Bin .../src/main/resources/secring.pgp | Bin .../component/crypto/pgp/it/CryptoPgpIT.java | 24 ++++ .../crypto/pgp/it/CryptoPgpTest.java | 51 +++++++ integration-tests/crypto/README.adoc | 8 ++ integration-tests/crypto/pom.xml | 56 +++++++- .../component/crypto/it/CryptoResource.java | 13 -- .../component/crypto/it/CryptoRoutes.java | 23 ++-- .../src/main/resources/application.properties | 6 +- .../component/crypto/it/CryptoTest.java | 27 +--- integration-tests/pom.xml | 1 + poms/bom/pom.xml | 28 ++++ .../src/main/generated/flattened-full-pom.xml | 28 ++++ .../main/generated/flattened-reduced-pom.xml | 28 ++++ .../flattened-reduced-verbose-pom.xml | 28 ++++ tooling/scripts/test-categories.yaml | 1 + 39 files changed, 1025 insertions(+), 129 deletions(-) create mode 100644 docs/modules/ROOT/examples/dataformats/pgp.yml create mode 100644 docs/modules/ROOT/pages/reference/extensions/crypto-pgp.adoc create mode 100644 extensions/crypto-pgp/deployment/pom.xml create mode 100644 extensions/crypto-pgp/deployment/src/main/java/org/apache/camel/quarkus/component/crypto/pgp/deployment/CryptoPgpProcessor.java create mode 100644 extensions/crypto-pgp/pom.xml create mode 100644 extensions/crypto-pgp/runtime/pom.xml create mode 100644 extensions/crypto-pgp/runtime/src/main/doc/limitations.adoc create mode 100644 extensions/crypto-pgp/runtime/src/main/resources/META-INF/quarkus-extension.yaml create mode 100644 extensions/crypto/runtime/src/main/doc/limitations.adoc create mode 100644 extensions/crypto/runtime/src/main/doc/usage.adoc create mode 100644 integration-tests/crypto-pgp/pom.xml create mode 100644 integration-tests/crypto-pgp/src/main/java/org/apache/camel/quarkus/component/crypto/pgp/it/CryptoPgpResource.java create mode 100644 integration-tests/crypto-pgp/src/main/java/org/apache/camel/quarkus/component/crypto/pgp/it/CryptoPgpRoutes.java create mode 100644 integration-tests/crypto-pgp/src/main/resources/application.properties rename integration-tests/{crypto => crypto-pgp}/src/main/resources/pubring.pgp (100%) rename integration-tests/{crypto => crypto-pgp}/src/main/resources/secring.pgp (100%) create mode 100644 integration-tests/crypto-pgp/src/test/java/org/apache/camel/quarkus/component/crypto/pgp/it/CryptoPgpIT.java create mode 100644 integration-tests/crypto-pgp/src/test/java/org/apache/camel/quarkus/component/crypto/pgp/it/CryptoPgpTest.java create mode 100644 integration-tests/crypto/README.adoc diff --git a/catalog/pom.xml b/catalog/pom.xml index e2e7d98caff2..7abd52b0614c 100644 --- a/catalog/pom.xml +++ b/catalog/pom.xml @@ -968,6 +968,19 @@ + + org.apache.camel.quarkus + camel-quarkus-crypto-pgp + ${project.version} + pom + test + + + * + * + + + org.apache.camel.quarkus camel-quarkus-csimple diff --git a/docs/modules/ROOT/examples/dataformats/pgp.yml b/docs/modules/ROOT/examples/dataformats/pgp.yml new file mode 100644 index 000000000000..6252f544f9c7 --- /dev/null +++ b/docs/modules/ROOT/examples/dataformats/pgp.yml @@ -0,0 +1,13 @@ +# Do not edit directly! +# This file was generated by camel-quarkus-maven-plugin:update-extension-doc-page +cqArtifactId: camel-quarkus-crypto-pgp +cqArtifactIdBase: crypto-pgp +cqNativeSupported: true +cqStatus: Stable +cqDeprecated: false +cqJvmSince: 3.13.0 +cqNativeSince: 3.13.0 +cqCamelPartName: pgp +cqCamelPartTitle: PGP +cqCamelPartDescription: Encrypt and decrypt messages using Java Cryptographic Extension (JCE) and PGP. +cqExtensionPageTitle: PGP diff --git a/docs/modules/ROOT/nav.adoc b/docs/modules/ROOT/nav.adoc index a4a0aaa6bbc2..6da7470cc05a 100644 --- a/docs/modules/ROOT/nav.adoc +++ b/docs/modules/ROOT/nav.adoc @@ -235,6 +235,7 @@ *** xref:reference/extensions/opentelemetry.adoc[OpenTelemetry] *** xref:reference/extensions/optaplanner.adoc[OptaPlanner] *** xref:reference/extensions/pdf.adoc[PDF] +*** xref:reference/extensions/crypto-pgp.adoc[PGP] *** xref:reference/extensions/paho.adoc[Paho] *** xref:reference/extensions/paho-mqtt5.adoc[Paho MQTT5] *** xref:reference/extensions/pinecone.adoc[Pinecone] diff --git a/docs/modules/ROOT/pages/reference/extensions/crypto-pgp.adoc b/docs/modules/ROOT/pages/reference/extensions/crypto-pgp.adoc new file mode 100644 index 000000000000..dc66bc73044b --- /dev/null +++ b/docs/modules/ROOT/pages/reference/extensions/crypto-pgp.adoc @@ -0,0 +1,55 @@ +// Do not edit directly! +// This file was generated by camel-quarkus-maven-plugin:update-extension-doc-page +[id="extensions-crypto-pgp"] += PGP +:linkattrs: +:cq-artifact-id: camel-quarkus-crypto-pgp +:cq-native-supported: true +:cq-status: Stable +:cq-status-deprecation: Stable +:cq-description: Encrypt and decrypt messages using Bouncy Castle OpenPGP API. +:cq-deprecated: false +:cq-jvm-since: 3.13.0 +:cq-native-since: 3.13.0 + +ifeval::[{doc-show-badges} == true] +[.badges] +[.badge-key]##JVM since##[.badge-supported]##3.13.0## [.badge-key]##Native since##[.badge-supported]##3.13.0## +endif::[] + +Encrypt and decrypt messages using Bouncy Castle OpenPGP API. + +[id="extensions-crypto-pgp-whats-inside"] +== What's inside + +* xref:{cq-camel-components}:dataformats:pgp-dataformat.adoc[PGP data format] + +Please refer to the above link for usage and configuration details. + +[id="extensions-crypto-pgp-maven-coordinates"] +== Maven coordinates + +https://{link-quarkus-code-generator}/?extension-search=camel-quarkus-crypto-pgp[Create a new project with this extension on {link-quarkus-code-generator}, window="_blank"] + +Or add the coordinates to your existing project: + +[source,xml] +---- + + org.apache.camel.quarkus + camel-quarkus-crypto-pgp + +---- +ifeval::[{doc-show-user-guide-link} == true] +Check the xref:user-guide/index.adoc[User guide] for more information about writing Camel Quarkus applications. +endif::[] + +[id="extensions-crypto-pgp-camel-quarkus-limitations"] +== Camel Quarkus limitations + +[id="extensions-crypto-pgp-limitations-fips"] +=== FIPS + +It may not be possible to run `crypto` and `crypto-pgp` extensions together on FIPS enabled system. +For example if `crypto` uses `BCFIPS` provider and `crypto-pgp` uses `BC` provider, it is not possible to have both providers on one classpath. + diff --git a/docs/modules/ROOT/pages/reference/extensions/crypto.adoc b/docs/modules/ROOT/pages/reference/extensions/crypto.adoc index 57e8dd857f6c..85141d708e60 100644 --- a/docs/modules/ROOT/pages/reference/extensions/crypto.adoc +++ b/docs/modules/ROOT/pages/reference/extensions/crypto.adoc @@ -45,6 +45,48 @@ ifeval::[{doc-show-user-guide-link} == true] Check the xref:user-guide/index.adoc[User guide] for more information about writing Camel Quarkus applications. endif::[] +[id="extensions-crypto-usage"] +== Usage +[id="extensions-crypto-usage-security-provider"] +=== Security Provider + +Extension requires BouncyCastle provider and also utilizes the quarkus security extension (see https://quarkus.io/guides/security-customization#registering-security-providers[security providers registration doc]) +If there is no `BC*` provider registered (by `quarkus.security.security-providers` property). +The `BC` provider is registered. + +[id="extensions-crypto-usage-fips"] +=== FIPS + +When running the `crypto` extension on FIPS enabled system any FIPS-compliant Java Security Provider (such as BCFIPS) has to be used. + +* In the case of BCFIPS, please add BCFIPS dependency and `quarkus-security` (see the https://quarkus.io/guides/security-customization#bouncy-castle-fips[guide] for more information) +``` + + org.bouncycastle + bc-fips + + + io.quarkus + quarkus-security + +``` +and register BCFIPS provider with following proprerty: +``` +quarkus.security.security-providers=BCFIPS +``` +* Alternatively, you can add different FIPS compliant provider. Make Sure that the provider is registered. + + + + + +[id="extensions-crypto-camel-quarkus-limitations"] +== Camel Quarkus limitations + + + + + [id="extensions-crypto-ssl-in-native-mode"] == SSL in native mode diff --git a/extensions-support/bouncycastle/deployment/src/main/java/org/apache/camel/quarkus/support/bouncycastle/deployment/BouncyCastleSupportProcessor.java b/extensions-support/bouncycastle/deployment/src/main/java/org/apache/camel/quarkus/support/bouncycastle/deployment/BouncyCastleSupportProcessor.java index 90be74e0ed51..40f35da8c355 100644 --- a/extensions-support/bouncycastle/deployment/src/main/java/org/apache/camel/quarkus/support/bouncycastle/deployment/BouncyCastleSupportProcessor.java +++ b/extensions-support/bouncycastle/deployment/src/main/java/org/apache/camel/quarkus/support/bouncycastle/deployment/BouncyCastleSupportProcessor.java @@ -16,7 +16,9 @@ */ package org.apache.camel.quarkus.support.bouncycastle.deployment; +import java.util.Collections; import java.util.List; +import java.util.function.BooleanSupplier; import java.util.stream.Collectors; import io.quarkus.deployment.annotations.BuildProducer; @@ -24,22 +26,35 @@ import io.quarkus.deployment.annotations.ExecutionTime; import io.quarkus.deployment.annotations.Record; import io.quarkus.deployment.builditem.CombinedIndexBuildItem; -import io.quarkus.deployment.builditem.IndexDependencyBuildItem; import io.quarkus.deployment.builditem.ShutdownContextBuildItem; import io.quarkus.deployment.builditem.nativeimage.ReflectiveClassBuildItem; import io.quarkus.deployment.builditem.nativeimage.RuntimeReinitializedClassBuildItem; import io.quarkus.security.deployment.BouncyCastleProviderBuildItem; +import io.quarkus.security.deployment.SecurityConfig; import org.apache.camel.quarkus.support.bouncycastle.BouncyCastleRecorder; import org.jboss.jandex.IndexView; public class BouncyCastleSupportProcessor { - @BuildStep + SecurityConfig securityConfig; + + @BuildStep(onlyIfNot = BcProviderConfigured.class) void produceBouncyCastleProvider(BuildProducer bouncyCastleProvider) { + //register BC if there is no BC or BCFIPS provider in securityConfiguration bouncyCastleProvider.produce(new BouncyCastleProviderBuildItem()); } - @BuildStep + @BuildStep() + @Record(ExecutionTime.STATIC_INIT) + public void registerBouncyCastleProvider(List cipherTransformations, + BouncyCastleRecorder recorder, + ShutdownContextBuildItem shutdownContextBuildItem) { + List allCipherTransformations = cipherTransformations.stream() + .flatMap(c -> c.getCipherTransformations().stream()).collect(Collectors.toList()); + recorder.registerBouncyCastleProvider(allCipherTransformations, shutdownContextBuildItem); + } + + @BuildStep() ReflectiveClassBuildItem registerForReflection(CombinedIndexBuildItem combinedIndex) { IndexView index = combinedIndex.getIndex(); @@ -54,23 +69,36 @@ ReflectiveClassBuildItem registerForReflection(CombinedIndexBuildItem combinedIn return ReflectiveClassBuildItem.builder(dtos).build(); } - @BuildStep - IndexDependencyBuildItem registerBCDependencyForIndex() { - return new IndexDependencyBuildItem("org.bouncycastle", "bcprov-jdk18on"); - } - - @BuildStep + @BuildStep(onlyIfNot = FipsProviderConfigured.class) void secureRandomConfiguration(BuildProducer reinitialized) { reinitialized.produce(new RuntimeReinitializedClassBuildItem("java.security.SecureRandom")); } - @BuildStep - @Record(ExecutionTime.STATIC_INIT) - public void registerBouncyCastleProvider(List cipherTransformations, - BouncyCastleRecorder recorder, - ShutdownContextBuildItem shutdownContextBuildItem) { - List allCipherTransformations = cipherTransformations.stream() - .flatMap(c -> c.getCipherTransformations().stream()).collect(Collectors.toList()); - recorder.registerBouncyCastleProvider(allCipherTransformations, shutdownContextBuildItem); + /** + * Indicates whether FIPS provider is registered via quarkus.security. + */ + static final class FipsProviderConfigured implements BooleanSupplier { + SecurityConfig securityConfig; + + @Override + public boolean getAsBoolean() { + return securityConfig.securityProviders().orElse(Collections.emptySet()).stream() + .anyMatch(p -> p.toLowerCase().contains("fips")); + + } + } + + /** + * Indicates whether BC* provider is registered via quarkus.security. + */ + static final class BcProviderConfigured implements BooleanSupplier { + SecurityConfig securityConfig; + + @Override + public boolean getAsBoolean() { + return securityConfig.securityProviders().orElse(Collections.emptySet()).stream() + .filter(p -> p.toLowerCase().startsWith("bc")).findAny().isPresent(); + } } + } diff --git a/extensions-support/bouncycastle/runtime/src/main/java/org/apache/camel/quarkus/support/bouncycastle/BouncyCastleRecorder.java b/extensions-support/bouncycastle/runtime/src/main/java/org/apache/camel/quarkus/support/bouncycastle/BouncyCastleRecorder.java index 32fea4d79694..e559d1c496e2 100644 --- a/extensions-support/bouncycastle/runtime/src/main/java/org/apache/camel/quarkus/support/bouncycastle/BouncyCastleRecorder.java +++ b/extensions-support/bouncycastle/runtime/src/main/java/org/apache/camel/quarkus/support/bouncycastle/BouncyCastleRecorder.java @@ -16,6 +16,7 @@ */ package org.apache.camel.quarkus.support.bouncycastle; +import java.lang.reflect.InvocationTargetException; import java.security.Provider; import java.security.Security; import java.util.List; @@ -25,7 +26,6 @@ import io.quarkus.runtime.ShutdownContext; import io.quarkus.runtime.annotations.Recorder; import io.quarkus.security.runtime.SecurityProviderUtils; -import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.jboss.logging.Logger; @Recorder @@ -35,11 +35,30 @@ public class BouncyCastleRecorder { public void registerBouncyCastleProvider(List cipherTransformations, ShutdownContext shutdownContext) { Provider provider = Security.getProvider(SecurityProviderUtils.BOUNCYCASTLE_PROVIDER_NAME); + if (provider == null) { + provider = Security.getProvider(SecurityProviderUtils.BOUNCYCASTLE_FIPS_PROVIDER_NAME); + } if (provider == null) { // TODO: Fix BuildStep execution order so that this is not required // https://github.com/apache/camel-quarkus/issues/3472 - provider = new BouncyCastleProvider(); - Security.addProvider(provider); + try { + provider = (Provider) Thread.currentThread().getContextClassLoader() + .loadClass(SecurityProviderUtils.BOUNCYCASTLE_PROVIDER_CLASS_NAME).getConstructor().newInstance(); + Security.addProvider(provider); + } catch (ClassNotFoundException | InvocationTargetException | InstantiationException | IllegalAccessException + | NoSuchMethodException e) { + try { + //try to load BCFIPS + provider = (Provider) Thread.currentThread().getContextClassLoader() + .loadClass(SecurityProviderUtils.BOUNCYCASTLE_FIPS_PROVIDER_CLASS_NAME).getConstructor() + .newInstance(); + Security.addProvider(provider); + } catch (ClassNotFoundException | InvocationTargetException | InstantiationException | IllegalAccessException + | NoSuchMethodException e2) { + throw new RuntimeException("Neither BC nor BCFIPS provider can be registered. \nBC: " + e.getMessage() + + "\nBCFIPS " + e2.getMessage()); + } + } } // Make it explicit to the static analysis that below security services should be registered as they are reachable at runtime diff --git a/extensions/crypto-pgp/deployment/pom.xml b/extensions/crypto-pgp/deployment/pom.xml new file mode 100644 index 000000000000..385060cff543 --- /dev/null +++ b/extensions/crypto-pgp/deployment/pom.xml @@ -0,0 +1,67 @@ + + + + 4.0.0 + + org.apache.camel.quarkus + camel-quarkus-crypto-pgp-parent + 3.14.0-SNAPSHOT + ../pom.xml + + + camel-quarkus-crypto-pgp-deployment + Camel Quarkus :: PGP :: Deployment + + + + org.apache.camel.quarkus + camel-quarkus-core-deployment + + + org.apache.camel.quarkus + camel-quarkus-crypto-pgp + + + org.apache.camel.quarkus + camel-quarkus-support-bouncycastle-deployment + + + + + + + org.apache.maven.plugins + maven-compiler-plugin + + + + io.quarkus + quarkus-extension-processor + ${quarkus.version} + + + + + + + + diff --git a/extensions/crypto-pgp/deployment/src/main/java/org/apache/camel/quarkus/component/crypto/pgp/deployment/CryptoPgpProcessor.java b/extensions/crypto-pgp/deployment/src/main/java/org/apache/camel/quarkus/component/crypto/pgp/deployment/CryptoPgpProcessor.java new file mode 100644 index 000000000000..adc7f4fa7fb9 --- /dev/null +++ b/extensions/crypto-pgp/deployment/src/main/java/org/apache/camel/quarkus/component/crypto/pgp/deployment/CryptoPgpProcessor.java @@ -0,0 +1,65 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.camel.quarkus.component.crypto.pgp.deployment; + +import java.lang.reflect.Field; +import java.util.ArrayList; +import java.util.List; + +import io.quarkus.deployment.annotations.BuildStep; +import io.quarkus.deployment.builditem.FeatureBuildItem; +import io.quarkus.logging.Log; +import org.apache.camel.quarkus.support.bouncycastle.deployment.CipherTransformationBuildItem; +import org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags; +import org.bouncycastle.openpgp.PGPUtil; + +class CryptoPgpProcessor { + + private static final String FEATURE = "camel-crypto-pgp"; + + @BuildStep + FeatureBuildItem feature() { + return new FeatureBuildItem(FEATURE); + } + + @BuildStep + CipherTransformationBuildItem registerReachableCipherTransformations() { + List cipherTransformations = new ArrayList<>(); + for (Field field : SymmetricKeyAlgorithmTags.class.getDeclaredFields()) { + try { + String algorithmName = PGPUtil.getSymmetricCipherName(field.getInt(null)); + if (algorithmName != null) { + String format = "Adding transformation '%s' to the CipherTransformationBuildItem produced by camel-quarkus-crypto"; + + // When using integrity packet, CFB mode is reachable + String cfbTransformation = algorithmName + "/CFB/NoPadding"; + Log.debugf(format, cfbTransformation); + cipherTransformations.add(cfbTransformation); + + // When NOT using integrity packet, OpenPGPCFB mode is reachable + String openPgpCfbTransformation = algorithmName + "/OpenPGPCFB/NoPadding"; + Log.debugf(format, openPgpCfbTransformation); + cipherTransformations.add(openPgpCfbTransformation); + } + } catch (IllegalArgumentException | IllegalAccessException e) { + // Ignoring inaccessible and non integer fields + } + } + + return new CipherTransformationBuildItem(cipherTransformations); + } +} diff --git a/extensions/crypto-pgp/pom.xml b/extensions/crypto-pgp/pom.xml new file mode 100644 index 000000000000..27703e2b103d --- /dev/null +++ b/extensions/crypto-pgp/pom.xml @@ -0,0 +1,39 @@ + + + + 4.0.0 + + org.apache.camel.quarkus + camel-quarkus-extensions + 3.14.0-SNAPSHOT + ../pom.xml + + + camel-quarkus-crypto-pgp-parent + Camel Quarkus :: PGP + pom + + + deployment + runtime + + diff --git a/extensions/crypto-pgp/runtime/pom.xml b/extensions/crypto-pgp/runtime/pom.xml new file mode 100644 index 000000000000..488b4fb7e0f8 --- /dev/null +++ b/extensions/crypto-pgp/runtime/pom.xml @@ -0,0 +1,105 @@ + + + + 4.0.0 + + org.apache.camel.quarkus + camel-quarkus-crypto-pgp-parent + 3.14.0-SNAPSHOT + ../pom.xml + + + camel-quarkus-crypto-pgp + Camel Quarkus :: PGP :: Runtime + Encrypt and decrypt messages using Bouncy Castle OpenPGP API. + + + 3.13.0 + 3.13.0 + + + + + org.apache.camel.quarkus + camel-quarkus-core + + + org.apache.camel + camel-crypto-pgp + + + org.apache.camel.quarkus + camel-quarkus-support-bouncycastle + + + + + + + io.quarkus + quarkus-extension-maven-plugin + + + org.apache.maven.plugins + maven-compiler-plugin + + + + io.quarkus + quarkus-extension-processor + ${quarkus.version} + + + + + + + + + + + full + + + !quickly + + + + + + org.apache.camel.quarkus + camel-quarkus-maven-plugin + + + update-extension-doc-page + + update-extension-doc-page + + process-classes + + + + + + + + diff --git a/extensions/crypto-pgp/runtime/src/main/doc/limitations.adoc b/extensions/crypto-pgp/runtime/src/main/doc/limitations.adoc new file mode 100644 index 000000000000..e6a75f4ad996 --- /dev/null +++ b/extensions/crypto-pgp/runtime/src/main/doc/limitations.adoc @@ -0,0 +1,4 @@ +=== FIPS + +It may not be possible to run `crypto` and `crypto-pgp` extensions together on FIPS enabled system. +For example if `crypto` uses `BCFIPS` provider and `crypto-pgp` uses `BC` provider, it is not possible to have both providers on one classpath. \ No newline at end of file diff --git a/extensions/crypto-pgp/runtime/src/main/resources/META-INF/quarkus-extension.yaml b/extensions/crypto-pgp/runtime/src/main/resources/META-INF/quarkus-extension.yaml new file mode 100644 index 000000000000..61dbe6dfafc1 --- /dev/null +++ b/extensions/crypto-pgp/runtime/src/main/resources/META-INF/quarkus-extension.yaml @@ -0,0 +1,32 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# This is a generated file. Do not edit directly! +# To re-generate, run the following command from the top level directory: +# +# mvn -N cq:update-quarkus-metadata +# +--- +name: "Camel PGP" +description: "Encrypt and decrypt messages using Bouncy Castle OpenPGP API" +metadata: + icon-url: "https://raw.githubusercontent.com/apache/camel-website/main/antora-ui-camel/src/img/logo-d.svg" + guide: "https://camel.apache.org/camel-quarkus/latest/reference/extensions/crypto-pgp.html" + categories: + - "integration" + status: + - "stable" diff --git a/extensions/crypto/deployment/pom.xml b/extensions/crypto/deployment/pom.xml index 86765aba9318..57a84b0171d6 100644 --- a/extensions/crypto/deployment/pom.xml +++ b/extensions/crypto/deployment/pom.xml @@ -34,10 +34,6 @@ org.apache.camel.quarkus camel-quarkus-core-deployment - - org.apache.camel.quarkus - camel-quarkus-support-bouncycastle-deployment - org.apache.camel.quarkus camel-quarkus-crypto diff --git a/extensions/crypto/deployment/src/main/java/org/apache/camel/quarkus/component/crypto/deployment/CryptoProcessor.java b/extensions/crypto/deployment/src/main/java/org/apache/camel/quarkus/component/crypto/deployment/CryptoProcessor.java index 2b2fcfb24ddf..42e2c91683f7 100644 --- a/extensions/crypto/deployment/src/main/java/org/apache/camel/quarkus/component/crypto/deployment/CryptoProcessor.java +++ b/extensions/crypto/deployment/src/main/java/org/apache/camel/quarkus/component/crypto/deployment/CryptoProcessor.java @@ -16,16 +16,9 @@ */ package org.apache.camel.quarkus.component.crypto.deployment; -import java.lang.reflect.Field; -import java.util.ArrayList; -import java.util.List; - import io.quarkus.deployment.annotations.BuildStep; import io.quarkus.deployment.builditem.ExtensionSslNativeSupportBuildItem; import io.quarkus.deployment.builditem.FeatureBuildItem; -import org.apache.camel.quarkus.support.bouncycastle.deployment.CipherTransformationBuildItem; -import org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags; -import org.bouncycastle.openpgp.PGPUtil; import org.jboss.logging.Logger; class CryptoProcessor { @@ -44,30 +37,4 @@ ExtensionSslNativeSupportBuildItem activeNativeSSLSupport() { return new ExtensionSslNativeSupportBuildItem(FEATURE); } - @BuildStep - CipherTransformationBuildItem registerReachableCipherTransformations() { - List cipherTransformations = new ArrayList<>(); - for (Field field : SymmetricKeyAlgorithmTags.class.getDeclaredFields()) { - try { - String algorithmName = PGPUtil.getSymmetricCipherName(field.getInt(null)); - if (algorithmName != null) { - String format = "Adding transformation '%s' to the CipherTransformationBuildItem produced by camel-quarkus-crypto"; - - // When using integrity packet, CFB mode is reachable - String cfbTransformation = algorithmName + "/CFB/NoPadding"; - LOG.debugf(format, cfbTransformation); - cipherTransformations.add(cfbTransformation); - - // When NOT using integrity packet, OpenPGPCFB mode is reachable - String openPgpCfbTransformation = algorithmName + "/OpenPGPCFB/NoPadding"; - LOG.debugf(format, openPgpCfbTransformation); - cipherTransformations.add(openPgpCfbTransformation); - } - } catch (IllegalArgumentException | IllegalAccessException e) { - // Ignoring inaccessible and non integer fields - } - } - - return new CipherTransformationBuildItem(cipherTransformations); - } } diff --git a/extensions/crypto/runtime/pom.xml b/extensions/crypto/runtime/pom.xml index b857864e9ca2..6c6338921c2e 100644 --- a/extensions/crypto/runtime/pom.xml +++ b/extensions/crypto/runtime/pom.xml @@ -40,22 +40,10 @@ org.apache.camel.quarkus camel-quarkus-core - - org.apache.camel.quarkus - camel-quarkus-support-bouncycastle - org.apache.camel camel-crypto - - org.apache.camel - camel-crypto-pgp - - - org.bouncycastle - bcpg-jdk18on - diff --git a/extensions/crypto/runtime/src/main/doc/limitations.adoc b/extensions/crypto/runtime/src/main/doc/limitations.adoc new file mode 100644 index 000000000000..139597f9cb07 --- /dev/null +++ b/extensions/crypto/runtime/src/main/doc/limitations.adoc @@ -0,0 +1,2 @@ + + diff --git a/extensions/crypto/runtime/src/main/doc/usage.adoc b/extensions/crypto/runtime/src/main/doc/usage.adoc new file mode 100644 index 000000000000..00c6370614e9 --- /dev/null +++ b/extensions/crypto/runtime/src/main/doc/usage.adoc @@ -0,0 +1,29 @@ +=== Security Provider + +Extension requires BouncyCastle provider and also utilizes the quarkus security extension (see https://quarkus.io/guides/security-customization#registering-security-providers[security providers registration doc]) +If there is no `BC*` provider registered (by `quarkus.security.security-providers` property). +The `BC` provider is registered. + +=== FIPS + +When running the `crypto` extension on FIPS enabled system any FIPS-compliant Java Security Provider (such as BCFIPS) has to be used. + +* In the case of BCFIPS, please add BCFIPS dependency and `quarkus-security` (see the https://quarkus.io/guides/security-customization#bouncy-castle-fips[guide] for more information) +``` + + org.bouncycastle + bc-fips + + + io.quarkus + quarkus-security + +``` +and register BCFIPS provider with following proprerty: +``` +quarkus.security.security-providers=BCFIPS +``` +* Alternatively, you can add different FIPS compliant provider. Make Sure that the provider is registered. + + + diff --git a/extensions/pom.xml b/extensions/pom.xml index 814aab553dfa..88d4bf0b14c7 100644 --- a/extensions/pom.xml +++ b/extensions/pom.xml @@ -83,6 +83,7 @@ couchdb cron crypto + crypto-pgp csimple csv cxf-soap diff --git a/integration-tests/crypto-pgp/pom.xml b/integration-tests/crypto-pgp/pom.xml new file mode 100644 index 000000000000..89b33437b63f --- /dev/null +++ b/integration-tests/crypto-pgp/pom.xml @@ -0,0 +1,129 @@ + + + + 4.0.0 + + org.apache.camel.quarkus + camel-quarkus-build-parent-it + 3.14.0-SNAPSHOT + ../../poms/build-parent-it/pom.xml + + + camel-quarkus-integration-test-crypto-pgp + Camel Quarkus :: Integration Tests :: PGP + Integration tests for Camel Quarkus PGP extension + + + + org.apache.camel.quarkus + camel-quarkus-crypto-pgp + + + io.quarkus + quarkus-resteasy + + + org.apache.camel.quarkus + camel-quarkus-direct + + + + + io.quarkus + quarkus-junit5 + test + + + io.rest-assured + rest-assured + test + + + + + + native + + + native + + + + true + + + + + org.apache.maven.plugins + maven-failsafe-plugin + + + + integration-test + verify + + + + + + + + + virtualDependencies + + + !noVirtualDependencies + + + + + + org.apache.camel.quarkus + camel-quarkus-crypto-pgp-deployment + ${project.version} + pom + test + + + * + * + + + + + org.apache.camel.quarkus + camel-quarkus-direct-deployment + ${project.version} + pom + test + + + * + * + + + + + + + + diff --git a/integration-tests/crypto-pgp/src/main/java/org/apache/camel/quarkus/component/crypto/pgp/it/CryptoPgpResource.java b/integration-tests/crypto-pgp/src/main/java/org/apache/camel/quarkus/component/crypto/pgp/it/CryptoPgpResource.java new file mode 100644 index 000000000000..88077430e716 --- /dev/null +++ b/integration-tests/crypto-pgp/src/main/java/org/apache/camel/quarkus/component/crypto/pgp/it/CryptoPgpResource.java @@ -0,0 +1,48 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.camel.quarkus.component.crypto.pgp.it; + +import jakarta.enterprise.context.ApplicationScoped; +import jakarta.inject.Inject; +import jakarta.ws.rs.POST; +import jakarta.ws.rs.Path; +import jakarta.ws.rs.Produces; +import jakarta.ws.rs.core.MediaType; +import org.apache.camel.ProducerTemplate; + +@Path("/crypto-pgp") +@ApplicationScoped +public class CryptoPgpResource { + + public static final String MESSAGE = "Hello Camel Quarkus Crypto"; + + @Inject + ProducerTemplate producerTemplate; + + @Path("/encrypt/pgp") + @POST + public byte[] encryptPgpPayload(String payload) { + return producerTemplate.requestBody("direct:marshalPgp", payload, byte[].class); + } + + @Path("/decrypt/pgp") + @POST + @Produces(MediaType.TEXT_PLAIN) + public String decryptPayload(byte[] payload) { + return producerTemplate.requestBody("direct:unmarshalPgp", payload, String.class); + } +} diff --git a/integration-tests/crypto-pgp/src/main/java/org/apache/camel/quarkus/component/crypto/pgp/it/CryptoPgpRoutes.java b/integration-tests/crypto-pgp/src/main/java/org/apache/camel/quarkus/component/crypto/pgp/it/CryptoPgpRoutes.java new file mode 100644 index 000000000000..8b7c438901c3 --- /dev/null +++ b/integration-tests/crypto-pgp/src/main/java/org/apache/camel/quarkus/component/crypto/pgp/it/CryptoPgpRoutes.java @@ -0,0 +1,34 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.camel.quarkus.component.crypto.pgp.it; + +import org.apache.camel.builder.RouteBuilder; + +public class CryptoPgpRoutes extends RouteBuilder { + + @Override + public void configure() throws Exception { + + // PGP data format + from("direct:marshalPgp") + .marshal().pgp("pubring.pgp", "sdude@nowhere.net", "sdude"); + + from("direct:unmarshalPgp") + .unmarshal().pgp("secring.pgp", "sdude@nowhere.net", "sdude"); + } + +} diff --git a/integration-tests/crypto-pgp/src/main/resources/application.properties b/integration-tests/crypto-pgp/src/main/resources/application.properties new file mode 100644 index 000000000000..1c09a5fa2572 --- /dev/null +++ b/integration-tests/crypto-pgp/src/main/resources/application.properties @@ -0,0 +1,17 @@ +## --------------------------------------------------------------------------- +## Licensed to the Apache Software Foundation (ASF) under one or more +## contributor license agreements. See the NOTICE file distributed with +## this work for additional information regarding copyright ownership. +## The ASF licenses this file to You under the Apache License, Version 2.0 +## (the "License"); you may not use this file except in compliance with +## the License. You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, software +## distributed under the License is distributed on an "AS IS" BASIS, +## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +## See the License for the specific language governing permissions and +## limitations under the License. +## --------------------------------------------------------------------------- +quarkus.native.resources.includes=*.pgp diff --git a/integration-tests/crypto/src/main/resources/pubring.pgp b/integration-tests/crypto-pgp/src/main/resources/pubring.pgp similarity index 100% rename from integration-tests/crypto/src/main/resources/pubring.pgp rename to integration-tests/crypto-pgp/src/main/resources/pubring.pgp diff --git a/integration-tests/crypto/src/main/resources/secring.pgp b/integration-tests/crypto-pgp/src/main/resources/secring.pgp similarity index 100% rename from integration-tests/crypto/src/main/resources/secring.pgp rename to integration-tests/crypto-pgp/src/main/resources/secring.pgp diff --git a/integration-tests/crypto-pgp/src/test/java/org/apache/camel/quarkus/component/crypto/pgp/it/CryptoPgpIT.java b/integration-tests/crypto-pgp/src/test/java/org/apache/camel/quarkus/component/crypto/pgp/it/CryptoPgpIT.java new file mode 100644 index 000000000000..7432a0643eea --- /dev/null +++ b/integration-tests/crypto-pgp/src/test/java/org/apache/camel/quarkus/component/crypto/pgp/it/CryptoPgpIT.java @@ -0,0 +1,24 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.camel.quarkus.component.crypto.pgp.it; + +import io.quarkus.test.junit.QuarkusIntegrationTest; + +@QuarkusIntegrationTest +class CryptoPgpIT extends CryptoPgpTest { + +} diff --git a/integration-tests/crypto-pgp/src/test/java/org/apache/camel/quarkus/component/crypto/pgp/it/CryptoPgpTest.java b/integration-tests/crypto-pgp/src/test/java/org/apache/camel/quarkus/component/crypto/pgp/it/CryptoPgpTest.java new file mode 100644 index 000000000000..aed31f37180a --- /dev/null +++ b/integration-tests/crypto-pgp/src/test/java/org/apache/camel/quarkus/component/crypto/pgp/it/CryptoPgpTest.java @@ -0,0 +1,51 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.camel.quarkus.component.crypto.pgp.it; + +import io.quarkus.test.junit.QuarkusTest; +import io.restassured.RestAssured; +import org.junit.jupiter.api.Test; + +import static org.apache.camel.quarkus.component.crypto.pgp.it.CryptoPgpResource.MESSAGE; +import static org.junit.jupiter.api.Assertions.assertEquals; + +@QuarkusTest +class CryptoPgpTest { + + @Test + public void encryptDecryptPgpMessage() { + byte[] encrypted = RestAssured.given() + .body(MESSAGE) + .post("/crypto-pgp/encrypt/pgp") + .then() + .statusCode(200) + .extract() + .body() + .asByteArray(); + + String decrypted = RestAssured.given() + .body(encrypted) + .post("/crypto-pgp/decrypt/pgp") + .then() + .statusCode(200) + .extract() + .body() + .asString(); + + assertEquals(MESSAGE, decrypted); + } +} diff --git a/integration-tests/crypto/README.adoc b/integration-tests/crypto/README.adoc new file mode 100644 index 000000000000..2822e0a83387 --- /dev/null +++ b/integration-tests/crypto/README.adoc @@ -0,0 +1,8 @@ +== FIPS + +Please utilize the fips profile when executing tests within a FIPS-enabled environment. The tests must employ the BouncyCastle-FIPS dependency instead of the standard BouncyCastle library. + +Example of usage: +``` +mvn clean test -Dfips +``` diff --git a/integration-tests/crypto/pom.xml b/integration-tests/crypto/pom.xml index 0c8e8e1893e6..f2c03da7d435 100644 --- a/integration-tests/crypto/pom.xml +++ b/integration-tests/crypto/pom.xml @@ -30,11 +30,28 @@ Camel Quarkus :: Integration Tests :: Crypto (JCE) Integration tests for Camel Quarkus Crypto (JCE) extension + + + + src/main/resources + true + + + + + org.apache.maven.plugins + maven-resources-plugin + + + + jks + + + + + + - - org.apache.camel.quarkus - camel-quarkus-crypto - org.apache.camel.quarkus camel-quarkus-direct @@ -43,6 +60,10 @@ io.quarkus quarkus-resteasy + + org.apache.camel.quarkus + camel-quarkus-crypto + @@ -60,10 +81,35 @@ camel-quarkus-integration-test-support test + + io.quarkus + quarkus-junit5-internal + test + - + + fips + + + fips + + + + quarkus.security.security-providers=BCFIPS + + + + org.bouncycastle + bc-fips + + + io.quarkus + quarkus-security + + + native diff --git a/integration-tests/crypto/src/main/java/org/apache/camel/quarkus/component/crypto/it/CryptoResource.java b/integration-tests/crypto/src/main/java/org/apache/camel/quarkus/component/crypto/it/CryptoResource.java index 6667b521752d..a23dda4087d9 100644 --- a/integration-tests/crypto/src/main/java/org/apache/camel/quarkus/component/crypto/it/CryptoResource.java +++ b/integration-tests/crypto/src/main/java/org/apache/camel/quarkus/component/crypto/it/CryptoResource.java @@ -98,19 +98,6 @@ public String decryptPgpPayload(byte[] payload) { return producerTemplate.requestBody("direct:unmarshal", payload, String.class); } - @Path("/encrypt/pgp") - @POST - public byte[] encryptPgpPayload(String payload) { - return producerTemplate.requestBody("direct:marshalPgp", payload, byte[].class); - } - - @Path("/decrypt/pgp") - @POST - @Produces(MediaType.TEXT_PLAIN) - public String decryptPayload(byte[] payload) { - return producerTemplate.requestBody("direct:unmarshalPgp", payload, String.class); - } - @jakarta.enterprise.inject.Produces public KeyStore keyStore() throws Exception { KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); diff --git a/integration-tests/crypto/src/main/java/org/apache/camel/quarkus/component/crypto/it/CryptoRoutes.java b/integration-tests/crypto/src/main/java/org/apache/camel/quarkus/component/crypto/it/CryptoRoutes.java index 7004ee6e3501..acc93990de7f 100644 --- a/integration-tests/crypto/src/main/java/org/apache/camel/quarkus/component/crypto/it/CryptoRoutes.java +++ b/integration-tests/crypto/src/main/java/org/apache/camel/quarkus/component/crypto/it/CryptoRoutes.java @@ -25,14 +25,16 @@ import org.apache.camel.builder.RouteBuilder; import org.apache.camel.component.crypto.DigitalSignatureConstants; import org.apache.camel.converter.crypto.CryptoDataFormat; +import org.eclipse.microprofile.config.ConfigProvider; public class CryptoRoutes extends RouteBuilder { @Override public void configure() throws Exception { - + String provider = ConfigProvider.getConfig() + .getOptionalValue("quarkus.security.security-providers", String.class).orElse("SUN"); // Crypto component using raw keys - final KeyPair keys = getKeyPair(); + final KeyPair keys = KeyPairGenerator.getInstance("RSA").generateKeyPair(); from("direct:sign-raw") .setHeader(DigitalSignatureConstants.SIGNATURE_PRIVATE_KEY, constant(keys.getPrivate())) .to("crypto:sign:raw"); @@ -43,10 +45,12 @@ public void configure() throws Exception { // Crypto component using keys from a keystore from("direct:sign") - .to("crypto:sign:basic?privateKey=#myPrivateKey&algorithm=SHA1withDSA&provider=SUN&secureRandom=#customSecureRandom"); + .toF("crypto:sign:basic?privateKey=#myPrivateKey&algorithm=SHA1withDSA&provider=%s&secureRandom=#customSecureRandom", + provider); from("direct:verify") - .to("crypto:verify:basic?publicKey=#myPublicKey&algorithm=SHA1withDSA&provider=SUN&secureRandom=#customSecureRandom"); + .toF("crypto:verify:basic?publicKey=#myPublicKey&algorithm=SHA1withDSA&provider=%s&secureRandom=#customSecureRandom", + provider); // Crypto data format CryptoDataFormat cryptoDataFormat = getCryptoDataFormat(); @@ -55,13 +59,6 @@ public void configure() throws Exception { from("direct:unmarshal") .unmarshal(cryptoDataFormat); - - // PGP data format - from("direct:marshalPgp") - .marshal().pgp("pubring.pgp", "sdude@nowhere.net", "sdude"); - - from("direct:unmarshalPgp") - .unmarshal().pgp("secring.pgp", "sdude@nowhere.net", "sdude"); } private CryptoDataFormat getCryptoDataFormat() throws NoSuchAlgorithmException { @@ -69,8 +66,4 @@ private CryptoDataFormat getCryptoDataFormat() throws NoSuchAlgorithmException { return new CryptoDataFormat("DES", generator.generateKey()); } - private KeyPair getKeyPair() throws NoSuchAlgorithmException { - return KeyPairGenerator.getInstance("RSA").generateKeyPair(); - } - } diff --git a/integration-tests/crypto/src/main/resources/application.properties b/integration-tests/crypto/src/main/resources/application.properties index 97c94226b9a8..03d1e5fb7d79 100644 --- a/integration-tests/crypto/src/main/resources/application.properties +++ b/integration-tests/crypto/src/main/resources/application.properties @@ -14,4 +14,8 @@ ## See the License for the specific language governing permissions and ## limitations under the License. ## --------------------------------------------------------------------------- -quarkus.native.resources.includes=*.jks,*.pgp +quarkus.native.resources.includes=*.jks + +#FIPS profile adds BCFIPS provider +${cq-security-provider} + diff --git a/integration-tests/crypto/src/test/java/org/apache/camel/quarkus/component/crypto/it/CryptoTest.java b/integration-tests/crypto/src/test/java/org/apache/camel/quarkus/component/crypto/it/CryptoTest.java index c98823120b7e..8f2df1d35b9d 100644 --- a/integration-tests/crypto/src/test/java/org/apache/camel/quarkus/component/crypto/it/CryptoTest.java +++ b/integration-tests/crypto/src/test/java/org/apache/camel/quarkus/component/crypto/it/CryptoTest.java @@ -20,7 +20,6 @@ import io.quarkus.test.junit.QuarkusTest; import io.restassured.RestAssured; -import org.apache.camel.quarkus.test.DisabledIfFipsMode; import org.apache.commons.codec.binary.Base64; import org.junit.jupiter.api.Test; import org.junit.jupiter.params.ParameterizedTest; @@ -31,9 +30,8 @@ import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertTrue; -@DisabledIfFipsMode //https://github.com/apache/camel-quarkus/issues/6088 @QuarkusTest -class CryptoTest { +public class CryptoTest { @ParameterizedTest @ValueSource(booleans = { false, true }) @@ -92,27 +90,4 @@ public void encryptDecryptMessage() { assertEquals(MESSAGE, decrypted); } - @Test - public void encryptDecryptPgpMessage() { - byte[] encrypted = RestAssured.given() - .body(MESSAGE) - .post("/crypto/encrypt/pgp") - .then() - .statusCode(200) - .extract() - .body() - .asByteArray(); - - String decrypted = RestAssured.given() - .body(encrypted) - .post("/crypto/decrypt/pgp") - .then() - .statusCode(200) - .extract() - .body() - .asString(); - - assertEquals(MESSAGE, decrypted); - } - } diff --git a/integration-tests/pom.xml b/integration-tests/pom.xml index 910694984d12..be12657f09f2 100644 --- a/integration-tests/pom.xml +++ b/integration-tests/pom.xml @@ -77,6 +77,7 @@ consul couchdb crypto + crypto-pgp csimple csv cxf-soap-grouped diff --git a/poms/bom/pom.xml b/poms/bom/pom.xml index c37d029b41e5..eba2b6d20b6b 100644 --- a/poms/bom/pom.xml +++ b/poms/bom/pom.xml @@ -759,6 +759,12 @@ org.apache.camel camel-crypto ${camel.version} + + + * + org.bouncycastle + + org.apache.camel @@ -3628,10 +3634,32 @@ camel-quarkus-crypto ${camel-quarkus.version} + + org.apache.camel.quarkus + camel-quarkus-crypto + ${camel-quarkus.version} + bcfips + + + org.apache.camel.quarkus + camel-quarkus-crypto-deployment + ${camel-quarkus.version} + org.apache.camel.quarkus camel-quarkus-crypto-deployment ${camel-quarkus.version} + bcfips + + + org.apache.camel.quarkus + camel-quarkus-crypto-pgp + ${camel-quarkus.version} + + + org.apache.camel.quarkus + camel-quarkus-crypto-pgp-deployment + ${camel-quarkus.version} org.apache.camel.quarkus diff --git a/poms/bom/src/main/generated/flattened-full-pom.xml b/poms/bom/src/main/generated/flattened-full-pom.xml index cb546be25551..b4d8ddd47840 100644 --- a/poms/bom/src/main/generated/flattened-full-pom.xml +++ b/poms/bom/src/main/generated/flattened-full-pom.xml @@ -697,6 +697,12 @@ org.apache.camel camel-crypto 4.7.0 + + + org.bouncycastle + * + + org.apache.camel @@ -3553,10 +3559,32 @@ camel-quarkus-crypto 3.14.0-SNAPSHOT + + org.apache.camel.quarkus + camel-quarkus-crypto + 3.14.0-SNAPSHOT + bcfips + + + org.apache.camel.quarkus + camel-quarkus-crypto-deployment + 3.14.0-SNAPSHOT + org.apache.camel.quarkus camel-quarkus-crypto-deployment 3.14.0-SNAPSHOT + bcfips + + + org.apache.camel.quarkus + camel-quarkus-crypto-pgp + 3.14.0-SNAPSHOT + + + org.apache.camel.quarkus + camel-quarkus-crypto-pgp-deployment + 3.14.0-SNAPSHOT org.apache.camel.quarkus diff --git a/poms/bom/src/main/generated/flattened-reduced-pom.xml b/poms/bom/src/main/generated/flattened-reduced-pom.xml index 50a6ed60d5da..a1707f937827 100644 --- a/poms/bom/src/main/generated/flattened-reduced-pom.xml +++ b/poms/bom/src/main/generated/flattened-reduced-pom.xml @@ -697,6 +697,12 @@ org.apache.camel camel-crypto 4.7.0 + + + org.bouncycastle + * + + org.apache.camel @@ -3553,10 +3559,32 @@ camel-quarkus-crypto 3.14.0-SNAPSHOT + + org.apache.camel.quarkus + camel-quarkus-crypto + 3.14.0-SNAPSHOT + bcfips + + + org.apache.camel.quarkus + camel-quarkus-crypto-deployment + 3.14.0-SNAPSHOT + org.apache.camel.quarkus camel-quarkus-crypto-deployment 3.14.0-SNAPSHOT + bcfips + + + org.apache.camel.quarkus + camel-quarkus-crypto-pgp + 3.14.0-SNAPSHOT + + + org.apache.camel.quarkus + camel-quarkus-crypto-pgp-deployment + 3.14.0-SNAPSHOT org.apache.camel.quarkus diff --git a/poms/bom/src/main/generated/flattened-reduced-verbose-pom.xml b/poms/bom/src/main/generated/flattened-reduced-verbose-pom.xml index b8bcf888c645..6b39dbe9dc9f 100644 --- a/poms/bom/src/main/generated/flattened-reduced-verbose-pom.xml +++ b/poms/bom/src/main/generated/flattened-reduced-verbose-pom.xml @@ -697,6 +697,12 @@ org.apache.camel camel-crypto 4.7.0 + + + org.bouncycastle + * + + org.apache.camel @@ -3553,10 +3559,32 @@ camel-quarkus-crypto 3.14.0-SNAPSHOT + + org.apache.camel.quarkus + camel-quarkus-crypto + 3.14.0-SNAPSHOT + bcfips + + + org.apache.camel.quarkus + camel-quarkus-crypto-deployment + 3.14.0-SNAPSHOT + org.apache.camel.quarkus camel-quarkus-crypto-deployment 3.14.0-SNAPSHOT + bcfips + + + org.apache.camel.quarkus + camel-quarkus-crypto-pgp + 3.14.0-SNAPSHOT + + + org.apache.camel.quarkus + camel-quarkus-crypto-pgp-deployment + 3.14.0-SNAPSHOT org.apache.camel.quarkus diff --git a/tooling/scripts/test-categories.yaml b/tooling/scripts/test-categories.yaml index dc5495da39be..99a8eebcf1ee 100644 --- a/tooling/scripts/test-categories.yaml +++ b/tooling/scripts/test-categories.yaml @@ -134,6 +134,7 @@ group-07: group-08: - azure-grouped - crypto + - crypto-pgp - jq - langchain4j-chat - master