embulk-input-ftp 0.1.5 → 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,276 +0,0 @@
1
- package org.embulk.input.ftp;
2
-
3
- import java.util.List;
4
- import java.util.ArrayList;
5
- import java.io.File;
6
- import java.io.FileInputStream;
7
- import java.io.Reader;
8
- import java.io.IOException;
9
- import java.net.Socket;
10
- import java.net.InetAddress;
11
- import java.net.UnknownHostException;
12
- import java.security.KeyStore;
13
- import java.security.SecureRandom;
14
- import java.security.KeyStoreException;
15
- import java.security.KeyManagementException;
16
- import java.security.NoSuchAlgorithmException;
17
- import java.security.InvalidAlgorithmParameterException;
18
- import java.security.cert.Certificate;
19
- import java.security.cert.TrustAnchor;
20
- import java.security.cert.PKIXParameters;
21
- import java.security.cert.X509Certificate;
22
- import java.security.cert.CertificateException;
23
- import java.security.cert.CertificateParsingException;
24
- import javax.net.ssl.SSLContext;
25
- import javax.net.ssl.SSLSession;
26
- import javax.net.ssl.SSLParameters;
27
- import javax.net.ssl.TrustManager;
28
- import javax.net.ssl.KeyManager;
29
- import javax.net.ssl.X509TrustManager;
30
- import javax.net.ssl.TrustManagerFactory;
31
- import javax.net.ssl.SSLSocket;
32
- import javax.net.ssl.SSLSocketFactory;
33
- import javax.net.ssl.HostnameVerifier;
34
- import org.bouncycastle.openssl.PEMParser;
35
- import org.bouncycastle.openssl.PEMException;
36
- import org.bouncycastle.cert.X509CertificateHolder;
37
- import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
38
- import sun.security.ssl.SSLSocketImpl;
39
-
40
- public class TrustManagers
41
- {
42
- public static KeyStore readDefaultJavaKeyStore()
43
- throws IOException, KeyStoreException, CertificateException
44
- {
45
- String path = (System.getProperty("java.home") + "/lib/security/cacerts").replace('/', File.separatorChar);
46
- try {
47
- KeyStore keyStore = KeyStore.getInstance("JKS");
48
- try (FileInputStream in = new FileInputStream(path)) {
49
- keyStore.load(in, null); // password=null because cacerts file is not encrypted
50
- }
51
- return keyStore;
52
- } catch (NoSuchAlgorithmException ex) {
53
- throw new RuntimeException(ex); // TODO assertion exception?
54
- }
55
- }
56
-
57
- public static List<X509Certificate> readDefaultJavaTrustedCertificates()
58
- throws IOException, CertificateException, KeyStoreException, InvalidAlgorithmParameterException
59
- {
60
- KeyStore keyStore = readDefaultJavaKeyStore();
61
- PKIXParameters params = new PKIXParameters(keyStore);
62
- List<X509Certificate> certs = new ArrayList<>();
63
- for (TrustAnchor trustAnchor : params.getTrustAnchors() ) {
64
- certs.add(trustAnchor.getTrustedCert());
65
- }
66
- return certs;
67
- }
68
-
69
- public static List<X509Certificate> readPemEncodedX509Certificates(Reader reader)
70
- throws IOException, CertificateException
71
- {
72
- // this method abuses CertificateParsingException because its javadoc says
73
- // CertificateParsingException is only for DER-encoded formats.
74
-
75
- JcaX509CertificateConverter conv = new JcaX509CertificateConverter();
76
- List<X509Certificate> certs = new ArrayList<>();
77
-
78
- try {
79
- PEMParser pemParser = new PEMParser(reader);
80
- // PEMParser#close is unnecessary because it just closes underlying reader
81
-
82
- while (true) {
83
- Object pem = pemParser.readObject();
84
-
85
- if (pem == null) {
86
- break;
87
- }
88
-
89
- if (pem instanceof X509CertificateHolder) {
90
- X509Certificate cert = conv.getCertificate((X509CertificateHolder) pem);
91
- certs.add(cert);
92
- }
93
- }
94
-
95
- } catch (PEMException ex) {
96
- // throw when parsing PemObject to Object fails
97
- throw new CertificateParsingException(ex);
98
-
99
- } catch (IOException ex) {
100
- if (ex.getClass().equals(IOException.class)) {
101
- String message = ex.getMessage();
102
- if (message.startsWith("unrecognised object: ")) {
103
- // thrown at org.bouncycastle.openssl.PemParser.readObject when key type (header of a pem) is
104
- // unknown.
105
- throw new CertificateParsingException(ex);
106
- } else if (message.startsWith("-----END ") && message.endsWith(" not found")) {
107
- // thrown at org.bouncycastle.util.io.pem.PemReader.loadObject when a pem file format is invalid
108
- throw new CertificateParsingException(ex);
109
- }
110
- } else {
111
- throw ex;
112
- }
113
- }
114
-
115
- return certs;
116
- }
117
-
118
- public static KeyStore buildKeyStoreFromTrustedCertificates(List<X509Certificate> certificates)
119
- throws KeyStoreException
120
- {
121
- KeyStore keyStore = KeyStore.getInstance("JKS");
122
- try {
123
- keyStore.load(null);
124
- } catch (IOException | CertificateException | NoSuchAlgorithmException ex) {
125
- throw new RuntimeException(ex);
126
- }
127
- int i = 0;
128
- for (X509Certificate cert : certificates) {
129
- keyStore.setCertificateEntry("cert_" + i, cert);
130
- i++;
131
- }
132
- return keyStore;
133
- }
134
-
135
- public static X509TrustManager[] newTrustManager(List<X509Certificate> trustedCertificates)
136
- throws KeyStoreException
137
- {
138
- try {
139
- TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
140
- KeyStore keyStore = buildKeyStoreFromTrustedCertificates(trustedCertificates);
141
- factory.init(keyStore);
142
- List<X509TrustManager> tms = new ArrayList<>();
143
- for (TrustManager tm : factory.getTrustManagers()) {
144
- if (tm instanceof X509TrustManager) {
145
- tms.add((X509TrustManager) tm);
146
- }
147
- }
148
- return tms.toArray(new X509TrustManager[tms.size()]);
149
- } catch (NoSuchAlgorithmException ex) {
150
- throw new RuntimeException(ex); // TODO assertion exception?
151
- }
152
- }
153
-
154
- public static X509TrustManager[] newDefaultJavaTrustManager()
155
- throws IOException, CertificateException, KeyStoreException, InvalidAlgorithmParameterException
156
- {
157
- return newTrustManager(readDefaultJavaTrustedCertificates());
158
- }
159
-
160
- public static SSLContext newSSLContext(KeyManager[] keyManager, X509TrustManager[] trustManager)
161
- throws KeyManagementException
162
- {
163
- try {
164
- SSLContext context = SSLContext.getInstance("TLS");
165
- context.init(
166
- keyManager,
167
- trustManager,
168
- new SecureRandom());
169
- return context;
170
-
171
- } catch (NoSuchAlgorithmException ex) {
172
- throw new RuntimeException(ex);
173
- }
174
- }
175
-
176
- public static SSLSocketFactory newSSLSocketFactory(KeyManager[] keyManager, X509TrustManager[] trustManager, String verifyHostname)
177
- throws KeyManagementException
178
- {
179
- SSLContext context = newSSLContext(keyManager, trustManager);
180
- SSLSocketFactory factory = context.getSocketFactory();
181
- if (verifyHostname == null) {
182
- return factory;
183
- } else {
184
- return new VerifyHostNameSSLSocketFactory(factory, verifyHostname);
185
- }
186
- }
187
-
188
- private static class VerifyHostNameSSLSocketFactory
189
- extends SSLSocketFactory
190
- {
191
- private final SSLSocketFactory next;
192
- private final String hostname;
193
-
194
- public VerifyHostNameSSLSocketFactory(SSLSocketFactory next, String hostname)
195
- {
196
- this.next = next;
197
- this.hostname = hostname;
198
- }
199
-
200
- @Override
201
- public String[] getDefaultCipherSuites()
202
- {
203
- return next.getDefaultCipherSuites();
204
- }
205
-
206
- @Override
207
- public String[] getSupportedCipherSuites()
208
- {
209
- return next.getSupportedCipherSuites();
210
- }
211
-
212
- @Override
213
- public Socket createSocket(Socket s, String host, int port, boolean autoClose)
214
- throws IOException
215
- {
216
- Socket sock = next.createSocket(s, host, port, autoClose);
217
- setSSLParameters(sock, false);
218
- return sock;
219
- }
220
-
221
- @Override
222
- public Socket createSocket(String host, int port)
223
- throws IOException, UnknownHostException
224
- {
225
- Socket sock = next.createSocket(host, port);
226
- setSSLParameters(sock, false);
227
- return sock;
228
- }
229
-
230
- @Override
231
- public Socket createSocket(String host, int port, InetAddress localHost, int localPort)
232
- throws IOException, UnknownHostException
233
- {
234
- Socket sock = next.createSocket(host, port, localHost, localPort);
235
- setSSLParameters(sock, false);
236
- return sock;
237
- }
238
-
239
- @Override
240
- public Socket createSocket(InetAddress host, int port)
241
- throws IOException
242
- {
243
- Socket sock = next.createSocket(host, port);
244
- setSSLParameters(sock, true);
245
- return sock;
246
- }
247
-
248
- @Override
249
- public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort)
250
- throws IOException
251
- {
252
- Socket sock = next.createSocket(address, port, localAddress, localPort);
253
- setSSLParameters(sock, true);
254
- return sock;
255
- }
256
-
257
- private void setSSLParameters(Socket sock, boolean setHostname)
258
- {
259
- if (sock instanceof SSLSocket) {
260
- SSLSocket s = (SSLSocket) sock;
261
- String identAlgorithm = s.getSSLParameters().getEndpointIdentificationAlgorithm();
262
- if (identAlgorithm != null && identAlgorithm.equalsIgnoreCase("HTTPS")) {
263
- // hostname verification is already configured.
264
- } else {
265
- if (setHostname && s instanceof SSLSocketImpl) {
266
- ((SSLSocketImpl) s).setHost(hostname);
267
- }
268
- SSLParameters params = s.getSSLParameters();
269
- params.setEndpointIdentificationAlgorithm("HTTPS");
270
- s.setSSLParameters(params);
271
- // s.startHandshake
272
- }
273
- }
274
- }
275
- }
276
- }