Fixed the CryptoIT test #2673

apache · Jun 8, 2021 · ead6ab8 · ead6ab8
1 parent 3ce5294
commit ead6ab8
Show file tree

Hide file tree

Showing 7 changed files with 117 additions and 5 deletions.
diff --git a/extensions-support/bouncycastle/deployment/pom.xml b/extensions-support/bouncycastle/deployment/pom.xml
@@ -34,6 +34,10 @@
             <groupId>io.quarkus</groupId>
             <artifactId>quarkus-core-deployment</artifactId>
         </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-arc-deployment</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.apache.camel.quarkus</groupId>
             <artifactId>camel-quarkus-support-bouncycastle</artifactId>

diff --git a/...rg/apache/camel/quarkus/support/bouncycastle/deployment/BouncyCastleSupportProcessor.java b/...rg/apache/camel/quarkus/support/bouncycastle/deployment/BouncyCastleSupportProcessor.java
@@ -17,6 +17,8 @@
 package org.apache.camel.quarkus.support.bouncycastle.deployment;
 
 import java.util.Arrays;
+import java.util.List;
+import java.util.stream.Collectors;
 
 import io.quarkus.deployment.annotations.BuildProducer;
 import io.quarkus.deployment.annotations.BuildStep;
@@ -72,7 +74,11 @@ void secureRandomConfiguration(BuildProducer<RuntimeReinitializedClassBuildItem>
 
     @BuildStep
     @Record(ExecutionTime.STATIC_INIT)
-    public void registerBouncyCastleProvider(BouncyCastleRecorder recorder, ShutdownContextBuildItem shutdownContextBuildItem) {
-        recorder.registerBouncyCastleProvider(shutdownContextBuildItem);
+    public void registerBouncyCastleProvider(List<CipherTransformationBuildItem> cipherTransformations,
+            BouncyCastleRecorder recorder,
+            ShutdownContextBuildItem shutdownContextBuildItem) {
+        List<String> allCipherTransformations = cipherTransformations.stream()
+                .flatMap(c -> c.getCipherTransformations().stream()).collect(Collectors.toList());
+        recorder.registerBouncyCastleProvider(allCipherTransformations, shutdownContextBuildItem);
     }
 }
diff --git a/...g/apache/camel/quarkus/support/bouncycastle/deployment/CipherTransformationBuildItem.java b/...g/apache/camel/quarkus/support/bouncycastle/deployment/CipherTransformationBuildItem.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.quarkus.support.bouncycastle.deployment;
+
+import java.util.Collections;
+import java.util.List;
+
+import io.quarkus.builder.item.MultiBuildItem;
+
+/**
+ * A {@link MultiBuildItem} holding cipher transformations to be explicitly
+ * registered as security services. Extensions should provide all cipher transformations
+ * that are reachable at runtime. Those cipher transformations will be explicitly instantiated
+ * at bootstrap so that graal can proceed with security services automatic registration.
+ */
+public final class CipherTransformationBuildItem extends MultiBuildItem {
+
+    private final List<String> cipherTransformations;
+
+    public CipherTransformationBuildItem(List<String> cipherTransformations) {
+        this.cipherTransformations = cipherTransformations;
+    }
+
+    public List<String> getCipherTransformations() {
+        return Collections.unmodifiableList(cipherTransformations);
+    };
+
+}
diff --git a/extensions-support/bouncycastle/runtime/pom.xml b/extensions-support/bouncycastle/runtime/pom.xml
@@ -51,6 +51,10 @@
             <groupId>io.quarkus</groupId>
             <artifactId>quarkus-core</artifactId>
         </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-arc</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcprov-jdk15on</artifactId>

diff --git a/...ime/src/main/java/org/apache/camel/quarkus/support/bouncycastle/BouncyCastleRecorder.java b/...ime/src/main/java/org/apache/camel/quarkus/support/bouncycastle/BouncyCastleRecorder.java
@@ -17,21 +17,42 @@
 package org.apache.camel.quarkus.support.bouncycastle;
 
 import java.security.Security;
+import java.util.List;
+
+import javax.crypto.Cipher;
 
 import io.quarkus.runtime.ShutdownContext;
 import io.quarkus.runtime.annotations.Recorder;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.jboss.logging.Logger;
 
 @Recorder
 public class BouncyCastleRecorder {
 
-    public void registerBouncyCastleProvider(ShutdownContext shutdownContext) {
+    private static final Logger LOG = Logger.getLogger(BouncyCastleRecorder.class);
+
+    public void registerBouncyCastleProvider(List<String> cipherTransformations, ShutdownContext shutdownContext) {
+        LOG.debug("Adding Bouncy Castle security provider");
         BouncyCastleProvider provider = new BouncyCastleProvider();
         Security.addProvider(provider);
+
+        // Make it explicit to the static analysis that below security services should be registered as they are reachable at runtime
+        for (String cipherTransformation : cipherTransformations) {
+            try {
+                LOG.debugf(
+                        "Making it explicit to the static ananlysis that a Cipher with transformation %s could be used at runtime",
+                        cipherTransformation);
+                Cipher.getInstance(cipherTransformation, provider);
+            } catch (Exception e) {
+                // The cipher algorithm or padding is not present at runtime, a runtime error will be reported as usual
+            }
+        }
+
         shutdownContext.addShutdownTask(new Runnable() {
             @Override
             public void run() {
                 Security.removeProvider(provider.getName());
+                LOG.debug("Removed Bouncy Castle security provider");
             }
         });
     }

diff --git a/...t/src/main/java/org/apache/camel/quarkus/component/crypto/deployment/CryptoProcessor.java b/...t/src/main/java/org/apache/camel/quarkus/component/crypto/deployment/CryptoProcessor.java
@@ -16,12 +16,22 @@
  */
 package org.apache.camel.quarkus.component.crypto.deployment;
 
+import java.lang.reflect.Field;
+import java.util.ArrayList;
+import java.util.List;
+
 import io.quarkus.deployment.annotations.BuildStep;
 import io.quarkus.deployment.builditem.ExtensionSslNativeSupportBuildItem;
 import io.quarkus.deployment.builditem.FeatureBuildItem;
+import org.apache.camel.quarkus.support.bouncycastle.deployment.CipherTransformationBuildItem;
+import org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags;
+import org.bouncycastle.openpgp.PGPUtil;
+import org.jboss.logging.Logger;
 
 class CryptoProcessor {
 
+    private static final Logger LOG = Logger.getLogger(CryptoProcessor.class);
+
     private static final String FEATURE = "camel-crypto";
 
     @BuildStep
@@ -33,4 +43,31 @@ FeatureBuildItem feature() {
     ExtensionSslNativeSupportBuildItem activeNativeSSLSupport() {
         return new ExtensionSslNativeSupportBuildItem(FEATURE);
     }
+
+    @BuildStep
+    CipherTransformationBuildItem registerReachableCipherTransformations() {
+        List<String> cipherTransformations = new ArrayList<>();
+        for (Field field : SymmetricKeyAlgorithmTags.class.getDeclaredFields()) {
+            try {
+                String algorithmName = PGPUtil.getSymmetricCipherName(field.getInt(null));
+                if (algorithmName != null) {
+                    String format = "Adding transformation '%s' to the CipherTransformationBuildItem produced by camel-quarkus-crypto";
+
+                    // When using integrity packet, CFB mode is reachable
+                    String cfbTransformation = algorithmName + "/CFB/NoPadding";
+                    LOG.debugf(format, cfbTransformation);
+                    cipherTransformations.add(cfbTransformation);
+
+                    // When NOT using integrity packet, OpenPGPCFB mode is reachable
+                    String openPgpCfbTransformation = algorithmName + "/OpenPGPCFB/NoPadding";
+                    LOG.debugf(format, openPgpCfbTransformation);
+                    cipherTransformations.add(openPgpCfbTransformation);
+                }
+            } catch (IllegalArgumentException | IllegalAccessException e) {
+                // Ignoring inaccessible and non integer fields
+            }
+        }
+
+        return new CipherTransformationBuildItem(cipherTransformations);
+    }
 }
diff --git a/...ion-tests/crypto/src/test/java/org/apache/camel/quarkus/component/crypto/it/CryptoIT.java b/...ion-tests/crypto/src/test/java/org/apache/camel/quarkus/component/crypto/it/CryptoIT.java
@@ -17,9 +17,7 @@
 package org.apache.camel.quarkus.component.crypto.it;
 
 import io.quarkus.test.junit.NativeImageTest;
-import org.junit.jupiter.api.Disabled;
 
-@Disabled("https://github.com/apache/camel-quarkus/issues/2673")
 @NativeImageTest
 class CryptoIT extends CryptoTest {