You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by th...@apache.org on 2022/10/06 18:33:28 UTC
[nifi] branch main updated: NIFI-10586 Prioritized ssh-rsa algorithm in SFTP Processors
This is an automated email from the ASF dual-hosted git repository.
thenatog pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new d1145ee34e NIFI-10586 Prioritized ssh-rsa algorithm in SFTP Processors
d1145ee34e is described below
commit d1145ee34e8bbaf9b104989637421cf9c6d9a393
Author: exceptionfactory <ex...@apache.org>
AuthorDate: Mon Oct 3 17:27:58 2022 -0500
NIFI-10586 Prioritized ssh-rsa algorithm in SFTP Processors
- The default configuration prioritizes ssh-rsa when Key Algorithms Allowed is not specified
Signed-off-by: Nathan Gough <th...@gmail.com>
This closes #6479.
---
.../nifi/processors/standard/ssh/StandardSSHConfigProvider.java | 6 ++++++
.../processors/standard/ssh/StandardSSHConfigProviderTest.java | 8 +++++++-
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ssh/StandardSSHConfigProvider.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ssh/StandardSSHConfigProvider.java
index 7ecde5b191..567857ddda 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ssh/StandardSSHConfigProvider.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ssh/StandardSSHConfigProvider.java
@@ -67,6 +67,12 @@ public class StandardSSHConfigProvider implements SSHConfigProvider {
getOptionalProperty(context, KEY_EXCHANGE_ALGORITHMS_ALLOWED).ifPresent(property -> config.setKeyExchangeFactories(getFilteredValues(property, config.getKeyExchangeFactories())));
getOptionalProperty(context, MESSAGE_AUTHENTICATION_CODES_ALLOWED).ifPresent(property -> config.setMACFactories(getFilteredValues(property, config.getMACFactories())));
+ final String keyAlgorithmsAllowed = context.getProperty(KEY_ALGORITHMS_ALLOWED).evaluateAttributeExpressions().getValue();
+ if (keyAlgorithmsAllowed == null) {
+ // Prioritize ssh-rsa when Key Algorithms Allowed is not specified
+ config.prioritizeSshRsaKeyAlgorithm();
+ }
+
return config;
}
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/ssh/StandardSSHConfigProviderTest.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/ssh/StandardSSHConfigProviderTest.java
index 88a983c1ac..45e7b69bba 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/ssh/StandardSSHConfigProviderTest.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/ssh/StandardSSHConfigProviderTest.java
@@ -50,7 +50,7 @@ import static org.mockito.Mockito.when;
@ExtendWith(MockitoExtension.class)
public class StandardSSHConfigProviderTest {
- private static final Config DEFAULT_CONFIG = new DefaultConfig();
+ private static final Config DEFAULT_CONFIG;
private static final String FIRST_ALLOWED_CIPHER = "aes128-ctr";
@@ -66,6 +66,12 @@ public class StandardSSHConfigProviderTest {
private static final String IDENTIFIER = UUID.randomUUID().toString();
+ static {
+ final DefaultConfig prioritizedConfig = new DefaultConfig();
+ prioritizedConfig.prioritizeSshRsaKeyAlgorithm();
+ DEFAULT_CONFIG = prioritizedConfig;
+ }
+
@Mock
private PropertyContext context;