[nifi] branch main updated: NIFI-10586 Prioritized ssh-rsa algorithm in SFTP Processors

[th...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

thenatog pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git


The following commit(s) were added to refs/heads/main by this push:
     new d1145ee34e NIFI-10586 Prioritized ssh-rsa algorithm in SFTP Processors
d1145ee34e is described below

commit d1145ee34e8bbaf9b104989637421cf9c6d9a393
Author: exceptionfactory <ex...@apache.org>
AuthorDate: Mon Oct 3 17:27:58 2022 -0500

    NIFI-10586 Prioritized ssh-rsa algorithm in SFTP Processors
    
    - The default configuration prioritizes ssh-rsa when Key Algorithms Allowed is not specified
    
    Signed-off-by: Nathan Gough <th...@gmail.com>
    
    This closes #6479.
---
 .../nifi/processors/standard/ssh/StandardSSHConfigProvider.java   | 6 ++++++
 .../processors/standard/ssh/StandardSSHConfigProviderTest.java    | 8 +++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ssh/StandardSSHConfigProvider.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ssh/StandardSSHConfigProvider.java
index 7ecde5b191..567857ddda 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ssh/StandardSSHConfigProvider.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ssh/StandardSSHConfigProvider.java
@@ -67,6 +67,12 @@ public class StandardSSHConfigProvider implements SSHConfigProvider {
         getOptionalProperty(context, KEY_EXCHANGE_ALGORITHMS_ALLOWED).ifPresent(property -> config.setKeyExchangeFactories(getFilteredValues(property, config.getKeyExchangeFactories())));
         getOptionalProperty(context, MESSAGE_AUTHENTICATION_CODES_ALLOWED).ifPresent(property -> config.setMACFactories(getFilteredValues(property, config.getMACFactories())));
 
+        final String keyAlgorithmsAllowed = context.getProperty(KEY_ALGORITHMS_ALLOWED).evaluateAttributeExpressions().getValue();
+        if (keyAlgorithmsAllowed == null) {
+            // Prioritize ssh-rsa when Key Algorithms Allowed is not specified
+            config.prioritizeSshRsaKeyAlgorithm();
+        }
+
         return config;
     }
 
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/ssh/StandardSSHConfigProviderTest.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/ssh/StandardSSHConfigProviderTest.java
index 88a983c1ac..45e7b69bba 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/ssh/StandardSSHConfigProviderTest.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/ssh/StandardSSHConfigProviderTest.java
@@ -50,7 +50,7 @@ import static org.mockito.Mockito.when;
 
 @ExtendWith(MockitoExtension.class)
 public class StandardSSHConfigProviderTest {
-    private static final Config DEFAULT_CONFIG = new DefaultConfig();
+    private static final Config DEFAULT_CONFIG;
 
     private static final String FIRST_ALLOWED_CIPHER = "aes128-ctr";
 
@@ -66,6 +66,12 @@ public class StandardSSHConfigProviderTest {
 
     private static final String IDENTIFIER = UUID.randomUUID().toString();
 
+    static {
+        final DefaultConfig prioritizedConfig = new DefaultConfig();
+        prioritizedConfig.prioritizeSshRsaKeyAlgorithm();
+        DEFAULT_CONFIG = prioritizedConfig;
+    }
+
     @Mock
     private PropertyContext context;