You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by jb...@apache.org on 2022/12/18 15:11:36 UTC
[karaf] branch main updated: [KARAF-7609] Upgrade to sshd 2.9.2
This is an automated email from the ASF dual-hosted git repository.
jbonofre pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/karaf.git
The following commit(s) were added to refs/heads/main by this push:
new fa68888968 [KARAF-7609] Upgrade to sshd 2.9.2
new d50f204bfc Merge pull request #1694 from jbonofre/KARAF-7609
fa68888968 is described below
commit fa688889683ce91dd0e39bcc6ac7e4f92f23f016
Author: Jean-Baptiste Onofré <jb...@apache.org>
AuthorDate: Mon Nov 28 20:56:39 2022 +0100
[KARAF-7609] Upgrade to sshd 2.9.2
---
pom.xml | 2 +-
.../ssh/keygenerator/OpenSSHKeyPairProvider.java | 38 +++++-----------------
.../OpenSSHGeneratorKeyFileProviderTest.java | 31 ------------------
3 files changed, 10 insertions(+), 61 deletions(-)
diff --git a/pom.xml b/pom.xml
index 40f2beee5c..bde3fa30ce 100644
--- a/pom.xml
+++ b/pom.xml
@@ -345,7 +345,7 @@
<spring.security57.version>5.7.3_1</spring.security57.version>
<sling.commons.johnzon.version>1.2.14</sling.commons.johnzon.version>
- <sshd.version>2.9.1</sshd.version>
+ <sshd.version>2.9.2</sshd.version>
<struts.bundle.version>1.3.10_1</struts.bundle.version>
<xbean.version>4.22</xbean.version>
<javax.mail.version>1.4.7</javax.mail.version>
diff --git a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/keygenerator/OpenSSHKeyPairProvider.java b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/keygenerator/OpenSSHKeyPairProvider.java
index 38f7836992..62aff80852 100644
--- a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/keygenerator/OpenSSHKeyPairProvider.java
+++ b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/keygenerator/OpenSSHKeyPairProvider.java
@@ -40,10 +40,13 @@ import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.HashSet;
+import java.util.Iterator;
import java.util.Set;
import org.apache.sshd.common.keyprovider.AbstractKeyPairProvider;
+import org.apache.sshd.common.keyprovider.KeyPairProvider;
import org.apache.sshd.common.session.SessionContext;
+import org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -107,12 +110,12 @@ public class OpenSSHKeyPairProvider extends AbstractKeyPairProvider {
private KeyPair convertLegacyKey(Path privateKeyPath) throws GeneralSecurityException, IOException {
KeyPair keypair = null;
- try (ObjectInputStream r = new KeyPairObjectInputStream(Files.newInputStream(privateKeyPath))) {
- keypair = (KeyPair)r.readObject();
- }
- catch (ClassNotFoundException e) {
- throw new InvalidKeySpecException("Missing classes: " + e.getMessage(), e);
- }
+ SimpleGeneratorHostKeyProvider provider = new SimpleGeneratorHostKeyProvider();
+ provider.setAlgorithm(algorithm);
+ provider.setOverwriteAllowed(true);
+ provider.setPath(privateKeyPath);
+ provider.setKeySize(keySize);
+ keypair = provider.loadKeys(null).iterator().next();
new PemWriter(privateKeyPath, publicKeyPath).writeKeyPair(algorithm, keypair);
return keypair;
}
@@ -160,27 +163,4 @@ public class OpenSSHKeyPairProvider extends AbstractKeyPairProvider {
}
}
- /**
- * Check the first Object that is resolved is a KeyPair instance
- */
- private static class KeyPairObjectInputStream extends ObjectInputStream {
-
- private boolean valid;
-
- public KeyPairObjectInputStream(InputStream is) throws IOException {
- super(is);
- }
-
- @Override
- protected Class<?> resolveClass(ObjectStreamClass desc) throws IOException, ClassNotFoundException {
- if (!valid) {
- if (!desc.getName().equals(KeyPair.class.getName())) {
- throw new InvalidClassException("Unauthorized deserialization attempt", desc.getName());
- }
- valid = true;
- }
- return super.resolveClass(desc);
- }
- }
-
}
diff --git a/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/keygenerator/OpenSSHGeneratorKeyFileProviderTest.java b/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/keygenerator/OpenSSHGeneratorKeyFileProviderTest.java
index a08f6ab66e..311bf92971 100644
--- a/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/keygenerator/OpenSSHGeneratorKeyFileProviderTest.java
+++ b/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/keygenerator/OpenSSHGeneratorKeyFileProviderTest.java
@@ -102,35 +102,4 @@ public class OpenSSHGeneratorKeyFileProviderTest {
Assert.assertTrue("Loaded key is not EC Key", keys.getPublic() instanceof ECPublicKey);
}
- @Test
- public void loadEncryptedPrivateKey() throws Exception {
- Path privateKeyPath = Paths.get(this.getClass().getResource("../rsa.pem").toURI());
-
- // First we try to load without specifying a password...
- OpenSSHKeyPairProvider prov =
- new OpenSSHKeyPairProvider(privateKeyPath, null, KeyUtils.RSA_ALGORITHM, 1024, null);
- try {
- prov.loadKeys(null);
- fail("Failure expected on a decryption failure");
- } catch (Exception ex) {
- // expected
- }
-
- // Now we provide the wrong password
- prov = new OpenSSHKeyPairProvider(privateKeyPath, null, KeyUtils.RSA_ALGORITHM, 1024, "password");
- try {
- prov.loadKeys(null);
- fail("Failure expected on a decryption failure");
- } catch (Exception ex) {
- // expected
- }
-
- // Now it should work
- prov = new OpenSSHKeyPairProvider(privateKeyPath, null, KeyUtils.RSA_ALGORITHM, 1024, "security");
- KeyPair keys = prov.loadKeys(null).iterator().next();
- Assert.assertNotNull(keys);
- Assert.assertTrue("Loaded key is not RSA Key", keys.getPrivate() instanceof RSAPrivateCrtKey);
- Assert.assertTrue("Loaded key is not RSA Key", keys.getPublic() instanceof RSAPublicKey);
- }
-
}