You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "hubick (via GitHub)" <gi...@apache.org> on 2023/06/14 04:29:09 UTC
[GitHub] [mina-sshd] hubick commented on issue #391: Allow KnownHostsServerKeyVerifier to read from a resource URL
hubick commented on issue #391:
URL: https://github.com/apache/mina-sshd/issues/391#issuecomment-1590448048
```
/**
* Extend KnownHostsServerKeyVerifier to handle the known_hosts file existing as
* a resource within a jar file.
*/
protected static class StaticKnownHostsKeyVerifier extends KnownHostsServerKeyVerifier
{
protected final List<KnownHostsServerKeyVerifier.HostEntryPair> knownHosts;
public StaticKnownHostsKeyVerifier(final ServerKeyVerifier delegate, final URL knownHostsURL)
throws IOException, URISyntaxException
{
super(delegate, getWatchedPath(knownHostsURL));
knownHosts = getPath().endsWith(".jar") ? readKnownHosts(knownHostsURL) : Collections.emptyList();
return;
}
/**
* If known_hosts is inside a jar file, Paths.get() will throw a
* java.nio.file.FileSystemNotFoundException if fed the resource URI directly,
* but we need to give the parent class some Path to watch, so in that case,
* this method will just return the Path to the jar file itself.
*/
protected static final Path getWatchedPath(final URL knownHostsURL) throws URISyntaxException
{
/*
* In a URL to a jar resource, everything up to the '!' is the path to the jar
* itself, and everything after the '!' is the path *within* the jar to the
* resource (known_hosts) file.
*/
if (knownHostsURL.getPath().indexOf('!') >= 0)
{
final String uri = knownHostsURL.toURI().toString();
return Paths.get(uri.substring(0, uri.indexOf('!')));
}
return Paths.get(knownHostsURL.toURI()); // URL isn't inside a jar, so just return the actual path.
}
protected static final List<KnownHostsServerKeyVerifier.HostEntryPair> readKnownHosts(final URL knownHostsURL)
throws IOException
{
return KnownHostEntry.readKnownHostEntries(knownHostsURL)
.stream()
.map(knownHost -> {
try
{
return new KnownHostsServerKeyVerifier.HostEntryPair(knownHost,
knownHost.getKeyEntry().resolvePublicKey(null, null));
} catch (Exception e)
{
return null;
}
})
.filter(Objects::nonNull)
.collect(Collectors.toList());
}
@Override
public boolean checkReloadRequired() throws IOException
{
if (getPath().endsWith(".jar"))
return false;
return super.checkReloadRequired();
}
protected List<KnownHostsServerKeyVerifier.HostEntryPair> reloadKnownHosts(final ClientSession session,
final Path file)
throws IOException, GeneralSecurityException
{
if (getPath().endsWith(".jar"))
return knownHosts;
return super.reloadKnownHosts(session, file);
}
} // StaticKnownHostsKeyVerifier
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@mina.apache.org
For additional commands, e-mail: dev-help@mina.apache.org