You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mina.apache.org by gn...@apache.org on 2017/08/02 12:57:32 UTC

mina-sshd git commit: [SSHD-760] Unable to read PKCS8 key files

Repository: mina-sshd
Updated Branches:
  refs/heads/master 76988ba83 -> 072215ea8


[SSHD-760] Unable to read PKCS8 key files

Project: http://git-wip-us.apache.org/repos/asf/mina-sshd/repo
Commit: http://git-wip-us.apache.org/repos/asf/mina-sshd/commit/072215ea
Tree: http://git-wip-us.apache.org/repos/asf/mina-sshd/tree/072215ea
Diff: http://git-wip-us.apache.org/repos/asf/mina-sshd/diff/072215ea

Branch: refs/heads/master
Commit: 072215ea8981ccb66723a2a876633d96190adf8d
Parents: 76988ba
Author: Guillaume Nodet <gn...@apache.org>
Authored: Wed Aug 2 14:57:16 2017 +0200
Committer: Guillaume Nodet <gn...@apache.org>
Committed: Wed Aug 2 14:57:23 2017 +0200

----------------------------------------------------------------------
 pom.xml                                         |  5 ++
 sshd-core/pom.xml                               |  5 ++
 .../pem/PKCS8PEMResourceKeyPairParser.java      |  6 +--
 .../pem/PemKeyPairResourceParserTest.java       | 57 ++++++++++++++++++++
 4 files changed, 70 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/072215ea/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index ad4f298..296914d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -385,6 +385,11 @@
                 <artifactId>org.eclipse.jgit.pgm</artifactId>
                 <version>${jgit.version}</version>
             </dependency>
+            <dependency>
+                <groupId>org.apache.servicemix.bundles</groupId>
+                <artifactId>org.apache.servicemix.bundles.not-yet-commons-ssl</artifactId>
+                <version>0.3.11_1</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>
 

http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/072215ea/sshd-core/pom.xml
----------------------------------------------------------------------
diff --git a/sshd-core/pom.xml b/sshd-core/pom.xml
index 8174dd0..a27b588 100644
--- a/sshd-core/pom.xml
+++ b/sshd-core/pom.xml
@@ -117,6 +117,11 @@
             <artifactId>ganymed-ssh2</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.apache.servicemix.bundles</groupId>
+            <artifactId>org.apache.servicemix.bundles.not-yet-commons-ssl</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>

http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/072215ea/sshd-core/src/main/java/org/apache/sshd/common/config/keys/loader/pem/PKCS8PEMResourceKeyPairParser.java
----------------------------------------------------------------------
diff --git a/sshd-core/src/main/java/org/apache/sshd/common/config/keys/loader/pem/PKCS8PEMResourceKeyPairParser.java b/sshd-core/src/main/java/org/apache/sshd/common/config/keys/loader/pem/PKCS8PEMResourceKeyPairParser.java
index a8b3075..cc28967 100644
--- a/sshd-core/src/main/java/org/apache/sshd/common/config/keys/loader/pem/PKCS8PEMResourceKeyPairParser.java
+++ b/sshd-core/src/main/java/org/apache/sshd/common/config/keys/loader/pem/PKCS8PEMResourceKeyPairParser.java
@@ -70,7 +70,7 @@ public class PKCS8PEMResourceKeyPairParser extends AbstractPEMResourceKeyPairPar
                     throws IOException, GeneralSecurityException {
         // Save the data before getting the algorithm OID since we will need it
         byte[] encBytes = IoUtils.toByteArray(stream);
-        List<Integer> oidAlgorithm = getPKCS8AlgorithmIdentifier(stream, false);
+        List<Integer> oidAlgorithm = getPKCS8AlgorithmIdentifier(encBytes);
         PrivateKey prvKey = decodePEMPrivateKeyPKCS8(oidAlgorithm, encBytes, passwordProvider);
         PublicKey pubKey = ValidateUtils.checkNotNull(KeyUtils.recoverPublicKey(prvKey),
                 "Failed to recover public key of OID=%s", oidAlgorithm);
@@ -101,8 +101,8 @@ public class PKCS8PEMResourceKeyPairParser extends AbstractPEMResourceKeyPairPar
         return factory.generatePrivate(keySpec);
     }
 
-    public static List<Integer> getPKCS8AlgorithmIdentifier(InputStream input, boolean okToClose) throws IOException {
-        try (DERParser parser = new DERParser(NoCloseInputStream.resolveInputStream(input, okToClose))) {
+    public static List<Integer> getPKCS8AlgorithmIdentifier(byte[] input) throws IOException {
+        try (DERParser parser = new DERParser(input)) {
             return getPKCS8AlgorithmIdentifier(parser);
         }
     }

http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/072215ea/sshd-core/src/test/java/org/apache/sshd/common/config/keys/loader/pem/PemKeyPairResourceParserTest.java
----------------------------------------------------------------------
diff --git a/sshd-core/src/test/java/org/apache/sshd/common/config/keys/loader/pem/PemKeyPairResourceParserTest.java b/sshd-core/src/test/java/org/apache/sshd/common/config/keys/loader/pem/PemKeyPairResourceParserTest.java
new file mode 100644
index 0000000..3cf60e0
--- /dev/null
+++ b/sshd-core/src/test/java/org/apache/sshd/common/config/keys/loader/pem/PemKeyPairResourceParserTest.java
@@ -0,0 +1,57 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sshd.common.config.keys.loader.pem;
+
+import org.apache.commons.ssl.PEMItem;
+import org.apache.commons.ssl.PEMUtil;
+import org.apache.sshd.common.util.security.SecurityUtils;
+import org.junit.Test;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.util.ArrayList;
+import java.util.Collection;
+
+import static org.junit.Assert.assertEquals;
+
+public class PemKeyPairResourceParserTest {
+
+    @Test
+    public void testPkcs8() throws Exception {
+        String algorithm = "RSA";
+        int keySize = 512;
+        KeyPairGenerator generator = SecurityUtils.getKeyPairGenerator(algorithm);
+        generator.initialize(keySize);
+        KeyPair kp = generator.generateKeyPair();
+
+        ByteArrayOutputStream os = new ByteArrayOutputStream();
+        Collection<Object> items = new ArrayList<>();
+        items.add(new PEMItem(kp.getPrivate().getEncoded(), "PRIVATE KEY"));
+        byte[] bytes = PEMUtil.encode(items);
+        os.write(bytes);
+        os.close();
+
+        KeyPair kp2 = SecurityUtils.loadKeyPairIdentity("the-key", new ByteArrayInputStream(os.toByteArray()), null);
+
+        assertEquals(kp.getPublic(), kp2.getPublic());
+        assertEquals(kp.getPrivate(), kp2.getPrivate());
+    }
+}