You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mina.apache.org by lg...@apache.org on 2016/02/21 08:36:26 UTC
mina-sshd git commit: Added some more detailed log messages related
to loading keys from files
Repository: mina-sshd
Updated Branches:
refs/heads/master b0cfc334d -> 512ce3a9f
Added some more detailed log messages related to loading keys from files
Project: http://git-wip-us.apache.org/repos/asf/mina-sshd/repo
Commit: http://git-wip-us.apache.org/repos/asf/mina-sshd/commit/512ce3a9
Tree: http://git-wip-us.apache.org/repos/asf/mina-sshd/tree/512ce3a9
Diff: http://git-wip-us.apache.org/repos/asf/mina-sshd/diff/512ce3a9
Branch: refs/heads/master
Commit: 512ce3a9fce1afedd586fdad35a1cad5fecadc45
Parents: b0cfc33
Author: Lyor Goldstein <ly...@gmail.com>
Authored: Sun Feb 21 09:37:07 2016 +0200
Committer: Lyor Goldstein <ly...@gmail.com>
Committed: Sun Feb 21 09:37:07 2016 +0200
----------------------------------------------------------------------
.../config/keys/ClientIdentityFileWatcher.java | 15 ++++++-
.../AbstractResourceKeyPairProvider.java | 42 +++++++++++++++-----
.../java/org/apache/sshd/server/SshServer.java | 1 -
3 files changed, 47 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/512ce3a9/sshd-core/src/main/java/org/apache/sshd/client/config/keys/ClientIdentityFileWatcher.java
----------------------------------------------------------------------
diff --git a/sshd-core/src/main/java/org/apache/sshd/client/config/keys/ClientIdentityFileWatcher.java b/sshd-core/src/main/java/org/apache/sshd/client/config/keys/ClientIdentityFileWatcher.java
index 2923ba2..a982324 100644
--- a/sshd-core/src/main/java/org/apache/sshd/client/config/keys/ClientIdentityFileWatcher.java
+++ b/sshd-core/src/main/java/org/apache/sshd/client/config/keys/ClientIdentityFileWatcher.java
@@ -23,6 +23,7 @@ import java.io.IOException;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
+import java.security.PublicKey;
import java.util.concurrent.atomic.AtomicReference;
import org.apache.sshd.common.config.keys.FilePasswordProvider;
@@ -116,7 +117,19 @@ public class ClientIdentityFileWatcher extends ModifiableFileWatcher implements
String location = path.toString();
ClientIdentityLoader idLoader = ValidateUtils.checkNotNull(getClientIdentityLoader(), "No client identity loader");
if (idLoader.isValidLocation(location)) {
- return idLoader.loadClientIdentity(location, ValidateUtils.checkNotNull(getFilePasswordProvider(), "No file password provider"));
+ KeyPair kp = idLoader.loadClientIdentity(location, ValidateUtils.checkNotNull(getFilePasswordProvider(), "No file password provider"));
+ if (log.isTraceEnabled()) {
+ PublicKey key = (kp == null) ? null : kp.getPublic();
+ if (key != null) {
+ log.trace("reloadClientIdentity({}) loaded {}-{}",
+ location, KeyUtils.getKeyType(key), KeyUtils.getFingerPrint(key));
+
+ } else {
+ log.trace("reloadClientIdentity({}) no key loaded", location);
+ }
+ }
+
+ return kp;
}
if (log.isDebugEnabled()) {
http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/512ce3a9/sshd-core/src/main/java/org/apache/sshd/common/keyprovider/AbstractResourceKeyPairProvider.java
----------------------------------------------------------------------
diff --git a/sshd-core/src/main/java/org/apache/sshd/common/keyprovider/AbstractResourceKeyPairProvider.java b/sshd-core/src/main/java/org/apache/sshd/common/keyprovider/AbstractResourceKeyPairProvider.java
index eed682a..f028a3b 100644
--- a/sshd-core/src/main/java/org/apache/sshd/common/keyprovider/AbstractResourceKeyPairProvider.java
+++ b/sshd-core/src/main/java/org/apache/sshd/common/keyprovider/AbstractResourceKeyPairProvider.java
@@ -23,6 +23,7 @@ import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
+import java.security.PublicKey;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
@@ -33,6 +34,7 @@ import java.util.TreeMap;
import java.util.TreeSet;
import org.apache.sshd.common.config.keys.FilePasswordProvider;
+import org.apache.sshd.common.config.keys.KeyUtils;
import org.apache.sshd.common.util.GenericUtils;
import org.apache.sshd.common.util.ValidateUtils;
@@ -62,6 +64,13 @@ public abstract class AbstractResourceKeyPairProvider<R> extends AbstractKeyPair
this.passwordFinder = passwordFinder;
}
+ /**
+ * Checks which of the new resources we already loaded and can keep the
+ * associated key pair
+ *
+ * @param resources The collection of new resources - can be {@code null}/empty
+ * in which case the cache is cleared
+ */
protected void resetCacheMap(Collection<?> resources) {
// if have any cached pairs then see what we can keep from previous load
Collection<String> toDelete = Collections.emptySet();
@@ -121,16 +130,24 @@ public abstract class AbstractResourceKeyPairProvider<R> extends AbstractKeyPair
synchronized (cacheMap) {
// check if lucky enough to have already loaded this file
kp = cacheMap.get(resourceKey);
- if (kp != null) {
- return kp;
+ }
+
+ if (kp != null) {
+ if (log.isTraceEnabled()) {
+ PublicKey key = kp.getPublic();
+ log.trace("doLoadKey({}) use cached key {}-{}",
+ resourceKey, KeyUtils.getKeyType(key), KeyUtils.getFingerPrint(key));
}
+ return kp;
}
kp = doLoadKey(resourceKey, resource, getPasswordFinder());
if (kp != null) {
+ boolean reusedKey;
synchronized (cacheMap) {
- // if somebody else beat us to it, use the cached key
- if (cacheMap.containsKey(resourceKey)) {
+ // if somebody else beat us to it, use the cached key - just in case file contents changed
+ reusedKey = cacheMap.containsKey(resourceKey);
+ if (reusedKey) {
kp = cacheMap.get(resourceKey);
} else {
cacheMap.put(resourceKey, kp);
@@ -138,7 +155,14 @@ public abstract class AbstractResourceKeyPairProvider<R> extends AbstractKeyPair
}
if (log.isDebugEnabled()) {
- log.debug("doLoadKey(" + resourceKey + ") loaded " + kp.getPublic() + " / " + kp.getPrivate());
+ PublicKey key = kp.getPublic();
+ log.debug("doLoadKey({}) {} {}-{}",
+ resourceKey, reusedKey ? "re-loaded" : "loaded",
+ KeyUtils.getKeyType(key), KeyUtils.getFingerPrint(key));
+ }
+ } else {
+ if (log.isDebugEnabled()) {
+ log.debug("doLoadKey({}) no key loaded", resourceKey);
}
}
@@ -155,12 +179,12 @@ public abstract class AbstractResourceKeyPairProvider<R> extends AbstractKeyPair
protected abstract KeyPair doLoadKey(String resourceKey, InputStream inputStream, FilePasswordProvider provider) throws IOException, GeneralSecurityException;
- private class KeyPairIterator implements Iterator<KeyPair> {
+ protected class KeyPairIterator implements Iterator<KeyPair> {
private final Iterator<? extends R> iterator;
private KeyPair nextKeyPair;
private boolean nextKeyPairSet;
- KeyPairIterator(Collection<? extends R> resources) {
+ protected KeyPairIterator(Collection<? extends R> resources) {
iterator = resources.iterator();
}
@@ -191,9 +215,9 @@ public abstract class AbstractResourceKeyPairProvider<R> extends AbstractKeyPair
R r = iterator.next();
try {
nextKeyPair = doLoadKey(r);
- } catch (Exception e) {
+ } catch (Throwable e) {
log.warn("Failed (" + e.getClass().getSimpleName() + ")"
- + " to load key resource=" + r + ": " + e.getMessage());
+ + " to load key resource=" + r + ": " + e.getMessage());
if (log.isDebugEnabled()) {
log.debug("Key resource=" + r + " load failure details", e);
}
http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/512ce3a9/sshd-core/src/main/java/org/apache/sshd/server/SshServer.java
----------------------------------------------------------------------
diff --git a/sshd-core/src/main/java/org/apache/sshd/server/SshServer.java b/sshd-core/src/main/java/org/apache/sshd/server/SshServer.java
index 71b1a0a..3a3c99d 100644
--- a/sshd-core/src/main/java/org/apache/sshd/server/SshServer.java
+++ b/sshd-core/src/main/java/org/apache/sshd/server/SshServer.java
@@ -516,5 +516,4 @@ public class SshServer extends AbstractFactoryManager implements ServerFactoryMa
Thread.sleep(Long.MAX_VALUE);
}
-
}