This is an automated email from the ASF dual-hosted git repository. jbonofre pushed a commit to branch karaf-4.3.x in repository https://gitbox.apache.org/repos/asf/karaf.git
The following commit(s) were added to refs/heads/karaf-4.3.x by this push: new 8b60ac92eb [KARAF-7609] Upgrade to sshd 2.9.2 8b60ac92eb is described below commit 8b60ac92eb330bf374f4f2ea684177b3e576a726 Author: Jean-Baptiste Onofré <jbono...@apache.org> AuthorDate: Mon Nov 28 20:56:39 2022 +0100 [KARAF-7609] Upgrade to sshd 2.9.2 (cherry picked from commit fa688889683ce91dd0e39bcc6ac7e4f92f23f016) --- pom.xml | 2 +- .../ssh/keygenerator/OpenSSHKeyPairProvider.java | 38 +++++----------------- .../OpenSSHGeneratorKeyFileProviderTest.java | 31 ------------------ 3 files changed, 10 insertions(+), 61 deletions(-) diff --git a/pom.xml b/pom.xml index 2d212a11a8..eaef20aa66 100644 --- a/pom.xml +++ b/pom.xml @@ -333,7 +333,7 @@ <spring.security57.version>5.7.3_1</spring.security57.version> <sling.commons.johnzon.version>1.2.14</sling.commons.johnzon.version> - <sshd.version>2.9.1</sshd.version> + <sshd.version>2.9.2</sshd.version> <struts.bundle.version>1.3.10_1</struts.bundle.version> <xbean.version>4.22</xbean.version> <javax.mail.version>1.4.7</javax.mail.version> diff --git a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/keygenerator/OpenSSHKeyPairProvider.java b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/keygenerator/OpenSSHKeyPairProvider.java index 38f7836992..62aff80852 100644 --- a/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/keygenerator/OpenSSHKeyPairProvider.java +++ b/shell/ssh/src/main/java/org/apache/karaf/shell/ssh/keygenerator/OpenSSHKeyPairProvider.java @@ -40,10 +40,13 @@ import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; import java.util.Base64; import java.util.HashSet; +import java.util.Iterator; import java.util.Set; import org.apache.sshd.common.keyprovider.AbstractKeyPairProvider; +import org.apache.sshd.common.keyprovider.KeyPairProvider; import org.apache.sshd.common.session.SessionContext; +import org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -107,12 +110,12 @@ public class OpenSSHKeyPairProvider extends AbstractKeyPairProvider { private KeyPair convertLegacyKey(Path privateKeyPath) throws GeneralSecurityException, IOException { KeyPair keypair = null; - try (ObjectInputStream r = new KeyPairObjectInputStream(Files.newInputStream(privateKeyPath))) { - keypair = (KeyPair)r.readObject(); - } - catch (ClassNotFoundException e) { - throw new InvalidKeySpecException("Missing classes: " + e.getMessage(), e); - } + SimpleGeneratorHostKeyProvider provider = new SimpleGeneratorHostKeyProvider(); + provider.setAlgorithm(algorithm); + provider.setOverwriteAllowed(true); + provider.setPath(privateKeyPath); + provider.setKeySize(keySize); + keypair = provider.loadKeys(null).iterator().next(); new PemWriter(privateKeyPath, publicKeyPath).writeKeyPair(algorithm, keypair); return keypair; } @@ -160,27 +163,4 @@ public class OpenSSHKeyPairProvider extends AbstractKeyPairProvider { } } - /** - * Check the first Object that is resolved is a KeyPair instance - */ - private static class KeyPairObjectInputStream extends ObjectInputStream { - - private boolean valid; - - public KeyPairObjectInputStream(InputStream is) throws IOException { - super(is); - } - - @Override - protected Class<?> resolveClass(ObjectStreamClass desc) throws IOException, ClassNotFoundException { - if (!valid) { - if (!desc.getName().equals(KeyPair.class.getName())) { - throw new InvalidClassException("Unauthorized deserialization attempt", desc.getName()); - } - valid = true; - } - return super.resolveClass(desc); - } - } - } diff --git a/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/keygenerator/OpenSSHGeneratorKeyFileProviderTest.java b/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/keygenerator/OpenSSHGeneratorKeyFileProviderTest.java index a08f6ab66e..311bf92971 100644 --- a/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/keygenerator/OpenSSHGeneratorKeyFileProviderTest.java +++ b/shell/ssh/src/test/java/org/apache/karaf/shell/ssh/keygenerator/OpenSSHGeneratorKeyFileProviderTest.java @@ -102,35 +102,4 @@ public class OpenSSHGeneratorKeyFileProviderTest { Assert.assertTrue("Loaded key is not EC Key", keys.getPublic() instanceof ECPublicKey); } - @Test - public void loadEncryptedPrivateKey() throws Exception { - Path privateKeyPath = Paths.get(this.getClass().getResource("../rsa.pem").toURI()); - - // First we try to load without specifying a password... - OpenSSHKeyPairProvider prov = - new OpenSSHKeyPairProvider(privateKeyPath, null, KeyUtils.RSA_ALGORITHM, 1024, null); - try { - prov.loadKeys(null); - fail("Failure expected on a decryption failure"); - } catch (Exception ex) { - // expected - } - - // Now we provide the wrong password - prov = new OpenSSHKeyPairProvider(privateKeyPath, null, KeyUtils.RSA_ALGORITHM, 1024, "password"); - try { - prov.loadKeys(null); - fail("Failure expected on a decryption failure"); - } catch (Exception ex) { - // expected - } - - // Now it should work - prov = new OpenSSHKeyPairProvider(privateKeyPath, null, KeyUtils.RSA_ALGORITHM, 1024, "security"); - KeyPair keys = prov.loadKeys(null).iterator().next(); - Assert.assertNotNull(keys); - Assert.assertTrue("Loaded key is not RSA Key", keys.getPrivate() instanceof RSAPrivateCrtKey); - Assert.assertTrue("Loaded key is not RSA Key", keys.getPublic() instanceof RSAPublicKey); - } - }