This is an automated email from the ASF dual-hosted git repository.
thenatog pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new d1145ee34e NIFI-10586 Prioritized ssh-rsa algorithm in SFTP Processors
d1145ee34e is described below
commit d1145ee34e8bbaf9b104989637421cf9c6d9a393
Author: exceptionfactory <[email protected]>
AuthorDate: Mon Oct 3 17:27:58 2022 -0500
NIFI-10586 Prioritized ssh-rsa algorithm in SFTP Processors
- The default configuration prioritizes ssh-rsa when Key Algorithms Allowed
is not specified
Signed-off-by: Nathan Gough <[email protected]>
This closes #6479.
---
.../nifi/processors/standard/ssh/StandardSSHConfigProvider.java | 6 ++++++
.../processors/standard/ssh/StandardSSHConfigProviderTest.java | 8 +++++++-
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git
a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ssh/StandardSSHConfigProvider.java
b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ssh/StandardSSHConfigProvider.java
index 7ecde5b191..567857ddda 100644
---
a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ssh/StandardSSHConfigProvider.java
+++
b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ssh/StandardSSHConfigProvider.java
@@ -67,6 +67,12 @@ public class StandardSSHConfigProvider implements
SSHConfigProvider {
getOptionalProperty(context,
KEY_EXCHANGE_ALGORITHMS_ALLOWED).ifPresent(property ->
config.setKeyExchangeFactories(getFilteredValues(property,
config.getKeyExchangeFactories())));
getOptionalProperty(context,
MESSAGE_AUTHENTICATION_CODES_ALLOWED).ifPresent(property ->
config.setMACFactories(getFilteredValues(property, config.getMACFactories())));
+ final String keyAlgorithmsAllowed =
context.getProperty(KEY_ALGORITHMS_ALLOWED).evaluateAttributeExpressions().getValue();
+ if (keyAlgorithmsAllowed == null) {
+ // Prioritize ssh-rsa when Key Algorithms Allowed is not specified
+ config.prioritizeSshRsaKeyAlgorithm();
+ }
+
return config;
}
diff --git
a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/ssh/StandardSSHConfigProviderTest.java
b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/ssh/StandardSSHConfigProviderTest.java
index 88a983c1ac..45e7b69bba 100644
---
a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/ssh/StandardSSHConfigProviderTest.java
+++
b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/ssh/StandardSSHConfigProviderTest.java
@@ -50,7 +50,7 @@ import static org.mockito.Mockito.when;
@ExtendWith(MockitoExtension.class)
public class StandardSSHConfigProviderTest {
- private static final Config DEFAULT_CONFIG = new DefaultConfig();
+ private static final Config DEFAULT_CONFIG;
private static final String FIRST_ALLOWED_CIPHER = "aes128-ctr";
@@ -66,6 +66,12 @@ public class StandardSSHConfigProviderTest {
private static final String IDENTIFIER = UUID.randomUUID().toString();
+ static {
+ final DefaultConfig prioritizedConfig = new DefaultConfig();
+ prioritizedConfig.prioritizeSshRsaKeyAlgorithm();
+ DEFAULT_CONFIG = prioritizedConfig;
+ }
+
@Mock
private PropertyContext context;
