lgoldstein commented on a change in pull request #119: Add support for openssh host key certificates URL: https://github.com/apache/mina-sshd/pull/119#discussion_r410049274
########## File path: sshd-core/src/main/java/org/apache/sshd/server/session/AbstractServerSession.java ########## @@ -367,9 +382,26 @@ protected String resolveAvailableSignaturesProposal(FactoryManager proposedManag KeyPairProvider kpp = getKeyPairProvider(); boolean debugEnabled = log.isDebugEnabled(); - Iterable<String> provided; + Set<String> provided = null; try { - provided = (kpp == null) ? null : kpp.getKeyTypes(this); + if (kpp != null) { + provided = StreamSupport.stream(kpp.getKeyTypes(this).spliterator(), false) + .collect(Collectors.toSet()); + + HostKeyCertificateProvider hostKeyCertificateProvider = getHostKeyCertificateProvider(); + if (hostKeyCertificateProvider != null) { + Iterable<OpenSshCertificate> certificates = hostKeyCertificateProvider.loadCertificates(this); + for (OpenSshCertificate certificate : certificates) { + // Add the certificate alg only if the corresponding keyPair type is available + if (provided.contains(certificate.getRawKeyType())) { + provided.add(certificate.getKeyType()); + } else { Review comment: I have reviewed the code and reached the conclusion that you are right - "laziness" is not an issue in this case ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org