[jira] [Commented] (SSHD-660) Add support for authentication using signed client/server keys
[ https://issues.apache.org/jira/browse/SSHD-660?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17083517#comment-17083517 ] Lyor Goldstein commented on SSHD-660: - I reviewed it and had some comments - seems like solid work in general, but it lacks unit tests and most important - a real live server that we can test this code... I am not keen on adding code that I have no way to test it - not only via jUnit but also with real servers. > Add support for authentication using signed client/server keys > -- > > Key: SSHD-660 > URL: https://issues.apache.org/jira/browse/SSHD-660 > Project: MINA SSHD > Issue Type: Improvement >Reporter: Lyor Goldstein >Priority: Minor > > Similar to _HostCertificate_ and _TrustedUserCAKeys_ configuration values - > see https://ef.gy/hardening-ssh -- This message was sent by Atlassian Jira (v8.3.4#803005) - To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org
[GitHub] [mina-sshd] lgoldstein commented on a change in pull request #119: Add support for openssh host key certificates
lgoldstein commented on a change in pull request #119: Add support for openssh
host key certificates
URL: https://github.com/apache/mina-sshd/pull/119#discussion_r408351310
##
File path: sshd-core/src/main/java/org/apache/sshd/client/kex/DHGClient.java
##
@@ -124,10 +129,67 @@ public boolean next(int cmd, Buffer buffer) throws
Exception {
buffer = new ByteArrayBuffer(k_s);
serverKey = buffer.getRawPublicKey();
-String keyAlg = KeyUtils.getKeyType(serverKey);
+PublicKey serverPublicHostKey = serverKey;
+
+OpenSshCertificate openSshKey = null;
+if (serverKey instanceof OpenSshCertificate) {
+openSshKey = (OpenSshCertificate) serverKey;
+serverPublicHostKey = openSshKey.getServerHostKey();
+
+// verify signature
+PublicKey signatureKey = openSshKey.getCaPubKey();
+String keyAlg = KeyUtils.getKeyType(signatureKey);
+Signature verif = ValidateUtils.checkNotNull(
+NamedFactory.create(session.getSignatureFactories(),
keyAlg),
+"No verifier located for algorithm=%s", keyAlg);
+verif.initVerifier(session, signatureKey);
+verif.update(session, openSshKey.getMessage());
+if (!verif.verify(session, openSshKey.getSignature())) {
+throw new
SshException(SshConstants.SSH2_DISCONNECT_KEY_EXCHANGE_FAILED,
+"KeyExchange CA signature verification failed for key
type=" + keyAlg);
+}
+
+if (openSshKey.getType() != OpenSshCertificate.SSH_CERT_TYPE_HOST)
{
+throw new
SshException(SshConstants.SSH2_DISCONNECT_KEY_EXCHANGE_FAILED,
+"KeyExchange signature verification failed, not a host
key (2): "
++ openSshKey.getType());
+}
+
+long now = System.currentTimeMillis() / 1000;
+if (now <= openSshKey.getValidAfter() || now >=
openSshKey.getValidBefore()) {
+throw new
SshException(SshConstants.SSH2_DISCONNECT_KEY_EXCHANGE_FAILED,
+"KeyExchange signature verification failed, CA
expired: "
++ openSshKey.getValidAfter() + "-" +
openSshKey.getValidBefore());
+}
+
+SocketAddress connectSocketAddress =
getClientSession().getConnectAddress();
+if (connectSocketAddress instanceof SshdSocketAddress) {
+connectSocketAddress = ((SshdSocketAddress)
connectSocketAddress).toInetSocketAddress();
+}
+if (connectSocketAddress instanceof InetSocketAddress) {
+String hostName = ((InetSocketAddress)
connectSocketAddress).getHostString();
+if (!openSshKey.getPrincipals().contains(hostName)) {
+throw new
SshException(SshConstants.SSH2_DISCONNECT_KEY_EXCHANGE_FAILED,
+"KeyExchange signature verification failed,
invalid principal: "
++ openSshKey.getPrincipals());
+}
+} else {
+throw new
SshException(SshConstants.SSH2_DISCONNECT_KEY_EXCHANGE_FAILED,
+"KeyExchange signature verification failed, could not
determine connect host.");
+}
+
+if (!openSshKey.getCriticalOptions().isEmpty()) {
Review comment:
Please use `GenericUtils.isEmpty(...getCriticalOptions())` since it is
null-safe
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[GitHub] [mina-sshd] lgoldstein commented on a change in pull request #119: Add support for openssh host key certificates
lgoldstein commented on a change in pull request #119: Add support for openssh
host key certificates
URL: https://github.com/apache/mina-sshd/pull/119#discussion_r408348176
##
File path:
sshd-common/src/main/java/org/apache/sshd/common/config/keys/impl/OpenSSHCertificateDecoder.java
##
@@ -0,0 +1,108 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.sshd.common.config.keys.impl;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.security.GeneralSecurityException;
+import java.security.KeyFactory;
+import java.security.KeyPairGenerator;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.Map;
+import java.util.Objects;
+
+import org.apache.sshd.common.config.keys.KeyEntryResolver;
+import org.apache.sshd.common.config.keys.OpenSshCertificate;
+import org.apache.sshd.common.keyprovider.KeyPairProvider;
+import org.apache.sshd.common.session.SessionContext;
+import org.apache.sshd.common.util.buffer.ByteArrayBuffer;
+import org.apache.sshd.common.util.buffer.keys.OpenSSHCertPublicKeyParser;
+import org.apache.sshd.common.util.io.IoUtils;
+
+/**
+ * @author mailto:dev@mina.apache.org";>Apache MINA SSHD Project
+ */
+public class OpenSSHCertificateDecoder extends
AbstractPublicKeyEntryDecoder {
+public static final OpenSSHCertificateDecoder INSTANCE = new
OpenSSHCertificateDecoder();
+
+public OpenSSHCertificateDecoder() {
+super(OpenSshCertificate.class, OpenSshCertificate.class,
+Collections.unmodifiableList(Arrays.asList(
+KeyPairProvider.SSH_RSA_CERT,
+KeyPairProvider.SSH_DSS_CERT,
+KeyPairProvider.SSH_ED25519_CERT,
+KeyPairProvider.SSH_ECDSA_SHA2_NISTP256_CERT,
+KeyPairProvider.SSH_ECDSA_SHA2_NISTP384_CERT,
+KeyPairProvider.SSH_ECDSA_SHA2_NISTP521_CERT
+)));
+}
+
+@Override
+public OpenSshCertificate decodePublicKey(
+SessionContext session, String keyType, InputStream keyData,
Map headers)
+throws IOException, GeneralSecurityException {
+
+byte[] bytes = IoUtils.toByteArray(keyData);
+
+ByteArrayBuffer buffer = new ByteArrayBuffer(bytes);
+
+OpenSshCertificate cert = (OpenSshCertificate)
OpenSSHCertPublicKeyParser.INSTANCE.getRawPublicKey(keyType, buffer);
+
+if (cert.getType() != OpenSshCertificate.SSH_CERT_TYPE_HOST) {
+throw new GeneralSecurityException("The provided certificate is
not a Host certificate.");
+}
+
+cert.setRawData(bytes); // bytes includes the signature
+
+return cert;
+}
+
+@Override
+public String encodePublicKey(OutputStream s, OpenSshCertificate key)
throws IOException {
+Objects.requireNonNull(key, "No public key provided");
+
+String keyType = key.getKeyType();
+KeyEntryResolver.encodeString(s, keyType);
+s.write(key.getRawData());
+return keyType;
+}
+
+@Override
+public OpenSshCertificate clonePublicKey(OpenSshCertificate key) throws
GeneralSecurityException {
Review comment:
I am not comfortable with so many unimplemented methods...
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[GitHub] [mina-sshd] lgoldstein commented on a change in pull request #119: Add support for openssh host key certificates
lgoldstein commented on a change in pull request #119: Add support for openssh
host key certificates
URL: https://github.com/apache/mina-sshd/pull/119#discussion_r408350789
##
File path: sshd-core/src/main/java/org/apache/sshd/client/kex/DHGClient.java
##
@@ -124,10 +129,67 @@ public boolean next(int cmd, Buffer buffer) throws
Exception {
buffer = new ByteArrayBuffer(k_s);
serverKey = buffer.getRawPublicKey();
-String keyAlg = KeyUtils.getKeyType(serverKey);
+PublicKey serverPublicHostKey = serverKey;
+
+OpenSshCertificate openSshKey = null;
+if (serverKey instanceof OpenSshCertificate) {
+openSshKey = (OpenSshCertificate) serverKey;
+serverPublicHostKey = openSshKey.getServerHostKey();
+
+// verify signature
+PublicKey signatureKey = openSshKey.getCaPubKey();
+String keyAlg = KeyUtils.getKeyType(signatureKey);
+Signature verif = ValidateUtils.checkNotNull(
+NamedFactory.create(session.getSignatureFactories(),
keyAlg),
+"No verifier located for algorithm=%s", keyAlg);
+verif.initVerifier(session, signatureKey);
+verif.update(session, openSshKey.getMessage());
+if (!verif.verify(session, openSshKey.getSignature())) {
+throw new
SshException(SshConstants.SSH2_DISCONNECT_KEY_EXCHANGE_FAILED,
Review comment:
Let's try and find a way to move this large block of code to some method,,,
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[GitHub] [mina-sshd] lgoldstein commented on a change in pull request #119: Add support for openssh host key certificates
lgoldstein commented on a change in pull request #119: Add support for openssh
host key certificates
URL: https://github.com/apache/mina-sshd/pull/119#discussion_r408350307
##
File path: sshd-core/src/main/java/org/apache/sshd/client/kex/DHGClient.java
##
@@ -124,10 +129,67 @@ public boolean next(int cmd, Buffer buffer) throws
Exception {
buffer = new ByteArrayBuffer(k_s);
serverKey = buffer.getRawPublicKey();
-String keyAlg = KeyUtils.getKeyType(serverKey);
+PublicKey serverPublicHostKey = serverKey;
+
+OpenSshCertificate openSshKey = null;
Review comment:
Why is it defined outside the `if` block ? I don't see it being used outside
it...
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[GitHub] [mina-sshd] lgoldstein commented on a change in pull request #119: Add support for openssh host key certificates
lgoldstein commented on a change in pull request #119: Add support for openssh
host key certificates
URL: https://github.com/apache/mina-sshd/pull/119#discussion_r408341522
##
File path:
sshd-common/src/main/java/org/apache/sshd/common/config/keys/OpenSshCertificate.java
##
@@ -0,0 +1,262 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sshd.common.config.keys;
+
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.util.List;
+
+public final class OpenSshCertificate implements PublicKey, PrivateKey {
Review comment:
We try to make our code as open as possible - so
* as few `final` classes as possible
* fields should be `protected` - unless there is a getter/setter
* constructors should be `public`
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[GitHub] [mina-sshd] lgoldstein commented on a change in pull request #119: Add support for openssh host key certificates
lgoldstein commented on a change in pull request #119: Add support for openssh
host key certificates
URL: https://github.com/apache/mina-sshd/pull/119#discussion_r408343089
##
File path:
sshd-common/src/main/java/org/apache/sshd/common/config/keys/OpenSshCertificate.java
##
@@ -0,0 +1,262 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sshd.common.config.keys;
+
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.util.List;
+
+public final class OpenSshCertificate implements PublicKey, PrivateKey {
+public static final int SSH_CERT_TYPE_USER = 1;
+public static final int SSH_CERT_TYPE_HOST = 2;
+
+private static final long serialVersionUID = -3592634724148744943L;
+
+private String keyType;
+private byte[] nonce;
+private PublicKey serverHostKey;
+private long serial;
+private int type;
+private String id;
+private List principals;
+private long validAfter;
+private long validBefore;
+private List criticalOptions;
+private List extensions;
+private String reserved;
+private PublicKey caPubKey;
+private byte[] message;
+private byte[] signature;
+
+private byte[] rawData;
+
+private OpenSshCertificate() {
+}
+
+public static String getRawKeyType(String keyType) {
+return keyType.split("@")[0].substring(0, keyType.indexOf("-cert"));
+}
+
+public String getRawKeyType() {
+return getRawKeyType(keyType);
+}
+
+public byte[] getNonce() {
+return nonce;
+}
+
+public String getKeyType() {
+return keyType;
+}
+
+public PublicKey getServerHostKey() {
+return serverHostKey;
+}
+
+public long getSerial() {
+return serial;
+}
+
+public int getType() {
+return type;
+}
+
+public String getId() {
+return id;
+}
+
+public List getPrincipals() {
+return principals;
+}
+
+public long getValidAfter() {
+return validAfter;
+}
+
+public long getValidBefore() {
+return validBefore;
+}
+
+public List getCriticalOptions() {
+return criticalOptions;
+}
+
+public List getExtensions() {
+return extensions;
+}
+
+public String getReserved() {
+return reserved;
+}
+
+public PublicKey getCaPubKey() {
+return caPubKey;
+}
+
+public byte[] getMessage() {
+return message;
+}
+
+public byte[] getSignature() {
+return signature;
+}
+
+public void setRawData(byte[] rawData) {
+this.rawData = rawData;
+}
+
+public byte[] getRawData() {
+return rawData;
+}
+
+@Override
+public String getAlgorithm() {
+return null;
+}
+
+@Override
+public String getFormat() {
+return null;
+}
+
+@Override
+public byte[] getEncoded() {
+return new byte[0];
+}
+
+public static final class OpenSshPublicKeyBuilder {
+private String keyType;
+private byte[] nonce;
+private PublicKey serverHostKey;
+private long serial;
+private int type;
+private String id;
+private List principals;
+private long validAfter;
+private long validBefore;
+private List criticalOptions;
+private List extensions;
+private String reserved;
+private PublicKey caPubKey;
+private byte[] message;
+private byte[] signature;
+
+private OpenSshPublicKeyBuilder() {
+}
+
+public static OpenSshPublicKeyBuilder anOpenSshCertificate() {
+return new OpenSshPublicKeyBuilder();
+}
+
+public OpenSshPublicKeyBuilder withKeyType(String keyType) {
+this.keyType = keyType;
+return this;
+}
+
+public OpenSshPublicKeyBuilder withNonce(byte[] nonce) {
+this.nonce = nonce;
+return this;
+}
+
+public OpenSshPublicKeyBuilder withServerHostPublicKey(PublicKey
serverHostKey) {
+this.serverHostKey = serverHostKey;
+return this;
+}
+
+public OpenSshPublic
[GitHub] [mina-sshd] lgoldstein commented on a change in pull request #119: Add support for openssh host key certificates
lgoldstein commented on a change in pull request #119: Add support for openssh
host key certificates
URL: https://github.com/apache/mina-sshd/pull/119#discussion_r408343763
##
File path:
sshd-common/src/main/java/org/apache/sshd/common/keyprovider/FileHostKeyCertificateProvider.java
##
@@ -0,0 +1,110 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sshd.common.keyprovider;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.nio.file.Path;
+import java.security.GeneralSecurityException;
+import java.security.PublicKey;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.List;
+import java.util.Objects;
+import java.util.stream.StreamSupport;
+
+import org.apache.sshd.common.config.keys.OpenSshCertificate;
+import org.apache.sshd.common.config.keys.PublicKeyEntry;
+import org.apache.sshd.common.session.SessionContext;
+import org.apache.sshd.common.util.io.IoUtils;
+import org.apache.sshd.common.util.logging.AbstractLoggingBean;
+
+public class FileHostKeyCertificateProvider extends AbstractLoggingBean
implements HostKeyCertificateProvider {
+private Collection files;
+
+public FileHostKeyCertificateProvider() {
+super();
+}
+
+public FileHostKeyCertificateProvider(Path path) {
+this(Collections.singletonList(Objects.requireNonNull(path, "No path
provided")));
+}
+
+public FileHostKeyCertificateProvider(Path... files) {
+this(Arrays.asList(files));
Review comment:
Should use `ValidateUtils.notEmpty(files)`
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[GitHub] [mina-sshd] lgoldstein commented on a change in pull request #119: Add support for openssh host key certificates
lgoldstein commented on a change in pull request #119: Add support for openssh
host key certificates
URL: https://github.com/apache/mina-sshd/pull/119#discussion_r408344301
##
File path:
sshd-common/src/main/java/org/apache/sshd/common/keyprovider/FileHostKeyCertificateProvider.java
##
@@ -0,0 +1,110 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sshd.common.keyprovider;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.nio.file.Path;
+import java.security.GeneralSecurityException;
+import java.security.PublicKey;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.List;
+import java.util.Objects;
+import java.util.stream.StreamSupport;
+
+import org.apache.sshd.common.config.keys.OpenSshCertificate;
+import org.apache.sshd.common.config.keys.PublicKeyEntry;
+import org.apache.sshd.common.session.SessionContext;
+import org.apache.sshd.common.util.io.IoUtils;
+import org.apache.sshd.common.util.logging.AbstractLoggingBean;
+
+public class FileHostKeyCertificateProvider extends AbstractLoggingBean
implements HostKeyCertificateProvider {
+private Collection files;
+
+public FileHostKeyCertificateProvider() {
+super();
+}
+
+public FileHostKeyCertificateProvider(Path path) {
+this(Collections.singletonList(Objects.requireNonNull(path, "No path
provided")));
+}
+
+public FileHostKeyCertificateProvider(Path... files) {
+this(Arrays.asList(files));
+}
+
+public FileHostKeyCertificateProvider(Collection files) {
+this.files = files;
+}
+
+public Collection getPaths() {
+return files;
+}
+
+@Override
+public Iterable loadCertificates(SessionContext
session) throws IOException, GeneralSecurityException {
+
+List certificates = new ArrayList<>();
+for (Path file : files) {
+List lines = IoUtils.readAllLines(new
FileInputStream(file.toFile()));
+for (String line : lines) {
+PublicKeyEntry publicKeyEntry =
PublicKeyEntry.parsePublicKeyEntry(line);
+
+PublicKey publicKey = publicKeyEntry.resolvePublicKey(session,
null, null);
+
+certificates.add((OpenSshCertificate) publicKey);
+}
+}
+
+return certificates;
+}
+
+@Override
+public OpenSshCertificate loadCertificate(SessionContext session, String
keyType) throws IOException, GeneralSecurityException {
+return StreamSupport.stream(loadCertificates(session).spliterator(),
false)
+.filter(pubKey -> pubKey.getKeyType().equals(keyType))
+.findFirst().orElse(null);
+}
+
+//public void setPaths(Collection paths) {
Review comment:
So much code not used should not be commented - please remove it
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[GitHub] [mina-sshd] lgoldstein commented on a change in pull request #119: Add support for openssh host key certificates
lgoldstein commented on a change in pull request #119: Add support for openssh
host key certificates
URL: https://github.com/apache/mina-sshd/pull/119#discussion_r408345027
##
File path:
sshd-common/src/main/java/org/apache/sshd/common/keyprovider/KeyPairProvider.java
##
@@ -83,8 +93,8 @@ public KeyPair loadKey(SessionContext session, String type) {
}
@Override
-public Iterable getKeyTypes(SessionContext session) {
-return Collections.emptyList();
+public Set getKeyTypes(SessionContext session) {
Review comment:
Why change this ? I see no reason... - please revert the change or provide
compelling reason as to why this is 100% necessary. Please note that some code
may rely on `Iterable`...
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
