Fix RSA certificate key determination. (#602)

* Fix RSA certificate key determination. Fixes #599. * Correct serialization of RSA certificates with unlimited dates. * The test for connecting with RSA certificate. * Remove redundant change in TransportImpl.java * Add forgotten test keys. * Make net.schmizz.sshj.common.KeyType.CertUtils.epochFromDate readable. Co-authored-by: Vladimir Lagunov <vladimir.lagunov@jetbrains.com> Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
2025-12-08 00:00:54 +03:00 · 2020-07-31 14:43:11 +07:00
parent 6becee176a
commit 0e0d730bbf
12 changed files with 226 additions and 12 deletions
--- a/src/main/java/net/schmizz/sshj/common/Buffer.java
+++ b/src/main/java/net/schmizz/sshj/common/Buffer.java
@@ -58,7 +58,7 @@ public class Buffer<T extends Buffer<T>> {
    public static final int MAX_SIZE = (1 << 30); 

    /** Maximum size of a uint64 */
-    private static final BigInteger MAX_UINT64_VALUE = BigInteger.ONE
+    public static final BigInteger MAX_UINT64_VALUE = BigInteger.ONE
                                                            .shiftLeft(64)
                                                            .subtract(BigInteger.ONE);

--- a/src/main/java/net/schmizz/sshj/common/KeyType.java
+++ b/src/main/java/net/schmizz/sshj/common/KeyType.java
@@ -220,6 +220,11 @@ public enum KeyType {
        protected boolean isMyType(Key key) {
            return CertUtils.isCertificateOfType(key, RSA);
        }
+
+        @Override
+        public KeyType getParent() {
+            return RSA;
+        }
    },

    /** Signed dsa certificate */
@@ -239,6 +244,11 @@ public enum KeyType {
        protected boolean isMyType(Key key) {
            return CertUtils.isCertificateOfType(key, DSA);
        }
+
+        @Override
+        public KeyType getParent() {
+            return KeyType.DSA;
+        }
    },

    /** Unrecognized */
@@ -283,10 +293,24 @@ public enum KeyType {
    protected abstract boolean isMyType(Key key);

    public static KeyType fromKey(Key key) {
+        KeyType result = UNKNOWN;
        for (KeyType kt : values())
-            if (kt.isMyType((key)))
-                return kt;
-        return UNKNOWN;
+            if (kt.isMyType((key)) && (result == UNKNOWN || kt.isSubType(result)))
+                result = kt;
+        return result;
+    }
+
+    private boolean isSubType(KeyType keyType) {
+        for (KeyType node = this; node != null; node = node.getParent()) {
+            if (keyType == node) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    public KeyType getParent() {
+        return null;
    }

    public static KeyType fromString(String sType) {
@@ -372,8 +396,18 @@ public enum KeyType {
            }
        }

-        private static long epochFromDate(Date date) {
-            return date.getTime() / 1000;
+        private static BigInteger epochFromDate(Date date) {
+            long time = date.getTime() / 1000;
+            if (time >= Long.MAX_VALUE / 1000) {
+                // Dealing with the signed longs in Java. Since the protocol requires a unix timestamp in milliseconds,
+                // and since Java can store numbers not bigger than 2^63-1 as `long`, we can't distinguish dates
+                // after `new Date(Long.MAX_VALUE / 1000)`. It's unlikely that someone uses certificate valid until
+                // the 10 January of 294247 year. Supposing that such dates are unlimited.
+                // OpenSSH expects to see 0xFF_FF_FF_FF_FF_FF_FF_FF in such cases.
+                return Buffer.MAX_UINT64_VALUE;
+            } else {
+                return BigInteger.valueOf(time);
+            }
        }

        private static String unpackString(byte[] packedString) throws BufferException {