Fail gracefully when reading an OpenSSH Known Hosts file that uses key types requiring BouncyCastle, but we're not including BouncyCastle.

2025-12-06 15:20:54 +03:00 · 2016-09-09 14:39:21 -05:00
parent 613ace1864
commit 68b924863e
3 changed files with 22 additions and 18 deletions
--- a/src/main/java/net/schmizz/sshj/common/Buffer.java
+++ b/src/main/java/net/schmizz/sshj/common/Buffer.java
@@ -426,8 +426,18 @@ public class Buffer<T extends Buffer<T>> {
    public PublicKey readPublicKey()
            throws BufferException {
        try {
-            final String type = readString();
-            return KeyType.fromString(type).readPubKeyFromBuffer(type, this);
+            final KeyType type = KeyType.fromString(readString());
+            switch(type) {
+              case RSA:
+              case DSA:
+                return type.readPubKeyFromBuffer(this);
+              default:
+                if (SecurityUtils.isBouncyCastleRegistered()) {
+                    return type.readPubKeyFromBuffer(this);
+                } else {
+                    throw new BufferException("BouncyCastle is required to read a key of type " + type);
+                }
+            }
        } catch (GeneralSecurityException e) {
            throw new SSHRuntimeException(e);
        }
--- a/src/main/java/net/schmizz/sshj/common/KeyType.java
+++ b/src/main/java/net/schmizz/sshj/common/KeyType.java
@@ -46,7 +46,7 @@ public enum KeyType {
    /** SSH identifier for RSA keys */
    RSA("ssh-rsa") {
        @Override
-        public PublicKey readPubKeyFromBuffer(String type, Buffer<?> buf)
+        public PublicKey readPubKeyFromBuffer(Buffer<?> buf)
                throws GeneralSecurityException {
            final BigInteger e, n;
            try {
@@ -77,7 +77,7 @@ public enum KeyType {
    /** SSH identifier for DSA keys */
    DSA("ssh-dss") {
        @Override
-        public PublicKey readPubKeyFromBuffer(String type, Buffer<?> buf)
+        public PublicKey readPubKeyFromBuffer(Buffer<?> buf)
                throws GeneralSecurityException {
            BigInteger p, q, g, y;
            try {
@@ -114,7 +114,7 @@ public enum KeyType {
        private final Logger log = LoggerFactory.getLogger(getClass());

        @Override
-        public PublicKey readPubKeyFromBuffer(String type, Buffer<?> buf)
+        public PublicKey readPubKeyFromBuffer(Buffer<?> buf)
                throws GeneralSecurityException {
            try {
                // final String algo = buf.readString();  it has been already read
@@ -127,7 +127,7 @@ public enum KeyType {
                buf.readRawBytes(y);
                if(log.isDebugEnabled()) {
                    log.debug(String.format("Key algo: %s, Key curve: %s, Key Len: %s, 0x04: %s\nx: %s\ny: %s",
-                            type,
+                            sType,
                            curveName,
                            keyLen,
                            x04,
@@ -176,14 +176,14 @@ public enum KeyType {
    ED25519("ssh-ed25519") {
        private final Logger log = LoggerFactory.getLogger(KeyType.class);
        @Override
-        public PublicKey readPubKeyFromBuffer(String type, Buffer<?> buf) throws GeneralSecurityException {
+        public PublicKey readPubKeyFromBuffer(Buffer<?> buf) throws GeneralSecurityException {
            try {
                final int keyLen = buf.readUInt32AsInt();
                final byte[] p = new byte[keyLen];
                buf.readRawBytes(p);
                if (log.isDebugEnabled()) {
                    log.debug(String.format("Key algo: %s, Key curve: 25519, Key Len: %s\np: %s",
-                            type,
+                            sType,
                            keyLen,
                            Arrays.toString(p))
                    );
@@ -213,9 +213,9 @@ public enum KeyType {
    /** Unrecognized */
    UNKNOWN("unknown") {
        @Override
-        public PublicKey readPubKeyFromBuffer(String type, Buffer<?> buf)
+        public PublicKey readPubKeyFromBuffer(Buffer<?> buf)
                throws GeneralSecurityException {
-            throw new UnsupportedOperationException("Don't know how to decode key:" + type);
+            throw new UnsupportedOperationException("Don't know how to decode key:" + sType);
        }

        @Override
@@ -238,7 +238,7 @@ public enum KeyType {
        this.sType = type;
    }

-    public abstract PublicKey readPubKeyFromBuffer(String type, Buffer<?> buf)
+    public abstract PublicKey readPubKeyFromBuffer(Buffer<?> buf)
            throws GeneralSecurityException;

    public abstract void putPubKeyIntoBuffer(PublicKey pk, Buffer<?> buf);
@@ -263,5 +263,4 @@ public enum KeyType {
    public String toString() {
        return sType;
    }
-
 }
--- a/src/main/java/net/schmizz/sshj/transport/verification/OpenSSHKnownHosts.java
+++ b/src/main/java/net/schmizz/sshj/transport/verification/OpenSSHKnownHosts.java
@@ -207,7 +207,7 @@ public class OpenSSHKnownHosts

            if (type != KeyType.UNKNOWN) {
                final String sKey = split[i++];
-                key = getKey(sKey);
+                key = new Buffer.PlainBuffer(Base64.decode(sKey)).readPublicKey();
            } else if (isBits(sType)) {
                type = KeyType.RSA;
                // int bits = Integer.valueOf(sType);
@@ -232,11 +232,6 @@ public class OpenSSHKnownHosts
            }
        }

-        private PublicKey getKey(String sKey)
-                throws IOException {
-            return new Buffer.PlainBuffer(Base64.decode(sKey)).readPublicKey();
-        }
-
        private boolean isBits(String type) {
            try {
                Integer.parseInt(type);