Add pwdf retry logic to OpenSSHKeyV1KeyFile (#587)

* Add pwdf retry logic to OpenSSHKeyV1KeyFile While PKCS8KeyFile uses PasswordFinder's shouldRetry to determine whether it should call reqPassword again if decryption of they key file fails, OpenSSHKeyV1KeyFile simply gives up and throws an exception. With this commit, retry logic similar to that of PKCS8KeyFile is added to OpenSSHKeyV1KeyFile. The PasswordFinder's reqPassword is called again if the validation of the "checkint" fails, which indicates an incorrect passphrase. * Use new exception to signal incorrect passphrase * Throw common exception on key decryption failure * Add test coverage for retry logic Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
2025-12-09 00:18:39 +03:00 · 2020-05-28 09:25:52 +02:00
parent fa7c40cc66
commit dfdc464e08
4 changed files with 88 additions and 9 deletions
--- a/src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS8KeyFile.java
+++ b/src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS8KeyFile.java
@@ -15,6 +15,7 @@
 */
 package net.schmizz.sshj.userauth.keyprovider;

+import com.hierynomus.sshj.common.KeyDecryptionFailedException;
 import net.schmizz.sshj.common.IOUtils;
 import net.schmizz.sshj.common.SecurityUtils;
 import net.schmizz.sshj.userauth.password.PasswordUtils;
@@ -85,7 +86,7 @@ public class PKCS8KeyFile extends BaseFileKeyProvider {
                if (pwdf != null && pwdf.shouldRetry(resource))
                    continue;
                else
-                    throw e;
+                    throw new KeyDecryptionFailedException(e);
            } finally {
                IOUtils.closeQuietly(r);
            }