- Bouncy Castle provides Ed25519 support using standard Java Security classes
- Removed net.i2p.crypto:eddsa:0.3.0 dependency
- Removed Ed25519PublicKey extension of EdDSAPublicKey class from eddsa library
- Added Ed25519KeyFactory for generating Java PublicKey and PrivateKey objects from raw encoded key byte arrays
- Refactored key parsing to use Ed25519KeyFactory
- Refactored SignatureEdDSA to use Java Signature class with Ed25519
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
* Upgraded Gradle to 8.12.1 and other dependencies
- Upgraded Bouncy Castle from 1.78.1 to 1.80
- Upgraded Apache SSHD from 2.12.1 to 2.14.0
- Upgraded SLF4J from 2.0.13 to 2.0.16
- Upgraded Logback from 1.3.14 to 1.3.15
- Upgraded Testcontainers from 1.19.8 to 1.20.4
* Upgraded github-info plugin from 1.5.0 to 2.0.0
* Upgraded Gradle Wrapper scripts for 8.12.1
---------
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
- Upgraded Bouncy Castle from 1.78 to 1.78.1
- Upgraded SLF4J from 2.0.7 to 2.0.13
- Upgraded SSHD from 2.10.0 to 2.12.1
- Upgraded Logback from 1.3.8 to 1.3.14
- Upgraded Testcontainers from 1.18.3 to 1.19.8
- Upgraded setup-java action to version 4
- Upgraded checkout action to version 4
Bouncy Caste version before 1.78 have
CVE-2024-29857 - Importing an EC certificate with specially crafted F2m parameters can cause high CPU usage during parameter evaluation.
Is sshj impacted by this vulnerability?
- Upgraded Bouncy Castle from 1.70 to 1.75
- Upgraded SLF4J from 1.7.36 to 2.0.7
- Upgraded Logback from 1.2.11 to 1.3.8
- Upgraded Apache MINA SSHD from 2.8.0 to 2.10.0
- Upgraded Grizzly HTTP Server from 2.4.4 to 3.0.1
- Upgraded Testcontainers from 1.16.2 to 1.18.3
- Refactored references and removed HttpClient dependency
- Upgraded GitHub Actions setup-java from 1 to 3
- Updated GitHub Actions to use Temurin JDK 11
- Added OpenSSL upgrade to RSA Key Tests
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
* Added SFTP file transfer resume support on both PUT and GET. Internally SFTPFileTransfer has a few sanity checks to fall back to full replacement even if the resume flag is set.
SCP file transfers have not been changed to support this at this time.
* Added JUnit tests for issue-700
* Throw SCPException when attempting to resume SCP transfers.
* Licensing
* Small bug resuming a completed file was restarting since the bytes were equal.
* Enhanced test cases to validate the expected bytes transferred for each scenario are the actual bytes transferred.
* Removed author info which was pre-filled from company IDE template
* Added "fall through" comment for switch
* Changed the API for requesting a resume from a boolean flag with some internal decisions to be a user-specified long byte offset. This is cleaner but puts the onus on the caller to know exactly what they're asking for in their circumstance, which is ultimately better for a library like sshj.
* Reverted some now-unnecessary changes to SFTPFileTransfer.Uploader.prepareFile()
* Fix gradle exclude path for test files
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
- Adjusted test classes to work with Apache SSHD 2.8.0
- Upgraded Bouncy Castle from 1.69 to 1.70
- Upgraded Apache SSHD from 2.1.0 to 2.8.0
- Upgraded JUnit from 4.12 to 4.13.2
- Upgraded Mockito from 2.28.2 to 4.2.0
- Upgraded Logback from 1.2.6 to 1.2.9
- Upgraded Apache HTTP Client from 4.5.9 to 4.5.14
* Improve SshdContainer: log `docker build` to stdout, don't wait too long if container exited
* Fix#740: Lean on Config.keyAlgorithms choosing between rsa-sha2-* and ssh-rsa
Previously, there was a heuristic that was choosing rsa-sha2-512 after receiving a host key of type RSA. It didn't work well when a server doesn't have an RSA host key.
OpenSSH 8.8 introduced a breaking change: it removed ssh-rsa from the default list of supported public key signature algorithms. SSHJ was unable to connect to OpenSSH 8.8 server if the server has an EcDSA or Ed25519 host key.
Current behaviour behaves the same as OpenSSH 8.8 client does. SSHJ doesn't try to determine rsa-sha2-* support on the fly. Instead, it looks only on `Config.getKeyAlgorithms()`, which may or may not contain ssh-rsa and rsa-sha2-* in any order.
Sorry, this commit mostly reverts changes from #607.
* Introduce ConfigImpl.prioritizeSshRsaKeyAlgorithm to deal with broken backward compatibility
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
* Replace abstract class IntegrationBaseSpec with composition through IntegrationTestUtil
* Switch to testcontainers in integration tests
It allows running different SSH servers with different configurations in tests, giving ability to cover more bugs, like mentioned in #733.
* Handle @cert-authority in known_hosts.
* Fix ClassCastException when receiving an ECDSA-CERT host key.
* Mention what exactly is not negotiated.
* Verify host key certificates during key exchange.
* Unit and integration tests for host key verification.
* Show sshd logs when integration test finishes.
* Review fixes: extract to private method, change strings.
* Update net.i2p.crypto:eddsa to 0.2.0
* Update net.i2p.crypto.eddsa to 0.2.0
* Update net.i2p.crypto.eddsa to 0.2.0
* Update net.i2p.crypto.eddsa to 0.2.0
* Upgraded Mockito to 2.8.47 (latest)
* Added extension to allow mocking final classes
* ConsolePasswordFinder allows custom message and number of retries
* Added builder for ConsolePasswordFinder
* Added more unit tests
