Some SSH servers will not honor the negotiated rsa-sha2-256 algorithms
if the client does not indicate support for SSH_MSG_EXT_INFO messages.
Since we only need to accept these messages, but are free to ignore
their contents, adding support amounts to sending "ext-info-c" with our
kex algorithm proposal.
* Don't specify JcaPEMKeyConverter provider as null
If no provider is set in the `SecurityUtils`, no named provider should be set for the `JcaPEMKeyConverter` as this would cause a `missing provider` exception.
* Don't specify JcePEMDecryptorProviderBuilder provider as null
If no provider is set in the `SecurityUtils`, no named provider should be set for the `JcePEMDecryptorProviderBuilder` as this would cause a missing provider exception. This currently breaks `PKCS8KeyFile` if `SecurityUtils.setSecurityProvider(null)` and `SecurityUtils.setRegisterBouncyCastle(false)` is used.
* Make KeyType compatible with Android Keystore
Android Keystore private keys do not implement PrivateKey since the
raw key material is not available to applications.
With this commit, sshj's KeyType correctly detects the algorithm
associated with Android Keystore keys, which makes them usable for SSH
authentication.
* Extract RSA, DSA, ECDSA and EC into constants
* Fix license lint issue
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
* Add pwdf retry logic to OpenSSHKeyV1KeyFile
While PKCS8KeyFile uses PasswordFinder's shouldRetry to determine
whether it should call reqPassword again if decryption of they key file
fails, OpenSSHKeyV1KeyFile simply gives up and throws an exception.
With this commit, retry logic similar to that of PKCS8KeyFile is added
to OpenSSHKeyV1KeyFile. The PasswordFinder's reqPassword is called
again if the validation of the "checkint" fails, which indicates an
incorrect passphrase.
* Use new exception to signal incorrect passphrase
* Throw common exception on key decryption failure
* Add test coverage for retry logic
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
* Added comment field in HostEntry for end-of-line comments in known_hosts file.
* Also modified the getLine() method to return the comment, if it exists.
* Fixed implementation
* Add CODEOWNERS file
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
* Forgive redundant spaces in OpenSSHv2 public keys and known_hosts
Sometimes users copy-pastes private and public keys in text editors. It leads to redundant spaces
and newlines. OpenSSH can easily read such keys, so users expect from SSHJ the same.
* Fixed bugs in OpenSSH key file and known_hosts parsers
* OpenSSHKnownHosts should not throw errors while parsing corrupted records
