Mirrors/sshj
1
0
Fork 0
mirror of https://github.com/hierynomus/sshj.git synced 2025-12-06 07:10:53 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: Mirrors:v0.38.0
Branches Tags
Mirrors:master Mirrors:move-tests Mirrors:proxy-factory Mirrors:issue-812 Mirrors:issue-711 Mirrors:issue-670 Mirrors:issue-588 Mirrors:issue-550 Mirrors:issue-358 Mirrors:java6 Mirrors:issue-88 Mirrors:issue-159 Mirrors:gh-pages
Mirrors:v0.40.0 Mirrors:v0.39.0 Mirrors:v0.38.0 Mirrors:v0.37.0 Mirrors:v0.36.0 Mirrors:v0.35.0 Mirrors:v0.34.0 Mirrors:v0.33.0 Mirrors:v0.32.0 Mirrors:v0.31.0 Mirrors:v0.30.0 Mirrors:v0.29.0 Mirrors:v0.28.0 Mirrors:v0.27.0 Mirrors:v0.26.0 Mirrors:v0.25.0 Mirrors:v0.24.0 Mirrors:v0.23.0 Mirrors:v0.22.0 Mirrors:v0.21.1 Mirrors:v0.21.0 Mirrors:v0.20.0 Mirrors:v0.19.1 Mirrors:v0.19.0 Mirrors:v0.18.0 Mirrors:v0.17.2 Mirrors:v0.17.1 Mirrors:v0.17.0 Mirrors:v0.16.0 Mirrors:v0.15.0 Mirrors:v0.14.0 Mirrors:v0.13.0 Mirrors:v0.12.0 Mirrors:v0.11.0 Mirrors:v0.9.0 Mirrors:v0.8.1 Mirrors:v0.8.0 Mirrors:v0.7.0 Mirrors:v0.6.1 Mirrors:v0.6.0 Mirrors:v0.5.0 Mirrors:v0.4.1 Mirrors:v0.4.0 Mirrors:v0.3.1 Mirrors:v0.3.0 Mirrors:v0.2.3 Mirrors:v0.2.0 Mirrors:v0.1.1 Mirrors:v0.1.0
...
compare: Mirrors:acad163e50def0a110dae61e76a1a5d2c08e8c5a
Branches Tags
Mirrors:master Mirrors:move-tests Mirrors:proxy-factory Mirrors:issue-812 Mirrors:issue-711 Mirrors:issue-670 Mirrors:issue-588 Mirrors:issue-550 Mirrors:issue-358 Mirrors:java6 Mirrors:issue-88 Mirrors:issue-159 Mirrors:gh-pages
Mirrors:v0.40.0 Mirrors:v0.39.0 Mirrors:v0.38.0 Mirrors:v0.37.0 Mirrors:v0.36.0 Mirrors:v0.35.0 Mirrors:v0.34.0 Mirrors:v0.33.0 Mirrors:v0.32.0 Mirrors:v0.31.0 Mirrors:v0.30.0 Mirrors:v0.29.0 Mirrors:v0.28.0 Mirrors:v0.27.0 Mirrors:v0.26.0 Mirrors:v0.25.0 Mirrors:v0.24.0 Mirrors:v0.23.0 Mirrors:v0.22.0 Mirrors:v0.21.1 Mirrors:v0.21.0 Mirrors:v0.20.0 Mirrors:v0.19.1 Mirrors:v0.19.0 Mirrors:v0.18.0 Mirrors:v0.17.2 Mirrors:v0.17.1 Mirrors:v0.17.0 Mirrors:v0.16.0 Mirrors:v0.15.0 Mirrors:v0.14.0 Mirrors:v0.13.0 Mirrors:v0.12.0 Mirrors:v0.11.0 Mirrors:v0.9.0 Mirrors:v0.8.1 Mirrors:v0.8.0 Mirrors:v0.7.0 Mirrors:v0.6.1 Mirrors:v0.6.0 Mirrors:v0.5.0 Mirrors:v0.4.1 Mirrors:v0.4.0 Mirrors:v0.3.1 Mirrors:v0.3.0 Mirrors:v0.2.3 Mirrors:v0.2.0 Mirrors:v0.1.1 Mirrors:v0.1.0

35 Commits
v0.38.0 ... acad163e50

Author SHA1 Message Date
Jeroen van Erp
acad163e50 Reduce code duplication
Some checks failed
Build SSHJ / Build with Java 11 (push) Has been cancelled
Details
Build SSHJ / Integration test (push) Has been cancelled
Details 
Signed-off-by: Jeroen van Erp <jeroen@hierynomus.com>
 2025-04-22 14:36:09 +02:00
Jeroen van Erp
8e9e644bb8 Merge branch 'master' into pr/uttamgupta/976 
Signed-off-by: Jeroen van Erp <jeroen@hierynomus.com>
 2025-04-22 14:35:35 +02:00
David Handermann
857d56a679 Replaced Grizzly HTTP Server with Java HTTP Server (#1010) 
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
 2025-04-22 11:59:58 +02:00
David Handermann
0e4a8f675f Upgraded SSHD from 2.14.0 to 2.15.0 (#1009) 2025-04-22 09:53:03 +02:00
Dmitry Sulman
95aab0088e Upgrade dependencies (#1007)
Some checks failed
Build SSHJ / Build with Java 11 (push) Has been cancelled
Details
Build SSHJ / Integration test (push) Has been cancelled
Details 
- Upgrade Gradle to 8.13
- Upgrade SLF4J to 2.0.17
- Upgrade Mockito to 5.16.1
- Upgrade AssertJ to 3.27.3
- Upgrade Logback to 1.5.18
- Upgrade Testcontainers to 1.20.6

Signed-off-by: Dmitry Sulman <dmitry.sulman@gmail.com>
 2025-03-24 14:10:44 +01:00
David Handermann
e390394e3b Refactored PuTTY Secret Key Derivation (#1003)
Some checks failed
Build SSHJ / Build with Java 11 (push) Has been cancelled
Details
Build SSHJ / Integration test (push) Has been cancelled
Details 
- Added KeyDerivationFunction interface for PuTTY Key Files
- Moved Argon2 Key Derivation to Version 3 implementation class to separate Bouncy Castle dependency references
- Replaced Bouncy Castle Hex references with ByteArrayUtils

Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
 2025-03-19 22:40:00 +01:00
Simon Legner
995de2da99 Make private fields final (#1005) 2025-03-19 22:18:17 +01:00
David Handermann
cea67fef73 Removed eddsa library in favor of standard Java Security classes (#993)
Some checks are pending
Build SSHJ / Build with Java 11 (push) Waiting to run
Details
Build SSHJ / Integration test (push) Waiting to run
Details 
- Bouncy Castle provides Ed25519 support using standard Java Security classes
- Removed net.i2p.crypto:eddsa:0.3.0 dependency
- Removed Ed25519PublicKey extension of EdDSAPublicKey class from eddsa library
- Added Ed25519KeyFactory for generating Java PublicKey and PrivateKey objects from raw encoded key byte arrays
- Refactored key parsing to use Ed25519KeyFactory
- Refactored SignatureEdDSA to use Java Signature class with Ed25519

Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
 2025-03-19 13:42:06 +01:00
David Handermann
b4bc69626e Refactored PKCS8 and PEM key parsing to reduce use of Bouncy Castle (#989) 
- Replaced Bouncy Castle PKCS8 parsing with Java Security components and hierynomus ASN.1
- Added PEMKeyReader with separate implementation for historical OpenSSL password-based encryption using Bouncy Castle components
- Added class-based detection of support for historical encryption for optional use of Bouncy Castle components

Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
 2025-03-19 10:55:56 +01:00
David Handermann
27bf52ec10 Removed Bouncy Castle usage from Tests (#984) 
- Removed unnecessary addition of Bouncy Castle Provider from several tests
- Replaced Bouncy Castle Hex.toHexString() with SSHD BufferUtils.toHex()

Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
 2025-03-19 09:46:09 +01:00
Simon Legner
11921e2d3a Use try-with-resources (#999) 
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
 2025-03-19 09:30:01 +01:00
Simon Legner
4fe605289b Fix typo "default" (#997) 
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
 2025-03-19 09:19:26 +01:00
Simon Legner
0816bf95af Use StandardCharsets.UTF_8 (Java 1.7) (#998)
Some checks are pending
Build SSHJ / Build with Java 11 (push) Waiting to run
Details
Build SSHJ / Integration test (push) Waiting to run
Details 
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
 2025-03-18 21:44:31 +01:00
Henning Pöttker
b886085da5 Add empty data to SSH_MSG_IGNORE messages (#974) 
As required by RFC 4253 Section 11.2, and RFC 4251 Section 5

Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
 2025-03-18 21:33:12 +01:00
Jeroen van Erp
c3236a7405 Merge branch 'master' into pr/uttamgupta/976 2025-02-18 13:27:31 +01:00
David Handermann
7f8f43c8ae Upgrade Gradle to 8.12.1 and other dependencies (#982)
Some checks failed
Build SSHJ / Build with Java 11 (push) Has been cancelled
Details
Build SSHJ / Integration test (push) Has been cancelled
Details 
* Upgraded Gradle to 8.12.1 and other dependencies

- Upgraded Bouncy Castle from 1.78.1 to 1.80
- Upgraded Apache SSHD from 2.12.1 to 2.14.0
- Upgraded SLF4J from 2.0.13 to 2.0.16
- Upgraded Logback from 1.3.14 to 1.3.15
- Upgraded Testcontainers from 1.19.8 to 1.20.4

* Upgraded github-info plugin from 1.5.0 to 2.0.0

* Upgraded Gradle Wrapper scripts for 8.12.1

---------

Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
 2025-02-18 11:32:14 +01:00
David Handermann
5ff27ec597 Refactored ECDSA Key Handling using Java Security (#983) 
- Replaced Bouncy Castle with Java Security components for ECDSA Key Specifications
 2025-02-18 11:01:33 +01:00
Uttam Gupta
bfa82b4e44 Issue-973 (part1) - Removing direct dependency on BouncyCastle library and using JCE. 
- This is first change towards removing direct dependency on BouncyCastle.
- Removed the imports org.bouncycastle.crypto.prng.RandomGenerator and
  org.bouncycastle.crypto.prng.VMPCRandomGenerator from the file
  BouncyCastleRandom.java, eliminating the direct dependency on BouncyCastle.
  Now using JCE with a provider, allowing SecureRandom to utilize the BC provider.
- Added a new class, BouncyCastleFipsRandom, similar to BouncyCastleRandom.java,
  which leverages the BCFIPS provider to create SecureRandom instances.
- Upgraded gradle plugin, groovy and Mockito versions to ensure compatibility with Java 21.
  from org.spockframework:spock-core:2.3-groovy-3.0 to org.spockframework:spock-core:2.4-M5-groovy-4.0
  from org.mockito:mockito-core:4.11.0 to org.mockito:mockito-core:5.15.2
  from gradle-8.2-bin.zip to gradle-8.11-bin.zip
 Testing: I have run gradle clean build with java 11 and Java 21 and works.
Test Gradle Test Executor 2; Executed: 470/469/0
✓ Test Gradle Test Run :test; Executed: 470/469/0
 2025-01-13 14:54:54 -08:00
Ramkumar
31ed35407c Check error stream is not null before notifying error (#961) 
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
 2024-09-13 12:35:37 -06:00
David Handermann
f4f8071020 Improved Curve25519 Public Key Handling (#959) 
- Modified Curve25519 negotiation to determine algorithm identifier length based on PublicKey.getEncoded() length instead of hard-coded value of 44
- Runtime length determination avoids differences in X25519 implementations on Java 11

Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
 2024-09-13 10:17:02 -06:00
Thomas Canava
f525ed0e5b Allow custom scp download command line (#958) 
Co-authored-by: Thomas Canava <thomas.canava@soprasteria.com>
 2024-08-23 09:56:39 +02:00
Jeroen van Erp
93046f315e Provide public SCP command line builder (Fixes \#951) 
Signed-off-by: Jeroen van Erp <jeroen@hierynomus.com>
 2024-08-20 14:46:50 +02:00
Jeroen van Erp
54376b7622 Add SFTP integration test 
Signed-off-by: Jeroen van Erp <jeroen@hierynomus.com>
 2024-08-20 09:17:28 +02:00
David Handermann
f0e92c920f Upgraded Bouncy Castle and other dependencies (#945) 
- Upgraded Bouncy Castle from 1.78 to 1.78.1
- Upgraded SLF4J from 2.0.7 to 2.0.13
- Upgraded SSHD from 2.10.0 to 2.12.1
- Upgraded Logback from 1.3.8 to 1.3.14
- Upgraded Testcontainers from 1.18.3 to 1.19.8
- Upgraded setup-java action to version 4
- Upgraded checkout action to version 4
 2024-05-20 13:52:02 +02:00
David Kocher
09e2ca512e Add overloaded init methods that take the public key from a stream an… (#908) 
* Add overloaded init methods that take the public key from a stream and properly initialize. Resolves #907.

* Override public key.
 2024-04-29 16:46:38 +02:00
Raul Santelices
607e80591c Fix for issue #910: Bad packet received by server when hearbeat is enabled (#911) 
* Fix for issue #910: Bad packet received by server when hearbeat is enabled

* Address re-keying case too

---------

Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
 2024-04-18 09:31:24 +02:00
Raul Santelices
079cb08fb0 Fix false-alarm timeout exception when waiting for key exchange to complete (#912) 
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
 2024-04-18 09:22:07 +02:00
eshaffer321
cf340c2a09 Update bouncyCastle to 1.78 to mitigate CVE-2024-29857 (#938) 
Bouncy Caste version before 1.78 have 

CVE-2024-29857 - Importing an EC certificate with specially crafted F2m parameters can cause high CPU usage during parameter evaluation.

Is sshj impacted by this vulnerability?
 2024-04-17 12:32:46 +02:00
Eric Vigeant
586a66420e Close Session when closing SCPEngine or SFTPEngine (#926) 
Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
 2024-04-15 20:31:54 +02:00
Lucas
624fe839cb Support premature termination of listing (#928) 
* Support premature termination of listing

* Added license header + small refactor

---------

Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
 2024-04-15 20:18:15 +02:00
Henning Pöttker
81d77d277c Don't send keep alive signals before kex is done (#934) 
Otherwise, they could interfere with strict key exchange.

Co-authored-by: Jeroen van Erp <jeroen@hierynomus.com>
 2024-04-15 09:29:06 +02:00
Vladimir Lagunov
70af58d199 Wrap IllegalArgumentException thrown by Base64 decoder (#936) 
* Wrap IllegalArgumentException thrown by Base64 decoder

Some time ago, there had been `net.schmizz.sshj.common.Base64`. This class used to throw `IOException` in case of any problem. Although `IOException` isn't an appropriate class for indicating on parsing issues, a lot of code has been expecting `IOException` from Base64.

Once, the old Base64 decoder was replaced with the one, bundled into Java 14 (see f35c2bd4ce). Copy-paste elimination and switching to standard implementations is undoubtedly a good decision.

Unfortunately, `java.util.Base64.Decoder` brought a pesky issue. It throws `IllegalArgumentException` in case of any problem. Since it is an unchecked exception, it was quite challenging to notice it. It's especially challenging because the error appears during processing malformed base64 strings. So, a lot of places in the code kept expecting `IOException`. Sudden `IllegalArgumentException` led to authentication termination in cases where everything used to work perfectly.

One of such issues is already found and fixed: 03f8b2224d

This commit represents a work, based on revising every change made in f35c2bd4ce. It should fix all other similar issues.

* squash! Wrap IllegalArgumentException thrown by Base64 decoder

Rename Base64DecodeError -> Base64DecodingException

* squash! Wrap IllegalArgumentException thrown by Base64 decoder

A better warning message in KnownHostMatchers

* squash! Wrap IllegalArgumentException thrown by Base64 decoder

A better error message in OpenSSHKeyFileUtil

* squash! Wrap IllegalArgumentException thrown by Base64 decoder

A better error message in OpenSSHKeyV1KeyFile

* squash! Wrap IllegalArgumentException thrown by Base64 decoder

Get rid of unnecessary `throws IOException` in Base64Decoder

* squash! Wrap IllegalArgumentException thrown by Base64 decoder

Better error messages in OpenSSHKeyFileUtil and PuTTYKeyFile
 2024-04-15 09:23:53 +02:00
Martin Volf
c0d1519ee2 connected sockets can be passed to the library (#925) 
* connected sockets can be passed to the library

fixes hierynomus/sshj#924

Signed-off-by: Martin Volf <vlci.doupe@gmail.com>

* removed pointless socket check; test coverage improved

Signed-off-by: Martin Volf <vlci.doupe@gmail.com>

* better test coverage

Signed-off-by: Martin Volf <vlci.doupe@gmail.com>

---------

Signed-off-by: Martin Volf <vlci.doupe@gmail.com>
 2024-01-29 11:49:43 +01:00
kegelh
03f8b2224d known_hosts parsing does not ignore malformed base64 strings since 0.36.0 (#922) 2024-01-26 13:36:29 +01:00
Pascal Schumacher
f94444bc53 Fix typo in README.adoc (#920) 2024-01-02 16:02:45 +01:00
108 changed files with 2677 additions and 1190 deletions
Expand all files Collapse all files

8
.github/workflows/gradle.yml vendored
View File

@@ -14,9 +14,9 @@ jobs:
name: Build with Java 11 name: Build with Java 11
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v4
- name: Set up Java 11 - name: Set up Java 11
uses: actions/setup-java@v3 uses: actions/setup-java@v4
with: with:
distribution: 'temurin' distribution: 'temurin'
java-version: 11 java-version: 11
@@ -31,9 +31,9 @@ jobs:
name: Integration test name: Integration test
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v4
- run: git fetch --depth=1 origin +refs/tags/*:refs/tags/* - run: git fetch --depth=1 origin +refs/tags/*:refs/tags/*
- uses: actions/setup-java@v3 - uses: actions/setup-java@v4
with: with:
distribution: 'temurin' distribution: 'temurin'
java-version: 11 java-version: 11

8
.github/workflows/release.yml vendored
View File

@@ -13,11 +13,11 @@ jobs:
name: Build with Java 12 name: Build with Java 12
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Set up JDK 12 - name: Set up JDK 12
uses: actions/setup-java@v2 uses: actions/setup-java@v4
with: with:
distribution: 'zulu' distribution: 'zulu'
java-version: 12 java-version: 12
@@ -30,10 +30,10 @@ jobs:
needs: [java12] needs: [java12]
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
- uses: actions/setup-java@v2 - uses: actions/setup-java@v4
with: with:
distribution: 'zulu' distribution: 'zulu'
java-version: 12 java-version: 12

2
README.adoc
View File

@@ -115,7 +115,7 @@ SSHJ 0.38.0 (2024-01-02)::
* Merged https://github.com/hierynomus/sshj/pull/917[#917]: Implement OpenSSH strict key exchange extension * Merged https://github.com/hierynomus/sshj/pull/917[#917]: Implement OpenSSH strict key exchange extension
* Merged https://github.com/hierynomus/sshj/pull/903[#903]: Fix for writing known hosts key string * Merged https://github.com/hierynomus/sshj/pull/903[#903]: Fix for writing known hosts key string
* Merged https://github.com/hierynomus/sshj/pull/913[#913]: Prevent remote port forwarding buffers to grow without bounds * Merged https://github.com/hierynomus/sshj/pull/913[#913]: Prevent remote port forwarding buffers to grow without bounds
* Moved tess to JUnit5 * Moved tests to JUnit5
* Merged https://github.com/hierynomus/sshj/pull/827[#827]: Fallback to posix-rename@openssh.com extension if available * Merged https://github.com/hierynomus/sshj/pull/827[#827]: Fallback to posix-rename@openssh.com extension if available
* Merged https://github.com/hierynomus/sshj/pull/904[#904]: Add ChaCha20-Poly1305 support for OpenSSH keys * Merged https://github.com/hierynomus/sshj/pull/904[#904]: Add ChaCha20-Poly1305 support for OpenSSH keys
SSHJ 0.37.0 (2023-10-11):: SSHJ 0.37.0 (2023-10-11)::

35
build.gradle
View File

@@ -9,7 +9,7 @@ plugins {
id 'pl.allegro.tech.build.axion-release' version '1.15.3' id 'pl.allegro.tech.build.axion-release' version '1.15.3'
id "com.github.hierynomus.license" version "0.16.1" id "com.github.hierynomus.license" version "0.16.1"
id "com.bmuschko.docker-remote-api" version "9.2.1" id "com.bmuschko.docker-remote-api" version "9.2.1"
id 'ru.vyarus.github-info' version '1.5.0' id 'ru.vyarus.github-info' version '2.0.0'
id "io.github.gradle-nexus.publish-plugin" version "1.3.0" id "io.github.gradle-nexus.publish-plugin" version "1.3.0"
} }
@@ -22,6 +22,11 @@ repositories {
mavenCentral() mavenCentral()
} }
github {
user 'hierynomus'
license 'Apache'
}
scmVersion { scmVersion {
tag { tag {
prefix = 'v' prefix = 'v'
@@ -41,15 +46,14 @@ compileJava {
configurations.implementation.transitive = false configurations.implementation.transitive = false
def bouncycastleVersion = "1.75" def bouncycastleVersion = "1.80"
def sshdVersion = "2.10.0" def sshdVersion = "2.15.0"
dependencies { dependencies {
implementation "org.slf4j:slf4j-api:2.0.7" implementation "org.slf4j:slf4j-api:2.0.17"
implementation "org.bouncycastle:bcprov-jdk18on:$bouncycastleVersion" implementation "org.bouncycastle:bcprov-jdk18on:$bouncycastleVersion"
implementation "org.bouncycastle:bcpkix-jdk18on:$bouncycastleVersion" implementation "org.bouncycastle:bcpkix-jdk18on:$bouncycastleVersion"
implementation "com.hierynomus:asn-one:0.6.0" implementation "com.hierynomus:asn-one:0.6.0"
implementation "net.i2p.crypto:eddsa:0.3.0"
} }
license { license {
@@ -59,7 +63,6 @@ license {
java = 'SLASHSTAR_STYLE' java = 'SLASHSTAR_STYLE'
} }
excludes([ excludes([
'**/sshj/common/Base64.java',
'**/com/hierynomus/sshj/userauth/keyprovider/bcrypt/*.java', '**/com/hierynomus/sshj/userauth/keyprovider/bcrypt/*.java',
'**/files/test_file_*.txt', '**/files/test_file_*.txt',
]) ])
@@ -86,16 +89,15 @@ testing {
configureEach { configureEach {
useJUnitJupiter() useJUnitJupiter()
dependencies { dependencies {
implementation "org.slf4j:slf4j-api:2.0.7" implementation "org.slf4j:slf4j-api:2.0.17"
implementation 'org.spockframework:spock-core:2.3-groovy-3.0' implementation 'org.spockframework:spock-core:2.3-groovy-3.0'
implementation "org.mockito:mockito-core:4.11.0" implementation "org.mockito:mockito-core:5.16.1"
implementation "org.assertj:assertj-core:3.24.2" implementation "org.assertj:assertj-core:3.27.3"
implementation "ru.vyarus:spock-junit5:1.2.0" implementation "ru.vyarus:spock-junit5:1.2.0"
implementation "org.apache.sshd:sshd-core:$sshdVersion" implementation "org.apache.sshd:sshd-core:$sshdVersion"
implementation "org.apache.sshd:sshd-sftp:$sshdVersion" implementation "org.apache.sshd:sshd-sftp:$sshdVersion"
implementation "org.apache.sshd:sshd-scp:$sshdVersion" implementation "org.apache.sshd:sshd-scp:$sshdVersion"
implementation "ch.qos.logback:logback-classic:1.3.8" implementation "ch.qos.logback:logback-classic:1.5.18"
implementation 'org.glassfish.grizzly:grizzly-http-server:3.0.1'
} }
targets { targets {
@@ -130,8 +132,8 @@ testing {
integrationTest(JvmTestSuite) { integrationTest(JvmTestSuite) {
dependencies { dependencies {
implementation project() implementation project()
implementation 'org.testcontainers:testcontainers:1.18.3' implementation platform('org.testcontainers:testcontainers-bom:1.20.6')
implementation 'org.testcontainers:junit-jupiter:1.18.3' implementation 'org.testcontainers:junit-jupiter'
} }
sources { sources {
@@ -178,8 +180,6 @@ jar {
instruction "Import-Package", "!net.schmizz.*" instruction "Import-Package", "!net.schmizz.*"
instruction "Import-Package", "!com.hierynomus.sshj.*" instruction "Import-Package", "!com.hierynomus.sshj.*"
instruction "Import-Package", "javax.crypto*" instruction "Import-Package", "javax.crypto*"
instruction "Import-Package", "!net.i2p.crypto.eddsa.math"
instruction "Import-Package", "net.i2p*"
instruction "Import-Package", "com.jcraft.jzlib*;version=\"[1.1,2)\";resolution:=optional" instruction "Import-Package", "com.jcraft.jzlib*;version=\"[1.1,2)\";resolution:=optional"
instruction "Import-Package", "org.slf4j*;version=\"[1.7,5)\"" instruction "Import-Package", "org.slf4j*;version=\"[1.7,5)\""
instruction "Import-Package", "org.bouncycastle*;resolution:=optional" instruction "Import-Package", "org.bouncycastle*;resolution:=optional"
@@ -203,11 +203,6 @@ sourcesJar {
} }
} }
github {
user 'hierynomus'
license 'Apache'
}
publishing { publishing {
publications { publications {
maven(MavenPublication) { maven(MavenPublication) {

BIN
gradle/wrapper/gradle-wrapper.jar vendored
View File

Binary file not shown.

4
gradle/wrapper/gradle-wrapper.properties vendored
View File

@@ -1,5 +1,7 @@
distributionBase=GRADLE_USER_HOME distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists distributionPath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-8.2-bin.zip distributionUrl=https\://services.gradle.org/distributions/gradle-8.13-bin.zip
networkTimeout=10000
validateDistributionUrl=true
zipStoreBase=GRADLE_USER_HOME zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists zipStorePath=wrapper/dists

43
gradlew vendored
View File

@@ -15,6 +15,8 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
# #
# SPDX-License-Identifier: Apache-2.0
#
############################################################################## ##############################################################################
# #
@@ -55,7 +57,7 @@
# Darwin, MinGW, and NonStop. # Darwin, MinGW, and NonStop.
# #
# (3) This script is generated from the Groovy template # (3) This script is generated from the Groovy template
# https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt # https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
# within the Gradle project. # within the Gradle project.
# #
# You can find Gradle at https://github.com/gradle/gradle/. # You can find Gradle at https://github.com/gradle/gradle/.
@@ -80,13 +82,11 @@ do
esac esac
done done
APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit # This is normally unused
# shellcheck disable=SC2034
APP_NAME="Gradle"
APP_BASE_NAME=${0##*/} APP_BASE_NAME=${0##*/}
# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s\n' "$PWD" ) || exit
DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
# Use the maximum available, or set MAX_FD != -1 to use that value. # Use the maximum available, or set MAX_FD != -1 to use that value.
MAX_FD=maximum MAX_FD=maximum
@@ -133,22 +133,29 @@ location of your Java installation."
fi fi
else else
JAVACMD=java JAVACMD=java
which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. if ! command -v java >/dev/null 2>&1
then
die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
Please set the JAVA_HOME variable in your environment to match the Please set the JAVA_HOME variable in your environment to match the
location of your Java installation." location of your Java installation."
fi
fi fi
# Increase the maximum file descriptors if we can. # Increase the maximum file descriptors if we can.
if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
case $MAX_FD in #( case $MAX_FD in #(
max*) max*)
# In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
# shellcheck disable=SC2039,SC3045
MAX_FD=$( ulimit -H -n ) || MAX_FD=$( ulimit -H -n ) ||
warn "Could not query maximum file descriptor limit" warn "Could not query maximum file descriptor limit"
esac esac
case $MAX_FD in #( case $MAX_FD in #(
'' | soft) :;; #( '' | soft) :;; #(
*) *)
# In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
# shellcheck disable=SC2039,SC3045
ulimit -n "$MAX_FD" || ulimit -n "$MAX_FD" ||
warn "Could not set maximum file descriptor limit to $MAX_FD" warn "Could not set maximum file descriptor limit to $MAX_FD"
esac esac
@@ -193,11 +200,15 @@ if "$cygwin" || "$msys" ; then
done done
fi fi
# Collect all arguments for the java command;
# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
# shell script including quotes and variable substitutions, so put them in DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
# double quotes to make sure that they get re-expanded; and
# * put everything else in single quotes, so that it's not re-expanded. # Collect all arguments for the java command:
# * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
# and any embedded shellness will be escaped.
# * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
# treated as '${Hostname}' itself on the command line.
set -- \ set -- \
"-Dorg.gradle.appname=$APP_BASE_NAME" \ "-Dorg.gradle.appname=$APP_BASE_NAME" \
@@ -205,6 +216,12 @@ set -- \
org.gradle.wrapper.GradleWrapperMain \ org.gradle.wrapper.GradleWrapperMain \
"$@" "$@"
# Stop when "xargs" is not available.
if ! command -v xargs >/dev/null 2>&1
then
die "xargs is not available"
fi
# Use "xargs" to parse quoted args. # Use "xargs" to parse quoted args.
# #
# With -n1 it outputs one arg per line, with the quotes and backslashes removed. # With -n1 it outputs one arg per line, with the quotes and backslashes removed.

37
gradlew.bat vendored
View File

@@ -13,8 +13,10 @@
@rem See the License for the specific language governing permissions and @rem See the License for the specific language governing permissions and
@rem limitations under the License. @rem limitations under the License.
@rem @rem
@rem SPDX-License-Identifier: Apache-2.0
@rem
@if "%DEBUG%" == "" @echo off @if "%DEBUG%"=="" @echo off
@rem ########################################################################## @rem ##########################################################################
@rem @rem
@rem Gradle startup script for Windows @rem Gradle startup script for Windows
@@ -25,7 +27,8 @@
if "%OS%"=="Windows_NT" setlocal if "%OS%"=="Windows_NT" setlocal
set DIRNAME=%~dp0 set DIRNAME=%~dp0
if "%DIRNAME%" == "" set DIRNAME=. if "%DIRNAME%"=="" set DIRNAME=.
@rem This is normally unused
set APP_BASE_NAME=%~n0 set APP_BASE_NAME=%~n0
set APP_HOME=%DIRNAME% set APP_HOME=%DIRNAME%
@@ -40,13 +43,13 @@ if defined JAVA_HOME goto findJavaFromJavaHome
set JAVA_EXE=java.exe set JAVA_EXE=java.exe
%JAVA_EXE% -version >NUL 2>&1 %JAVA_EXE% -version >NUL 2>&1
if "%ERRORLEVEL%" == "0" goto execute if %ERRORLEVEL% equ 0 goto execute
echo. echo. 1>&2
echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
echo. echo. 1>&2
echo Please set the JAVA_HOME variable in your environment to match the echo Please set the JAVA_HOME variable in your environment to match the 1>&2
echo location of your Java installation. echo location of your Java installation. 1>&2
goto fail goto fail
@@ -56,11 +59,11 @@ set JAVA_EXE=%JAVA_HOME%/bin/java.exe
if exist "%JAVA_EXE%" goto execute if exist "%JAVA_EXE%" goto execute
echo. echo. 1>&2
echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
echo. echo. 1>&2
echo Please set the JAVA_HOME variable in your environment to match the echo Please set the JAVA_HOME variable in your environment to match the 1>&2
echo location of your Java installation. echo location of your Java installation. 1>&2
goto fail goto fail
@@ -75,13 +78,15 @@ set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
:end :end
@rem End local scope for the variables with windows NT shell @rem End local scope for the variables with windows NT shell
if "%ERRORLEVEL%"=="0" goto mainEnd if %ERRORLEVEL% equ 0 goto mainEnd
:fail :fail
rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
rem the _cmd.exe /c_ return code! rem the _cmd.exe /c_ return code!
if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 set EXIT_CODE=%ERRORLEVEL%
exit /b 1 if %EXIT_CODE% equ 0 set EXIT_CODE=1
if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
exit /b %EXIT_CODE%
:mainEnd :mainEnd
if "%OS%"=="Windows_NT" endlocal if "%OS%"=="Windows_NT" endlocal

14
src/itest/java/com/hierynomus/sshj/sftp/FileWriteTest.java
View File

@@ -21,7 +21,6 @@ import java.util.EnumSet;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.testcontainers.junit.jupiter.Container; import org.testcontainers.junit.jupiter.Container;
import org.testcontainers.junit.jupiter.Testcontainers; import org.testcontainers.junit.jupiter.Testcontainers;
import org.testcontainers.shaded.org.bouncycastle.util.Arrays;
import com.hierynomus.sshj.SshdContainer; import com.hierynomus.sshj.SshdContainer;
@@ -31,11 +30,12 @@ import net.schmizz.sshj.sftp.RemoteFile;
import net.schmizz.sshj.sftp.SFTPClient; import net.schmizz.sshj.sftp.SFTPClient;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
@Testcontainers @Testcontainers
public class FileWriteTest { public class FileWriteTest {
@Container @Container
private static SshdContainer sshd = new SshdContainer(); private static final SshdContainer sshd = new SshdContainer();
@Test @Test
public void shouldAppendToFile_GH390() throws Throwable { public void shouldAppendToFile_GH390() throws Throwable {
@@ -63,8 +63,14 @@ public class FileWriteTest {
try (RemoteFile read = sftp.open(file, EnumSet.of(OpenMode.READ))) { try (RemoteFile read = sftp.open(file, EnumSet.of(OpenMode.READ))) {
byte[] readBytes = new byte[initialText.length + appendText.length]; byte[] readBytes = new byte[initialText.length + appendText.length];
read.read(0, readBytes, 0, readBytes.length); read.read(0, readBytes, 0, readBytes.length);
assertThat(Arrays.copyOfRange(readBytes, 0, initialText.length)).isEqualTo(initialText);
assertThat(Arrays.copyOfRange(readBytes, initialText.length, initialText.length + appendText.length)).isEqualTo(appendText); final byte[] expectedInitialText = new byte[initialText.length];
System.arraycopy(readBytes, 0, expectedInitialText, 0, expectedInitialText.length);
assertArrayEquals(expectedInitialText, initialText);
final byte[] expectedAppendText = new byte[appendText.length];
System.arraycopy(readBytes, initialText.length, expectedAppendText, 0, expectedAppendText.length);
assertArrayEquals(expectedAppendText, appendText);
} }
} }

47
src/itest/java/com/hierynomus/sshj/sftp/SftpIntegrationTest.java Normal file
View File

@@ -0,0 +1,47 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.hierynomus.sshj.sftp;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNull;
import org.junit.jupiter.api.Test;
import org.testcontainers.junit.jupiter.Container;
import org.testcontainers.junit.jupiter.Testcontainers;
import com.hierynomus.sshj.SshdContainer;
import net.schmizz.sshj.SSHClient;
import net.schmizz.sshj.sftp.FileAttributes;
import net.schmizz.sshj.sftp.SFTPClient;
@Testcontainers
public class SftpIntegrationTest {
@Container
private static SshdContainer sshd = new SshdContainer();
@Test
public void shouldCheckFileExistsForNonExistingFile_GH894() throws Throwable {
try (SSHClient client = sshd.getConnectedClient()) {
client.authPublickey("sshj", "src/test/resources/id_rsa");
try (SFTPClient sftp = client.newSFTPClient()) {
String file = "/home/sshj/i_do_not_exist.txt";
FileAttributes exists = sftp.statExistence(file);
assertNull(exists);
}
}
}
}

56
src/itest/java/com/hierynomus/sshj/transport/kex/StrictKeyExchangeTest.java
View File

@@ -18,15 +18,26 @@ package com.hierynomus.sshj.transport.kex;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import java.util.stream.Stream;
import ch.qos.logback.classic.Logger; import ch.qos.logback.classic.Logger;
import ch.qos.logback.classic.spi.ILoggingEvent; import ch.qos.logback.classic.spi.ILoggingEvent;
import ch.qos.logback.core.read.ListAppender; import ch.qos.logback.core.read.ListAppender;
import com.hierynomus.sshj.SshdContainer; import com.hierynomus.sshj.SshdContainer;
import net.schmizz.keepalive.KeepAlive;
import net.schmizz.keepalive.KeepAliveProvider;
import net.schmizz.sshj.Config;
import net.schmizz.sshj.DefaultConfig;
import net.schmizz.sshj.SSHClient; import net.schmizz.sshj.SSHClient;
import net.schmizz.sshj.common.Message;
import net.schmizz.sshj.common.SSHPacket;
import net.schmizz.sshj.connection.ConnectionImpl;
import net.schmizz.sshj.transport.TransportException;
import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test; import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.testcontainers.junit.jupiter.Container; import org.testcontainers.junit.jupiter.Container;
import org.testcontainers.junit.jupiter.Testcontainers; import org.testcontainers.junit.jupiter.Testcontainers;
@@ -62,14 +73,27 @@ class StrictKeyExchangeTest {
watchedLoggers.add(logger); watchedLoggers.add(logger);
} }
@Test private static Stream<Arguments> strictKeyExchange() {
void strictKeyExchange() throws Throwable { Config defaultConfig = new DefaultConfig();
try (SSHClient client = sshd.getConnectedClient()) { Config heartbeaterConfig = new DefaultConfig();
heartbeaterConfig.setKeepAliveProvider(new KeepAliveProvider() {
@Override
public KeepAlive provide(ConnectionImpl connection) {
return new HotLoopHeartbeater(connection);
}
});
return Stream.of(defaultConfig, heartbeaterConfig).map(Arguments::of);
}
@MethodSource
@ParameterizedTest
void strictKeyExchange(Config config) throws Throwable {
try (SSHClient client = sshd.getConnectedClient(config)) {
client.authPublickey("sshj", "src/itest/resources/keyfiles/id_rsa_opensshv1"); client.authPublickey("sshj", "src/itest/resources/keyfiles/id_rsa_opensshv1");
assertTrue(client.isAuthenticated()); assertTrue(client.isAuthenticated());
} }
List<String> keyExchangerLogs = getLogs("KeyExchanger"); List<String> keyExchangerLogs = getLogs("KeyExchanger");
assertThat(keyExchangerLogs).containsSequence( assertThat(keyExchangerLogs).contains(
"Initiating key exchange", "Initiating key exchange",
"Sending SSH_MSG_KEXINIT", "Sending SSH_MSG_KEXINIT",
"Received SSH_MSG_KEXINIT", "Received SSH_MSG_KEXINIT",
@@ -78,7 +102,7 @@ class StrictKeyExchangeTest {
List<String> decoderLogs = getLogs("Decoder").stream() List<String> decoderLogs = getLogs("Decoder").stream()
.map(log -> log.split(":")[0]) .map(log -> log.split(":")[0])
.collect(Collectors.toList()); .collect(Collectors.toList());
assertThat(decoderLogs).containsExactly( assertThat(decoderLogs).startsWith(
"Received packet #0", "Received packet #0",
"Received packet #1", "Received packet #1",
"Received packet #2", "Received packet #2",
@@ -90,7 +114,7 @@ class StrictKeyExchangeTest {
List<String> encoderLogs = getLogs("Encoder").stream() List<String> encoderLogs = getLogs("Encoder").stream()
.map(log -> log.split(":")[0]) .map(log -> log.split(":")[0])
.collect(Collectors.toList()); .collect(Collectors.toList());
assertThat(encoderLogs).containsExactly( assertThat(encoderLogs).startsWith(
"Encoding packet #0", "Encoding packet #0",
"Encoding packet #1", "Encoding packet #1",
"Encoding packet #2", "Encoding packet #2",
@@ -108,4 +132,22 @@ class StrictKeyExchangeTest {
.collect(Collectors.toList()); .collect(Collectors.toList());
} }
private static class HotLoopHeartbeater extends KeepAlive {
HotLoopHeartbeater(ConnectionImpl conn) {
super(conn, "sshj-Heartbeater");
}
@Override
public boolean isEnabled() {
return true;
}
@Override
protected void doKeepAlive() throws TransportException {
conn.getTransport().write(new SSHPacket(Message.IGNORE).putString(""));
}
}
} }

12
src/main/java/com/hierynomus/sshj/common/KeyDecryptionFailedException.java
View File

@@ -15,8 +15,6 @@
*/ */
package com.hierynomus.sshj.common; package com.hierynomus.sshj.common;
import org.bouncycastle.openssl.EncryptionException;
import java.io.IOException; import java.io.IOException;
/** /**
@@ -28,11 +26,15 @@ public class KeyDecryptionFailedException extends IOException {
public static final String MESSAGE = "Decryption of the key failed. A supplied passphrase may be incorrect."; public static final String MESSAGE = "Decryption of the key failed. A supplied passphrase may be incorrect.";
public KeyDecryptionFailedException() { public KeyDecryptionFailedException(final String message) {
super(MESSAGE); super(message);
} }
public KeyDecryptionFailedException(EncryptionException cause) { public KeyDecryptionFailedException(final String message, final Throwable cause) {
super(message, cause);
}
public KeyDecryptionFailedException(IOException cause) {
super(MESSAGE, cause); super(MESSAGE, cause);
} }

30
src/main/java/com/hierynomus/sshj/sftp/RemoteResourceFilterConverter.java Normal file
View File

@@ -0,0 +1,30 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.hierynomus.sshj.sftp;
import com.hierynomus.sshj.sftp.RemoteResourceSelector.Result;
import net.schmizz.sshj.sftp.RemoteResourceFilter;
public class RemoteResourceFilterConverter {
public static RemoteResourceSelector selectorFrom(RemoteResourceFilter filter) {
if (filter == null) {
return RemoteResourceSelector.ALL;
}
return resource -> filter.accept(resource) ? Result.ACCEPT : Result.CONTINUE;
}
}

49
src/main/java/com/hierynomus/sshj/sftp/RemoteResourceSelector.java Normal file
View File

@@ -0,0 +1,49 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.hierynomus.sshj.sftp;
import net.schmizz.sshj.sftp.RemoteResourceInfo;
public interface RemoteResourceSelector {
public static RemoteResourceSelector ALL = new RemoteResourceSelector() {
@Override
public Result select(RemoteResourceInfo resource) {
return Result.ACCEPT;
}
};
enum Result {
/**
* Accept the remote resource and add it to the result.
*/
ACCEPT,
/**
* Do not add the remote resource to the result and continue with the next.
*/
CONTINUE,
/**
* Do not add the remote resource to the result and stop further execution.
*/
BREAK;
}
/**
* Decide whether the remote resource should be included in the result and whether execution should continue.
*/
Result select(RemoteResourceInfo resource);
}

56
src/main/java/com/hierynomus/sshj/signature/Ed25519PublicKey.java
View File

@@ -1,56 +0,0 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.hierynomus.sshj.signature;
import net.i2p.crypto.eddsa.EdDSAPublicKey;
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveSpec;
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
import net.schmizz.sshj.common.SSHRuntimeException;
import java.util.Arrays;
/**
* Our own extension of the EdDSAPublicKey that comes from ECC-25519, as that class does not implement equality.
* The code uses the equality of the keys as an indicator whether they're the same during host key verification.
*/
@SuppressWarnings("serial")
public class Ed25519PublicKey extends EdDSAPublicKey {
public Ed25519PublicKey(EdDSAPublicKeySpec spec) {
super(spec);
EdDSANamedCurveSpec ed25519 = EdDSANamedCurveTable.getByName("Ed25519");
if (!spec.getParams().getCurve().equals(ed25519.getCurve())) {
throw new SSHRuntimeException("Cannot create Ed25519 Public Key from wrong spec");
}
}
@Override
public boolean equals(Object other) {
if (!(other instanceof Ed25519PublicKey)) {
return false;
}
Ed25519PublicKey otherKey = (Ed25519PublicKey) other;
return Arrays.equals(getAbyte(), otherKey.getAbyte());
}
@Override
public int hashCode() {
return getA().hashCode();
}
}

12
src/main/java/com/hierynomus/sshj/signature/SignatureEdDSA.java
View File

@@ -15,14 +15,14 @@
*/ */
package com.hierynomus.sshj.signature; package com.hierynomus.sshj.signature;
import net.i2p.crypto.eddsa.EdDSAEngine;
import net.schmizz.sshj.common.KeyType; import net.schmizz.sshj.common.KeyType;
import net.schmizz.sshj.common.SSHRuntimeException; import net.schmizz.sshj.common.SSHRuntimeException;
import net.schmizz.sshj.common.SecurityUtils;
import net.schmizz.sshj.signature.AbstractSignature; import net.schmizz.sshj.signature.AbstractSignature;
import net.schmizz.sshj.signature.Signature; import net.schmizz.sshj.signature.Signature;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException; import java.security.SignatureException;
public class SignatureEdDSA extends AbstractSignature { public class SignatureEdDSA extends AbstractSignature {
@@ -43,11 +43,11 @@ public class SignatureEdDSA extends AbstractSignature {
super(getEngine(), KeyType.ED25519.toString()); super(getEngine(), KeyType.ED25519.toString());
} }
private static EdDSAEngine getEngine() { private static java.security.Signature getEngine() {
try { try {
return new EdDSAEngine(MessageDigest.getInstance("SHA-512")); return SecurityUtils.getSignature("Ed25519");
} catch (NoSuchAlgorithmException e) { } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
throw new SSHRuntimeException(e); throw new SSHRuntimeException("Ed25519 Signatures not supported", e);
} }
} }

2
src/main/java/com/hierynomus/sshj/transport/IdentificationStringParser.java
View File

@@ -28,7 +28,7 @@ public class IdentificationStringParser {
private final Logger log; private final Logger log;
private final Buffer.PlainBuffer buffer; private final Buffer.PlainBuffer buffer;
private byte[] EXPECTED_START_BYTES = new byte[] {'S', 'S', 'H', '-'}; private final byte[] EXPECTED_START_BYTES = new byte[] {'S', 'S', 'H', '-'};
public IdentificationStringParser(Buffer.PlainBuffer buffer) { public IdentificationStringParser(Buffer.PlainBuffer buffer) {
this(buffer, LoggerFactory.DEFAULT); this(buffer, LoggerFactory.DEFAULT);

10
src/main/java/com/hierynomus/sshj/transport/cipher/BlockCiphers.java
View File

@@ -121,11 +121,11 @@ public class BlockCiphers {
public static class Factory public static class Factory
implements net.schmizz.sshj.common.Factory.Named<Cipher> { implements net.schmizz.sshj.common.Factory.Named<Cipher> {
private int keysize; private final int keysize;
private String cipher; private final String cipher;
private String mode; private final String mode;
private String name; private final String name;
private int ivsize; private final int ivsize;
/** /**
* @param ivsize * @param ivsize

12
src/main/java/com/hierynomus/sshj/transport/cipher/GcmCiphers.java
View File

@@ -33,12 +33,12 @@ public class GcmCiphers {
public static class Factory public static class Factory
implements net.schmizz.sshj.common.Factory.Named<Cipher> { implements net.schmizz.sshj.common.Factory.Named<Cipher> {
private int keysize; private final int keysize;
private int authSize; private final int authSize;
private String cipher; private final String cipher;
private String mode; private final String mode;
private String name; private final String name;
private int ivsize; private final int ivsize;
/** /**
* @param ivsize * @param ivsize

8
src/main/java/com/hierynomus/sshj/transport/cipher/StreamCiphers.java
View File

@@ -40,10 +40,10 @@ public class StreamCiphers {
public static class Factory public static class Factory
implements net.schmizz.sshj.common.Factory.Named<Cipher> { implements net.schmizz.sshj.common.Factory.Named<Cipher> {
private int keysize; private final int keysize;
private String cipher; private final String cipher;
private String mode; private final String mode;
private String name; private final String name;
/** /**
* @param keysize The keysize used in bits. * @param keysize The keysize used in bits.

4
src/main/java/com/hierynomus/sshj/transport/kex/DHG.java
View File

@@ -28,8 +28,8 @@ import java.security.GeneralSecurityException;
* *
*/ */
public class DHG extends AbstractDHG { public class DHG extends AbstractDHG {
private BigInteger group; private final BigInteger group;
private BigInteger generator; private final BigInteger generator;
public DHG(BigInteger group, BigInteger generator, Digest digest) { public DHG(BigInteger group, BigInteger generator, Digest digest) {
super(new DH(), digest); super(new DH(), digest);

8
src/main/java/com/hierynomus/sshj/transport/kex/DHGroups.java
View File

@@ -68,10 +68,10 @@ public class DHGroups {
public static class Factory public static class Factory
implements net.schmizz.sshj.common.Factory.Named<KeyExchange> { implements net.schmizz.sshj.common.Factory.Named<KeyExchange> {
private String name; private final String name;
private BigInteger group; private final BigInteger group;
private BigInteger generator; private final BigInteger generator;
private Factory.Named<Digest> digestFactory; private final Factory.Named<Digest> digestFactory;
public Factory(String name, BigInteger group, BigInteger generator, Named<Digest> digestFactory) { public Factory(String name, BigInteger group, BigInteger generator, Named<Digest> digestFactory) {
this.name = name; this.name = name;

8
src/main/java/com/hierynomus/sshj/transport/mac/Macs.java
View File

@@ -71,10 +71,10 @@ public class Macs {
public static class Factory implements net.schmizz.sshj.common.Factory.Named<MAC> { public static class Factory implements net.schmizz.sshj.common.Factory.Named<MAC> {
private String name; private final String name;
private String algorithm; private final String algorithm;
private int bSize; private final int bSize;
private int defBSize; private final int defBSize;
private final boolean etm; private final boolean etm;
public Factory(String name, String algorithm, int bSize, int defBSize, boolean etm) { public Factory(String name, String algorithm, int bSize, int defBSize, boolean etm) {

25
src/main/java/com/hierynomus/sshj/transport/verification/KnownHostMatchers.java
View File

@@ -15,20 +15,26 @@
*/ */
package com.hierynomus.sshj.transport.verification; package com.hierynomus.sshj.transport.verification;
import net.schmizz.sshj.common.IOUtils; import net.schmizz.sshj.common.Base64DecodingException;
import net.schmizz.sshj.common.Base64Decoder;
import net.schmizz.sshj.common.SSHException; import net.schmizz.sshj.common.SSHException;
import net.schmizz.sshj.transport.mac.MAC; import net.schmizz.sshj.transport.mac.MAC;
import java.io.IOException; import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Base64; import java.util.Base64;
import java.util.List; import java.util.List;
import java.util.regex.Pattern; import java.util.regex.Pattern;
import com.hierynomus.sshj.transport.mac.Macs; import com.hierynomus.sshj.transport.mac.Macs;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class KnownHostMatchers { public class KnownHostMatchers {
private static final Logger log = LoggerFactory.getLogger(KnownHostMatchers.class);
public static HostMatcher createMatcher(String hostEntry) throws SSHException { public static HostMatcher createMatcher(String hostEntry) throws SSHException {
if (hostEntry.contains(",")) { if (hostEntry.contains(",")) {
return new AnyHostMatcher(hostEntry); return new AnyHostMatcher(hostEntry);
@@ -51,7 +57,7 @@ public class KnownHostMatchers {
} }
private static class EquiHostMatcher implements HostMatcher { private static class EquiHostMatcher implements HostMatcher {
private String host; private final String host;
public EquiHostMatcher(String host) { public EquiHostMatcher(String host) {
this.host = host; this.host = host;
@@ -80,17 +86,22 @@ public class KnownHostMatchers {
@Override @Override
public boolean match(String hostname) throws IOException { public boolean match(String hostname) throws IOException {
return hash.equals(hashHost(hostname)); try {
return hash.equals(hashHost(hostname));
} catch (Base64DecodingException err) {
log.warn("Hostname [{}] not matched: salt decoding failed", hostname, err);
return false;
}
} }
private String hashHost(String host) throws IOException { private String hashHost(String host) throws IOException, Base64DecodingException {
sha1.init(getSaltyBytes()); sha1.init(getSaltyBytes());
return "|1|" + salt + "|" + Base64.getEncoder().encodeToString(sha1.doFinal(host.getBytes(IOUtils.UTF8))); return "|1|" + salt + "|" + Base64.getEncoder().encodeToString(sha1.doFinal(host.getBytes(StandardCharsets.UTF_8)));
} }
private byte[] getSaltyBytes() { private byte[] getSaltyBytes() throws IOException, Base64DecodingException {
if (saltyBytes == null) { if (saltyBytes == null) {
saltyBytes = Base64.getDecoder().decode(salt); saltyBytes = Base64Decoder.decode(salt);
} }
return saltyBytes; return saltyBytes;
} }

13
src/main/java/com/hierynomus/sshj/userauth/keyprovider/OpenSSHKeyFileUtil.java
View File

@@ -15,6 +15,8 @@
*/ */
package com.hierynomus.sshj.userauth.keyprovider; package com.hierynomus.sshj.userauth.keyprovider;
import net.schmizz.sshj.common.Base64DecodingException;
import net.schmizz.sshj.common.Base64Decoder;
import net.schmizz.sshj.common.Buffer; import net.schmizz.sshj.common.Buffer;
import net.schmizz.sshj.common.KeyType; import net.schmizz.sshj.common.KeyType;
@@ -23,7 +25,6 @@ import java.io.File;
import java.io.IOException; import java.io.IOException;
import java.io.Reader; import java.io.Reader;
import java.security.PublicKey; import java.security.PublicKey;
import java.util.Base64;
public class OpenSSHKeyFileUtil { public class OpenSSHKeyFileUtil {
private OpenSSHKeyFileUtil() { private OpenSSHKeyFileUtil() {
@@ -46,17 +47,17 @@ public class OpenSSHKeyFileUtil {
* @param publicKey Public key accessible through a {@code Reader} * @param publicKey Public key accessible through a {@code Reader}
*/ */
public static ParsedPubKey initPubKey(Reader publicKey) throws IOException { public static ParsedPubKey initPubKey(Reader publicKey) throws IOException {
final BufferedReader br = new BufferedReader(publicKey); try (BufferedReader br = new BufferedReader(publicKey)) {
try {
String keydata; String keydata;
while ((keydata = br.readLine()) != null) { while ((keydata = br.readLine()) != null) {
keydata = keydata.trim(); keydata = keydata.trim();
if (!keydata.isEmpty()) { if (!keydata.isEmpty()) {
String[] parts = keydata.trim().split("\\s+"); String[] parts = keydata.trim().split("\\s+");
if (parts.length >= 2) { if (parts.length >= 2) {
byte[] decodedPublicKey = Base64Decoder.decode(parts[1]);
return new ParsedPubKey( return new ParsedPubKey(
KeyType.fromString(parts[0]), KeyType.fromString(parts[0]),
new Buffer.PlainBuffer(Base64.getDecoder().decode(parts[1])).readPublicKey() new Buffer.PlainBuffer(decodedPublicKey).readPublicKey()
); );
} else { } else {
throw new IOException("Got line with only one column"); throw new IOException("Got line with only one column");
@@ -64,8 +65,8 @@ public class OpenSSHKeyFileUtil {
} }
} }
throw new IOException("Public key file is blank"); throw new IOException("Public key file is blank");
} finally { } catch (Base64DecodingException err) {
br.close(); throw new IOException("Public key decoding failed", err);
} }
} }

102
src/main/java/com/hierynomus/sshj/userauth/keyprovider/OpenSSHKeyV1KeyFile.java
View File

@@ -20,48 +20,34 @@ import com.hierynomus.sshj.common.KeyDecryptionFailedException;
import com.hierynomus.sshj.transport.cipher.BlockCiphers; import com.hierynomus.sshj.transport.cipher.BlockCiphers;
import com.hierynomus.sshj.transport.cipher.ChachaPolyCiphers; import com.hierynomus.sshj.transport.cipher.ChachaPolyCiphers;
import com.hierynomus.sshj.transport.cipher.GcmCiphers; import com.hierynomus.sshj.transport.cipher.GcmCiphers;
import net.i2p.crypto.eddsa.EdDSAPrivateKey; import com.hierynomus.sshj.userauth.keyprovider.bcrypt.BCrypt;
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable; import net.schmizz.sshj.common.*;
import net.i2p.crypto.eddsa.spec.EdDSAPrivateKeySpec;
import net.schmizz.sshj.common.Buffer;
import net.schmizz.sshj.common.Buffer.PlainBuffer; import net.schmizz.sshj.common.Buffer.PlainBuffer;
import net.schmizz.sshj.common.ByteArrayUtils;
import net.schmizz.sshj.common.IOUtils;
import net.schmizz.sshj.common.KeyType;
import net.schmizz.sshj.common.SSHRuntimeException;
import net.schmizz.sshj.common.SecurityUtils;
import net.schmizz.sshj.transport.cipher.Cipher; import net.schmizz.sshj.transport.cipher.Cipher;
import net.schmizz.sshj.userauth.keyprovider.BaseFileKeyProvider; import net.schmizz.sshj.userauth.keyprovider.BaseFileKeyProvider;
import net.schmizz.sshj.userauth.keyprovider.FileKeyProvider; import net.schmizz.sshj.userauth.keyprovider.FileKeyProvider;
import net.schmizz.sshj.userauth.keyprovider.KeyFormat; import net.schmizz.sshj.userauth.keyprovider.KeyFormat;
import org.bouncycastle.asn1.nist.NISTNamedCurves; import net.schmizz.sshj.userauth.password.PasswordFinder;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.jce.spec.ECNamedCurveSpec;
import com.hierynomus.sshj.userauth.keyprovider.bcrypt.BCrypt;
import org.bouncycastle.openssl.EncryptionException;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import java.io.BufferedReader; import java.io.*;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.io.Reader;
import java.math.BigInteger; import java.math.BigInteger;
import java.nio.ByteBuffer; import java.nio.ByteBuffer;
import java.nio.CharBuffer; import java.nio.CharBuffer;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.security.*; import java.security.GeneralSecurityException;
import java.security.spec.ECPrivateKeySpec; import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.RSAPrivateCrtKeySpec; import java.security.spec.RSAPrivateCrtKeySpec;
import java.util.Arrays; import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
/** /**
* Reads a key file in the new OpenSSH format. * Reads a key file in the new OpenSSH format.
* The format is described in the following document: https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key * The format is described in the following document: <a href="https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key">Key Protocol</a>
*/ */
public class OpenSSHKeyV1KeyFile extends BaseFileKeyProvider { public class OpenSSHKeyV1KeyFile extends BaseFileKeyProvider {
private static final String BEGIN = "-----BEGIN "; private static final String BEGIN = "-----BEGIN ";
@@ -89,6 +75,12 @@ public class OpenSSHKeyV1KeyFile extends BaseFileKeyProvider {
private PublicKey pubKey; private PublicKey pubKey;
@Override
public PublicKey getPublic()
throws IOException {
return pubKey != null ? pubKey : super.getPublic();
}
public static class Factory public static class Factory
implements net.schmizz.sshj.common.Factory.Named<FileKeyProvider> { implements net.schmizz.sshj.common.Factory.Named<FileKeyProvider> {
@@ -106,16 +98,41 @@ public class OpenSSHKeyV1KeyFile extends BaseFileKeyProvider {
protected final Logger log = LoggerFactory.getLogger(getClass()); protected final Logger log = LoggerFactory.getLogger(getClass());
@Override @Override
public void init(File location) { public void init(File location, PasswordFinder pwdf) {
File pubKey = OpenSSHKeyFileUtil.getPublicKeyFile(location); File pubKey = OpenSSHKeyFileUtil.getPublicKeyFile(location);
if (pubKey != null) if (pubKey != null) {
try { try {
initPubKey(new FileReader(pubKey)); initPubKey(new FileReader(pubKey));
} catch (IOException e) { } catch (IOException e) {
// let super provide both public & private key // let super provide both public & private key
log.warn("Error reading public key file: {}", e.toString()); log.warn("Error reading public key file: {}", e.toString());
} }
super.init(location); }
super.init(location, pwdf);
}
@Override
public void init(String privateKey, String publicKey, PasswordFinder pwdf) {
if (pubKey != null) {
try {
initPubKey(new StringReader(publicKey));
} catch (IOException e) {
log.warn("Error reading public key file: {}", e.toString());
}
}
super.init(privateKey, null, pwdf);
}
@Override
public void init(Reader privateKey, Reader publicKey, PasswordFinder pwdf) {
if (pubKey != null) {
try {
initPubKey(publicKey);
} catch (IOException e) {
log.warn("Error reading public key file: {}", e.toString());
}
}
super.init(privateKey, null, pwdf);
} }
@Override @Override
@@ -124,7 +141,7 @@ public class OpenSSHKeyV1KeyFile extends BaseFileKeyProvider {
try { try {
if (checkHeader(reader)) { if (checkHeader(reader)) {
final String encodedPrivateKey = readEncodedKey(reader); final String encodedPrivateKey = readEncodedKey(reader);
byte[] decodedPrivateKey = Base64.getDecoder().decode(encodedPrivateKey); byte[] decodedPrivateKey = Base64Decoder.decode(encodedPrivateKey);
final PlainBuffer bufferedPrivateKey = new PlainBuffer(decodedPrivateKey); final PlainBuffer bufferedPrivateKey = new PlainBuffer(decodedPrivateKey);
return readDecodedKeyPair(bufferedPrivateKey); return readDecodedKeyPair(bufferedPrivateKey);
} else { } else {
@@ -133,6 +150,8 @@ public class OpenSSHKeyV1KeyFile extends BaseFileKeyProvider {
} }
} catch (final GeneralSecurityException e) { } catch (final GeneralSecurityException e) {
throw new SSHRuntimeException("Read OpenSSH Version 1 Key failed", e); throw new SSHRuntimeException("Read OpenSSH Version 1 Key failed", e);
} catch (Base64DecodingException e) {
throw new SSHRuntimeException("Private Key decoding failed", e);
} finally { } finally {
IOUtils.closeQuietly(reader); IOUtils.closeQuietly(reader);
} }
@@ -217,7 +236,7 @@ public class OpenSSHKeyV1KeyFile extends BaseFileKeyProvider {
cipher.update(privateKey, 0, privateKeyLength); cipher.update(privateKey, 0, privateKeyLength);
} catch (final SSHRuntimeException e) { } catch (final SSHRuntimeException e) {
final String message = String.format("OpenSSH Private Key decryption failed with cipher [%s]", cipherName); final String message = String.format("OpenSSH Private Key decryption failed with cipher [%s]", cipherName);
throw new KeyDecryptionFailedException(new EncryptionException(message, e)); throw new KeyDecryptionFailedException(new IOException(message, e));
} }
final PlainBuffer decryptedPrivateKey = new PlainBuffer(privateKeyLength); final PlainBuffer decryptedPrivateKey = new PlainBuffer(privateKeyLength);
decryptedPrivateKey.putRawBytes(privateKey, 0, privateKeyLength); decryptedPrivateKey.putRawBytes(privateKey, 0, privateKeyLength);
@@ -316,7 +335,7 @@ public class OpenSSHKeyV1KeyFile extends BaseFileKeyProvider {
int checkInt1 = keyBuffer.readUInt32AsInt(); // uint32 checkint1 int checkInt1 = keyBuffer.readUInt32AsInt(); // uint32 checkint1
int checkInt2 = keyBuffer.readUInt32AsInt(); // uint32 checkint2 int checkInt2 = keyBuffer.readUInt32AsInt(); // uint32 checkint2
if (checkInt1 != checkInt2) { if (checkInt1 != checkInt2) {
throw new KeyDecryptionFailedException(new EncryptionException("OpenSSH Private Key integer comparison failed")); throw new KeyDecryptionFailedException(new IOException("OpenSSH Private Key integer comparison failed"));
} }
// The private key section contains both the public key and the private key // The private key section contains both the public key and the private key
String keyType = keyBuffer.readString(); // string keytype String keyType = keyBuffer.readString(); // string keytype
@@ -329,8 +348,14 @@ public class OpenSSHKeyV1KeyFile extends BaseFileKeyProvider {
keyBuffer.readUInt32(); // length of privatekey+publickey keyBuffer.readUInt32(); // length of privatekey+publickey
byte[] privKey = new byte[32]; byte[] privKey = new byte[32];
keyBuffer.readRawBytes(privKey); // string privatekey keyBuffer.readRawBytes(privKey); // string privatekey
keyBuffer.readRawBytes(new byte[32]); // string publickey (again...)
kp = new KeyPair(publicKey, new EdDSAPrivateKey(new EdDSAPrivateKeySpec(privKey, EdDSANamedCurveTable.getByName("Ed25519")))); final byte[] pubKey = new byte[32];
keyBuffer.readRawBytes(pubKey); // string publickey (again...)
final PrivateKey edPrivateKey = Ed25519KeyFactory.getPrivateKey(privKey);
final PublicKey edPublicKey = Ed25519KeyFactory.getPublicKey(pubKey);
kp = new KeyPair(edPublicKey, edPrivateKey);
break; break;
case RSA: case RSA:
final RSAPrivateCrtKeySpec rsaPrivateCrtKeySpec = readRsaPrivateKeySpec(keyBuffer); final RSAPrivateCrtKeySpec rsaPrivateCrtKeySpec = readRsaPrivateKeySpec(keyBuffer);
@@ -338,13 +363,13 @@ public class OpenSSHKeyV1KeyFile extends BaseFileKeyProvider {
kp = new KeyPair(publicKey, privateKey); kp = new KeyPair(publicKey, privateKey);
break; break;
case ECDSA256: case ECDSA256:
kp = new KeyPair(publicKey, createECDSAPrivateKey(kt, keyBuffer, "P-256")); kp = new KeyPair(publicKey, createECDSAPrivateKey(kt, keyBuffer, ECDSACurve.SECP256R1));
break; break;
case ECDSA384: case ECDSA384:
kp = new KeyPair(publicKey, createECDSAPrivateKey(kt, keyBuffer, "P-384")); kp = new KeyPair(publicKey, createECDSAPrivateKey(kt, keyBuffer, ECDSACurve.SECP384R1));
break; break;
case ECDSA521: case ECDSA521:
kp = new KeyPair(publicKey, createECDSAPrivateKey(kt, keyBuffer, "P-521")); kp = new KeyPair(publicKey, createECDSAPrivateKey(kt, keyBuffer, ECDSACurve.SECP521R1));
break; break;
default: default:
@@ -361,13 +386,10 @@ public class OpenSSHKeyV1KeyFile extends BaseFileKeyProvider {
return kp; return kp;
} }
private PrivateKey createECDSAPrivateKey(KeyType kt, PlainBuffer buffer, String name) throws GeneralSecurityException, Buffer.BufferException { private PrivateKey createECDSAPrivateKey(KeyType kt, PlainBuffer buffer, ECDSACurve ecdsaCurve) throws GeneralSecurityException, Buffer.BufferException {
kt.readPubKeyFromBuffer(buffer); // Public key kt.readPubKeyFromBuffer(buffer); // Public key
BigInteger s = new BigInteger(1, buffer.readBytes()); final BigInteger s = new BigInteger(1, buffer.readBytes());
X9ECParameters ecParams = NISTNamedCurves.getByName(name); return ECDSAKeyFactory.getPrivateKey(s, ecdsaCurve);
ECNamedCurveSpec ecCurveSpec = new ECNamedCurveSpec(name, ecParams.getCurve(), ecParams.getG(), ecParams.getN());
ECPrivateKeySpec pks = new ECPrivateKeySpec(s, ecCurveSpec);
return SecurityUtils.getKeyFactory(KeyAlgorithm.ECDSA).generatePrivate(pks);
} }
/** /**

3
src/main/java/net/schmizz/concurrent/Promise.java
View File

@@ -104,7 +104,8 @@ public class Promise<V, T extends Throwable> {
lock.lock(); lock.lock();
try { try {
pendingEx = null; pendingEx = null;
deliver(null); log.debug("Clearing <<{}>>", name);
val = null;
} finally { } finally {
lock.unlock(); lock.unlock();
} }

2
src/main/java/net/schmizz/keepalive/Heartbeater.java
View File

@@ -29,6 +29,6 @@ final class Heartbeater
@Override @Override
protected void doKeepAlive() throws TransportException { protected void doKeepAlive() throws TransportException {
conn.getTransport().write(new SSHPacket(Message.IGNORE)); conn.getTransport().write(new SSHPacket(Message.IGNORE).putString(""));
} }
} }

3
src/main/java/net/schmizz/sshj/DefaultConfig.java
View File

@@ -59,7 +59,8 @@ import java.util.Properties;
* net.schmizz.sshj.transport.mac.HMACMD596}</li> * net.schmizz.sshj.transport.mac.HMACMD596}</li>
* <li>{@link net.schmizz.sshj.ConfigImpl#setCompressionFactories Compression}: {@link net.schmizz.sshj.transport.compression.NoneCompression}</li> * <li>{@link net.schmizz.sshj.ConfigImpl#setCompressionFactories Compression}: {@link net.schmizz.sshj.transport.compression.NoneCompression}</li>
* <li>{@link net.schmizz.sshj.ConfigImpl#setKeyAlgorithms KeyAlgorithm}: {@link net.schmizz.sshj.signature.SignatureRSA}, {@link net.schmizz.sshj.signature.SignatureDSA}</li> * <li>{@link net.schmizz.sshj.ConfigImpl#setKeyAlgorithms KeyAlgorithm}: {@link net.schmizz.sshj.signature.SignatureRSA}, {@link net.schmizz.sshj.signature.SignatureDSA}</li>
* <li>{@link net.schmizz.sshj.ConfigImpl#setRandomFactory PRNG}: {@link net.schmizz.sshj.transport.random.BouncyCastleRandom}* or {@link net.schmizz.sshj.transport.random.JCERandom}</li> * <li>{@link net.schmizz.sshj.ConfigImpl#setRandomFactory BC}: {@link net.schmizz.sshj.transport.random.BouncyCastleRandom}* or {@link net.schmizz.sshj.transport.random.JCERandom}</li>
* <li>{@link net.schmizz.sshj.ConfigImpl#setRandomFactory BCFIPS}: {@link net.schmizz.sshj.transport.random.BouncyCastleFipsRandom}* or {@link net.schmizz.sshj.transport.random.JCERandom}</li>
* <li>{@link net.schmizz.sshj.ConfigImpl#setFileKeyProviderFactories Key file support}: {@link net.schmizz.sshj.userauth.keyprovider.PKCS8KeyFile}*, {@link * <li>{@link net.schmizz.sshj.ConfigImpl#setFileKeyProviderFactories Key file support}: {@link net.schmizz.sshj.userauth.keyprovider.PKCS8KeyFile}*, {@link
* net.schmizz.sshj.userauth.keyprovider.OpenSSHKeyFile}*</li> * net.schmizz.sshj.userauth.keyprovider.OpenSSHKeyFile}*</li>
* <li>{@link net.schmizz.sshj.ConfigImpl#setVersion Client version}: {@code "NET_3_0"}</li> * <li>{@link net.schmizz.sshj.ConfigImpl#setVersion Client version}: {@code "NET_3_0"}</li>

7
src/main/java/net/schmizz/sshj/SSHClient.java
View File

@@ -59,6 +59,7 @@ import java.io.IOException;
import java.net.InetSocketAddress; import java.net.InetSocketAddress;
import java.net.ServerSocket; import java.net.ServerSocket;
import java.nio.charset.Charset; import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.KeyPair; import java.security.KeyPair;
import java.util.*; import java.util.*;
@@ -126,7 +127,7 @@ public class SSHClient
private final List<LocalPortForwarder> forwarders = new ArrayList<LocalPortForwarder>(); private final List<LocalPortForwarder> forwarders = new ArrayList<LocalPortForwarder>();
/** character set of the remote machine */ /** character set of the remote machine */
protected Charset remoteCharset = IOUtils.UTF8; protected Charset remoteCharset = StandardCharsets.UTF_8;
/** Default constructor. Initializes this object using {@link DefaultConfig}. */ /** Default constructor. Initializes this object using {@link DefaultConfig}. */
public SSHClient() { public SSHClient() {
@@ -765,7 +766,7 @@ public class SSHClient
* remote character set or {@code null} for default * remote character set or {@code null} for default
*/ */
public void setRemoteCharset(Charset remoteCharset) { public void setRemoteCharset(Charset remoteCharset) {
this.remoteCharset = remoteCharset != null ? remoteCharset : IOUtils.UTF8; this.remoteCharset = remoteCharset != null ? remoteCharset : StandardCharsets.UTF_8;
} }
@Override @Override
@@ -804,12 +805,12 @@ public class SSHClient
throws IOException { throws IOException {
super.onConnect(); super.onConnect();
trans.init(getRemoteHostname(), getRemotePort(), getInputStream(), getOutputStream()); trans.init(getRemoteHostname(), getRemotePort(), getInputStream(), getOutputStream());
doKex();
final KeepAlive keepAliveThread = conn.getKeepAlive(); final KeepAlive keepAliveThread = conn.getKeepAlive();
if (keepAliveThread.isEnabled()) { if (keepAliveThread.isEnabled()) {
ThreadNameProvider.setThreadName(conn.getKeepAlive(), trans); ThreadNameProvider.setThreadName(conn.getKeepAlive(), trans);
keepAliveThread.start(); keepAliveThread.start();
} }
doKex();
} }
/** /**

8
src/main/java/net/schmizz/sshj/SocketClient.java
View File

@@ -65,7 +65,9 @@ public abstract class SocketClient {
this.hostname = hostname; this.hostname = hostname;
this.port = port; this.port = port;
socket = socketFactory.createSocket(); socket = socketFactory.createSocket();
socket.connect(makeInetSocketAddress(hostname, port), connectTimeout); if (! socket.isConnected()) {
socket.connect(makeInetSocketAddress(hostname, port), connectTimeout);
}
onConnect(); onConnect();
} }
} }
@@ -104,7 +106,9 @@ public abstract class SocketClient {
public void connect(InetAddress host, int port) throws IOException { public void connect(InetAddress host, int port) throws IOException {
this.port = port; this.port = port;
socket = socketFactory.createSocket(); socket = socketFactory.createSocket();
socket.connect(new InetSocketAddress(host, port), connectTimeout); if (! socket.isConnected()) {
socket.connect(new InetSocketAddress(host, port), connectTimeout);
}
onConnect(); onConnect();
} }

47
src/main/java/net/schmizz/sshj/common/Base64Decoder.java Normal file
View File

@@ -0,0 +1,47 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.schmizz.sshj.common;
import java.io.IOException;
import java.util.Base64;
/**
* <p>Wraps {@link java.util.Base64.Decoder} in order to wrap unchecked {@code IllegalArgumentException} thrown by
* the default Java Base64 decoder here and there.</p>
*
* <p>Please use this class instead of {@link java.util.Base64.Decoder}.</p>
*/
public class Base64Decoder {
private Base64Decoder() {
}
public static byte[] decode(byte[] source) throws Base64DecodingException {
try {
return Base64.getDecoder().decode(source);
} catch (IllegalArgumentException err) {
throw new Base64DecodingException(err);
}
}
public static byte[] decode(String src) throws Base64DecodingException {
try {
return Base64.getDecoder().decode(src);
} catch (IllegalArgumentException err) {
throw new Base64DecodingException(err);
}
}
}

28
src/main/java/net/schmizz/sshj/common/Base64DecodingException.java Normal file
View File

@@ -0,0 +1,28 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.schmizz.sshj.common;
/**
* A checked wrapper for all {@link IllegalArgumentException}, thrown by {@link java.util.Base64.Decoder}.
*
* @see Base64Decoder
*/
public class Base64DecodingException extends Exception {
public Base64DecodingException(IllegalArgumentException cause) {
super("Failed to decode base64: " + cause.getMessage(), cause);
}
}

5
src/main/java/net/schmizz/sshj/common/Buffer.java
View File

@@ -17,6 +17,7 @@ package net.schmizz.sshj.common;
import java.math.BigInteger; import java.math.BigInteger;
import java.nio.charset.Charset; import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException; import java.security.GeneralSecurityException;
import java.security.PublicKey; import java.security.PublicKey;
import java.util.Arrays; import java.util.Arrays;
@@ -428,7 +429,7 @@ public class Buffer<T extends Buffer<T>> {
*/ */
public String readString() public String readString()
throws BufferException { throws BufferException {
return readString(IOUtils.UTF8); return readString(StandardCharsets.UTF_8);
} }
/** /**
@@ -454,7 +455,7 @@ public class Buffer<T extends Buffer<T>> {
} }
public T putString(String string) { public T putString(String string) {
return putString(string, IOUtils.UTF8); return putString(string, StandardCharsets.UTF_8);
} }
/** /**

4
src/main/java/net/schmizz/sshj/common/ByteArrayUtils.java
View File

@@ -17,8 +17,8 @@ package net.schmizz.sshj.common;
import java.nio.ByteBuffer; import java.nio.ByteBuffer;
import java.nio.CharBuffer; import java.nio.CharBuffer;
import java.nio.charset.Charset;
import java.nio.charset.CharsetEncoder; import java.nio.charset.CharsetEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Arrays; import java.util.Arrays;
/** Utility functions for byte arrays. */ /** Utility functions for byte arrays. */
@@ -141,7 +141,7 @@ public class ByteArrayUtils {
* @return UTF-8 bytes of the string * @return UTF-8 bytes of the string
*/ */
public static byte[] encodeSensitiveStringToUtf8(char[] str) { public static byte[] encodeSensitiveStringToUtf8(char[] str) {
CharsetEncoder charsetEncoder = Charset.forName("UTF-8").newEncoder(); CharsetEncoder charsetEncoder = StandardCharsets.UTF_8.newEncoder();
ByteBuffer utf8Buffer = ByteBuffer.allocate((int) (str.length * charsetEncoder.maxBytesPerChar())); ByteBuffer utf8Buffer = ByteBuffer.allocate((int) (str.length * charsetEncoder.maxBytesPerChar()));
assert utf8Buffer.hasArray(); assert utf8Buffer.hasArray();
charsetEncoder.encode(CharBuffer.wrap(str), utf8Buffer, true); charsetEncoder.encode(CharBuffer.wrap(str), utf8Buffer, true);

45
src/main/java/net/schmizz/sshj/common/ECDSACurve.java Normal file
View File

@@ -0,0 +1,45 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.schmizz.sshj.common;
/**
* Enumeration of supported ECDSA Curves with corresponding algorithm parameter names
*/
public enum ECDSACurve {
/** NIST P-256 */
SECP256R1("secp256r1"),
/** NIST P-384 */
SECP384R1("secp384r1"),
/** NIST P-521 */
SECP521R1("secp521r1");
private final String curveName;
ECDSACurve(final String curveName) {
this.curveName = curveName;
}
/**
* Get Curve Name for use with Java Cryptography Architecture components
*
* @return Curve Name
*/
public String getCurveName() {
return curveName;
}
}

86
src/main/java/net/schmizz/sshj/common/ECDSAKeyFactory.java Normal file
View File

@@ -0,0 +1,86 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.schmizz.sshj.common;
import com.hierynomus.sshj.common.KeyAlgorithm;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.ECPublicKeySpec;
import java.util.Objects;
/**
* Factory for generating Elliptic Curve Keys using Java Security components for NIST Curves
*/
public class ECDSAKeyFactory {
private ECDSAKeyFactory() {
}
/**
* Get Elliptic Curve Private Key for private key value and Curve Name
*
* @param privateKeyInteger Private Key
* @param ecdsaCurve Elliptic Curve
* @return Elliptic Curve Private Key
* @throws GeneralSecurityException Thrown on failure to create parameter specification
*/
public static PrivateKey getPrivateKey(final BigInteger privateKeyInteger, final ECDSACurve ecdsaCurve) throws GeneralSecurityException {
Objects.requireNonNull(privateKeyInteger, "Private Key integer required");
Objects.requireNonNull(ecdsaCurve, "Curve required");
final ECParameterSpec parameterSpec = getParameterSpec(ecdsaCurve);
final ECPrivateKeySpec privateKeySpec = new ECPrivateKeySpec(privateKeyInteger, parameterSpec);
final KeyFactory keyFactory = SecurityUtils.getKeyFactory(KeyAlgorithm.ECDSA);
return keyFactory.generatePrivate(privateKeySpec);
}
/**
* Get Elliptic Curve Public Key for public key value and Curve Name
*
* @param point Public Key point
* @param ecdsaCurve Elliptic Curve
* @return Elliptic Curve Public Key
* @throws GeneralSecurityException Thrown on failure to create parameter specification
*/
public static PublicKey getPublicKey(final ECPoint point, final ECDSACurve ecdsaCurve) throws GeneralSecurityException {
Objects.requireNonNull(point, "Elliptic Curve Point required");
Objects.requireNonNull(ecdsaCurve, "Curve required");
final ECParameterSpec parameterSpec = getParameterSpec(ecdsaCurve);
final ECPublicKeySpec publicKeySpec = new ECPublicKeySpec(point, parameterSpec);
final KeyFactory keyFactory = SecurityUtils.getKeyFactory(KeyAlgorithm.ECDSA);
return keyFactory.generatePublic(publicKeySpec);
}
private static ECParameterSpec getParameterSpec(final ECDSACurve ecdsaCurve) throws GeneralSecurityException {
final ECGenParameterSpec genParameterSpec = new ECGenParameterSpec(ecdsaCurve.getCurveName());
final AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(KeyAlgorithm.EC_KEYSTORE);
algorithmParameters.init(genParameterSpec);
return algorithmParameters.getParameterSpec(ECParameterSpec.class);
}
}

35
src/main/java/net/schmizz/sshj/common/ECDSAVariationsAdapter.java
View File

@@ -17,21 +17,16 @@ package net.schmizz.sshj.common;
import com.hierynomus.sshj.common.KeyAlgorithm; import com.hierynomus.sshj.common.KeyAlgorithm;
import com.hierynomus.sshj.secg.SecgUtils; import com.hierynomus.sshj.secg.SecgUtils;
import org.bouncycastle.asn1.nist.NISTNamedCurves;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.jce.spec.ECNamedCurveSpec;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import java.math.BigInteger; import java.math.BigInteger;
import java.security.GeneralSecurityException; import java.security.GeneralSecurityException;
import java.security.Key; import java.security.Key;
import java.security.KeyFactory;
import java.security.PublicKey; import java.security.PublicKey;
import java.security.interfaces.ECKey; import java.security.interfaces.ECKey;
import java.security.interfaces.ECPublicKey; import java.security.interfaces.ECPublicKey;
import java.security.spec.ECPoint; import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.util.Arrays; import java.util.Arrays;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
@@ -42,13 +37,13 @@ class ECDSAVariationsAdapter {
private final static Logger log = LoggerFactory.getLogger(ECDSAVariationsAdapter.class); private final static Logger log = LoggerFactory.getLogger(ECDSAVariationsAdapter.class);
public final static Map<String, String> SUPPORTED_CURVES = new HashMap<String, String>(); public final static Map<String, String> SUPPORTED_CURVES = new HashMap<>();
public final static Map<String, String> NIST_CURVES_NAMES = new HashMap<String, String>(); public final static Map<String, ECDSACurve> NIST_CURVES = new HashMap<>();
static { static {
NIST_CURVES_NAMES.put("256", "p-256"); NIST_CURVES.put("256", ECDSACurve.SECP256R1);
NIST_CURVES_NAMES.put("384", "p-384"); NIST_CURVES.put("384", ECDSACurve.SECP384R1);
NIST_CURVES_NAMES.put("521", "p-521"); NIST_CURVES.put("521", ECDSACurve.SECP521R1);
SUPPORTED_CURVES.put("256", "nistp256"); SUPPORTED_CURVES.put("256", "nistp256");
SUPPORTED_CURVES.put("384", "nistp384"); SUPPORTED_CURVES.put("384", "nistp384");
@@ -72,21 +67,15 @@ class ECDSAVariationsAdapter {
algorithm, curveName, keyLen, x04, Arrays.toString(x), Arrays.toString(y))); algorithm, curveName, keyLen, x04, Arrays.toString(x), Arrays.toString(y)));
} }
if (!SUPPORTED_CURVES.values().contains(curveName)) { if (!SUPPORTED_CURVES.containsValue(curveName)) {
throw new GeneralSecurityException(String.format("Unknown curve %s", curveName)); throw new GeneralSecurityException(String.format("Unknown curve %s", curveName));
} }
BigInteger bigX = new BigInteger(1, x); final BigInteger bigX = new BigInteger(1, x);
BigInteger bigY = new BigInteger(1, y); final BigInteger bigY = new BigInteger(1, y);
final ECPoint point = new ECPoint(bigX, bigY);
String name = NIST_CURVES_NAMES.get(variation); final ECDSACurve ecdsaCurve = NIST_CURVES.get(variation);
X9ECParameters ecParams = NISTNamedCurves.getByName(name); return ECDSAKeyFactory.getPublicKey(point, ecdsaCurve);
ECNamedCurveSpec ecCurveSpec = new ECNamedCurveSpec(name, ecParams.getCurve(), ecParams.getG(), ecParams.getN());
ECPoint p = new ECPoint(bigX, bigY);
ECPublicKeySpec publicKeySpec = new ECPublicKeySpec(p, ecCurveSpec);
KeyFactory keyFactory = KeyFactory.getInstance(KeyAlgorithm.ECDSA);
return keyFactory.generatePublic(publicKeySpec);
} catch (Exception ex) { } catch (Exception ex) {
throw new GeneralSecurityException(ex); throw new GeneralSecurityException(ex);
} }
@@ -96,7 +85,7 @@ class ECDSAVariationsAdapter {
final ECPublicKey ecdsa = (ECPublicKey) pk; final ECPublicKey ecdsa = (ECPublicKey) pk;
byte[] encoded = SecgUtils.getEncoded(ecdsa.getW(), ecdsa.getParams().getCurve()); byte[] encoded = SecgUtils.getEncoded(ecdsa.getW(), ecdsa.getParams().getCurve());
buf.putString("nistp" + Integer.toString(fieldSizeFromKey(ecdsa))) buf.putString("nistp" + (fieldSizeFromKey(ecdsa)))
.putBytes(encoded); .putBytes(encoded);
} }

90
src/main/java/net/schmizz/sshj/common/Ed25519KeyFactory.java Normal file
View File

@@ -0,0 +1,90 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.schmizz.sshj.common;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.Objects;
/**
* Factory for generating Edwards-curve 25519 Public and Private Keys
*/
public class Ed25519KeyFactory {
private static final int KEY_LENGTH = 32;
private static final String KEY_ALGORITHM = "Ed25519";
private static final byte[] ED25519_PKCS8_PRIVATE_KEY_HEADER = Base64.getDecoder().decode("MC4CAQEwBQYDK2VwBCIEIA");
private static final byte[] ED25519_PKCS8_PUBLIC_KEY_HEADER = Base64.getDecoder().decode("MCowBQYDK2VwAyEA");
private static final int PRIVATE_KEY_ENCODED_LENGTH = 48;
private static final int PUBLIC_KEY_ENCODED_LENGTH = 44;
private Ed25519KeyFactory() {
}
/**
* Get Edwards-curve Private Key for private key binary
*
* @param privateKeyBinary Private Key byte array consisting of 32 bytes
* @return Edwards-curve 25519 Private Key
* @throws GeneralSecurityException Thrown on failure to generate Private Key
*/
public static PrivateKey getPrivateKey(final byte[] privateKeyBinary) throws GeneralSecurityException {
Objects.requireNonNull(privateKeyBinary, "Private Key byte array required");
if (privateKeyBinary.length == KEY_LENGTH) {
final byte[] privateKeyEncoded = new byte[PRIVATE_KEY_ENCODED_LENGTH];
System.arraycopy(ED25519_PKCS8_PRIVATE_KEY_HEADER, 0, privateKeyEncoded, 0, ED25519_PKCS8_PRIVATE_KEY_HEADER.length);
System.arraycopy(privateKeyBinary, 0, privateKeyEncoded, ED25519_PKCS8_PRIVATE_KEY_HEADER.length, KEY_LENGTH);
final PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privateKeyEncoded);
final KeyFactory keyFactory = SecurityUtils.getKeyFactory(KEY_ALGORITHM);
return keyFactory.generatePrivate(keySpec);
} else {
throw new IllegalArgumentException("Key length of 32 bytes required");
}
}
/**
* Get Edwards-curve Public Key for public key binary
*
* @param publicKeyBinary Public Key byte array consisting of 32 bytes
* @return Edwards-curve 25519 Public Key
* @throws GeneralSecurityException Thrown on failure to generate Public Key
*/
public static PublicKey getPublicKey(final byte[] publicKeyBinary) throws GeneralSecurityException {
Objects.requireNonNull(publicKeyBinary, "Public Key byte array required");
if (publicKeyBinary.length == KEY_LENGTH) {
final byte[] publicKeyEncoded = new byte[PUBLIC_KEY_ENCODED_LENGTH];
System.arraycopy(ED25519_PKCS8_PUBLIC_KEY_HEADER, 0, publicKeyEncoded, 0, ED25519_PKCS8_PUBLIC_KEY_HEADER.length);
System.arraycopy(publicKeyBinary, 0, publicKeyEncoded, ED25519_PKCS8_PUBLIC_KEY_HEADER.length, KEY_LENGTH);
final X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicKeyEncoded);
final KeyFactory keyFactory = SecurityUtils.getKeyFactory(KEY_ALGORITHM);
return keyFactory.generatePublic(keySpec);
} else {
throw new IllegalArgumentException("Key length of 32 bytes required");
}
}
}

3
src/main/java/net/schmizz/sshj/common/IOUtils.java
View File

@@ -19,12 +19,9 @@ import java.io.ByteArrayOutputStream;
import java.io.Closeable; import java.io.Closeable;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.nio.charset.Charset;
public class IOUtils { public class IOUtils {
public static final Charset UTF8 = Charset.forName("UTF-8");
public static void closeQuietly(Closeable... closeables) { public static void closeQuietly(Closeable... closeables) {
closeQuietly(LoggerFactory.DEFAULT, closeables); closeQuietly(LoggerFactory.DEFAULT, closeables);
} }

27
src/main/java/net/schmizz/sshj/common/KeyType.java
View File

@@ -16,13 +16,8 @@
package net.schmizz.sshj.common; package net.schmizz.sshj.common;
import com.hierynomus.sshj.common.KeyAlgorithm; import com.hierynomus.sshj.common.KeyAlgorithm;
import com.hierynomus.sshj.signature.Ed25519PublicKey;
import com.hierynomus.sshj.signature.SignatureEdDSA; import com.hierynomus.sshj.signature.SignatureEdDSA;
import com.hierynomus.sshj.userauth.certificate.Certificate; import com.hierynomus.sshj.userauth.certificate.Certificate;
import net.i2p.crypto.eddsa.EdDSAPublicKey;
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveSpec;
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
import net.schmizz.sshj.common.Buffer.BufferException; import net.schmizz.sshj.common.Buffer.BufferException;
import net.schmizz.sshj.signature.Signature; import net.schmizz.sshj.signature.Signature;
import net.schmizz.sshj.signature.SignatureDSA; import net.schmizz.sshj.signature.SignatureDSA;
@@ -178,20 +173,16 @@ public enum KeyType {
public PublicKey readPubKeyFromBuffer(Buffer<?> buf) throws GeneralSecurityException { public PublicKey readPubKeyFromBuffer(Buffer<?> buf) throws GeneralSecurityException {
try { try {
final int keyLen = buf.readUInt32AsInt(); final int keyLen = buf.readUInt32AsInt();
final byte[] p = new byte[keyLen]; final byte[] publicKeyBinary = new byte[keyLen];
buf.readRawBytes(p); buf.readRawBytes(publicKeyBinary);
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug(String.format("Key algo: %s, Key curve: 25519, Key Len: %s\np: %s", log.debug(String.format("Key algo: %s, Key curve: 25519, Key Len: %s\np: %s",
sType, sType,
keyLen, keyLen,
Arrays.toString(p)) Arrays.toString(publicKeyBinary))
); );
} }
return Ed25519KeyFactory.getPublicKey(publicKeyBinary);
EdDSANamedCurveSpec ed25519 = EdDSANamedCurveTable.getByName("Ed25519");
EdDSAPublicKeySpec publicSpec = new EdDSAPublicKeySpec(p, ed25519);
return new Ed25519PublicKey(publicSpec);
} catch (Buffer.BufferException be) { } catch (Buffer.BufferException be) {
throw new SSHRuntimeException(be); throw new SSHRuntimeException(be);
} }
@@ -199,13 +190,17 @@ public enum KeyType {
@Override @Override
protected void writePubKeyContentsIntoBuffer(PublicKey pk, Buffer<?> buf) { protected void writePubKeyContentsIntoBuffer(PublicKey pk, Buffer<?> buf) {
EdDSAPublicKey key = (EdDSAPublicKey) pk; final byte[] encoded = pk.getEncoded();
buf.putBytes(key.getAbyte()); final int keyLength = 32;
final int headerLength = encoded.length - keyLength;
final byte[] encodedPublicKey = new byte[keyLength];
System.arraycopy(encoded, headerLength, encodedPublicKey, 0, keyLength);
buf.putBytes(encodedPublicKey);
} }
@Override @Override
protected boolean isMyType(Key key) { protected boolean isMyType(Key key) {
return "EdDSA".equals(key.getAlgorithm()); return "EdDSA".equals(key.getAlgorithm()) || "Ed25519".equals(key.getAlgorithm());
} }
}, },

4
src/main/java/net/schmizz/sshj/common/SecurityUtils.java
View File

@@ -286,8 +286,8 @@ public class SecurityUtils {
if (securityProvider == null && registerBouncyCastle == null) { if (securityProvider == null && registerBouncyCastle == null) {
LOG.info("BouncyCastle not registered, using the default JCE provider"); LOG.info("BouncyCastle not registered, using the default JCE provider");
} else if (securityProvider == null) { } else if (securityProvider == null) {
LOG.error("Failed to register BouncyCastle as the defaut JCE provider"); LOG.error("Failed to register BouncyCastle as the default JCE provider");
throw new SSHRuntimeException("Failed to register BouncyCastle as the defaut JCE provider"); throw new SSHRuntimeException("Failed to register BouncyCastle as the default JCE provider");
} }
} }
registrationDone = true; registrationDone = true;

3
src/main/java/net/schmizz/sshj/connection/channel/AbstractChannel.java
View File

@@ -27,6 +27,7 @@ import org.slf4j.Logger;
import java.io.InputStream; import java.io.InputStream;
import java.io.OutputStream; import java.io.OutputStream;
import java.nio.charset.Charset; import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.LinkedList; import java.util.LinkedList;
import java.util.Queue; import java.util.Queue;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
@@ -90,7 +91,7 @@ public abstract class AbstractChannel
this.log = loggerFactory.getLogger(getClass()); this.log = loggerFactory.getLogger(getClass());
this.trans = conn.getTransport(); this.trans = conn.getTransport();
this.remoteCharset = remoteCharset != null ? remoteCharset : IOUtils.UTF8; this.remoteCharset = remoteCharset != null ? remoteCharset : StandardCharsets.UTF_8;
id = conn.nextID(); id = conn.nextID();
lwin = new Window.Local(conn.getWindowSize(), conn.getMaxPacketSize(), loggerFactory); lwin = new Window.Local(conn.getWindowSize(), conn.getMaxPacketSize(), loggerFactory);

2
src/main/java/net/schmizz/sshj/connection/channel/ChannelOutputStream.java
View File

@@ -37,7 +37,7 @@ public final class ChannelOutputStream extends OutputStream implements ErrorNoti
private final DataBuffer buffer = new DataBuffer(); private final DataBuffer buffer = new DataBuffer();
private final byte[] b = new byte[1]; private final byte[] b = new byte[1];
private AtomicBoolean closed; private final AtomicBoolean closed;
private SSHException error; private SSHException error;
private final class DataBuffer { private final class DataBuffer {

4
src/main/java/net/schmizz/sshj/connection/channel/direct/SessionChannel.java
View File

@@ -225,7 +225,9 @@ public class SessionChannel
@Override @Override
public void notifyError(SSHException error) { public void notifyError(SSHException error) {
err.notifyError(error); if (err != null) {
err.notifyError(error);
}
super.notifyError(error); super.notifyError(error);
} }

7
src/main/java/net/schmizz/sshj/sftp/RandomAccessRemoteFile.java
View File

@@ -317,13 +317,10 @@ public class RandomAccessRemoteFile
@Override @Override
public void writeUTF(String str) public void writeUTF(String str)
throws IOException { throws IOException {
final DataOutputStream dos = new DataOutputStream(rf.new RemoteFileOutputStream(fp)); try (DataOutputStream dos = new DataOutputStream(rf.new RemoteFileOutputStream(fp));) {
try {
dos.writeUTF(str); dos.writeUTF(str);
} finally { fp += dos.size();
dos.close();
} }
fp += dos.size();
} }
} }

57
src/main/java/net/schmizz/sshj/sftp/RemoteDirectory.java
View File

@@ -15,6 +15,7 @@
*/ */
package net.schmizz.sshj.sftp; package net.schmizz.sshj.sftp;
import com.hierynomus.sshj.sftp.RemoteResourceSelector;
import net.schmizz.sshj.sftp.Response.StatusCode; import net.schmizz.sshj.sftp.Response.StatusCode;
import java.io.IOException; import java.io.IOException;
@@ -22,6 +23,8 @@ import java.util.LinkedList;
import java.util.List; import java.util.List;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
import static com.hierynomus.sshj.sftp.RemoteResourceFilterConverter.selectorFrom;
public class RemoteDirectory public class RemoteDirectory
extends RemoteResource { extends RemoteResource {
@@ -31,37 +34,55 @@ public class RemoteDirectory
public List<RemoteResourceInfo> scan(RemoteResourceFilter filter) public List<RemoteResourceInfo> scan(RemoteResourceFilter filter)
throws IOException { throws IOException {
List<RemoteResourceInfo> rri = new LinkedList<RemoteResourceInfo>(); return scan(selectorFrom(filter));
// TODO: Remove GOTO! }
loop:
for (; ; ) {
final Response res = requester.request(newRequest(PacketType.READDIR))
.retrieve(requester.getTimeoutMs(), TimeUnit.MILLISECONDS);
switch (res.getType()) {
public List<RemoteResourceInfo> scan(RemoteResourceSelector selector)
throws IOException {
if (selector == null) {
selector = RemoteResourceSelector.ALL;
}
List<RemoteResourceInfo> remoteResourceInfos = new LinkedList<>();
while (true) {
final Response response = requester.request(newRequest(PacketType.READDIR))
.retrieve(requester.getTimeoutMs(), TimeUnit.MILLISECONDS);
switch (response.getType()) {
case NAME: case NAME:
final int count = res.readUInt32AsInt(); final int count = response.readUInt32AsInt();
for (int i = 0; i < count; i++) { for (int i = 0; i < count; i++) {
final String name = res.readString(requester.sub.getRemoteCharset()); final String name = response.readString(requester.sub.getRemoteCharset());
res.readString(); // long name - IGNORED - shdve never been in the protocol response.readString(); // long name - IGNORED - shdve never been in the protocol
final FileAttributes attrs = res.readFileAttributes(); final FileAttributes attrs = response.readFileAttributes();
final PathComponents comps = requester.getPathHelper().getComponents(path, name); final PathComponents comps = requester.getPathHelper().getComponents(path, name);
final RemoteResourceInfo inf = new RemoteResourceInfo(comps, attrs); final RemoteResourceInfo inf = new RemoteResourceInfo(comps, attrs);
if (!(".".equals(name) || "..".equals(name)) && (filter == null || filter.accept(inf))) {
rri.add(inf); if (".".equals(name) || "..".equals(name)) {
continue;
}
final RemoteResourceSelector.Result selectionResult = selector.select(inf);
switch (selectionResult) {
case ACCEPT:
remoteResourceInfos.add(inf);
break;
case CONTINUE:
continue;
case BREAK:
return remoteResourceInfos;
} }
} }
break; break;
case STATUS: case STATUS:
res.ensureStatusIs(StatusCode.EOF); response.ensureStatusIs(StatusCode.EOF);
break loop; return remoteResourceInfos;
default: default:
throw new SFTPException("Unexpected packet: " + res.getType()); throw new SFTPException("Unexpected packet: " + response.getType());
} }
} }
return rri;
} }
} }

17
src/main/java/net/schmizz/sshj/sftp/SFTPClient.java
View File

@@ -15,6 +15,7 @@
*/ */
package net.schmizz.sshj.sftp; package net.schmizz.sshj.sftp;
import com.hierynomus.sshj.sftp.RemoteResourceSelector;
import net.schmizz.sshj.connection.channel.direct.SessionFactory; import net.schmizz.sshj.connection.channel.direct.SessionFactory;
import net.schmizz.sshj.xfer.FilePermission; import net.schmizz.sshj.xfer.FilePermission;
import net.schmizz.sshj.xfer.LocalDestFile; import net.schmizz.sshj.xfer.LocalDestFile;
@@ -25,6 +26,8 @@ import java.io.Closeable;
import java.io.IOException; import java.io.IOException;
import java.util.*; import java.util.*;
import static com.hierynomus.sshj.sftp.RemoteResourceFilterConverter.selectorFrom;
public class SFTPClient public class SFTPClient
implements Closeable { implements Closeable {
@@ -57,16 +60,18 @@ public class SFTPClient
public List<RemoteResourceInfo> ls(String path) public List<RemoteResourceInfo> ls(String path)
throws IOException { throws IOException {
return ls(path, null); return ls(path, RemoteResourceSelector.ALL);
} }
public List<RemoteResourceInfo> ls(String path, RemoteResourceFilter filter) public List<RemoteResourceInfo> ls(String path, RemoteResourceFilter filter)
throws IOException { throws IOException {
final RemoteDirectory dir = engine.openDir(path); return ls(path, selectorFrom(filter));
try { }
return dir.scan(filter);
} finally { public List<RemoteResourceInfo> ls(String path, RemoteResourceSelector selector)
dir.close(); throws IOException {
try (RemoteDirectory dir = engine.openDir(path)) {
return dir.scan(selector == null ? RemoteResourceSelector.ALL : selector);
} }
} }

8
src/main/java/net/schmizz/sshj/sftp/SFTPEngine.java
View File

@@ -17,7 +17,6 @@ package net.schmizz.sshj.sftp;
import com.hierynomus.sshj.common.ThreadNameProvider; import com.hierynomus.sshj.common.ThreadNameProvider;
import net.schmizz.concurrent.Promise; import net.schmizz.concurrent.Promise;
import net.schmizz.sshj.common.IOUtils;
import net.schmizz.sshj.common.LoggerFactory; import net.schmizz.sshj.common.LoggerFactory;
import net.schmizz.sshj.common.SSHException; import net.schmizz.sshj.common.SSHException;
import net.schmizz.sshj.connection.channel.direct.Session; import net.schmizz.sshj.connection.channel.direct.Session;
@@ -28,6 +27,7 @@ import java.io.Closeable;
import java.io.IOException; import java.io.IOException;
import java.io.OutputStream; import java.io.OutputStream;
import java.nio.charset.Charset; import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.EnumSet; import java.util.EnumSet;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
@@ -48,6 +48,7 @@ public class SFTPEngine
protected final PathHelper pathHelper; protected final PathHelper pathHelper;
private final Session session;
protected final Session.Subsystem sub; protected final Session.Subsystem sub;
protected final PacketReader reader; protected final PacketReader reader;
protected final OutputStream out; protected final OutputStream out;
@@ -63,7 +64,7 @@ public class SFTPEngine
public SFTPEngine(SessionFactory ssh, String pathSep) public SFTPEngine(SessionFactory ssh, String pathSep)
throws SSHException { throws SSHException {
Session session = ssh.startSession(); session = ssh.startSession();
loggerFactory = session.getLoggerFactory(); loggerFactory = session.getLoggerFactory();
log = loggerFactory.getLogger(getClass()); log = loggerFactory.getLogger(getClass());
sub = session.startSubsystem("sftp"); sub = session.startSubsystem("sftp");
@@ -346,6 +347,7 @@ public class SFTPEngine
throws IOException { throws IOException {
sub.close(); sub.close();
reader.interrupt(); reader.interrupt();
session.close();
} }
protected LoggerFactory getLoggerFactory() { protected LoggerFactory getLoggerFactory() {
@@ -371,7 +373,7 @@ public class SFTPEngine
/** Using UTF-8 */ /** Using UTF-8 */
protected static String readSingleName(Response res) protected static String readSingleName(Response res)
throws IOException { throws IOException {
return readSingleName(res, IOUtils.UTF8); return readSingleName(res, StandardCharsets.UTF_8);
} }
/** Using any character set */ /** Using any character set */

28
src/main/java/net/schmizz/sshj/sftp/SFTPFileTransfer.java
View File

@@ -52,7 +52,7 @@ public class SFTPFileTransfer
throws IOException { throws IOException {
upload(source, dest, 0); upload(source, dest, 0);
} }
@Override @Override
public void upload(String source, String dest, long byteOffset) public void upload(String source, String dest, long byteOffset)
throws IOException { throws IOException {
@@ -64,7 +64,7 @@ public class SFTPFileTransfer
throws IOException { throws IOException {
download(source, dest, 0); download(source, dest, 0);
} }
@Override @Override
public void download(String source, String dest, long byteOffset) public void download(String source, String dest, long byteOffset)
throws IOException { throws IOException {
@@ -75,7 +75,7 @@ public class SFTPFileTransfer
public void upload(LocalSourceFile localFile, String remotePath) throws IOException { public void upload(LocalSourceFile localFile, String remotePath) throws IOException {
upload(localFile, remotePath, 0); upload(localFile, remotePath, 0);
} }
@Override @Override
public void upload(LocalSourceFile localFile, String remotePath, long byteOffset) throws IOException { public void upload(LocalSourceFile localFile, String remotePath, long byteOffset) throws IOException {
new Uploader(localFile, remotePath).upload(getTransferListener(), byteOffset); new Uploader(localFile, remotePath).upload(getTransferListener(), byteOffset);
@@ -85,7 +85,7 @@ public class SFTPFileTransfer
public void download(String source, LocalDestFile dest) throws IOException { public void download(String source, LocalDestFile dest) throws IOException {
download(source, dest, 0); download(source, dest, 0);
} }
@Override @Override
public void download(String source, LocalDestFile dest, long byteOffset) throws IOException { public void download(String source, LocalDestFile dest, long byteOffset) throws IOException {
final PathComponents pathComponents = engine.getPathHelper().getComponents(source); final PathComponents pathComponents = engine.getPathHelper().getComponents(source);
@@ -140,12 +140,9 @@ public class SFTPFileTransfer
final LocalDestFile local) final LocalDestFile local)
throws IOException { throws IOException {
final LocalDestFile adjusted = local.getTargetDirectory(remote.getName()); final LocalDestFile adjusted = local.getTargetDirectory(remote.getName());
final RemoteDirectory rd = engine.openDir(remote.getPath()); try (RemoteDirectory rd = engine.openDir(remote.getPath())) {
try {
for (RemoteResourceInfo rri : rd.scan(getDownloadFilter())) for (RemoteResourceInfo rri : rd.scan(getDownloadFilter()))
download(listener, rri, adjusted.getChild(rri.getName()), 0); // not supporting individual byte offsets for these files download(listener, rri, adjusted.getChild(rri.getName()), 0); // not supporting individual byte offsets for these files
} finally {
rd.close();
} }
return adjusted; return adjusted;
} }
@@ -156,23 +153,16 @@ public class SFTPFileTransfer
final long byteOffset) final long byteOffset)
throws IOException { throws IOException {
final LocalDestFile adjusted = local.getTargetFile(remote.getName()); final LocalDestFile adjusted = local.getTargetFile(remote.getName());
final RemoteFile rf = engine.open(remote.getPath()); try (RemoteFile rf = engine.open(remote.getPath())) {
try {
log.debug("Attempting to download {} with offset={}", remote.getPath(), byteOffset); log.debug("Attempting to download {} with offset={}", remote.getPath(), byteOffset);
final RemoteFile.ReadAheadRemoteFileInputStream rfis = rf.new ReadAheadRemoteFileInputStream(16, byteOffset); try (RemoteFile.ReadAheadRemoteFileInputStream rfis = rf.new ReadAheadRemoteFileInputStream(16, byteOffset);
final OutputStream os = adjusted.getOutputStream(byteOffset != 0); OutputStream os = adjusted.getOutputStream(byteOffset != 0)) {
try {
new StreamCopier(rfis, os, engine.getLoggerFactory()) new StreamCopier(rfis, os, engine.getLoggerFactory())
.bufSize(engine.getSubsystem().getLocalMaxPacketSize()) .bufSize(engine.getSubsystem().getLocalMaxPacketSize())
.keepFlushing(false) .keepFlushing(false)
.listener(listener) .listener(listener)
.copy(); .copy();
} finally {
rfis.close();
os.close();
} }
} finally {
rf.close();
} }
return adjusted; return adjusted;
} }
@@ -266,7 +256,7 @@ public class SFTPFileTransfer
// Starting at some offset, append // Starting at some offset, append
modes = EnumSet.of(OpenMode.WRITE, OpenMode.APPEND); modes = EnumSet.of(OpenMode.WRITE, OpenMode.APPEND);
} }
log.debug("Attempting to upload {} with offset={}", local.getName(), byteOffset); log.debug("Attempting to upload {} with offset={}", local.getName(), byteOffset);
rf = engine.open(adjusted, modes); rf = engine.open(adjusted, modes);
fis = local.getInputStream(); fis = local.getInputStream();

22
src/main/java/net/schmizz/sshj/sftp/StatefulSFTPClient.java
View File

@@ -15,6 +15,7 @@
*/ */
package net.schmizz.sshj.sftp; package net.schmizz.sshj.sftp;
import com.hierynomus.sshj.sftp.RemoteResourceSelector;
import net.schmizz.sshj.connection.channel.direct.SessionFactory; import net.schmizz.sshj.connection.channel.direct.SessionFactory;
import net.schmizz.sshj.xfer.LocalDestFile; import net.schmizz.sshj.xfer.LocalDestFile;
import net.schmizz.sshj.xfer.LocalSourceFile; import net.schmizz.sshj.xfer.LocalSourceFile;
@@ -23,6 +24,8 @@ import java.io.IOException;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
import static com.hierynomus.sshj.sftp.RemoteResourceFilterConverter.selectorFrom;
public class StatefulSFTPClient public class StatefulSFTPClient
extends SFTPClient { extends SFTPClient {
@@ -57,7 +60,7 @@ public class StatefulSFTPClient
public synchronized List<RemoteResourceInfo> ls() public synchronized List<RemoteResourceInfo> ls()
throws IOException { throws IOException {
return ls(cwd, null); return ls(cwd, RemoteResourceSelector.ALL);
} }
public synchronized List<RemoteResourceInfo> ls(RemoteResourceFilter filter) public synchronized List<RemoteResourceInfo> ls(RemoteResourceFilter filter)
@@ -70,20 +73,21 @@ public class StatefulSFTPClient
return super.canonicalize(cwd); return super.canonicalize(cwd);
} }
@Override
public List<RemoteResourceInfo> ls(String path) public List<RemoteResourceInfo> ls(String path)
throws IOException { throws IOException {
return ls(path, null); return ls(path, RemoteResourceSelector.ALL);
}
public List<RemoteResourceInfo> ls(String path, RemoteResourceFilter filter)
throws IOException {
return ls(path, selectorFrom(filter));
} }
@Override @Override
public List<RemoteResourceInfo> ls(String path, RemoteResourceFilter filter) public List<RemoteResourceInfo> ls(String path, RemoteResourceSelector selector)
throws IOException { throws IOException {
final RemoteDirectory dir = getSFTPEngine().openDir(cwdify(path)); try (RemoteDirectory dir = getSFTPEngine().openDir(cwdify(path))) {
try { return dir.scan(selector == null ? RemoteResourceSelector.ALL : selector);
return dir.scan(filter);
} finally {
dir.close();
} }
} }

2
src/main/java/net/schmizz/sshj/signature/SignatureECDSA.java
View File

@@ -77,7 +77,7 @@ public class SignatureECDSA extends AbstractSignatureDSA {
} }
private String keyTypeName; private final String keyTypeName;
public SignatureECDSA(String algorithm, String keyTypeName) { public SignatureECDSA(String algorithm, String keyTypeName) {
super(algorithm, keyTypeName); super(algorithm, keyTypeName);

2
src/main/java/net/schmizz/sshj/signature/SignatureRSA.java
View File

@@ -87,7 +87,7 @@ public class SignatureRSA
} }
private KeyType keyType; private final KeyType keyType;
public SignatureRSA(String algorithm, KeyType keyType, String name) { public SignatureRSA(String algorithm, KeyType keyType, String name) {

7
src/main/java/net/schmizz/sshj/transport/TransportImpl.java
View File

@@ -33,6 +33,7 @@ import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.io.OutputStream; import java.io.OutputStream;
import java.net.InetSocketAddress; import java.net.InetSocketAddress;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
@@ -207,7 +208,7 @@ public final class TransportImpl
*/ */
private void sendClientIdent() throws IOException { private void sendClientIdent() throws IOException {
log.info("Client identity string: {}", clientID); log.info("Client identity string: {}", clientID);
connInfo.out.write((clientID + "\r\n").getBytes(IOUtils.UTF8)); connInfo.out.write((clientID + "\r\n").getBytes(StandardCharsets.UTF_8));
connInfo.out.flush(); connInfo.out.flush();
} }
@@ -420,9 +421,9 @@ public final class TransportImpl
try { try {
if (kexer.isKexOngoing()) { if (kexer.isKexOngoing()) {
// Only transport layer packets (1 to 49) allowed except SERVICE_REQUEST // Only transport layer packets (1 to 49) allowed except SERVICE_REQUEST and IGNORE
final Message m = Message.fromByte(payload.array()[payload.rpos()]); final Message m = Message.fromByte(payload.array()[payload.rpos()]);
if (!m.in(1, 49) || m == Message.SERVICE_REQUEST) { if (!m.in(1, 49) || m == Message.SERVICE_REQUEST || m == Message.IGNORE) {
assert m != Message.KEXINIT; assert m != Message.KEXINIT;
kexer.waitForDone(); kexer.waitForDone();
} }

38
src/main/java/net/schmizz/sshj/transport/kex/Curve25519DH.java
View File

@@ -34,13 +34,14 @@ public class Curve25519DH extends DHBase {
private static final String ALGORITHM = "X25519"; private static final String ALGORITHM = "X25519";
private static final int ENCODED_ALGORITHM_ID_KEY_LENGTH = 44;
private static final int ALGORITHM_ID_LENGTH = 12;
private static final int KEY_LENGTH = 32; private static final int KEY_LENGTH = 32;
private final byte[] algorithmId = new byte[ALGORITHM_ID_LENGTH]; private int encodedKeyLength;
private int algorithmIdLength;
// Algorithm Identifier is set on Key Agreement Initialization
private byte[] algorithmId = new byte[KEY_LENGTH];
public Curve25519DH() { public Curve25519DH() {
super(ALGORITHM, ALGORITHM); super(ALGORITHM, ALGORITHM);
@@ -81,23 +82,24 @@ public class Curve25519DH extends DHBase {
private void setPublicKey(final PublicKey publicKey) { private void setPublicKey(final PublicKey publicKey) {
final byte[] encoded = publicKey.getEncoded(); final byte[] encoded = publicKey.getEncoded();
// Encoded public key consists of the algorithm identifier and public key // Set key and algorithm identifier lengths based on initialized Public Key
if (encoded.length == ENCODED_ALGORITHM_ID_KEY_LENGTH) { encodedKeyLength = encoded.length;
final byte[] publicKeyEncoded = new byte[KEY_LENGTH]; algorithmIdLength = encodedKeyLength - KEY_LENGTH;
System.arraycopy(encoded, ALGORITHM_ID_LENGTH, publicKeyEncoded, 0, KEY_LENGTH); algorithmId = new byte[algorithmIdLength];
setE(publicKeyEncoded);
// Save Algorithm Identifier byte array // Encoded public key consists of the algorithm identifier and public key
System.arraycopy(encoded, 0, algorithmId, 0, ALGORITHM_ID_LENGTH); final byte[] publicKeyEncoded = new byte[KEY_LENGTH];
} else { System.arraycopy(encoded, algorithmIdLength, publicKeyEncoded, 0, KEY_LENGTH);
throw new IllegalArgumentException(String.format("X25519 unsupported public key length [%d]", encoded.length)); setE(publicKeyEncoded);
}
// Save Algorithm Identifier byte array
System.arraycopy(encoded, 0, algorithmId, 0, algorithmIdLength);
} }
private KeySpec getPeerPublicKeySpec(final byte[] peerPublicKey) { private KeySpec getPeerPublicKeySpec(final byte[] peerPublicKey) {
final byte[] encodedKeySpec = new byte[ENCODED_ALGORITHM_ID_KEY_LENGTH]; final byte[] encodedKeySpec = new byte[encodedKeyLength];
System.arraycopy(algorithmId, 0, encodedKeySpec, 0, ALGORITHM_ID_LENGTH); System.arraycopy(algorithmId, 0, encodedKeySpec, 0, algorithmIdLength);
System.arraycopy(peerPublicKey, 0, encodedKeySpec, ALGORITHM_ID_LENGTH, KEY_LENGTH); System.arraycopy(peerPublicKey, 0, encodedKeySpec, algorithmIdLength, KEY_LENGTH);
return new X509EncodedKeySpec(encodedKeySpec); return new X509EncodedKeySpec(encodedKeySpec);
} }
} }

2
src/main/java/net/schmizz/sshj/transport/kex/ECDHNistP.java
View File

@@ -25,7 +25,7 @@ import java.security.spec.ECGenParameterSpec;
public class ECDHNistP extends AbstractDHG { public class ECDHNistP extends AbstractDHG {
private String curve; private final String curve;
/** Named factory for ECDHNistP key exchange */ /** Named factory for ECDHNistP key exchange */
public static class Factory521 public static class Factory521

39
src/main/java/net/schmizz/sshj/transport/random/BouncyCastleFipsRandom.java Normal file
View File

@@ -0,0 +1,39 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.schmizz.sshj.transport.random;
/**
* BouncyCastle <code>Random</code>. This pseudo random number generator uses BouncyCastle fips.
* The JRE random will be used when creating a new generator to add some random data to the seed.
*/
public class BouncyCastleFipsRandom extends SecureRandomProvider {
/** Named factory for the BouncyCastle <code>Random</code> */
public static class Factory
implements net.schmizz.sshj.common.Factory<Random> {
@Override
public Random create() {
return new BouncyCastleFipsRandom();
}
}
public BouncyCastleFipsRandom() {
super("DEFAULT", "BCFIPS");
}
}

54
src/main/java/net/schmizz/sshj/transport/random/BouncyCastleRandom.java
View File

@@ -13,27 +13,32 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.schmizz.sshj.transport.random; package net.schmizz.sshj.transport.random;
import org.bouncycastle.crypto.prng.RandomGenerator;
import org.bouncycastle.crypto.prng.VMPCRandomGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.security.SecureRandom;
/** /**
* BouncyCastle <code>Random</code>. This pseudo random number generator uses the a very fast PRNG from BouncyCastle. * BouncyCastle <code>Random</code>. This pseudo random number generator uses BouncyCastle non fips.
* The JRE random will be used when creating a new generator to add some random data to the seed. * The JRE random will be used when creating a new generator to add some random data to the seed.
*/ */
public class BouncyCastleRandom public class BouncyCastleRandom extends SecureRandomProvider {
implements Random {
private static final Logger logger = LoggerFactory.getLogger(BouncyCastleRandom.class);
/** Named factory for the BouncyCastle <code>Random</code> */ /** Named factory for the BouncyCastle <code>Random</code> */
public static class Factory public static class Factory
implements net.schmizz.sshj.common.Factory<Random> { implements net.schmizz.sshj.common.Factory<Random> {
@Override @Override
public Random create() { public Random create() {
@@ -42,24 +47,7 @@ public class BouncyCastleRandom
} }
private final RandomGenerator random = new VMPCRandomGenerator();
public BouncyCastleRandom() { public BouncyCastleRandom() {
logger.info("Generating random seed from SecureRandom."); super("DEFAULT", "BC");
long t = System.currentTimeMillis();
byte[] seed = new SecureRandom().generateSeed(8);
logger.debug("Creating random seed took {} ms", System.currentTimeMillis() - t);
random.addSeedMaterial(seed);
} }
@Override
public void fill(byte[] bytes, int start, int len) {
random.nextBytes(bytes, start, len);
}
@Override
public void fill(byte[] bytes) {
random.nextBytes(bytes);
}
} }

41
src/main/java/net/schmizz/sshj/transport/random/JCERandom.java
View File

@@ -15,16 +15,11 @@
*/ */
package net.schmizz.sshj.transport.random; package net.schmizz.sshj.transport.random;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.security.SecureRandom; import java.security.SecureRandom;
/** A {@link Random} implementation using the built-in {@link SecureRandom} PRNG. */ /** A {@link Random} implementation using the built-in {@link SecureRandom} PRNG. */
public class JCERandom public class JCERandom extends SecureRandomProvider {
implements Random {
private static final Logger logger = LoggerFactory.getLogger(JCERandom.class);
/** Named factory for the JCE {@link Random} */ /** Named factory for the JCE {@link Random} */
public static class Factory public static class Factory
implements net.schmizz.sshj.common.Factory.Named<Random> { implements net.schmizz.sshj.common.Factory.Named<Random> {
@@ -41,39 +36,7 @@ public class JCERandom
} }
private byte[] tmp = new byte[16];
private final SecureRandom random;
JCERandom() { JCERandom() {
logger.info("Creating new SecureRandom."); super();
long t = System.currentTimeMillis();
random = new SecureRandom();
logger.debug("Random creation took {} ms", System.currentTimeMillis() - t);
}
/**
* Fill the given byte-array with random bytes from this PRNG.
*
* @param foo the byte-array
* @param start the offset to start at
* @param len the number of bytes to fill
*/
@Override
public synchronized void fill(byte[] foo, int start, int len) {
if (start == 0 && len == foo.length) {
random.nextBytes(foo);
} else {
synchronized (this) {
if (len > tmp.length)
tmp = new byte[len];
random.nextBytes(tmp);
System.arraycopy(tmp, 0, foo, start, len);
}
}
}
@Override
public void fill(final byte[] bytes) {
random.nextBytes(bytes);
} }
} }

75
src/main/java/net/schmizz/sshj/transport/random/SecureRandomProvider.java Normal file
View File

@@ -0,0 +1,75 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.schmizz.sshj.transport.random;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class SecureRandomProvider implements Random{
private static final Logger logger = LoggerFactory.getLogger(SecureRandomProvider.class);
private byte[] tmp = new byte[16];
private SecureRandom random;
protected SecureRandomProvider() {
this.random = newRandom();
}
protected SecureRandomProvider(String algorithm, String provider) {
this.random = newRandom(algorithm, provider);
}
private static SecureRandom newRandom() {
return new SecureRandom();
}
private static SecureRandom newRandom(String algorithm, String provider) {
logger.info("Generating random seed from SecureRandom of {}.", provider);
long t = System.currentTimeMillis();
try {
// Use SecureRandom with the provider
return SecureRandom.getInstance(algorithm, provider);
} catch (NoSuchProviderException e) {
throw new RuntimeException(String.format("%s provider is not in the classpath", provider), e);
} catch (Exception e) {
throw new RuntimeException(String.format("Failed to initialize SecureRandom with %s provider", provider), e);
} finally {
logger.debug("Creating random seed took {} ms", System.currentTimeMillis() - t);
}
}
@Override
public synchronized void fill(byte[] bytes, int start, int len) {
if (start == 0 && len == bytes.length) {
random.nextBytes(bytes);
} else {
synchronized (this) {
if (len > tmp.length) tmp = new byte[len];
random.nextBytes(tmp);
System.arraycopy(tmp, 0, bytes, start, len);
}
}
}
@Override
public void fill(byte[] bytes) {
random.nextBytes(bytes);
}
}

24
src/main/java/net/schmizz/sshj/transport/verification/OpenSSHKnownHosts.java
View File

@@ -18,13 +18,7 @@ package net.schmizz.sshj.transport.verification;
import com.hierynomus.sshj.common.KeyAlgorithm; import com.hierynomus.sshj.common.KeyAlgorithm;
import com.hierynomus.sshj.transport.verification.KnownHostMatchers; import com.hierynomus.sshj.transport.verification.KnownHostMatchers;
import com.hierynomus.sshj.userauth.certificate.Certificate; import com.hierynomus.sshj.userauth.certificate.Certificate;
import net.schmizz.sshj.common.Buffer; import net.schmizz.sshj.common.*;
import net.schmizz.sshj.common.IOUtils;
import net.schmizz.sshj.common.KeyType;
import net.schmizz.sshj.common.LoggerFactory;
import net.schmizz.sshj.common.SSHException;
import net.schmizz.sshj.common.SSHRuntimeException;
import net.schmizz.sshj.common.SecurityUtils;
import org.slf4j.Logger; import org.slf4j.Logger;
import java.io.BufferedOutputStream; import java.io.BufferedOutputStream;
@@ -37,6 +31,7 @@ import java.io.FileWriter;
import java.io.IOException; import java.io.IOException;
import java.io.Reader; import java.io.Reader;
import java.math.BigInteger; import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory; import java.security.KeyFactory;
import java.security.PublicKey; import java.security.PublicKey;
import java.security.spec.RSAPublicKeySpec; import java.security.spec.RSAPublicKeySpec;
@@ -192,12 +187,9 @@ public class OpenSSHKnownHosts
public void write() public void write()
throws IOException { throws IOException {
final BufferedOutputStream bos = new BufferedOutputStream(new FileOutputStream(khFile)); try (BufferedOutputStream bos = new BufferedOutputStream(new FileOutputStream(khFile))) {
try {
for (KnownHostEntry entry : entries) for (KnownHostEntry entry : entries)
bos.write((entry.getLine() + LS).getBytes(IOUtils.UTF8)); bos.write((entry.getLine() + LS).getBytes(StandardCharsets.UTF_8));
} finally {
bos.close();
} }
} }
@@ -290,10 +282,10 @@ public class OpenSSHKnownHosts
if (type != KeyType.UNKNOWN) { if (type != KeyType.UNKNOWN) {
final String sKey = split[i++]; final String sKey = split[i++];
try { try {
byte[] keyBytes = Base64.getDecoder().decode(sKey); byte[] keyBytes = Base64Decoder.decode(sKey);
key = new Buffer.PlainBuffer(keyBytes).readPublicKey(); key = new Buffer.PlainBuffer(keyBytes).readPublicKey();
} catch (IOException ioe) { } catch (IOException | Base64DecodingException exception) {
log.warn("Error decoding Base64 key bytes", ioe); log.warn("Error decoding Base64 key bytes", exception);
return new BadHostEntry(line); return new BadHostEntry(line);
} }
} else if (isBits(sType)) { } else if (isBits(sType)) {
@@ -483,7 +475,7 @@ public class OpenSSHKnownHosts
} }
public static class BadHostEntry implements KnownHostEntry { public static class BadHostEntry implements KnownHostEntry {
private String line; private final String line;
public BadHostEntry(String line) { public BadHostEntry(String line) {
this.line = line; this.line = line;

29
src/main/java/net/schmizz/sshj/userauth/keyprovider/BaseFileKeyProvider.java
View File

@@ -34,38 +34,47 @@ public abstract class BaseFileKeyProvider implements FileKeyProvider {
@Override @Override
public void init(Reader location) { public void init(Reader location) {
assert location != null; this.init(location, (PasswordFinder) null);
resource = new PrivateKeyReaderResource(location);
} }
@Override @Override
public void init(Reader location, PasswordFinder pwdf) { public void init(Reader location, PasswordFinder pwdf) {
init(location); this.init(location, null, pwdf);
}
@Override
public void init(Reader privateKey, Reader publicKey) {
this.init(privateKey, publicKey, null);
}
@Override
public void init(Reader privateKey, Reader publicKey, PasswordFinder pwdf) {
assert publicKey == null;
this.resource = new PrivateKeyReaderResource(privateKey);
this.pwdf = pwdf; this.pwdf = pwdf;
} }
@Override @Override
public void init(File location) { public void init(File location) {
assert location != null; this.init(location, null);
resource = new PrivateKeyFileResource(location.getAbsoluteFile());
} }
@Override @Override
public void init(File location, PasswordFinder pwdf) { public void init(File location, PasswordFinder pwdf) {
init(location); this.resource = new PrivateKeyFileResource(location.getAbsoluteFile());
this.pwdf = pwdf; this.pwdf = pwdf;
} }
@Override @Override
public void init(String privateKey, String publicKey) { public void init(String privateKey, String publicKey) {
assert privateKey != null; this.init(privateKey, publicKey, null);
assert publicKey == null;
resource = new PrivateKeyStringResource(privateKey);
} }
@Override @Override
public void init(String privateKey, String publicKey, PasswordFinder pwdf) { public void init(String privateKey, String publicKey, PasswordFinder pwdf) {
init(privateKey, publicKey); assert privateKey != null;
assert publicKey == null;
this.resource = new PrivateKeyStringResource(privateKey);
this.pwdf = pwdf; this.pwdf = pwdf;
} }

149
src/main/java/net/schmizz/sshj/userauth/keyprovider/EncryptedPEMKeyReader.java Normal file
View File

@@ -0,0 +1,149 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.schmizz.sshj.userauth.keyprovider;
import com.hierynomus.sshj.common.KeyDecryptionFailedException;
import net.schmizz.sshj.common.ByteArrayUtils;
import net.schmizz.sshj.userauth.password.PasswordFinder;
import net.schmizz.sshj.userauth.password.PasswordUtils;
import net.schmizz.sshj.userauth.password.Resource;
import org.bouncycastle.openssl.PEMDecryptor;
import org.bouncycastle.openssl.PEMDecryptorProvider;
import org.bouncycastle.openssl.PEMException;
import org.bouncycastle.openssl.bc.BcPEMDecryptorProvider;
import org.bouncycastle.operator.OperatorCreationException;
import java.io.BufferedReader;
import java.io.IOException;
import java.util.List;
import java.util.Objects;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
/**
* PEM Key Reader implementation supporting historical password-based encryption from OpenSSL EVP_BytesToKey
*/
class EncryptedPEMKeyReader extends StandardPEMKeyReader {
private static final String PROC_TYPE_ENCRYPTED_HEADER = "Proc-Type: 4,ENCRYPTED";
private static final Pattern DEK_INFO_PATTERN = Pattern.compile("^DEK-Info: ([A-Z0-9\\-]+),([A-F0-9]{16,32})$");
private static final int DEK_INFO_ALGORITHM_GROUP = 1;
private static final int DEK_INFO_IV_GROUP = 2;
private final PasswordFinder passwordFinder;
private final Resource<?> resource;
EncryptedPEMKeyReader(final PasswordFinder passwordFinder, final Resource<?> resource) {
this.passwordFinder = Objects.requireNonNull(passwordFinder, "Password Finder required");
this.resource = Objects.requireNonNull(resource, "Resource required");
}
@Override
public PEMKey readPemKey(final BufferedReader bufferedReader) throws IOException {
final PEMKey pemKey = super.readPemKey(bufferedReader);
final List<String> headers = pemKey.getHeaders();
final PEMKey processedPemKey;
if (isEncrypted(headers)) {
processedPemKey = readEncryptedPemKey(pemKey);
} else {
processedPemKey = pemKey;
}
return processedPemKey;
}
private boolean isEncrypted(final List<String> headers) {
return headers.contains(PROC_TYPE_ENCRYPTED_HEADER);
}
private PEMKey readEncryptedPemKey(final PEMKey pemKey) throws IOException {
final List<String> headers = pemKey.getHeaders();
final DataEncryptionKeyInfo dataEncryptionKeyInfo = getDataEncryptionKeyInfo(headers);
final byte[] pemKeyBody = pemKey.getBody();
byte[] decryptedPemKeyBody = null;
char[] password = passwordFinder.reqPassword(resource);
while (password != null) {
try {
decryptedPemKeyBody = getDecryptedPemKeyBody(password, pemKeyBody, dataEncryptionKeyInfo);
break;
} catch (final KeyDecryptionFailedException e) {
if (passwordFinder.shouldRetry(resource)) {
password = passwordFinder.reqPassword(resource);
} else {
throw e;
}
}
}
if (decryptedPemKeyBody == null) {
throw new KeyDecryptionFailedException("PEM Key password-based decryption failed");
}
return new PEMKey(pemKey.getPemKeyType(), headers, decryptedPemKeyBody);
}
private byte[] getDecryptedPemKeyBody(final char[] password, final byte[] pemKeyBody, final DataEncryptionKeyInfo dataEncryptionKeyInfo) throws IOException {
final String algorithm = dataEncryptionKeyInfo.algorithm;
try {
final PEMDecryptorProvider pemDecryptorProvider = new BcPEMDecryptorProvider(password);
final PEMDecryptor pemDecryptor = pemDecryptorProvider.get(algorithm);
final byte[] initializationVector = dataEncryptionKeyInfo.initializationVector;
return pemDecryptor.decrypt(pemKeyBody, initializationVector);
} catch (final OperatorCreationException e) {
throw new IOException(String.format("PEM decryption support not found for algorithm [%s]", algorithm), e);
} catch (final PEMException e) {
throw new KeyDecryptionFailedException(String.format("PEM Key decryption failed for algorithm [%s]", algorithm), e);
} finally {
PasswordUtils.blankOut(password);
}
}
private DataEncryptionKeyInfo getDataEncryptionKeyInfo(final List<String> headers) throws IOException {
DataEncryptionKeyInfo dataEncryptionKeyInfo = null;
for (final String header : headers) {
final Matcher matcher = DEK_INFO_PATTERN.matcher(header);
if (matcher.matches()) {
final String algorithm = matcher.group(DEK_INFO_ALGORITHM_GROUP);
final String initializationVectorGroup = matcher.group(DEK_INFO_IV_GROUP);
final byte[] initializationVector = ByteArrayUtils.parseHex(initializationVectorGroup);
dataEncryptionKeyInfo = new DataEncryptionKeyInfo(algorithm, initializationVector);
}
}
if (dataEncryptionKeyInfo == null) {
throw new IOException("Data Encryption Key Information header [DEK-Info] not found");
}
return dataEncryptionKeyInfo;
}
private static class DataEncryptionKeyInfo {
private final String algorithm;
private final byte[] initializationVector;
private DataEncryptionKeyInfo(final String algorithm, final byte[] initializationVector) {
this.algorithm = algorithm;
this.initializationVector = initializationVector;
}
}
}

4
src/main/java/net/schmizz/sshj/userauth/keyprovider/FileKeyProvider.java
View File

@@ -30,6 +30,10 @@ public interface FileKeyProvider
void init(Reader location); void init(Reader location);
void init(Reader privateKey, Reader publicKey);
void init(Reader privateKey, Reader publicKey, PasswordFinder pwdf);
void init(Reader location, PasswordFinder pwdf); void init(Reader location, PasswordFinder pwdf);
void init(String privateKey, String publicKey); void init(String privateKey, String publicKey);

25
src/main/java/net/schmizz/sshj/userauth/keyprovider/OpenSSHKeyFile.java
View File

@@ -16,6 +16,7 @@
package net.schmizz.sshj.userauth.keyprovider; package net.schmizz.sshj.userauth.keyprovider;
import com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyFileUtil; import com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyFileUtil;
import net.schmizz.sshj.userauth.password.PasswordFinder;
import java.io.*; import java.io.*;
import java.security.PublicKey; import java.security.PublicKey;
@@ -54,21 +55,22 @@ public class OpenSSHKeyFile
} }
@Override @Override
public void init(File location) { public void init(File location, PasswordFinder pwdf) {
// try cert key location first // try cert key location first
File pubKey = OpenSSHKeyFileUtil.getPublicKeyFile(location); File pubKey = OpenSSHKeyFileUtil.getPublicKeyFile(location);
if (pubKey != null) if (pubKey != null) {
try { try {
initPubKey(new FileReader(pubKey)); initPubKey(new FileReader(pubKey));
} catch (IOException e) { } catch (IOException e) {
// let super provide both public & private key // let super provide both public & private key
log.warn("Error reading public key file: {}", e.toString()); log.warn("Error reading public key file: {}", e.toString());
} }
super.init(location); }
super.init(location, pwdf);
} }
@Override @Override
public void init(String privateKey, String publicKey) { public void init(String privateKey, String publicKey, PasswordFinder pwdf) {
if (publicKey != null) { if (publicKey != null) {
try { try {
initPubKey(new StringReader(publicKey)); initPubKey(new StringReader(publicKey));
@@ -77,7 +79,20 @@ public class OpenSSHKeyFile
log.warn("Error reading public key: {}", e.toString()); log.warn("Error reading public key: {}", e.toString());
} }
} }
super.init(privateKey, null); super.init(privateKey, null, pwdf);
}
@Override
public void init(Reader privateKey, Reader publicKey, PasswordFinder pwdf) {
if (publicKey != null) {
try {
initPubKey(publicKey);
} catch (IOException e) {
// let super provide both public & private key
log.warn("Error reading public key: {}", e.toString());
}
}
super.init(privateKey, null, pwdf);
} }
/** /**

75
src/main/java/net/schmizz/sshj/userauth/keyprovider/PEMKey.java Normal file
View File

@@ -0,0 +1,75 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.schmizz.sshj.userauth.keyprovider;
import java.util.List;
import java.util.Objects;
/**
* PEM Key container with identified Key Type and decoded body
*/
public class PEMKey {
private final PEMKeyType pemKeyType;
private final List<String> headers;
private final byte[] body;
PEMKey(final PEMKeyType pemKeyType, final List<String> headers, final byte[] body) {
this.pemKeyType = Objects.requireNonNull(pemKeyType, "PEM Key Type required");
this.headers = Objects.requireNonNull(headers, "Headers required");
this.body = Objects.requireNonNull(body, "Body required");
}
PEMKeyType getPemKeyType() {
return pemKeyType;
}
List<String> getHeaders() {
return headers;
}
byte[] getBody() {
return body.clone();
}
public enum PEMKeyType {
/** RFC 3279 Section 2.3.2 */
DSA("-----BEGIN DSA PRIVATE KEY-----"),
/** RFC 5915 Section 3 */
EC("-----BEGIN EC PRIVATE KEY-----"),
/** RFC 8017 Appendix 1.2 */
RSA("-----BEGIN RSA PRIVATE KEY-----"),
/** RFC 5208 Section 5 */
PKCS8("-----BEGIN PRIVATE KEY-----"),
/** RFC 5208 Section 6 */
PKCS8_ENCRYPTED("-----BEGIN ENCRYPTED PRIVATE KEY-----");
private final String header;
PEMKeyType(final String header) {
this.header = header;
}
String getHeader() {
return header;
}
}
}

20
src/main/java/net/schmizz/sshj/userauth/keyprovider/pkcs/KeyPairConverter.java → src/main/java/net/schmizz/sshj/userauth/keyprovider/PEMKeyReader.java
View File

@@ -13,23 +13,21 @@
* See the License for the specific language governing permissions and * See the License for the specific language governing permissions and
* limitations under the License. * limitations under the License.
*/ */
package net.schmizz.sshj.userauth.keyprovider.pkcs; package net.schmizz.sshj.userauth.keyprovider;
import org.bouncycastle.openssl.PEMKeyPair;
import java.io.BufferedReader;
import java.io.IOException; import java.io.IOException;
/** /**
* Converter from typed object to PEM Key Pair * Abstraction for parsing and returning PEM Keys
* @param <T> Object Type
*/ */
public interface KeyPairConverter<T> { interface PEMKeyReader {
/** /**
* Get PEM Key Pair from typed object * Read PEM Key from buffered reader
* *
* @param object Typed Object * @param bufferedReader Buffered Reader containing lines from resource reader
* @return PEM Key Pair * @return PEM Key
* @throws IOException Thrown on conversion failures * @throws IOException Thrown on failure to read PEM Key from resources
*/ */
PEMKeyPair getKeyPair(T object) throws IOException; PEMKey readPemKey(BufferedReader bufferedReader) throws IOException;
} }

464
src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS8KeyFile.java
View File

@@ -15,37 +15,66 @@
*/ */
package net.schmizz.sshj.userauth.keyprovider; package net.schmizz.sshj.userauth.keyprovider;
import com.hierynomus.asn1.ASN1InputStream;
import com.hierynomus.asn1.encodingrules.der.DERDecoder;
import com.hierynomus.asn1.types.ASN1Tag;
import com.hierynomus.asn1.types.constructed.ASN1Sequence;
import com.hierynomus.asn1.types.constructed.ASN1TaggedObject;
import com.hierynomus.asn1.types.primitive.ASN1Integer;
import com.hierynomus.asn1.types.primitive.ASN1ObjectIdentifier;
import com.hierynomus.asn1.types.string.ASN1BitString;
import com.hierynomus.asn1.types.string.ASN1OctetString;
import com.hierynomus.sshj.common.KeyAlgorithm;
import com.hierynomus.sshj.common.KeyDecryptionFailedException; import com.hierynomus.sshj.common.KeyDecryptionFailedException;
import net.schmizz.sshj.common.IOUtils; import net.schmizz.sshj.common.ECDSACurve;
import net.schmizz.sshj.common.ECDSAKeyFactory;
import net.schmizz.sshj.common.SecurityUtils; import net.schmizz.sshj.common.SecurityUtils;
import net.schmizz.sshj.userauth.keyprovider.pkcs.KeyPairConverter;
import net.schmizz.sshj.userauth.keyprovider.pkcs.PrivateKeyInfoKeyPairConverter;
import net.schmizz.sshj.userauth.password.PasswordUtils; import net.schmizz.sshj.userauth.password.PasswordUtils;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; import net.schmizz.sshj.userauth.keyprovider.PEMKey.PEMKeyType;
import org.bouncycastle.openssl.EncryptionException;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.operator.InputDecryptorProvider;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import java.io.BufferedReader;
import java.io.IOException; import java.io.IOException;
import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair; import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.spec.DSAPrivateKeySpec;
import java.security.spec.DSAPublicKeySpec;
import java.security.spec.ECField;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.EllipticCurve;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPublicKeySpec;
/** /**
* Key File implementation supporting PEM-encoded PKCS8 and PKCS1 formats with or without password-based encryption * Key File implementation supporting PEM-encoded PKCS8 and PKCS1 formats with or without password-based encryption
*/ */
public class PKCS8KeyFile extends BaseFileKeyProvider { public class PKCS8KeyFile extends BaseFileKeyProvider {
/** Bouncy Castle class for detecting support of historical OpenSSL password-based decryption */
private static final String BOUNCY_CASTLE_CLASS = "org.bouncycastle.openssl.PEMDecryptor";
public static class Factory private static final boolean HISTORICAL_DECRYPTION_SUPPORTED = isHistoricalDecryptionSupported();
implements net.schmizz.sshj.common.Factory.Named<FileKeyProvider> {
protected final Logger log = LoggerFactory.getLogger(getClass());
public static class Factory implements net.schmizz.sshj.common.Factory.Named<FileKeyProvider> {
@Override @Override
public FileKeyProvider create() { public FileKeyProvider create() {
@@ -58,58 +87,47 @@ public class PKCS8KeyFile extends BaseFileKeyProvider {
} }
} }
protected final Logger log = LoggerFactory.getLogger(getClass()); @Override
protected KeyPair readKeyPair() throws IOException {
final PEMKeyReader pemKeyReader;
protected KeyPairConverter<PrivateKeyInfo> privateKeyInfoKeyPairConverter = new PrivateKeyInfoKeyPairConverter(); if (HISTORICAL_DECRYPTION_SUPPORTED) {
if (pwdf == null) {
protected KeyPair readKeyPair() pemKeyReader = new StandardPEMKeyReader();
throws IOException { } else {
KeyPair kp = null; pemKeyReader = new EncryptedPEMKeyReader(pwdf, resource);
for (PEMParser r = null; ; ) {
// while the PasswordFinder tells us we should retry
try {
r = new PEMParser(resource.getReader());
final Object o = r.readObject();
final JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
if (SecurityUtils.getSecurityProvider() != null) {
pemConverter.setProvider(SecurityUtils.getSecurityProvider());
}
if (o instanceof PEMEncryptedKeyPair) {
final PEMEncryptedKeyPair encryptedKeyPair = (PEMEncryptedKeyPair) o;
final PEMKeyPair pemKeyPair = readEncryptedKeyPair(encryptedKeyPair);
kp = pemConverter.getKeyPair(pemKeyPair);
} else if (o instanceof PEMKeyPair) {
kp = pemConverter.getKeyPair((PEMKeyPair) o);
} else if (o instanceof PrivateKeyInfo) {
final PrivateKeyInfo privateKeyInfo = (PrivateKeyInfo) o;
final PEMKeyPair pemKeyPair = privateKeyInfoKeyPairConverter.getKeyPair(privateKeyInfo);
kp = pemConverter.getKeyPair(pemKeyPair);
} else if (o instanceof PKCS8EncryptedPrivateKeyInfo) {
final PKCS8EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = (PKCS8EncryptedPrivateKeyInfo) o;
final PrivateKeyInfo privateKeyInfo = readEncryptedPrivateKeyInfo(encryptedPrivateKeyInfo);
final PEMKeyPair pemKeyPair = privateKeyInfoKeyPairConverter.getKeyPair(privateKeyInfo);
kp = pemConverter.getKeyPair(pemKeyPair);
} else {
log.warn("Unexpected PKCS8 PEM Object [{}]", o);
}
} catch (EncryptionException e) {
if (pwdf != null && pwdf.shouldRetry(resource))
continue;
else
throw new KeyDecryptionFailedException(e);
} finally {
IOUtils.closeQuietly(r);
} }
break; } else {
pemKeyReader = new StandardPEMKeyReader();
} }
if (kp == null) try (BufferedReader bufferedReader = new BufferedReader(resource.getReader())) {
throw new IOException("Could not read key pair from: " + resource); final PEMKey pemKey = pemKeyReader.readPemKey(bufferedReader);
return kp; return readKeyPair(pemKey);
}
}
private KeyPair readKeyPair(final PEMKey pemKey) throws IOException {
final KeyPair keyPair;
final PEMKeyType pemKeyType = pemKey.getPemKeyType();
final byte[] pemKeyBody = pemKey.getBody();
if (PEMKeyType.DSA == pemKeyType) {
keyPair = readDsaKeyPair(pemKeyBody);
} else if (PEMKeyType.EC == pemKeyType) {
keyPair = readEcKeyPair(pemKeyBody);
} else if (PEMKeyType.PKCS8 == pemKeyType) {
keyPair = getPkcs8KeyPair(pemKeyBody);
} else if (PEMKeyType.PKCS8_ENCRYPTED == pemKeyType) {
keyPair = readEncryptedPkcs8KeyPair(pemKeyBody);
} else if (PEMKeyType.RSA == pemKeyType) {
keyPair = readRsaKeyPair(pemKeyBody);
} else {
throw new IOException(String.format("PEM Key Type [%s] not supported", pemKeyType));
}
return keyPair;
} }
@Override @Override
@@ -117,36 +135,304 @@ public class PKCS8KeyFile extends BaseFileKeyProvider {
return "PKCS8KeyFile{resource=" + resource + "}"; return "PKCS8KeyFile{resource=" + resource + "}";
} }
private PEMKeyPair readEncryptedKeyPair(final PEMEncryptedKeyPair encryptedKeyPair) throws IOException { private KeyPair readDsaKeyPair(final byte[] pemKeyBody) throws IOException {
final JcePEMDecryptorProviderBuilder builder = new JcePEMDecryptorProviderBuilder(); try (ASN1InputStream inputStream = new ASN1InputStream(new DERDecoder(), pemKeyBody)) {
if (SecurityUtils.getSecurityProvider() != null) { final ASN1Sequence sequence = inputStream.readObject();
builder.setProvider(SecurityUtils.getSecurityProvider());
} final BigInteger p = getBigInteger(sequence, 1);
char[] passphrase = null; final BigInteger q = getBigInteger(sequence, 2);
try { final BigInteger g = getBigInteger(sequence, 3);
passphrase = pwdf == null ? null : pwdf.reqPassword(resource);
return encryptedKeyPair.decryptKeyPair(builder.build(passphrase)); final BigInteger y = getBigInteger(sequence, 4);
} finally { final BigInteger x = getBigInteger(sequence, 5);
PasswordUtils.blankOut(passphrase);
final DSAPrivateKeySpec privateKeySpec = new DSAPrivateKeySpec(x, p, q, g);
final DSAPublicKeySpec publicKeySpec = new DSAPublicKeySpec(y, p, q, g);
final KeyFactory keyFactory = SecurityUtils.getKeyFactory(KeyAlgorithm.DSA);
final PublicKey publicKey = keyFactory.generatePublic(publicKeySpec);
final PrivateKey privateKey = keyFactory.generatePrivate(privateKeySpec);
return new KeyPair(publicKey, privateKey);
} catch (final Exception e) {
throw new IOException("PEM Key [DSA] processing failed", e);
} }
} }
private PrivateKeyInfo readEncryptedPrivateKeyInfo(final PKCS8EncryptedPrivateKeyInfo encryptedPrivateKeyInfo) throws EncryptionException { private KeyPair readRsaKeyPair(final byte[] pemKeyBody) throws IOException {
final JceOpenSSLPKCS8DecryptorProviderBuilder builder = new JceOpenSSLPKCS8DecryptorProviderBuilder(); try (ASN1InputStream inputStream = new ASN1InputStream(new DERDecoder(), pemKeyBody)) {
if (SecurityUtils.getSecurityProvider() != null) { final ASN1Sequence sequence = inputStream.readObject();
builder.setProvider(SecurityUtils.getSecurityProvider()); final BigInteger modulus = getBigInteger(sequence, 1);
final BigInteger publicExponent = getBigInteger(sequence, 2);
final BigInteger privateExponent = getBigInteger(sequence, 3);
final BigInteger prime1 = getBigInteger(sequence, 4);
final BigInteger prime2 = getBigInteger(sequence, 5);
final BigInteger exponent1 = getBigInteger(sequence, 6);
final BigInteger exponent2 = getBigInteger(sequence, 7);
final BigInteger coefficient = getBigInteger(sequence, 8);
final RSAPrivateCrtKeySpec privateKeySpec = new RSAPrivateCrtKeySpec(modulus, publicExponent, privateExponent, prime1, prime2, exponent1, exponent2, coefficient);
final KeyFactory keyFactory = SecurityUtils.getKeyFactory(KeyAlgorithm.RSA);
final PrivateKey privateKey = keyFactory.generatePrivate(privateKeySpec);
final RSAPublicKeySpec publicKeySpec = new RSAPublicKeySpec(modulus, publicExponent);
final PublicKey publicKey = keyFactory.generatePublic(publicKeySpec);
return new KeyPair(publicKey, privateKey);
} catch (final Exception e) {
throw new IOException("PEM Key [RSA] processing failed", e);
} }
char[] passphrase = null; }
private KeyPair readEcKeyPair(final byte[] pemKeyBody) throws IOException {
try (ASN1InputStream inputStream = new ASN1InputStream(new DERDecoder(), pemKeyBody)) {
final ASN1Sequence sequence = inputStream.readObject();
final ASN1TaggedObject taggedObjectParameters = (ASN1TaggedObject) sequence.get(2);
final ASN1ObjectIdentifier objectIdentifier = (ASN1ObjectIdentifier) taggedObjectParameters.getObject();
final String objectId = objectIdentifier.getValue();
final ECNamedCurveObjectIdentifier ecNamedCurveObjectIdentifier = getEcNamedCurve(objectId);
final ASN1OctetString privateKeyOctetString = (ASN1OctetString) sequence.get(1);
final BigInteger privateKeyInteger = new BigInteger(1, privateKeyOctetString.getValue());
final ECPrivateKey privateKey = (ECPrivateKey) ECDSAKeyFactory.getPrivateKey(privateKeyInteger, ecNamedCurveObjectIdentifier.ecdsaCurve);
final ECParameterSpec ecParameterSpec = privateKey.getParams();
final ASN1TaggedObject taggedBitString = (ASN1TaggedObject) sequence.get(3);
final ASN1BitString publicKeyBitString = (ASN1BitString) taggedBitString.getObject();
final byte[] bitString = publicKeyBitString.getValueBytes();
final PublicKey publicKey = getEcPublicKey(bitString, ecParameterSpec);
return new KeyPair(publicKey, privateKey);
} catch (final Exception e) {
throw new IOException("PEM Key [EC] processing failed", e);
}
}
private ECNamedCurveObjectIdentifier getEcNamedCurve(final String objectId) {
ECNamedCurveObjectIdentifier objectIdentifierFound = null;
for (final ECNamedCurveObjectIdentifier objectIdentifier : ECNamedCurveObjectIdentifier.values()) {
if (objectIdentifier.objectId.equals(objectId)) {
objectIdentifierFound = objectIdentifier;
}
}
if (objectIdentifierFound == null) {
throw new IllegalArgumentException(String.format("ECDSA Key Algorithm [%s] not supported", objectId));
}
return objectIdentifierFound;
}
private KeyPair readEncryptedPkcs8KeyPair(final byte[] pemKeyBody) throws IOException {
if (pwdf == null) {
throw new KeyDecryptionFailedException("Password not provided for encrypted PKCS8 key");
}
KeyPair keyPair = null;
try { try {
passphrase = pwdf == null ? null : pwdf.reqPassword(resource); char[] password = pwdf.reqPassword(resource);
final InputDecryptorProvider inputDecryptorProvider = builder.build(passphrase); while (password != null) {
return encryptedPrivateKeyInfo.decryptPrivateKeyInfo(inputDecryptorProvider); try {
} catch (final OperatorCreationException e) { final PKCS8EncodedKeySpec encodedKeySpec = getPkcs8DecryptedKeySpec(password, pemKeyBody);
throw new EncryptionException("Loading Password for Encrypted Private Key Failed", e); keyPair = getPkcs8KeyPair(encodedKeySpec.getEncoded());
} catch (final PKCSException e) { break;
throw new EncryptionException("Reading Encrypted Private Key Failed", e); } catch (final KeyDecryptionFailedException e) {
if (pwdf.shouldRetry(resource)) {
password = pwdf.reqPassword(resource);
} else {
throw e;
}
}
}
} catch (final GeneralSecurityException e) {
throw new IOException("PEM Key [PKCS8] processing failed", e);
}
if (keyPair == null) {
throw new KeyDecryptionFailedException("PEM Key [PKCS8] decryption failed");
}
return keyPair;
}
private PKCS8EncodedKeySpec getPkcs8DecryptedKeySpec(final char[] password, final byte[] encoded) throws IOException, GeneralSecurityException {
try {
final EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(encoded);
final AlgorithmParameters algorithmParameters = encryptedPrivateKeyInfo.getAlgParameters();
final String secretKeyAlgorithm = algorithmParameters.toString();
final SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(secretKeyAlgorithm);
final PBEKeySpec secretKeySpec = new PBEKeySpec(password);
final SecretKey secretKey = secretKeyFactory.generateSecret(secretKeySpec);
final Cipher cipher = Cipher.getInstance(secretKeyAlgorithm);
cipher.init(Cipher.DECRYPT_MODE, secretKey, algorithmParameters);
try {
return encryptedPrivateKeyInfo.getKeySpec(cipher);
} catch (final GeneralSecurityException e) {
throw new KeyDecryptionFailedException(String.format("PKCS8 Key Decryption failed for algorithm [%s]", secretKeyAlgorithm), e);
}
} finally { } finally {
PasswordUtils.blankOut(passphrase); PasswordUtils.blankOut(password);
}
}
private KeyPair getPkcs8KeyPair(final byte[] encoded) throws IOException {
try (ASN1InputStream inputStream = new ASN1InputStream(new DERDecoder(), encoded)) {
final ASN1Sequence sequence = inputStream.readObject();
final ASN1Sequence privateKeyAlgorithmSequence = (ASN1Sequence) sequence.get(1);
final ASN1ObjectIdentifier privateKeyAlgorithm = (ASN1ObjectIdentifier) privateKeyAlgorithmSequence.get(0);
final String privateKeyAlgorithmObjectId = privateKeyAlgorithm.getValue();
final KeyAlgorithmObjectIdentifier keyAlgorithmObjectIdentifier = getKeyAlgorithmObjectIdentifier(privateKeyAlgorithmObjectId);
return getPkcs8KeyPair(keyAlgorithmObjectIdentifier, encoded);
} catch (final Exception e) {
throw new IOException("PEM Key [PKCS8] processing failed", e);
}
}
private KeyPair getPkcs8KeyPair(final KeyAlgorithmObjectIdentifier objectIdentifier, final byte[] privateKeyInfo) throws GeneralSecurityException {
final PublicKey publicKey;
final PrivateKey privateKey = getPkcs8PrivateKey(objectIdentifier, privateKeyInfo);
if (privateKey instanceof RSAPrivateCrtKey) {
final RSAPrivateCrtKey rsaPrivateKey = (RSAPrivateCrtKey) privateKey;
final BigInteger modulus = rsaPrivateKey.getModulus();
final BigInteger publicExponent = rsaPrivateKey.getPublicExponent();
final RSAPublicKeySpec publicKeySpec = new RSAPublicKeySpec(modulus, publicExponent);
final KeyFactory keyFactory = SecurityUtils.getKeyFactory(privateKey.getAlgorithm());
publicKey = keyFactory.generatePublic(publicKeySpec);
} else if (privateKey instanceof DSAPrivateKey) {
final DSAPrivateKey dsaPrivateKey = (DSAPrivateKey) privateKey;
final DSAParams dsaParams = dsaPrivateKey.getParams();
final BigInteger p = dsaParams.getP();
final BigInteger g = dsaParams.getG();
final BigInteger q = dsaParams.getQ();
final BigInteger x = dsaPrivateKey.getX();
final BigInteger y = g.modPow(x, p);
final DSAPublicKeySpec publicKeySpec = new DSAPublicKeySpec(y, p, q, g);
final KeyFactory keyFactory = SecurityUtils.getKeyFactory(privateKey.getAlgorithm());
publicKey = keyFactory.generatePublic(publicKeySpec);
} else if (privateKey instanceof ECPrivateKey) {
final ECPrivateKey ecPrivateKey = (ECPrivateKey) privateKey;
final ECParameterSpec ecParameterSpec = ecPrivateKey.getParams();
// Read ECDSA Public Key from ASN.1
try (ASN1InputStream inputStream = new ASN1InputStream(new DERDecoder(), privateKeyInfo)) {
final ASN1Sequence sequence = inputStream.readObject();
final ASN1OctetString keyOctetString = (ASN1OctetString) sequence.get(2);
final byte[] keyBytes = keyOctetString.getValue();
try (ASN1InputStream keyInputStream = new ASN1InputStream(new DERDecoder(), keyBytes)) {
final ASN1Sequence keySequence = keyInputStream.readObject();
final ASN1TaggedObject taggedObject = (ASN1TaggedObject) keySequence.get(2);
final ASN1BitString publicKeyBitString = taggedObject.getObject(ASN1Tag.BIT_STRING);
final byte[] bitString = publicKeyBitString.getValueBytes();
publicKey = getEcPublicKey(bitString, ecParameterSpec);
}
} catch (final IOException e) {
throw new GeneralSecurityException("ECDSA Private Key Info parsing failed", e);
}
} else {
throw new GeneralSecurityException(String.format("PEM Key [PKCS8] algorithm [%s] Key Pair derivation not supported", privateKey.getAlgorithm()));
}
return new KeyPair(publicKey, privateKey);
}
private PrivateKey getPkcs8PrivateKey(final KeyAlgorithmObjectIdentifier objectIdentifier, final byte[] privateKeyInfo) throws GeneralSecurityException {
final PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privateKeyInfo);
final KeyFactory keyFactory = SecurityUtils.getKeyFactory(objectIdentifier.name());
return keyFactory.generatePrivate(keySpec);
}
private PublicKey getEcPublicKey(final byte[] bitString, final ECParameterSpec ecParameterSpec) throws GeneralSecurityException {
final EllipticCurve ellipticCurve = ecParameterSpec.getCurve();
final ECField ecField = ellipticCurve.getField();
final int fieldSize = (ecField.getFieldSize() + 7) / 8;
final int publicKeyPointSize = fieldSize * 2;
final byte[] x = new byte[fieldSize];
final byte[] y = new byte[fieldSize];
final int pointOffset = bitString.length - publicKeyPointSize;
System.arraycopy(bitString, pointOffset, x, 0, x.length);
System.arraycopy(bitString, pointOffset + y.length, y, 0, y.length);
final BigInteger pointX = new BigInteger(1, x);
final BigInteger pointY = new BigInteger(1, y);
final ECPoint point = new ECPoint(pointX, pointY);
final ECPublicKeySpec publicKeySpec = new ECPublicKeySpec(point, ecParameterSpec);
final KeyFactory keyFactory = SecurityUtils.getKeyFactory(KeyAlgorithm.EC_KEYSTORE);
return keyFactory.generatePublic(publicKeySpec);
}
private KeyAlgorithmObjectIdentifier getKeyAlgorithmObjectIdentifier(final String objectId) {
KeyAlgorithmObjectIdentifier keyAlgorithmObjectIdentifier = null;
for (final KeyAlgorithmObjectIdentifier objectIdentifier : KeyAlgorithmObjectIdentifier.values()) {
if (objectIdentifier.getObjectId().equals(objectId)) {
keyAlgorithmObjectIdentifier = objectIdentifier;
}
}
if (keyAlgorithmObjectIdentifier == null) {
throw new IllegalArgumentException(String.format("PKCS8 Private Key Algorithm [%s] not supported", objectId));
}
return keyAlgorithmObjectIdentifier;
}
private BigInteger getBigInteger(final ASN1Sequence sequence, final int index) {
final ASN1Integer integer = (ASN1Integer) sequence.get(index);
return integer.getValue();
}
private static boolean isHistoricalDecryptionSupported() {
try {
// Support requires Bouncy Castle library for OpenSSL password-based decryption
Class.forName(BOUNCY_CASTLE_CLASS);
return true;
} catch (final Exception e) {
return false;
}
}
private enum ECNamedCurveObjectIdentifier {
SECP256R1("1.2.840.10045.3.1.7", ECDSACurve.SECP256R1),
SECP384R1("1.3.132.0.34", ECDSACurve.SECP384R1),
SECP521R1("1.3.132.0.35", ECDSACurve.SECP521R1);
private final String objectId;
private final ECDSACurve ecdsaCurve;
ECNamedCurveObjectIdentifier(final String objectId, final ECDSACurve ecdsaCurve) {
this.objectId = objectId;
this.ecdsaCurve = ecdsaCurve;
}
}
private enum KeyAlgorithmObjectIdentifier {
DSA("1.2.840.10040.4.1"),
EC("1.2.840.10045.2.1"),
RSA("1.2.840.113549.1.1.1");
private final String objectId;
KeyAlgorithmObjectIdentifier(final String objectId) {
this.objectId = objectId;
}
String getObjectId() {
return objectId;
} }
} }
} }

232
src/main/java/net/schmizz/sshj/userauth/keyprovider/PuTTYKeyFile.java
View File

@@ -16,25 +16,12 @@
package net.schmizz.sshj.userauth.keyprovider; package net.schmizz.sshj.userauth.keyprovider;
import com.hierynomus.sshj.common.KeyAlgorithm; import com.hierynomus.sshj.common.KeyAlgorithm;
import net.i2p.crypto.eddsa.EdDSAPrivateKey; import net.schmizz.sshj.common.*;
import net.i2p.crypto.eddsa.EdDSAPublicKey;
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveSpec;
import net.i2p.crypto.eddsa.spec.EdDSANamedCurveTable;
import net.i2p.crypto.eddsa.spec.EdDSAPrivateKeySpec;
import net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec;
import net.schmizz.sshj.common.Buffer;
import net.schmizz.sshj.common.KeyType;
import net.schmizz.sshj.common.SecurityUtils;
import net.schmizz.sshj.userauth.password.PasswordUtils; import net.schmizz.sshj.userauth.password.PasswordUtils;
import org.bouncycastle.asn1.nist.NISTNamedCurves;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.crypto.generators.Argon2BytesGenerator;
import org.bouncycastle.crypto.params.Argon2Parameters;
import org.bouncycastle.jce.spec.ECNamedCurveSpec;
import org.bouncycastle.util.encoders.Hex;
import javax.crypto.Cipher; import javax.crypto.Cipher;
import javax.crypto.Mac; import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec; import javax.crypto.spec.SecretKeySpec;
import java.io.*; import java.io.*;
@@ -42,7 +29,6 @@ import java.math.BigInteger;
import java.security.*; import java.security.*;
import java.security.spec.*; import java.security.spec.*;
import java.util.Arrays; import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
@@ -87,6 +73,8 @@ public class PuTTYKeyFile extends BaseFileKeyProvider {
} }
} }
private static final String KEY_DERIVATION_HEADER = "Key-Derivation";
private Integer keyFileVersion; private Integer keyFileVersion;
private byte[] privateKey; private byte[] privateKey;
private byte[] publicKey; private byte[] publicKey;
@@ -113,12 +101,12 @@ public class PuTTYKeyFile extends BaseFileKeyProvider {
throw new IOException(String.format("Unsupported encryption: %s", encryption)); throw new IOException(String.format("Unsupported encryption: %s", encryption));
} }
private Map<String, String> payload = new HashMap<String, String>(); private final Map<String, String> payload = new HashMap<>();
/** /**
* For each line that looks like "Xyz: vvv", it will be stored in this map. * For each line that looks like "Xyz: vvv", it will be stored in this map.
*/ */
private final Map<String, String> headers = new HashMap<String, String>(); private final Map<String, String> headers = new HashMap<>();
protected KeyPair readKeyPair() throws IOException { protected KeyPair readKeyPair() throws IOException {
this.parseKeyPair(); this.parseKeyPair();
@@ -171,34 +159,38 @@ public class PuTTYKeyFile extends BaseFileKeyProvider {
} }
} }
if (KeyType.ED25519.equals(keyType)) { if (KeyType.ED25519.equals(keyType)) {
EdDSANamedCurveSpec ed25519 = EdDSANamedCurveTable.getByName("Ed25519"); try {
EdDSAPublicKeySpec publicSpec = new EdDSAPublicKeySpec(publicKeyReader.readBytes(), ed25519); final byte[] publicKeyEncoded = publicKeyReader.readBytes();
EdDSAPrivateKeySpec privateSpec = new EdDSAPrivateKeySpec(privateKeyReader.readBytes(), ed25519); final PublicKey edPublicKey = Ed25519KeyFactory.getPublicKey(publicKeyEncoded);
return new KeyPair(new EdDSAPublicKey(publicSpec), new EdDSAPrivateKey(privateSpec));
final byte[] privateKeyEncoded = privateKeyReader.readBytes();
final PrivateKey edPrivateKey = Ed25519KeyFactory.getPrivateKey(privateKeyEncoded);
return new KeyPair(edPublicKey, edPrivateKey);
} catch (final GeneralSecurityException e) {
throw new IOException("Reading Ed25519 Keys failed", e);
}
} }
final String ecdsaCurve; final ECDSACurve ecdsaCurve;
switch (keyType) { switch (keyType) {
case ECDSA256: case ECDSA256:
ecdsaCurve = "P-256"; ecdsaCurve = ECDSACurve.SECP256R1;
break; break;
case ECDSA384: case ECDSA384:
ecdsaCurve = "P-384"; ecdsaCurve = ECDSACurve.SECP384R1;
break; break;
case ECDSA521: case ECDSA521:
ecdsaCurve = "P-521"; ecdsaCurve = ECDSACurve.SECP521R1;
break; break;
default: default:
ecdsaCurve = null; ecdsaCurve = null;
break; break;
} }
if (ecdsaCurve != null) { if (ecdsaCurve != null) {
BigInteger s = new BigInteger(1, privateKeyReader.readBytes()); final BigInteger s = new BigInteger(1, privateKeyReader.readBytes());
X9ECParameters ecParams = NISTNamedCurves.getByName(ecdsaCurve);
ECNamedCurveSpec ecCurveSpec = new ECNamedCurveSpec(ecdsaCurve, ecParams.getCurve(), ecParams.getG(),
ecParams.getN());
ECPrivateKeySpec pks = new ECPrivateKeySpec(s, ecCurveSpec);
try { try {
PrivateKey privateKey = SecurityUtils.getKeyFactory(KeyAlgorithm.ECDSA).generatePrivate(pks); final PrivateKey privateKey = ECDSAKeyFactory.getPrivateKey(s, ecdsaCurve);
return new KeyPair(keyType.readPubKeyFromBuffer(publicKeyReader), privateKey); return new KeyPair(keyType.readPubKeyFromBuffer(publicKeyReader), privateKey);
} catch (GeneralSecurityException e) { } catch (GeneralSecurityException e) {
throw new IOException(e.getMessage(), e); throw new IOException(e.getMessage(), e);
@@ -209,9 +201,8 @@ public class PuTTYKeyFile extends BaseFileKeyProvider {
protected void parseKeyPair() throws IOException { protected void parseKeyPair() throws IOException {
this.keyFileVersion = null; this.keyFileVersion = null;
BufferedReader r = new BufferedReader(resource.getReader());
// Parse the text into headers and payloads // Parse the text into headers and payloads
try { try (BufferedReader r = new BufferedReader(resource.getReader())) {
String headerName = null; String headerName = null;
String line; String line;
while ((line = r.readLine()) != null) { while ((line = r.readLine()) != null) {
@@ -234,132 +225,79 @@ public class PuTTYKeyFile extends BaseFileKeyProvider {
payload.put(headerName, s); payload.put(headerName, s);
} }
} }
} finally {
r.close();
} }
if (this.keyFileVersion == null) { if (this.keyFileVersion == null) {
throw new IOException("Invalid key file format: missing \"PuTTY-User-Key-File-?\" entry"); throw new IOException("Invalid key file format: missing \"PuTTY-User-Key-File-?\" entry");
} }
// Retrieve keys from payload
publicKey = Base64.getDecoder().decode(payload.get("Public-Lines"));
if (this.isEncrypted()) {
final char[] passphrase;
if (pwdf != null) {
passphrase = pwdf.reqPassword(resource);
} else {
passphrase = "".toCharArray();
}
try {
privateKey = this.decrypt(Base64.getDecoder().decode(payload.get("Private-Lines")), passphrase);
Mac mac;
if (this.keyFileVersion <= 2) {
mac = this.prepareVerifyMacV2(passphrase);
} else {
mac = this.prepareVerifyMacV3();
}
this.verify(mac);
} finally {
PasswordUtils.blankOut(passphrase);
}
} else {
privateKey = Base64.getDecoder().decode(payload.get("Private-Lines"));
}
}
/**
* Converts a passphrase into a key, by following the convention that PuTTY
* uses. Only PuTTY v1/v2 key files
* <p><p/>
* This is used to decrypt the private key when it's encrypted.
*/
private void initCipher(final char[] passphrase, Cipher cipher) throws IOException, InvalidAlgorithmParameterException, InvalidKeyException {
// The field Key-Derivation has been introduced with Putty v3 key file format
// For v3 the algorithms are "Argon2i" "Argon2d" and "Argon2id"
String kdfAlgorithm = headers.get("Key-Derivation");
if (kdfAlgorithm != null) {
kdfAlgorithm = kdfAlgorithm.toLowerCase();
byte[] keyData = this.argon2(kdfAlgorithm, passphrase);
if (keyData == null) {
throw new IOException(String.format("Unsupported key derivation function: %s", kdfAlgorithm));
}
byte[] key = new byte[32];
byte[] iv = new byte[16];
byte[] tag = new byte[32]; // Hmac key
System.arraycopy(keyData, 0, key, 0, 32);
System.arraycopy(keyData, 32, iv, 0, 16);
System.arraycopy(keyData, 48, tag, 0, 32);
cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(key, "AES"),
new IvParameterSpec(iv));
verifyHmac = tag;
return;
}
// Key file format v1 + v2
try { try {
MessageDigest digest = MessageDigest.getInstance("SHA-1"); // Retrieve keys from payload
publicKey = Base64Decoder.decode(payload.get("Public-Lines"));
// The encryption key is derived from the passphrase by means of a succession of if (this.isEncrypted()) {
// SHA-1 hashes. final char[] passphrase;
byte[] encodedPassphrase = PasswordUtils.toByteArray(passphrase); if (pwdf != null) {
passphrase = pwdf.reqPassword(resource);
// Sequence number 0 } else {
digest.update(new byte[]{0, 0, 0, 0}); passphrase = "".toCharArray();
digest.update(encodedPassphrase); }
byte[] key1 = digest.digest(); try {
privateKey = this.decrypt(Base64Decoder.decode(payload.get("Private-Lines")), passphrase);
// Sequence number 1 Mac mac;
digest.update(new byte[]{0, 0, 0, 1}); if (this.keyFileVersion <= 2) {
digest.update(encodedPassphrase); mac = this.prepareVerifyMacV2(passphrase);
byte[] key2 = digest.digest(); } else {
mac = this.prepareVerifyMacV3();
Arrays.fill(encodedPassphrase, (byte) 0); }
this.verify(mac);
byte[] expanded = new byte[32]; } finally {
System.arraycopy(key1, 0, expanded, 0, 20); PasswordUtils.blankOut(passphrase);
System.arraycopy(key2, 0, expanded, 20, 12); }
} else {
cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(expanded, 0, 32, "AES"), privateKey = Base64Decoder.decode(payload.get("Private-Lines"));
new IvParameterSpec(new byte[16])); // initial vector=0 }
}
} catch (NoSuchAlgorithmException e) { catch (Base64DecodingException e) {
throw new IOException(e.getMessage(), e); throw new IOException("PuTTY key decoding failed", e);
} }
} }
/** /**
* Uses BouncyCastle Argon2 implementation * Initialize Java Cipher for decryption using Secret Key derived from passphrase according to PuTTY Key Version
*/ */
private byte[] argon2(String algorithm, final char[] passphrase) throws IOException { private void initCipher(final char[] passphrase, final Cipher cipher) throws InvalidAlgorithmParameterException, InvalidKeyException {
int type; final String keyDerivationHeader = headers.get(KEY_DERIVATION_HEADER);
if ("argon2i".equals(algorithm)) {
type = Argon2Parameters.ARGON2_i; final SecretKey secretKey;
} else if ("argon2d".equals(algorithm)) { final IvParameterSpec ivParameterSpec;
type = Argon2Parameters.ARGON2_d;
} else if ("argon2id".equals(algorithm)) { if (keyDerivationHeader == null) {
type = Argon2Parameters.ARGON2_id; // Key Version 1 and 2 with historical key derivation
final PuTTYSecretKeyDerivationFunction keyDerivationFunction = new V1PuTTYSecretKeyDerivationFunction();
secretKey = keyDerivationFunction.deriveSecretKey(passphrase);
ivParameterSpec = new IvParameterSpec(new byte[16]);
} else { } else {
return null; // Key Version 3 with Argon2 key derivation
} final PuTTYSecretKeyDerivationFunction keyDerivationFunction = new V3PuTTYSecretKeyDerivationFunction(headers);
byte[] salt = Hex.decode(headers.get("Argon2-Salt")); final SecretKey derivedSecretKey = keyDerivationFunction.deriveSecretKey(passphrase);
int iterations = Integer.parseInt(headers.get("Argon2-Passes")); final byte[] derivedSecretKeyEncoded = derivedSecretKey.getEncoded();
int memory = Integer.parseInt(headers.get("Argon2-Memory"));
int parallelism = Integer.parseInt(headers.get("Argon2-Parallelism"));
Argon2Parameters a2p = new Argon2Parameters.Builder(type) // Set Secret Key from first 32 bytes
.withVersion(Argon2Parameters.ARGON2_VERSION_13) final byte[] secretKeyEncoded = new byte[32];
.withIterations(iterations) System.arraycopy(derivedSecretKeyEncoded, 0, secretKeyEncoded, 0, secretKeyEncoded.length);
.withMemoryAsKB(memory) secretKey = new SecretKeySpec(secretKeyEncoded, derivedSecretKey.getAlgorithm());
.withParallelism(parallelism)
.withSalt(salt).build();
Argon2BytesGenerator generator = new Argon2BytesGenerator(); // Set IV from next 16 bytes
generator.init(a2p); final byte[] iv = new byte[16];
byte[] output = new byte[80]; System.arraycopy(derivedSecretKeyEncoded, secretKeyEncoded.length, iv, 0, iv.length);
int bytes = generator.generateBytes(passphrase, output); ivParameterSpec = new IvParameterSpec(iv);
if (bytes != output.length) {
throw new IOException("Failed to generate key via Argon2"); // Set HMAC Tag from next 32 bytes
final byte[] tag = new byte[32];
final int tagSourcePosition = secretKeyEncoded.length + iv.length;
System.arraycopy(derivedSecretKeyEncoded, tagSourcePosition, tag, 0, tag.length);
verifyHmac = tag;
} }
return output;
cipher.init(Cipher.DECRYPT_MODE, secretKey, ivParameterSpec);
} }
/** /**
@@ -386,7 +324,7 @@ public class PuTTYKeyFile extends BaseFileKeyProvider {
data.writeInt(privateKey.length); data.writeInt(privateKey.length);
data.write(privateKey); data.write(privateKey);
final String encoded = Hex.toHexString(mac.doFinal(out.toByteArray())); final String encoded = ByteArrayUtils.toHex(mac.doFinal(out.toByteArray()));
final String reference = headers.get("Private-MAC"); final String reference = headers.get("Private-MAC");
if (!encoded.equals(reference)) { if (!encoded.equals(reference)) {
throw new IOException("Invalid passphrase"); throw new IOException("Invalid passphrase");

31
src/main/java/net/schmizz/sshj/userauth/keyprovider/PuTTYSecretKeyDerivationFunction.java Normal file
View File

@@ -0,0 +1,31 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.schmizz.sshj.userauth.keyprovider;
import javax.crypto.SecretKey;
/**
* Abstraction for deriving the Secret Key for decrypting PuTTY Key Files
*/
interface PuTTYSecretKeyDerivationFunction {
/**
* Derive Secret Key from provided passphrase characters
*
* @param passphrase Passphrase characters required
* @return Derived Secret Key
*/
SecretKey deriveSecretKey(char[] passphrase);
}

113
src/main/java/net/schmizz/sshj/userauth/keyprovider/StandardPEMKeyReader.java Normal file
View File

@@ -0,0 +1,113 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.schmizz.sshj.userauth.keyprovider;
import java.io.BufferedReader;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Base64;
import java.util.List;
import java.util.Objects;
/**
* Standard implementation of PEM Key Reader supporting Base64 decoding without decryption
*/
class StandardPEMKeyReader implements PEMKeyReader {
private static final String HEADER_DELIMITER = "-----BEGIN";
private static final String FOOTER_DELIMITER = "-----END";
private static final char PEM_HEADER_DELIMITER = ':';
private static final int CHARACTER_NOT_FOUND = -1;
private static final String HEADER_NOT_FOUND = "header not found";
private static final Base64.Decoder bodyDecoder = Base64.getDecoder();
/**
* Read PEM Key from Buffered Reader
*
* @param bufferedReader Buffered Reader containing lines from resource reader
* @return PEM Key
* @throws IOException Thrown on failure to read or decode PEM Key
*/
@Override
public PEMKey readPemKey(final BufferedReader bufferedReader) throws IOException {
Objects.requireNonNull(bufferedReader, "Reader required");
final PEMKey.PEMKeyType pemKeyType = findPemKeyType(bufferedReader);
return readPemKeyBody(pemKeyType, bufferedReader);
}
private PEMKey.PEMKeyType findPemKeyType(final BufferedReader bufferedReader) throws IOException {
PEMKey.PEMKeyType pemKeyTypeFound = null;
String header = HEADER_NOT_FOUND;
String line = bufferedReader.readLine();
readLoop: while (line != null) {
if (line.startsWith(HEADER_DELIMITER)) {
header = line;
for (final PEMKey.PEMKeyType pemKeyType : PEMKey.PEMKeyType.values()) {
if (pemKeyType.getHeader().equals(line)) {
pemKeyTypeFound = pemKeyType;
break readLoop;
}
}
}
line = bufferedReader.readLine();
}
if (pemKeyTypeFound == null) {
throw new IOException(String.format("Supported PEM Key Type not found for header [%s]", header));
}
return pemKeyTypeFound;
}
private PEMKey readPemKeyBody(final PEMKey.PEMKeyType pemKeyType, final BufferedReader bufferedReader) throws IOException {
final StringBuilder builder = new StringBuilder();
final List<String> headers = new ArrayList<>();
String line = bufferedReader.readLine();
while (line != null) {
if (line.startsWith(FOOTER_DELIMITER)) {
break;
}
if (line.indexOf(PEM_HEADER_DELIMITER) > CHARACTER_NOT_FOUND) {
headers.add(line);
} else if (!line.isEmpty()) {
builder.append(line);
}
line = bufferedReader.readLine();
}
final String pemKeyBody = builder.toString();
final byte[] pemKeyBodyDecoded = getPemKeyBodyDecoded(pemKeyBody);
return new PEMKey(pemKeyType, headers, pemKeyBodyDecoded);
}
private byte[] getPemKeyBodyDecoded(final String pemKeyBodyEncoded) throws IOException {
try {
return bodyDecoder.decode(pemKeyBodyEncoded);
} catch (final IllegalArgumentException e) {
throw new IOException("Base64 decoding of PEM Key failed", e);
}
}
}

76
src/main/java/net/schmizz/sshj/userauth/keyprovider/V1PuTTYSecretKeyDerivationFunction.java Normal file
View File

@@ -0,0 +1,76 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.schmizz.sshj.userauth.keyprovider;
import net.schmizz.sshj.common.SecurityUtils;
import net.schmizz.sshj.userauth.password.PasswordUtils;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.util.Arrays;
import java.util.Objects;
/**
* PuTTY Key Derivation Function supporting Version 1 and 2 Key files with historical SHA-1 key derivation
*/
class V1PuTTYSecretKeyDerivationFunction implements PuTTYSecretKeyDerivationFunction {
private static final String SECRET_KEY_ALGORITHM = "AES";
private static final String DIGEST_ALGORITHM = "SHA-1";
/**
* Derive Secret Key from provided passphrase characters
*
* @param passphrase Passphrase characters required
* @return Derived Secret Key
*/
public SecretKey deriveSecretKey(char[] passphrase) {
Objects.requireNonNull(passphrase, "Passphrase required");
final MessageDigest digest = getMessageDigest();
final byte[] encodedPassphrase = PasswordUtils.toByteArray(passphrase);
// Sequence number 0
digest.update(new byte[]{0, 0, 0, 0});
digest.update(encodedPassphrase);
final byte[] key1 = digest.digest();
// Sequence number 1
digest.update(new byte[]{0, 0, 0, 1});
digest.update(encodedPassphrase);
final byte[] key2 = digest.digest();
Arrays.fill(encodedPassphrase, (byte) 0);
final byte[] secretKeyEncoded = new byte[32];
System.arraycopy(key1, 0, secretKeyEncoded, 0, 20);
System.arraycopy(key2, 0, secretKeyEncoded, 20, 12);
return new SecretKeySpec(secretKeyEncoded, SECRET_KEY_ALGORITHM);
}
private MessageDigest getMessageDigest() {
try {
return SecurityUtils.getMessageDigest(DIGEST_ALGORITHM);
} catch (final NoSuchAlgorithmException | NoSuchProviderException e) {
final String message = String.format("Message Digest Algorithm [%s] not supported", DIGEST_ALGORITHM);
throw new IllegalStateException(message, e);
}
}
}

98
src/main/java/net/schmizz/sshj/userauth/keyprovider/V3PuTTYSecretKeyDerivationFunction.java Normal file
View File

@@ -0,0 +1,98 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.schmizz.sshj.userauth.keyprovider;
import net.schmizz.sshj.common.ByteArrayUtils;
import org.bouncycastle.crypto.generators.Argon2BytesGenerator;
import org.bouncycastle.crypto.params.Argon2Parameters;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import java.util.Map;
import java.util.Objects;
/**
* PuTTY Key Derivation Function supporting Version 3 Key files with Argon2 Key Derivation using Bouncy Castle
*/
class V3PuTTYSecretKeyDerivationFunction implements PuTTYSecretKeyDerivationFunction {
private static final String SECRET_KEY_ALGORITHM = "AES";
private static final int KEY_LENGTH = 80;
private final Map<String, String> headers;
V3PuTTYSecretKeyDerivationFunction(final Map<String, String> headers) {
this.headers = Objects.requireNonNull(headers, "Headers required");
}
/**
* Derive Secret Key from provided passphrase characters
*
* @param passphrase Passphrase characters required
* @return Derived Secret Key
*/
public SecretKey deriveSecretKey(char[] passphrase) {
Objects.requireNonNull(passphrase, "Passphrase required");
final Argon2Parameters parameters = getParameters();
final Argon2BytesGenerator generator = new Argon2BytesGenerator();
generator.init(parameters);
final byte[] secretKeyEncoded = new byte[KEY_LENGTH];
final int bytesGenerated = generator.generateBytes(passphrase, secretKeyEncoded);
if (KEY_LENGTH == bytesGenerated) {
return new SecretKeySpec(secretKeyEncoded, SECRET_KEY_ALGORITHM);
} else {
final String message = String.format("Argon2 bytes generated [%d] not expected", bytesGenerated);
throw new IllegalStateException(message);
}
}
private Argon2Parameters getParameters() {
final int algorithmType = getAlgorithmType();
final byte[] salt = ByteArrayUtils.parseHex(headers.get("Argon2-Salt"));
final int iterations = Integer.parseInt(headers.get("Argon2-Passes"));
final int memory = Integer.parseInt(headers.get("Argon2-Memory"));
final int parallelism = Integer.parseInt(headers.get("Argon2-Parallelism"));
return new Argon2Parameters.Builder(algorithmType)
.withVersion(Argon2Parameters.ARGON2_VERSION_13)
.withIterations(iterations)
.withMemoryAsKB(memory)
.withParallelism(parallelism)
.withSalt(salt)
.build();
}
private int getAlgorithmType() {
final String algorithm = headers.get("Key-Derivation");
final int algorithmType;
if ("argon2i".equalsIgnoreCase(algorithm)) {
algorithmType = Argon2Parameters.ARGON2_i;
} else if ("argon2d".equalsIgnoreCase(algorithm)) {
algorithmType = Argon2Parameters.ARGON2_d;
} else if ("argon2id".equalsIgnoreCase(algorithm)) {
algorithmType = Argon2Parameters.ARGON2_id;
} else {
final String message = String.format("Key-Derivation [%s] not supported", algorithm);
throw new IllegalArgumentException(message);
}
return algorithmType;
}
}

90
src/main/java/net/schmizz/sshj/userauth/keyprovider/pkcs/DSAPrivateKeyInfoKeyPairConverter.java
View File

@@ -1,90 +0,0 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.schmizz.sshj.userauth.keyprovider.pkcs;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.crypto.params.DSAParameters;
import org.bouncycastle.openssl.PEMKeyPair;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.IOException;
import java.math.BigInteger;
import java.util.Objects;
/**
* Key Pair Converter from DSA Private Key Information to PEM Key Pair
*/
class DSAPrivateKeyInfoKeyPairConverter implements KeyPairConverter<PrivateKeyInfo> {
private static final Logger logger = LoggerFactory.getLogger(DSAPrivateKeyInfoKeyPairConverter.class);
private static final int P_INDEX = 0;
private static final int Q_INDEX = 1;
private static final int G_INDEX = 2;
/**
* Get PEM Key Pair calculating DSA Public Key from DSA Private Key Information
*
* @param privateKeyInfo DSA Private Key Information
* @return PEM Key Pair
* @throws IOException Thrown on Public Key parsing failures
*/
@Override
public PEMKeyPair getKeyPair(final PrivateKeyInfo privateKeyInfo) throws IOException {
Objects.requireNonNull(privateKeyInfo, "Private Key Info required");
final AlgorithmIdentifier algorithmIdentifier = privateKeyInfo.getPrivateKeyAlgorithm();
final ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
if (X9ObjectIdentifiers.id_dsa.equals(algorithm)) {
logger.debug("DSA Algorithm Found [{}]", algorithm);
} else {
throw new IllegalArgumentException(String.format("DSA Algorithm OID required [%s]", algorithm));
}
final ASN1Integer encodedPublicKey = getEncodedPublicKey(privateKeyInfo);
final SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(algorithmIdentifier, encodedPublicKey);
return new PEMKeyPair(subjectPublicKeyInfo, privateKeyInfo);
}
/**
* Get ASN.1 Encoded Public Key calculated according to RFC 6979 Section 2.2
*
* @param privateKeyInfo DSA Private Key Information
* @return ASN.1 Encoded DSA Public Key
* @throws IOException Thrown on failures parsing private key
*/
private ASN1Integer getEncodedPublicKey(final PrivateKeyInfo privateKeyInfo) throws IOException {
final ASN1Integer privateKey = ASN1Integer.getInstance(privateKeyInfo.parsePrivateKey());
final AlgorithmIdentifier algorithmIdentifier = privateKeyInfo.getPrivateKeyAlgorithm();
final DSAParameters dsaParameters = getDsaParameters(algorithmIdentifier);
final BigInteger publicKey = dsaParameters.getG().modPow(privateKey.getValue(), dsaParameters.getP());
return new ASN1Integer(publicKey);
}
private DSAParameters getDsaParameters(final AlgorithmIdentifier algorithmIdentifier) {
final ASN1Sequence sequence = ASN1Sequence.getInstance(algorithmIdentifier.getParameters());
final ASN1Integer p = ASN1Integer.getInstance(sequence.getObjectAt(P_INDEX));
final ASN1Integer q = ASN1Integer.getInstance(sequence.getObjectAt(Q_INDEX));
final ASN1Integer g = ASN1Integer.getInstance(sequence.getObjectAt(G_INDEX));
return new DSAParameters(p.getValue(), q.getValue(), g.getValue());
}
}

90
src/main/java/net/schmizz/sshj/userauth/keyprovider/pkcs/ECDSAPrivateKeyInfoKeyPairConverter.java
View File

@@ -1,90 +0,0 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.schmizz.sshj.userauth.keyprovider.pkcs;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.sec.ECPrivateKey;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
import org.bouncycastle.math.ec.ECMultiplier;
import org.bouncycastle.math.ec.ECPoint;
import org.bouncycastle.math.ec.FixedPointCombMultiplier;
import org.bouncycastle.openssl.PEMKeyPair;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.IOException;
import java.math.BigInteger;
import java.util.Objects;
/**
* Key Pair Converter from ECDSA Private Key Information to PEM Key Pair
*/
class ECDSAPrivateKeyInfoKeyPairConverter implements KeyPairConverter<PrivateKeyInfo> {
private static final Logger logger = LoggerFactory.getLogger(ECDSAPrivateKeyInfoKeyPairConverter.class);
private static final boolean POINT_COMPRESSED = false;
/**
* Get PEM Key Pair calculating ECDSA Public Key from ECDSA Private Key Information
*
* @param privateKeyInfo ECDSA Private Key Information
* @return PEM Key Pair
* @throws IOException Thrown on Public Key parsing failures
*/
@Override
public PEMKeyPair getKeyPair(final PrivateKeyInfo privateKeyInfo) throws IOException {
Objects.requireNonNull(privateKeyInfo, "Private Key Info required");
final AlgorithmIdentifier algorithmIdentifier = privateKeyInfo.getPrivateKeyAlgorithm();
final ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
if (X9ObjectIdentifiers.id_ecPublicKey.equals(algorithm)) {
logger.debug("ECDSA Algorithm Found [{}]", algorithm);
} else {
throw new IllegalArgumentException(String.format("ECDSA Algorithm OID required [%s]", algorithm));
}
final byte[] encodedPublicKey = getEncodedPublicKey(privateKeyInfo);
final SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(algorithmIdentifier, encodedPublicKey);
return new PEMKeyPair(subjectPublicKeyInfo, privateKeyInfo);
}
/**
* Get Encoded Elliptic Curve Public Key calculated according to RFC 6979 Section 2.2
*
* @param privateKeyInfo ECDSA Private Key Information
* @return Encoded Elliptic Curve Public Key
* @throws IOException Thrown on failures parsing private key
*/
private byte[] getEncodedPublicKey(final PrivateKeyInfo privateKeyInfo) throws IOException {
final X9ECParameters parameters = getParameters(privateKeyInfo.getPrivateKeyAlgorithm());
final ECPrivateKey ecPrivateKey = ECPrivateKey.getInstance(privateKeyInfo.parsePrivateKey());
final ECPoint publicKey = getPublicKey(parameters, ecPrivateKey.getKey());
return publicKey.getEncoded(POINT_COMPRESSED);
}
private X9ECParameters getParameters(final AlgorithmIdentifier algorithmIdentifier) {
final ASN1ObjectIdentifier encodedParameters = ASN1ObjectIdentifier.getInstance(algorithmIdentifier.getParameters());
return ECUtil.getNamedCurveByOid(encodedParameters);
}
private ECPoint getPublicKey(final X9ECParameters parameters, final BigInteger privateKey) {
final ECMultiplier multiplier = new FixedPointCombMultiplier();
return multiplier.multiply(parameters.getG(), privateKey);
}
}

61
src/main/java/net/schmizz/sshj/userauth/keyprovider/pkcs/PrivateKeyInfoKeyPairConverter.java
View File

@@ -1,61 +0,0 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.schmizz.sshj.userauth.keyprovider.pkcs;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.openssl.PEMKeyPair;
import java.io.IOException;
import java.util.Objects;
/**
* Key Pair Converter for Private Key Information using known Algorithm Object Identifiers
*/
public class PrivateKeyInfoKeyPairConverter implements KeyPairConverter<PrivateKeyInfo> {
private DSAPrivateKeyInfoKeyPairConverter dsaPrivateKeyInfoKeyPairConverter = new DSAPrivateKeyInfoKeyPairConverter();
private ECDSAPrivateKeyInfoKeyPairConverter ecdsaPrivateKeyInfoKeyPairConverter = new ECDSAPrivateKeyInfoKeyPairConverter();
private RSAPrivateKeyInfoKeyPairConverter rsaPrivateKeyInfoKeyPairConverter = new RSAPrivateKeyInfoKeyPairConverter();
/**
* Get PEM Key Pair delegating to configured converters based on Algorithm Object Identifier
*
* @param privateKeyInfo Private Key Information
* @return PEM Key Pair
* @throws IOException Thrown on conversion failures
*/
@Override
public PEMKeyPair getKeyPair(final PrivateKeyInfo privateKeyInfo) throws IOException {
Objects.requireNonNull(privateKeyInfo, "Private Key Info required");
final AlgorithmIdentifier algorithmIdentifier = privateKeyInfo.getPrivateKeyAlgorithm();
final ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
if (PKCSObjectIdentifiers.rsaEncryption.equals(algorithm)) {
return rsaPrivateKeyInfoKeyPairConverter.getKeyPair(privateKeyInfo);
} else if (X9ObjectIdentifiers.id_ecPublicKey.equals(algorithm)) {
return ecdsaPrivateKeyInfoKeyPairConverter.getKeyPair(privateKeyInfo);
} else if (X9ObjectIdentifiers.id_dsa.equals(algorithm)) {
return dsaPrivateKeyInfoKeyPairConverter.getKeyPair(privateKeyInfo);
} else {
throw new IllegalArgumentException(String.format("Unsupported Algorithm [%s]", algorithm));
}
}
}

65
src/main/java/net/schmizz/sshj/userauth/keyprovider/pkcs/RSAPrivateKeyInfoKeyPairConverter.java
View File

@@ -1,65 +0,0 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.schmizz.sshj.userauth.keyprovider.pkcs;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.pkcs.RSAPrivateKey;
import org.bouncycastle.asn1.pkcs.RSAPublicKey;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.openssl.PEMKeyPair;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.IOException;
import java.util.Objects;
/**
* Key Pair Converter from RSA Private Key Information to PEM Key Pair
*/
class RSAPrivateKeyInfoKeyPairConverter implements KeyPairConverter<PrivateKeyInfo> {
private static final Logger logger = LoggerFactory.getLogger(RSAPrivateKeyInfoKeyPairConverter.class);
/**
* Get PEM Key Pair parsing RSA Public Key attributes from RSA Private Key Information
*
* @param privateKeyInfo RSA Private Key Information
* @return PEM Key Pair
* @throws IOException Thrown on Public Key parsing failures
*/
@Override
public PEMKeyPair getKeyPair(final PrivateKeyInfo privateKeyInfo) throws IOException {
Objects.requireNonNull(privateKeyInfo, "Private Key Info required");
final AlgorithmIdentifier algorithmIdentifier = privateKeyInfo.getPrivateKeyAlgorithm();
final ASN1ObjectIdentifier algorithm = algorithmIdentifier.getAlgorithm();
if (PKCSObjectIdentifiers.rsaEncryption.equals(algorithm)) {
logger.debug("RSA Algorithm Found [{}]", algorithm);
} else {
throw new IllegalArgumentException(String.format("RSA Algorithm OID required [%s]", algorithm));
}
final RSAPublicKey rsaPublicKey = getRsaPublicKey(privateKeyInfo);
final SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(algorithmIdentifier, rsaPublicKey);
return new PEMKeyPair(subjectPublicKeyInfo, privateKeyInfo);
}
private RSAPublicKey getRsaPublicKey(final PrivateKeyInfo privateKeyInfo) throws IOException {
final RSAPrivateKey rsaPrivateKey = RSAPrivateKey.getInstance(privateKeyInfo.parsePrivateKey());
return new RSAPublicKey(rsaPrivateKey.getModulus(), rsaPrivateKey.getPublicExponent());
}
}

3
src/main/java/net/schmizz/sshj/userauth/password/PrivateKeyFileResource.java
View File

@@ -16,6 +16,7 @@
package net.schmizz.sshj.userauth.password; package net.schmizz.sshj.userauth.password;
import java.io.*; import java.io.*;
import java.nio.charset.StandardCharsets;
public class PrivateKeyFileResource public class PrivateKeyFileResource
extends Resource<File> { extends Resource<File> {
@@ -27,6 +28,6 @@ public class PrivateKeyFileResource
@Override @Override
public Reader getReader() public Reader getReader()
throws IOException { throws IOException {
return new InputStreamReader(new FileInputStream(getDetail()), "UTF-8"); return new InputStreamReader(new FileInputStream(getDetail()), StandardCharsets.UTF_8);
} }
} }

22
src/main/java/net/schmizz/sshj/xfer/scp/SCPDownloadClient.java
View File

@@ -45,9 +45,20 @@ public class SCPDownloadClient extends AbstractSCPClient {
public synchronized int copy(String sourcePath, LocalDestFile targetFile, ScpCommandLine.EscapeMode escapeMode) public synchronized int copy(String sourcePath, LocalDestFile targetFile, ScpCommandLine.EscapeMode escapeMode)
throws IOException { throws IOException {
ScpCommandLine commandLine = ScpCommandLine.with(ScpCommandLine.Arg.SOURCE)
.and(ScpCommandLine.Arg.QUIET)
.and(ScpCommandLine.Arg.PRESERVE_TIMES)
.and(ScpCommandLine.Arg.RECURSIVE, recursiveMode)
.and(ScpCommandLine.Arg.LIMIT, String.valueOf(bandwidthLimit), (bandwidthLimit > 0));
return copy(sourcePath, targetFile, escapeMode, commandLine);
}
public synchronized int copy(String sourcePath, LocalDestFile targetFile, ScpCommandLine.EscapeMode escapeMode, ScpCommandLine commandLine)
throws IOException {
engine.cleanSlate(); engine.cleanSlate();
try { try {
startCopy(sourcePath, targetFile, escapeMode); commandLine.withPath(sourcePath, escapeMode);
startCopy(targetFile, commandLine);
} finally { } finally {
engine.exit(); engine.exit();
} }
@@ -62,14 +73,7 @@ public class SCPDownloadClient extends AbstractSCPClient {
this.recursiveMode = recursive; this.recursiveMode = recursive;
} }
private void startCopy(String sourcePath, LocalDestFile targetFile, ScpCommandLine.EscapeMode escapeMode) private void startCopy(LocalDestFile targetFile, ScpCommandLine commandLine) throws IOException {
throws IOException {
ScpCommandLine commandLine = ScpCommandLine.with(ScpCommandLine.Arg.SOURCE)
.and(ScpCommandLine.Arg.QUIET)
.and(ScpCommandLine.Arg.PRESERVE_TIMES)
.and(ScpCommandLine.Arg.RECURSIVE, recursiveMode)
.and(ScpCommandLine.Arg.LIMIT, String.valueOf(bandwidthLimit), (bandwidthLimit > 0));
commandLine.withPath(sourcePath, escapeMode);
engine.execSCPWith(commandLine); engine.execSCPWith(commandLine);
engine.signal("Start status OK"); engine.signal("Start status OK");

12
src/main/java/net/schmizz/sshj/xfer/scp/SCPEngine.java
View File

@@ -19,6 +19,7 @@ import net.schmizz.sshj.common.IOUtils;
import net.schmizz.sshj.common.LoggerFactory; import net.schmizz.sshj.common.LoggerFactory;
import net.schmizz.sshj.common.SSHException; import net.schmizz.sshj.common.SSHException;
import net.schmizz.sshj.common.StreamCopier; import net.schmizz.sshj.common.StreamCopier;
import net.schmizz.sshj.connection.channel.direct.Session;
import net.schmizz.sshj.connection.channel.direct.Session.Command; import net.schmizz.sshj.connection.channel.direct.Session.Command;
import net.schmizz.sshj.connection.channel.direct.SessionFactory; import net.schmizz.sshj.connection.channel.direct.SessionFactory;
import net.schmizz.sshj.xfer.TransferListener; import net.schmizz.sshj.xfer.TransferListener;
@@ -28,6 +29,7 @@ import java.io.ByteArrayOutputStream;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.io.OutputStream; import java.io.OutputStream;
import java.nio.charset.StandardCharsets;
/** @see <a href="https://blogs.oracle.com/janp/entry/how_the_scp_protocol_works">SCP Protocol</a> */ /** @see <a href="https://blogs.oracle.com/janp/entry/how_the_scp_protocol_works">SCP Protocol</a> */
class SCPEngine { class SCPEngine {
@@ -41,6 +43,7 @@ class SCPEngine {
private final SessionFactory host; private final SessionFactory host;
private final TransferListener listener; private final TransferListener listener;
private Session session;
private Command scp; private Command scp;
private int exitStatus; private int exitStatus;
@@ -82,7 +85,8 @@ class SCPEngine {
void execSCPWith(ScpCommandLine commandLine) void execSCPWith(ScpCommandLine commandLine)
throws SSHException { throws SSHException {
scp = host.startSession().exec(commandLine.toCommandLine()); session = host.startSession();
scp = session.exec(commandLine.toCommandLine());
} }
void exit() { void exit() {
@@ -102,6 +106,10 @@ class SCPEngine {
log.warn("SCP exit signal: {}", scp.getExitSignal()); log.warn("SCP exit signal: {}", scp.getExitSignal());
} }
} }
if(session != null) {
IOUtils.closeQuietly(session);
session = null;
}
scp = null; scp = null;
} }
@@ -121,7 +129,7 @@ class SCPEngine {
baos.write(x); baos.write(x);
} }
} }
final String msg = baos.toString(IOUtils.UTF8.displayName()); final String msg = baos.toString(StandardCharsets.UTF_8.displayName());
log.debug("Read message: `{}`", msg); log.debug("Read message: `{}`", msg);
return msg; return msg;
} }

32
src/main/java/net/schmizz/sshj/xfer/scp/SCPUploadClient.java
View File

@@ -20,6 +20,7 @@ import net.schmizz.sshj.common.StreamCopier;
import net.schmizz.sshj.xfer.LocalFileFilter; import net.schmizz.sshj.xfer.LocalFileFilter;
import net.schmizz.sshj.xfer.LocalSourceFile; import net.schmizz.sshj.xfer.LocalSourceFile;
import net.schmizz.sshj.xfer.TransferListener; import net.schmizz.sshj.xfer.TransferListener;
import net.schmizz.sshj.xfer.scp.ScpCommandLine.Arg;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
@@ -43,37 +44,44 @@ public class SCPUploadClient extends AbstractSCPClient {
return copy(sourceFile, remotePath, ScpCommandLine.EscapeMode.SingleQuote); return copy(sourceFile, remotePath, ScpCommandLine.EscapeMode.SingleQuote);
} }
public synchronized int copy (LocalSourceFile sourceFile, String remotePath, ScpCommandLine.EscapeMode escapeMode) throws IOException { public synchronized int copy(LocalSourceFile sourceFile, String remotePath, ScpCommandLine.EscapeMode escapeMode)
throws IOException {
return copy(sourceFile, remotePath, escapeMode, true); return copy(sourceFile, remotePath, escapeMode, true);
} }
public synchronized int copy(LocalSourceFile sourceFile, String remotePath, ScpCommandLine.EscapeMode escapeMode, boolean preserveTimes) public synchronized int copy(LocalSourceFile sourceFile, String remotePath, ScpCommandLine.EscapeMode escapeMode, boolean preserveTimes)
throws IOException { throws IOException {
ScpCommandLine commandLine = ScpCommandLine.with(ScpCommandLine.Arg.SINK)
.and(ScpCommandLine.Arg.RECURSIVE)
.and(ScpCommandLine.Arg.LIMIT, String.valueOf(bandwidthLimit), (bandwidthLimit > 0));
if (preserveTimes) {
commandLine.and(ScpCommandLine.Arg.PRESERVE_TIMES, sourceFile.providesAtimeMtime());
}
return copy(sourceFile, remotePath, escapeMode, commandLine);
}
public synchronized int copy(LocalSourceFile sourceFile, String remotePath, ScpCommandLine.EscapeMode escapeMode, ScpCommandLine commandLine)
throws IOException {
engine.cleanSlate(); engine.cleanSlate();
try { try {
startCopy(sourceFile, remotePath, escapeMode, preserveTimes); commandLine.withPath(remotePath, escapeMode);
startCopy(sourceFile, commandLine);
} finally { } finally {
engine.exit(); engine.exit();
} }
return engine.getExitStatus(); return engine.getExitStatus();
} }
public void setUploadFilter(LocalFileFilter uploadFilter) { public void setUploadFilter(LocalFileFilter uploadFilter) {
this.uploadFilter = uploadFilter; this.uploadFilter = uploadFilter;
} }
private void startCopy(LocalSourceFile sourceFile, String targetPath, ScpCommandLine.EscapeMode escapeMode, boolean preserveTimes) private void startCopy(LocalSourceFile sourceFile, ScpCommandLine commandLine)
throws IOException { throws IOException {
ScpCommandLine commandLine = ScpCommandLine.with(ScpCommandLine.Arg.SINK)
.and(ScpCommandLine.Arg.RECURSIVE)
.and(ScpCommandLine.Arg.LIMIT, String.valueOf(bandwidthLimit), (bandwidthLimit > 0));
if (preserveTimes) {
commandLine.and(ScpCommandLine.Arg.PRESERVE_TIMES, sourceFile.providesAtimeMtime());
}
commandLine.withPath(targetPath, escapeMode);
engine.execSCPWith(commandLine); engine.execSCPWith(commandLine);
engine.check("Start status OK"); engine.check("Start status OK");
process(engine.getTransferListener(), sourceFile, preserveTimes); process(engine.getTransferListener(), sourceFile, commandLine.has(Arg.PRESERVE_TIMES));
} }
private void process(TransferListener listener, LocalSourceFile f, boolean preserveTimes) private void process(TransferListener listener, LocalSourceFile f, boolean preserveTimes)

24
src/main/java/net/schmizz/sshj/xfer/scp/ScpCommandLine.java
View File

@@ -24,7 +24,7 @@ public class ScpCommandLine {
private static final String SCP_COMMAND = "scp"; private static final String SCP_COMMAND = "scp";
private EscapeMode mode; private EscapeMode mode;
enum Arg { public enum Arg {
SOURCE('f'), SOURCE('f'),
SINK('t'), SINK('t'),
RECURSIVE('r'), RECURSIVE('r'),
@@ -71,25 +71,25 @@ public class ScpCommandLine {
} }
} }
private LinkedHashMap<Arg, String> arguments = new LinkedHashMap<Arg, String>(); private final LinkedHashMap<Arg, String> arguments = new LinkedHashMap<Arg, String>();
private String path; private String path;
ScpCommandLine() { ScpCommandLine() {
} }
static ScpCommandLine with(Arg name) { public static ScpCommandLine with(Arg name) {
return with(name, null, true); return with(name, null, true);
} }
static ScpCommandLine with(Arg name, String value) { public static ScpCommandLine with(Arg name, String value) {
return with(name, value, true); return with(name, value, true);
} }
static ScpCommandLine with(Arg name, boolean accept) { public static ScpCommandLine with(Arg name, boolean accept) {
return with(name, null, accept); return with(name, null, accept);
} }
static ScpCommandLine with(Arg name, String value, boolean accept) { public static ScpCommandLine with(Arg name, String value, boolean accept) {
ScpCommandLine commandLine = new ScpCommandLine(); ScpCommandLine commandLine = new ScpCommandLine();
commandLine.addArgument(name, value, accept); commandLine.addArgument(name, value, accept);
return commandLine; return commandLine;
@@ -101,22 +101,22 @@ public class ScpCommandLine {
} }
} }
ScpCommandLine and(Arg name) { public ScpCommandLine and(Arg name) {
addArgument(name, null, true); addArgument(name, null, true);
return this; return this;
} }
ScpCommandLine and(Arg name, String value) { public ScpCommandLine and(Arg name, String value) {
addArgument(name, value, true); addArgument(name, value, true);
return this; return this;
} }
ScpCommandLine and(Arg name, boolean accept) { public ScpCommandLine and(Arg name, boolean accept) {
addArgument(name, null, accept); addArgument(name, null, accept);
return this; return this;
} }
ScpCommandLine and(Arg name, String value, boolean accept) { public ScpCommandLine and(Arg name, String value, boolean accept) {
addArgument(name, value, accept); addArgument(name, value, accept);
return this; return this;
} }
@@ -127,6 +127,10 @@ public class ScpCommandLine {
return this; return this;
} }
boolean has(Arg arg) {
return arguments.containsKey(arg);
}
String toCommandLine() { String toCommandLine() {
final StringBuilder cmd = new StringBuilder(SCP_COMMAND); final StringBuilder cmd = new StringBuilder(SCP_COMMAND);
for (Arg arg : arguments.keySet()) { for (Arg arg : arguments.keySet()) {

55
src/test/groovy/com/hierynomus/sshj/sftp/SFTPClientSpec.groovy
View File

@@ -19,6 +19,7 @@ import com.hierynomus.sshj.test.SshServerExtension
import com.hierynomus.sshj.test.util.FileUtil import com.hierynomus.sshj.test.util.FileUtil
import net.schmizz.sshj.SSHClient import net.schmizz.sshj.SSHClient
import net.schmizz.sshj.sftp.FileMode import net.schmizz.sshj.sftp.FileMode
import net.schmizz.sshj.sftp.RemoteResourceInfo
import net.schmizz.sshj.sftp.SFTPClient import net.schmizz.sshj.sftp.SFTPClient
import org.junit.jupiter.api.extension.RegisterExtension import org.junit.jupiter.api.extension.RegisterExtension
import spock.lang.Specification import spock.lang.Specification
@@ -206,6 +207,60 @@ class SFTPClientSpec extends Specification {
attrs.type == FileMode.Type.DIRECTORY attrs.type == FileMode.Type.DIRECTORY
} }
def "should support premature termination of listing"() {
given:
SSHClient sshClient = fixture.setupConnectedDefaultClient()
sshClient.authPassword("test", "test")
SFTPClient sftpClient = sshClient.newSFTPClient()
final Path source = Files.createDirectory(temp.resolve("source")).toAbsolutePath()
final Path destination = Files.createDirectory(temp.resolve("destination")).toAbsolutePath()
final Path firstFile = Files.writeString(source.resolve("a_first.txt"), "first")
final Path secondFile = Files.writeString(source.resolve("b_second.txt"), "second")
final Path thirdFile = Files.writeString(source.resolve("c_third.txt"), "third")
final Path fourthFile = Files.writeString(source.resolve("d_fourth.txt"), "fourth")
sftpClient.put(firstFile.toString(), destination.resolve(firstFile.fileName).toString())
sftpClient.put(secondFile.toString(), destination.resolve(secondFile.fileName).toString())
sftpClient.put(thirdFile.toString(), destination.resolve(thirdFile.fileName).toString())
sftpClient.put(fourthFile.toString(), destination.resolve(fourthFile.fileName).toString())
def filesListed = 0
RemoteResourceInfo expectedFile = null
RemoteResourceSelector limitingSelector = new RemoteResourceSelector() {
@Override
RemoteResourceSelector.Result select(RemoteResourceInfo resource) {
filesListed += 1
switch(filesListed) {
case 1:
return RemoteResourceSelector.Result.CONTINUE
case 2:
expectedFile = resource
return RemoteResourceSelector.Result.ACCEPT
case 3:
return RemoteResourceSelector.Result.BREAK
default:
throw new AssertionError((Object) "Should NOT select any more resources")
}
}
}
when:
def listingResult = sftpClient
.ls(destination.toString(), limitingSelector);
then:
// first should be skipped by CONTINUE
listingResult.contains(expectedFile) // second should be included by ACCEPT
// third should be skipped by BREAK
// fourth should be skipped by preceding BREAK
listingResult.size() == 1
cleanup:
sftpClient.close()
sshClient.disconnect()
}
private void doUpload(File src, File dest) throws IOException { private void doUpload(File src, File dest) throws IOException {
SSHClient sshClient = fixture.setupConnectedDefaultClient() SSHClient sshClient = fixture.setupConnectedDefaultClient()
sshClient.authPassword("test", "test") sshClient.authPassword("test", "test")

19
src/test/java/com/hierynomus/sshj/connection/channel/forwarded/LocalPortForwarderTest.java
View File

@@ -17,7 +17,6 @@ package com.hierynomus.sshj.connection.channel.forwarded;
import com.hierynomus.sshj.test.HttpServer; import com.hierynomus.sshj.test.HttpServer;
import com.hierynomus.sshj.test.SshServerExtension; import com.hierynomus.sshj.test.SshServerExtension;
import com.hierynomus.sshj.test.util.FileUtil;
import net.schmizz.sshj.SSHClient; import net.schmizz.sshj.SSHClient;
import net.schmizz.sshj.connection.channel.direct.LocalPortForwarder; import net.schmizz.sshj.connection.channel.direct.LocalPortForwarder;
import net.schmizz.sshj.connection.channel.direct.Parameters; import net.schmizz.sshj.connection.channel.direct.Parameters;
@@ -29,13 +28,10 @@ import org.junit.jupiter.api.extension.RegisterExtension;
import java.io.*; import java.io.*;
import java.net.*; import java.net.*;
import java.nio.file.Files;
import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertEquals;
public class LocalPortForwarderTest { public class LocalPortForwarderTest {
private static final String LOCALHOST_URL = "http://127.0.0.1:8080";
@RegisterExtension @RegisterExtension
public SshServerExtension fixture = new SshServerExtension(); public SshServerExtension fixture = new SshServerExtension();
@@ -43,21 +39,19 @@ public class LocalPortForwarderTest {
public HttpServer httpServer = new HttpServer(); public HttpServer httpServer = new HttpServer();
@BeforeEach @BeforeEach
public void setUp() throws IOException { public void setUp() {
fixture.getServer().setForwardingFilter(new AcceptAllForwardingFilter()); fixture.getServer().setForwardingFilter(new AcceptAllForwardingFilter());
File file = Files.createFile(httpServer.getDocRoot().toPath().resolve("index.html")).toFile();
FileUtil.writeToFile(file, "<html><head/><body><h1>Hi!</h1></body></html>");
} }
@Test @Test
public void shouldHaveWorkingHttpServer() throws IOException { public void shouldHaveWorkingHttpServer() throws IOException {
assertEquals(200, httpGet()); assertEquals(HttpURLConnection.HTTP_NOT_FOUND, httpGet());
} }
@Test @Test
public void shouldHaveHttpServerThatClosesConnectionAfterResponse() throws IOException { public void shouldHaveHttpServerThatClosesConnectionAfterResponse() throws IOException {
// Just to check that the test server does close connections before we try through the forwarder... // Just to check that the test server does close connections before we try through the forwarder...
httpGetAndAssertConnectionClosedByServer(8080); httpGetAndAssertConnectionClosedByServer(httpServer.getServerUrl().getPort());
} }
@Test @Test
@@ -68,7 +62,8 @@ public class LocalPortForwarderTest {
ServerSocket serverSocket = new ServerSocket(); ServerSocket serverSocket = new ServerSocket();
serverSocket.setReuseAddress(true); serverSocket.setReuseAddress(true);
serverSocket.bind(new InetSocketAddress("0.0.0.0", 12345)); serverSocket.bind(new InetSocketAddress("0.0.0.0", 12345));
LocalPortForwarder localPortForwarder = sshClient.newLocalPortForwarder(new Parameters("0.0.0.0", 12345, "localhost", 8080), serverSocket); final int serverPort = httpServer.getServerUrl().getPort();
LocalPortForwarder localPortForwarder = sshClient.newLocalPortForwarder(new Parameters("0.0.0.0", 12345, "localhost", serverPort), serverSocket);
new Thread(() -> { new Thread(() -> {
try { try {
localPortForwarder.listen(); localPortForwarder.listen();
@@ -90,7 +85,7 @@ public class LocalPortForwarderTest {
// It returns 400 Bad Request because it's missing a bunch of info, but the HTTP response doesn't matter, we just want to test the connection closing. // It returns 400 Bad Request because it's missing a bunch of info, but the HTTP response doesn't matter, we just want to test the connection closing.
OutputStream outputStream = socket.getOutputStream(); OutputStream outputStream = socket.getOutputStream();
PrintWriter writer = new PrintWriter(outputStream); PrintWriter writer = new PrintWriter(outputStream);
writer.println("GET / HTTP/1.1"); writer.println("GET / HTTP/1.1\r\n");
writer.println(""); writer.println("");
writer.flush(); writer.flush();
@@ -111,7 +106,7 @@ public class LocalPortForwarderTest {
} }
private int httpGet() throws IOException { private int httpGet() throws IOException {
final URL url = new URL(LOCALHOST_URL); final URL url = httpServer.getServerUrl().toURL();
final HttpURLConnection urlConnection = (HttpURLConnection) url.openConnection(); final HttpURLConnection urlConnection = (HttpURLConnection) url.openConnection();
urlConnection.setConnectTimeout(3000); urlConnection.setConnectTimeout(3000);
urlConnection.setRequestMethod("GET"); urlConnection.setRequestMethod("GET");

32
src/test/java/com/hierynomus/sshj/connection/channel/forwarded/RemotePortForwarderTest.java
View File

@@ -17,7 +17,6 @@ package com.hierynomus.sshj.connection.channel.forwarded;
import com.hierynomus.sshj.test.HttpServer; import com.hierynomus.sshj.test.HttpServer;
import com.hierynomus.sshj.test.SshServerExtension; import com.hierynomus.sshj.test.SshServerExtension;
import com.hierynomus.sshj.test.util.FileUtil;
import net.schmizz.sshj.SSHClient; import net.schmizz.sshj.SSHClient;
import net.schmizz.sshj.connection.ConnectionException; import net.schmizz.sshj.connection.ConnectionException;
import net.schmizz.sshj.connection.channel.forwarded.RemotePortForwarder; import net.schmizz.sshj.connection.channel.forwarded.RemotePortForwarder;
@@ -27,20 +26,18 @@ import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension; import org.junit.jupiter.api.extension.RegisterExtension;
import java.io.File;
import java.io.IOException; import java.io.IOException;
import java.net.HttpURLConnection; import java.net.HttpURLConnection;
import java.net.InetSocketAddress; import java.net.InetSocketAddress;
import java.net.URI;
import java.net.URL; import java.net.URL;
import java.nio.file.Files;
import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertEquals;
public class RemotePortForwarderTest { public class RemotePortForwarderTest {
private static final PortRange RANGE = new PortRange(9000, 9999); private static final PortRange RANGE = new PortRange(9000, 9999);
private static final String LOCALHOST = "127.0.0.1"; private static final String LOCALHOST = "127.0.0.1";
private static final String LOCALHOST_URL_FORMAT = "http://127.0.0.1:%d"; private static final String URL_FORMAT = "http://%s:%d";
private static final InetSocketAddress HTTP_SERVER_SOCKET_ADDR = new InetSocketAddress(LOCALHOST, 8080);
@RegisterExtension @RegisterExtension
public SshServerExtension fixture = new SshServerExtension(); public SshServerExtension fixture = new SshServerExtension();
@@ -49,21 +46,21 @@ public class RemotePortForwarderTest {
public HttpServer httpServer = new HttpServer(); public HttpServer httpServer = new HttpServer();
@BeforeEach @BeforeEach
public void setUp() throws IOException { public void setUp() {
fixture.getServer().setForwardingFilter(new AcceptAllForwardingFilter()); fixture.getServer().setForwardingFilter(new AcceptAllForwardingFilter());
File file = Files.createFile(httpServer.getDocRoot().toPath().resolve("index.html")).toFile();
FileUtil.writeToFile(file, "<html><head/><body><h1>Hi!</h1></body></html>");
} }
@Test @Test
public void shouldHaveWorkingHttpServer() throws IOException { public void shouldHaveWorkingHttpServer() throws IOException {
assertEquals(200, httpGet(8080)); final URI serverUrl = httpServer.getServerUrl();
assertEquals(HttpURLConnection.HTTP_NOT_FOUND, httpGet(serverUrl.getHost(), serverUrl.getPort()));
} }
@Test @Test
public void shouldDynamicallyForwardPortForLocalhost() throws IOException { public void shouldDynamicallyForwardPortForLocalhost() throws IOException {
SSHClient sshClient = getFixtureClient(); SSHClient sshClient = getFixtureClient();
RemotePortForwarder.Forward bind = forwardPort(sshClient, "127.0.0.1", new SinglePort(0)); RemotePortForwarder.Forward bind = forwardPort(sshClient, LOCALHOST, new SinglePort(0));
assertHttpGetSuccess(bind); assertHttpGetSuccess(bind);
} }
@@ -84,7 +81,7 @@ public class RemotePortForwarderTest {
@Test @Test
public void shouldForwardPortForLocalhost() throws IOException { public void shouldForwardPortForLocalhost() throws IOException {
SSHClient sshClient = getFixtureClient(); SSHClient sshClient = getFixtureClient();
RemotePortForwarder.Forward bind = forwardPort(sshClient, "127.0.0.1", RANGE); RemotePortForwarder.Forward bind = forwardPort(sshClient, LOCALHOST, RANGE);
assertHttpGetSuccess(bind); assertHttpGetSuccess(bind);
} }
@@ -103,17 +100,22 @@ public class RemotePortForwarderTest {
} }
private void assertHttpGetSuccess(final RemotePortForwarder.Forward bind) throws IOException { private void assertHttpGetSuccess(final RemotePortForwarder.Forward bind) throws IOException {
assertEquals(200, httpGet(bind.getPort())); final String bindAddress = bind.getAddress();
final String address = bindAddress.isEmpty() ? LOCALHOST : bindAddress;
final int port = bind.getPort();
assertEquals(HttpURLConnection.HTTP_NOT_FOUND, httpGet(address, port));
} }
private RemotePortForwarder.Forward forwardPort(SSHClient sshClient, String address, PortRange portRange) throws IOException { private RemotePortForwarder.Forward forwardPort(SSHClient sshClient, String address, PortRange portRange) throws IOException {
while (true) { while (true) {
final URI serverUrl = httpServer.getServerUrl();
final InetSocketAddress serverAddress = new InetSocketAddress(serverUrl.getHost(), serverUrl.getPort());
try { try {
return sshClient.getRemotePortForwarder().bind( return sshClient.getRemotePortForwarder().bind(
// where the server should listen // where the server should listen
new RemotePortForwarder.Forward(address, portRange.nextPort()), new RemotePortForwarder.Forward(address, portRange.nextPort()),
// what we do with incoming connections that are forwarded to us // what we do with incoming connections that are forwarded to us
new SocketForwardingConnectListener(HTTP_SERVER_SOCKET_ADDR)); new SocketForwardingConnectListener(serverAddress));
} catch (ConnectionException ce) { } catch (ConnectionException ce) {
if (!portRange.hasNext()) { if (!portRange.hasNext()) {
throw ce; throw ce;
@@ -122,8 +124,8 @@ public class RemotePortForwarderTest {
} }
} }
private int httpGet(final int port) throws IOException { private int httpGet(final String address, final int port) throws IOException {
final URL url = new URL(String.format(LOCALHOST_URL_FORMAT, port)); final URL url = new URL(String.format(URL_FORMAT, address, port));
final HttpURLConnection urlConnection = (HttpURLConnection) url.openConnection(); final HttpURLConnection urlConnection = (HttpURLConnection) url.openConnection();
urlConnection.setConnectTimeout(3000); urlConnection.setConnectTimeout(3000);
urlConnection.setRequestMethod("GET"); urlConnection.setRequestMethod("GET");

34
src/test/java/com/hierynomus/sshj/test/HttpServer.java
View File

@@ -19,42 +19,36 @@ import org.junit.jupiter.api.extension.AfterEachCallback;
import org.junit.jupiter.api.extension.BeforeEachCallback; import org.junit.jupiter.api.extension.BeforeEachCallback;
import org.junit.jupiter.api.extension.ExtensionContext; import org.junit.jupiter.api.extension.ExtensionContext;
import java.io.File; import java.net.InetSocketAddress;
import java.nio.file.Files; import java.net.URI;
/** /**
* Can be used to setup a test HTTP server * Can be used to setup a test HTTP server
*/ */
public class HttpServer implements BeforeEachCallback, AfterEachCallback { public class HttpServer implements BeforeEachCallback, AfterEachCallback {
private org.glassfish.grizzly.http.server.HttpServer httpServer; private static final String BIND_ADDRESS = "127.0.0.1";
private com.sun.net.httpserver.HttpServer httpServer;
private File docRoot ;
@Override @Override
public void afterEach(ExtensionContext context) throws Exception { public void afterEach(ExtensionContext context) {
try { try {
httpServer.shutdownNow(); httpServer.stop(0);
} catch (Exception e) {} } catch (Exception ignored) {}
try {
docRoot.delete();
} catch (Exception e) {}
} }
@Override @Override
public void beforeEach(ExtensionContext context) throws Exception { public void beforeEach(ExtensionContext context) throws Exception {
docRoot = Files.createTempDirectory("sshj").toFile(); httpServer = com.sun.net.httpserver.HttpServer.create();
httpServer = org.glassfish.grizzly.http.server.HttpServer.createSimpleServer(docRoot.getAbsolutePath()); final InetSocketAddress socketAddress = new InetSocketAddress(BIND_ADDRESS, 0);
httpServer.bind(socketAddress, 10);
httpServer.start(); httpServer.start();
} }
public org.glassfish.grizzly.http.server.HttpServer getHttpServer() { public URI getServerUrl() {
return httpServer; final InetSocketAddress bindAddress = httpServer.getAddress();
} final String serverUrl = String.format("http://%s:%d", BIND_ADDRESS, bindAddress.getPort());
return URI.create(serverUrl);
public File getDocRoot() {
return docRoot;
} }
} }

5
src/test/java/com/hierynomus/sshj/test/util/FileUtil.java
View File

@@ -18,6 +18,7 @@ package com.hierynomus.sshj.test.util;
import net.schmizz.sshj.common.IOUtils; import net.schmizz.sshj.common.IOUtils;
import java.io.*; import java.io.*;
import java.nio.charset.StandardCharsets;
public class FileUtil { public class FileUtil {
@@ -34,12 +35,12 @@ public class FileUtil {
FileInputStream fileInputStream = new FileInputStream(f); FileInputStream fileInputStream = new FileInputStream(f);
try { try {
ByteArrayOutputStream byteArrayOutputStream = IOUtils.readFully(fileInputStream); ByteArrayOutputStream byteArrayOutputStream = IOUtils.readFully(fileInputStream);
return byteArrayOutputStream.toString(IOUtils.UTF8.displayName()); return byteArrayOutputStream.toString(StandardCharsets.UTF_8.displayName());
} finally { } finally {
IOUtils.closeQuietly(fileInputStream); IOUtils.closeQuietly(fileInputStream);
} }
} }
public static boolean compareFileContents(File f1, File f2) throws IOException { public static boolean compareFileContents(File f1, File f2) throws IOException {
return readFromFile(f1).equals(readFromFile(f2)); return readFromFile(f1).equals(readFromFile(f2));
} }

8
src/test/java/com/hierynomus/sshj/transport/GcmCipherDecryptSshPacketTest.java
View File

@@ -19,13 +19,10 @@ import com.hierynomus.sshj.transport.cipher.GcmCiphers;
import net.schmizz.sshj.common.IOUtils; import net.schmizz.sshj.common.IOUtils;
import net.schmizz.sshj.common.SSHPacket; import net.schmizz.sshj.common.SSHPacket;
import net.schmizz.sshj.transport.cipher.Cipher; import net.schmizz.sshj.transport.cipher.Cipher;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments; import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource; import org.junit.jupiter.params.provider.MethodSource;
import java.security.Security;
import java.util.Arrays; import java.util.Arrays;
import java.util.stream.Stream; import java.util.stream.Stream;
@@ -42,11 +39,6 @@ public class GcmCipherDecryptSshPacketTest {
return Stream.of(Arguments.of("mina-sshd", 3), Arguments.of("openssh", 4)); return Stream.of(Arguments.of("mina-sshd", 3), Arguments.of("openssh", 4));
} }
@BeforeAll
public static void setupBeforeClass() {
Security.addProvider(new BouncyCastleProvider());
}
@ParameterizedTest @ParameterizedTest
@MethodSource("sets") @MethodSource("sets")
public void testDecryptPacket(String ssh, int nr) throws Exception { public void testDecryptPacket(String ssh, int nr) throws Exception {

67
src/test/java/com/hierynomus/sshj/transport/verification/OpenSSHKnownHostsTest.java
View File

@@ -15,43 +15,30 @@
*/ */
package com.hierynomus.sshj.transport.verification; package com.hierynomus.sshj.transport.verification;
import static org.junit.jupiter.api.Assertions.assertEquals; import net.schmizz.sshj.common.Buffer;
import static org.junit.jupiter.api.Assertions.assertFalse; import net.schmizz.sshj.transport.verification.OpenSSHKnownHosts;
import static org.junit.jupiter.api.Assertions.assertInstanceOf; import net.schmizz.sshj.util.KeyUtil;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.assertj.core.api.Assertions.*;
import java.io.File;
import java.io.IOException;
import java.lang.module.ModuleDescriptor.Opens;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.security.PublicKey;
import java.security.Security;
import java.util.Base64;
import java.util.stream.Stream;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.io.TempDir; import org.junit.jupiter.api.io.TempDir;
import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments; import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource; import org.junit.jupiter.params.provider.MethodSource;
import net.schmizz.sshj.common.Buffer; import java.io.File;
import net.schmizz.sshj.common.SecurityUtils; import java.io.IOException;
import net.schmizz.sshj.transport.verification.OpenSSHKnownHosts; import java.nio.charset.StandardCharsets;
import net.schmizz.sshj.util.KeyUtil; import java.nio.file.Files;
import java.security.PublicKey;
import java.util.Base64;
import java.util.stream.Stream;
import static org.assertj.core.api.Assertions.assertThat;
import static org.junit.jupiter.api.Assertions.*;
public class OpenSSHKnownHostsTest { public class OpenSSHKnownHostsTest {
@TempDir @TempDir
public File tempDir; public File tempDir;
@BeforeAll
public static void setup() {
SecurityUtils.registerSecurityProvider("org.bouncycastle.jce.provider.BouncyCastleProvider");
}
@Test @Test
public void shouldParseAndVerifyHashedHostEntry() throws Exception { public void shouldParseAndVerifyHashedHostEntry() throws Exception {
File knownHosts = knownHosts( File knownHosts = knownHosts(
@@ -110,6 +97,34 @@ public class OpenSSHKnownHostsTest {
assertTrue(ohk.verify("host1", 22, k)); assertTrue(ohk.verify("host1", 22, k));
} }
@Test
public void shouldNotFailOnMalformedBase64String() throws IOException {
File knownHosts = knownHosts(
"1.1.1.1 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA/CkqWXSlbdo7jPshvIWT/m3FAdpSIKUx/uTmz87ObpBxXsfF8aMSiwGMKHjqviTV4cG6F7vFf28ll+9CbGsbs=192\n"
);
OpenSSHKnownHosts ohk = new OpenSSHKnownHosts(knownHosts);
assertEquals(1, ohk.entries().size());
assertThat(ohk.entries().get(0)).isInstanceOf(OpenSSHKnownHosts.BadHostEntry.class);
}
@Test
public void shouldNotFailOnMalformeSaltBase64String() throws IOException {
// A record with broken base64 inside the salt part of the hash.
// No matter how it could be generated, such broken strings must not cause unexpected errors.
String hostName = "example.com";
File knownHosts = knownHosts(
"|1|2gujgGa6gJnK7wGPCX8zuGttvCMXX|Oqkbjtxd9RFxKQv6y3l3GIxLNiU= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGVVnyoAD5/uWiiuTSM3RuW8dEWRrqOXYobAMKHhAA6kuOBoPK+LoAYyUcN26bdMiCxg+VOaLHxPNWv5SlhbMWw=\n"
);
OpenSSHKnownHosts ohk = new OpenSSHKnownHosts(knownHosts);
assertEquals(1, ohk.entries().size());
// Some random valid public key. It doesn't matter for the test if it matches the broken host key record or not.
PublicKey k = new Buffer.PlainBuffer(Base64.getDecoder().decode(
"AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLTjA7hduYGmvV9smEEsIdGLdghSPD7kL8QarIIOkeXmBh+LTtT/T1K+Ot/rmXCZsP8hoUXxbvN+Tks440Ci0ck="))
.readPublicKey();
assertFalse(ohk.verify(hostName, 22, k));
}
@Test @Test
public void shouldMarkBadLineAndNotFail() throws Exception { public void shouldMarkBadLineAndNotFail() throws Exception {
File knownHosts = knownHosts( File knownHosts = knownHosts(

51
src/test/java/net/schmizz/keepalive/HeartbeaterTest.java Normal file
View File

@@ -0,0 +1,51 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.schmizz.keepalive;
import net.schmizz.sshj.DefaultConfig;
import net.schmizz.sshj.common.Message;
import net.schmizz.sshj.common.SSHPacket;
import net.schmizz.sshj.connection.ConnectionImpl;
import net.schmizz.sshj.transport.Transport;
import org.junit.jupiter.api.Test;
import org.mockito.ArgumentCaptor;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
class HeartbeaterTest {
@Test
void ignoreMessageContainsData() throws Exception {
Transport transport = mock(Transport.class);
when(transport.getConfig()).thenReturn(new DefaultConfig());
ArgumentCaptor<SSHPacket> sshPacketCaptor = ArgumentCaptor.forClass(SSHPacket.class);
when(transport.write(sshPacketCaptor.capture())).thenReturn(0L);
ConnectionImpl connection = new ConnectionImpl(transport, KeepAliveProvider.HEARTBEAT);
KeepAlive heartbeater = connection.getKeepAlive();
assertThat(heartbeater).isInstanceOf(Heartbeater.class);
heartbeater.doKeepAlive();
SSHPacket sshPacket = sshPacketCaptor.getValue();
assertThat(sshPacket.readMessageID()).isEqualTo(Message.IGNORE);
assertThat(sshPacket.readBytes()).isNotNull();
}
}

105
src/test/java/net/schmizz/sshj/ConnectedSocketTest.java Normal file
View File

@@ -0,0 +1,105 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.schmizz.sshj;
import com.hierynomus.sshj.test.SshServerExtension;
import net.schmizz.sshj.SSHClient;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.MethodSource;
import org.apache.sshd.server.SshServer;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.util.stream.Stream;
import javax.net.SocketFactory;
import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
public class ConnectedSocketTest {
@RegisterExtension
public SshServerExtension fixture = new SshServerExtension();
@BeforeEach
public void setupClient() throws IOException {
SSHClient defaultClient = fixture.setupDefaultClient();
}
private static interface Connector {
void connect(SshServerExtension fx) throws IOException;
}
private static void connectViaHostname(SshServerExtension fx) throws IOException {
SshServer server = fx.getServer();
fx.getClient().connect("localhost", server.getPort());
}
private static void connectViaAddr(SshServerExtension fx) throws IOException {
SshServer server = fx.getServer();
InetAddress addr = InetAddress.getByName(server.getHost());
fx.getClient().connect(addr, server.getPort());
}
private static Stream<Connector> connectMethods() {
return Stream.of(fx -> connectViaHostname(fx), fx -> connectViaAddr(fx));
}
@ParameterizedTest
@MethodSource("connectMethods")
public void connectsIfUnconnected(Connector connector) {
assertDoesNotThrow(() -> connector.connect(fixture));
}
@ParameterizedTest
@MethodSource("connectMethods")
public void handlesConnected(Connector connector) throws IOException {
Socket socket = SocketFactory.getDefault().createSocket();
SocketFactory factory = new SocketFactory() {
@Override
public Socket createSocket() {
return socket;
}
@Override
public Socket createSocket(InetAddress host, int port) {
return socket;
}
@Override
public Socket createSocket(InetAddress address, int port,
InetAddress localAddress, int localPort) {
return socket;
}
@Override
public Socket createSocket(String host, int port) {
return socket;
}
@Override
public Socket createSocket(String host, int port,
InetAddress localHost, int localPort) {
return socket;
}
};
socket.connect(new InetSocketAddress("localhost", fixture.getServer().getPort()));
fixture.getClient().setSocketFactory(factory);
assertDoesNotThrow(() -> connector.connect(fixture));
}
}

73
src/test/java/net/schmizz/sshj/keyprovider/CorruptedPublicKeyTest.java Normal file
View File

@@ -0,0 +1,73 @@
/*
* Copyright (C)2009 - SSHJ Contributors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package net.schmizz.sshj.keyprovider;
import net.schmizz.sshj.SSHClient;
import net.schmizz.sshj.util.CorruptBase64;
import org.junit.jupiter.api.io.TempDir;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.CsvSource;
import java.io.BufferedReader;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.Optional;
public class CorruptedPublicKeyTest {
private final Path keyRoot = Path.of("src/test/resources");
@TempDir
public Path tempDir;
@ParameterizedTest
@CsvSource({
"keyformats/ecdsa_opensshv1,",
"keyformats/openssh,",
"keytypes/test_ecdsa_nistp521_2,",
"keytypes/ed25519_protected, sshjtest",
})
public void corruptedPublicKey(String privateKeyFileName, String passphrase) throws IOException {
Files.createDirectories(tempDir.resolve(privateKeyFileName).getParent());
Files.copy(keyRoot.resolve(privateKeyFileName), tempDir.resolve(privateKeyFileName));
{
String publicKeyText;
try (var reader = new BufferedReader(new FileReader(
keyRoot.resolve(privateKeyFileName + ".pub").toFile()))) {
publicKeyText = reader.readLine();
}
String[] parts = publicKeyText.split("\\s+");
parts[1] = CorruptBase64.corruptBase64(parts[1]);
try (var writer = new FileWriter(tempDir.resolve(privateKeyFileName + ".pub").toFile())) {
writer.write(String.join(" ", parts));
}
}
// Must not throw an exception.
try (var sshClient = new SSHClient()) {
sshClient.loadKeys(
tempDir.resolve(privateKeyFileName).toString(),
Optional.ofNullable(passphrase).map(String::toCharArray).orElse(null)
).getPublic();
}
}
}

27
src/test/java/net/schmizz/sshj/keyprovider/OpenSSHKeyFileTest.java
View File

@@ -222,7 +222,7 @@ public class OpenSSHKeyFileTest {
OpenSSHKeyV1KeyFile keyFile = new OpenSSHKeyV1KeyFile(); OpenSSHKeyV1KeyFile keyFile = new OpenSSHKeyV1KeyFile();
keyFile.init(new File("src/test/resources/keytypes/test_ed25519")); keyFile.init(new File("src/test/resources/keytypes/test_ed25519"));
PrivateKey aPrivate = keyFile.getPrivate(); PrivateKey aPrivate = keyFile.getPrivate();
assertThat(aPrivate.getAlgorithm(), equalTo("EdDSA")); assertThat(aPrivate.getAlgorithm(), equalTo("Ed25519"));
} }
@Test @Test
@@ -343,7 +343,7 @@ public class OpenSSHKeyFileTest {
WipeTrackingPasswordFinder pwf = new WipeTrackingPasswordFinder(password, withRetry); WipeTrackingPasswordFinder pwf = new WipeTrackingPasswordFinder(password, withRetry);
keyFile.init(new File(key), pwf); keyFile.init(new File(key), pwf);
PrivateKey aPrivate = keyFile.getPrivate(); PrivateKey aPrivate = keyFile.getPrivate();
assertThat(aPrivate.getAlgorithm(), equalTo("EdDSA")); assertThat(aPrivate.getAlgorithm(), equalTo("Ed25519"));
pwf.assertWiped(); pwf.assertWiped();
} }
@@ -381,6 +381,18 @@ public class OpenSSHKeyFileTest {
} }
@Test
public void shouldSuccessfullyLoadSignedRSAPublicKeyFromStream() throws IOException {
FileKeyProvider keyFile = new OpenSSHKeyFile();
keyFile.init(new FileReader("src/test/resources/keytypes/certificate/test_rsa"),
new FileReader("src/test/resources/keytypes/certificate/test_rsa.pub"),
PasswordUtils.createOneOff(correctPassphrase));
assertNotNull(keyFile.getPrivate());
PublicKey pubKey = keyFile.getPublic();
assertNotNull(pubKey);
assertEquals("RSA", pubKey.getAlgorithm());
}
@Test @Test
public void shouldSuccessfullyLoadSignedRSAPublicKeyWithMaxDate() throws IOException { public void shouldSuccessfullyLoadSignedRSAPublicKeyWithMaxDate() throws IOException {
FileKeyProvider keyFile = new OpenSSHKeyFile(); FileKeyProvider keyFile = new OpenSSHKeyFile();
@@ -422,6 +434,17 @@ public class OpenSSHKeyFileTest {
assertEquals("", certificate.getExtensions().get("permit-pty")); assertEquals("", certificate.getExtensions().get("permit-pty"));
} }
@Test
public void shouldSuccessfullyLoadSignedDSAPublicKeyFromStream() throws IOException {
FileKeyProvider keyFile = new OpenSSHKeyFile();
keyFile.init(new FileReader("src/test/resources/keytypes/certificate/test_dsa"),
new FileReader("src/test/resources/keytypes/certificate/test_dsa-cert.pub"),
PasswordUtils.createOneOff(correctPassphrase));
assertNotNull(keyFile.getPrivate());
PublicKey pubKey = keyFile.getPublic();
assertEquals("DSA", pubKey.getAlgorithm());
}
/** /**
* Sometimes users copy-pastes private and public keys in text editors. It leads to redundant * Sometimes users copy-pastes private and public keys in text editors. It leads to redundant
* spaces and newlines. OpenSSH can easily read such keys, so users expect from SSHJ the same. * spaces and newlines. OpenSSH can easily read such keys, so users expect from SSHJ the same.

4
src/test/java/net/schmizz/sshj/keyprovider/PKCS8KeyFileTest.java
View File

@@ -126,8 +126,8 @@ public class PKCS8KeyFileTest {
public void testPkcs8Ecdsa() throws IOException { public void testPkcs8Ecdsa() throws IOException {
final PKCS8KeyFile provider = new PKCS8KeyFile(); final PKCS8KeyFile provider = new PKCS8KeyFile();
provider.init(getFile("pkcs8-ecdsa")); provider.init(getFile("pkcs8-ecdsa"));
assertEquals(KeyAlgorithm.ECDSA, provider.getPublic().getAlgorithm()); assertEquals(KeyAlgorithm.EC_KEYSTORE, provider.getPublic().getAlgorithm());
assertEquals(KeyAlgorithm.ECDSA, provider.getPrivate().getAlgorithm()); assertEquals(KeyAlgorithm.EC_KEYSTORE, provider.getPrivate().getAlgorithm());
} }
@Test @Test

64
src/test/java/net/schmizz/sshj/keyprovider/PuTTYKeyFileTest.java
View File

@@ -18,15 +18,19 @@ package net.schmizz.sshj.keyprovider;
import com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyV1KeyFile; import com.hierynomus.sshj.userauth.keyprovider.OpenSSHKeyV1KeyFile;
import net.schmizz.sshj.userauth.keyprovider.PKCS8KeyFile; import net.schmizz.sshj.userauth.keyprovider.PKCS8KeyFile;
import net.schmizz.sshj.userauth.keyprovider.PuTTYKeyFile; import net.schmizz.sshj.userauth.keyprovider.PuTTYKeyFile;
import net.schmizz.sshj.util.CorruptBase64;
import net.schmizz.sshj.util.UnitTestPasswordFinder; import net.schmizz.sshj.util.UnitTestPasswordFinder;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import java.io.BufferedReader;
import java.io.File; import java.io.File;
import java.io.IOException; import java.io.IOException;
import java.io.StringReader; import java.io.StringReader;
import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey; import java.security.interfaces.RSAPublicKey;
import java.util.Objects;
import static java.lang.Math.min;
import static org.junit.jupiter.api.Assertions.*; import static org.junit.jupiter.api.Assertions.*;
public class PuTTYKeyFileTest { public class PuTTYKeyFileTest {
@@ -421,7 +425,6 @@ public class PuTTYKeyFileTest {
PKCS8KeyFile referenceKey = new PKCS8KeyFile(); PKCS8KeyFile referenceKey = new PKCS8KeyFile();
referenceKey.init(new File("src/test/resources/keytypes/test_ecdsa_nistp256")); referenceKey.init(new File("src/test/resources/keytypes/test_ecdsa_nistp256"));
assertEquals(key.getPrivate(), referenceKey.getPrivate());
assertEquals(key.getPublic(), referenceKey.getPublic()); assertEquals(key.getPublic(), referenceKey.getPublic());
} }
@@ -486,6 +489,8 @@ public class PuTTYKeyFileTest {
key.init(new StringReader(v3_rsa_argon2d), new UnitTestPasswordFinder("changeit")); key.init(new StringReader(v3_rsa_argon2d), new UnitTestPasswordFinder("changeit"));
assertNotNull(key.getPrivate()); assertNotNull(key.getPrivate());
assertNotNull(key.getPublic()); assertNotNull(key.getPublic());
assertEquals(3, key.getKeyFileVersion());
OpenSSHKeyV1KeyFile referenceKey = new OpenSSHKeyV1KeyFile(); OpenSSHKeyV1KeyFile referenceKey = new OpenSSHKeyV1KeyFile();
referenceKey.init(new File("src/test/resources/keytypes/test_rsa_putty_priv.openssh2")); referenceKey.init(new File("src/test/resources/keytypes/test_rsa_putty_priv.openssh2"));
RSAPrivateKey loadedPrivate = (RSAPrivateKey) key.getPrivate(); RSAPrivateKey loadedPrivate = (RSAPrivateKey) key.getPrivate();
@@ -558,4 +563,61 @@ public class PuTTYKeyFileTest {
assertNull(key.getPrivate()); assertNull(key.getPrivate());
}); });
} }
@Test
public void corruptedPublicLines() throws Exception {
assertThrows(IOException.class, () -> {
PuTTYKeyFile key = new PuTTYKeyFile();
key.init(new StringReader(corruptBase64InPuttyKey(ppk2048, "Public-Lines: ")));
key.getPublic();
});
}
@Test
public void corruptedPrivateLines() throws Exception {
assertThrows(IOException.class, () -> {
PuTTYKeyFile key = new PuTTYKeyFile();
key.init(new StringReader(corruptBase64InPuttyKey(ppk2048, "Private-Lines: ")));
key.getPublic();
});
}
private String corruptBase64InPuttyKey(
@SuppressWarnings("SameParameterValue") String source,
String sectionPrefix
) throws IOException {
try (var reader = new BufferedReader(new StringReader(source))) {
StringBuilder result = new StringBuilder();
while (true) {
String line = reader.readLine();
if (line == null) {
break;
} else if (line.startsWith(sectionPrefix)) {
int base64LineCount = Integer.parseInt(line.substring(sectionPrefix.length()));
StringBuilder base64 = new StringBuilder();
for (int i = 0; i < base64LineCount; ++i) {
base64.append(Objects.requireNonNull(reader.readLine()));
}
String corruptedBase64 = CorruptBase64.corruptBase64(base64.toString());
// 64 is the length of base64 lines in PuTTY keys generated by puttygen.
// It's not clear if it's some standard or not.
// It doesn't match the MIME Base64 standard.
int chunkSize = 64;
result.append(sectionPrefix);
result.append((corruptedBase64.length() + chunkSize - 1) / chunkSize);
result.append('\n');
for (int offset = 0; offset < corruptedBase64.length(); offset += chunkSize) {
result.append(corruptedBase64, offset, min(corruptedBase64.length(), offset + chunkSize));
result.append('\n');
}
} else {
result.append(line);
result.append('\n');
}
}
return result.toString();
}
}
} }

4
src/test/java/net/schmizz/sshj/signature/SignatureDSATest.java
View File

@@ -17,11 +17,11 @@ package net.schmizz.sshj.signature;
import com.hierynomus.sshj.common.KeyAlgorithm; import com.hierynomus.sshj.common.KeyAlgorithm;
import net.schmizz.sshj.common.Buffer; import net.schmizz.sshj.common.Buffer;
import net.schmizz.sshj.common.IOUtils;
import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import java.math.BigInteger; import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory; import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.spec.DSAPrivateKeySpec; import java.security.spec.DSAPrivateKeySpec;
@@ -47,7 +47,7 @@ public class SignatureDSATest {
BigInteger q = new BigInteger(new byte[] { 0, -105, 96, 80, -113, 21, 35, 11, -52, -78, -110, -71, -126, -94, -21, -124, 11, -16, 88, 28, -11 }); BigInteger q = new BigInteger(new byte[] { 0, -105, 96, 80, -113, 21, 35, 11, -52, -78, -110, -71, -126, -94, -21, -124, 11, -16, 88, 28, -11 });
BigInteger g = new BigInteger(new byte[] { 0, -9, -31, -96, -123, -42, -101, 61, -34, -53, -68, -85, 92, 54, -72, 87, -71, 121, -108, -81, -69, -6, 58, -22, -126, -7, 87, 76, 11, 61, 7, -126, 103, 81, 89, 87, -114, -70, -44, 89, 79, -26, 113, 7, 16, -127, -128, -76, 73, 22, 113, 35, -24, 76, 40, 22, 19, -73, -49, 9, 50, -116, -56, -90, -31, 60, 22, 122, -117, 84, 124, -115, 40, -32, -93, -82, 30, 43, -77, -90, 117, -111, 110, -93, 127, 11, -6, 33, 53, 98, -15, -5, 98, 122, 1, 36, 59, -52, -92, -15, -66, -88, 81, -112, -119, -88, -125, -33, -31, 90, -27, -97, 6, -110, -117, 102, 94, -128, 123, 85, 37, 100, 1, 76, 59, -2, -49, 73, 42 }); BigInteger g = new BigInteger(new byte[] { 0, -9, -31, -96, -123, -42, -101, 61, -34, -53, -68, -85, 92, 54, -72, 87, -71, 121, -108, -81, -69, -6, 58, -22, -126, -7, 87, 76, 11, 61, 7, -126, 103, 81, 89, 87, -114, -70, -44, 89, 79, -26, 113, 7, 16, -127, -128, -76, 73, 22, 113, 35, -24, 76, 40, 22, 19, -73, -49, 9, 50, -116, -56, -90, -31, 60, 22, 122, -117, 84, 124, -115, 40, -32, -93, -82, 30, 43, -77, -90, 117, -111, 110, -93, 127, 11, -6, 33, 53, 98, -15, -5, 98, 122, 1, 36, 59, -52, -92, -15, -66, -88, 81, -112, -119, -88, -125, -33, -31, 90, -27, -97, 6, -110, -117, 102, 94, -128, 123, 85, 37, 100, 1, 76, 59, -2, -49, 73, 42 });
byte[] data = "The Magic Words are Squeamish Ossifrage".getBytes(IOUtils.UTF8); byte[] data = "The Magic Words are Squeamish Ossifrage".getBytes(StandardCharsets.UTF_8);
// A previously signed and verified signature using the data and DSA key parameters above. // A previously signed and verified signature using the data and DSA key parameters above.
byte[] dataSig = new byte[] { 0, 0, 0, 7, 115, 115, 104, 45, 100, 115, 115, 0, 0, 0, 40, 40, -71, 33, 105, -89, -107, 8, 26, -13, -90, 73, -103, 105, 112, 7, -59, -66, 46, 85, -27, 20, 82, 22, -113, -75, -86, -121, -42, -73, 78, 66, 93, -34, 39, -50, -93, 27, -5, 37, -92 }; byte[] dataSig = new byte[] { 0, 0, 0, 7, 115, 115, 104, 45, 100, 115, 115, 0, 0, 0, 40, 40, -71, 33, 105, -89, -107, 8, 26, -13, -90, 73, -103, 105, 112, 7, -59, -66, 46, 85, -27, 20, 82, 22, -113, -75, -86, -121, -42, -73, 78, 66, 93, -34, 39, -50, -93, 27, -5, 37, -92 };

3
src/test/java/net/schmizz/sshj/transport/DecoderDecryptGcmCipherSshPacketTest.java
View File

@@ -22,12 +22,10 @@ import net.schmizz.sshj.common.LoggerFactory;
import net.schmizz.sshj.common.SSHException; import net.schmizz.sshj.common.SSHException;
import net.schmizz.sshj.common.SSHPacket; import net.schmizz.sshj.common.SSHPacket;
import net.schmizz.sshj.transport.cipher.Cipher; import net.schmizz.sshj.transport.cipher.Cipher;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import java.security.SecureRandom; import java.security.SecureRandom;
import java.security.Security;
import static org.junit.jupiter.api.Assertions.assertArrayEquals; import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.any;
@@ -49,7 +47,6 @@ public class DecoderDecryptGcmCipherSshPacketTest {
@BeforeEach @BeforeEach
public void setUp() throws Exception { public void setUp() throws Exception {
Security.addProvider(new BouncyCastleProvider());
ClassLoader classLoader = DecoderDecryptGcmCipherSshPacketTest.class.getClassLoader(); ClassLoader classLoader = DecoderDecryptGcmCipherSshPacketTest.class.getClassLoader();
iv = IOUtils.readFully(classLoader.getResourceAsStream("ssh-packets/gcm/mina-sshd/s2c.iv.bin" )).toByteArray(); iv = IOUtils.readFully(classLoader.getResourceAsStream("ssh-packets/gcm/mina-sshd/s2c.iv.bin" )).toByteArray();
key = IOUtils.readFully(classLoader.getResourceAsStream("ssh-packets/gcm/mina-sshd/s2c.key.bin" )).toByteArray(); key = IOUtils.readFully(classLoader.getResourceAsStream("ssh-packets/gcm/mina-sshd/s2c.key.bin" )).toByteArray();

22
src/test/java/net/schmizz/sshj/transport/kex/Curve25519DHTest.java
View File

@@ -15,17 +15,24 @@
*/ */
package net.schmizz.sshj.transport.kex; package net.schmizz.sshj.transport.kex;
import net.schmizz.sshj.common.SecurityUtils;
import net.schmizz.sshj.transport.random.JCERandom; import net.schmizz.sshj.transport.random.JCERandom;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import java.math.BigInteger; import java.math.BigInteger;
import java.security.GeneralSecurityException; import java.security.GeneralSecurityException;
import java.security.KeyPairGenerator;
import java.security.Provider;
import java.security.Security;
import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertNotNull;
public class Curve25519DHTest { public class Curve25519DHTest {
private static final String ALGORITHM_FILTER = "KeyPairGenerator.X25519";
private static final int KEY_LENGTH = 32; private static final int KEY_LENGTH = 32;
private static final byte[] PEER_PUBLIC_KEY = { private static final byte[] PEER_PUBLIC_KEY = {
@@ -35,8 +42,16 @@ public class Curve25519DHTest {
1, 2, 3, 4, 5, 6, 7, 8 1, 2, 3, 4, 5, 6, 7, 8
}; };
@BeforeEach
public void clearSecurityProvider() {
SecurityUtils.setSecurityProvider(null);
}
@Test @Test
public void testInitPublicKeyLength() throws GeneralSecurityException { public void testInitPublicKeyLength() throws GeneralSecurityException {
final boolean bouncyCastleRegistrationRequired = isAlgorithmUnsupported();
SecurityUtils.setRegisterBouncyCastle(bouncyCastleRegistrationRequired);
final Curve25519DH dh = new Curve25519DH(); final Curve25519DH dh = new Curve25519DH();
dh.init(null, new JCERandom.Factory()); dh.init(null, new JCERandom.Factory());
@@ -48,6 +63,8 @@ public class Curve25519DHTest {
@Test @Test
public void testInitComputeSharedSecretKey() throws GeneralSecurityException { public void testInitComputeSharedSecretKey() throws GeneralSecurityException {
SecurityUtils.setRegisterBouncyCastle(true);
final Curve25519DH dh = new Curve25519DH(); final Curve25519DH dh = new Curve25519DH();
dh.init(null, new JCERandom.Factory()); dh.init(null, new JCERandom.Factory());
@@ -57,4 +74,9 @@ public class Curve25519DHTest {
assertNotNull(sharedSecretKey); assertNotNull(sharedSecretKey);
assertEquals(BigInteger.ONE.signum(), sharedSecretKey.signum()); assertEquals(BigInteger.ONE.signum(), sharedSecretKey.signum());
} }
private boolean isAlgorithmUnsupported() {
final Provider[] providers = Security.getProviders(ALGORITHM_FILTER);
return providers == null || providers.length == 0;
}
} }

17
src/test/java/net/schmizz/sshj/transport/mac/BaseMacTest.java
View File

@@ -17,10 +17,11 @@ package net.schmizz.sshj.transport.mac;
import com.hierynomus.sshj.transport.mac.Macs; import com.hierynomus.sshj.transport.mac.Macs;
import net.schmizz.sshj.common.SSHRuntimeException; import net.schmizz.sshj.common.SSHRuntimeException;
import org.bouncycastle.util.encoders.Hex; import org.apache.sshd.common.util.buffer.BufferUtils;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import java.nio.charset.Charset; import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import static org.hamcrest.CoreMatchers.is; import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.MatcherAssert.assertThat;
@@ -28,9 +29,9 @@ import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.fail; import static org.junit.jupiter.api.Assertions.fail;
public class BaseMacTest { public class BaseMacTest {
private static final Charset CHARSET = Charset.forName("US-ASCII"); private static final Charset CHARSET = StandardCharsets.US_ASCII;
private static final byte[] PLAIN_TEXT = "Hello World".getBytes(CHARSET); private static final byte[] PLAIN_TEXT = "Hello World".getBytes(CHARSET);
private static final String EXPECTED_HMAC = "24ddeed57ad91465c5b59dce74ef73778bfb0cb9"; private static final String EXPECTED_HMAC = "24 dd ee d5 7a d9 14 65 c5 b5 9d ce 74 ef 73 77 8b fb 0c b9";
private static final String KEY = "et1Quo5ooCie6theel8i"; private static final String KEY = "et1Quo5ooCie6theel8i";
@Test @Test
@@ -38,7 +39,7 @@ public class BaseMacTest {
BaseMAC hmac = Macs.HMACSHA1().create(); BaseMAC hmac = Macs.HMACSHA1().create();
hmac.init((KEY + "foo").getBytes(CHARSET)); hmac.init((KEY + "foo").getBytes(CHARSET));
hmac.update(PLAIN_TEXT); hmac.update(PLAIN_TEXT);
assertThat(Hex.toHexString(hmac.doFinal()), is(EXPECTED_HMAC)); assertThat(BufferUtils.toHex(hmac.doFinal()), is(EXPECTED_HMAC));
} }
@Test @Test
@@ -54,7 +55,7 @@ public class BaseMacTest {
public void testUpdateWithDoFinal() { public void testUpdateWithDoFinal() {
BaseMAC hmac = initHmac(); BaseMAC hmac = initHmac();
hmac.update(PLAIN_TEXT); hmac.update(PLAIN_TEXT);
assertThat(Hex.toHexString(hmac.doFinal()), is(EXPECTED_HMAC)); assertThat(BufferUtils.toHex(hmac.doFinal()), is(EXPECTED_HMAC));
} }
@Test @Test
@@ -67,13 +68,13 @@ public class BaseMacTest {
// update with the range from the second to penultimate byte // update with the range from the second to penultimate byte
hmac.update(plainText, 1, PLAIN_TEXT.length); hmac.update(plainText, 1, PLAIN_TEXT.length);
assertThat(Hex.toHexString(hmac.doFinal()), is(EXPECTED_HMAC)); assertThat(BufferUtils.toHex(hmac.doFinal()), is(EXPECTED_HMAC));
} }
@Test @Test
public void testDoFinalWithInput() { public void testDoFinalWithInput() {
BaseMAC hmac = initHmac(); BaseMAC hmac = initHmac();
assertThat(Hex.toHexString(hmac.doFinal(PLAIN_TEXT)), is(EXPECTED_HMAC)); assertThat(BufferUtils.toHex(hmac.doFinal(PLAIN_TEXT)), is(EXPECTED_HMAC));
} }
@Test @Test
@@ -82,7 +83,7 @@ public class BaseMacTest {
byte[] resultBuf = new byte[20]; byte[] resultBuf = new byte[20];
hmac.update(PLAIN_TEXT); hmac.update(PLAIN_TEXT);
hmac.doFinal(resultBuf, 0); hmac.doFinal(resultBuf, 0);
assertThat(Hex.toHexString(resultBuf), is(EXPECTED_HMAC)); assertThat(BufferUtils.toHex(resultBuf), is(EXPECTED_HMAC));
} }
private BaseMAC initHmac() { private BaseMAC initHmac() {

13
src/test/java/net/schmizz/sshj/transport/mac/HMACMD596Test.java
View File

@@ -16,30 +16,31 @@
package net.schmizz.sshj.transport.mac; package net.schmizz.sshj.transport.mac;
import com.hierynomus.sshj.transport.mac.Macs; import com.hierynomus.sshj.transport.mac.Macs;
import org.bouncycastle.util.encoders.Hex; import org.apache.sshd.common.util.buffer.BufferUtils;
import org.junit.jupiter.api.Test; import org.junit.jupiter.api.Test;
import java.nio.charset.Charset; import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import static org.hamcrest.CoreMatchers.is; import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.MatcherAssert.assertThat;
public class HMACMD596Test { public class HMACMD596Test {
private static final Charset CHARSET = Charset.forName("US-ASCII"); private static final Charset CHARSET = StandardCharsets.US_ASCII;
private static final byte[] PLAIN_TEXT = "Hello World".getBytes(CHARSET); private static final byte[] PLAIN_TEXT = "Hello World".getBytes(CHARSET);
private static final String EXPECTED_HMAC = "dff33c507463f9cf088a5ce8"; private static final String EXPECTED_HMAC = "df f3 3c 50 74 63 f9 cf 08 8a 5c e8";
@Test @Test
public void testUpdateWithDoFinal() { public void testUpdateWithDoFinal() {
BaseMAC hmac = initHmac(); BaseMAC hmac = initHmac();
hmac.update(PLAIN_TEXT); hmac.update(PLAIN_TEXT);
assertThat(Hex.toHexString(hmac.doFinal()), is(EXPECTED_HMAC)); assertThat(BufferUtils.toHex(hmac.doFinal()), is(EXPECTED_HMAC));
} }
@Test @Test
public void testDoFinalWithInput() { public void testDoFinalWithInput() {
BaseMAC hmac = initHmac(); BaseMAC hmac = initHmac();
assertThat(Hex.toHexString(hmac.doFinal(PLAIN_TEXT)), assertThat(BufferUtils.toHex(hmac.doFinal(PLAIN_TEXT)),
is(EXPECTED_HMAC)); is(EXPECTED_HMAC));
} }
@@ -49,7 +50,7 @@ public class HMACMD596Test {
byte[] resultBuf = new byte[12]; byte[] resultBuf = new byte[12];
hmac.update(PLAIN_TEXT); hmac.update(PLAIN_TEXT);
hmac.doFinal(resultBuf, 0); hmac.doFinal(resultBuf, 0);
assertThat(Hex.toHexString(resultBuf), is(EXPECTED_HMAC)); assertThat(BufferUtils.toHex(resultBuf), is(EXPECTED_HMAC));
} }
private BaseMAC initHmac() { private BaseMAC initHmac() {

Some files were not shown because too many files have changed in this diff Show More