Browse Source

Apache MINA sshd client: adapt to sshd 2.2.0

Update target platforms, maven and bazel builds to use sshd 2.2.0.

Adapt internal classes to changed sshd interfaces and remove previous
work-arounds for asking repeatedly for key passwords and for loading
keys lazily; both are now done by sshd.

CQ: 19034
CQ: 19035
Bug: 541425
Change-Id: I85e1df6ebb8a94953a912d9b2b8a7b5bdfbd608a
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
stable-5.4
Thomas Wolf 6 years ago committed by Matthias Sohn
parent
commit
86cee68e0d
  1. 10
      WORKSPACE
  2. 4
      lib/BUILD
  3. 2
      org.eclipse.jgit.junit.ssh/BUILD
  4. 43
      org.eclipse.jgit.junit.ssh/META-INF/MANIFEST.MF
  5. 2
      org.eclipse.jgit.junit.ssh/pom.xml
  6. 30
      org.eclipse.jgit.junit.ssh/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java
  7. 2
      org.eclipse.jgit.packaging/org.eclipse.jgit.junit.feature/feature.xml
  8. 2
      org.eclipse.jgit.packaging/org.eclipse.jgit.ssh.apache.feature/feature.xml
  9. 10
      org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.10.target
  10. 10
      org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.11.target
  11. 10
      org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.12-staging.target
  12. 10
      org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.6.target
  13. 10
      org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.7.target
  14. 10
      org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.8.target
  15. 21
      org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.9.target
  16. 8
      org.eclipse.jgit.packaging/org.eclipse.jgit.target/orbit/S20190501151401.tpd
  17. 2
      org.eclipse.jgit.ssh.apache.test/BUILD
  18. 2
      org.eclipse.jgit.ssh.apache/BUILD
  19. 81
      org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF
  20. 2
      org.eclipse.jgit.ssh.apache/pom.xml
  21. 87
      org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/CachingKeyPairProvider.java
  22. 158
      org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/EncryptedFileKeyPairProvider.java
  23. 6
      org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitClientSession.java
  24. 17
      org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitHostConfigEntry.java
  25. 83
      org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPublicKeyAuthFactory.java
  26. 103
      org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPublicKeyAuthentication.java
  27. 275
      org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPublicKeyIterator.java
  28. 57
      org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshClient.java
  29. 5
      org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshConfig.java
  30. 2
      org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/OpenSshServerKeyVerifier.java
  31. 20
      org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/PasswordProviderWrapper.java
  32. 41
      org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/RepeatingFilePasswordProvider.java
  33. 25
      org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSessionFactory.java
  34. 2
      org.eclipse.jgit.test/BUILD
  35. 2
      org.eclipse.jgit.test/tests.bzl
  36. 2
      pom.xml

10
WORKSPACE

@ -59,15 +59,15 @@ maven_jar(
)
maven_jar(
name = "sshd-core",
artifact = "org.apache.sshd:sshd-core:2.0.0",
sha1 = "f4275079a2463cfd2bf1548a80e1683288a8e86b",
name = "sshd-osgi",
artifact = "org.apache.sshd:sshd-osgi:2.2.0",
sha1 = "a45d48cb53678e699816e8e054e55fa33f5a4558",
)
maven_jar(
name = "sshd-sftp",
artifact = "org.apache.sshd:sshd-sftp:2.0.0",
sha1 = "a12d64dc2d5d23271a4dc58075e55f9c64a68494",
artifact = "org.apache.sshd:sshd-sftp:2.2.0",
sha1 = "3d011e00adf38e49bb8711a9dd762fe908a2170c",
)
maven_jar(

4
lib/BUILD

@ -68,14 +68,14 @@ java_library(
)
java_library(
name = "sshd-core",
name = "sshd-osgi",
visibility = [
"//org.eclipse.jgit.junit.ssh:__pkg__",
"//org.eclipse.jgit.ssh.apache:__pkg__",
"//org.eclipse.jgit.ssh.apache.test:__pkg__",
"//org.eclipse.jgit.test:__pkg__",
],
exports = ["@sshd-core//jar"],
exports = ["@sshd-osgi//jar"],
)
java_library(

2
org.eclipse.jgit.junit.ssh/BUILD

@ -7,7 +7,7 @@ java_library(
resource_strip_prefix = "org.eclipse.jgit.junit.ssh/resources",
resources = glob(["resources/**"]),
deps = [
"//lib:sshd-core",
"//lib:sshd-osgi",
"//lib:sshd-sftp",
# We want these deps to be provided_deps
"//org.eclipse.jgit:jgit",

43
org.eclipse.jgit.junit.ssh/META-INF/MANIFEST.MF

@ -8,27 +8,28 @@ Bundle-Localization: plugin
Bundle-Vendor: %provider_name
Bundle-ActivationPolicy: lazy
Bundle-RequiredExecutionEnvironment: JavaSE-1.8
Import-Package: org.apache.sshd.common;version="[2.0.0,2.1.0)",
org.apache.sshd.common.config.keys;version="[2.0.0,2.1.0)",
org.apache.sshd.common.file.virtualfs;version="[2.0.0,2.1.0)",
org.apache.sshd.common.helpers;version="[2.0.0,2.1.0)",
org.apache.sshd.common.io;version="[2.0.0,2.1.0)",
org.apache.sshd.common.kex;version="[2.0.0,2.1.0)",
org.apache.sshd.common.keyprovider;version="[2.0.0,2.1.0)",
org.apache.sshd.common.session;version="[2.0.0,2.1.0)",
org.apache.sshd.common.util.buffer;version="[2.0.0,2.1.0)",
org.apache.sshd.common.util.logging;version="[2.0.0,2.1.0)",
org.apache.sshd.common.util.security;version="[2.0.0,2.1.0)",
org.apache.sshd.server;version="[2.0.0,2.1.0)",
org.apache.sshd.server.auth;version="[2.0.0,2.1.0)",
org.apache.sshd.server.auth.gss;version="[2.0.0,2.1.0)",
org.apache.sshd.server.auth.keyboard;version="[2.0.0,2.1.0)",
org.apache.sshd.server.auth.password;version="[2.0.0,2.1.0)",
org.apache.sshd.server.command;version="[2.0.0,2.1.0)",
org.apache.sshd.server.session;version="[2.0.0,2.1.0)",
org.apache.sshd.server.shell;version="[2.0.0,2.1.0)",
org.apache.sshd.server.subsystem;version="[2.0.0,2.1.0)",
org.apache.sshd.server.subsystem.sftp;version="[2.0.0,2.1.0)",
Import-Package: org.apache.sshd.common;version="[2.2.0,2.3.0)",
org.apache.sshd.common.config.keys;version="[2.2.0,2.3.0)",
org.apache.sshd.common.file.virtualfs;version="[2.2.0,2.3.0)",
org.apache.sshd.common.helpers;version="[2.2.0,2.3.0)",
org.apache.sshd.common.io;version="[2.2.0,2.3.0)",
org.apache.sshd.common.kex;version="[2.2.0,2.3.0)",
org.apache.sshd.common.keyprovider;version="[2.2.0,2.3.0)",
org.apache.sshd.common.session;version="[2.2.0,2.3.0)",
org.apache.sshd.common.util.buffer;version="[2.2.0,2.3.0)",
org.apache.sshd.common.util.logging;version="[2.2.0,2.3.0)",
org.apache.sshd.common.util.security;version="[2.2.0,2.3.0)",
org.apache.sshd.common.util.threads;version="[2.2.0,2.3.0)",
org.apache.sshd.server;version="[2.2.0,2.3.0)",
org.apache.sshd.server.auth;version="[2.2.0,2.3.0)",
org.apache.sshd.server.auth.gss;version="[2.2.0,2.3.0)",
org.apache.sshd.server.auth.keyboard;version="[2.2.0,2.3.0)",
org.apache.sshd.server.auth.password;version="[2.2.0,2.3.0)",
org.apache.sshd.server.command;version="[2.2.0,2.3.0)",
org.apache.sshd.server.session;version="[2.2.0,2.3.0)",
org.apache.sshd.server.shell;version="[2.2.0,2.3.0)",
org.apache.sshd.server.subsystem;version="[2.2.0,2.3.0)",
org.apache.sshd.server.subsystem.sftp;version="[2.2.0,2.3.0)",
org.eclipse.jgit.annotations;version="[5.4.0,5.5.0)",
org.eclipse.jgit.lib;version="[5.4.0,5.5.0)",
org.eclipse.jgit.transport;version="[5.4.0,5.5.0)",

2
org.eclipse.jgit.junit.ssh/pom.xml

@ -74,7 +74,7 @@
<dependency>
<groupId>org.apache.sshd</groupId>
<artifactId>sshd-core</artifactId>
<artifactId>sshd-osgi</artifactId>
<version>${apache-sshd-version}</version>
</dependency>

30
org.eclipse.jgit.junit.ssh/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java

@ -55,10 +55,9 @@ import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Locale;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import org.apache.sshd.common.NamedFactory;
import org.apache.sshd.common.NamedResource;
import org.apache.sshd.common.SshConstants;
import org.apache.sshd.common.config.keys.AuthorizedKeyEntry;
import org.apache.sshd.common.config.keys.KeyUtils;
@ -67,6 +66,8 @@ import org.apache.sshd.common.file.virtualfs.VirtualFileSystemFactory;
import org.apache.sshd.common.session.Session;
import org.apache.sshd.common.util.buffer.Buffer;
import org.apache.sshd.common.util.security.SecurityUtils;
import org.apache.sshd.common.util.threads.CloseableExecutorService;
import org.apache.sshd.common.util.threads.ThreadUtils;
import org.apache.sshd.server.ServerAuthenticationManager;
import org.apache.sshd.server.SshServer;
import org.apache.sshd.server.auth.UserAuth;
@ -110,8 +111,8 @@ public class SshTestGitServer {
@NonNull
protected PublicKey testKey;
private final ExecutorService executorService = Executors
.newFixedThreadPool(2);
private final CloseableExecutorService executorService = ThreadUtils
.newFixedThreadPool("SshTestGitServerPool", 2);
/**
* Creates a ssh git <em>test</em> server. It serves one single repository,
@ -138,11 +139,12 @@ public class SshTestGitServer {
server = SshServer.setUpDefaultServer();
// Set host key
try (ByteArrayInputStream in = new ByteArrayInputStream(hostKey)) {
hostKeys.add(SecurityUtils.loadKeyPairIdentity("", in, null));
SecurityUtils.loadKeyPairIdentities(null, null, in, null)
.forEach((k) -> hostKeys.add(k));
} catch (IOException | GeneralSecurityException e) {
// Ignore.
}
server.setKeyPairProvider(() -> hostKeys);
server.setKeyPairProvider((session) -> hostKeys);
configureAuthentication();
@ -276,8 +278,10 @@ public class SshTestGitServer {
public void addHostKey(@NonNull Path key, boolean inFront)
throws IOException, GeneralSecurityException {
try (InputStream in = Files.newInputStream(key)) {
KeyPair pair = SecurityUtils.loadKeyPairIdentity(key.toString(), in,
null);
KeyPair pair = SecurityUtils
.loadKeyPairIdentities(null,
NamedResource.ofName(key.toString()), in, null)
.iterator().next();
if (inFront) {
hostKeys.add(0, pair);
} else {
@ -335,14 +339,14 @@ public class SshTestGitServer {
public void setTestUserPublicKey(Path key)
throws IOException, GeneralSecurityException {
this.testKey = AuthorizedKeyEntry.readAuthorizedKeys(key).get(0)
.resolvePublicKey(PublicKeyEntryResolver.IGNORING);
.resolvePublicKey(null, PublicKeyEntryResolver.IGNORING);
}
private class GitUploadPackCommand extends AbstractCommandSupport {
protected GitUploadPackCommand(String command,
ExecutorService executorService) {
super(command, executorService, false);
CloseableExecutorService executorService) {
super(command, ThreadUtils.noClose(executorService));
}
@Override
@ -370,8 +374,8 @@ public class SshTestGitServer {
private class GitReceivePackCommand extends AbstractCommandSupport {
protected GitReceivePackCommand(String command,
ExecutorService executorService) {
super(command, executorService, false);
CloseableExecutorService executorService) {
super(command, ThreadUtils.noClose(executorService));
}
@Override

2
org.eclipse.jgit.packaging/org.eclipse.jgit.junit.feature/feature.xml

@ -63,7 +63,7 @@
unpack="false"/>
<plugin
id="org.apache.sshd.core"
id="org.apache.sshd.osgi"
download-size="0"
install-size="0"
version="0.0.0"

2
org.eclipse.jgit.packaging/org.eclipse.jgit.ssh.apache.feature/feature.xml

@ -34,7 +34,7 @@
unpack="false"/>
<plugin
id="org.apache.sshd.core"
id="org.apache.sshd.osgi"
download-size="0"
install-size="0"
version="0.0.0"

10
org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.10.target

@ -1,4 +1,4 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?><?pde?><!-- generated with https://github.com/eclipse-cbi/targetplatform-dsl --><target name="jgit-4.10" sequenceNumber="1557147616">
<?xml version="1.0" encoding="UTF-8" standalone="no"?><?pde?><!-- generated with https://github.com/eclipse-cbi/targetplatform-dsl --><target name="jgit-4.10" sequenceNumber="1557148658">
<locations>
<location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit">
<unit id="org.eclipse.jetty.client" version="9.4.14.v20181114"/>
@ -75,10 +75,10 @@
<unit id="com.jcraft.jzlib.source" version="1.1.1.v201205102305"/>
<unit id="net.i2p.crypto.eddsa" version="0.3.0.v20181102-1323"/>
<unit id="net.i2p.crypto.eddsa.source" version="0.3.0.v20181102-1323"/>
<unit id="org.apache.sshd.core" version="2.0.0.v20181102-1323"/>
<unit id="org.apache.sshd.core.source" version="2.0.0.v20181102-1323"/>
<unit id="org.apache.sshd.sftp" version="2.0.0.v20181102-1323"/>
<unit id="org.apache.sshd.sftp.source" version="2.0.0.v20181102-1323"/>
<unit id="org.apache.sshd.osgi" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.osgi.source" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.sftp" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.sftp.source" version="2.2.0.v20190425-2127"/>
<repository location="http://download.eclipse.org/tools/orbit/downloads/drops/S20190501151401/repository"/>
</location>
<location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit">

10
org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.11.target

@ -1,4 +1,4 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?><?pde?><!-- generated with https://github.com/eclipse-cbi/targetplatform-dsl --><target name="jgit-4.11" sequenceNumber="1557147626">
<?xml version="1.0" encoding="UTF-8" standalone="no"?><?pde?><!-- generated with https://github.com/eclipse-cbi/targetplatform-dsl --><target name="jgit-4.11" sequenceNumber="1557148673">
<locations>
<location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit">
<unit id="org.eclipse.jetty.client" version="9.4.14.v20181114"/>
@ -75,10 +75,10 @@
<unit id="com.jcraft.jzlib.source" version="1.1.1.v201205102305"/>
<unit id="net.i2p.crypto.eddsa" version="0.3.0.v20181102-1323"/>
<unit id="net.i2p.crypto.eddsa.source" version="0.3.0.v20181102-1323"/>
<unit id="org.apache.sshd.core" version="2.0.0.v20181102-1323"/>
<unit id="org.apache.sshd.core.source" version="2.0.0.v20181102-1323"/>
<unit id="org.apache.sshd.sftp" version="2.0.0.v20181102-1323"/>
<unit id="org.apache.sshd.sftp.source" version="2.0.0.v20181102-1323"/>
<unit id="org.apache.sshd.osgi" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.osgi.source" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.sftp" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.sftp.source" version="2.2.0.v20190425-2127"/>
<repository location="http://download.eclipse.org/tools/orbit/downloads/drops/S20190501151401/repository"/>
</location>
<location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit">

10
org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.12-staging.target

@ -1,4 +1,4 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?><?pde?><!-- generated with https://github.com/eclipse-cbi/targetplatform-dsl --><target name="jgit-4.12-staging" sequenceNumber="1557147634">
<?xml version="1.0" encoding="UTF-8" standalone="no"?><?pde?><!-- generated with https://github.com/eclipse-cbi/targetplatform-dsl --><target name="jgit-4.12-staging" sequenceNumber="1557148680">
<locations>
<location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit">
<unit id="org.eclipse.jetty.client" version="9.4.14.v20181114"/>
@ -75,10 +75,10 @@
<unit id="com.jcraft.jzlib.source" version="1.1.1.v201205102305"/>
<unit id="net.i2p.crypto.eddsa" version="0.3.0.v20181102-1323"/>
<unit id="net.i2p.crypto.eddsa.source" version="0.3.0.v20181102-1323"/>
<unit id="org.apache.sshd.core" version="2.0.0.v20181102-1323"/>
<unit id="org.apache.sshd.core.source" version="2.0.0.v20181102-1323"/>
<unit id="org.apache.sshd.sftp" version="2.0.0.v20181102-1323"/>
<unit id="org.apache.sshd.sftp.source" version="2.0.0.v20181102-1323"/>
<unit id="org.apache.sshd.osgi" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.osgi.source" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.sftp" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.sftp.source" version="2.2.0.v20190425-2127"/>
<repository location="http://download.eclipse.org/tools/orbit/downloads/drops/S20190501151401/repository"/>
</location>
<location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit">

10
org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.6.target

@ -1,4 +1,4 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?><?pde?><!-- generated with https://github.com/eclipse-cbi/targetplatform-dsl --><target name="jgit-4.6" sequenceNumber="1557147672">
<?xml version="1.0" encoding="UTF-8" standalone="no"?><?pde?><!-- generated with https://github.com/eclipse-cbi/targetplatform-dsl --><target name="jgit-4.6" sequenceNumber="1557148684">
<locations>
<location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit">
<unit id="org.eclipse.jetty.client" version="9.4.14.v20181114"/>
@ -75,10 +75,10 @@
<unit id="com.jcraft.jzlib.source" version="1.1.1.v201205102305"/>
<unit id="net.i2p.crypto.eddsa" version="0.3.0.v20181102-1323"/>
<unit id="net.i2p.crypto.eddsa.source" version="0.3.0.v20181102-1323"/>
<unit id="org.apache.sshd.core" version="2.0.0.v20181102-1323"/>
<unit id="org.apache.sshd.core.source" version="2.0.0.v20181102-1323"/>
<unit id="org.apache.sshd.sftp" version="2.0.0.v20181102-1323"/>
<unit id="org.apache.sshd.sftp.source" version="2.0.0.v20181102-1323"/>
<unit id="org.apache.sshd.osgi" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.osgi.source" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.sftp" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.sftp.source" version="2.2.0.v20190425-2127"/>
<repository location="http://download.eclipse.org/tools/orbit/downloads/drops/S20190501151401/repository"/>
</location>
<location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit">

10
org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.7.target

@ -1,4 +1,4 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?><?pde?><!-- generated with https://github.com/eclipse-cbi/targetplatform-dsl --><target name="jgit-4.7" sequenceNumber="1557147667">
<?xml version="1.0" encoding="UTF-8" standalone="no"?><?pde?><!-- generated with https://github.com/eclipse-cbi/targetplatform-dsl --><target name="jgit-4.7" sequenceNumber="1557148689">
<locations>
<location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit">
<unit id="org.eclipse.jetty.client" version="9.4.14.v20181114"/>
@ -75,10 +75,10 @@
<unit id="com.jcraft.jzlib.source" version="1.1.1.v201205102305"/>
<unit id="net.i2p.crypto.eddsa" version="0.3.0.v20181102-1323"/>
<unit id="net.i2p.crypto.eddsa.source" version="0.3.0.v20181102-1323"/>
<unit id="org.apache.sshd.core" version="2.0.0.v20181102-1323"/>
<unit id="org.apache.sshd.core.source" version="2.0.0.v20181102-1323"/>
<unit id="org.apache.sshd.sftp" version="2.0.0.v20181102-1323"/>
<unit id="org.apache.sshd.sftp.source" version="2.0.0.v20181102-1323"/>
<unit id="org.apache.sshd.osgi" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.osgi.source" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.sftp" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.sftp.source" version="2.2.0.v20190425-2127"/>
<repository location="http://download.eclipse.org/tools/orbit/downloads/drops/S20190501151401/repository"/>
</location>
<location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit">

10
org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.8.target

@ -1,4 +1,4 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?><?pde?><!-- generated with https://github.com/eclipse-cbi/targetplatform-dsl --><target name="jgit-4.8" sequenceNumber="1557147665">
<?xml version="1.0" encoding="UTF-8" standalone="no"?><?pde?><!-- generated with https://github.com/eclipse-cbi/targetplatform-dsl --><target name="jgit-4.8" sequenceNumber="1557148692">
<locations>
<location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit">
<unit id="org.eclipse.jetty.client" version="9.4.14.v20181114"/>
@ -75,10 +75,10 @@
<unit id="com.jcraft.jzlib.source" version="1.1.1.v201205102305"/>
<unit id="net.i2p.crypto.eddsa" version="0.3.0.v20181102-1323"/>
<unit id="net.i2p.crypto.eddsa.source" version="0.3.0.v20181102-1323"/>
<unit id="org.apache.sshd.core" version="2.0.0.v20181102-1323"/>
<unit id="org.apache.sshd.core.source" version="2.0.0.v20181102-1323"/>
<unit id="org.apache.sshd.sftp" version="2.0.0.v20181102-1323"/>
<unit id="org.apache.sshd.sftp.source" version="2.0.0.v20181102-1323"/>
<unit id="org.apache.sshd.osgi" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.osgi.source" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.sftp" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.sftp.source" version="2.2.0.v20190425-2127"/>
<repository location="http://download.eclipse.org/tools/orbit/downloads/drops/S20190501151401/repository"/>
</location>
<location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit">

21
org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.9.target

@ -1,9 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<?pde?>
<!-- generated with https://github.com/eclipse-cbi/targetplatform-dsl -->
<target name="jgit-4.9" sequenceNumber="1557147670">
<?xml version="1.0" encoding="UTF-8" standalone="no"?><?pde?><!-- generated with https://github.com/eclipse-cbi/targetplatform-dsl --><target name="jgit-4.9" sequenceNumber="1557148695">
<locations>
<location includeMode="slicer" includeAllPlatforms="false" includeSource="true" includeConfigurePhase="true" type="InstallableUnit">
<location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit">
<unit id="org.eclipse.jetty.client" version="9.4.14.v20181114"/>
<unit id="org.eclipse.jetty.client.source" version="9.4.14.v20181114"/>
<unit id="org.eclipse.jetty.continuation" version="9.4.14.v20181114"/>
@ -22,7 +19,7 @@
<unit id="org.eclipse.jetty.util.source" version="9.4.14.v20181114"/>
<repository id="jetty-9.4.14" location="http://download.eclipse.org/jetty/updates/jetty-bundles-9.x/9.4.14.v20181114"/>
</location>
<location includeMode="slicer" includeAllPlatforms="false" includeSource="true" includeConfigurePhase="true" type="InstallableUnit">
<location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit">
<unit id="org.apache.ant" version="1.10.5.v20180808-0324"/>
<unit id="org.apache.ant.source" version="1.10.5.v20180808-0324"/>
<unit id="org.apache.commons.codec" version="1.10.0.v20180409-1845"/>
@ -78,15 +75,15 @@
<unit id="com.jcraft.jzlib.source" version="1.1.1.v201205102305"/>
<unit id="net.i2p.crypto.eddsa" version="0.3.0.v20181102-1323"/>
<unit id="net.i2p.crypto.eddsa.source" version="0.3.0.v20181102-1323"/>
<unit id="org.apache.sshd.core" version="2.0.0.v20181102-1323"/>
<unit id="org.apache.sshd.core.source" version="2.0.0.v20181102-1323"/>
<unit id="org.apache.sshd.sftp" version="2.0.0.v20181102-1323"/>
<unit id="org.apache.sshd.sftp.source" version="2.0.0.v20181102-1323"/>
<unit id="org.apache.sshd.osgi" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.osgi.source" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.sftp" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.sftp.source" version="2.2.0.v20190425-2127"/>
<repository location="http://download.eclipse.org/tools/orbit/downloads/drops/S20190501151401/repository"/>
</location>
<location includeMode="slicer" includeAllPlatforms="false" includeSource="true" includeConfigurePhase="true" type="InstallableUnit">
<location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit">
<unit id="org.eclipse.osgi" version="0.0.0"/>
<repository location="http://download.eclipse.org/releases/2018-09/"/>
</location>
</locations>
</target>
</target>

8
org.eclipse.jgit.packaging/org.eclipse.jgit.target/orbit/S20190501151401.tpd

@ -57,8 +57,8 @@ location "http://download.eclipse.org/tools/orbit/downloads/drops/S2019050115140
com.jcraft.jzlib.source [1.1.1.v201205102305,1.1.1.v201205102305]
net.i2p.crypto.eddsa [0.3.0.v20181102-1323,0.3.0.v20181102-1323]
net.i2p.crypto.eddsa.source [0.3.0.v20181102-1323,0.3.0.v20181102-1323]
org.apache.sshd.core [2.0.0.v20181102-1323,2.0.0.v20181102-1323]
org.apache.sshd.core.source [2.0.0.v20181102-1323,2.0.0.v20181102-1323]
org.apache.sshd.sftp [2.0.0.v20181102-1323,2.0.0.v20181102-1323]
org.apache.sshd.sftp.source [2.0.0.v20181102-1323,2.0.0.v20181102-1323]
org.apache.sshd.osgi [2.2.0.v20190425-2127,2.2.0.v20190425-2127]
org.apache.sshd.osgi.source [2.2.0.v20190425-2127,2.2.0.v20190425-2127]
org.apache.sshd.sftp [2.2.0.v20190425-2127,2.2.0.v20190425-2127]
org.apache.sshd.sftp.source [2.2.0.v20190425-2127,2.2.0.v20190425-2127]
}

2
org.eclipse.jgit.ssh.apache.test/BUILD

@ -10,7 +10,7 @@ junit_tests(
deps = [
"//lib:eddsa",
"//lib:junit",
"//lib:sshd-core",
"//lib:sshd-osgi",
"//lib:sshd-sftp",
"//org.eclipse.jgit:jgit",
"//org.eclipse.jgit.ssh.apache:ssh-apache",

2
org.eclipse.jgit.ssh.apache/BUILD

@ -12,7 +12,7 @@ java_library(
deps = [
"//lib:eddsa",
"//lib:slf4j-api",
"//lib:sshd-core",
"//lib:sshd-osgi",
"//lib:sshd-sftp",
"//org.eclipse.jgit:jgit",
],

81
org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF

@ -32,46 +32,47 @@ Export-Package: org.eclipse.jgit.internal.transport.sshd;version="5.4.0";x-inter
org.apache.sshd.client.session,
org.apache.sshd.client.keyverifier"
Import-Package: net.i2p.crypto.eddsa;version="[0.3.0,0.4.0)",
org.apache.sshd.agent;version="[2.0.0,2.1.0)",
org.apache.sshd.client;version="[2.0.0,2.1.0)",
org.apache.sshd.client.auth;version="[2.0.0,2.1.0)",
org.apache.sshd.client.auth.keyboard;version="[2.0.0,2.1.0)",
org.apache.sshd.client.auth.password;version="[2.0.0,2.1.0)",
org.apache.sshd.client.auth.pubkey;version="[2.0.0,2.1.0)",
org.apache.sshd.client.channel;version="[2.0.0,2.1.0)",
org.apache.sshd.client.config.hosts;version="[2.0.0,2.1.0)",
org.apache.sshd.client.config.keys;version="[2.0.0,2.1.0)",
org.apache.sshd.client.future;version="[2.0.0,2.1.0)",
org.apache.sshd.client.keyverifier;version="[2.0.0,2.1.0)",
org.apache.sshd.client.session;version="[2.0.0,2.1.0)",
org.apache.sshd.client.subsystem.sftp;version="[2.0.0,2.1.0)",
org.apache.sshd.common;version="[2.0.0,2.1.0)",
org.apache.sshd.common.auth;version="[2.0.0,2.1.0)",
org.apache.sshd.common.channel;version="[2.0.0,2.1.0)",
org.apache.sshd.common.compression;version="[2.0.0,2.1.0)",
org.apache.sshd.common.config.keys;version="[2.0.0,2.1.0)",
org.apache.sshd.common.config.keys.loader;version="[2.0.0,2.1.0)",
org.apache.sshd.common.digest;version="[2.0.0,2.1.0)",
org.apache.sshd.common.forward;version="[2.0.0,2.1.0)",
org.apache.sshd.common.future;version="[2.0.0,2.1.0)",
org.apache.sshd.common.helpers;version="[2.0.0,2.1.0)",
org.apache.sshd.common.io;version="[2.0.0,2.1.0)",
org.apache.sshd.common.kex;version="[2.0.0,2.1.0)",
org.apache.sshd.common.keyprovider;version="[2.0.0,2.1.0)",
org.apache.sshd.common.mac;version="[2.0.0,2.1.0)",
org.apache.sshd.common.random;version="[2.0.0,2.1.0)",
org.apache.sshd.common.session;version="[2.0.0,2.1.0)",
org.apache.sshd.common.session.helpers;version="[2.0.0,2.1.0)",
org.apache.sshd.common.signature;version="[2.0.0,2.1.0)",
org.apache.sshd.common.subsystem.sftp;version="[2.0.0,2.1.0)",
org.apache.sshd.common.util;version="[2.0.0,2.1.0)",
org.apache.sshd.common.util.buffer;version="[2.0.0,2.1.0)",
org.apache.sshd.common.util.closeable;version="[2.0.0,2.1.0)",
org.apache.sshd.common.util.io;version="[2.0.0,2.1.0)",
org.apache.sshd.common.util.logging;version="[2.0.0,2.1.0)",
org.apache.sshd.common.util.net;version="[2.0.0,2.1.0)",
org.apache.sshd.common.util.security;version="[2.0.0,2.1.0)",
org.apache.sshd.server.auth;version="[2.0.0,2.1.0)",
org.apache.sshd.agent;version="[2.2.0,2.3.0)",
org.apache.sshd.client;version="[2.2.0,2.3.0)",
org.apache.sshd.client.auth;version="[2.2.0,2.3.0)",
org.apache.sshd.client.auth.keyboard;version="[2.2.0,2.3.0)",
org.apache.sshd.client.auth.password;version="[2.2.0,2.3.0)",
org.apache.sshd.client.auth.pubkey;version="[2.2.0,2.3.0)",
org.apache.sshd.client.channel;version="[2.2.0,2.3.0)",
org.apache.sshd.client.config.hosts;version="[2.2.0,2.3.0)",
org.apache.sshd.client.config.keys;version="[2.2.0,2.3.0)",
org.apache.sshd.client.future;version="[2.2.0,2.3.0)",
org.apache.sshd.client.keyverifier;version="[2.2.0,2.3.0)",
org.apache.sshd.client.session;version="[2.2.0,2.3.0)",
org.apache.sshd.client.subsystem.sftp;version="[2.2.0,2.3.0)",
org.apache.sshd.common;version="[2.2.0,2.3.0)",
org.apache.sshd.common.auth;version="[2.2.0,2.3.0)",
org.apache.sshd.common.channel;version="[2.2.0,2.3.0)",
org.apache.sshd.common.compression;version="[2.2.0,2.3.0)",
org.apache.sshd.common.config.keys;version="[2.2.0,2.3.0)",
org.apache.sshd.common.config.keys.loader;version="[2.2.0,2.3.0)",
org.apache.sshd.common.digest;version="[2.2.0,2.3.0)",
org.apache.sshd.common.forward;version="[2.2.0,2.3.0)",
org.apache.sshd.common.future;version="[2.2.0,2.3.0)",
org.apache.sshd.common.helpers;version="[2.2.0,2.3.0)",
org.apache.sshd.common.io;version="[2.2.0,2.3.0)",
org.apache.sshd.common.kex;version="[2.2.0,2.3.0)",
org.apache.sshd.common.keyprovider;version="[2.2.0,2.3.0)",
org.apache.sshd.common.mac;version="[2.2.0,2.3.0)",
org.apache.sshd.common.random;version="[2.2.0,2.3.0)",
org.apache.sshd.common.session;version="[2.2.0,2.3.0)",
org.apache.sshd.common.session.helpers;version="[2.2.0,2.3.0)",
org.apache.sshd.common.signature;version="[2.2.0,2.3.0)",
org.apache.sshd.common.subsystem.sftp;version="[2.2.0,2.3.0)",
org.apache.sshd.common.util;version="[2.2.0,2.3.0)",
org.apache.sshd.common.util.buffer;version="[2.2.0,2.3.0)",
org.apache.sshd.common.util.closeable;version="[2.2.0,2.3.0)",
org.apache.sshd.common.util.io;version="[2.2.0,2.3.0)",
org.apache.sshd.common.util.io.resource;version="[2.2.0,2.3.0)",
org.apache.sshd.common.util.logging;version="[2.2.0,2.3.0)",
org.apache.sshd.common.util.net;version="[2.2.0,2.3.0)",
org.apache.sshd.common.util.security;version="[2.2.0,2.3.0)",
org.apache.sshd.server.auth;version="[2.2.0,2.3.0)",
org.eclipse.jgit.annotations;version="[5.4.0,5.5.0)",
org.eclipse.jgit.errors;version="[5.4.0,5.5.0)",
org.eclipse.jgit.fnmatch;version="[5.4.0,5.5.0)",

2
org.eclipse.jgit.ssh.apache/pom.xml

@ -75,7 +75,7 @@
<dependency>
<groupId>org.apache.sshd</groupId>
<artifactId>sshd-core</artifactId>
<artifactId>sshd-osgi</artifactId>
<version>${apache-sshd-version}</version>
</dependency>

87
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/CachingKeyPairProvider.java

@ -45,10 +45,13 @@ package org.eclipse.jgit.internal.transport.sshd;
import static java.text.MessageFormat.format;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
@ -57,13 +60,20 @@ import java.util.List;
import java.util.NoSuchElementException;
import java.util.concurrent.CancellationException;
import javax.security.auth.DestroyFailedException;
import org.apache.sshd.common.NamedResource;
import org.apache.sshd.common.config.keys.FilePasswordProvider;
import org.apache.sshd.common.keyprovider.FileKeyPairProvider;
import org.apache.sshd.common.session.SessionContext;
import org.apache.sshd.common.util.io.resource.IoResource;
import org.apache.sshd.common.util.security.SecurityUtils;
import org.eclipse.jgit.transport.sshd.KeyCache;
/**
* A {@link EncryptedFileKeyPairProvider} that uses an external
* {@link KeyCache}.
* A {@link FileKeyPairProvider} that uses an external {@link KeyCache}.
*/
public class CachingKeyPairProvider extends EncryptedFileKeyPairProvider
public class CachingKeyPairProvider extends FileKeyPairProvider
implements Iterable<KeyPair> {
private final KeyCache cache;
@ -71,7 +81,7 @@ public class CachingKeyPairProvider extends EncryptedFileKeyPairProvider
/**
* Creates a new {@link CachingKeyPairProvider} using the given
* {@link KeyCache}. If the cache is {@code null}, this is a simple
* {@link EncryptedFileKeyPairProvider}.
* {@link FileKeyPairProvider}.
*
* @param paths
* to load keys from
@ -85,36 +95,36 @@ public class CachingKeyPairProvider extends EncryptedFileKeyPairProvider
@Override
public Iterator<KeyPair> iterator() {
return iterator(null);
}
private Iterator<KeyPair> iterator(SessionContext session) {
Collection<? extends Path> resources = getPaths();
if (resources.isEmpty()) {
return Collections.emptyListIterator();
}
return new CancellingKeyPairIterator(resources);
return new CancellingKeyPairIterator(session, resources);
}
@Override
public Iterable<KeyPair> loadKeys() {
return this;
public Iterable<KeyPair> loadKeys(SessionContext session) {
return () -> iterator(session);
}
@Override
protected KeyPair doLoadKey(Path resource)
private KeyPair loadKey(SessionContext session, Path path)
throws IOException, GeneralSecurityException {
if (!Files.exists(resource)) {
log.warn(format(SshdText.get().identityFileNotFound, resource));
if (!Files.exists(path)) {
log.warn(format(SshdText.get().identityFileNotFound, path));
return null;
}
// By calling doLoadKey(String, Path, FilePasswordProvider) instead of
// super.doLoadKey(Path) we can bypass the key caching in
// AbstractResourceKeyPairProvider, over which we have no real control.
String resourceId = resource.toString();
IoResource<Path> resource = getIoResource(session, path);
if (cache == null) {
return doLoadKey(resourceId, resource, getPasswordFinder());
return loadKey(session, resource, path, getPasswordFinder());
}
Throwable t[] = { null };
KeyPair key = cache.get(resource, p -> {
KeyPair key = cache.get(path, p -> {
try {
return doLoadKey(resourceId, p, getPasswordFinder());
return loadKey(session, resource, p, getPasswordFinder());
} catch (IOException | GeneralSecurityException e) {
t[0] = e;
return null;
@ -130,18 +140,55 @@ public class CachingKeyPairProvider extends EncryptedFileKeyPairProvider
return key;
}
private KeyPair loadKey(SessionContext session, NamedResource resource,
Path path, FilePasswordProvider passwordProvider)
throws IOException, GeneralSecurityException {
try (InputStream stream = Files.newInputStream(path)) {
Iterable<KeyPair> ids = SecurityUtils.loadKeyPairIdentities(session,
resource, stream, passwordProvider);
if (ids == null) {
throw new InvalidKeyException(
format(SshdText.get().identityFileNoKey, path));
}
Iterator<KeyPair> keys = ids.iterator();
if (!keys.hasNext()) {
throw new InvalidKeyException(format(
SshdText.get().identityFileUnsupportedFormat, path));
}
KeyPair result = keys.next();
if (keys.hasNext()) {
log.warn(format(SshdText.get().identityFileMultipleKeys, path));
keys.forEachRemaining(k -> {
PrivateKey pk = k.getPrivate();
if (pk != null) {
try {
pk.destroy();
} catch (DestroyFailedException e) {
// Ignore
}
}
});
}
return result;
}
}
private class CancellingKeyPairIterator implements Iterator<KeyPair> {
private final SessionContext context;
private final Iterator<Path> paths;
private KeyPair nextItem;
private boolean nextSet;
public CancellingKeyPairIterator(Collection<? extends Path> resources) {
public CancellingKeyPairIterator(SessionContext session,
Collection<? extends Path> resources) {
List<Path> copy = new ArrayList<>(resources.size());
copy.addAll(resources);
paths = copy.iterator();
context = session;
}
@Override
@ -152,7 +199,7 @@ public class CachingKeyPairProvider extends EncryptedFileKeyPairProvider
nextSet = true;
while (nextItem == null && paths.hasNext()) {
try {
nextItem = doLoadKey(paths.next());
nextItem = loadKey(context, paths.next());
} catch (CancellationException cancelled) {
throw cancelled;
} catch (Exception other) {

158
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/EncryptedFileKeyPairProvider.java

@ -1,158 +0,0 @@
/*
* Copyright (C) 2018, Thomas Wolf <thomas.wolf@paranor.ch>
* and other copyright owners as documented in the project's IP log.
*
* This program and the accompanying materials are made available
* under the terms of the Eclipse Distribution License v1.0 which
* accompanies this distribution, is reproduced below, and is
* available at http://www.eclipse.org/org/documents/edl-v10.php
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or
* without modification, are permitted provided that the following
* conditions are met:
*
* - Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* - Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* - Neither the name of the Eclipse Foundation, Inc. nor the
* names of its contributors may be used to endorse or promote
* products derived from this software without specific prior
* written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package org.eclipse.jgit.internal.transport.sshd;
import static java.text.MessageFormat.format;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.DestroyFailedException;
import org.apache.sshd.common.config.keys.FilePasswordProvider;
import org.apache.sshd.common.config.keys.loader.KeyPairResourceParser;
import org.apache.sshd.common.keyprovider.FileKeyPairProvider;
import org.apache.sshd.common.util.io.IoUtils;
import org.apache.sshd.common.util.security.SecurityUtils;
import org.eclipse.jgit.internal.transport.sshd.RepeatingFilePasswordProvider.ResourceDecodeResult;
/**
* A {@link FileKeyPairProvider} that asks repeatedly for a passphrase for an
* encrypted private key if the {@link FilePasswordProvider} is a
* {@link RepeatingFilePasswordProvider}.
*/
public abstract class EncryptedFileKeyPairProvider extends FileKeyPairProvider {
// TODO: remove this class once we're based on sshd > 2.1.0. See upstream
// issue SSHD-850 https://issues.apache.org/jira/browse/SSHD-850 and commit
// https://github.com/apache/mina-sshd/commit/f19bd2e34
/**
* Creates a new {@link EncryptedFileKeyPairProvider} for the given
* {@link Path}s.
*
* @param paths
* to read keys from
*/
public EncryptedFileKeyPairProvider(List<Path> paths) {
super(paths);
}
@Override
protected KeyPair doLoadKey(String resourceKey, InputStream inputStream,
FilePasswordProvider provider)
throws IOException, GeneralSecurityException {
if (!(provider instanceof RepeatingFilePasswordProvider)) {
return super.doLoadKey(resourceKey, inputStream, provider);
}
KeyPairResourceParser parser = SecurityUtils.getKeyPairResourceParser();
if (parser == null) {
// This is an internal configuration error, thus no translation.
throw new NoSuchProviderException(
"No registered key-pair resource parser"); //$NON-NLS-1$
}
RepeatingFilePasswordProvider realProvider = (RepeatingFilePasswordProvider) provider;
// Read the stream now so that we can process the content several
// times.
List<String> lines = IoUtils.readAllLines(inputStream);
Collection<KeyPair> ids = null;
while (ids == null) {
try {
ids = parser.loadKeyPairs(resourceKey, realProvider, lines);
realProvider.handleDecodeAttemptResult(resourceKey, "", null); //$NON-NLS-1$
// No exception; success. Exit the loop even if ids is still
// null!
break;
} catch (IOException | GeneralSecurityException
| RuntimeException e) {
ResourceDecodeResult loadResult = realProvider
.handleDecodeAttemptResult(resourceKey, "", e); //$NON-NLS-1$
if (loadResult == null
|| loadResult == ResourceDecodeResult.TERMINATE) {
throw e;
} else if (loadResult == ResourceDecodeResult.RETRY) {
continue;
}
// IGNORE doesn't make any sense here, but OK, let's ignore it.
// ids == null, so we'll throw an exception below.
break;
}
}
if (ids == null) {
// The javadoc on loadKeyPairs says it might return null if no
// key pair found. Bad API.
throw new InvalidKeyException(
format(SshdText.get().identityFileNoKey, resourceKey));
}
Iterator<KeyPair> keys = ids.iterator();
if (!keys.hasNext()) {
throw new InvalidKeyException(format(
SshdText.get().identityFileUnsupportedFormat, resourceKey));
}
KeyPair result = keys.next();
if (keys.hasNext()) {
log.warn(format(SshdText.get().identityFileMultipleKeys,
resourceKey));
keys.forEachRemaining(k -> {
PrivateKey pk = k.getPrivate();
if (pk != null) {
try {
pk.destroy();
} catch (DestroyFailedException e) {
// Ignore
}
}
});
}
return result;
}
}

6
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitClientSession.java

@ -46,6 +46,7 @@ import static java.text.MessageFormat.format;
import java.io.IOException;
import java.net.SocketAddress;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Iterator;
@ -173,7 +174,8 @@ public class JGitClientSession extends ClientSessionImpl {
}
@Override
protected byte[] sendKexInit() throws IOException {
protected byte[] sendKexInit()
throws IOException, GeneralSecurityException {
StatefulProxyConnector proxy = proxyHandler;
if (proxy != null) {
try {
@ -187,7 +189,7 @@ public class JGitClientSession extends ClientSessionImpl {
// This is called only from the ClientSessionImpl
// constructor, where the return value is ignored.
return null;
} catch (IOException e) {
} catch (IOException | GeneralSecurityException e) {
throw e;
} catch (Exception other) {
throw new IOException(other.getLocalizedMessage(), other);

17
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitHostConfigEntry.java

@ -53,28 +53,11 @@ import org.eclipse.jgit.annotations.NonNull;
* A {@link HostConfigEntry} that provides access to the multi-valued keys as
* lists of strings. The super class treats them as single strings containing
* comma-separated lists.
*
*/
public class JGitHostConfigEntry extends HostConfigEntry {
private Map<String, List<String>> multiValuedOptions;
@Override
public String getProperty(String name, String defaultValue) {
// Upstream bug fix (SSHD-867): if there are _no_ properties at all, the
// super implementation returns always null even if a default value is
// given.
//
// See https://issues.apache.org/jira/projects/SSHD/issues/SSHD-867
//
// TODO: remove this override once we're based on sshd > 2.1.0
Map<String, String> properties = getProperties();
if (properties == null || properties.isEmpty()) {
return defaultValue;
}
return super.getProperty(name, defaultValue);
}
/**
* Sets the multi-valued options.
*

83
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPublicKeyAuthFactory.java

@ -1,83 +0,0 @@
/*
* Copyright (C) 2018, Thomas Wolf <thomas.wolf@paranor.ch>
* and other copyright owners as documented in the project's IP log.
*
* This program and the accompanying materials are made available
* under the terms of the Eclipse Distribution License v1.0 which
* accompanies this distribution, is reproduced below, and is
* available at http://www.eclipse.org/org/documents/edl-v10.php
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or
* without modification, are permitted provided that the following
* conditions are met:
*
* - Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* - Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* - Neither the name of the Eclipse Foundation, Inc. nor the
* names of its contributors may be used to endorse or promote
* products derived from this software without specific prior
* written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package org.eclipse.jgit.internal.transport.sshd;
import java.util.List;
import org.apache.sshd.client.auth.AbstractUserAuthFactory;
import org.apache.sshd.client.auth.UserAuth;
import org.apache.sshd.client.auth.pubkey.UserAuthPublicKeyFactory;
import org.apache.sshd.common.NamedFactory;
import org.apache.sshd.common.signature.Signature;
import org.apache.sshd.common.signature.SignatureFactoriesManager;
/**
* A customized authentication factory for public key user authentication. The
* default implementation {@link UserAuthPublicKeyFactory} ends up doing some
* crazy stream "magic" that loads too many keys too early.
*/
public class JGitPublicKeyAuthFactory extends AbstractUserAuthFactory
implements SignatureFactoriesManager {
/** The singleton {@link JGitPublicKeyAuthFactory}. */
public static final JGitPublicKeyAuthFactory INSTANCE = new JGitPublicKeyAuthFactory();
private JGitPublicKeyAuthFactory() {
super(UserAuthPublicKeyFactory.NAME);
}
@Override
public UserAuth create() {
return new JGitPublicKeyAuthentication(getSignatureFactories());
}
@Override
public List<NamedFactory<Signature>> getSignatureFactories() {
return null;
}
@Override
public void setSignatureFactories(List<NamedFactory<Signature>> factories) {
throw new UnsupportedOperationException();
}
}

103
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPublicKeyAuthentication.java

@ -1,103 +0,0 @@
/*
* Copyright (C) 2018, Thomas Wolf <thomas.wolf@paranor.ch>
* and other copyright owners as documented in the project's IP log.
*
* This program and the accompanying materials are made available
* under the terms of the Eclipse Distribution License v1.0 which
* accompanies this distribution, is reproduced below, and is
* available at http://www.eclipse.org/org/documents/edl-v10.php
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or
* without modification, are permitted provided that the following
* conditions are met:
*
* - Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* - Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* - Neither the name of the Eclipse Foundation, Inc. nor the
* names of its contributors may be used to endorse or promote
* products derived from this software without specific prior
* written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package org.eclipse.jgit.internal.transport.sshd;
import java.util.List;
import org.apache.sshd.client.auth.pubkey.UserAuthPublicKey;
import org.apache.sshd.client.session.ClientSession;
import org.apache.sshd.common.NamedFactory;
import org.apache.sshd.common.signature.Signature;
/**
* A specialized public key authentication handler that uses our own
* {@link JGitPublicKeyIterator}. The super class creates in
* {@link #init(ClientSession, String)} a
* {@link org.apache.sshd.client.auth.pubkey.UserAuthPublicKeyIterator}, which
* in its constructor does some strange {@link java.util.stream.Stream} "magic"
* that ends up loading keys prematurely.
*/
public class JGitPublicKeyAuthentication extends UserAuthPublicKey {
private ClientSession clientSession;
private String serviceName;
/**
* Creates a new {@link JGitPublicKeyAuthentication}.
*
* @param factories
* signature factories to use
*/
public JGitPublicKeyAuthentication(
List<NamedFactory<Signature>> factories) {
super(factories);
}
@Override
public void init(ClientSession session, String service) throws Exception {
// Do *not* call super.init(); it'll create a UserAuthPublicKeyIterator
// and that's where things then go wrong. Instead, do the whole
// initialization directly here.
clientSession = session;
serviceName = service;
releaseKeys();
// Use our own iterator!
keys = new JGitPublicKeyIterator(session, this);
}
@Override
public ClientSession getClientSession() {
return clientSession;
}
@Override
public ClientSession getSession() {
return clientSession;
}
@Override
public String getService() {
return serviceName;
}
}

275
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPublicKeyIterator.java

@ -1,275 +0,0 @@
/*
* Copyright (C) 2018, Thomas Wolf <thomas.wolf@paranor.ch>
* and other copyright owners as documented in the project's IP log.
*
* This program and the accompanying materials are made available
* under the terms of the Eclipse Distribution License v1.0 which
* accompanies this distribution, is reproduced below, and is
* available at http://www.eclipse.org/org/documents/edl-v10.php
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or
* without modification, are permitted provided that the following
* conditions are met:
*
* - Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* - Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* - Neither the name of the Eclipse Foundation, Inc. nor the
* names of its contributors may be used to endorse or promote
* products derived from this software without specific prior
* written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package org.eclipse.jgit.internal.transport.sshd;
import java.io.IOException;
import java.nio.channels.Channel;
import java.security.KeyPair;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.concurrent.atomic.AtomicBoolean;
import org.apache.sshd.agent.SshAgent;
import org.apache.sshd.agent.SshAgentFactory;
import org.apache.sshd.client.auth.pubkey.AbstractKeyPairIterator;
import org.apache.sshd.client.auth.pubkey.KeyAgentIdentity;
import org.apache.sshd.client.auth.pubkey.KeyPairIdentity;
import org.apache.sshd.client.auth.pubkey.PublicKeyIdentity;
import org.apache.sshd.client.config.hosts.HostConfigEntry;
import org.apache.sshd.client.session.ClientSession;
import org.apache.sshd.common.FactoryManager;
import org.apache.sshd.common.keyprovider.KeyIdentityProvider;
import org.apache.sshd.common.signature.SignatureFactoriesManager;
/**
* A new iterator over key pairs that we use instead of the default
* {@link org.apache.sshd.client.auth.pubkey.UserAuthPublicKeyIterator}, which
* in its constructor does some strange {@link java.util.stream.Stream} "magic"
* that ends up loading keys prematurely. This class uses plain
* {@link Iterator}s instead to avoid that problem. Used in
* {@link JGitPublicKeyAuthentication}.
*
* @see <a href=
* "https://issues.apache.org/jira/projects/SSHD/issues/SSHD-860">Upstream
* issue SSHD-860</a>
*/
public class JGitPublicKeyIterator
extends AbstractKeyPairIterator<PublicKeyIdentity> implements Channel {
// Re: the cause for the problem mentioned above has not been determined.
// It looks as if either the Apache code inadvertently calls
// GenericUtils.isEmpty() on all streams (which would load the first key
// of each stream), or the Java stream implementation does some prefetching.
// It's not entirely clear. Using Iterators we have more control over
// what happens when.
private final AtomicBoolean open = new AtomicBoolean(true);
private SshAgent agent;
private final List<Iterator<PublicKeyIdentity>> keys = new ArrayList<>(3);
private final Iterator<Iterator<PublicKeyIdentity>> keyIter;
private Iterator<PublicKeyIdentity> current;
private Boolean hasElement;
/**
* Creates a new {@link JGitPublicKeyIterator}.
*
* @param session
* we're trying to authenticate
* @param signatureFactories
* to use
* @throws Exception
* if an {@link SshAgentFactory} is configured and getting
* identities from the agent fails
*/
public JGitPublicKeyIterator(ClientSession session,
SignatureFactoriesManager signatureFactories) throws Exception {
super(session);
boolean useAgent = true;
if (session instanceof JGitClientSession) {
HostConfigEntry config = ((JGitClientSession) session)
.getHostConfigEntry();
useAgent = !config.isIdentitiesOnly();
}
if (useAgent) {
FactoryManager manager = session.getFactoryManager();
SshAgentFactory factory = manager == null ? null
: manager.getAgentFactory();
if (factory != null) {
try {
agent = factory.createClient(manager);
keys.add(new AgentIdentityIterator(agent));
} catch (IOException e) {
try {
closeAgent();
} catch (IOException err) {
e.addSuppressed(err);
}
throw e;
}
}
}
keys.add(
new KeyPairIdentityIterator(session.getRegisteredIdentities(),
session, signatureFactories));
keys.add(new KeyPairIdentityIterator(session.getKeyPairProvider(),
session, signatureFactories));
keyIter = keys.iterator();
}
@Override
public boolean isOpen() {
return open.get();
}
@Override
public void close() throws IOException {
if (open.getAndSet(false)) {
closeAgent();
}
}
@Override
public boolean hasNext() {
if (!isOpen()) {
return false;
}
if (hasElement != null) {
return hasElement.booleanValue();
}
while (current == null || !current.hasNext()) {
if (keyIter.hasNext()) {
current = keyIter.next();
} else {
current = null;
hasElement = Boolean.FALSE;
return false;
}
}
hasElement = Boolean.TRUE;
return true;
}
@Override
public PublicKeyIdentity next() {
if (!isOpen() || hasElement == null && !hasNext()
|| !hasElement.booleanValue()) {
throw new NoSuchElementException();
}
hasElement = null;
PublicKeyIdentity result;
try {
result = current.next();
} catch (NoSuchElementException e) {
result = null;
}
return result;
}
private void closeAgent() throws IOException {
if (agent == null) {
return;
}
try {
agent.close();
} finally {
agent = null;
}
}
/**
* An {@link Iterator} that maps the data obtained from an agent to
* {@link PublicKeyIdentity}.
*/
private static class AgentIdentityIterator
implements Iterator<PublicKeyIdentity> {
private final SshAgent agent;
private final Iterator<? extends Map.Entry<PublicKey, String>> iter;
public AgentIdentityIterator(SshAgent agent) throws IOException {
this.agent = agent;
iter = agent == null ? null : agent.getIdentities().iterator();
}
@Override
public boolean hasNext() {
return iter != null && iter.hasNext();
}
@Override
public PublicKeyIdentity next() {
if (iter == null) {
throw new NoSuchElementException();
}
Map.Entry<PublicKey, String> entry = iter.next();
return new KeyAgentIdentity(agent, entry.getKey(),
entry.getValue());
}
}
/**
* An {@link Iterator} that maps {@link KeyPair} to
* {@link PublicKeyIdentity}.
*/
private static class KeyPairIdentityIterator
implements Iterator<PublicKeyIdentity> {
private final Iterator<KeyPair> keyPairs;
private final ClientSession session;
private final SignatureFactoriesManager signatureFactories;
public KeyPairIdentityIterator(KeyIdentityProvider provider,
ClientSession session,
SignatureFactoriesManager signatureFactories) {
this.session = session;
this.signatureFactories = signatureFactories;
keyPairs = provider == null ? null : provider.loadKeys().iterator();
}
@Override
public boolean hasNext() {
return keyPairs != null && keyPairs.hasNext();
}
@Override
public PublicKeyIdentity next() {
if (keyPairs == null) {
throw new NoSuchElementException();
}
KeyPair key = keyPairs.next();
return new KeyPairIdentity(signatureFactories, session, key);
}
}
}

57
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshClient.java

@ -48,10 +48,12 @@ import static org.eclipse.jgit.internal.transport.ssh.OpenSshConfigFile.positive
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.SocketAddress;
import java.nio.file.Files;
import java.nio.file.InvalidPathException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.util.Arrays;
import java.util.Iterator;
@ -66,12 +68,14 @@ import org.apache.sshd.client.future.ConnectFuture;
import org.apache.sshd.client.future.DefaultConnectFuture;
import org.apache.sshd.client.session.ClientSessionImpl;
import org.apache.sshd.client.session.SessionFactory;
import org.apache.sshd.common.AttributeRepository;
import org.apache.sshd.common.config.keys.FilePasswordProvider;
import org.apache.sshd.common.future.SshFutureListener;
import org.apache.sshd.common.io.IoConnectFuture;
import org.apache.sshd.common.io.IoSession;
import org.apache.sshd.common.keyprovider.AbstractResourceKeyPairProvider;
import org.apache.sshd.common.keyprovider.KeyPairProvider;
import org.apache.sshd.common.keyprovider.KeyIdentityProvider;
import org.apache.sshd.common.session.SessionContext;
import org.apache.sshd.common.session.helpers.AbstractSession;
import org.apache.sshd.common.util.ValidateUtils;
import org.eclipse.jgit.internal.transport.sshd.proxy.HttpClientConnector;
@ -117,7 +121,8 @@ public class JGitSshClient extends SshClient {
}
@Override
public ConnectFuture connect(HostConfigEntry hostConfig)
public ConnectFuture connect(HostConfigEntry hostConfig,
AttributeRepository context, SocketAddress localAddress)
throws IOException {
if (connector == null) {
throw new IllegalStateException("SshClient not started."); //$NON-NLS-1$
@ -149,7 +154,7 @@ public class JGitSshClient extends SshClient {
address = configureProxy(proxy, address);
proxy.clearPassword();
}
connector.connect(address).addListener(listener);
connector.connect(address, this, localAddress).addListener(listener);
return connectFuture;
}
@ -263,16 +268,16 @@ public class JGitSshClient extends SshClient {
identities, keyCache);
ourConfiguredKeysProvider.setPasswordFinder(passwordProvider);
if (hostConfig.isIdentitiesOnly()) {
session.setKeyPairProvider(ourConfiguredKeysProvider);
session.setKeyIdentityProvider(ourConfiguredKeysProvider);
} else {
KeyPairProvider defaultKeysProvider = getKeyPairProvider();
KeyIdentityProvider defaultKeysProvider = getKeyIdentityProvider();
if (defaultKeysProvider instanceof AbstractResourceKeyPairProvider<?>) {
((AbstractResourceKeyPairProvider<?>) defaultKeysProvider)
.setPasswordFinder(passwordProvider);
}
KeyPairProvider combinedProvider = new CombinedKeyPairProvider(
KeyIdentityProvider combinedProvider = new CombinedKeyIdentityProvider(
ourConfiguredKeysProvider, defaultKeysProvider);
session.setKeyPairProvider(combinedProvider);
session.setKeyIdentityProvider(combinedProvider);
}
return session;
}
@ -363,39 +368,30 @@ public class JGitSshClient extends SshClient {
}
/**
* A {@link KeyPairProvider} that iterates over the {@link Iterable}s
* returned by other {@link KeyPairProvider}s.
* A {@link KeyIdentityProvider} that iterates over the {@link Iterable}s
* returned by other {@link KeyIdentityProvider}s.
*/
private static class CombinedKeyPairProvider implements KeyPairProvider {
private static class CombinedKeyIdentityProvider
implements KeyIdentityProvider {
private final List<KeyPairProvider> providers;
private final List<KeyIdentityProvider> providers;
public CombinedKeyPairProvider(KeyPairProvider... providers) {
public CombinedKeyIdentityProvider(KeyIdentityProvider... providers) {
this(Arrays.stream(providers).filter(Objects::nonNull)
.collect(Collectors.toList()));
}
public CombinedKeyPairProvider(List<KeyPairProvider> providers) {
public CombinedKeyIdentityProvider(
List<KeyIdentityProvider> providers) {
this.providers = providers;
}
@Override
public Iterable<String> getKeyTypes() {
throw new UnsupportedOperationException(
"Should not have been called in a ssh client"); //$NON-NLS-1$
}
@Override
public KeyPair loadKey(String type) {
throw new UnsupportedOperationException(
"Should not have been called in a ssh client"); //$NON-NLS-1$
}
@Override
public Iterable<KeyPair> loadKeys() {
public Iterable<KeyPair> loadKeys(SessionContext context) {
return () -> new Iterator<KeyPair>() {
private Iterator<KeyPairProvider> factories = providers.iterator();
private Iterator<KeyIdentityProvider> factories = providers
.iterator();
private Iterator<KeyPair> current;
private Boolean hasElement;
@ -407,7 +403,12 @@ public class JGitSshClient extends SshClient {
}
while (current == null || !current.hasNext()) {
if (factories.hasNext()) {
current = factories.next().loadKeys().iterator();
try {
current = factories.next().loadKeys(context)
.iterator();
} catch (IOException | GeneralSecurityException e) {
throw new RuntimeException(e);
}
} else {
current = null;
hasElement = Boolean.FALSE;

5
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshConfig.java

@ -47,11 +47,13 @@ import static org.eclipse.jgit.internal.transport.ssh.OpenSshConfigFile.positive
import java.io.File;
import java.io.IOException;
import java.net.SocketAddress;
import java.util.Map;
import java.util.TreeMap;
import org.apache.sshd.client.config.hosts.HostConfigEntry;
import org.apache.sshd.client.config.hosts.HostConfigEntryResolver;
import org.apache.sshd.common.AttributeRepository;
import org.apache.sshd.common.util.net.SshdSocketAddress;
import org.eclipse.jgit.annotations.NonNull;
import org.eclipse.jgit.internal.transport.ssh.OpenSshConfigFile;
@ -101,7 +103,8 @@ public class JGitSshConfig implements HostConfigEntryResolver {
@Override
public HostConfigEntry resolveEffectiveHost(String host, int port,
String username) throws IOException {
SocketAddress localAddress, String username,
AttributeRepository attributes) throws IOException {
HostEntry entry = configFile.lookup(host, port, username);
JGitHostConfigEntry config = new JGitHostConfigEntry();
// Apache MINA conflates all keys, even multi-valued ones, in one map

2
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/OpenSshServerKeyVerifier.java

@ -672,7 +672,7 @@ public class OpenSshServerKeyVerifier
continue;
}
try {
PublicKey serverKey = keyPart.resolvePublicKey(
PublicKey serverKey = keyPart.resolvePublicKey(null,
PublicKeyEntryResolver.IGNORING);
if (serverKey == null) {
LOG.warn(format(

20
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/PasswordProviderWrapper.java

@ -50,6 +50,8 @@ import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicInteger;
import org.apache.sshd.common.NamedResource;
import org.apache.sshd.common.session.SessionContext;
import org.eclipse.jgit.annotations.NonNull;
import org.eclipse.jgit.transport.CredentialsProvider;
import org.eclipse.jgit.transport.URIish;
@ -83,10 +85,12 @@ public class PasswordProviderWrapper implements RepeatingFilePasswordProvider {
}
@Override
public String getPassword(String resourceKey) throws IOException {
public String getPassword(SessionContext session, NamedResource resource,
int attemptIndex) throws IOException {
String key = resource.getName();
int attempt = counts
.computeIfAbsent(resourceKey, k -> new AtomicInteger()).get();
char[] passphrase = delegate.getPassphrase(toUri(resourceKey), attempt);
.computeIfAbsent(key, k -> new AtomicInteger()).get();
char[] passphrase = delegate.getPassphrase(toUri(key), attempt);
if (passphrase == null) {
return null;
}
@ -98,21 +102,23 @@ public class PasswordProviderWrapper implements RepeatingFilePasswordProvider {
}
@Override
public ResourceDecodeResult handleDecodeAttemptResult(String resourceKey,
public ResourceDecodeResult handleDecodeAttemptResult(
SessionContext session, NamedResource resource, int retryIndex,
String password, Exception err)
throws IOException, GeneralSecurityException {
AtomicInteger count = counts.get(resourceKey);
String key = resource.getName();
AtomicInteger count = counts.get(key);
int numberOfAttempts = count == null ? 0 : count.incrementAndGet();
ResourceDecodeResult result = null;
try {
if (delegate.keyLoaded(toUri(resourceKey), numberOfAttempts, err)) {
if (delegate.keyLoaded(toUri(key), numberOfAttempts, err)) {
result = ResourceDecodeResult.RETRY;
} else {
result = ResourceDecodeResult.TERMINATE;
}
} finally {
if (result != ResourceDecodeResult.RETRY) {
counts.remove(resourceKey);
counts.remove(key);
}
}
return result;

41
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/RepeatingFilePasswordProvider.java

@ -42,9 +42,6 @@
*/
package org.eclipse.jgit.internal.transport.sshd;
import java.io.IOException;
import java.security.GeneralSecurityException;
import org.apache.sshd.common.config.keys.FilePasswordProvider;
/**
@ -74,42 +71,4 @@ public interface RepeatingFilePasswordProvider extends FilePasswordProvider {
return 1;
}
// The following part of this interface is from the upstream resolution of
// SSHD-850. See https://github.com/apache/mina-sshd/commit/f19bd2e34 .
// TODO: remove this once we move to sshd > 2.1.0
/**
* Result value of
* {@link RepeatingFilePasswordProvider#handleDecodeAttemptResult(String, String, Exception)}.
*/
public enum ResourceDecodeResult {
/** Re-throw the decoding exception. */
TERMINATE,
/** Retry the decoding process - including password prompt. */
RETRY,
/** Skip attempt and see if we can proceed without the key. */
IGNORE;
}
/**
* Invoked to inform the password provider about the decoding result.
* <b>Note:</b> any exception thrown from this method (including if called
* to inform about success) will be propagated instead of the original (if
* any was reported)
*
* @param resourceKey
* The resource key representing the <U>private</U> file
* @param password
* The password that was attempted
* @param err
* The attempt result - {@code null} for success
* @return How to proceed in case of error - <u>ignored</u> if invoked in
* order to report success. <b>Note:</b> {@code null} is same as
* {@link ResourceDecodeResult#TERMINATE}.
* @throws IOException
* @throws GeneralSecurityException
*/
ResourceDecodeResult handleDecodeAttemptResult(String resourceKey,
String password, Exception err)
throws IOException, GeneralSecurityException;
}

25
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSessionFactory.java

@ -64,18 +64,18 @@ import org.apache.sshd.client.ClientBuilder;
import org.apache.sshd.client.SshClient;
import org.apache.sshd.client.auth.UserAuth;
import org.apache.sshd.client.auth.keyboard.UserAuthKeyboardInteractiveFactory;
import org.apache.sshd.client.auth.pubkey.UserAuthPublicKeyFactory;
import org.apache.sshd.client.config.hosts.HostConfigEntryResolver;
import org.apache.sshd.client.keyverifier.ServerKeyVerifier;
import org.apache.sshd.common.NamedFactory;
import org.apache.sshd.common.compression.BuiltinCompressions;
import org.apache.sshd.common.config.keys.FilePasswordProvider;
import org.apache.sshd.common.keyprovider.KeyPairProvider;
import org.apache.sshd.common.keyprovider.KeyIdentityProvider;
import org.eclipse.jgit.annotations.NonNull;
import org.eclipse.jgit.errors.TransportException;
import org.eclipse.jgit.internal.transport.sshd.CachingKeyPairProvider;
import org.eclipse.jgit.internal.transport.sshd.GssApiWithMicAuthFactory;
import org.eclipse.jgit.internal.transport.sshd.JGitPasswordAuthFactory;
import org.eclipse.jgit.internal.transport.sshd.JGitPublicKeyAuthFactory;
import org.eclipse.jgit.internal.transport.sshd.JGitSshClient;
import org.eclipse.jgit.internal.transport.sshd.JGitSshConfig;
import org.eclipse.jgit.internal.transport.sshd.JGitUserInteraction;
@ -211,7 +211,7 @@ public class SshdSessionFactory extends SshSessionFactory implements Closeable {
}
HostConfigEntryResolver configFile = getHostConfigEntryResolver(
home, sshDir);
KeyPairProvider defaultKeysProvider = toKeyPairProvider(
KeyIdentityProvider defaultKeysProvider = toKeyIdentityProvider(
getDefaultKeys(sshDir));
KeyPasswordProvider passphrases = createKeyPasswordProvider(
credentialsProvider);
@ -227,7 +227,7 @@ public class SshdSessionFactory extends SshSessionFactory implements Closeable {
client.setUserInteraction(
new JGitUserInteraction(credentialsProvider));
client.setUserAuthFactories(getUserAuthFactories());
client.setKeyPairProvider(defaultKeysProvider);
client.setKeyIdentityProvider(defaultKeysProvider);
// JGit-specific things:
JGitSshClient jgitClient = (JGitSshClient) client;
jgitClient.setKeyCache(getKeyCache());
@ -438,17 +438,18 @@ public class SshdSessionFactory extends SshSessionFactory implements Closeable {
/**
* Converts an {@link Iterable} of {link KeyPair}s into a
* {@link KeyPairProvider}.
* {@link KeyIdentityProvider}.
*
* @param keys
* to provide via the returned {@link KeyPairProvider}
* @return a {@link KeyPairProvider} that provides the given {@code keys}
* to provide via the returned {@link KeyIdentityProvider}
* @return a {@link KeyIdentityProvider} that provides the given
* {@code keys}
*/
private KeyPairProvider toKeyPairProvider(Iterable<KeyPair> keys) {
if (keys instanceof KeyPairProvider) {
return (KeyPairProvider) keys;
private KeyIdentityProvider toKeyIdentityProvider(Iterable<KeyPair> keys) {
if (keys instanceof KeyIdentityProvider) {
return (KeyIdentityProvider) keys;
}
return () -> keys;
return (session) -> keys;
}
/**
@ -522,7 +523,7 @@ public class SshdSessionFactory extends SshSessionFactory implements Closeable {
// Password auth doesn't have this problem.
return Collections.unmodifiableList(
Arrays.asList(GssApiWithMicAuthFactory.INSTANCE,
JGitPublicKeyAuthFactory.INSTANCE,
UserAuthPublicKeyFactory.INSTANCE,
JGitPasswordAuthFactory.INSTANCE,
UserAuthKeyboardInteractiveFactory.INSTANCE));
}

2
org.eclipse.jgit.test/BUILD

@ -68,7 +68,7 @@ java_library(
deps = [
"//lib:jsch",
"//lib:junit",
"//lib:sshd-core",
"//lib:sshd-osgi",
"//lib:sshd-sftp",
"//org.eclipse.jgit:jgit",
"//org.eclipse.jgit.junit:junit",

2
org.eclipse.jgit.test/tests.bzl

@ -45,7 +45,7 @@ def tests(tests):
additional_deps = [
"//lib:jsch",
"//lib:jzlib",
"//lib:sshd-core",
"//lib:sshd-osgi",
"//lib:sshd-sftp",
":sshd-helpers",
]

2
pom.xml

@ -183,7 +183,7 @@
<bundle-manifest>${project.build.directory}/META-INF/MANIFEST.MF</bundle-manifest>
<jgit-last-release-version>5.3.0.201903130848-r</jgit-last-release-version>
<apache-sshd-version>2.0.0</apache-sshd-version>
<apache-sshd-version>2.2.0</apache-sshd-version>
<jsch-version>0.1.55</jsch-version>
<jzlib-version>1.1.1</jzlib-version>
<javaewah-version>1.1.6</javaewah-version>

Loading…
Cancel
Save