Browse Source

Apache MINA sshd client: adapt to sshd 2.2.0

Update target platforms, maven and bazel builds to use sshd 2.2.0.

Adapt internal classes to changed sshd interfaces and remove previous
work-arounds for asking repeatedly for key passwords and for loading
keys lazily; both are now done by sshd.

CQ: 19034
CQ: 19035
Bug: 541425
Change-Id: I85e1df6ebb8a94953a912d9b2b8a7b5bdfbd608a
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
stable-5.4
Thomas Wolf 6 years ago committed by Matthias Sohn
parent
commit
86cee68e0d
  1. 10
      WORKSPACE
  2. 4
      lib/BUILD
  3. 2
      org.eclipse.jgit.junit.ssh/BUILD
  4. 43
      org.eclipse.jgit.junit.ssh/META-INF/MANIFEST.MF
  5. 2
      org.eclipse.jgit.junit.ssh/pom.xml
  6. 30
      org.eclipse.jgit.junit.ssh/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java
  7. 2
      org.eclipse.jgit.packaging/org.eclipse.jgit.junit.feature/feature.xml
  8. 2
      org.eclipse.jgit.packaging/org.eclipse.jgit.ssh.apache.feature/feature.xml
  9. 10
      org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.10.target
  10. 10
      org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.11.target
  11. 10
      org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.12-staging.target
  12. 10
      org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.6.target
  13. 10
      org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.7.target
  14. 10
      org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.8.target
  15. 19
      org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.9.target
  16. 8
      org.eclipse.jgit.packaging/org.eclipse.jgit.target/orbit/S20190501151401.tpd
  17. 2
      org.eclipse.jgit.ssh.apache.test/BUILD
  18. 2
      org.eclipse.jgit.ssh.apache/BUILD
  19. 81
      org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF
  20. 2
      org.eclipse.jgit.ssh.apache/pom.xml
  21. 87
      org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/CachingKeyPairProvider.java
  22. 158
      org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/EncryptedFileKeyPairProvider.java
  23. 6
      org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitClientSession.java
  24. 17
      org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitHostConfigEntry.java
  25. 83
      org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPublicKeyAuthFactory.java
  26. 103
      org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPublicKeyAuthentication.java
  27. 275
      org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPublicKeyIterator.java
  28. 57
      org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshClient.java
  29. 5
      org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshConfig.java
  30. 2
      org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/OpenSshServerKeyVerifier.java
  31. 20
      org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/PasswordProviderWrapper.java
  32. 41
      org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/RepeatingFilePasswordProvider.java
  33. 25
      org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSessionFactory.java
  34. 2
      org.eclipse.jgit.test/BUILD
  35. 2
      org.eclipse.jgit.test/tests.bzl
  36. 2
      pom.xml

10
WORKSPACE

@ -59,15 +59,15 @@ maven_jar(
) )
maven_jar( maven_jar(
name = "sshd-core", name = "sshd-osgi",
artifact = "org.apache.sshd:sshd-core:2.0.0", artifact = "org.apache.sshd:sshd-osgi:2.2.0",
sha1 = "f4275079a2463cfd2bf1548a80e1683288a8e86b", sha1 = "a45d48cb53678e699816e8e054e55fa33f5a4558",
) )
maven_jar( maven_jar(
name = "sshd-sftp", name = "sshd-sftp",
artifact = "org.apache.sshd:sshd-sftp:2.0.0", artifact = "org.apache.sshd:sshd-sftp:2.2.0",
sha1 = "a12d64dc2d5d23271a4dc58075e55f9c64a68494", sha1 = "3d011e00adf38e49bb8711a9dd762fe908a2170c",
) )
maven_jar( maven_jar(

4
lib/BUILD

@ -68,14 +68,14 @@ java_library(
) )
java_library( java_library(
name = "sshd-core", name = "sshd-osgi",
visibility = [ visibility = [
"//org.eclipse.jgit.junit.ssh:__pkg__", "//org.eclipse.jgit.junit.ssh:__pkg__",
"//org.eclipse.jgit.ssh.apache:__pkg__", "//org.eclipse.jgit.ssh.apache:__pkg__",
"//org.eclipse.jgit.ssh.apache.test:__pkg__", "//org.eclipse.jgit.ssh.apache.test:__pkg__",
"//org.eclipse.jgit.test:__pkg__", "//org.eclipse.jgit.test:__pkg__",
], ],
exports = ["@sshd-core//jar"], exports = ["@sshd-osgi//jar"],
) )
java_library( java_library(

2
org.eclipse.jgit.junit.ssh/BUILD

@ -7,7 +7,7 @@ java_library(
resource_strip_prefix = "org.eclipse.jgit.junit.ssh/resources", resource_strip_prefix = "org.eclipse.jgit.junit.ssh/resources",
resources = glob(["resources/**"]), resources = glob(["resources/**"]),
deps = [ deps = [
"//lib:sshd-core", "//lib:sshd-osgi",
"//lib:sshd-sftp", "//lib:sshd-sftp",
# We want these deps to be provided_deps # We want these deps to be provided_deps
"//org.eclipse.jgit:jgit", "//org.eclipse.jgit:jgit",

43
org.eclipse.jgit.junit.ssh/META-INF/MANIFEST.MF

@ -8,27 +8,28 @@ Bundle-Localization: plugin
Bundle-Vendor: %provider_name Bundle-Vendor: %provider_name
Bundle-ActivationPolicy: lazy Bundle-ActivationPolicy: lazy
Bundle-RequiredExecutionEnvironment: JavaSE-1.8 Bundle-RequiredExecutionEnvironment: JavaSE-1.8
Import-Package: org.apache.sshd.common;version="[2.0.0,2.1.0)", Import-Package: org.apache.sshd.common;version="[2.2.0,2.3.0)",
org.apache.sshd.common.config.keys;version="[2.0.0,2.1.0)", org.apache.sshd.common.config.keys;version="[2.2.0,2.3.0)",
org.apache.sshd.common.file.virtualfs;version="[2.0.0,2.1.0)", org.apache.sshd.common.file.virtualfs;version="[2.2.0,2.3.0)",
org.apache.sshd.common.helpers;version="[2.0.0,2.1.0)", org.apache.sshd.common.helpers;version="[2.2.0,2.3.0)",
org.apache.sshd.common.io;version="[2.0.0,2.1.0)", org.apache.sshd.common.io;version="[2.2.0,2.3.0)",
org.apache.sshd.common.kex;version="[2.0.0,2.1.0)", org.apache.sshd.common.kex;version="[2.2.0,2.3.0)",
org.apache.sshd.common.keyprovider;version="[2.0.0,2.1.0)", org.apache.sshd.common.keyprovider;version="[2.2.0,2.3.0)",
org.apache.sshd.common.session;version="[2.0.0,2.1.0)", org.apache.sshd.common.session;version="[2.2.0,2.3.0)",
org.apache.sshd.common.util.buffer;version="[2.0.0,2.1.0)", org.apache.sshd.common.util.buffer;version="[2.2.0,2.3.0)",
org.apache.sshd.common.util.logging;version="[2.0.0,2.1.0)", org.apache.sshd.common.util.logging;version="[2.2.0,2.3.0)",
org.apache.sshd.common.util.security;version="[2.0.0,2.1.0)", org.apache.sshd.common.util.security;version="[2.2.0,2.3.0)",
org.apache.sshd.server;version="[2.0.0,2.1.0)", org.apache.sshd.common.util.threads;version="[2.2.0,2.3.0)",
org.apache.sshd.server.auth;version="[2.0.0,2.1.0)", org.apache.sshd.server;version="[2.2.0,2.3.0)",
org.apache.sshd.server.auth.gss;version="[2.0.0,2.1.0)", org.apache.sshd.server.auth;version="[2.2.0,2.3.0)",
org.apache.sshd.server.auth.keyboard;version="[2.0.0,2.1.0)", org.apache.sshd.server.auth.gss;version="[2.2.0,2.3.0)",
org.apache.sshd.server.auth.password;version="[2.0.0,2.1.0)", org.apache.sshd.server.auth.keyboard;version="[2.2.0,2.3.0)",
org.apache.sshd.server.command;version="[2.0.0,2.1.0)", org.apache.sshd.server.auth.password;version="[2.2.0,2.3.0)",
org.apache.sshd.server.session;version="[2.0.0,2.1.0)", org.apache.sshd.server.command;version="[2.2.0,2.3.0)",
org.apache.sshd.server.shell;version="[2.0.0,2.1.0)", org.apache.sshd.server.session;version="[2.2.0,2.3.0)",
org.apache.sshd.server.subsystem;version="[2.0.0,2.1.0)", org.apache.sshd.server.shell;version="[2.2.0,2.3.0)",
org.apache.sshd.server.subsystem.sftp;version="[2.0.0,2.1.0)", org.apache.sshd.server.subsystem;version="[2.2.0,2.3.0)",
org.apache.sshd.server.subsystem.sftp;version="[2.2.0,2.3.0)",
org.eclipse.jgit.annotations;version="[5.4.0,5.5.0)", org.eclipse.jgit.annotations;version="[5.4.0,5.5.0)",
org.eclipse.jgit.lib;version="[5.4.0,5.5.0)", org.eclipse.jgit.lib;version="[5.4.0,5.5.0)",
org.eclipse.jgit.transport;version="[5.4.0,5.5.0)", org.eclipse.jgit.transport;version="[5.4.0,5.5.0)",

2
org.eclipse.jgit.junit.ssh/pom.xml

@ -74,7 +74,7 @@
<dependency> <dependency>
<groupId>org.apache.sshd</groupId> <groupId>org.apache.sshd</groupId>
<artifactId>sshd-core</artifactId> <artifactId>sshd-osgi</artifactId>
<version>${apache-sshd-version}</version> <version>${apache-sshd-version}</version>
</dependency> </dependency>

30
org.eclipse.jgit.junit.ssh/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java

@ -55,10 +55,9 @@ import java.util.ArrayList;
import java.util.Collections; import java.util.Collections;
import java.util.List; import java.util.List;
import java.util.Locale; import java.util.Locale;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import org.apache.sshd.common.NamedFactory; import org.apache.sshd.common.NamedFactory;
import org.apache.sshd.common.NamedResource;
import org.apache.sshd.common.SshConstants; import org.apache.sshd.common.SshConstants;
import org.apache.sshd.common.config.keys.AuthorizedKeyEntry; import org.apache.sshd.common.config.keys.AuthorizedKeyEntry;
import org.apache.sshd.common.config.keys.KeyUtils; import org.apache.sshd.common.config.keys.KeyUtils;
@ -67,6 +66,8 @@ import org.apache.sshd.common.file.virtualfs.VirtualFileSystemFactory;
import org.apache.sshd.common.session.Session; import org.apache.sshd.common.session.Session;
import org.apache.sshd.common.util.buffer.Buffer; import org.apache.sshd.common.util.buffer.Buffer;
import org.apache.sshd.common.util.security.SecurityUtils; import org.apache.sshd.common.util.security.SecurityUtils;
import org.apache.sshd.common.util.threads.CloseableExecutorService;
import org.apache.sshd.common.util.threads.ThreadUtils;
import org.apache.sshd.server.ServerAuthenticationManager; import org.apache.sshd.server.ServerAuthenticationManager;
import org.apache.sshd.server.SshServer; import org.apache.sshd.server.SshServer;
import org.apache.sshd.server.auth.UserAuth; import org.apache.sshd.server.auth.UserAuth;
@ -110,8 +111,8 @@ public class SshTestGitServer {
@NonNull @NonNull
protected PublicKey testKey; protected PublicKey testKey;
private final ExecutorService executorService = Executors private final CloseableExecutorService executorService = ThreadUtils
.newFixedThreadPool(2); .newFixedThreadPool("SshTestGitServerPool", 2);
/** /**
* Creates a ssh git <em>test</em> server. It serves one single repository, * Creates a ssh git <em>test</em> server. It serves one single repository,
@ -138,11 +139,12 @@ public class SshTestGitServer {
server = SshServer.setUpDefaultServer(); server = SshServer.setUpDefaultServer();
// Set host key // Set host key
try (ByteArrayInputStream in = new ByteArrayInputStream(hostKey)) { try (ByteArrayInputStream in = new ByteArrayInputStream(hostKey)) {
hostKeys.add(SecurityUtils.loadKeyPairIdentity("", in, null)); SecurityUtils.loadKeyPairIdentities(null, null, in, null)
.forEach((k) -> hostKeys.add(k));
} catch (IOException | GeneralSecurityException e) { } catch (IOException | GeneralSecurityException e) {
// Ignore. // Ignore.
} }
server.setKeyPairProvider(() -> hostKeys); server.setKeyPairProvider((session) -> hostKeys);
configureAuthentication(); configureAuthentication();
@ -276,8 +278,10 @@ public class SshTestGitServer {
public void addHostKey(@NonNull Path key, boolean inFront) public void addHostKey(@NonNull Path key, boolean inFront)
throws IOException, GeneralSecurityException { throws IOException, GeneralSecurityException {
try (InputStream in = Files.newInputStream(key)) { try (InputStream in = Files.newInputStream(key)) {
KeyPair pair = SecurityUtils.loadKeyPairIdentity(key.toString(), in, KeyPair pair = SecurityUtils
null); .loadKeyPairIdentities(null,
NamedResource.ofName(key.toString()), in, null)
.iterator().next();
if (inFront) { if (inFront) {
hostKeys.add(0, pair); hostKeys.add(0, pair);
} else { } else {
@ -335,14 +339,14 @@ public class SshTestGitServer {
public void setTestUserPublicKey(Path key) public void setTestUserPublicKey(Path key)
throws IOException, GeneralSecurityException { throws IOException, GeneralSecurityException {
this.testKey = AuthorizedKeyEntry.readAuthorizedKeys(key).get(0) this.testKey = AuthorizedKeyEntry.readAuthorizedKeys(key).get(0)
.resolvePublicKey(PublicKeyEntryResolver.IGNORING); .resolvePublicKey(null, PublicKeyEntryResolver.IGNORING);
} }
private class GitUploadPackCommand extends AbstractCommandSupport { private class GitUploadPackCommand extends AbstractCommandSupport {
protected GitUploadPackCommand(String command, protected GitUploadPackCommand(String command,
ExecutorService executorService) { CloseableExecutorService executorService) {
super(command, executorService, false); super(command, ThreadUtils.noClose(executorService));
} }
@Override @Override
@ -370,8 +374,8 @@ public class SshTestGitServer {
private class GitReceivePackCommand extends AbstractCommandSupport { private class GitReceivePackCommand extends AbstractCommandSupport {
protected GitReceivePackCommand(String command, protected GitReceivePackCommand(String command,
ExecutorService executorService) { CloseableExecutorService executorService) {
super(command, executorService, false); super(command, ThreadUtils.noClose(executorService));
} }
@Override @Override

2
org.eclipse.jgit.packaging/org.eclipse.jgit.junit.feature/feature.xml

@ -63,7 +63,7 @@
unpack="false"/> unpack="false"/>
<plugin <plugin
id="org.apache.sshd.core" id="org.apache.sshd.osgi"
download-size="0" download-size="0"
install-size="0" install-size="0"
version="0.0.0" version="0.0.0"

2
org.eclipse.jgit.packaging/org.eclipse.jgit.ssh.apache.feature/feature.xml

@ -34,7 +34,7 @@
unpack="false"/> unpack="false"/>
<plugin <plugin
id="org.apache.sshd.core" id="org.apache.sshd.osgi"
download-size="0" download-size="0"
install-size="0" install-size="0"
version="0.0.0" version="0.0.0"

10
org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.10.target

@ -1,4 +1,4 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?><?pde?><!-- generated with https://github.com/eclipse-cbi/targetplatform-dsl --><target name="jgit-4.10" sequenceNumber="1557147616"> <?xml version="1.0" encoding="UTF-8" standalone="no"?><?pde?><!-- generated with https://github.com/eclipse-cbi/targetplatform-dsl --><target name="jgit-4.10" sequenceNumber="1557148658">
<locations> <locations>
<location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit"> <location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit">
<unit id="org.eclipse.jetty.client" version="9.4.14.v20181114"/> <unit id="org.eclipse.jetty.client" version="9.4.14.v20181114"/>
@ -75,10 +75,10 @@
<unit id="com.jcraft.jzlib.source" version="1.1.1.v201205102305"/> <unit id="com.jcraft.jzlib.source" version="1.1.1.v201205102305"/>
<unit id="net.i2p.crypto.eddsa" version="0.3.0.v20181102-1323"/> <unit id="net.i2p.crypto.eddsa" version="0.3.0.v20181102-1323"/>
<unit id="net.i2p.crypto.eddsa.source" version="0.3.0.v20181102-1323"/> <unit id="net.i2p.crypto.eddsa.source" version="0.3.0.v20181102-1323"/>
<unit id="org.apache.sshd.core" version="2.0.0.v20181102-1323"/> <unit id="org.apache.sshd.osgi" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.core.source" version="2.0.0.v20181102-1323"/> <unit id="org.apache.sshd.osgi.source" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.sftp" version="2.0.0.v20181102-1323"/> <unit id="org.apache.sshd.sftp" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.sftp.source" version="2.0.0.v20181102-1323"/> <unit id="org.apache.sshd.sftp.source" version="2.2.0.v20190425-2127"/>
<repository location="http://download.eclipse.org/tools/orbit/downloads/drops/S20190501151401/repository"/> <repository location="http://download.eclipse.org/tools/orbit/downloads/drops/S20190501151401/repository"/>
</location> </location>
<location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit"> <location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit">

10
org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.11.target

@ -1,4 +1,4 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?><?pde?><!-- generated with https://github.com/eclipse-cbi/targetplatform-dsl --><target name="jgit-4.11" sequenceNumber="1557147626"> <?xml version="1.0" encoding="UTF-8" standalone="no"?><?pde?><!-- generated with https://github.com/eclipse-cbi/targetplatform-dsl --><target name="jgit-4.11" sequenceNumber="1557148673">
<locations> <locations>
<location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit"> <location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit">
<unit id="org.eclipse.jetty.client" version="9.4.14.v20181114"/> <unit id="org.eclipse.jetty.client" version="9.4.14.v20181114"/>
@ -75,10 +75,10 @@
<unit id="com.jcraft.jzlib.source" version="1.1.1.v201205102305"/> <unit id="com.jcraft.jzlib.source" version="1.1.1.v201205102305"/>
<unit id="net.i2p.crypto.eddsa" version="0.3.0.v20181102-1323"/> <unit id="net.i2p.crypto.eddsa" version="0.3.0.v20181102-1323"/>
<unit id="net.i2p.crypto.eddsa.source" version="0.3.0.v20181102-1323"/> <unit id="net.i2p.crypto.eddsa.source" version="0.3.0.v20181102-1323"/>
<unit id="org.apache.sshd.core" version="2.0.0.v20181102-1323"/> <unit id="org.apache.sshd.osgi" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.core.source" version="2.0.0.v20181102-1323"/> <unit id="org.apache.sshd.osgi.source" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.sftp" version="2.0.0.v20181102-1323"/> <unit id="org.apache.sshd.sftp" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.sftp.source" version="2.0.0.v20181102-1323"/> <unit id="org.apache.sshd.sftp.source" version="2.2.0.v20190425-2127"/>
<repository location="http://download.eclipse.org/tools/orbit/downloads/drops/S20190501151401/repository"/> <repository location="http://download.eclipse.org/tools/orbit/downloads/drops/S20190501151401/repository"/>
</location> </location>
<location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit"> <location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit">

10
org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.12-staging.target

@ -1,4 +1,4 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?><?pde?><!-- generated with https://github.com/eclipse-cbi/targetplatform-dsl --><target name="jgit-4.12-staging" sequenceNumber="1557147634"> <?xml version="1.0" encoding="UTF-8" standalone="no"?><?pde?><!-- generated with https://github.com/eclipse-cbi/targetplatform-dsl --><target name="jgit-4.12-staging" sequenceNumber="1557148680">
<locations> <locations>
<location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit"> <location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit">
<unit id="org.eclipse.jetty.client" version="9.4.14.v20181114"/> <unit id="org.eclipse.jetty.client" version="9.4.14.v20181114"/>
@ -75,10 +75,10 @@
<unit id="com.jcraft.jzlib.source" version="1.1.1.v201205102305"/> <unit id="com.jcraft.jzlib.source" version="1.1.1.v201205102305"/>
<unit id="net.i2p.crypto.eddsa" version="0.3.0.v20181102-1323"/> <unit id="net.i2p.crypto.eddsa" version="0.3.0.v20181102-1323"/>
<unit id="net.i2p.crypto.eddsa.source" version="0.3.0.v20181102-1323"/> <unit id="net.i2p.crypto.eddsa.source" version="0.3.0.v20181102-1323"/>
<unit id="org.apache.sshd.core" version="2.0.0.v20181102-1323"/> <unit id="org.apache.sshd.osgi" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.core.source" version="2.0.0.v20181102-1323"/> <unit id="org.apache.sshd.osgi.source" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.sftp" version="2.0.0.v20181102-1323"/> <unit id="org.apache.sshd.sftp" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.sftp.source" version="2.0.0.v20181102-1323"/> <unit id="org.apache.sshd.sftp.source" version="2.2.0.v20190425-2127"/>
<repository location="http://download.eclipse.org/tools/orbit/downloads/drops/S20190501151401/repository"/> <repository location="http://download.eclipse.org/tools/orbit/downloads/drops/S20190501151401/repository"/>
</location> </location>
<location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit"> <location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit">

10
org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.6.target

@ -1,4 +1,4 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?><?pde?><!-- generated with https://github.com/eclipse-cbi/targetplatform-dsl --><target name="jgit-4.6" sequenceNumber="1557147672"> <?xml version="1.0" encoding="UTF-8" standalone="no"?><?pde?><!-- generated with https://github.com/eclipse-cbi/targetplatform-dsl --><target name="jgit-4.6" sequenceNumber="1557148684">
<locations> <locations>
<location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit"> <location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit">
<unit id="org.eclipse.jetty.client" version="9.4.14.v20181114"/> <unit id="org.eclipse.jetty.client" version="9.4.14.v20181114"/>
@ -75,10 +75,10 @@
<unit id="com.jcraft.jzlib.source" version="1.1.1.v201205102305"/> <unit id="com.jcraft.jzlib.source" version="1.1.1.v201205102305"/>
<unit id="net.i2p.crypto.eddsa" version="0.3.0.v20181102-1323"/> <unit id="net.i2p.crypto.eddsa" version="0.3.0.v20181102-1323"/>
<unit id="net.i2p.crypto.eddsa.source" version="0.3.0.v20181102-1323"/> <unit id="net.i2p.crypto.eddsa.source" version="0.3.0.v20181102-1323"/>
<unit id="org.apache.sshd.core" version="2.0.0.v20181102-1323"/> <unit id="org.apache.sshd.osgi" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.core.source" version="2.0.0.v20181102-1323"/> <unit id="org.apache.sshd.osgi.source" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.sftp" version="2.0.0.v20181102-1323"/> <unit id="org.apache.sshd.sftp" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.sftp.source" version="2.0.0.v20181102-1323"/> <unit id="org.apache.sshd.sftp.source" version="2.2.0.v20190425-2127"/>
<repository location="http://download.eclipse.org/tools/orbit/downloads/drops/S20190501151401/repository"/> <repository location="http://download.eclipse.org/tools/orbit/downloads/drops/S20190501151401/repository"/>
</location> </location>
<location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit"> <location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit">

10
org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.7.target

@ -1,4 +1,4 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?><?pde?><!-- generated with https://github.com/eclipse-cbi/targetplatform-dsl --><target name="jgit-4.7" sequenceNumber="1557147667"> <?xml version="1.0" encoding="UTF-8" standalone="no"?><?pde?><!-- generated with https://github.com/eclipse-cbi/targetplatform-dsl --><target name="jgit-4.7" sequenceNumber="1557148689">
<locations> <locations>
<location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit"> <location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit">
<unit id="org.eclipse.jetty.client" version="9.4.14.v20181114"/> <unit id="org.eclipse.jetty.client" version="9.4.14.v20181114"/>
@ -75,10 +75,10 @@
<unit id="com.jcraft.jzlib.source" version="1.1.1.v201205102305"/> <unit id="com.jcraft.jzlib.source" version="1.1.1.v201205102305"/>
<unit id="net.i2p.crypto.eddsa" version="0.3.0.v20181102-1323"/> <unit id="net.i2p.crypto.eddsa" version="0.3.0.v20181102-1323"/>
<unit id="net.i2p.crypto.eddsa.source" version="0.3.0.v20181102-1323"/> <unit id="net.i2p.crypto.eddsa.source" version="0.3.0.v20181102-1323"/>
<unit id="org.apache.sshd.core" version="2.0.0.v20181102-1323"/> <unit id="org.apache.sshd.osgi" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.core.source" version="2.0.0.v20181102-1323"/> <unit id="org.apache.sshd.osgi.source" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.sftp" version="2.0.0.v20181102-1323"/> <unit id="org.apache.sshd.sftp" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.sftp.source" version="2.0.0.v20181102-1323"/> <unit id="org.apache.sshd.sftp.source" version="2.2.0.v20190425-2127"/>
<repository location="http://download.eclipse.org/tools/orbit/downloads/drops/S20190501151401/repository"/> <repository location="http://download.eclipse.org/tools/orbit/downloads/drops/S20190501151401/repository"/>
</location> </location>
<location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit"> <location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit">

10
org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.8.target

@ -1,4 +1,4 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?><?pde?><!-- generated with https://github.com/eclipse-cbi/targetplatform-dsl --><target name="jgit-4.8" sequenceNumber="1557147665"> <?xml version="1.0" encoding="UTF-8" standalone="no"?><?pde?><!-- generated with https://github.com/eclipse-cbi/targetplatform-dsl --><target name="jgit-4.8" sequenceNumber="1557148692">
<locations> <locations>
<location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit"> <location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit">
<unit id="org.eclipse.jetty.client" version="9.4.14.v20181114"/> <unit id="org.eclipse.jetty.client" version="9.4.14.v20181114"/>
@ -75,10 +75,10 @@
<unit id="com.jcraft.jzlib.source" version="1.1.1.v201205102305"/> <unit id="com.jcraft.jzlib.source" version="1.1.1.v201205102305"/>
<unit id="net.i2p.crypto.eddsa" version="0.3.0.v20181102-1323"/> <unit id="net.i2p.crypto.eddsa" version="0.3.0.v20181102-1323"/>
<unit id="net.i2p.crypto.eddsa.source" version="0.3.0.v20181102-1323"/> <unit id="net.i2p.crypto.eddsa.source" version="0.3.0.v20181102-1323"/>
<unit id="org.apache.sshd.core" version="2.0.0.v20181102-1323"/> <unit id="org.apache.sshd.osgi" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.core.source" version="2.0.0.v20181102-1323"/> <unit id="org.apache.sshd.osgi.source" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.sftp" version="2.0.0.v20181102-1323"/> <unit id="org.apache.sshd.sftp" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.sftp.source" version="2.0.0.v20181102-1323"/> <unit id="org.apache.sshd.sftp.source" version="2.2.0.v20190425-2127"/>
<repository location="http://download.eclipse.org/tools/orbit/downloads/drops/S20190501151401/repository"/> <repository location="http://download.eclipse.org/tools/orbit/downloads/drops/S20190501151401/repository"/>
</location> </location>
<location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit"> <location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit">

19
org.eclipse.jgit.packaging/org.eclipse.jgit.target/jgit-4.9.target

@ -1,9 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <?xml version="1.0" encoding="UTF-8" standalone="no"?><?pde?><!-- generated with https://github.com/eclipse-cbi/targetplatform-dsl --><target name="jgit-4.9" sequenceNumber="1557148695">
<?pde?>
<!-- generated with https://github.com/eclipse-cbi/targetplatform-dsl -->
<target name="jgit-4.9" sequenceNumber="1557147670">
<locations> <locations>
<location includeMode="slicer" includeAllPlatforms="false" includeSource="true" includeConfigurePhase="true" type="InstallableUnit"> <location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit">
<unit id="org.eclipse.jetty.client" version="9.4.14.v20181114"/> <unit id="org.eclipse.jetty.client" version="9.4.14.v20181114"/>
<unit id="org.eclipse.jetty.client.source" version="9.4.14.v20181114"/> <unit id="org.eclipse.jetty.client.source" version="9.4.14.v20181114"/>
<unit id="org.eclipse.jetty.continuation" version="9.4.14.v20181114"/> <unit id="org.eclipse.jetty.continuation" version="9.4.14.v20181114"/>
@ -22,7 +19,7 @@
<unit id="org.eclipse.jetty.util.source" version="9.4.14.v20181114"/> <unit id="org.eclipse.jetty.util.source" version="9.4.14.v20181114"/>
<repository id="jetty-9.4.14" location="http://download.eclipse.org/jetty/updates/jetty-bundles-9.x/9.4.14.v20181114"/> <repository id="jetty-9.4.14" location="http://download.eclipse.org/jetty/updates/jetty-bundles-9.x/9.4.14.v20181114"/>
</location> </location>
<location includeMode="slicer" includeAllPlatforms="false" includeSource="true" includeConfigurePhase="true" type="InstallableUnit"> <location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit">
<unit id="org.apache.ant" version="1.10.5.v20180808-0324"/> <unit id="org.apache.ant" version="1.10.5.v20180808-0324"/>
<unit id="org.apache.ant.source" version="1.10.5.v20180808-0324"/> <unit id="org.apache.ant.source" version="1.10.5.v20180808-0324"/>
<unit id="org.apache.commons.codec" version="1.10.0.v20180409-1845"/> <unit id="org.apache.commons.codec" version="1.10.0.v20180409-1845"/>
@ -78,13 +75,13 @@
<unit id="com.jcraft.jzlib.source" version="1.1.1.v201205102305"/> <unit id="com.jcraft.jzlib.source" version="1.1.1.v201205102305"/>
<unit id="net.i2p.crypto.eddsa" version="0.3.0.v20181102-1323"/> <unit id="net.i2p.crypto.eddsa" version="0.3.0.v20181102-1323"/>
<unit id="net.i2p.crypto.eddsa.source" version="0.3.0.v20181102-1323"/> <unit id="net.i2p.crypto.eddsa.source" version="0.3.0.v20181102-1323"/>
<unit id="org.apache.sshd.core" version="2.0.0.v20181102-1323"/> <unit id="org.apache.sshd.osgi" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.core.source" version="2.0.0.v20181102-1323"/> <unit id="org.apache.sshd.osgi.source" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.sftp" version="2.0.0.v20181102-1323"/> <unit id="org.apache.sshd.sftp" version="2.2.0.v20190425-2127"/>
<unit id="org.apache.sshd.sftp.source" version="2.0.0.v20181102-1323"/> <unit id="org.apache.sshd.sftp.source" version="2.2.0.v20190425-2127"/>
<repository location="http://download.eclipse.org/tools/orbit/downloads/drops/S20190501151401/repository"/> <repository location="http://download.eclipse.org/tools/orbit/downloads/drops/S20190501151401/repository"/>
</location> </location>
<location includeMode="slicer" includeAllPlatforms="false" includeSource="true" includeConfigurePhase="true" type="InstallableUnit"> <location includeAllPlatforms="false" includeConfigurePhase="true" includeMode="slicer" includeSource="true" type="InstallableUnit">
<unit id="org.eclipse.osgi" version="0.0.0"/> <unit id="org.eclipse.osgi" version="0.0.0"/>
<repository location="http://download.eclipse.org/releases/2018-09/"/> <repository location="http://download.eclipse.org/releases/2018-09/"/>
</location> </location>

8
org.eclipse.jgit.packaging/org.eclipse.jgit.target/orbit/S20190501151401.tpd

@ -57,8 +57,8 @@ location "http://download.eclipse.org/tools/orbit/downloads/drops/S2019050115140
com.jcraft.jzlib.source [1.1.1.v201205102305,1.1.1.v201205102305] com.jcraft.jzlib.source [1.1.1.v201205102305,1.1.1.v201205102305]
net.i2p.crypto.eddsa [0.3.0.v20181102-1323,0.3.0.v20181102-1323] net.i2p.crypto.eddsa [0.3.0.v20181102-1323,0.3.0.v20181102-1323]
net.i2p.crypto.eddsa.source [0.3.0.v20181102-1323,0.3.0.v20181102-1323] net.i2p.crypto.eddsa.source [0.3.0.v20181102-1323,0.3.0.v20181102-1323]
org.apache.sshd.core [2.0.0.v20181102-1323,2.0.0.v20181102-1323] org.apache.sshd.osgi [2.2.0.v20190425-2127,2.2.0.v20190425-2127]
org.apache.sshd.core.source [2.0.0.v20181102-1323,2.0.0.v20181102-1323] org.apache.sshd.osgi.source [2.2.0.v20190425-2127,2.2.0.v20190425-2127]
org.apache.sshd.sftp [2.0.0.v20181102-1323,2.0.0.v20181102-1323] org.apache.sshd.sftp [2.2.0.v20190425-2127,2.2.0.v20190425-2127]
org.apache.sshd.sftp.source [2.0.0.v20181102-1323,2.0.0.v20181102-1323] org.apache.sshd.sftp.source [2.2.0.v20190425-2127,2.2.0.v20190425-2127]
} }

2
org.eclipse.jgit.ssh.apache.test/BUILD

@ -10,7 +10,7 @@ junit_tests(
deps = [ deps = [
"//lib:eddsa", "//lib:eddsa",
"//lib:junit", "//lib:junit",
"//lib:sshd-core", "//lib:sshd-osgi",
"//lib:sshd-sftp", "//lib:sshd-sftp",
"//org.eclipse.jgit:jgit", "//org.eclipse.jgit:jgit",
"//org.eclipse.jgit.ssh.apache:ssh-apache", "//org.eclipse.jgit.ssh.apache:ssh-apache",

2
org.eclipse.jgit.ssh.apache/BUILD

@ -12,7 +12,7 @@ java_library(
deps = [ deps = [
"//lib:eddsa", "//lib:eddsa",
"//lib:slf4j-api", "//lib:slf4j-api",
"//lib:sshd-core", "//lib:sshd-osgi",
"//lib:sshd-sftp", "//lib:sshd-sftp",
"//org.eclipse.jgit:jgit", "//org.eclipse.jgit:jgit",
], ],

81
org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF

@ -32,46 +32,47 @@ Export-Package: org.eclipse.jgit.internal.transport.sshd;version="5.4.0";x-inter
org.apache.sshd.client.session, org.apache.sshd.client.session,
org.apache.sshd.client.keyverifier" org.apache.sshd.client.keyverifier"
Import-Package: net.i2p.crypto.eddsa;version="[0.3.0,0.4.0)", Import-Package: net.i2p.crypto.eddsa;version="[0.3.0,0.4.0)",
org.apache.sshd.agent;version="[2.0.0,2.1.0)", org.apache.sshd.agent;version="[2.2.0,2.3.0)",
org.apache.sshd.client;version="[2.0.0,2.1.0)", org.apache.sshd.client;version="[2.2.0,2.3.0)",
org.apache.sshd.client.auth;version="[2.0.0,2.1.0)", org.apache.sshd.client.auth;version="[2.2.0,2.3.0)",
org.apache.sshd.client.auth.keyboard;version="[2.0.0,2.1.0)", org.apache.sshd.client.auth.keyboard;version="[2.2.0,2.3.0)",
org.apache.sshd.client.auth.password;version="[2.0.0,2.1.0)", org.apache.sshd.client.auth.password;version="[2.2.0,2.3.0)",
org.apache.sshd.client.auth.pubkey;version="[2.0.0,2.1.0)", org.apache.sshd.client.auth.pubkey;version="[2.2.0,2.3.0)",
org.apache.sshd.client.channel;version="[2.0.0,2.1.0)", org.apache.sshd.client.channel;version="[2.2.0,2.3.0)",
org.apache.sshd.client.config.hosts;version="[2.0.0,2.1.0)", org.apache.sshd.client.config.hosts;version="[2.2.0,2.3.0)",
org.apache.sshd.client.config.keys;version="[2.0.0,2.1.0)", org.apache.sshd.client.config.keys;version="[2.2.0,2.3.0)",
org.apache.sshd.client.future;version="[2.0.0,2.1.0)", org.apache.sshd.client.future;version="[2.2.0,2.3.0)",
org.apache.sshd.client.keyverifier;version="[2.0.0,2.1.0)", org.apache.sshd.client.keyverifier;version="[2.2.0,2.3.0)",
org.apache.sshd.client.session;version="[2.0.0,2.1.0)", org.apache.sshd.client.session;version="[2.2.0,2.3.0)",
org.apache.sshd.client.subsystem.sftp;version="[2.0.0,2.1.0)", org.apache.sshd.client.subsystem.sftp;version="[2.2.0,2.3.0)",
org.apache.sshd.common;version="[2.0.0,2.1.0)", org.apache.sshd.common;version="[2.2.0,2.3.0)",
org.apache.sshd.common.auth;version="[2.0.0,2.1.0)", org.apache.sshd.common.auth;version="[2.2.0,2.3.0)",
org.apache.sshd.common.channel;version="[2.0.0,2.1.0)", org.apache.sshd.common.channel;version="[2.2.0,2.3.0)",
org.apache.sshd.common.compression;version="[2.0.0,2.1.0)", org.apache.sshd.common.compression;version="[2.2.0,2.3.0)",
org.apache.sshd.common.config.keys;version="[2.0.0,2.1.0)", org.apache.sshd.common.config.keys;version="[2.2.0,2.3.0)",
org.apache.sshd.common.config.keys.loader;version="[2.0.0,2.1.0)", org.apache.sshd.common.config.keys.loader;version="[2.2.0,2.3.0)",
org.apache.sshd.common.digest;version="[2.0.0,2.1.0)", org.apache.sshd.common.digest;version="[2.2.0,2.3.0)",
org.apache.sshd.common.forward;version="[2.0.0,2.1.0)", org.apache.sshd.common.forward;version="[2.2.0,2.3.0)",
org.apache.sshd.common.future;version="[2.0.0,2.1.0)", org.apache.sshd.common.future;version="[2.2.0,2.3.0)",
org.apache.sshd.common.helpers;version="[2.0.0,2.1.0)", org.apache.sshd.common.helpers;version="[2.2.0,2.3.0)",
org.apache.sshd.common.io;version="[2.0.0,2.1.0)", org.apache.sshd.common.io;version="[2.2.0,2.3.0)",
org.apache.sshd.common.kex;version="[2.0.0,2.1.0)", org.apache.sshd.common.kex;version="[2.2.0,2.3.0)",
org.apache.sshd.common.keyprovider;version="[2.0.0,2.1.0)", org.apache.sshd.common.keyprovider;version="[2.2.0,2.3.0)",
org.apache.sshd.common.mac;version="[2.0.0,2.1.0)", org.apache.sshd.common.mac;version="[2.2.0,2.3.0)",
org.apache.sshd.common.random;version="[2.0.0,2.1.0)", org.apache.sshd.common.random;version="[2.2.0,2.3.0)",
org.apache.sshd.common.session;version="[2.0.0,2.1.0)", org.apache.sshd.common.session;version="[2.2.0,2.3.0)",
org.apache.sshd.common.session.helpers;version="[2.0.0,2.1.0)", org.apache.sshd.common.session.helpers;version="[2.2.0,2.3.0)",
org.apache.sshd.common.signature;version="[2.0.0,2.1.0)", org.apache.sshd.common.signature;version="[2.2.0,2.3.0)",
org.apache.sshd.common.subsystem.sftp;version="[2.0.0,2.1.0)", org.apache.sshd.common.subsystem.sftp;version="[2.2.0,2.3.0)",
org.apache.sshd.common.util;version="[2.0.0,2.1.0)", org.apache.sshd.common.util;version="[2.2.0,2.3.0)",
org.apache.sshd.common.util.buffer;version="[2.0.0,2.1.0)", org.apache.sshd.common.util.buffer;version="[2.2.0,2.3.0)",
org.apache.sshd.common.util.closeable;version="[2.0.0,2.1.0)", org.apache.sshd.common.util.closeable;version="[2.2.0,2.3.0)",
org.apache.sshd.common.util.io;version="[2.0.0,2.1.0)", org.apache.sshd.common.util.io;version="[2.2.0,2.3.0)",
org.apache.sshd.common.util.logging;version="[2.0.0,2.1.0)", org.apache.sshd.common.util.io.resource;version="[2.2.0,2.3.0)",
org.apache.sshd.common.util.net;version="[2.0.0,2.1.0)", org.apache.sshd.common.util.logging;version="[2.2.0,2.3.0)",
org.apache.sshd.common.util.security;version="[2.0.0,2.1.0)", org.apache.sshd.common.util.net;version="[2.2.0,2.3.0)",
org.apache.sshd.server.auth;version="[2.0.0,2.1.0)", org.apache.sshd.common.util.security;version="[2.2.0,2.3.0)",
org.apache.sshd.server.auth;version="[2.2.0,2.3.0)",
org.eclipse.jgit.annotations;version="[5.4.0,5.5.0)", org.eclipse.jgit.annotations;version="[5.4.0,5.5.0)",
org.eclipse.jgit.errors;version="[5.4.0,5.5.0)", org.eclipse.jgit.errors;version="[5.4.0,5.5.0)",
org.eclipse.jgit.fnmatch;version="[5.4.0,5.5.0)", org.eclipse.jgit.fnmatch;version="[5.4.0,5.5.0)",

2
org.eclipse.jgit.ssh.apache/pom.xml

@ -75,7 +75,7 @@
<dependency> <dependency>
<groupId>org.apache.sshd</groupId> <groupId>org.apache.sshd</groupId>
<artifactId>sshd-core</artifactId> <artifactId>sshd-osgi</artifactId>
<version>${apache-sshd-version}</version> <version>${apache-sshd-version}</version>
</dependency> </dependency>

87
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/CachingKeyPairProvider.java

@ -45,10 +45,13 @@ package org.eclipse.jgit.internal.transport.sshd;
import static java.text.MessageFormat.format; import static java.text.MessageFormat.format;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files; import java.nio.file.Files;
import java.nio.file.Path; import java.nio.file.Path;
import java.security.GeneralSecurityException; import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyPair; import java.security.KeyPair;
import java.security.PrivateKey;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collection; import java.util.Collection;
import java.util.Collections; import java.util.Collections;
@ -57,13 +60,20 @@ import java.util.List;
import java.util.NoSuchElementException; import java.util.NoSuchElementException;
import java.util.concurrent.CancellationException; import java.util.concurrent.CancellationException;
import javax.security.auth.DestroyFailedException;
import org.apache.sshd.common.NamedResource;
import org.apache.sshd.common.config.keys.FilePasswordProvider;
import org.apache.sshd.common.keyprovider.FileKeyPairProvider;
import org.apache.sshd.common.session.SessionContext;
import org.apache.sshd.common.util.io.resource.IoResource;
import org.apache.sshd.common.util.security.SecurityUtils;
import org.eclipse.jgit.transport.sshd.KeyCache; import org.eclipse.jgit.transport.sshd.KeyCache;
/** /**
* A {@link EncryptedFileKeyPairProvider} that uses an external * A {@link FileKeyPairProvider} that uses an external {@link KeyCache}.
* {@link KeyCache}.
*/ */
public class CachingKeyPairProvider extends EncryptedFileKeyPairProvider public class CachingKeyPairProvider extends FileKeyPairProvider
implements Iterable<KeyPair> { implements Iterable<KeyPair> {
private final KeyCache cache; private final KeyCache cache;
@ -71,7 +81,7 @@ public class CachingKeyPairProvider extends EncryptedFileKeyPairProvider
/** /**
* Creates a new {@link CachingKeyPairProvider} using the given * Creates a new {@link CachingKeyPairProvider} using the given
* {@link KeyCache}. If the cache is {@code null}, this is a simple * {@link KeyCache}. If the cache is {@code null}, this is a simple
* {@link EncryptedFileKeyPairProvider}. * {@link FileKeyPairProvider}.
* *
* @param paths * @param paths
* to load keys from * to load keys from
@ -85,36 +95,36 @@ public class CachingKeyPairProvider extends EncryptedFileKeyPairProvider
@Override @Override
public Iterator<KeyPair> iterator() { public Iterator<KeyPair> iterator() {
return iterator(null);
}
private Iterator<KeyPair> iterator(SessionContext session) {
Collection<? extends Path> resources = getPaths(); Collection<? extends Path> resources = getPaths();
if (resources.isEmpty()) { if (resources.isEmpty()) {
return Collections.emptyListIterator(); return Collections.emptyListIterator();
} }
return new CancellingKeyPairIterator(resources); return new CancellingKeyPairIterator(session, resources);
} }
@Override @Override
public Iterable<KeyPair> loadKeys() { public Iterable<KeyPair> loadKeys(SessionContext session) {
return this; return () -> iterator(session);
} }
@Override private KeyPair loadKey(SessionContext session, Path path)
protected KeyPair doLoadKey(Path resource)
throws IOException, GeneralSecurityException { throws IOException, GeneralSecurityException {
if (!Files.exists(resource)) { if (!Files.exists(path)) {
log.warn(format(SshdText.get().identityFileNotFound, resource)); log.warn(format(SshdText.get().identityFileNotFound, path));
return null; return null;
} }
// By calling doLoadKey(String, Path, FilePasswordProvider) instead of IoResource<Path> resource = getIoResource(session, path);
// super.doLoadKey(Path) we can bypass the key caching in
// AbstractResourceKeyPairProvider, over which we have no real control.
String resourceId = resource.toString();
if (cache == null) { if (cache == null) {
return doLoadKey(resourceId, resource, getPasswordFinder()); return loadKey(session, resource, path, getPasswordFinder());
} }
Throwable t[] = { null }; Throwable t[] = { null };
KeyPair key = cache.get(resource, p -> { KeyPair key = cache.get(path, p -> {
try { try {
return doLoadKey(resourceId, p, getPasswordFinder()); return loadKey(session, resource, p, getPasswordFinder());
} catch (IOException | GeneralSecurityException e) { } catch (IOException | GeneralSecurityException e) {
t[0] = e; t[0] = e;
return null; return null;
@ -130,18 +140,55 @@ public class CachingKeyPairProvider extends EncryptedFileKeyPairProvider
return key; return key;
} }
private KeyPair loadKey(SessionContext session, NamedResource resource,
Path path, FilePasswordProvider passwordProvider)
throws IOException, GeneralSecurityException {
try (InputStream stream = Files.newInputStream(path)) {
Iterable<KeyPair> ids = SecurityUtils.loadKeyPairIdentities(session,
resource, stream, passwordProvider);
if (ids == null) {
throw new InvalidKeyException(
format(SshdText.get().identityFileNoKey, path));
}
Iterator<KeyPair> keys = ids.iterator();
if (!keys.hasNext()) {
throw new InvalidKeyException(format(
SshdText.get().identityFileUnsupportedFormat, path));
}
KeyPair result = keys.next();
if (keys.hasNext()) {
log.warn(format(SshdText.get().identityFileMultipleKeys, path));
keys.forEachRemaining(k -> {
PrivateKey pk = k.getPrivate();
if (pk != null) {
try {
pk.destroy();
} catch (DestroyFailedException e) {
// Ignore
}
}
});
}
return result;
}
}
private class CancellingKeyPairIterator implements Iterator<KeyPair> { private class CancellingKeyPairIterator implements Iterator<KeyPair> {
private final SessionContext context;
private final Iterator<Path> paths; private final Iterator<Path> paths;
private KeyPair nextItem; private KeyPair nextItem;
private boolean nextSet; private boolean nextSet;
public CancellingKeyPairIterator(Collection<? extends Path> resources) { public CancellingKeyPairIterator(SessionContext session,
Collection<? extends Path> resources) {
List<Path> copy = new ArrayList<>(resources.size()); List<Path> copy = new ArrayList<>(resources.size());
copy.addAll(resources); copy.addAll(resources);
paths = copy.iterator(); paths = copy.iterator();
context = session;
} }
@Override @Override
@ -152,7 +199,7 @@ public class CachingKeyPairProvider extends EncryptedFileKeyPairProvider
nextSet = true; nextSet = true;
while (nextItem == null && paths.hasNext()) { while (nextItem == null && paths.hasNext()) {
try { try {
nextItem = doLoadKey(paths.next()); nextItem = loadKey(context, paths.next());
} catch (CancellationException cancelled) { } catch (CancellationException cancelled) {
throw cancelled; throw cancelled;
} catch (Exception other) { } catch (Exception other) {

158
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/EncryptedFileKeyPairProvider.java

@ -1,158 +0,0 @@
/*
* Copyright (C) 2018, Thomas Wolf <thomas.wolf@paranor.ch>
* and other copyright owners as documented in the project's IP log.
*
* This program and the accompanying materials are made available
* under the terms of the Eclipse Distribution License v1.0 which
* accompanies this distribution, is reproduced below, and is
* available at http://www.eclipse.org/org/documents/edl-v10.php
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or
* without modification, are permitted provided that the following
* conditions are met:
*
* - Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* - Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* - Neither the name of the Eclipse Foundation, Inc. nor the
* names of its contributors may be used to endorse or promote
* products derived from this software without specific prior
* written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package org.eclipse.jgit.internal.transport.sshd;
import static java.text.MessageFormat.format;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.DestroyFailedException;
import org.apache.sshd.common.config.keys.FilePasswordProvider;
import org.apache.sshd.common.config.keys.loader.KeyPairResourceParser;
import org.apache.sshd.common.keyprovider.FileKeyPairProvider;
import org.apache.sshd.common.util.io.IoUtils;
import org.apache.sshd.common.util.security.SecurityUtils;
import org.eclipse.jgit.internal.transport.sshd.RepeatingFilePasswordProvider.ResourceDecodeResult;
/**
* A {@link FileKeyPairProvider} that asks repeatedly for a passphrase for an
* encrypted private key if the {@link FilePasswordProvider} is a
* {@link RepeatingFilePasswordProvider}.
*/
public abstract class EncryptedFileKeyPairProvider extends FileKeyPairProvider {
// TODO: remove this class once we're based on sshd > 2.1.0. See upstream
// issue SSHD-850 https://issues.apache.org/jira/browse/SSHD-850 and commit
// https://github.com/apache/mina-sshd/commit/f19bd2e34
/**
* Creates a new {@link EncryptedFileKeyPairProvider} for the given
* {@link Path}s.
*
* @param paths
* to read keys from
*/
public EncryptedFileKeyPairProvider(List<Path> paths) {
super(paths);
}
@Override
protected KeyPair doLoadKey(String resourceKey, InputStream inputStream,
FilePasswordProvider provider)
throws IOException, GeneralSecurityException {
if (!(provider instanceof RepeatingFilePasswordProvider)) {
return super.doLoadKey(resourceKey, inputStream, provider);
}
KeyPairResourceParser parser = SecurityUtils.getKeyPairResourceParser();
if (parser == null) {
// This is an internal configuration error, thus no translation.
throw new NoSuchProviderException(
"No registered key-pair resource parser"); //$NON-NLS-1$
}
RepeatingFilePasswordProvider realProvider = (RepeatingFilePasswordProvider) provider;
// Read the stream now so that we can process the content several
// times.
List<String> lines = IoUtils.readAllLines(inputStream);
Collection<KeyPair> ids = null;
while (ids == null) {
try {
ids = parser.loadKeyPairs(resourceKey, realProvider, lines);
realProvider.handleDecodeAttemptResult(resourceKey, "", null); //$NON-NLS-1$
// No exception; success. Exit the loop even if ids is still
// null!
break;
} catch (IOException | GeneralSecurityException
| RuntimeException e) {
ResourceDecodeResult loadResult = realProvider
.handleDecodeAttemptResult(resourceKey, "", e); //$NON-NLS-1$
if (loadResult == null
|| loadResult == ResourceDecodeResult.TERMINATE) {
throw e;
} else if (loadResult == ResourceDecodeResult.RETRY) {
continue;
}
// IGNORE doesn't make any sense here, but OK, let's ignore it.
// ids == null, so we'll throw an exception below.
break;
}
}
if (ids == null) {
// The javadoc on loadKeyPairs says it might return null if no
// key pair found. Bad API.
throw new InvalidKeyException(
format(SshdText.get().identityFileNoKey, resourceKey));
}
Iterator<KeyPair> keys = ids.iterator();
if (!keys.hasNext()) {
throw new InvalidKeyException(format(
SshdText.get().identityFileUnsupportedFormat, resourceKey));
}
KeyPair result = keys.next();
if (keys.hasNext()) {
log.warn(format(SshdText.get().identityFileMultipleKeys,
resourceKey));
keys.forEachRemaining(k -> {
PrivateKey pk = k.getPrivate();
if (pk != null) {
try {
pk.destroy();
} catch (DestroyFailedException e) {
// Ignore
}
}
});
}
return result;
}
}

6
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitClientSession.java

@ -46,6 +46,7 @@ import static java.text.MessageFormat.format;
import java.io.IOException; import java.io.IOException;
import java.net.SocketAddress; import java.net.SocketAddress;
import java.security.GeneralSecurityException;
import java.security.PublicKey; import java.security.PublicKey;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Iterator; import java.util.Iterator;
@ -173,7 +174,8 @@ public class JGitClientSession extends ClientSessionImpl {
} }
@Override @Override
protected byte[] sendKexInit() throws IOException { protected byte[] sendKexInit()
throws IOException, GeneralSecurityException {
StatefulProxyConnector proxy = proxyHandler; StatefulProxyConnector proxy = proxyHandler;
if (proxy != null) { if (proxy != null) {
try { try {
@ -187,7 +189,7 @@ public class JGitClientSession extends ClientSessionImpl {
// This is called only from the ClientSessionImpl // This is called only from the ClientSessionImpl
// constructor, where the return value is ignored. // constructor, where the return value is ignored.
return null; return null;
} catch (IOException e) { } catch (IOException | GeneralSecurityException e) {
throw e; throw e;
} catch (Exception other) { } catch (Exception other) {
throw new IOException(other.getLocalizedMessage(), other); throw new IOException(other.getLocalizedMessage(), other);

17
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitHostConfigEntry.java

@ -53,28 +53,11 @@ import org.eclipse.jgit.annotations.NonNull;
* A {@link HostConfigEntry} that provides access to the multi-valued keys as * A {@link HostConfigEntry} that provides access to the multi-valued keys as
* lists of strings. The super class treats them as single strings containing * lists of strings. The super class treats them as single strings containing
* comma-separated lists. * comma-separated lists.
*
*/ */
public class JGitHostConfigEntry extends HostConfigEntry { public class JGitHostConfigEntry extends HostConfigEntry {
private Map<String, List<String>> multiValuedOptions; private Map<String, List<String>> multiValuedOptions;
@Override
public String getProperty(String name, String defaultValue) {
// Upstream bug fix (SSHD-867): if there are _no_ properties at all, the
// super implementation returns always null even if a default value is
// given.
//
// See https://issues.apache.org/jira/projects/SSHD/issues/SSHD-867
//
// TODO: remove this override once we're based on sshd > 2.1.0
Map<String, String> properties = getProperties();
if (properties == null || properties.isEmpty()) {
return defaultValue;
}
return super.getProperty(name, defaultValue);
}
/** /**
* Sets the multi-valued options. * Sets the multi-valued options.
* *

83
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPublicKeyAuthFactory.java

@ -1,83 +0,0 @@
/*
* Copyright (C) 2018, Thomas Wolf <thomas.wolf@paranor.ch>
* and other copyright owners as documented in the project's IP log.
*
* This program and the accompanying materials are made available
* under the terms of the Eclipse Distribution License v1.0 which
* accompanies this distribution, is reproduced below, and is
* available at http://www.eclipse.org/org/documents/edl-v10.php
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or
* without modification, are permitted provided that the following
* conditions are met:
*
* - Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* - Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* - Neither the name of the Eclipse Foundation, Inc. nor the
* names of its contributors may be used to endorse or promote
* products derived from this software without specific prior
* written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package org.eclipse.jgit.internal.transport.sshd;
import java.util.List;
import org.apache.sshd.client.auth.AbstractUserAuthFactory;
import org.apache.sshd.client.auth.UserAuth;
import org.apache.sshd.client.auth.pubkey.UserAuthPublicKeyFactory;
import org.apache.sshd.common.NamedFactory;
import org.apache.sshd.common.signature.Signature;
import org.apache.sshd.common.signature.SignatureFactoriesManager;
/**
* A customized authentication factory for public key user authentication. The
* default implementation {@link UserAuthPublicKeyFactory} ends up doing some
* crazy stream "magic" that loads too many keys too early.
*/
public class JGitPublicKeyAuthFactory extends AbstractUserAuthFactory
implements SignatureFactoriesManager {
/** The singleton {@link JGitPublicKeyAuthFactory}. */
public static final JGitPublicKeyAuthFactory INSTANCE = new JGitPublicKeyAuthFactory();
private JGitPublicKeyAuthFactory() {
super(UserAuthPublicKeyFactory.NAME);
}
@Override
public UserAuth create() {
return new JGitPublicKeyAuthentication(getSignatureFactories());
}
@Override
public List<NamedFactory<Signature>> getSignatureFactories() {
return null;
}
@Override
public void setSignatureFactories(List<NamedFactory<Signature>> factories) {
throw new UnsupportedOperationException();
}
}

103
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPublicKeyAuthentication.java

@ -1,103 +0,0 @@
/*
* Copyright (C) 2018, Thomas Wolf <thomas.wolf@paranor.ch>
* and other copyright owners as documented in the project's IP log.
*
* This program and the accompanying materials are made available
* under the terms of the Eclipse Distribution License v1.0 which
* accompanies this distribution, is reproduced below, and is
* available at http://www.eclipse.org/org/documents/edl-v10.php
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or
* without modification, are permitted provided that the following
* conditions are met:
*
* - Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* - Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* - Neither the name of the Eclipse Foundation, Inc. nor the
* names of its contributors may be used to endorse or promote
* products derived from this software without specific prior
* written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package org.eclipse.jgit.internal.transport.sshd;
import java.util.List;
import org.apache.sshd.client.auth.pubkey.UserAuthPublicKey;
import org.apache.sshd.client.session.ClientSession;
import org.apache.sshd.common.NamedFactory;
import org.apache.sshd.common.signature.Signature;
/**
* A specialized public key authentication handler that uses our own
* {@link JGitPublicKeyIterator}. The super class creates in
* {@link #init(ClientSession, String)} a
* {@link org.apache.sshd.client.auth.pubkey.UserAuthPublicKeyIterator}, which
* in its constructor does some strange {@link java.util.stream.Stream} "magic"
* that ends up loading keys prematurely.
*/
public class JGitPublicKeyAuthentication extends UserAuthPublicKey {
private ClientSession clientSession;
private String serviceName;
/**
* Creates a new {@link JGitPublicKeyAuthentication}.
*
* @param factories
* signature factories to use
*/
public JGitPublicKeyAuthentication(
List<NamedFactory<Signature>> factories) {
super(factories);
}
@Override
public void init(ClientSession session, String service) throws Exception {
// Do *not* call super.init(); it'll create a UserAuthPublicKeyIterator
// and that's where things then go wrong. Instead, do the whole
// initialization directly here.
clientSession = session;
serviceName = service;
releaseKeys();
// Use our own iterator!
keys = new JGitPublicKeyIterator(session, this);
}
@Override
public ClientSession getClientSession() {
return clientSession;
}
@Override
public ClientSession getSession() {
return clientSession;
}
@Override
public String getService() {
return serviceName;
}
}

275
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPublicKeyIterator.java

@ -1,275 +0,0 @@
/*
* Copyright (C) 2018, Thomas Wolf <thomas.wolf@paranor.ch>
* and other copyright owners as documented in the project's IP log.
*
* This program and the accompanying materials are made available
* under the terms of the Eclipse Distribution License v1.0 which
* accompanies this distribution, is reproduced below, and is
* available at http://www.eclipse.org/org/documents/edl-v10.php
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or
* without modification, are permitted provided that the following
* conditions are met:
*
* - Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* - Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* - Neither the name of the Eclipse Foundation, Inc. nor the
* names of its contributors may be used to endorse or promote
* products derived from this software without specific prior
* written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package org.eclipse.jgit.internal.transport.sshd;
import java.io.IOException;
import java.nio.channels.Channel;
import java.security.KeyPair;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.concurrent.atomic.AtomicBoolean;
import org.apache.sshd.agent.SshAgent;
import org.apache.sshd.agent.SshAgentFactory;
import org.apache.sshd.client.auth.pubkey.AbstractKeyPairIterator;
import org.apache.sshd.client.auth.pubkey.KeyAgentIdentity;
import org.apache.sshd.client.auth.pubkey.KeyPairIdentity;
import org.apache.sshd.client.auth.pubkey.PublicKeyIdentity;
import org.apache.sshd.client.config.hosts.HostConfigEntry;
import org.apache.sshd.client.session.ClientSession;
import org.apache.sshd.common.FactoryManager;
import org.apache.sshd.common.keyprovider.KeyIdentityProvider;
import org.apache.sshd.common.signature.SignatureFactoriesManager;
/**
* A new iterator over key pairs that we use instead of the default
* {@link org.apache.sshd.client.auth.pubkey.UserAuthPublicKeyIterator}, which
* in its constructor does some strange {@link java.util.stream.Stream} "magic"
* that ends up loading keys prematurely. This class uses plain
* {@link Iterator}s instead to avoid that problem. Used in
* {@link JGitPublicKeyAuthentication}.
*
* @see <a href=
* "https://issues.apache.org/jira/projects/SSHD/issues/SSHD-860">Upstream
* issue SSHD-860</a>
*/
public class JGitPublicKeyIterator
extends AbstractKeyPairIterator<PublicKeyIdentity> implements Channel {
// Re: the cause for the problem mentioned above has not been determined.
// It looks as if either the Apache code inadvertently calls
// GenericUtils.isEmpty() on all streams (which would load the first key
// of each stream), or the Java stream implementation does some prefetching.
// It's not entirely clear. Using Iterators we have more control over
// what happens when.
private final AtomicBoolean open = new AtomicBoolean(true);
private SshAgent agent;
private final List<Iterator<PublicKeyIdentity>> keys = new ArrayList<>(3);
private final Iterator<Iterator<PublicKeyIdentity>> keyIter;
private Iterator<PublicKeyIdentity> current;
private Boolean hasElement;
/**
* Creates a new {@link JGitPublicKeyIterator}.
*
* @param session
* we're trying to authenticate
* @param signatureFactories
* to use
* @throws Exception
* if an {@link SshAgentFactory} is configured and getting
* identities from the agent fails
*/
public JGitPublicKeyIterator(ClientSession session,
SignatureFactoriesManager signatureFactories) throws Exception {
super(session);
boolean useAgent = true;
if (session instanceof JGitClientSession) {
HostConfigEntry config = ((JGitClientSession) session)
.getHostConfigEntry();
useAgent = !config.isIdentitiesOnly();
}
if (useAgent) {
FactoryManager manager = session.getFactoryManager();
SshAgentFactory factory = manager == null ? null
: manager.getAgentFactory();
if (factory != null) {
try {
agent = factory.createClient(manager);
keys.add(new AgentIdentityIterator(agent));
} catch (IOException e) {
try {
closeAgent();
} catch (IOException err) {
e.addSuppressed(err);
}
throw e;
}
}
}
keys.add(
new KeyPairIdentityIterator(session.getRegisteredIdentities(),
session, signatureFactories));
keys.add(new KeyPairIdentityIterator(session.getKeyPairProvider(),
session, signatureFactories));
keyIter = keys.iterator();
}
@Override
public boolean isOpen() {
return open.get();
}
@Override
public void close() throws IOException {
if (open.getAndSet(false)) {
closeAgent();
}
}
@Override
public boolean hasNext() {
if (!isOpen()) {
return false;
}
if (hasElement != null) {
return hasElement.booleanValue();
}
while (current == null || !current.hasNext()) {
if (keyIter.hasNext()) {
current = keyIter.next();
} else {
current = null;
hasElement = Boolean.FALSE;
return false;
}
}
hasElement = Boolean.TRUE;
return true;
}
@Override
public PublicKeyIdentity next() {
if (!isOpen() || hasElement == null && !hasNext()
|| !hasElement.booleanValue()) {
throw new NoSuchElementException();
}
hasElement = null;
PublicKeyIdentity result;
try {
result = current.next();
} catch (NoSuchElementException e) {
result = null;
}
return result;
}
private void closeAgent() throws IOException {
if (agent == null) {
return;
}
try {
agent.close();
} finally {
agent = null;
}
}
/**
* An {@link Iterator} that maps the data obtained from an agent to
* {@link PublicKeyIdentity}.
*/
private static class AgentIdentityIterator
implements Iterator<PublicKeyIdentity> {
private final SshAgent agent;
private final Iterator<? extends Map.Entry<PublicKey, String>> iter;
public AgentIdentityIterator(SshAgent agent) throws IOException {
this.agent = agent;
iter = agent == null ? null : agent.getIdentities().iterator();
}
@Override
public boolean hasNext() {
return iter != null && iter.hasNext();
}
@Override
public PublicKeyIdentity next() {
if (iter == null) {
throw new NoSuchElementException();
}
Map.Entry<PublicKey, String> entry = iter.next();
return new KeyAgentIdentity(agent, entry.getKey(),
entry.getValue());
}
}
/**
* An {@link Iterator} that maps {@link KeyPair} to
* {@link PublicKeyIdentity}.
*/
private static class KeyPairIdentityIterator
implements Iterator<PublicKeyIdentity> {
private final Iterator<KeyPair> keyPairs;
private final ClientSession session;
private final SignatureFactoriesManager signatureFactories;
public KeyPairIdentityIterator(KeyIdentityProvider provider,
ClientSession session,
SignatureFactoriesManager signatureFactories) {
this.session = session;
this.signatureFactories = signatureFactories;
keyPairs = provider == null ? null : provider.loadKeys().iterator();
}
@Override
public boolean hasNext() {
return keyPairs != null && keyPairs.hasNext();
}
@Override
public PublicKeyIdentity next() {
if (keyPairs == null) {
throw new NoSuchElementException();
}
KeyPair key = keyPairs.next();
return new KeyPairIdentity(signatureFactories, session, key);
}
}
}

57
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshClient.java

@ -48,10 +48,12 @@ import static org.eclipse.jgit.internal.transport.ssh.OpenSshConfigFile.positive
import java.io.IOException; import java.io.IOException;
import java.net.InetSocketAddress; import java.net.InetSocketAddress;
import java.net.Proxy; import java.net.Proxy;
import java.net.SocketAddress;
import java.nio.file.Files; import java.nio.file.Files;
import java.nio.file.InvalidPathException; import java.nio.file.InvalidPathException;
import java.nio.file.Path; import java.nio.file.Path;
import java.nio.file.Paths; import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyPair; import java.security.KeyPair;
import java.util.Arrays; import java.util.Arrays;
import java.util.Iterator; import java.util.Iterator;
@ -66,12 +68,14 @@ import org.apache.sshd.client.future.ConnectFuture;
import org.apache.sshd.client.future.DefaultConnectFuture; import org.apache.sshd.client.future.DefaultConnectFuture;
import org.apache.sshd.client.session.ClientSessionImpl; import org.apache.sshd.client.session.ClientSessionImpl;
import org.apache.sshd.client.session.SessionFactory; import org.apache.sshd.client.session.SessionFactory;
import org.apache.sshd.common.AttributeRepository;
import org.apache.sshd.common.config.keys.FilePasswordProvider; import org.apache.sshd.common.config.keys.FilePasswordProvider;
import org.apache.sshd.common.future.SshFutureListener; import org.apache.sshd.common.future.SshFutureListener;
import org.apache.sshd.common.io.IoConnectFuture; import org.apache.sshd.common.io.IoConnectFuture;
import org.apache.sshd.common.io.IoSession; import org.apache.sshd.common.io.IoSession;
import org.apache.sshd.common.keyprovider.AbstractResourceKeyPairProvider; import org.apache.sshd.common.keyprovider.AbstractResourceKeyPairProvider;
import org.apache.sshd.common.keyprovider.KeyPairProvider; import org.apache.sshd.common.keyprovider.KeyIdentityProvider;
import org.apache.sshd.common.session.SessionContext;
import org.apache.sshd.common.session.helpers.AbstractSession; import org.apache.sshd.common.session.helpers.AbstractSession;
import org.apache.sshd.common.util.ValidateUtils; import org.apache.sshd.common.util.ValidateUtils;
import org.eclipse.jgit.internal.transport.sshd.proxy.HttpClientConnector; import org.eclipse.jgit.internal.transport.sshd.proxy.HttpClientConnector;
@ -117,7 +121,8 @@ public class JGitSshClient extends SshClient {
} }
@Override @Override
public ConnectFuture connect(HostConfigEntry hostConfig) public ConnectFuture connect(HostConfigEntry hostConfig,
AttributeRepository context, SocketAddress localAddress)
throws IOException { throws IOException {
if (connector == null) { if (connector == null) {
throw new IllegalStateException("SshClient not started."); //$NON-NLS-1$ throw new IllegalStateException("SshClient not started."); //$NON-NLS-1$
@ -149,7 +154,7 @@ public class JGitSshClient extends SshClient {
address = configureProxy(proxy, address); address = configureProxy(proxy, address);
proxy.clearPassword(); proxy.clearPassword();
} }
connector.connect(address).addListener(listener); connector.connect(address, this, localAddress).addListener(listener);
return connectFuture; return connectFuture;
} }
@ -263,16 +268,16 @@ public class JGitSshClient extends SshClient {
identities, keyCache); identities, keyCache);
ourConfiguredKeysProvider.setPasswordFinder(passwordProvider); ourConfiguredKeysProvider.setPasswordFinder(passwordProvider);
if (hostConfig.isIdentitiesOnly()) { if (hostConfig.isIdentitiesOnly()) {
session.setKeyPairProvider(ourConfiguredKeysProvider); session.setKeyIdentityProvider(ourConfiguredKeysProvider);
} else { } else {
KeyPairProvider defaultKeysProvider = getKeyPairProvider(); KeyIdentityProvider defaultKeysProvider = getKeyIdentityProvider();
if (defaultKeysProvider instanceof AbstractResourceKeyPairProvider<?>) { if (defaultKeysProvider instanceof AbstractResourceKeyPairProvider<?>) {
((AbstractResourceKeyPairProvider<?>) defaultKeysProvider) ((AbstractResourceKeyPairProvider<?>) defaultKeysProvider)
.setPasswordFinder(passwordProvider); .setPasswordFinder(passwordProvider);
} }
KeyPairProvider combinedProvider = new CombinedKeyPairProvider( KeyIdentityProvider combinedProvider = new CombinedKeyIdentityProvider(
ourConfiguredKeysProvider, defaultKeysProvider); ourConfiguredKeysProvider, defaultKeysProvider);
session.setKeyPairProvider(combinedProvider); session.setKeyIdentityProvider(combinedProvider);
} }
return session; return session;
} }
@ -363,39 +368,30 @@ public class JGitSshClient extends SshClient {
} }
/** /**
* A {@link KeyPairProvider} that iterates over the {@link Iterable}s * A {@link KeyIdentityProvider} that iterates over the {@link Iterable}s
* returned by other {@link KeyPairProvider}s. * returned by other {@link KeyIdentityProvider}s.
*/ */
private static class CombinedKeyPairProvider implements KeyPairProvider { private static class CombinedKeyIdentityProvider
implements KeyIdentityProvider {
private final List<KeyPairProvider> providers; private final List<KeyIdentityProvider> providers;
public CombinedKeyPairProvider(KeyPairProvider... providers) { public CombinedKeyIdentityProvider(KeyIdentityProvider... providers) {
this(Arrays.stream(providers).filter(Objects::nonNull) this(Arrays.stream(providers).filter(Objects::nonNull)
.collect(Collectors.toList())); .collect(Collectors.toList()));
} }
public CombinedKeyPairProvider(List<KeyPairProvider> providers) { public CombinedKeyIdentityProvider(
List<KeyIdentityProvider> providers) {
this.providers = providers; this.providers = providers;
} }
@Override @Override
public Iterable<String> getKeyTypes() { public Iterable<KeyPair> loadKeys(SessionContext context) {
throw new UnsupportedOperationException(
"Should not have been called in a ssh client"); //$NON-NLS-1$
}
@Override
public KeyPair loadKey(String type) {
throw new UnsupportedOperationException(
"Should not have been called in a ssh client"); //$NON-NLS-1$
}
@Override
public Iterable<KeyPair> loadKeys() {
return () -> new Iterator<KeyPair>() { return () -> new Iterator<KeyPair>() {
private Iterator<KeyPairProvider> factories = providers.iterator(); private Iterator<KeyIdentityProvider> factories = providers
.iterator();
private Iterator<KeyPair> current; private Iterator<KeyPair> current;
private Boolean hasElement; private Boolean hasElement;
@ -407,7 +403,12 @@ public class JGitSshClient extends SshClient {
} }
while (current == null || !current.hasNext()) { while (current == null || !current.hasNext()) {
if (factories.hasNext()) { if (factories.hasNext()) {
current = factories.next().loadKeys().iterator(); try {
current = factories.next().loadKeys(context)
.iterator();
} catch (IOException | GeneralSecurityException e) {
throw new RuntimeException(e);
}
} else { } else {
current = null; current = null;
hasElement = Boolean.FALSE; hasElement = Boolean.FALSE;

5
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshConfig.java

@ -47,11 +47,13 @@ import static org.eclipse.jgit.internal.transport.ssh.OpenSshConfigFile.positive
import java.io.File; import java.io.File;
import java.io.IOException; import java.io.IOException;
import java.net.SocketAddress;
import java.util.Map; import java.util.Map;
import java.util.TreeMap; import java.util.TreeMap;
import org.apache.sshd.client.config.hosts.HostConfigEntry; import org.apache.sshd.client.config.hosts.HostConfigEntry;
import org.apache.sshd.client.config.hosts.HostConfigEntryResolver; import org.apache.sshd.client.config.hosts.HostConfigEntryResolver;
import org.apache.sshd.common.AttributeRepository;
import org.apache.sshd.common.util.net.SshdSocketAddress; import org.apache.sshd.common.util.net.SshdSocketAddress;
import org.eclipse.jgit.annotations.NonNull; import org.eclipse.jgit.annotations.NonNull;
import org.eclipse.jgit.internal.transport.ssh.OpenSshConfigFile; import org.eclipse.jgit.internal.transport.ssh.OpenSshConfigFile;
@ -101,7 +103,8 @@ public class JGitSshConfig implements HostConfigEntryResolver {
@Override @Override
public HostConfigEntry resolveEffectiveHost(String host, int port, public HostConfigEntry resolveEffectiveHost(String host, int port,
String username) throws IOException { SocketAddress localAddress, String username,
AttributeRepository attributes) throws IOException {
HostEntry entry = configFile.lookup(host, port, username); HostEntry entry = configFile.lookup(host, port, username);
JGitHostConfigEntry config = new JGitHostConfigEntry(); JGitHostConfigEntry config = new JGitHostConfigEntry();
// Apache MINA conflates all keys, even multi-valued ones, in one map // Apache MINA conflates all keys, even multi-valued ones, in one map

2
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/OpenSshServerKeyVerifier.java

@ -672,7 +672,7 @@ public class OpenSshServerKeyVerifier
continue; continue;
} }
try { try {
PublicKey serverKey = keyPart.resolvePublicKey( PublicKey serverKey = keyPart.resolvePublicKey(null,
PublicKeyEntryResolver.IGNORING); PublicKeyEntryResolver.IGNORING);
if (serverKey == null) { if (serverKey == null) {
LOG.warn(format( LOG.warn(format(

20
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/PasswordProviderWrapper.java

@ -50,6 +50,8 @@ import java.util.Map;
import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicInteger; import java.util.concurrent.atomic.AtomicInteger;
import org.apache.sshd.common.NamedResource;
import org.apache.sshd.common.session.SessionContext;
import org.eclipse.jgit.annotations.NonNull; import org.eclipse.jgit.annotations.NonNull;
import org.eclipse.jgit.transport.CredentialsProvider; import org.eclipse.jgit.transport.CredentialsProvider;
import org.eclipse.jgit.transport.URIish; import org.eclipse.jgit.transport.URIish;
@ -83,10 +85,12 @@ public class PasswordProviderWrapper implements RepeatingFilePasswordProvider {
} }
@Override @Override
public String getPassword(String resourceKey) throws IOException { public String getPassword(SessionContext session, NamedResource resource,
int attemptIndex) throws IOException {
String key = resource.getName();
int attempt = counts int attempt = counts
.computeIfAbsent(resourceKey, k -> new AtomicInteger()).get(); .computeIfAbsent(key, k -> new AtomicInteger()).get();
char[] passphrase = delegate.getPassphrase(toUri(resourceKey), attempt); char[] passphrase = delegate.getPassphrase(toUri(key), attempt);
if (passphrase == null) { if (passphrase == null) {
return null; return null;
} }
@ -98,21 +102,23 @@ public class PasswordProviderWrapper implements RepeatingFilePasswordProvider {
} }
@Override @Override
public ResourceDecodeResult handleDecodeAttemptResult(String resourceKey, public ResourceDecodeResult handleDecodeAttemptResult(
SessionContext session, NamedResource resource, int retryIndex,
String password, Exception err) String password, Exception err)
throws IOException, GeneralSecurityException { throws IOException, GeneralSecurityException {
AtomicInteger count = counts.get(resourceKey); String key = resource.getName();
AtomicInteger count = counts.get(key);
int numberOfAttempts = count == null ? 0 : count.incrementAndGet(); int numberOfAttempts = count == null ? 0 : count.incrementAndGet();
ResourceDecodeResult result = null; ResourceDecodeResult result = null;
try { try {
if (delegate.keyLoaded(toUri(resourceKey), numberOfAttempts, err)) { if (delegate.keyLoaded(toUri(key), numberOfAttempts, err)) {
result = ResourceDecodeResult.RETRY; result = ResourceDecodeResult.RETRY;
} else { } else {
result = ResourceDecodeResult.TERMINATE; result = ResourceDecodeResult.TERMINATE;
} }
} finally { } finally {
if (result != ResourceDecodeResult.RETRY) { if (result != ResourceDecodeResult.RETRY) {
counts.remove(resourceKey); counts.remove(key);
} }
} }
return result; return result;

41
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/RepeatingFilePasswordProvider.java

@ -42,9 +42,6 @@
*/ */
package org.eclipse.jgit.internal.transport.sshd; package org.eclipse.jgit.internal.transport.sshd;
import java.io.IOException;
import java.security.GeneralSecurityException;
import org.apache.sshd.common.config.keys.FilePasswordProvider; import org.apache.sshd.common.config.keys.FilePasswordProvider;
/** /**
@ -74,42 +71,4 @@ public interface RepeatingFilePasswordProvider extends FilePasswordProvider {
return 1; return 1;
} }
// The following part of this interface is from the upstream resolution of
// SSHD-850. See https://github.com/apache/mina-sshd/commit/f19bd2e34 .
// TODO: remove this once we move to sshd > 2.1.0
/**
* Result value of
* {@link RepeatingFilePasswordProvider#handleDecodeAttemptResult(String, String, Exception)}.
*/
public enum ResourceDecodeResult {
/** Re-throw the decoding exception. */
TERMINATE,
/** Retry the decoding process - including password prompt. */
RETRY,
/** Skip attempt and see if we can proceed without the key. */
IGNORE;
}
/**
* Invoked to inform the password provider about the decoding result.
* <b>Note:</b> any exception thrown from this method (including if called
* to inform about success) will be propagated instead of the original (if
* any was reported)
*
* @param resourceKey
* The resource key representing the <U>private</U> file
* @param password
* The password that was attempted
* @param err
* The attempt result - {@code null} for success
* @return How to proceed in case of error - <u>ignored</u> if invoked in
* order to report success. <b>Note:</b> {@code null} is same as
* {@link ResourceDecodeResult#TERMINATE}.
* @throws IOException
* @throws GeneralSecurityException
*/
ResourceDecodeResult handleDecodeAttemptResult(String resourceKey,
String password, Exception err)
throws IOException, GeneralSecurityException;
} }

25
org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSessionFactory.java

@ -64,18 +64,18 @@ import org.apache.sshd.client.ClientBuilder;
import org.apache.sshd.client.SshClient; import org.apache.sshd.client.SshClient;
import org.apache.sshd.client.auth.UserAuth; import org.apache.sshd.client.auth.UserAuth;
import org.apache.sshd.client.auth.keyboard.UserAuthKeyboardInteractiveFactory; import org.apache.sshd.client.auth.keyboard.UserAuthKeyboardInteractiveFactory;
import org.apache.sshd.client.auth.pubkey.UserAuthPublicKeyFactory;
import org.apache.sshd.client.config.hosts.HostConfigEntryResolver; import org.apache.sshd.client.config.hosts.HostConfigEntryResolver;
import org.apache.sshd.client.keyverifier.ServerKeyVerifier; import org.apache.sshd.client.keyverifier.ServerKeyVerifier;
import org.apache.sshd.common.NamedFactory; import org.apache.sshd.common.NamedFactory;
import org.apache.sshd.common.compression.BuiltinCompressions; import org.apache.sshd.common.compression.BuiltinCompressions;
import org.apache.sshd.common.config.keys.FilePasswordProvider; import org.apache.sshd.common.config.keys.FilePasswordProvider;
import org.apache.sshd.common.keyprovider.KeyPairProvider; import org.apache.sshd.common.keyprovider.KeyIdentityProvider;
import org.eclipse.jgit.annotations.NonNull; import org.eclipse.jgit.annotations.NonNull;
import org.eclipse.jgit.errors.TransportException; import org.eclipse.jgit.errors.TransportException;
import org.eclipse.jgit.internal.transport.sshd.CachingKeyPairProvider; import org.eclipse.jgit.internal.transport.sshd.CachingKeyPairProvider;
import org.eclipse.jgit.internal.transport.sshd.GssApiWithMicAuthFactory; import org.eclipse.jgit.internal.transport.sshd.GssApiWithMicAuthFactory;
import org.eclipse.jgit.internal.transport.sshd.JGitPasswordAuthFactory; import org.eclipse.jgit.internal.transport.sshd.JGitPasswordAuthFactory;
import org.eclipse.jgit.internal.transport.sshd.JGitPublicKeyAuthFactory;
import org.eclipse.jgit.internal.transport.sshd.JGitSshClient; import org.eclipse.jgit.internal.transport.sshd.JGitSshClient;
import org.eclipse.jgit.internal.transport.sshd.JGitSshConfig; import org.eclipse.jgit.internal.transport.sshd.JGitSshConfig;
import org.eclipse.jgit.internal.transport.sshd.JGitUserInteraction; import org.eclipse.jgit.internal.transport.sshd.JGitUserInteraction;
@ -211,7 +211,7 @@ public class SshdSessionFactory extends SshSessionFactory implements Closeable {
} }
HostConfigEntryResolver configFile = getHostConfigEntryResolver( HostConfigEntryResolver configFile = getHostConfigEntryResolver(
home, sshDir); home, sshDir);
KeyPairProvider defaultKeysProvider = toKeyPairProvider( KeyIdentityProvider defaultKeysProvider = toKeyIdentityProvider(
getDefaultKeys(sshDir)); getDefaultKeys(sshDir));
KeyPasswordProvider passphrases = createKeyPasswordProvider( KeyPasswordProvider passphrases = createKeyPasswordProvider(
credentialsProvider); credentialsProvider);
@ -227,7 +227,7 @@ public class SshdSessionFactory extends SshSessionFactory implements Closeable {
client.setUserInteraction( client.setUserInteraction(
new JGitUserInteraction(credentialsProvider)); new JGitUserInteraction(credentialsProvider));
client.setUserAuthFactories(getUserAuthFactories()); client.setUserAuthFactories(getUserAuthFactories());
client.setKeyPairProvider(defaultKeysProvider); client.setKeyIdentityProvider(defaultKeysProvider);
// JGit-specific things: // JGit-specific things:
JGitSshClient jgitClient = (JGitSshClient) client; JGitSshClient jgitClient = (JGitSshClient) client;
jgitClient.setKeyCache(getKeyCache()); jgitClient.setKeyCache(getKeyCache());
@ -438,17 +438,18 @@ public class SshdSessionFactory extends SshSessionFactory implements Closeable {
/** /**
* Converts an {@link Iterable} of {link KeyPair}s into a * Converts an {@link Iterable} of {link KeyPair}s into a
* {@link KeyPairProvider}. * {@link KeyIdentityProvider}.
* *
* @param keys * @param keys
* to provide via the returned {@link KeyPairProvider} * to provide via the returned {@link KeyIdentityProvider}
* @return a {@link KeyPairProvider} that provides the given {@code keys} * @return a {@link KeyIdentityProvider} that provides the given
* {@code keys}
*/ */
private KeyPairProvider toKeyPairProvider(Iterable<KeyPair> keys) { private KeyIdentityProvider toKeyIdentityProvider(Iterable<KeyPair> keys) {
if (keys instanceof KeyPairProvider) { if (keys instanceof KeyIdentityProvider) {
return (KeyPairProvider) keys; return (KeyIdentityProvider) keys;
} }
return () -> keys; return (session) -> keys;
} }
/** /**
@ -522,7 +523,7 @@ public class SshdSessionFactory extends SshSessionFactory implements Closeable {
// Password auth doesn't have this problem. // Password auth doesn't have this problem.
return Collections.unmodifiableList( return Collections.unmodifiableList(
Arrays.asList(GssApiWithMicAuthFactory.INSTANCE, Arrays.asList(GssApiWithMicAuthFactory.INSTANCE,
JGitPublicKeyAuthFactory.INSTANCE, UserAuthPublicKeyFactory.INSTANCE,
JGitPasswordAuthFactory.INSTANCE, JGitPasswordAuthFactory.INSTANCE,
UserAuthKeyboardInteractiveFactory.INSTANCE)); UserAuthKeyboardInteractiveFactory.INSTANCE));
} }

2
org.eclipse.jgit.test/BUILD

@ -68,7 +68,7 @@ java_library(
deps = [ deps = [
"//lib:jsch", "//lib:jsch",
"//lib:junit", "//lib:junit",
"//lib:sshd-core", "//lib:sshd-osgi",
"//lib:sshd-sftp", "//lib:sshd-sftp",
"//org.eclipse.jgit:jgit", "//org.eclipse.jgit:jgit",
"//org.eclipse.jgit.junit:junit", "//org.eclipse.jgit.junit:junit",

2
org.eclipse.jgit.test/tests.bzl

@ -45,7 +45,7 @@ def tests(tests):
additional_deps = [ additional_deps = [
"//lib:jsch", "//lib:jsch",
"//lib:jzlib", "//lib:jzlib",
"//lib:sshd-core", "//lib:sshd-osgi",
"//lib:sshd-sftp", "//lib:sshd-sftp",
":sshd-helpers", ":sshd-helpers",
] ]

2
pom.xml

@ -183,7 +183,7 @@
<bundle-manifest>${project.build.directory}/META-INF/MANIFEST.MF</bundle-manifest> <bundle-manifest>${project.build.directory}/META-INF/MANIFEST.MF</bundle-manifest>
<jgit-last-release-version>5.3.0.201903130848-r</jgit-last-release-version> <jgit-last-release-version>5.3.0.201903130848-r</jgit-last-release-version>
<apache-sshd-version>2.0.0</apache-sshd-version> <apache-sshd-version>2.2.0</apache-sshd-version>
<jsch-version>0.1.55</jsch-version> <jsch-version>0.1.55</jsch-version>
<jzlib-version>1.1.1</jzlib-version> <jzlib-version>1.1.1</jzlib-version>
<javaewah-version>1.1.6</javaewah-version> <javaewah-version>1.1.6</javaewah-version>

Loading…
Cancel
Save