Repository: mina-sshd Updated Branches: refs/heads/master 76988ba83 -> 072215ea8
[SSHD-760] Unable to read PKCS8 key files Project: http://git-wip-us.apache.org/repos/asf/mina-sshd/repo Commit: http://git-wip-us.apache.org/repos/asf/mina-sshd/commit/072215ea Tree: http://git-wip-us.apache.org/repos/asf/mina-sshd/tree/072215ea Diff: http://git-wip-us.apache.org/repos/asf/mina-sshd/diff/072215ea Branch: refs/heads/master Commit: 072215ea8981ccb66723a2a876633d96190adf8d Parents: 76988ba Author: Guillaume Nodet <gno...@apache.org> Authored: Wed Aug 2 14:57:16 2017 +0200 Committer: Guillaume Nodet <gno...@apache.org> Committed: Wed Aug 2 14:57:23 2017 +0200 ---------------------------------------------------------------------- pom.xml | 5 ++ sshd-core/pom.xml | 5 ++ .../pem/PKCS8PEMResourceKeyPairParser.java | 6 +-- .../pem/PemKeyPairResourceParserTest.java | 57 ++++++++++++++++++++ 4 files changed, 70 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/072215ea/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index ad4f298..296914d 100644 --- a/pom.xml +++ b/pom.xml @@ -385,6 +385,11 @@ <artifactId>org.eclipse.jgit.pgm</artifactId> <version>${jgit.version}</version> </dependency> + <dependency> + <groupId>org.apache.servicemix.bundles</groupId> + <artifactId>org.apache.servicemix.bundles.not-yet-commons-ssl</artifactId> + <version>0.3.11_1</version> + </dependency> </dependencies> </dependencyManagement> http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/072215ea/sshd-core/pom.xml ---------------------------------------------------------------------- diff --git a/sshd-core/pom.xml b/sshd-core/pom.xml index 8174dd0..a27b588 100644 --- a/sshd-core/pom.xml +++ b/sshd-core/pom.xml @@ -117,6 +117,11 @@ <artifactId>ganymed-ssh2</artifactId> <scope>test</scope> </dependency> + <dependency> + <groupId>org.apache.servicemix.bundles</groupId> + <artifactId>org.apache.servicemix.bundles.not-yet-commons-ssl</artifactId> + <scope>test</scope> + </dependency> </dependencies> <build> http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/072215ea/sshd-core/src/main/java/org/apache/sshd/common/config/keys/loader/pem/PKCS8PEMResourceKeyPairParser.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/main/java/org/apache/sshd/common/config/keys/loader/pem/PKCS8PEMResourceKeyPairParser.java b/sshd-core/src/main/java/org/apache/sshd/common/config/keys/loader/pem/PKCS8PEMResourceKeyPairParser.java index a8b3075..cc28967 100644 --- a/sshd-core/src/main/java/org/apache/sshd/common/config/keys/loader/pem/PKCS8PEMResourceKeyPairParser.java +++ b/sshd-core/src/main/java/org/apache/sshd/common/config/keys/loader/pem/PKCS8PEMResourceKeyPairParser.java @@ -70,7 +70,7 @@ public class PKCS8PEMResourceKeyPairParser extends AbstractPEMResourceKeyPairPar throws IOException, GeneralSecurityException { // Save the data before getting the algorithm OID since we will need it byte[] encBytes = IoUtils.toByteArray(stream); - List<Integer> oidAlgorithm = getPKCS8AlgorithmIdentifier(stream, false); + List<Integer> oidAlgorithm = getPKCS8AlgorithmIdentifier(encBytes); PrivateKey prvKey = decodePEMPrivateKeyPKCS8(oidAlgorithm, encBytes, passwordProvider); PublicKey pubKey = ValidateUtils.checkNotNull(KeyUtils.recoverPublicKey(prvKey), "Failed to recover public key of OID=%s", oidAlgorithm); @@ -101,8 +101,8 @@ public class PKCS8PEMResourceKeyPairParser extends AbstractPEMResourceKeyPairPar return factory.generatePrivate(keySpec); } - public static List<Integer> getPKCS8AlgorithmIdentifier(InputStream input, boolean okToClose) throws IOException { - try (DERParser parser = new DERParser(NoCloseInputStream.resolveInputStream(input, okToClose))) { + public static List<Integer> getPKCS8AlgorithmIdentifier(byte[] input) throws IOException { + try (DERParser parser = new DERParser(input)) { return getPKCS8AlgorithmIdentifier(parser); } } http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/072215ea/sshd-core/src/test/java/org/apache/sshd/common/config/keys/loader/pem/PemKeyPairResourceParserTest.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/test/java/org/apache/sshd/common/config/keys/loader/pem/PemKeyPairResourceParserTest.java b/sshd-core/src/test/java/org/apache/sshd/common/config/keys/loader/pem/PemKeyPairResourceParserTest.java new file mode 100644 index 0000000..3cf60e0 --- /dev/null +++ b/sshd-core/src/test/java/org/apache/sshd/common/config/keys/loader/pem/PemKeyPairResourceParserTest.java @@ -0,0 +1,57 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.sshd.common.config.keys.loader.pem; + +import org.apache.commons.ssl.PEMItem; +import org.apache.commons.ssl.PEMUtil; +import org.apache.sshd.common.util.security.SecurityUtils; +import org.junit.Test; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.util.ArrayList; +import java.util.Collection; + +import static org.junit.Assert.assertEquals; + +public class PemKeyPairResourceParserTest { + + @Test + public void testPkcs8() throws Exception { + String algorithm = "RSA"; + int keySize = 512; + KeyPairGenerator generator = SecurityUtils.getKeyPairGenerator(algorithm); + generator.initialize(keySize); + KeyPair kp = generator.generateKeyPair(); + + ByteArrayOutputStream os = new ByteArrayOutputStream(); + Collection<Object> items = new ArrayList<>(); + items.add(new PEMItem(kp.getPrivate().getEncoded(), "PRIVATE KEY")); + byte[] bytes = PEMUtil.encode(items); + os.write(bytes); + os.close(); + + KeyPair kp2 = SecurityUtils.loadKeyPairIdentity("the-key", new ByteArrayInputStream(os.toByteArray()), null); + + assertEquals(kp.getPublic(), kp2.getPublic()); + assertEquals(kp.getPrivate(), kp2.getPrivate()); + } +}