This is an automated email from the ASF dual-hosted git repository. heneveld pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/brooklyn-server.git
commit 3df6de36136ca8a69e4cd9666aa87e6bf9a4a306 Author: Alex Heneveld <[email protected]> AuthorDate: Wed Nov 10 22:11:31 2021 +0000 wrap sshj+eddsa so curve is usable, and set it to fail if bouncycastle isn't available --- .../brooklyn/util/core/internal/ssh/sshj/SshjTool.java | 8 ++++++++ karaf/features/src/main/feature/feature.xml | 15 ++++++++++----- 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/core/src/main/java/org/apache/brooklyn/util/core/internal/ssh/sshj/SshjTool.java b/core/src/main/java/org/apache/brooklyn/util/core/internal/ssh/sshj/SshjTool.java index 385513e..1626c18 100644 --- a/core/src/main/java/org/apache/brooklyn/util/core/internal/ssh/sshj/SshjTool.java +++ b/core/src/main/java/org/apache/brooklyn/util/core/internal/ssh/sshj/SshjTool.java @@ -38,6 +38,7 @@ import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeoutException; import java.util.concurrent.atomic.AtomicReference; +import net.schmizz.sshj.common.SecurityUtils; import org.apache.brooklyn.core.BrooklynFeatureEnablement; import org.apache.brooklyn.util.core.internal.ssh.BackoffLimitedRetryHandler; import org.apache.brooklyn.util.core.internal.ssh.ShellTool; @@ -102,6 +103,13 @@ public class SshjTool extends SshAbstractTool implements SshTool { private static final Logger LOG = LoggerFactory.getLogger(SshjTool.class); + static { + // this gives better error messages from sshj if it can't find bouncy castle; + // this can happen in osgi fairly easily, and when it does it can be obscure to debug, + // because it looks like ssh is just failing + SecurityUtils.setRegisterBouncyCastle(true); + } + protected final int sshTries; protected final long sshTriesTimeout; protected final BackoffLimitedRetryHandler backoffLimitedRetryHandler; diff --git a/karaf/features/src/main/feature/feature.xml b/karaf/features/src/main/feature/feature.xml index 9dfe5ca..b90d7ad 100644 --- a/karaf/features/src/main/feature/feature.xml +++ b/karaf/features/src/main/feature/feature.xml @@ -164,11 +164,18 @@ <bundle dependency="true">mvn:org.apache.geronimo.specs/geronimo-ws-metadata_2.0_spec/${geronimo-ws-metadata_2.0_spec.version}</bundle> <bundle dependency="true">mvn:com.thoughtworks.xstream/xstream/${xstream.version}</bundle> <bundle dependency="true">mvn:org.freemarker/freemarker/${freemarker.version}</bundle> - <bundle dependency="true">mvn:com.hierynomus/sshj/${sshj.version}</bundle> - <bundle dependency="true">mvn:net.i2p.crypto/eddsa/${eddsa.version}</bundle><!-- from com.hierynomous/sshj --> - <bundle dependency="true">mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.jzlib/${jzlib.version}</bundle> + <bundle dependency="true">mvn:org.bouncycastle/bcprov-ext-jdk15on/${bouncycastle.version}</bundle> <bundle dependency="true">mvn:org.bouncycastle/bcpkix-jdk15on/${bouncycastle.version}</bundle> + <bundle dependency="true">mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.jzlib/${jzlib.version}</bundle> + <!-- wrapped to import and export eddsa.math subpackage which sshj seems to need to compare equality on the Curve class; + i can't tell what magic made this work in the past; sshj in Ed25519PublicKey does a `xxx.getCurve().equals(yyy.getCurve())`, + so doesn't need to import it, but with OSGi we get a NoClassDefFound if we don't export that package from eddsa then import it into sshj :( --> +<!-- <bundle dependency="true">mvn:net.i2p.crypto/eddsa/${eddsa.version}</bundle>--> +<!-- <bundle dependency="true">mvn:com.hierynomus/sshj/${sshj.version}</bundle>--> + <bundle dependency="true">wrap:mvn:net.i2p.crypto/eddsa/${eddsa.version}$overwrite=merge&Bundle-SymbolicName=net.i2p.crypto.eddsa_wrapped&Bundle-Version=${eddsa.version}&Export-Package=*;version="${eddsa.version}"</bundle> + <bundle dependency="true">wrap:mvn:com.hierynomus/sshj/${sshj.version}$overwrite=merge&Bundle-SymbolicName=com.hierynomus.sshj_wrapped&Bundle-Version=${sshj.version}&Import-Package=net.i2p.crypto.eddsa.math,javax.crypto,javax.crypto.interfaces,javax.crypto.spec,net.i2p.crypto.eddsa;version="[0.2,1)",net.i2p.crypto.eddsa.spec;version="[0.2,1)",com.jcraft.jzlib;version="[1.1,2)";resolution:=optional,org.slf4j;version="[1.7,5)",org.bouncycastle.asn1;resolution:=optional; [...] + <bundle dependency="true">mvn:commons-codec/commons-codec/${commons-codec.version}</bundle> <bundle dependency="true">mvn:org.apache.commons/commons-lang3/${commons-lang3.version}</bundle> <bundle dependency="true">mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.xpp3/${xpp3.servicemix.version}</bundle> <!-- from com.thoughtworks.xstream/xstream --> @@ -305,8 +312,6 @@ <bundle dependency='true'>mvn:com.google.guava/guava/${guava.version}</bundle> <bundle dependency='true'>mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.jsch/${jsch.bundle.version}</bundle> - <bundle dependency="true">mvn:net.i2p.crypto/eddsa/${eddsa.version}</bundle> - <bundle dependency="true">mvn:com.hierynomus/sshj/${sshj.version}</bundle> <!-- <bundle dependency='true'>mvn:org.apache.jclouds.karaf.bundles/jsch-agentproxy-jsch/${project.version}</bundle> --> <bundle dependency='true'>mvn:com.jcraft/jsch.agentproxy.core/${jsch.agentproxy.version}</bundle> <bundle dependency='true'>mvn:com.jcraft/jsch.agentproxy.connector-factory/${jsch.agentproxy.version}</bundle>
