[SSHD-862] Provide session context argument (if available) when PublicKeyEntryResolver#resolve method is invoked
Project: http://git-wip-us.apache.org/repos/asf/mina-sshd/repo Commit: http://git-wip-us.apache.org/repos/asf/mina-sshd/commit/3767115e Tree: http://git-wip-us.apache.org/repos/asf/mina-sshd/tree/3767115e Diff: http://git-wip-us.apache.org/repos/asf/mina-sshd/diff/3767115e Branch: refs/heads/master Commit: 3767115ed1b207cc103da202aeb78647ea6bd59e Parents: 193c932 Author: Lyor Goldstein <[email protected]> Authored: Wed Nov 21 07:32:38 2018 +0200 Committer: Lyor Goldstein <[email protected]> Committed: Thu Nov 22 07:05:16 2018 +0200 ---------------------------------------------------------------------- CHANGES.md | 2 ++ .../common/config/keys/AuthorizedKeyEntry.java | 8 +++--- .../sshd/common/config/keys/PublicKeyEntry.java | 22 +++++++++++------ .../config/keys/PublicKeyEntryDecoder.java | 26 +++++++++++++------- .../config/keys/PublicKeyEntryResolver.java | 10 +++++--- .../keys/impl/DSSPublicKeyEntryDecoder.java | 4 ++- .../keys/impl/ECDSAPublicKeyEntryDecoder.java | 4 ++- .../config/keys/impl/RSAPublicKeyDecoder.java | 4 ++- .../openssh/OpenSSHKeyPairResourceParser.java | 2 +- .../security/eddsa/Ed25519PublicKeyDecoder.java | 4 ++- .../KeyUtilsFingerprintCaseSensitivityTest.java | 3 ++- .../keys/KeyUtilsFingerprintGenerationTest.java | 3 ++- .../common/config/keys/PublicKeyEntryTest.java | 10 ++++---- .../OpenSSHKeyPairResourceParserTest.java | 2 +- .../util/security/eddsa/EDDSAProviderTest.java | 2 +- .../DefaultKnownHostsServerKeyVerifier.java | 6 +++-- .../KnownHostsServerKeyVerifier.java | 19 ++++++++------ .../auth/pubkey/PublickeyAuthenticator.java | 8 ++++-- .../keys/AuthorizedKeysAuthenticator.java | 2 +- .../KnownHostsServerKeyVerifierTest.java | 4 +-- .../config/keys/AuthorizedKeyEntryTest.java | 13 ++++++---- .../keys/AuthorizedKeysAuthenticatorTest.java | 2 +- .../DefaultAuthorizedKeysAuthenticatorTest.java | 7 ++++-- .../auth/pubkey/LdapPublickeyAuthenticator.java | 7 +++--- .../pubkey/LdapPublickeyAuthenticatorTest.java | 2 +- .../openpgp/PGPAuthorizedEntriesTracker.java | 6 ++--- .../openpgp/PGPUtilsKeyFingerprintTest.java | 7 ++++-- 27 files changed, 122 insertions(+), 67 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/3767115e/CHANGES.md ---------------------------------------------------------------------- diff --git a/CHANGES.md b/CHANGES.md index caffb47..4c49f02 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -75,6 +75,8 @@ to return an `Iterable<KeyPair>` instead of single `KeyPair` instance. and moved to `PublicKeyEntry` class. * Note that the parameters **order** has also been modified +* `PublicKeyEntryResolver` (and its derived classes) accept an extra `SessionContext` parameter. + ## Behavioral changes and enhancements * [SSHD-757](https://issues.apache.org/jira/browse/SSHD-757) - Added hooks and some initial code to allow (limited) usage http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/3767115e/sshd-common/src/main/java/org/apache/sshd/common/config/keys/AuthorizedKeyEntry.java ---------------------------------------------------------------------- diff --git a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/AuthorizedKeyEntry.java b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/AuthorizedKeyEntry.java index 3492f33..64f9663 100644 --- a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/AuthorizedKeyEntry.java +++ b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/AuthorizedKeyEntry.java @@ -40,6 +40,7 @@ import java.util.Map; import java.util.NavigableMap; import java.util.TreeMap; +import org.apache.sshd.common.session.SessionContext; import org.apache.sshd.common.util.GenericUtils; import org.apache.sshd.common.util.ValidateUtils; import org.apache.sshd.common.util.io.NoCloseInputStream; @@ -88,8 +89,9 @@ public class AuthorizedKeyEntry extends PublicKeyEntry { } @Override - public PublicKey appendPublicKey(Appendable sb, PublicKeyEntryResolver fallbackResolver) - throws IOException, GeneralSecurityException { + public PublicKey appendPublicKey( + SessionContext session, Appendable sb, PublicKeyEntryResolver fallbackResolver) + throws IOException, GeneralSecurityException { Map<String, String> options = getLoginOptions(); if (!GenericUtils.isEmpty(options)) { int index = 0; @@ -114,7 +116,7 @@ public class AuthorizedKeyEntry extends PublicKeyEntry { } } - PublicKey key = super.appendPublicKey(sb, fallbackResolver); + PublicKey key = super.appendPublicKey(session, sb, fallbackResolver); String kc = getComment(); if (!GenericUtils.isEmpty(kc)) { sb.append(' ').append(kc); http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/3767115e/sshd-common/src/main/java/org/apache/sshd/common/config/keys/PublicKeyEntry.java ---------------------------------------------------------------------- diff --git a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/PublicKeyEntry.java b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/PublicKeyEntry.java index ee64e5b..01e6f09 100644 --- a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/PublicKeyEntry.java +++ b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/PublicKeyEntry.java @@ -37,6 +37,7 @@ import java.util.Objects; import java.util.TreeMap; import org.apache.sshd.common.keyprovider.KeyTypeIndicator; +import org.apache.sshd.common.session.SessionContext; import org.apache.sshd.common.util.GenericUtils; import org.apache.sshd.common.util.NumberUtils; import org.apache.sshd.common.util.ValidateUtils; @@ -116,6 +117,8 @@ public class PublicKeyEntry implements Serializable, KeyTypeIndicator { } /** + * @param session The {@link SessionContext} for invoking this load command - may + * be {@code null} if not invoked within a session context (e.g., offline tool or session unknown). * @param fallbackResolver The {@link PublicKeyEntryResolver} to consult if * none of the built-in ones can be used. If {@code null} and no built-in * resolver can be used then an {@link InvalidKeySpecException} is thrown. @@ -125,7 +128,7 @@ public class PublicKeyEntry implements Serializable, KeyTypeIndicator { * @throws IOException If failed to decode the key * @throws GeneralSecurityException If failed to generate the key */ - public PublicKey resolvePublicKey(PublicKeyEntryResolver fallbackResolver) + public PublicKey resolvePublicKey(SessionContext session, PublicKeyEntryResolver fallbackResolver) throws IOException, GeneralSecurityException { String kt = getKeyType(); PublicKeyEntryResolver decoder = KeyUtils.getPublicKeyEntryDecoder(kt); @@ -136,10 +139,12 @@ public class PublicKeyEntry implements Serializable, KeyTypeIndicator { throw new InvalidKeySpecException("No decoder available for key type=" + kt); } - return decoder.resolve(kt, getKeyData()); + return decoder.resolve(session, kt, getKeyData()); } /** + * @param session The {@link SessionContext} for invoking this command - may + * be {@code null} if not invoked within a session context (e.g., offline tool or session unknown). * @param sb The {@link Appendable} instance to encode the data into * @param fallbackResolver The {@link PublicKeyEntryResolver} to consult if * none of the built-in ones can be used. If {@code null} and no built-in @@ -149,9 +154,10 @@ public class PublicKeyEntry implements Serializable, KeyTypeIndicator { * @throws GeneralSecurityException If failed to generate the key * @see #resolvePublicKey(PublicKeyEntryResolver) */ - public PublicKey appendPublicKey(Appendable sb, PublicKeyEntryResolver fallbackResolver) - throws IOException, GeneralSecurityException { - PublicKey key = resolvePublicKey(fallbackResolver); + public PublicKey appendPublicKey( + SessionContext session, Appendable sb, PublicKeyEntryResolver fallbackResolver) + throws IOException, GeneralSecurityException { + PublicKey key = resolvePublicKey(session, fallbackResolver); if (key != null) { appendPublicKeyEntry(sb, key, resolvePublicKeyEntryDataResolver()); } @@ -197,6 +203,8 @@ public class PublicKeyEntry implements Serializable, KeyTypeIndicator { } /** + * @param session The {@link SessionContext} for invoking this command - may + * be {@code null} if not invoked within a session context (e.g., offline tool or session unknown). * @param entries The entries to convert - ignored if {@code null}/empty * @param fallbackResolver The {@link PublicKeyEntryResolver} to consult if * none of the built-in ones can be used. If {@code null} and no built-in @@ -208,7 +216,7 @@ public class PublicKeyEntry implements Serializable, KeyTypeIndicator { * @see #resolvePublicKey(PublicKeyEntryResolver) */ public static List<PublicKey> resolvePublicKeyEntries( - Collection<? extends PublicKeyEntry> entries, PublicKeyEntryResolver fallbackResolver) + SessionContext session, Collection<? extends PublicKeyEntry> entries, PublicKeyEntryResolver fallbackResolver) throws IOException, GeneralSecurityException { int numEntries = GenericUtils.size(entries); if (numEntries <= 0) { @@ -217,7 +225,7 @@ public class PublicKeyEntry implements Serializable, KeyTypeIndicator { List<PublicKey> keys = new ArrayList<>(numEntries); for (PublicKeyEntry e : entries) { - PublicKey k = e.resolvePublicKey(fallbackResolver); + PublicKey k = e.resolvePublicKey(session, fallbackResolver); if (k != null) { keys.add(k); } http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/3767115e/sshd-common/src/main/java/org/apache/sshd/common/config/keys/PublicKeyEntryDecoder.java ---------------------------------------------------------------------- diff --git a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/PublicKeyEntryDecoder.java b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/PublicKeyEntryDecoder.java index 1d6b7aa..608e5a1 100644 --- a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/PublicKeyEntryDecoder.java +++ b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/PublicKeyEntryDecoder.java @@ -31,6 +31,7 @@ import java.security.spec.InvalidKeySpecException; import java.util.Collection; import org.apache.sshd.common.config.keys.loader.KeyPairResourceLoader; +import org.apache.sshd.common.session.SessionContext; import org.apache.sshd.common.util.GenericUtils; import org.apache.sshd.common.util.NumberUtils; import org.apache.sshd.common.util.ValidateUtils; @@ -46,17 +47,20 @@ public interface PublicKeyEntryDecoder<PUB extends PublicKey, PRV extends Privat extends KeyEntryResolver<PUB, PRV>, PublicKeyEntryResolver { @Override - default PublicKey resolve(String keyType, byte[] keyData) throws IOException, GeneralSecurityException { + default PublicKey resolve(SessionContext session, String keyType, byte[] keyData) + throws IOException, GeneralSecurityException { ValidateUtils.checkNotNullAndNotEmpty(keyType, "No key type provided"); Collection<String> supported = getSupportedTypeNames(); if ((GenericUtils.size(supported) > 0) && supported.contains(keyType)) { - return decodePublicKey(keyType, keyData); + return decodePublicKey(session, keyType, keyData); } throw new InvalidKeySpecException("resolve(" + keyType + ") not in listed supported types: " + supported); } /** + * @param session The {@link SessionContext} for invoking this command - may + * be {@code null} if not invoked within a session context (e.g., offline tool or session unknown). * @param keyType The {@code OpenSSH} reported key type * @param keyData The key data bytes in {@code OpenSSH} format (after BASE64 * decoding) - ignored if {@code null}/empty @@ -64,22 +68,23 @@ public interface PublicKeyEntryDecoder<PUB extends PublicKey, PRV extends Privat * @throws IOException If failed to decode the key * @throws GeneralSecurityException If failed to generate the key */ - default PUB decodePublicKey(String keyType, byte... keyData) throws IOException, GeneralSecurityException { - return decodePublicKey(keyType, keyData, 0, NumberUtils.length(keyData)); + default PUB decodePublicKey(SessionContext session, String keyType, byte... keyData) + throws IOException, GeneralSecurityException { + return decodePublicKey(session, keyType, keyData, 0, NumberUtils.length(keyData)); } - default PUB decodePublicKey(String keyType, byte[] keyData, int offset, int length) + default PUB decodePublicKey(SessionContext session, String keyType, byte[] keyData, int offset, int length) throws IOException, GeneralSecurityException { if (length <= 0) { return null; } try (InputStream stream = new ByteArrayInputStream(keyData, offset, length)) { - return decodePublicKeyByType(keyType, stream); + return decodePublicKeyByType(session, keyType, stream); } } - default PUB decodePublicKeyByType(String keyType, InputStream keyData) + default PUB decodePublicKeyByType(SessionContext session, String keyType, InputStream keyData) throws IOException, GeneralSecurityException { // the actual data is preceded by a string that repeats the key type String type = KeyEntryResolver.decodeString(keyData, KeyPairResourceLoader.MAX_KEY_TYPE_NAME_LENGTH); @@ -92,10 +97,12 @@ public interface PublicKeyEntryDecoder<PUB extends PublicKey, PRV extends Privat throw new InvalidKeySpecException("Reported key type (" + type + ") not in supported list: " + supported); } - return decodePublicKey(type, keyData); + return decodePublicKey(session, type, keyData); } /** + * @param session The {@link SessionContext} for invoking this command - may + * be {@code null} if not invoked within a session context (e.g., offline tool or session unknown). * @param keyType The reported / encode key type * @param keyData The key data bytes stream positioned after the key type decoding * and making sure it is one of the supported types @@ -103,7 +110,8 @@ public interface PublicKeyEntryDecoder<PUB extends PublicKey, PRV extends Privat * @throws IOException If failed to read from the data stream * @throws GeneralSecurityException If failed to generate the key */ - PUB decodePublicKey(String keyType, InputStream keyData) throws IOException, GeneralSecurityException; + PUB decodePublicKey(SessionContext session, String keyType, InputStream keyData) + throws IOException, GeneralSecurityException; /** * Encodes the {@link PublicKey} using the {@code OpenSSH} format - same http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/3767115e/sshd-common/src/main/java/org/apache/sshd/common/config/keys/PublicKeyEntryResolver.java ---------------------------------------------------------------------- diff --git a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/PublicKeyEntryResolver.java b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/PublicKeyEntryResolver.java index 3d3cc45..5875251 100644 --- a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/PublicKeyEntryResolver.java +++ b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/PublicKeyEntryResolver.java @@ -24,6 +24,8 @@ import java.security.GeneralSecurityException; import java.security.PublicKey; import java.security.spec.InvalidKeySpecException; +import org.apache.sshd.common.session.SessionContext; + /** * @author <a href="mailto:[email protected]";>Apache MINA SSHD Project</a> */ @@ -34,7 +36,7 @@ public interface PublicKeyEntryResolver { */ PublicKeyEntryResolver IGNORING = new PublicKeyEntryResolver() { @Override - public PublicKey resolve(String keyType, byte[] keyData) + public PublicKey resolve(SessionContext session, String keyType, byte[] keyData) throws IOException, GeneralSecurityException { return null; } @@ -50,7 +52,7 @@ public interface PublicKeyEntryResolver { */ PublicKeyEntryResolver FAILING = new PublicKeyEntryResolver() { @Override - public PublicKey resolve(String keyType, byte[] keyData) + public PublicKey resolve(SessionContext session, String keyType, byte[] keyData) throws IOException, GeneralSecurityException { throw new InvalidKeySpecException("Failing resolver on key type=" + keyType); } @@ -62,12 +64,14 @@ public interface PublicKeyEntryResolver { }; /** + * @param session The {@link SessionContext} for invoking this load command - may + * be {@code null} if not invoked within a session context (e.g., offline tool or session unknown). * @param keyType The {@code OpenSSH} reported key type * @param keyData The {@code OpenSSH} encoded key data * @return The extracted {@link PublicKey} - ignored if {@code null} * @throws IOException If failed to parse the key data * @throws GeneralSecurityException If failed to generate the key */ - PublicKey resolve(String keyType, byte[] keyData) + PublicKey resolve(SessionContext session, String keyType, byte[] keyData) throws IOException, GeneralSecurityException; } http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/3767115e/sshd-common/src/main/java/org/apache/sshd/common/config/keys/impl/DSSPublicKeyEntryDecoder.java ---------------------------------------------------------------------- diff --git a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/impl/DSSPublicKeyEntryDecoder.java b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/impl/DSSPublicKeyEntryDecoder.java index 464d2b0..d429224 100644 --- a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/impl/DSSPublicKeyEntryDecoder.java +++ b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/impl/DSSPublicKeyEntryDecoder.java @@ -39,6 +39,7 @@ import java.util.Objects; import org.apache.sshd.common.config.keys.KeyEntryResolver; import org.apache.sshd.common.config.keys.KeyUtils; import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.session.SessionContext; import org.apache.sshd.common.util.security.SecurityUtils; /** @@ -52,7 +53,8 @@ public class DSSPublicKeyEntryDecoder extends AbstractPublicKeyEntryDecoder<DSAP } @Override - public DSAPublicKey decodePublicKey(String keyType, InputStream keyData) throws IOException, GeneralSecurityException { + public DSAPublicKey decodePublicKey(SessionContext session, String keyType, InputStream keyData) + throws IOException, GeneralSecurityException { if (!KeyPairProvider.SSH_DSS.equals(keyType)) { // just in case we were invoked directly throw new InvalidKeySpecException("Unexpected key type: " + keyType); } http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/3767115e/sshd-common/src/main/java/org/apache/sshd/common/config/keys/impl/ECDSAPublicKeyEntryDecoder.java ---------------------------------------------------------------------- diff --git a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/impl/ECDSAPublicKeyEntryDecoder.java b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/impl/ECDSAPublicKeyEntryDecoder.java index 51c027c..24471ce 100644 --- a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/impl/ECDSAPublicKeyEntryDecoder.java +++ b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/impl/ECDSAPublicKeyEntryDecoder.java @@ -41,6 +41,7 @@ import org.apache.sshd.common.cipher.ECCurves; import org.apache.sshd.common.config.keys.IdentityResourceLoader; import org.apache.sshd.common.config.keys.KeyEntryResolver; import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.session.SessionContext; import org.apache.sshd.common.util.buffer.BufferUtils; import org.apache.sshd.common.util.security.SecurityUtils; @@ -63,7 +64,8 @@ public class ECDSAPublicKeyEntryDecoder extends AbstractPublicKeyEntryDecoder<EC } @Override - public ECPublicKey decodePublicKey(String keyType, InputStream keyData) throws IOException, GeneralSecurityException { + public ECPublicKey decodePublicKey(SessionContext session, String keyType, InputStream keyData) + throws IOException, GeneralSecurityException { ECCurves curve = ECCurves.fromKeyType(keyType); if (curve == null) { throw new InvalidKeySpecException("Not an EC curve name: " + keyType); http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/3767115e/sshd-common/src/main/java/org/apache/sshd/common/config/keys/impl/RSAPublicKeyDecoder.java ---------------------------------------------------------------------- diff --git a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/impl/RSAPublicKeyDecoder.java b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/impl/RSAPublicKeyDecoder.java index 4550815..52cabce 100644 --- a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/impl/RSAPublicKeyDecoder.java +++ b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/impl/RSAPublicKeyDecoder.java @@ -39,6 +39,7 @@ import java.util.Objects; import org.apache.sshd.common.config.keys.KeyEntryResolver; import org.apache.sshd.common.config.keys.KeyUtils; import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.session.SessionContext; import org.apache.sshd.common.util.security.SecurityUtils; /** @@ -52,7 +53,8 @@ public class RSAPublicKeyDecoder extends AbstractPublicKeyEntryDecoder<RSAPublic } @Override - public RSAPublicKey decodePublicKey(String keyType, InputStream keyData) throws IOException, GeneralSecurityException { + public RSAPublicKey decodePublicKey(SessionContext session, String keyType, InputStream keyData) + throws IOException, GeneralSecurityException { if (!KeyPairProvider.SSH_RSA.equals(keyType)) { // just in case we were invoked directly throw new InvalidKeySpecException("Unexpected key type: " + keyType); } http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/3767115e/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyPairResourceParser.java ---------------------------------------------------------------------- diff --git a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyPairResourceParser.java b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyPairResourceParser.java index 3c7871b..81fc014 100644 --- a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyPairResourceParser.java +++ b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyPairResourceParser.java @@ -166,7 +166,7 @@ public class OpenSSHKeyPairResourceParser extends AbstractKeyPairResourceParser throw new NoSuchAlgorithmException("Unsupported key type (" + keyType + ") in " + resourceKey); } - return decoder.decodePublicKey(keyType, bais); + return decoder.decodePublicKey(session, keyType, bais); } } http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/3767115e/sshd-common/src/main/java/org/apache/sshd/common/util/security/eddsa/Ed25519PublicKeyDecoder.java ---------------------------------------------------------------------- diff --git a/sshd-common/src/main/java/org/apache/sshd/common/util/security/eddsa/Ed25519PublicKeyDecoder.java b/sshd-common/src/main/java/org/apache/sshd/common/util/security/eddsa/Ed25519PublicKeyDecoder.java index c4f3b43..ad7d92e 100644 --- a/sshd-common/src/main/java/org/apache/sshd/common/util/security/eddsa/Ed25519PublicKeyDecoder.java +++ b/sshd-common/src/main/java/org/apache/sshd/common/util/security/eddsa/Ed25519PublicKeyDecoder.java @@ -30,6 +30,7 @@ import java.util.Objects; import org.apache.sshd.common.config.keys.KeyEntryResolver; import org.apache.sshd.common.config.keys.impl.AbstractPublicKeyEntryDecoder; import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.session.SessionContext; import org.apache.sshd.common.util.security.SecurityUtils; import net.i2p.crypto.eddsa.EdDSAPrivateKey; @@ -90,7 +91,8 @@ public final class Ed25519PublicKeyDecoder extends AbstractPublicKeyEntryDecoder } @Override - public EdDSAPublicKey decodePublicKey(String keyType, InputStream keyData) throws IOException, GeneralSecurityException { + public EdDSAPublicKey decodePublicKey(SessionContext session, String keyType, InputStream keyData) + throws IOException, GeneralSecurityException { byte[] seed = KeyEntryResolver.readRLEBytes(keyData, MAX_ALLOWED_SEED_LEN); return EdDSAPublicKey.class.cast(SecurityUtils.generateEDDSAPublicKey(keyType, seed)); } http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/3767115e/sshd-common/src/test/java/org/apache/sshd/common/config/keys/KeyUtilsFingerprintCaseSensitivityTest.java ---------------------------------------------------------------------- diff --git a/sshd-common/src/test/java/org/apache/sshd/common/config/keys/KeyUtilsFingerprintCaseSensitivityTest.java b/sshd-common/src/test/java/org/apache/sshd/common/config/keys/KeyUtilsFingerprintCaseSensitivityTest.java index ae0b86d..a11c32f 100644 --- a/sshd-common/src/test/java/org/apache/sshd/common/config/keys/KeyUtilsFingerprintCaseSensitivityTest.java +++ b/sshd-common/src/test/java/org/apache/sshd/common/config/keys/KeyUtilsFingerprintCaseSensitivityTest.java @@ -70,7 +70,8 @@ public class KeyUtilsFingerprintCaseSensitivityTest extends JUnitTestSupport { @BeforeClass public static void beforeClass() throws GeneralSecurityException, IOException { - key = PublicKeyEntry.parsePublicKeyEntry(KEY_STRING).resolvePublicKey(PublicKeyEntryResolver.FAILING); + PublicKeyEntry keyEntry = PublicKeyEntry.parsePublicKeyEntry(KEY_STRING); + key = keyEntry.resolvePublicKey(null, PublicKeyEntryResolver.FAILING); } @Parameters(name = "expected={0}, test={1}") http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/3767115e/sshd-common/src/test/java/org/apache/sshd/common/config/keys/KeyUtilsFingerprintGenerationTest.java ---------------------------------------------------------------------- diff --git a/sshd-common/src/test/java/org/apache/sshd/common/config/keys/KeyUtilsFingerprintGenerationTest.java b/sshd-common/src/test/java/org/apache/sshd/common/config/keys/KeyUtilsFingerprintGenerationTest.java index 9a8fb7a..968a405 100644 --- a/sshd-common/src/test/java/org/apache/sshd/common/config/keys/KeyUtilsFingerprintGenerationTest.java +++ b/sshd-common/src/test/java/org/apache/sshd/common/config/keys/KeyUtilsFingerprintGenerationTest.java @@ -118,7 +118,8 @@ public class KeyUtilsFingerprintGenerationTest extends JUnitTestSupport { for (Map.Entry<String, ? extends Collection<? extends Map.Entry<DigestFactory, String>>> kentry : keyEntries) { String keyValue = kentry.getKey(); try { - PublicKey key = PublicKeyEntry.parsePublicKeyEntry(keyValue).resolvePublicKey(PublicKeyEntryResolver.FAILING); + PublicKeyEntry keyEntry = PublicKeyEntry.parsePublicKeyEntry(keyValue); + PublicKey key = keyEntry.resolvePublicKey(null, PublicKeyEntryResolver.FAILING); for (Map.Entry<DigestFactory, String> dentry : kentry.getValue()) { DigestFactory factory = dentry.getKey(); String fingerprint = dentry.getValue(); http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/3767115e/sshd-common/src/test/java/org/apache/sshd/common/config/keys/PublicKeyEntryTest.java ---------------------------------------------------------------------- diff --git a/sshd-common/src/test/java/org/apache/sshd/common/config/keys/PublicKeyEntryTest.java b/sshd-common/src/test/java/org/apache/sshd/common/config/keys/PublicKeyEntryTest.java index 1fd372f..45c8921 100644 --- a/sshd-common/src/test/java/org/apache/sshd/common/config/keys/PublicKeyEntryTest.java +++ b/sshd-common/src/test/java/org/apache/sshd/common/config/keys/PublicKeyEntryTest.java @@ -44,14 +44,14 @@ public class PublicKeyEntryTest extends JUnitTestSupport { @Test public void testFallbackResolver() throws Exception { - PublicKeyEntry entry = // TODO use some - PublicKeyEntry.parsePublicKeyEntry( - GenericUtils.join( - Arrays.asList(getCurrentTestName(), "AAAA", getClass().getSimpleName()), ' ')); + PublicKeyEntry entry = + PublicKeyEntry.parsePublicKeyEntry( + GenericUtils.join( + Arrays.asList(getCurrentTestName(), "AAAA", getClass().getSimpleName()), ' ')); for (PublicKeyEntryResolver resolver : new PublicKeyEntryResolver[]{ null, PublicKeyEntryResolver.FAILING, PublicKeyEntryResolver.IGNORING}) { try { - PublicKey key = entry.resolvePublicKey(resolver); + PublicKey key = entry.resolvePublicKey(null, resolver); assertSame("Mismatched successful resolver", PublicKeyEntryResolver.IGNORING, resolver); assertNull("Unexpected success for resolver=" + resolver + ": " + KeyUtils.getFingerPrint(key), key); } catch (GeneralSecurityException e) { http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/3767115e/sshd-common/src/test/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyPairResourceParserTest.java ---------------------------------------------------------------------- diff --git a/sshd-common/src/test/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyPairResourceParserTest.java b/sshd-common/src/test/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyPairResourceParserTest.java index 680a53f..15223f9 100644 --- a/sshd-common/src/test/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyPairResourceParserTest.java +++ b/sshd-common/src/test/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyPairResourceParserTest.java @@ -83,7 +83,7 @@ public class OpenSSHKeyPairResourceParserTest extends JUnitTestSupport { assertEquals("Mismatched public keys count", 1, GenericUtils.size(entries)); AuthorizedKeyEntry entry = entries.get(0); - PublicKey pubEntry = entry.resolvePublicKey(PublicKeyEntryResolver.FAILING); + PublicKey pubEntry = entry.resolvePublicKey(null, PublicKeyEntryResolver.FAILING); assertNotNull("Cannot retrieve public key", pubEntry); Class<? extends PublicKey> pubType = identity.getPublicKeyType(); http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/3767115e/sshd-common/src/test/java/org/apache/sshd/common/util/security/eddsa/EDDSAProviderTest.java ---------------------------------------------------------------------- diff --git a/sshd-common/src/test/java/org/apache/sshd/common/util/security/eddsa/EDDSAProviderTest.java b/sshd-common/src/test/java/org/apache/sshd/common/util/security/eddsa/EDDSAProviderTest.java index 7da51c5..3ad00be 100644 --- a/sshd-common/src/test/java/org/apache/sshd/common/util/security/eddsa/EDDSAProviderTest.java +++ b/sshd-common/src/test/java/org/apache/sshd/common/util/security/eddsa/EDDSAProviderTest.java @@ -103,7 +103,7 @@ public class EDDSAProviderTest extends JUnitTestSupport { assertEquals("Mismatched comment", comment, keyEntry.getComment()); StringBuilder sb = new StringBuilder(expected.length()); - PublicKey pubKey = keyEntry.appendPublicKey(sb, null); + PublicKey pubKey = keyEntry.appendPublicKey(null, sb, null); assertEquals("Mismatched encoded result", expected, sb.toString()); testPublicKeyRecovery(pubKey); http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/3767115e/sshd-core/src/main/java/org/apache/sshd/client/keyverifier/DefaultKnownHostsServerKeyVerifier.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/main/java/org/apache/sshd/client/keyverifier/DefaultKnownHostsServerKeyVerifier.java b/sshd-core/src/main/java/org/apache/sshd/client/keyverifier/DefaultKnownHostsServerKeyVerifier.java index b1c3a10..609c770 100644 --- a/sshd-core/src/main/java/org/apache/sshd/client/keyverifier/DefaultKnownHostsServerKeyVerifier.java +++ b/sshd-core/src/main/java/org/apache/sshd/client/keyverifier/DefaultKnownHostsServerKeyVerifier.java @@ -30,6 +30,7 @@ import java.util.Map; import java.util.Objects; import org.apache.sshd.client.config.hosts.KnownHostEntry; +import org.apache.sshd.client.session.ClientSession; import org.apache.sshd.common.util.io.IoUtils; /** @@ -70,7 +71,8 @@ public class DefaultKnownHostsServerKeyVerifier extends KnownHostsServerKeyVerif } @Override - protected List<HostEntryPair> reloadKnownHosts(Path file) throws IOException, GeneralSecurityException { + protected List<HostEntryPair> reloadKnownHosts(ClientSession session, Path file) + throws IOException, GeneralSecurityException { if (isStrict()) { if (log.isDebugEnabled()) { log.debug("reloadKnownHosts({}) check permissions", file); @@ -84,6 +86,6 @@ public class DefaultKnownHostsServerKeyVerifier extends KnownHostsServerKeyVerif } } - return super.reloadKnownHosts(file); + return super.reloadKnownHosts(session, file); } } http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/3767115e/sshd-core/src/main/java/org/apache/sshd/client/keyverifier/KnownHostsServerKeyVerifier.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/main/java/org/apache/sshd/client/keyverifier/KnownHostsServerKeyVerifier.java b/sshd-core/src/main/java/org/apache/sshd/client/keyverifier/KnownHostsServerKeyVerifier.java index c06f270..a1e365d 100644 --- a/sshd-core/src/main/java/org/apache/sshd/client/keyverifier/KnownHostsServerKeyVerifier.java +++ b/sshd-core/src/main/java/org/apache/sshd/client/keyverifier/KnownHostsServerKeyVerifier.java @@ -52,6 +52,7 @@ import org.apache.sshd.common.config.keys.PublicKeyEntry; import org.apache.sshd.common.config.keys.PublicKeyEntryResolver; import org.apache.sshd.common.mac.Mac; import org.apache.sshd.common.random.Random; +import org.apache.sshd.common.session.SessionContext; import org.apache.sshd.common.util.GenericUtils; import org.apache.sshd.common.util.ValidateUtils; import org.apache.sshd.common.util.io.IoUtils; @@ -159,7 +160,7 @@ public class KnownHostsServerKeyVerifier if (checkReloadRequired()) { Path file = getPath(); if (exists()) { - knownHosts = reloadKnownHosts(file); + knownHosts = reloadKnownHosts(clientSession, file); } else { if (log.isDebugEnabled()) { log.debug("verifyServerKey({})[{}] missing known hosts file {}", @@ -186,12 +187,14 @@ public class KnownHostsServerKeyVerifier } /** + * @param session The {@link ClientSession} that triggered this request * @param file The {@link Path} to reload from * @return A {@link List} of the loaded {@link HostEntryPair}s - may be {@code null}/empty * @throws IOException If failed to parse the file * @throws GeneralSecurityException If failed to resolve the encoded public keys */ - protected List<HostEntryPair> reloadKnownHosts(Path file) throws IOException, GeneralSecurityException { + protected List<HostEntryPair> reloadKnownHosts(ClientSession session, Path file) + throws IOException, GeneralSecurityException { Collection<KnownHostEntry> entries = KnownHostEntry.readKnownHostEntries(file); boolean debugEnabled = log.isDebugEnabled(); if (debugEnabled) { @@ -207,7 +210,7 @@ public class KnownHostsServerKeyVerifier PublicKeyEntryResolver resolver = getFallbackPublicKeyEntryResolver(); for (KnownHostEntry entry : entries) { try { - PublicKey key = resolveHostKey(entry, resolver); + PublicKey key = resolveHostKey(session, entry, resolver); if (key != null) { keys.add(new HostEntryPair(entry, key)); } @@ -226,6 +229,7 @@ public class KnownHostsServerKeyVerifier /** * Recover the associated public key from a known host entry * + * @param session The {@link ClientSession} that triggered this request * @param entry The {@link KnownHostEntry} - ignored if {@code null} * @param resolver The {@link PublicKeyEntryResolver} to use if immediate * - decoding does not work - ignored if {@code null} @@ -233,17 +237,18 @@ public class KnownHostsServerKeyVerifier * @throws IOException If failed to decode the key * @throws GeneralSecurityException If failed to generate the key * @see #getFallbackPublicKeyEntryResolver() - * @see AuthorizedKeyEntry#resolvePublicKey(PublicKeyEntryResolver) + * @see AuthorizedKeyEntry#resolvePublicKey(SessionContext, PublicKeyEntryResolver) */ - protected PublicKey resolveHostKey(KnownHostEntry entry, PublicKeyEntryResolver resolver) - throws IOException, GeneralSecurityException { + protected PublicKey resolveHostKey( + ClientSession session, KnownHostEntry entry, PublicKeyEntryResolver resolver) + throws IOException, GeneralSecurityException { if (entry == null) { return null; } AuthorizedKeyEntry authEntry = ValidateUtils.checkNotNull(entry.getKeyEntry(), "No key extracted from %s", entry); - PublicKey key = authEntry.resolvePublicKey(resolver); + PublicKey key = authEntry.resolvePublicKey(session, resolver); if (log.isDebugEnabled()) { log.debug("resolveHostKey({}) loaded {}-{}", entry, KeyUtils.getKeyType(key), KeyUtils.getFingerPrint(key)); } http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/3767115e/sshd-core/src/main/java/org/apache/sshd/server/auth/pubkey/PublickeyAuthenticator.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/main/java/org/apache/sshd/server/auth/pubkey/PublickeyAuthenticator.java b/sshd-core/src/main/java/org/apache/sshd/server/auth/pubkey/PublickeyAuthenticator.java index 592e215..3e42159 100644 --- a/sshd-core/src/main/java/org/apache/sshd/server/auth/pubkey/PublickeyAuthenticator.java +++ b/sshd-core/src/main/java/org/apache/sshd/server/auth/pubkey/PublickeyAuthenticator.java @@ -52,6 +52,8 @@ public interface PublickeyAuthenticator { /** * @param id Some kind of mnemonic identifier for the authenticator - used also in {@link #toString()} + * @param session The {@link ServerSession} that triggered this call - may be {@code null} if invoked + * by offline tool (e.g., unit test) or session context unknown to caller. * @param entries The entries to parse - ignored if {@code null}/empty * @param fallbackResolver The public key resolver to use if none of the default registered ones works * @return A wrapper with all the parsed keys @@ -59,10 +61,12 @@ public interface PublickeyAuthenticator { * @throws GeneralSecurityException If failed to generate the relevant keys from the parsed data */ static PublickeyAuthenticator fromAuthorizedEntries( - Object id, Collection<? extends AuthorizedKeyEntry> entries, PublicKeyEntryResolver fallbackResolver) + Object id, ServerSession session, + Collection<? extends AuthorizedKeyEntry> entries, + PublicKeyEntryResolver fallbackResolver) throws IOException, GeneralSecurityException { Collection<PublicKey> keys = - PublicKeyEntry.resolvePublicKeyEntries(entries, fallbackResolver); + PublicKeyEntry.resolvePublicKeyEntries(session, entries, fallbackResolver); if (GenericUtils.isEmpty(keys)) { return RejectAllPublickeyAuthenticator.INSTANCE; } else { http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/3767115e/sshd-core/src/main/java/org/apache/sshd/server/config/keys/AuthorizedKeysAuthenticator.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/main/java/org/apache/sshd/server/config/keys/AuthorizedKeysAuthenticator.java b/sshd-core/src/main/java/org/apache/sshd/server/config/keys/AuthorizedKeysAuthenticator.java index d2e918d..f4250ec 100644 --- a/sshd-core/src/main/java/org/apache/sshd/server/config/keys/AuthorizedKeysAuthenticator.java +++ b/sshd-core/src/main/java/org/apache/sshd/server/config/keys/AuthorizedKeysAuthenticator.java @@ -143,7 +143,7 @@ public class AuthorizedKeysAuthenticator extends ModifiableFileWatcher implement String username, ServerSession session, Path path, Collection<AuthorizedKeyEntry> entries, PublicKeyEntryResolver fallbackResolver) throws IOException, GeneralSecurityException { - return PublickeyAuthenticator.fromAuthorizedEntries(path, entries, fallbackResolver); + return PublickeyAuthenticator.fromAuthorizedEntries(path, session, entries, fallbackResolver); } protected PublicKeyEntryResolver getFallbackPublicKeyEntryResolver() { http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/3767115e/sshd-core/src/test/java/org/apache/sshd/client/keyverifier/KnownHostsServerKeyVerifierTest.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/test/java/org/apache/sshd/client/keyverifier/KnownHostsServerKeyVerifierTest.java b/sshd-core/src/test/java/org/apache/sshd/client/keyverifier/KnownHostsServerKeyVerifierTest.java index 165d172..e5043e8 100644 --- a/sshd-core/src/test/java/org/apache/sshd/client/keyverifier/KnownHostsServerKeyVerifierTest.java +++ b/sshd-core/src/test/java/org/apache/sshd/client/keyverifier/KnownHostsServerKeyVerifierTest.java @@ -88,7 +88,7 @@ public class KnownHostsServerKeyVerifierTest extends BaseTestSupport { SshdSocketAddress hostIdentity = ke.getKey(); KnownHostEntry entry = ke.getValue(); AuthorizedKeyEntry authEntry = ValidateUtils.checkNotNull(entry.getKeyEntry(), "No key extracted from %s", entry); - PublicKey key = authEntry.resolvePublicKey(PublicKeyEntryResolver.FAILING); + PublicKey key = authEntry.resolvePublicKey(null, PublicKeyEntryResolver.FAILING); assertNull("Multiple keys for host=" + hostIdentity, HOST_KEYS.put(hostIdentity, key)); } } @@ -211,7 +211,7 @@ public class KnownHostsServerKeyVerifierTest extends BaseTestSupport { }); // force re-read to ensure all values are hashed - Collection<HostEntryPair> keys = verifier.reloadKnownHosts(path); + Collection<HostEntryPair> keys = verifier.reloadKnownHosts(session, path); for (HostEntryPair ke : keys) { KnownHostEntry entry = ke.getHostEntry(); assertNotNull("No hashing for entry=" + entry, entry.getHashedEntry()); http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/3767115e/sshd-core/src/test/java/org/apache/sshd/common/config/keys/AuthorizedKeyEntryTest.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/test/java/org/apache/sshd/common/config/keys/AuthorizedKeyEntryTest.java b/sshd-core/src/test/java/org/apache/sshd/common/config/keys/AuthorizedKeyEntryTest.java index d626572..a43aa1b 100644 --- a/sshd-core/src/test/java/org/apache/sshd/common/config/keys/AuthorizedKeyEntryTest.java +++ b/sshd-core/src/test/java/org/apache/sshd/common/config/keys/AuthorizedKeyEntryTest.java @@ -72,7 +72,7 @@ public class AuthorizedKeyEntryTest extends AuthorizedKeysTestSupport { sb.setLength(0); } - PublicKey key = entry.appendPublicKey(sb, PublicKeyEntryResolver.FAILING); + PublicKey key = entry.appendPublicKey(null, sb, PublicKeyEntryResolver.FAILING); assertNotNull("No key for line=" + line, key); String encoded = sb.toString(); @@ -102,13 +102,16 @@ public class AuthorizedKeyEntryTest extends AuthorizedKeysTestSupport { testAuthorizedKeysAuth(entries); } - private static Collection<AuthorizedKeyEntry> testReadAuthorizedKeys(Collection<AuthorizedKeyEntry> entries) throws Exception { + private static Collection<AuthorizedKeyEntry> testReadAuthorizedKeys( + Collection<AuthorizedKeyEntry> entries) + throws Exception { assertFalse("No entries read", GenericUtils.isEmpty(entries)); Exception err = null; for (AuthorizedKeyEntry entry : entries) { try { - ValidateUtils.checkNotNull(entry.resolvePublicKey(PublicKeyEntryResolver.FAILING), "No public key resolved from %s", entry); + ValidateUtils.checkNotNull(entry.resolvePublicKey(null, PublicKeyEntryResolver.FAILING), + "No public key resolved from %s", entry); } catch (Exception e) { System.err.append("Failed (").append(e.getClass().getSimpleName()).append(')') .append(" to resolve key of entry=").append(entry.toString()) @@ -127,10 +130,10 @@ public class AuthorizedKeyEntryTest extends AuthorizedKeysTestSupport { private PublickeyAuthenticator testAuthorizedKeysAuth(Collection<AuthorizedKeyEntry> entries) throws IOException, GeneralSecurityException { Collection<PublicKey> keySet = - PublicKeyEntry.resolvePublicKeyEntries(entries, PublicKeyEntryResolver.FAILING); + PublicKeyEntry.resolvePublicKeyEntries(null, entries, PublicKeyEntryResolver.FAILING); PublickeyAuthenticator auth = PublickeyAuthenticator.fromAuthorizedEntries( - getCurrentTestName(), entries, PublicKeyEntryResolver.FAILING); + getCurrentTestName(), null, entries, PublicKeyEntryResolver.FAILING); for (PublicKey key : keySet) { assertTrue("Failed to authenticate with key=" + key.getAlgorithm(), auth.authenticate(getCurrentTestName(), key, null)); } http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/3767115e/sshd-core/src/test/java/org/apache/sshd/server/config/keys/AuthorizedKeysAuthenticatorTest.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/test/java/org/apache/sshd/server/config/keys/AuthorizedKeysAuthenticatorTest.java b/sshd-core/src/test/java/org/apache/sshd/server/config/keys/AuthorizedKeysAuthenticatorTest.java index cdd2122..9bd2f64 100644 --- a/sshd-core/src/test/java/org/apache/sshd/server/config/keys/AuthorizedKeysAuthenticatorTest.java +++ b/sshd-core/src/test/java/org/apache/sshd/server/config/keys/AuthorizedKeysAuthenticatorTest.java @@ -89,7 +89,7 @@ public class AuthorizedKeysAuthenticatorTest extends AuthorizedKeysTestSupport { List<AuthorizedKeyEntry> entries = AuthorizedKeyEntry.readAuthorizedKeys(file); assertEquals("Mismatched number of loaded entries", keyLines.size(), entries.size()); - List<PublicKey> keySet = PublicKeyEntry.resolvePublicKeyEntries(entries, PublicKeyEntryResolver.FAILING); + List<PublicKey> keySet = PublicKeyEntry.resolvePublicKeyEntries(null, entries, PublicKeyEntryResolver.FAILING); assertEquals("Mismatched number of loaded keys", entries.size(), keySet.size()); reloadCount.set(0); http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/3767115e/sshd-core/src/test/java/org/apache/sshd/server/config/keys/DefaultAuthorizedKeysAuthenticatorTest.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/test/java/org/apache/sshd/server/config/keys/DefaultAuthorizedKeysAuthenticatorTest.java b/sshd-core/src/test/java/org/apache/sshd/server/config/keys/DefaultAuthorizedKeysAuthenticatorTest.java index d93abe7..e5ceb10 100644 --- a/sshd-core/src/test/java/org/apache/sshd/server/config/keys/DefaultAuthorizedKeysAuthenticatorTest.java +++ b/sshd-core/src/test/java/org/apache/sshd/server/config/keys/DefaultAuthorizedKeysAuthenticatorTest.java @@ -29,9 +29,11 @@ import org.apache.sshd.common.config.keys.PublicKeyEntry; import org.apache.sshd.common.config.keys.PublicKeyEntryResolver; import org.apache.sshd.common.util.OsUtils; import org.apache.sshd.server.auth.pubkey.PublickeyAuthenticator; +import org.apache.sshd.server.session.ServerSession; import org.junit.FixMethodOrder; import org.junit.Test; import org.junit.runners.MethodSorters; +import org.mockito.Mockito; /** * @author <a href="mailto:[email protected]";>Apache MINA SSHD Project</a> @@ -49,13 +51,14 @@ public class DefaultAuthorizedKeysAuthenticatorTest extends AuthorizedKeysTestSu Collection<AuthorizedKeyEntry> entries = AuthorizedKeyEntry.readAuthorizedKeys(file); Collection<PublicKey> keySet = - PublicKeyEntry.resolvePublicKeyEntries(entries, PublicKeyEntryResolver.FAILING); + PublicKeyEntry.resolvePublicKeyEntries(null, entries, PublicKeyEntryResolver.FAILING); PublickeyAuthenticator auth = new DefaultAuthorizedKeysAuthenticator(file, false); String thisUser = OsUtils.getCurrentUser(); + ServerSession session = Mockito.mock(ServerSession.class); for (String username : new String[]{null, "", thisUser, getClass().getName() + "#" + getCurrentTestName()}) { boolean expected = thisUser.equals(username); for (PublicKey key : keySet) { - boolean actual = auth.authenticate(username, key, null); + boolean actual = auth.authenticate(username, key, session); assertEquals("Mismatched authentication results for user='" + username + "'", expected, actual); } } http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/3767115e/sshd-ldap/src/main/java/org/apache/sshd/server/auth/pubkey/LdapPublickeyAuthenticator.java ---------------------------------------------------------------------- diff --git a/sshd-ldap/src/main/java/org/apache/sshd/server/auth/pubkey/LdapPublickeyAuthenticator.java b/sshd-ldap/src/main/java/org/apache/sshd/server/auth/pubkey/LdapPublickeyAuthenticator.java index 5e97db6..55d8329 100644 --- a/sshd-ldap/src/main/java/org/apache/sshd/server/auth/pubkey/LdapPublickeyAuthenticator.java +++ b/sshd-ldap/src/main/java/org/apache/sshd/server/auth/pubkey/LdapPublickeyAuthenticator.java @@ -194,14 +194,15 @@ public class LdapPublickeyAuthenticator extends LdapAuthenticator implements Pub * @throws GeneralSecurityException If failed to recover the public key * @throws IOException If failed to parse the public key data */ - protected PublicKey parsePublicKeyValue(String username, PublicKey expected, ServerSession session, Map<String, ?> attrs, Object keyData) - throws GeneralSecurityException, IOException { + protected PublicKey parsePublicKeyValue( + String username, PublicKey expected, ServerSession session, Map<String, ?> attrs, Object keyData) + throws GeneralSecurityException, IOException { if (keyData == null) { return null; } AuthorizedKeyEntry entry = AuthorizedKeyEntry.parseAuthorizedKeyEntry(Objects.toString(keyData, null)); - PublicKey key = Objects.requireNonNull(entry, "No key extracted").resolvePublicKey(PublicKeyEntryResolver.FAILING); + PublicKey key = Objects.requireNonNull(entry, "No key extracted").resolvePublicKey(session, PublicKeyEntryResolver.FAILING); if (log.isTraceEnabled()) { log.trace("parsePublicKeyValue({}@{}) {}-{}", username, session, KeyUtils.getKeyType(key), KeyUtils.getFingerPrint(key)); http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/3767115e/sshd-ldap/src/test/java/org/apache/sshd/server/auth/pubkey/LdapPublickeyAuthenticatorTest.java ---------------------------------------------------------------------- diff --git a/sshd-ldap/src/test/java/org/apache/sshd/server/auth/pubkey/LdapPublickeyAuthenticatorTest.java b/sshd-ldap/src/test/java/org/apache/sshd/server/auth/pubkey/LdapPublickeyAuthenticatorTest.java index b4b66dc..99b7f32 100644 --- a/sshd-ldap/src/test/java/org/apache/sshd/server/auth/pubkey/LdapPublickeyAuthenticatorTest.java +++ b/sshd-ldap/src/test/java/org/apache/sshd/server/auth/pubkey/LdapPublickeyAuthenticatorTest.java @@ -66,7 +66,7 @@ public class LdapPublickeyAuthenticatorTest extends BaseAuthenticatorTest { for (Map.Entry<String, String> ce : credentials.entrySet()) { String username = ce.getKey(); AuthorizedKeyEntry entry = AuthorizedKeyEntry.parseAuthorizedKeyEntry(ce.getValue()); - PublicKey key = Objects.requireNonNull(entry, "No key extracted").resolvePublicKey(PublicKeyEntryResolver.FAILING); + PublicKey key = Objects.requireNonNull(entry, "No key extracted").resolvePublicKey(null, PublicKeyEntryResolver.FAILING); KEYS_MAP.put(username, key); } } http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/3767115e/sshd-openpgp/src/main/java/org/apache/sshd/common/config/keys/loader/openpgp/PGPAuthorizedEntriesTracker.java ---------------------------------------------------------------------- diff --git a/sshd-openpgp/src/main/java/org/apache/sshd/common/config/keys/loader/openpgp/PGPAuthorizedEntriesTracker.java b/sshd-openpgp/src/main/java/org/apache/sshd/common/config/keys/loader/openpgp/PGPAuthorizedEntriesTracker.java index e8d9715..037b24a 100644 --- a/sshd-openpgp/src/main/java/org/apache/sshd/common/config/keys/loader/openpgp/PGPAuthorizedEntriesTracker.java +++ b/sshd-openpgp/src/main/java/org/apache/sshd/common/config/keys/loader/openpgp/PGPAuthorizedEntriesTracker.java @@ -101,7 +101,7 @@ public class PGPAuthorizedEntriesTracker } @Override - public PublicKey resolve(String keyType, byte[] keyData) + public PublicKey resolve(SessionContext session, String keyType, byte[] keyData) throws IOException, GeneralSecurityException { if (!PGPPublicKeyEntryDataResolver.PGP_KEY_TYPES.contains(keyType)) { return null; @@ -114,7 +114,7 @@ public class PGPAuthorizedEntriesTracker Collection<PublicKey> keys; try { - keys = loadMatchingKeyFingerprints(null, Collections.singletonList(fingerprint)); + keys = loadMatchingKeyFingerprints(session, Collections.singletonList(fingerprint)); } catch (PGPException e) { throw new InvalidKeyException("Failed (" + e.getClass().getSimpleName() + ")" + " to load key type=" + keyType + " with fingerprint=" + fingerprint @@ -150,7 +150,7 @@ public class PGPAuthorizedEntriesTracker Collection<PublicKeyEntry> keyEntries = te.getValue(); Collection<PublicKey> subKeys = PGPPublicKeyEntryDataResolver.PGP_KEY_TYPES.contains(keyType) ? loadMatchingAuthorizedEntries(session, keyEntries) - : PublicKeyEntry.resolvePublicKeyEntries(keyEntries, fallbackResolver); + : PublicKeyEntry.resolvePublicKeyEntries(session, keyEntries, fallbackResolver); if (GenericUtils.isEmpty(subKeys)) { continue; } http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/3767115e/sshd-openpgp/src/test/java/org/apache/sshd/common/config/keys/loader/openpgp/PGPUtilsKeyFingerprintTest.java ---------------------------------------------------------------------- diff --git a/sshd-openpgp/src/test/java/org/apache/sshd/common/config/keys/loader/openpgp/PGPUtilsKeyFingerprintTest.java b/sshd-openpgp/src/test/java/org/apache/sshd/common/config/keys/loader/openpgp/PGPUtilsKeyFingerprintTest.java index 997a016..d83e505 100644 --- a/sshd-openpgp/src/test/java/org/apache/sshd/common/config/keys/loader/openpgp/PGPUtilsKeyFingerprintTest.java +++ b/sshd-openpgp/src/test/java/org/apache/sshd/common/config/keys/loader/openpgp/PGPUtilsKeyFingerprintTest.java @@ -39,6 +39,7 @@ import org.apache.sshd.common.config.keys.AuthorizedKeyEntry; import org.apache.sshd.common.config.keys.KeyUtils; import org.apache.sshd.common.config.keys.PublicKeyEntry; import org.apache.sshd.common.config.keys.PublicKeyEntryDataResolver; +import org.apache.sshd.common.session.SessionContext; import org.apache.sshd.common.util.GenericUtils; import org.apache.sshd.common.util.io.IoUtils; import org.apache.sshd.util.test.JUnit4ClassRunnerWithParametersFactory; @@ -61,6 +62,7 @@ import org.junit.runners.MethodSorters; import org.junit.runners.Parameterized; import org.junit.runners.Parameterized.Parameters; import org.junit.runners.Parameterized.UseParametersRunnerFactory; +import org.mockito.Mockito; /** * @author <a href="mailto:[email protected]";>Apache MINA SSHD Project</a> @@ -205,11 +207,12 @@ public class PGPUtilsKeyFingerprintTest extends JUnitTestSupport { } PGPAuthorizedEntriesTracker tracker = new PGPAuthorizedEntriesTracker(file); + SessionContext session = Mockito.mock(SessionContext.class); for (PublicKeyEntry pke : available) { - Collection<PublicKey> keys = tracker.loadMatchingAuthorizedEntries(null, Collections.singletonList(pke)); + Collection<PublicKey> keys = tracker.loadMatchingAuthorizedEntries(session, Collections.singletonList(pke)); assertEquals("Mismatched recovered keys count for " + pke, 1, GenericUtils.size(keys)); - PublicKey expected = pke.resolvePublicKey(tracker); + PublicKey expected = pke.resolvePublicKey(session, tracker); PublicKey actual = GenericUtils.head(keys); assertKeyEquals(pke.toString(), expected, actual); }
