vukzeka commented on code in PR #222:
URL: https://github.com/apache/mina-sshd/pull/222#discussion_r870774200
##########
sshd-core/src/main/java/org/apache/sshd/certificate/OpenSshCertificateBuilder.java:
##########
@@ -104,7 +110,21 @@ public OpenSshCertificateBuilder
principals(Collection<String> principals) {
}
public OpenSshCertificateBuilder
criticalOptions(List<OpenSshCertificate.CertificateOption> criticalOptions) {
- this.criticalOptions = criticalOptions;
+ if (criticalOptions != null && !criticalOptions.isEmpty()) {
+ // check if any duplicates
+ Set<String> names = new HashSet<String>();
+ Set<String> duplicates = criticalOptions.stream().filter(option ->
!names.add(option.getName()))
+ .map(option -> option.getName())
+ .collect(Collectors.toSet());
+ if (!duplicates.isEmpty()) {
+ throw new IllegalArgumentException("Duplicate critical option:
" + String.join(",", duplicates));
+ }
+ // lexically order by "name"
+ List<OpenSshCertificate.CertificateOption> sortedCriticalOptions =
criticalOptions.stream()
+
.sorted(Comparator.comparing(OpenSshCertificate.CertificateOption::getName))
+ .collect(Collectors.toList());
+ this.criticalOptions = sortedCriticalOptions;
+ }
Review Comment:
I missed that part from OpenSSH documentation. And good catch for that bug.
I will apply now same logic for both extensions.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
