[mina-sshd] branch master updated: [SSHD-978] Updated source formatter plugin configuration
This is an automated email from the ASF dual-hosted git repository.
lgoldstein pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git
The following commit(s) were added to refs/heads/master by this push:
new 160703e [SSHD-978] Updated source formatter plugin configuration
160703e is described below
commit 160703e311279cf0b40e51871cb56d35b0ce6b78
Author: Lyor Goldstein
AuthorDate: Mon May 4 18:48:31 2020 +0300
[SSHD-978] Updated source formatter plugin configuration
---
pom.xml | 13 +
.../sshd/common/config/keys/loader/openssh/kdf/BCrypt.java | 4 ++--
sshd-core/pom.xml | 11 +++
3 files changed, 22 insertions(+), 6 deletions(-)
diff --git a/pom.xml b/pom.xml
index 1936f8a..5ae7540 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1030,6 +1030,15 @@
-->
+
+net.revelc.code.formatter
+formatter-maven-plugin
+2.11.0
+
+
${workspace.root.dir}${file.separator}sshd-eclipse-formatter-config.xml
+LF
+
+
@@ -1072,10 +1081,6 @@
net.revelc.code.formatter
formatter-maven-plugin
-2.11.0
-
-
${workspace.root.dir}${file.separator}sshd-eclipse-formatter-config.xml
-
format
diff --git
a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/kdf/BCrypt.java
b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/kdf/BCrypt.java
index f5a2834..20a8b76 100644
---
a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/kdf/BCrypt.java
+++
b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/kdf/BCrypt.java
@@ -17,8 +17,8 @@
// CHECKSTYLE:OFF
package org.apache.sshd.common.config.keys.loader.openssh.kdf;
-// This code comes from
https://github.com/kruton/jbcrypt/blob/37a5a77/jbcrypt/src/main/java/org/mindrot/jbcrypt/BCrypt.java
.
-// It's available on maven as artifact org.connectbot.jbcrypt:jbcrypt:1.0.0.
pbkdf method added 2016 by Kenny Root.
+// This code comes from
https://github.com/kruton/jbcrypt/blob/37a5a77/jbcrypt/src/main/java/org/mindrot/jbcrypt/BCrypt.java
.
+// It's available on maven as artifact org.connectbot.jbcrypt:jbcrypt:1.0.0.
pbkdf method added 2016 by Kenny Root.
// Modifications for Apache MINA sshd: this comment, plus changed the package
from org.mindrot.jbcrypt to avoid conflicts.
import java.io.UnsupportedEncodingException;
import java.security.DigestException;
diff --git a/sshd-core/pom.xml b/sshd-core/pom.xml
index 0efeaf6..2dfe7ba 100644
--- a/sshd-core/pom.xml
+++ b/sshd-core/pom.xml
@@ -135,6 +135,17 @@
+
+net.revelc.code.formatter
+formatter-maven-plugin
+
+
+
+
src/test/java/org/apache/sshd/deprecated
+
+
+
[mina-sshd] 01/02: [SSHD-984] Writing keys in modern OpenSSH format
This is an automated email from the ASF dual-hosted git repository.
lgoldstein pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git
commit 42df03db207be7be5479acf97335ea8ae1603c21
Author: Thomas Wolf
AuthorDate: Sun May 3 12:37:01 2020 +0200
[SSHD-984] Writing keys in modern OpenSSH format
Add support for writing keys in the modern OpenSSH key format using
the OpenBSD bcrypt KDF for writing passphrase-protected, encrypted
private keys.
Add a new OpenSSHKeyPairResourceWriter using a specialized
OpenSSHKeyEncryptionContext to make the number of KDF rounds
configurable and to have the passphrase as a char[] instead of as a
String. Introduce a new SecureByteArrayOutputStream.
Includes test cases that generate various keys, write them to files,
and load them again. Since this only tests that Apache MINA sshd can
work with these keys, I've also manually verified that command-line
OpenSSH can use keys generated and written by Java to actually connect
to an SSH server.
---
.../common/config/keys/PrivateKeyEntryDecoder.java | 18 +-
.../openssh/OpenSSHDSSPrivateKeyEntryDecoder.java | 6 +-
.../OpenSSHECDSAPrivateKeyEntryDecoder.java| 16 +-
.../openssh/OpenSSHRSAPrivateKeyDecoder.java | 18 ++
.../config/keys/writer/KeyPairResourceWriter.java | 84 +
.../openssh/OpenSSHKeyEncryptionContext.java | 147 +
.../openssh/OpenSSHKeyPairResourceWriter.java | 335 +++
.../util/io/SecureByteArrayOutputStream.java | 61
.../OpenSSHEd25519PrivateKeyEntryDecoder.java | 4 +-
.../openssh/OpenSSHKeyPairResourceWriterTest.java | 358 +
10 files changed, 1032 insertions(+), 15 deletions(-)
diff --git
a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/PrivateKeyEntryDecoder.java
b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/PrivateKeyEntryDecoder.java
index 767ac0b..4deccc8 100644
---
a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/PrivateKeyEntryDecoder.java
+++
b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/PrivateKeyEntryDecoder.java
@@ -36,6 +36,7 @@ import org.apache.sshd.common.session.SessionContext;
import org.apache.sshd.common.util.GenericUtils;
import org.apache.sshd.common.util.NumberUtils;
import org.apache.sshd.common.util.ValidateUtils;
+import org.apache.sshd.common.util.io.SecureByteArrayOutputStream;
/**
* @param Type of {@link PublicKey}
@@ -121,16 +122,19 @@ public interface PrivateKeyEntryDecoderhttp://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.sshd.common.config.keys.writer;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.PublicKey;
+
+import org.apache.sshd.common.config.keys.loader.PrivateKeyEncryptionContext;
+import org.apache.sshd.common.util.io.SecureByteArrayOutputStream;
+
+/**
+ * A {@code KeyPairResourceWriter} can serialize keys to an external
+ * representation.
+ *
+ * @param The type of {@link PrivateKeyEncryptionContext} to use with
+ * this {@code KeyPairResourceWriter}.
+ */
+public interface KeyPairResourceWriter {
+
+/**
+ * Writes a serialization of a private key from a given {@link KeyPair} to
a
+ * given {@link SecureByteArrayOutputStream}.
+ *
+ * @param key to write the private key of
+ * @param comment to write with the private key
+ * @param options for writing the key; may be {@code null} if no
encryption is
+ *wanted. The caller is responsible for
+ *{@link PrivateKeyEncryptionContext#clear() clearing} the
+ *options when no longer needed. If the passphrase
obtained from
+ *the context is {@code null} or an empty array (length
zero or
+ *containing only whitespace), the key is written
unencrypted.
+ * @param out to write to
+ * @return a byte array containing the serialized private key data
+ * @throws GeneralSecurityException if the key is inconsistent or unknown,
or
+ * the encryption specified cannot be
applied
+ * @throws IOException if the key cannot be written
+ */
+void writePrivateKey(KeyPair key, String comment, OPTIONS options,
SecureByteArrayOutputStream out)
+throws IOException, GeneralSecurityException;
+
+/**
+ * Writes a serialization of a public key from a given {@link
[mina-sshd] branch master updated (742963a -> 644a80a)
This is an automated email from the ASF dual-hosted git repository. lgoldstein pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/mina-sshd.git. from 742963a [SSHD-987] Correctly generate IV for AES private key obfuscator new 42df03d [SSHD-984] Writing keys in modern OpenSSH format new 644a80a [SSHD-984] Fixed some minor coding issues to make OpenSSHKeyPairResourceWriter conform to SSHD style The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: CHANGES.md | 4 +- .../common/config/keys/PrivateKeyEntryDecoder.java | 8 +- .../openssh/OpenSSHDSSPrivateKeyEntryDecoder.java | 6 +- .../OpenSSHECDSAPrivateKeyEntryDecoder.java| 16 +- .../openssh/OpenSSHRSAPrivateKeyDecoder.java | 18 + .../config/keys/writer/KeyPairResourceWriter.java | 84 + .../openssh/OpenSSHKeyEncryptionContext.java | 76 + .../openssh/OpenSSHKeyPairResourceWriter.java | 325 ++ .../util/io/SecureByteArrayOutputStream.java | 38 ++- .../OpenSSHEd25519PrivateKeyEntryDecoder.java | 5 +- .../openssh/OpenSSHKeyPairResourceWriterTest.java | 367 + .../apache/sshd/util/test/JUnitTestSupport.java| 27 +- 12 files changed, 951 insertions(+), 23 deletions(-) create mode 100644 sshd-common/src/main/java/org/apache/sshd/common/config/keys/writer/KeyPairResourceWriter.java create mode 100644 sshd-common/src/main/java/org/apache/sshd/common/config/keys/writer/openssh/OpenSSHKeyEncryptionContext.java create mode 100644 sshd-common/src/main/java/org/apache/sshd/common/config/keys/writer/openssh/OpenSSHKeyPairResourceWriter.java copy sshd-contrib/src/main/java/org/apache/sshd/common/util/io/ExposedBufferByteArrayOutputStream.java => sshd-common/src/main/java/org/apache/sshd/common/util/io/SecureByteArrayOutputStream.java (52%) create mode 100644 sshd-common/src/test/java/org/apache/sshd/common/config/keys/writer/openssh/OpenSSHKeyPairResourceWriterTest.java
[mina-sshd] 02/02: [SSHD-984] Fixed some minor coding issues to make OpenSSHKeyPairResourceWriter conform to SSHD style
This is an automated email from the ASF dual-hosted git repository.
lgoldstein pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git
commit 644a80a5d8f54d19fd10949d8c54bf02d317c8d7
Author: Lyor Goldstein
AuthorDate: Mon May 4 17:26:55 2020 +0300
[SSHD-984] Fixed some minor coding issues to make
OpenSSHKeyPairResourceWriter conform to SSHD style
---
CHANGES.md | 4 +-
.../common/config/keys/PrivateKeyEntryDecoder.java | 18 +-
.../config/keys/writer/KeyPairResourceWriter.java | 66 ++---
.../openssh/OpenSSHKeyEncryptionContext.java | 81 +-
.../openssh/OpenSSHKeyPairResourceWriter.java | 136 +-
.../util/io/SecureByteArrayOutputStream.java | 4 +-
.../OpenSSHEd25519PrivateKeyEntryDecoder.java | 3 +-
.../openssh/OpenSSHKeyPairResourceWriterTest.java | 291 +++--
.../apache/sshd/util/test/JUnitTestSupport.java| 27 +-
9 files changed, 291 insertions(+), 339 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index 7022e45..0fbc103 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -33,4 +33,6 @@ where the former validate the messages and deal with the idle
timeout, and the l
* [SSHD-977](https://issues.apache.org/jira/browse/SSHD-977) - Apply
consistent logging policy to caught exceptions
-* [SSHD-660](https://issues.apache.org/jira/browse/SSHD-660) - Added support
for server-side signed certificate keys
\ No newline at end of file
+* [SSHD-660](https://issues.apache.org/jira/browse/SSHD-660) - Added support
for server-side signed certificate keys
+
+* [SSHD-984](https://issues.apache.org/jira/browse/SSHD-984) - Utility method
to export KeyPair in OpenSSH format
\ No newline at end of file
diff --git
a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/PrivateKeyEntryDecoder.java
b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/PrivateKeyEntryDecoder.java
index 4deccc8..0e61acc 100644
---
a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/PrivateKeyEntryDecoder.java
+++
b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/PrivateKeyEntryDecoder.java
@@ -22,7 +22,6 @@ package org.apache.sshd.common.config.keys;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
-import java.io.OutputStream;
import java.io.StreamCorruptedException;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
@@ -122,16 +121,15 @@ public interface PrivateKeyEntryDecoder The type of {@link PrivateKeyEncryptionContext} to use with
- * this {@code KeyPairResourceWriter}.
+ * @param The type of {@link PrivateKeyEncryptionContext} to use
with this {@code KeyPairResourceWriter}.
*/
public interface KeyPairResourceWriter {
-
/**
- * Writes a serialization of a private key from a given {@link KeyPair} to
a
- * given {@link SecureByteArrayOutputStream}.
+ * Writes a serialization of a private key from a given {@link KeyPair} to
a given {@link OutputStream}.
*
- * @param key to write the private key of
- * @param comment to write with the private key
- * @param options for writing the key; may be {@code null} if no
encryption is
- *wanted. The caller is responsible for
- *{@link PrivateKeyEncryptionContext#clear() clearing} the
- *options when no longer needed. If the passphrase
obtained from
- *the context is {@code null} or an empty array (length
zero or
- *containing only whitespace), the key is written
unencrypted.
- * @param out to write to
- * @return a byte array containing the serialized private key data
- * @throws GeneralSecurityException if the key is inconsistent or unknown,
or
- * the encryption specified cannot be
applied
+ * @param key to write the private key of
+ * @param comment to write with the private key
+ * @param options for writing the key; may be {@code
null} if no encryption is wanted. The caller
+ * is responsible for clearing the
options when no longer needed. If the passphrase
+ * obtained from the context is {@code
null} or an empty/blank string (length zero
+ * or containing only whitespace), the
key is written unencrypted.
+ * @param out The {@link OutputStream} to write to -
recommend using a
+ * {@code SecureByteArrayOutputStream} in
order to reduce sensitive data exposure
+ * in memory
+ * @throws GeneralSecurityException if the key is inconsistent or unknown,
or the encryption specified cannot be
+ *
[mina-sshd] 02/02: [SSHD-978] Update import statements sort plugin configuration
This is an automated email from the ASF dual-hosted git repository. lgoldstein pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/mina-sshd.git commit a3a1b83728866e35fe7bff1ff8d5f3180ba39e90 Author: Lyor Goldstein AuthorDate: Mon May 4 19:35:42 2020 +0300 [SSHD-978] Update import statements sort plugin configuration --- pom.xml | 19 --- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/pom.xml b/pom.xml index 5ae7540..9f4bb97 100644 --- a/pom.xml +++ b/pom.xml @@ -1039,6 +1039,18 @@ LF + +net.revelc.code +impsort-maven-plugin +1.4.1 + +LF +java.,javax.,org.w3c.,org.xml.,junit. +true +true + java.,javax.,org.w3c.,org.xml.,junit. + + @@ -1094,13 +1106,6 @@ net.revelc.code impsort-maven-plugin -1.3.2 - -java.,javax.,org.w3c.,org.xml.,junit. -true -true - java.,javax.,org.w3c.,org.xml.,junit. - sort-imports
[mina-sshd] branch master updated (160703e -> a3a1b83)
This is an automated email from the ASF dual-hosted git repository. lgoldstein pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/mina-sshd.git. from 160703e [SSHD-978] Updated source formatter plugin configuration new e2a67dd [SSHD-974] Clean up un-necessary sensitive data a.s.a.p. new a3a1b83 [SSHD-978] Update import statements sort plugin configuration The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: pom.xml| 19 -- .../keys/loader/AESPrivateKeyObfuscator.java | 3 +- .../keys/loader/AbstractPrivateKeyObfuscator.java | 2 +- .../openssh/OpenSSHKeyPairResourceWriter.java | 76 -- .../openssh/OpenSSHKeyPairResourceWriterTest.java | 19 -- .../apache/sshd/util/test/JUnitTestSupport.java| 2 +- 6 files changed, 71 insertions(+), 50 deletions(-)
[mina-sshd] 01/02: [SSHD-974] Clean up un-necessary sensitive data a.s.a.p.
This is an automated email from the ASF dual-hosted git repository.
lgoldstein pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git
commit e2a67dd7e97429bcbe09da6d43ee826647e4df08
Author: Lyor Goldstein
AuthorDate: Mon May 4 19:33:23 2020 +0300
[SSHD-974] Clean up un-necessary sensitive data a.s.a.p.
---
.../keys/loader/AESPrivateKeyObfuscator.java | 3 +-
.../keys/loader/AbstractPrivateKeyObfuscator.java | 2 +-
.../openssh/OpenSSHKeyPairResourceWriter.java | 76 --
.../openssh/OpenSSHKeyPairResourceWriterTest.java | 19 --
.../apache/sshd/util/test/JUnitTestSupport.java| 2 +-
5 files changed, 59 insertions(+), 43 deletions(-)
diff --git
a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/AESPrivateKeyObfuscator.java
b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/AESPrivateKeyObfuscator.java
index 8ba47ce..08a24bb 100644
---
a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/AESPrivateKeyObfuscator.java
+++
b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/AESPrivateKeyObfuscator.java
@@ -61,7 +61,8 @@ public class AESPrivateKeyObfuscator extends
AbstractPrivateKeyObfuscator {
}
@Override
-protected int
resolveInitializationVectorLength(PrivateKeyEncryptionContext encContext)
throws GeneralSecurityException {
+protected int
resolveInitializationVectorLength(PrivateKeyEncryptionContext encContext)
+throws GeneralSecurityException {
int keyLength = resolveKeyLength(encContext);
CipherInformation ci = resolveCipherInformation(keyLength,
encContext.getCipherMode());
if (ci == null) {
diff --git
a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/AbstractPrivateKeyObfuscator.java
b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/AbstractPrivateKeyObfuscator.java
index 57ff3e3..2bfc970 100644
---
a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/AbstractPrivateKeyObfuscator.java
+++
b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/AbstractPrivateKeyObfuscator.java
@@ -93,7 +93,7 @@ public abstract class AbstractPrivateKeyObfuscator implements
PrivateKeyObfuscat
// see http://www.ict.griffith.edu.au/anthony/info/crypto/openssl.hints
(Password to Encryption Key section)
// see
http://openssl.6102.n7.nabble.com/DES-EDE3-CBC-technical-details-td24883.html
protected byte[] deriveEncryptionKey(PrivateKeyEncryptionContext
encContext, int outputKeyLength)
-throws GeneralSecurityException {
+throws IOException, GeneralSecurityException {
Objects.requireNonNull(encContext, "No encryption context");
ValidateUtils.checkNotNullAndNotEmpty(encContext.getCipherName(), "No
cipher name");
ValidateUtils.checkNotNullAndNotEmpty(encContext.getCipherType(), "No
cipher type");
diff --git
a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/writer/openssh/OpenSSHKeyPairResourceWriter.java
b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/writer/openssh/OpenSSHKeyPairResourceWriter.java
index 6251778..dd91e85 100644
---
a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/writer/openssh/OpenSSHKeyPairResourceWriter.java
+++
b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/writer/openssh/OpenSSHKeyPairResourceWriter.java
@@ -51,7 +51,6 @@ import
org.apache.sshd.common.config.keys.loader.openssh.kdf.BCrypt;
import org.apache.sshd.common.config.keys.loader.openssh.kdf.BCryptKdfOptions;
import org.apache.sshd.common.config.keys.writer.KeyPairResourceWriter;
import org.apache.sshd.common.util.GenericUtils;
-import org.apache.sshd.common.util.ValidateUtils;
import org.apache.sshd.common.util.io.SecureByteArrayOutputStream;
/**
@@ -75,9 +74,9 @@ public class OpenSSHKeyPairResourceWriter implements
KeyPairResourceWriter 0) {
+String baseName = testName.substring(0, pos);
+String paramName = testName.substring(pos + 1, testName.length() -
1);
+file = dir.resolve(baseName + "-" + paramName.replace('(',
'-').replace(")", "").trim());
+} else {
+file = dir.resolve(testName);
+}
+Files.deleteIfExists(file);
+return file;
}
@SuppressWarnings("checkstyle:VisibilityModifier")
diff --git
a/sshd-common/src/test/java/org/apache/sshd/util/test/JUnitTestSupport.java
b/sshd-common/src/test/java/org/apache/sshd/util/test/JUnitTestSupport.java
index 55537e0..6db9657 100644
--- a/sshd-common/src/test/java/org/apache/sshd/util/test/JUnitTestSupport.java
+++ b/sshd-common/src/test/java/org/apache/sshd/util/test/JUnitTestSupport.java
@@ -189,7 +189,7 @@ public abstract class JUnitTestSupport extends Assert {
* @see#assertHierarchyTargetFolderExists(Path,
LinkOption...)
