Hi,
first of all, many thanks for the new releases of camel-karaf supporting Camel
4 and congratulations on the good work.
I am currently moving a project from Karaf 4.4.3/Camel 3.x to Karaf 4.4.6/Camel
4.8.1 and noticed the following problem, that is hard to reproduce:
After installing the feature camel-ssh, it is *sometimes* no longer possible to
log into the Karaf shell via ssh. In that case, I get the following exception:
---
2024-11-12 20:08:17,219 | WARN | rverSessionImpl | 48 | pache.sshd.osgi |
resolveAvailableSignaturesProposal(ServerSessionImpl[null@/134.2.44.70:49706])
failed (NoClassDefFoundError) to get key types:
org/bouncycastle/util/io/pem/PemReader
java.lang.NoClassDefFoundError: org/bouncycastle/util/io/pem/PemReader
at
org.apache.karaf.shell.ssh.keygenerator.KeyPairLoader.getKeyPair(KeyPairLoader.java:74)
~[?:?]
at
org.apache.karaf.shell.ssh.keygenerator.OpenSSHKeyPairProvider.loadKeys(OpenSSHKeyPairProvider.java:83)
~[?:?]
at
org.apache.sshd.common.keyprovider.KeyPairProvider.getKeyTypes(KeyPairProvider.java:139)
~[!/:2.12.1]
at
org.apache.sshd.server.session.AbstractServerSession.resolveAvailableSignaturesProposal(AbstractServerSession.java:385)
~[!/:2.12.1]
at
org.apache.sshd.common.session.helpers.SessionHelper.resolveAvailableSignaturesProposal(SessionHelper.java:959)
~[!/:2.12.1]
at
org.apache.sshd.common.session.helpers.SessionHelper.getKexProposal(SessionHelper.java:984)
~[!/:2.12.1]
at
org.apache.sshd.common.session.helpers.AbstractSession.sendKexInit(AbstractSession.java:2654)
~[!/:2.12.1]
at
org.apache.sshd.server.session.AbstractServerSession.readIdentification(AbstractServerSession.java:510)
~[!/:2.12.1]
at
org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:499)
~[!/:2.12.1]
at
org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:64)
~[!/:2.12.1]
at
org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:409)
~[!/:2.12.1]
at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:382)
~[!/:2.12.1]
at
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:377)
~[!/:2.12.1]
at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
~[!/:2.12.1]
at
java.security.AccessController.doPrivileged(AccessController.java:318) [?:?]
at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
~[!/:2.12.1]
at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:129) ~[?:?]
at sun.nio.ch.Invoker.invokeDirect(Invoker.java:160) ~[?:?]
at
sun.nio.ch.UnixAsynchronousSocketChannelImpl.implRead(UnixAsynchronousSocketChannelImpl.java:573)
~[?:?]
at
sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:276)
~[?:?]
at
sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:297)
~[?:?]
at
org.apache.sshd.common.io.nio2.Nio2Session.doReadCycle(Nio2Session.java:494)
~[!/:2.12.1]
at
org.apache.sshd.common.io.nio2.Nio2Session.doReadCycle(Nio2Session.java:372)
~[!/:2.12.1]
at
org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:365)
~[!/:2.12.1]
at
org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:361)
~[!/:2.12.1]
at
org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:357)
~[!/:2.12.1]
at
org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:353)
~[!/:2.12.1]
at
org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:349)
~[!/:2.12.1]
at
org.apache.sshd.common.io.nio2.Nio2Acceptor$AcceptCompletionHandler.onCompleted(Nio2Acceptor.java:308)
~[!/:2.12.1]
at
org.apache.sshd.common.io.nio2.Nio2Acceptor$AcceptCompletionHandler.onCompleted(Nio2Acceptor.java:263)
~[!/:2.12.1]
at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
~[!/:2.12.1]
at
java.security.AccessController.doPrivileged(AccessController.java:318) [?:?]
at
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
[!/:2.12.1]
at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:129) [?:?]
at sun.nio.ch.Invoker$2.run(Invoker.java:221) [?:?]
at
sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:113)
[?:?]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
[?:?]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
[?:?]
at java.lang.Thread.run(Thread.java:840) [?:?]
Caused by: java.lang.ClassNotFoundException:
org.bouncycastle.util.io.pem.PemReader not found by bcpkix-jdk18on [215]
... 39 more
---
I think, the problem is caused by two different versions of the bundle bcpkix:
bundle:list -t 0 | grep bcpkix
20 x Active x 30 x 1.77 x bcpkix
222 x Active x 80 x 1.78.0 x bcpkix-jdk18on
The bundle bcpkix 1.77 is included in Karaf.
When installing the feature camel-ssh, the bundle bcpkix-jdk18on 1.78.0 is
added.
The bundle bcpkix 1.77 is importing org.bouncycastle.util.io.pem (from bundle
bcprov 1.77.0).
The bundle bcpkix-jdk18on 1.78.0 is NOT importing org.bouncycastle.util.io.pem:
package:imports| grep pem
org.bouncycastle.util.io.pem x [1.72.0,) x
x 20 x bcpkix
org.bouncycastle.util.io.pem x [1.77.0,2.0.0) x
x 46 x org.apache.karaf.shell.ssh
As mentioned at https://github.com/bcgit/bc-java/issues/1621, the bundle
bcpkix-jdk18on 1.78.0 is missing multiple Import-Package entries from it's
manifest.
However, as seen above, the Karaf Shell uses any version of
org.bouncycastle.util.io.pem in the version range [1.77.0,2.0.0):
Because both bcpkix 1.77.0 and bcpkix-jdk18on 1.78.0 are within that version
range, it seems to be random, which bundle is used.
When bcpkix 1.77.0 is picked up, connecting to the Karaf Shell is possible.
When bcpkix-jdk18on 1.78.0 is picked up, the exception listed above is thrown.
I hope, I was able to make it clear, what I mean.
Is there any way to force the Karaf Shell (org.apache.karaf.shell.ssh) to use
bcpkix 1.77 every time?
Or is there any other workaround?
I would be grateful for any help.
Thanks
--
Jan Schulze
