AW: camel-karaf 4.8.1: Feature camel-ssh breaks Karaf SSH Shell

Thu, 14 Nov 2024 09:43:33 -0800 

Hi all,

I found a workaround for my problem. Version 1.78.1 of the bouncy castle 
bundles have fixed the Import-Package entries in the manifest.

So I downloaded bcpkix-jdk18on-1.78.1.jar and bcutil-jdk18on-1.78.1.jar und 
edited their manifests, so that they appear as version 1.78.0.
I removed the two problematic 1.78.0 bundles with bundle:uninstall 
bcpkix-jdk18on bcutil-jdk18on
Then I deployed the repackaged jar files manually in Karaf.

Everything seems to be working now with that workaround.


Best Regards
--
Jan Schulze

________________________________________
Von: Schulze, Jan <jan.schu...@uni-tuebingen.de>
Gesendet: Mittwoch, 13. November 2024 00:50:58
An: user@karaf.apache.org
Betreff: camel-karaf 4.8.1: Feature camel-ssh breaks Karaf SSH Shell

Hi,

first of all, many thanks for the new releases of camel-karaf supporting Camel 
4 and congratulations on the good work.

I am currently moving a project from Karaf 4.4.3/Camel 3.x to Karaf 4.4.6/Camel 
4.8.1 and noticed the following problem, that is hard to reproduce:
After installing the feature camel-ssh, it is *sometimes* no longer possible to 
log into the Karaf shell via ssh. In that case, I get the following exception:

---
2024-11-12 20:08:17,219 | WARN | rverSessionImpl |  48 | pache.sshd.osgi | 
resolveAvailableSignaturesProposal(ServerSessionImpl[null@/134.2.44.70:49706]) 
failed (NoClassDefFoundError) to get key types: 
org/bouncycastle/util/io/pem/PemReader
java.lang.NoClassDefFoundError: org/bouncycastle/util/io/pem/PemReader
        at 
org.apache.karaf.shell.ssh.keygenerator.KeyPairLoader.getKeyPair(KeyPairLoader.java:74)
 ~[?:?]
        at 
org.apache.karaf.shell.ssh.keygenerator.OpenSSHKeyPairProvider.loadKeys(OpenSSHKeyPairProvider.java:83)
 ~[?:?]
        at 
org.apache.sshd.common.keyprovider.KeyPairProvider.getKeyTypes(KeyPairProvider.java:139)
 ~[!/:2.12.1]
        at 
org.apache.sshd.server.session.AbstractServerSession.resolveAvailableSignaturesProposal(AbstractServerSession.java:385)
 ~[!/:2.12.1]
        at 
org.apache.sshd.common.session.helpers.SessionHelper.resolveAvailableSignaturesProposal(SessionHelper.java:959)
 ~[!/:2.12.1]
        at 
org.apache.sshd.common.session.helpers.SessionHelper.getKexProposal(SessionHelper.java:984)
 ~[!/:2.12.1]
        at 
org.apache.sshd.common.session.helpers.AbstractSession.sendKexInit(AbstractSession.java:2654)
 ~[!/:2.12.1]
        at 
org.apache.sshd.server.session.AbstractServerSession.readIdentification(AbstractServerSession.java:510)
 ~[!/:2.12.1]
        at 
org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:499)
 ~[!/:2.12.1]
        at 
org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:64)
 ~[!/:2.12.1]
        at 
org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:409)
 ~[!/:2.12.1]
        at 
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:382) 
~[!/:2.12.1]
        at 
org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:377) 
~[!/:2.12.1]
        at 
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
 ~[!/:2.12.1]
        at 
java.security.AccessController.doPrivileged(AccessController.java:318) [?:?]
        at 
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
 ~[!/:2.12.1]
        at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:129) ~[?:?]
        at sun.nio.ch.Invoker.invokeDirect(Invoker.java:160) ~[?:?]
        at 
sun.nio.ch.UnixAsynchronousSocketChannelImpl.implRead(UnixAsynchronousSocketChannelImpl.java:573)
 ~[?:?]
        at 
sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:276)
 ~[?:?]
        at 
sun.nio.ch.AsynchronousSocketChannelImpl.read(AsynchronousSocketChannelImpl.java:297)
 ~[?:?]
        at 
org.apache.sshd.common.io.nio2.Nio2Session.doReadCycle(Nio2Session.java:494) 
~[!/:2.12.1]
        at 
org.apache.sshd.common.io.nio2.Nio2Session.doReadCycle(Nio2Session.java:372) 
~[!/:2.12.1]
        at 
org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:365) 
~[!/:2.12.1]
        at 
org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:361) 
~[!/:2.12.1]
        at 
org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:357) 
~[!/:2.12.1]
        at 
org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:353) 
~[!/:2.12.1]
        at 
org.apache.sshd.common.io.nio2.Nio2Session.startReading(Nio2Session.java:349) 
~[!/:2.12.1]
        at 
org.apache.sshd.common.io.nio2.Nio2Acceptor$AcceptCompletionHandler.onCompleted(Nio2Acceptor.java:308)
 ~[!/:2.12.1]
        at 
org.apache.sshd.common.io.nio2.Nio2Acceptor$AcceptCompletionHandler.onCompleted(Nio2Acceptor.java:263)
 ~[!/:2.12.1]
        at 
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
 ~[!/:2.12.1]
        at 
java.security.AccessController.doPrivileged(AccessController.java:318) [?:?]
        at 
org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
 [!/:2.12.1]
        at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:129) [?:?]
        at sun.nio.ch.Invoker$2.run(Invoker.java:221) [?:?]
        at 
sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:113)
 [?:?]
        at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) 
[?:?]
        at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) 
[?:?]
        at java.lang.Thread.run(Thread.java:840) [?:?]
Caused by: java.lang.ClassNotFoundException: 
org.bouncycastle.util.io.pem.PemReader not found by bcpkix-jdk18on [215]
        ... 39 more
---

I think, the problem is caused by two different versions of the bundle bcpkix:

bundle:list -t 0 | grep bcpkix
20   x Active   x  30  x 1.77                x bcpkix
222 x Active   x  80 x 1.78.0             x bcpkix-jdk18on

The bundle bcpkix 1.77 is included in Karaf.
When installing the feature camel-ssh, the bundle bcpkix-jdk18on 1.78.0 is 
added.

The bundle bcpkix 1.77 is importing org.bouncycastle.util.io.pem (from bundle 
bcprov 1.77.0).
The bundle bcpkix-jdk18on 1.78.0 is NOT importing org.bouncycastle.util.io.pem:

package:imports| grep pem
org.bouncycastle.util.io.pem                            x [1.72.0,)           x 
           x 20  x bcpkix
org.bouncycastle.util.io.pem                            x [1.77.0,2.0.0)      x 
           x 46  x org.apache.karaf.shell.ssh

As mentioned at https://github.com/bcgit/bc-java/issues/1621, the bundle 
bcpkix-jdk18on 1.78.0 is missing multiple Import-Package entries from it's 
manifest.

However, as seen above, the Karaf Shell uses any version of 
org.bouncycastle.util.io.pem in the version range [1.77.0,2.0.0):
Because both bcpkix 1.77.0 and bcpkix-jdk18on 1.78.0 are within that version 
range, it seems to be random, which bundle is used.
When bcpkix 1.77.0 is picked up, connecting to the Karaf Shell is possible.
When bcpkix-jdk18on 1.78.0 is picked up, the exception listed above is thrown.

I hope, I was able to make it clear, what I mean.

Is there any way to force the Karaf Shell (org.apache.karaf.shell.ssh) to use 
bcpkix 1.77 every time?
Or is there any other workaround?

I would be grateful for any help.


Thanks
--
Jan Schulze

Reply via email to