forked from apache/mina-sshd
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
apacheGH-636: Handle unknown key types in known_hosts
Harden the parser so that it can parse known_host and authorized_key lines with unknown key types. Introduce a new UnsupportedSshPublicKey class to be able to deal with such entries later on when the server host key is compared. (An alternative would have been not to create PublicKeys from known_host lines at all but to serialize the given server key into string form and then just compare against the string from the known_host line. But that is not possible without breaking API...) Such an UnsupportedSshPublicKey supports getting its key type, its raw key data, its fingerprint, and it can be written into a Buffer.
- Loading branch information
Showing
17 changed files
with
393 additions
and
46 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -35,7 +35,7 @@ | |
* @author <a href="mailto:[email protected]">Apache MINA SSHD Project</a> | ||
* @see <a href= "https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=HEAD">PROTOCOL.certkeys</a> | ||
*/ | ||
public interface OpenSshCertificate extends PublicKey, PrivateKey { | ||
public interface OpenSshCertificate extends SshPublicKey, PrivateKey { | ||
|
||
/** | ||
* {@link OpenSshCertificate}s have a type indicating whether the certificate if for a host key (certifying a host | ||
|
@@ -90,13 +90,6 @@ public static Type fromCode(int code) { | |
*/ | ||
byte[] getNonce(); | ||
|
||
/** | ||
* Retrieves the SSH key type of this certificate. | ||
* | ||
* @return the key type, for instance "[email protected]" | ||
*/ | ||
String getKeyType(); | ||
|
||
/** | ||
* Retrieves the certified public key. | ||
* | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
37 changes: 37 additions & 0 deletions
37
sshd-common/src/main/java/org/apache/sshd/common/config/keys/SshPublicKey.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
/* | ||
* Licensed to the Apache Software Foundation (ASF) under one | ||
* or more contributor license agreements. See the NOTICE file | ||
* distributed with this work for additional information | ||
* regarding copyright ownership. The ASF licenses this file | ||
* to you under the Apache License, Version 2.0 (the | ||
* "License"); you may not use this file except in compliance | ||
* with the License. You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, | ||
* software distributed under the License is distributed on an | ||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
* KIND, either express or implied. See the License for the | ||
* specific language governing permissions and limitations | ||
* under the License. | ||
*/ | ||
package org.apache.sshd.common.config.keys; | ||
|
||
import java.security.PublicKey; | ||
|
||
/** | ||
* A {@link PublicKey} that has an SSH key type. | ||
* | ||
* @author <a href="mailto:[email protected]">Apache MINA SSHD Project</a> | ||
*/ | ||
public interface SshPublicKey extends PublicKey { | ||
|
||
/** | ||
* Retrieves the SSH key type. | ||
* | ||
* @return the SSH key type, never {@code null}. | ||
*/ | ||
String getKeyType(); | ||
|
||
} |
91 changes: 91 additions & 0 deletions
91
sshd-common/src/main/java/org/apache/sshd/common/config/keys/UnsupportedSshPublicKey.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,91 @@ | ||
/* | ||
* Licensed to the Apache Software Foundation (ASF) under one | ||
* or more contributor license agreements. See the NOTICE file | ||
* distributed with this work for additional information | ||
* regarding copyright ownership. The ASF licenses this file | ||
* to you under the Apache License, Version 2.0 (the | ||
* "License"); you may not use this file except in compliance | ||
* with the License. You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, | ||
* software distributed under the License is distributed on an | ||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
* KIND, either express or implied. See the License for the | ||
* specific language governing permissions and limitations | ||
* under the License. | ||
*/ | ||
package org.apache.sshd.common.config.keys; | ||
|
||
import java.util.Arrays; | ||
import java.util.Objects; | ||
|
||
/** | ||
* A representation of an unsupported SSH public key -- just a key type and the raw key data. | ||
* | ||
* @author <a href="mailto:[email protected]">Apache MINA SSHD Project</a> | ||
*/ | ||
public class UnsupportedSshPublicKey implements SshPublicKey { | ||
|
||
private static final long serialVersionUID = -4870624671501562706L; | ||
|
||
private final String keyType; | ||
|
||
private final byte[] keyData; | ||
|
||
public UnsupportedSshPublicKey(String keyType, byte[] keyData) { | ||
this.keyType = keyType; | ||
this.keyData = keyData.clone(); | ||
} | ||
|
||
@Override | ||
public String getAlgorithm() { | ||
// Won't match any JCE algorithm. | ||
return getKeyType(); | ||
} | ||
|
||
@Override | ||
public String getFormat() { | ||
// We cannot produce an encoding for an unsupported key. | ||
return null; | ||
} | ||
|
||
@Override | ||
public byte[] getEncoded() { | ||
// We cannot produce an encoding for an unsupported key. | ||
return null; | ||
} | ||
|
||
@Override | ||
public String getKeyType() { | ||
return keyType; | ||
} | ||
|
||
/** | ||
* Retrieves the raw key bytes (serialized form). | ||
* | ||
* @return the key bytes | ||
*/ | ||
public byte[] getKeyData() { | ||
return keyData.clone(); | ||
} | ||
|
||
@Override | ||
public int hashCode() { | ||
return Arrays.hashCode(keyData) * 31 + Objects.hash(keyType); | ||
} | ||
|
||
@Override | ||
public boolean equals(Object obj) { | ||
if (this == obj) { | ||
return true; | ||
} | ||
if (!(obj instanceof UnsupportedSshPublicKey)) { | ||
return false; | ||
} | ||
UnsupportedSshPublicKey other = (UnsupportedSshPublicKey) obj; | ||
return Arrays.equals(keyData, other.keyData) && Objects.equals(keyType, other.keyType); | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.