10000 Update SSHD to version 1.7.0 and add support for EdDSA user keys by flaix · Pull Request #1427 · gitblit-org/gitblit · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Update SSHD to version 1.7.0 and add support for EdDSA user keys #1427

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Oct 16, 2022
Merged

Update SSHD to version 1.7.0 and add support for EdDSA user keys #1427

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0f3fdd8
upgrade to sshd 1.6.0, add eddsa dependency, upgrade jgit to 4.1.2
Jan 3, 2018
57365bf
Update dependency MINA SSHD to version 1.7.0
flaix Oct 8, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion .classpath
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,8 @@
<classpathentry kind="lib" path="ext/bcprov-jdk15on-1.57.jar" sourcepath="ext/src/bcprov-jdk15on-1.57.jar" />
<classpathentry kind="lib" path="ext/bcmail-jdk15on-1.57.jar" sourcepath="ext/src/bcmail-jdk15on-1.57.jar" />
<classpathentry kind="lib" path="ext/bcpkix-jdk15on-1.57.jar" sourcepath="ext/src/bcpkix-jdk15on-1.57.jar" />
<classpathentry kind="lib" path="ext/sshd-core-1.2.0.jar" sourcepath="ext/src/sshd-core-1.2.0.jar" />
<classpathentry kind="lib" path="ext/eddsa-0.2.0.jar" sourcepath="ext/src/eddsa-0.2.0.jar" />
<classpathentry kind="lib" path="ext/sshd-core-1.7.0.jar" sourcepath="ext/src/sshd-core-1.7.0.jar" />
<classpathentry kind="lib" path="ext/mina-core-2.0.21.jar" sourcepath="ext/src/mina-core-2.0.21.jar" />
<classpathentry kind="lib" path="ext/rome-0.9.jar" sourcepath="ext/src/rome-0.9.jar" />
<classpathentry kind="lib" path="ext/jdom-1.0.jar" sourcepath="ext/src/jdom-1.0.jar" />
Expand Down
3 changes: 2 additions & 1 deletion build.moxie
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@ properties: {
bouncycastle.version : 1.57
selenium.version : 2.28.0
wikitext.version : 1.4
sshd.version: 1.2.0
sshd.version: 1.7.0
mina.version: 2.0.21
guice.version : 4.0
# Gitblit maintains a fork of guice-servlet
Expand Down Expand Up @@ -163,6 +163,7 @@ dependencies:
- compile 'org.bouncycastle:bcprov-jdk15on:${bouncycastle.version}' :war
- compile 'org.bouncycastle:bcmail-jdk15on:${bouncycastle.version}' :war
- compile 'org.bouncycastle:bcpkix-jdk15on:${bouncycastle.version}' :war
- compile 'net.i2p.crypto:eddsa:0.2.0' :war !org.easymock
- compile 'org.apache.sshd:sshd-core:${sshd.version}' :war !org.easymock
- compile 'org.apache.mina:mina-core:${mina.version}' :war !org.easymock
- compile 'rome:rome:0.9' :war :manager :api
Expand Down
17 changes: 14 additions & 3 deletions gitblit.iml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -541,13 +541,24 @@
</library>
</orderEntry>
<orderEntry type="module-library">
<library name="sshd-core-1.2.0.jar">
<library name="eddsa-0.2.0.jar">
<CLASSES>
<root url="jar://$MODULE_DIR$/ext/sshd-core-1.2.0.jar!/" />
<root url="jar://$MODULE_DIR$/ext/eddsa-0.2.0.jar!/" />
</CLASSES>
<JAVADOC />
<SOURCES>
<root url="jar://$MODULE_DIR$/ext/src/sshd-core-1.2.0.jar!/" />
<root url="jar://$MODULE_DIR$/ext/src/eddsa-0.2.0.jar!/" />
</SOURCES>
</library>
</orderEntry>
<orderEntry type="module-library">
<library name="sshd-core-1.7.0.jar">
<CLASSES>
<root url="jar://$MODULE_DIR$/ext/sshd-core-1.7.0.jar!/" />
</CLASSES>
<JAVADOC />
<SOURCES>
<root url="jar://$MODULE_DIR$/ext/src/sshd-core-1.7.0.jar!/" />
</SOURCES>
</library>
</orderEntry>
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/com/gitblit/transport/ssh/FileKeyPairProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
import java.util.NoSuchElementException;

import org.apache.sshd.common.keyprovider.AbstractKeyPairProvider;
import org.apache.sshd.common.util.SecurityUtils;
import org.apache.sshd.common.util.security.SecurityUtils;
import org.bouncycastle.openssl.PEMDecryptorProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
Expand Down
32 changes: 16 additions & 16 deletions src/main/java/com/gitblit/transport/ssh/NonForwardingFilter.java
View file
Open in desktop
< 8000 tr data-hunk="cbc11d4128ccacf2b877d13b21bab133190c0941605444cf6ff67733f5d9eb19" class="show-top-border">
Original file line number Diff line number Diff line change
Expand Up @@ -21,23 +21,23 @@

public class NonForwardingFilter implements ForwardingFilter {

@Override
public boolean canConnect(Type type, SshdSocketAddress address, Session session) {
return false;
}
@Override
public boolean canConnect(Type type, SshdSocketAddress address, Session session) {
return false;
}

@Override
public boolean canForwardAgent(Session session) {
return false;
}
@Override
public boolean canForwardAgent(Session session, String requestType) {
return false;
}

@Override
public boolean canForwardX11(Session session) {
return false;
}
@Override
public boolean canForwardX11(Session session, String requestType) {
return false;
}

@Override
public boolean canListen(SshdSocketAddress address, Session session) {
return false;
}
@Override
public boolean canListen(SshdSocketAddress address, Session session) {
return false;
}
}
15 changes: 11 additions & 4 deletions src/main/java/com/gitblit/transport/ssh/SshDaemon.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,9 @@
import org.apache.sshd.common.io.IoServiceFactoryFactory;
import org.apache.sshd.common.io.mina.MinaServiceFactoryFactory;
import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory;
import org.apache.sshd.common.util.SecurityUtils;
import org.apache.sshd.common.util.security.SecurityUtils;
import org.apache.sshd.common.util.security.bouncycastle.BouncyCastleSecurityProviderRegistrar;
import org.apache.sshd.common.util.security.eddsa.EdDSASecurityProviderRegistrar;
import org.apache.sshd.server.SshServer;
import org.apache.sshd.server.auth.pubkey.CachingPublicKeyAuthenticator;
import org.bouncycastle.openssl.PEMWriter;
Expand Down Expand Up @@ -92,9 +94,14 @@ public SshDaemon(IGitblit gitblit, WorkQueue workQueue) {
6DAF IStoredSettings settings = gitblit.getSettings();

// Ensure that Bouncy Castle is our JCE provider
SecurityUtils.setRegisterBouncyCastle(true);
SecurityUtils.registerSecurityProvider(new BouncyCastleSecurityProviderRegistrar());
if (SecurityUtils.isBouncyCastleRegistered()) {
log.debug("BouncyCastle is registered as a JCE provider");
log.info("BouncyCastle is registered as a JCE provider");
}
// Add support for ED25519_SHA512
SecurityUtils.registerSecurityProvider(new EdDSASecurityProviderRegistrar());
if (SecurityUtils.isProviderRegistered("EdDSA")) {
log.info("EdDSA is registered as a JCE provider");
}

// Generate host RSA and DSA keypairs and create the host keypair provider
Expand Down Expand Up @@ -160,7 +167,7 @@ public SshDaemon(IGitblit gitblit, WorkQueue workQueue) {

sshd.setSessionFactory(new SshServerSessionFactory(sshd));
sshd.setFileSystemFactory(new DisabledFilesystemFactory());
sshd.setTcpipForwardingFilter(new NonForwardingFilter());
sshd.setForwardingFilter(new NonForwardingFilter());
sshd.setCommandFactory(new SshCommandFactory(gitblit, workQueue));
sshd.setShellFactory(new WelcomeShell(gitblit));

Expand Down
5 changes: 5 additions & 0 deletions src/main/java/com/gitblit/transport/ssh/WelcomeShell.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,11 @@ public Command create() {
return new SendMessage(gitblit);
}

@Override
public Command get() {
return create();
}

private static class SendMessage implements Command, SessionAware {

private final IPublicKeyManager km;
Expand Down
2 changes: 1 addition & 1 deletion src/test/java/com/gitblit/tests/LdapPublicKeyManagerTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
import java.util.List;
import java.util.Map;

import org.apache.sshd.common.util.SecurityUtils;
import org.apache.sshd.common.util.security.SecurityUtils;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
Expand Down
2 changes: 1 addition & 1 deletion src/test/java/com/gitblit/tests/SshUnitTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@
import org.apache.sshd.client.keyverifier.ServerKeyVerifier;
import org.apache.sshd.client.session.ClientSession;
import org.apache.sshd.common.config.keys.FilePasswordProvider;
import org.apache.sshd.common.util.SecurityUtils;
import org.apache.sshd.common.util.security.SecurityUtils;
import org.eclipse.jgit.lib.Config;
import org.eclipse.jgit.storage.file.FileBasedConfig;
import org.eclipse.jgit.util.FS;
Expand Down
0