This is an automated email from the ASF dual-hosted git repository.
lgoldstein pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git
commit 871e55bad4ffa2fee8fe3fb9a6d68743f99896d6
Author: Lyor Goldstein <lgoldst...@apache.org>
AuthorDate: Thu Oct 3 16:23:03 2019 +0300
[SSHD-945] Provide used key instance when invoking
AbstractSignature#doInitSignature
---
CHANGES.md | 2 ++
.../sshd/common/signature/AbstractSignature.java | 25 ++++++++++++++++------
.../sshd/common/signature/SignatureDSATest.java | 5 ++++-
.../common/signature/SignatureRSASHA1Test.java | 15 +++++++++----
4 files changed, 35 insertions(+), 12 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index 10f493f..fdaae65 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -50,6 +50,8 @@ occurs. The cache can be invalidated (and thus force a
re-load) by invoking `Mod
exchange via properties - see `DHGEXClient#PROP_DHGEX_CLIENT_MIN/MAX/PRF_KEY`.
Similar applies for `DHGEXServer` but only for
the message type=30 (old request).
+* `AbstractSignature#doInitSignature` is now provided also with the `Key`
instance for which it is invoked.
+
## Behavioral changes and enhancements
* [SSHD-926](https://issues.apache.org/jira/browse/SSHD-930) - Add support for
OpenSSH 'lsets...@openssh.com' SFTP protocol extension.
diff --git
a/sshd-common/src/main/java/org/apache/sshd/common/signature/AbstractSignature.java
b/sshd-common/src/main/java/org/apache/sshd/common/signature/AbstractSignature.java
index ef06d15..e94a691 100644
---
a/sshd-common/src/main/java/org/apache/sshd/common/signature/AbstractSignature.java
+++
b/sshd-common/src/main/java/org/apache/sshd/common/signature/AbstractSignature.java
@@ -20,6 +20,7 @@ package org.apache.sshd.common.signature;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
+import java.security.Key;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
@@ -41,7 +42,8 @@ public abstract class AbstractSignature implements Signature {
private final String algorithm;
protected AbstractSignature(String algorithm) {
- this.algorithm = ValidateUtils.checkNotNullAndNotEmpty(algorithm, "No
signature algorithm specified");
+ this.algorithm =
+ ValidateUtils.checkNotNullAndNotEmpty(algorithm, "No signature
algorithm specified");
}
@Override
@@ -53,12 +55,16 @@ public abstract class AbstractSignature implements
Signature {
* Initializes the internal signature instance
*
* @param algo The signature's algorithm
+ * @param the {@link Key} that is provided for initialization - a {@link
PrivateKey}
+ * for signing and a {@link PublicKey} for verification
* @param forSigning If {@code true} then it is being initialized for
signing,
* otherwise for verifying a signature
* @return The {@link java.security.Signature} instance
* @throws GeneralSecurityException if failed to initialize
*/
- protected java.security.Signature doInitSignature(String algo, boolean
forSigning) throws GeneralSecurityException {
+ protected java.security.Signature doInitSignature(
+ String algo, Key key, boolean forSigning)
+ throws GeneralSecurityException {
return SecurityUtils.getSignature(algo);
}
@@ -73,27 +79,31 @@ public abstract class AbstractSignature implements
Signature {
@Override
public byte[] sign() throws Exception {
- java.security.Signature signature =
Objects.requireNonNull(getSignature(), "Signature not initialized");
+ java.security.Signature signature =
+ Objects.requireNonNull(getSignature(), "Signature not
initialized");
return signature.sign();
}
@Override
public void initVerifier(PublicKey key) throws Exception {
String algo = getAlgorithm();
- signatureInstance = Objects.requireNonNull(doInitSignature(algo,
false), "No signature instance create");
+ signatureInstance = Objects.requireNonNull(
+ doInitSignature(algo, key, false), "No signature instance create");
signatureInstance.initVerify(Objects.requireNonNull(key, "No public
key provided"));
}
@Override
public void initSigner(PrivateKey key) throws Exception {
String algo = getAlgorithm();
- signatureInstance = Objects.requireNonNull(doInitSignature(algo,
true), "No signature instance create");
+ signatureInstance = Objects.requireNonNull(
+ doInitSignature(algo, key, true), "No signature instance create");
signatureInstance.initSign(Objects.requireNonNull(key, "No private key
provided"));
}
@Override
public void update(byte[] hash, int off, int len) throws Exception {
- java.security.Signature signature =
Objects.requireNonNull(getSignature(), "Signature not initialized");
+ java.security.Signature signature =
+ Objects.requireNonNull(getSignature(), "Signature not
initialized");
signature.update(hash, off, len);
}
@@ -138,7 +148,8 @@ public abstract class AbstractSignature implements
Signature {
}
protected boolean doVerify(byte[] data) throws SignatureException {
- java.security.Signature signature =
Objects.requireNonNull(getSignature(), "Signature not initialized");
+ java.security.Signature signature =
+ Objects.requireNonNull(getSignature(), "Signature not
initialized");
return signature.verify(data);
}
diff --git
a/sshd-common/src/test/java/org/apache/sshd/common/signature/SignatureDSATest.java
b/sshd-common/src/test/java/org/apache/sshd/common/signature/SignatureDSATest.java
index d9f507d..03a8199 100644
---
a/sshd-common/src/test/java/org/apache/sshd/common/signature/SignatureDSATest.java
+++
b/sshd-common/src/test/java/org/apache/sshd/common/signature/SignatureDSATest.java
@@ -20,6 +20,7 @@ package org.apache.sshd.common.signature;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
+import java.security.Key;
import java.security.KeyFactory;
import java.security.spec.DSAPublicKeySpec;
@@ -47,7 +48,9 @@ public class SignatureDSATest extends JUnitTestSupport {
KeyFactory kf = SecurityUtils.getKeyFactory(KeyUtils.DSS_ALGORITHM);
SignatureDSA signatureDSA = new SignatureDSA(KeyUtils.DSS_ALGORITHM) {
@Override
- protected java.security.Signature doInitSignature(String algo,
boolean forSigning) throws GeneralSecurityException {
+ protected java.security.Signature doInitSignature(
+ String algo, Key key, boolean forSigning)
+ throws GeneralSecurityException {
return java.security.Signature.getInstance(algo);
}
diff --git
a/sshd-common/src/test/java/org/apache/sshd/common/signature/SignatureRSASHA1Test.java
b/sshd-common/src/test/java/org/apache/sshd/common/signature/SignatureRSASHA1Test.java
index 38d9168..2644b1f 100644
---
a/sshd-common/src/test/java/org/apache/sshd/common/signature/SignatureRSASHA1Test.java
+++
b/sshd-common/src/test/java/org/apache/sshd/common/signature/SignatureRSASHA1Test.java
@@ -20,6 +20,7 @@ package org.apache.sshd.common.signature;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
+import java.security.Key;
import java.security.KeyFactory;
import java.security.Provider;
import java.security.PublicKey;
@@ -73,9 +74,12 @@ public class SignatureRSASHA1Test extends JUnitTestSupport {
public SignatureRSA create() {
return new SignatureRSASHA1() {
@Override
- protected java.security.Signature doInitSignature(String
algo, boolean forSigning) throws GeneralSecurityException {
+ protected java.security.Signature doInitSignature(
+ String algo, Key key, boolean forSigning)
+ throws GeneralSecurityException {
assertFalse("Signature not initialized for
verification", forSigning);
- java.security.Signature signature =
super.doInitSignature(algo, forSigning);
+ java.security.Signature signature =
+ super.doInitSignature(algo, key, forSigning);
if (SecurityUtils.isBouncyCastleRegistered()) {
Provider provider = signature.getProvider();
String name = provider.getName();
@@ -92,9 +96,12 @@ public class SignatureRSASHA1Test extends JUnitTestSupport {
public void testLeadingZeroesJCE() throws Throwable {
testLeadingZeroes(() -> new SignatureRSASHA1() {
@Override
- protected java.security.Signature doInitSignature(String algo,
boolean forSigning) throws GeneralSecurityException {
+ protected java.security.Signature doInitSignature(
+ String algo, Key key, boolean forSigning)
+ throws GeneralSecurityException {
assertFalse("Signature not initialized for verification",
forSigning);
- java.security.Signature signature =
java.security.Signature.getInstance(algo);
+ java.security.Signature signature =
+ java.security.Signature.getInstance(algo);
Provider provider = signature.getProvider();
String name = provider.getName();
assertNotEquals("BC provider used although not required",
SecurityUtils.BOUNCY_CASTLE, name);
