This is an automated email from the ASF dual-hosted git repository.
lgoldstein pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git
commit c315d705663e4ae78a86cf94d2ea694c38d4c1c9
Author: Lyor Goldstein <lgoldst...@apache.org>
AuthorDate: Tue Oct 8 09:18:08 2019 +0300
[SSHD-945] Provide session context instance to the signature
generator/verifier
---
CHANGES.md | 3 ++
.../sshd/client/auth/pubkey/PublicKeyIdentity.java | 6 +++-
.../keys/impl/AbstractIdentityResourceLoader.java | 3 +-
.../sshd/common/signature/AbstractSignature.java | 21 +++++++-----
.../apache/sshd/common/signature/Signature.java | 28 +++++++++++-----
.../apache/sshd/common/signature/SignatureDSA.java | 19 +++++++----
.../sshd/common/signature/SignatureECDSA.java | 13 +++++---
.../apache/sshd/common/signature/SignatureRSA.java | 7 ++--
.../util/security/eddsa/SignatureEd25519.java | 6 ++--
.../sshd/common/signature/SignatureDSATest.java | 9 ++---
.../common/signature/SignatureRSASHA1Test.java | 13 ++++----
.../signature/SignatureVariantTestSupport.java | 21 +++++++-----
.../common/signature/SignaturesDevelopment.java | 12 +++----
.../util/security/eddsa/Ed25519VectorsTest.java | 24 +++++++-------
.../main/java/org/apache/sshd/agent/SshAgent.java | 4 ++-
.../sshd/agent/common/AbstractAgentClient.java | 3 +-
.../sshd/agent/common/AbstractAgentProxy.java | 3 +-
.../apache/sshd/agent/common/AgentDelegate.java | 5 +--
.../org/apache/sshd/agent/local/AgentImpl.java | 11 ++++---
.../client/auth/hostbased/UserAuthHostBased.java | 38 +++++++++++++---------
.../sshd/client/auth/pubkey/KeyAgentIdentity.java | 5 +--
.../sshd/client/auth/pubkey/KeyPairIdentity.java | 9 ++---
.../sshd/client/auth/pubkey/UserAuthPublicKey.java | 10 +++---
.../java/org/apache/sshd/client/kex/DHGClient.java | 6 ++--
.../org/apache/sshd/client/kex/DHGEXClient.java | 6 ++--
.../server/auth/hostbased/UserAuthHostBased.java | 24 +++++++-------
.../sshd/server/auth/pubkey/UserAuthPublicKey.java | 6 ++--
.../sshd/server/global/OpenSshHostKeysHandler.java | 13 ++++----
.../org/apache/sshd/server/kex/DHGEXServer.java | 6 ++--
.../java/org/apache/sshd/server/kex/DHGServer.java | 6 ++--
.../common/signature/SignatureFactoriesTest.java | 3 +-
.../org/apache/sshd/deprecated/UserAuthAgent.java | 2 +-
.../apache/sshd/deprecated/UserAuthPublicKey.java | 6 ++--
.../org/apache/sshd/util/test/BaseTestSupport.java | 23 +++++++++----
34 files changed, 221 insertions(+), 153 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index 02f2b7d..44229ab 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -34,6 +34,9 @@ the standard does not specifically specify the behavior
regarding symbolic links
* `KeyExchangeFactory` is a proper interface and it has been refactored to
contain a
`createKeyExchange` method that accepts the session instance through which the
request is made.
+* `Signature` methods accept a `SessionContext` argument representing the
session context
+of their invocation (if any)
+
## Minor code helpers
* `SessionListener` supports `sessionPeerIdentificationReceived` method that
is invoked once successful
diff --git
a/sshd-common/src/main/java/org/apache/sshd/client/auth/pubkey/PublicKeyIdentity.java
b/sshd-common/src/main/java/org/apache/sshd/client/auth/pubkey/PublicKeyIdentity.java
index 51444ae..9f055d3 100644
---
a/sshd-common/src/main/java/org/apache/sshd/client/auth/pubkey/PublicKeyIdentity.java
+++
b/sshd-common/src/main/java/org/apache/sshd/client/auth/pubkey/PublicKeyIdentity.java
@@ -20,6 +20,8 @@ package org.apache.sshd.client.auth.pubkey;
import java.security.PublicKey;
+import org.apache.sshd.common.session.SessionContext;
+
/**
* Represents a public key identity
*
@@ -34,9 +36,11 @@ public interface PublicKeyIdentity {
/**
* Proves the public key identity by signing the given data
*
+ * @param session The {@link SessionContext} for calling this method - may
+ * be {@code null} if not called within a session context
* @param data Data to sign
* @return Signed data - using the identity
* @throws Exception If failed to sign the data
*/
- byte[] sign(byte[] data) throws Exception;
+ byte[] sign(SessionContext session, byte[] data) throws Exception;
}
\ No newline at end of file
diff --git
a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/impl/AbstractIdentityResourceLoader.java
b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/impl/AbstractIdentityResourceLoader.java
index 4d7072a..1d34d56 100644
---
a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/impl/AbstractIdentityResourceLoader.java
+++
b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/impl/AbstractIdentityResourceLoader.java
@@ -42,7 +42,8 @@ public abstract class AbstractIdentityResourceLoader<PUB
extends PublicKey, PRV
private final Class<PRV> prvType;
private final NavigableSet<String> types;
- protected AbstractIdentityResourceLoader(Class<PUB> pubType, Class<PRV>
prvType, Collection<String> keyTypes) {
+ protected AbstractIdentityResourceLoader(
+ Class<PUB> pubType, Class<PRV> prvType, Collection<String>
keyTypes) {
this.pubType = Objects.requireNonNull(pubType, "No public key type
specified");
this.prvType = Objects.requireNonNull(prvType, "No private key type
specified");
this.types = Collections.unmodifiableNavigableSet(
diff --git
a/sshd-common/src/main/java/org/apache/sshd/common/signature/AbstractSignature.java
b/sshd-common/src/main/java/org/apache/sshd/common/signature/AbstractSignature.java
index e94a691..6fd0a37 100644
---
a/sshd-common/src/main/java/org/apache/sshd/common/signature/AbstractSignature.java
+++
b/sshd-common/src/main/java/org/apache/sshd/common/signature/AbstractSignature.java
@@ -27,6 +27,7 @@ import java.security.SignatureException;
import java.util.AbstractMap.SimpleImmutableEntry;
import java.util.Objects;
+import org.apache.sshd.common.session.SessionContext;
import org.apache.sshd.common.util.NumberUtils;
import org.apache.sshd.common.util.ValidateUtils;
import org.apache.sshd.common.util.buffer.BufferUtils;
@@ -54,7 +55,9 @@ public abstract class AbstractSignature implements Signature {
/**
* Initializes the internal signature instance
*
- * @param algo The signature's algorithm
+ * @param session The {@link SessionContext} for calling this method - may
+ * be {@code null} if not called within a session context
+ * @param algo The signature's algorithm name
* @param the {@link Key} that is provided for initialization - a {@link
PrivateKey}
* for signing and a {@link PublicKey} for verification
* @param forSigning If {@code true} then it is being initialized for
signing,
@@ -63,7 +66,7 @@ public abstract class AbstractSignature implements Signature {
* @throws GeneralSecurityException if failed to initialize
*/
protected java.security.Signature doInitSignature(
- String algo, Key key, boolean forSigning)
+ SessionContext session, String algo, Key key, boolean forSigning)
throws GeneralSecurityException {
return SecurityUtils.getSignature(algo);
}
@@ -71,37 +74,37 @@ public abstract class AbstractSignature implements
Signature {
/**
* @return The current {@link java.security.Signature} instance
* - {@code null} if not initialized
- * @see #doInitSignature(String, boolean)
+ * @see #doInitSignature(SessionContext, String, Key, boolean)
*/
protected java.security.Signature getSignature() {
return signatureInstance;
}
@Override
- public byte[] sign() throws Exception {
+ public byte[] sign(SessionContext session) throws Exception {
java.security.Signature signature =
Objects.requireNonNull(getSignature(), "Signature not
initialized");
return signature.sign();
}
@Override
- public void initVerifier(PublicKey key) throws Exception {
+ public void initVerifier(SessionContext session, PublicKey key) throws
Exception {
String algo = getAlgorithm();
signatureInstance = Objects.requireNonNull(
- doInitSignature(algo, key, false), "No signature instance create");
+ doInitSignature(session, algo, key, false), "No signature instance
create");
signatureInstance.initVerify(Objects.requireNonNull(key, "No public
key provided"));
}
@Override
- public void initSigner(PrivateKey key) throws Exception {
+ public void initSigner(SessionContext session, PrivateKey key) throws
Exception {
String algo = getAlgorithm();
signatureInstance = Objects.requireNonNull(
- doInitSignature(algo, key, true), "No signature instance create");
+ doInitSignature(session, algo, key, true), "No signature instance
create");
signatureInstance.initSign(Objects.requireNonNull(key, "No private key
provided"));
}
@Override
- public void update(byte[] hash, int off, int len) throws Exception {
+ public void update(SessionContext session, byte[] hash, int off, int len)
throws Exception {
java.security.Signature signature =
Objects.requireNonNull(getSignature(), "Signature not
initialized");
signature.update(hash, off, len);
diff --git
a/sshd-common/src/main/java/org/apache/sshd/common/signature/Signature.java
b/sshd-common/src/main/java/org/apache/sshd/common/signature/Signature.java
index 2c78ec1..e8a0862 100644
--- a/sshd-common/src/main/java/org/apache/sshd/common/signature/Signature.java
+++ b/sshd-common/src/main/java/org/apache/sshd/common/signature/Signature.java
@@ -22,6 +22,7 @@ import java.security.PrivateKey;
import java.security.PublicKey;
import org.apache.sshd.common.AlgorithmNameProvider;
+import org.apache.sshd.common.session.SessionContext;
import org.apache.sshd.common.util.NumberUtils;
/**
@@ -33,53 +34,64 @@ import org.apache.sshd.common.util.NumberUtils;
*/
public interface Signature extends AlgorithmNameProvider {
/**
+ * @param session The {@link SessionContext} for calling this method - may
+ * be {@code null} if not called within a session context
* @param key The {@link PublicKey} to be used for verifying signatures
* @throws Exception If failed to initialize
*/
- void initVerifier(PublicKey key) throws Exception;
+ void initVerifier(SessionContext session, PublicKey key) throws Exception;
/**
+ * @param session The {@link SessionContext} for calling this method - may
+ * be {@code null} if not called within a session context
* @param key The {@link PrivateKey} to be used for signing
* @throws Exception If failed to initialize
*/
- void initSigner(PrivateKey key) throws Exception;
+ void initSigner(SessionContext session, PrivateKey key) throws Exception;
/**
* Update the computed signature with the given data
*
+ * @param session The {@link SessionContext} for calling this method - may
+ * be {@code null} if not called within a session context
* @param hash The hash data buffer
* @throws Exception If failed to update
* @see #update(byte[], int, int)
*/
- default void update(byte[] hash) throws Exception {
- update(hash, 0, NumberUtils.length(hash));
+ default void update(SessionContext session, byte[] hash) throws Exception {
+ update(session, hash, 0, NumberUtils.length(hash));
}
/**
* Update the computed signature with the given data
*
+ * @param session The {@link SessionContext} for calling this method - may
+ * be {@code null} if not called within a session context
* @param hash The hash data buffer
* @param off Offset of hash data in buffer
* @param len Length of hash data
* @throws Exception If failed to update
*/
- void update(byte[] hash, int off, int len) throws Exception;
+ void update(SessionContext session, byte[] hash, int off, int len) throws
Exception;
/**
* Verify against the given signature
*
+ * @param session The {@link SessionContext} for calling this method - may
+ * be {@code null} if not called within a session context
* @param sig The signed data
* @return {@code true} if signature is valid
* @throws Exception If failed to extract signed data for validation
*/
- boolean verify(byte[] sig) throws Exception;
+ boolean verify(SessionContext session, byte[] sig) throws Exception;
/**
* Compute the signature
*
+ * @param session The {@link SessionContext} for calling this method - may
+ * be {@code null} if not called within a session context
* @return The signature value
* @throws Exception If failed to calculate the signature
*/
- byte[] sign() throws Exception;
-
+ byte[] sign(SessionContext session) throws Exception;
}
diff --git
a/sshd-common/src/main/java/org/apache/sshd/common/signature/SignatureDSA.java
b/sshd-common/src/main/java/org/apache/sshd/common/signature/SignatureDSA.java
index c7c9c9e..eca237d 100644
---
a/sshd-common/src/main/java/org/apache/sshd/common/signature/SignatureDSA.java
+++
b/sshd-common/src/main/java/org/apache/sshd/common/signature/SignatureDSA.java
@@ -24,6 +24,7 @@ import java.security.SignatureException;
import java.util.Map;
import org.apache.sshd.common.keyprovider.KeyPairProvider;
+import org.apache.sshd.common.session.SessionContext;
import org.apache.sshd.common.util.NumberUtils;
import org.apache.sshd.common.util.ValidateUtils;
import org.apache.sshd.common.util.buffer.BufferUtils;
@@ -52,13 +53,14 @@ public class SignatureDSA extends AbstractSignature {
}
@Override
- public byte[] sign() throws Exception {
- byte[] sig = super.sign();
+ public byte[] sign(SessionContext session) throws Exception {
+ byte[] sig = super.sign(session);
try (DERParser parser = new DERParser(sig)) {
int type = parser.read();
if (type != 0x30) {
- throw new StreamCorruptedException("Invalid signature format -
not a DER SEQUENCE: 0x" + Integer.toHexString(type));
+ throw new StreamCorruptedException(
+ "Invalid signature format - not a DER SEQUENCE: 0x" +
Integer.toHexString(type));
}
// length of remaining encoding of the 2 integers
@@ -71,7 +73,8 @@ public class SignatureDSA extends AbstractSignature {
* - at least one byte of integer data (zero length is not an
option)
*/
if (remainLen < (2 * 3)) {
- throw new StreamCorruptedException("Invalid signature format -
not enough encoded data length: " + remainLen);
+ throw new StreamCorruptedException(
+ "Invalid signature format - not enough encoded data
length: " + remainLen);
}
BigInteger r = parser.readBigInteger();
@@ -94,7 +97,7 @@ public class SignatureDSA extends AbstractSignature {
}
@Override
- public boolean verify(byte[] sig) throws Exception {
+ public boolean verify(SessionContext session, byte[] sig) throws Exception
{
int sigLen = NumberUtils.length(sig);
byte[] data = sig;
@@ -103,14 +106,16 @@ public class SignatureDSA extends AbstractSignature {
Map.Entry<String, byte[]> encoding = extractEncodedSignature(sig);
if (encoding != null) {
String keyType = encoding.getKey();
-
ValidateUtils.checkTrue(KeyPairProvider.SSH_DSS.equals(keyType), "Mismatched
key type: %s", keyType);
+ ValidateUtils.checkTrue(
+ KeyPairProvider.SSH_DSS.equals(keyType), "Mismatched key
type: %s", keyType);
data = encoding.getValue();
sigLen = NumberUtils.length(data);
}
}
if (sigLen != DSA_SIGNATURE_LENGTH) {
- throw new SignatureException("Bad signature length (" + sigLen + "
instead of " + DSA_SIGNATURE_LENGTH + ")"
+ throw new SignatureException(
+ "Bad signature length (" + sigLen + " instead of " +
DSA_SIGNATURE_LENGTH + ")"
+ " for " + BufferUtils.toHex(':', data));
}
diff --git
a/sshd-common/src/main/java/org/apache/sshd/common/signature/SignatureECDSA.java
b/sshd-common/src/main/java/org/apache/sshd/common/signature/SignatureECDSA.java
index 56964d3..b9d8a16 100644
---
a/sshd-common/src/main/java/org/apache/sshd/common/signature/SignatureECDSA.java
+++
b/sshd-common/src/main/java/org/apache/sshd/common/signature/SignatureECDSA.java
@@ -23,6 +23,7 @@ import java.math.BigInteger;
import java.util.Map;
import org.apache.sshd.common.cipher.ECCurves;
+import org.apache.sshd.common.session.SessionContext;
import org.apache.sshd.common.util.ValidateUtils;
import org.apache.sshd.common.util.buffer.Buffer;
import org.apache.sshd.common.util.buffer.ByteArrayBuffer;
@@ -65,13 +66,14 @@ public class SignatureECDSA extends AbstractSignature {
}
@Override
- public byte[] sign() throws Exception {
- byte[] sig = super.sign();
+ public byte[] sign(SessionContext session) throws Exception {
+ byte[] sig = super.sign(session);
try (DERParser parser = new DERParser(sig)) {
int type = parser.read();
if (type != 0x30) {
- throw new StreamCorruptedException("Invalid signature format -
not a DER SEQUENCE: 0x" + Integer.toHexString(type));
+ throw new StreamCorruptedException(
+ "Invalid signature format - not a DER SEQUENCE: 0x" +
Integer.toHexString(type));
}
// length of remaining encoding of the 2 integers
@@ -84,7 +86,8 @@ public class SignatureECDSA extends AbstractSignature {
* - at least one byte of integer data (zero length is not an
option)
*/
if (remainLen < (2 * 3)) {
- throw new StreamCorruptedException("Invalid signature format -
not enough encoded data length: " + remainLen);
+ throw new StreamCorruptedException(
+ "Invalid signature format - not enough encoded data
length: " + remainLen);
}
BigInteger r = parser.readBigInteger();
@@ -99,7 +102,7 @@ public class SignatureECDSA extends AbstractSignature {
}
@Override
- public boolean verify(byte[] sig) throws Exception {
+ public boolean verify(SessionContext session, byte[] sig) throws Exception
{
byte[] data = sig;
Map.Entry<String, byte[]> encoding = extractEncodedSignature(data);
if (encoding != null) {
diff --git
a/sshd-common/src/main/java/org/apache/sshd/common/signature/SignatureRSA.java
b/sshd-common/src/main/java/org/apache/sshd/common/signature/SignatureRSA.java
index 23cc46c..b0fb2fe 100644
---
a/sshd-common/src/main/java/org/apache/sshd/common/signature/SignatureRSA.java
+++
b/sshd-common/src/main/java/org/apache/sshd/common/signature/SignatureRSA.java
@@ -25,6 +25,7 @@ import java.util.Map;
import org.apache.sshd.common.config.keys.KeyUtils;
import org.apache.sshd.common.keyprovider.KeyPairProvider;
+import org.apache.sshd.common.session.SessionContext;
import org.apache.sshd.common.util.ValidateUtils;
/**
@@ -49,8 +50,8 @@ public abstract class SignatureRSA extends AbstractSignature {
}
@Override
- public void initVerifier(PublicKey key) throws Exception {
- super.initVerifier(key);
+ public void initVerifier(SessionContext session, PublicKey key) throws
Exception {
+ super.initVerifier(session, key);
RSAKey rsaKey = ValidateUtils.checkInstanceOf(key, RSAKey.class, "Not
an RSA key");
verifierSignatureSize = getVerifierSignatureSize(rsaKey);
}
@@ -61,7 +62,7 @@ public abstract class SignatureRSA extends AbstractSignature {
}
@Override
- public boolean verify(byte[] sig) throws Exception {
+ public boolean verify(SessionContext session, byte[] sig) throws Exception
{
byte[] data = sig;
Map.Entry<String, byte[]> encoding = extractEncodedSignature(data);
if (encoding != null) {
diff --git
a/sshd-common/src/main/java/org/apache/sshd/common/util/security/eddsa/SignatureEd25519.java
b/sshd-common/src/main/java/org/apache/sshd/common/util/security/eddsa/SignatureEd25519.java
index 012be95..3ae42cb 100644
---
a/sshd-common/src/main/java/org/apache/sshd/common/util/security/eddsa/SignatureEd25519.java
+++
b/sshd-common/src/main/java/org/apache/sshd/common/util/security/eddsa/SignatureEd25519.java
@@ -21,6 +21,7 @@ package org.apache.sshd.common.util.security.eddsa;
import java.util.Map;
import org.apache.sshd.common.keyprovider.KeyPairProvider;
+import org.apache.sshd.common.session.SessionContext;
import org.apache.sshd.common.signature.AbstractSignature;
import org.apache.sshd.common.util.ValidateUtils;
@@ -35,12 +36,13 @@ public class SignatureEd25519 extends AbstractSignature {
}
@Override
- public boolean verify(byte[] sig) throws Exception {
+ public boolean verify(SessionContext session, byte[] sig) throws Exception
{
byte[] data = sig;
Map.Entry<String, byte[]> encoding = extractEncodedSignature(data);
if (encoding != null) {
String keyType = encoding.getKey();
-
ValidateUtils.checkTrue(KeyPairProvider.SSH_ED25519.equals(keyType),
"Mismatched key type: %s", keyType);
+ ValidateUtils.checkTrue(
+ KeyPairProvider.SSH_ED25519.equals(keyType), "Mismatched key
type: %s", keyType);
data = encoding.getValue();
}
diff --git
a/sshd-common/src/test/java/org/apache/sshd/common/signature/SignatureDSATest.java
b/sshd-common/src/test/java/org/apache/sshd/common/signature/SignatureDSATest.java
index 03a8199..86b2fb2 100644
---
a/sshd-common/src/test/java/org/apache/sshd/common/signature/SignatureDSATest.java
+++
b/sshd-common/src/test/java/org/apache/sshd/common/signature/SignatureDSATest.java
@@ -25,6 +25,7 @@ import java.security.KeyFactory;
import java.security.spec.DSAPublicKeySpec;
import org.apache.sshd.common.config.keys.KeyUtils;
+import org.apache.sshd.common.session.SessionContext;
import org.apache.sshd.common.util.security.SecurityUtils;
import org.apache.sshd.util.test.JUnitTestSupport;
import org.apache.sshd.util.test.NoIoTestCase;
@@ -49,7 +50,7 @@ public class SignatureDSATest extends JUnitTestSupport {
SignatureDSA signatureDSA = new SignatureDSA(KeyUtils.DSS_ALGORITHM) {
@Override
protected java.security.Signature doInitSignature(
- String algo, Key key, boolean forSigning)
+ SessionContext session, String algo, Key key, boolean
forSigning)
throws GeneralSecurityException {
return java.security.Signature.getInstance(algo);
@@ -94,18 +95,18 @@ public class SignatureDSATest extends JUnitTestSupport {
BigInteger bigG = new BigInteger(g);
DSAPublicKeySpec dsaPublicKey = new DSAPublicKeySpec(bigY, bigP, bigQ,
bigG);
- signatureDSA.initVerifier(kf.generatePublic(dsaPublicKey));
+ signatureDSA.initVerifier(null, kf.generatePublic(dsaPublicKey));
byte[] h = new byte[] {
-4, 111, -103, 111, 72, -106, 105, -19, 81, -123, 84, -13, -40,
-53, -3,
-97, -8, 43, -22, -2, -23, -15, 28, 116, -63, 96, -79, -127, -84,
63, -6, -94 };
- signatureDSA.update(h);
+ signatureDSA.update(null, h);
byte[] sig_of_h = new byte[] {
0, 0, 0, 7, 115, 115, 104, 45, 100, 115, 115, 0, 0, 0, 40, 0, 79,
84, 118, -50, 11, -117, -112, 52, -25, -78, -50, -20, 6, -69, -26,
7, 90, -34, -124, 80, 76, -32, -23, -8, 43, 38, -48, -89, -17, -60,
-1, -78, 112, -88, 14, -39, -78, -98, -80 };
- boolean verified = signatureDSA.verify(sig_of_h);
+ boolean verified = signatureDSA.verify(null, sig_of_h);
assertTrue(verified);
}
diff --git
a/sshd-common/src/test/java/org/apache/sshd/common/signature/SignatureRSASHA1Test.java
b/sshd-common/src/test/java/org/apache/sshd/common/signature/SignatureRSASHA1Test.java
index 2644b1f..74de8fe 100644
---
a/sshd-common/src/test/java/org/apache/sshd/common/signature/SignatureRSASHA1Test.java
+++
b/sshd-common/src/test/java/org/apache/sshd/common/signature/SignatureRSASHA1Test.java
@@ -30,6 +30,7 @@ import java.util.Map;
import org.apache.sshd.common.Factory;
import org.apache.sshd.common.config.keys.KeyUtils;
+import org.apache.sshd.common.session.SessionContext;
import org.apache.sshd.common.util.security.SecurityUtils;
import org.apache.sshd.util.test.JUnitTestSupport;
import org.apache.sshd.util.test.NoIoTestCase;
@@ -75,11 +76,11 @@ public class SignatureRSASHA1Test extends JUnitTestSupport {
return new SignatureRSASHA1() {
@Override
protected java.security.Signature doInitSignature(
- String algo, Key key, boolean forSigning)
+ SessionContext session, String algo, Key key,
boolean forSigning)
throws GeneralSecurityException {
assertFalse("Signature not initialized for
verification", forSigning);
java.security.Signature signature =
- super.doInitSignature(algo, key, forSigning);
+ super.doInitSignature(session, algo, key,
forSigning);
if (SecurityUtils.isBouncyCastleRegistered()) {
Provider provider = signature.getProvider();
String name = provider.getName();
@@ -97,7 +98,7 @@ public class SignatureRSASHA1Test extends JUnitTestSupport {
testLeadingZeroes(() -> new SignatureRSASHA1() {
@Override
protected java.security.Signature doInitSignature(
- String algo, Key key, boolean forSigning)
+ SessionContext session, String algo, Key key, boolean
forSigning)
throws GeneralSecurityException {
assertFalse("Signature not initialized for verification",
forSigning);
java.security.Signature signature =
@@ -112,7 +113,7 @@ public class SignatureRSASHA1Test extends JUnitTestSupport {
private void testLeadingZeroes(Factory<? extends SignatureRSA> factory)
throws Exception {
SignatureRSA rsa = factory.create();
- rsa.initVerifier(testKey);
+ rsa.initVerifier(null, testKey);
int vSize = rsa.getVerifierSignatureSize();
assertTrue("Verifier signature size not initialized", vSize > 0);
@@ -123,7 +124,7 @@ public class SignatureRSASHA1Test extends JUnitTestSupport {
byte[] data = encoding.getValue();
assertTrue("Signature data size (" + data.length + ") not below
verifier size (" + vSize + ")", data.length < vSize);
- rsa.update(TEST_MSG);
- assertTrue("Failed to verify", rsa.verify(TEST_SIGNATURE));
+ rsa.update(null, TEST_MSG);
+ assertTrue("Failed to verify", rsa.verify(null, TEST_SIGNATURE));
}
}
diff --git
a/sshd-common/src/test/java/org/apache/sshd/common/signature/SignatureVariantTestSupport.java
b/sshd-common/src/test/java/org/apache/sshd/common/signature/SignatureVariantTestSupport.java
index ede85e8..e8785eb 100644
---
a/sshd-common/src/test/java/org/apache/sshd/common/signature/SignatureVariantTestSupport.java
+++
b/sshd-common/src/test/java/org/apache/sshd/common/signature/SignatureVariantTestSupport.java
@@ -48,29 +48,32 @@ public abstract class SignatureVariantTestSupport extends
JUnitTestSupport {
Assume.assumeTrue("Unsupported factory: " + factory,
factory.isSupported());
}
- protected static KeyPair initializeSigningKeyPair(String algorithm) throws
IOException, GeneralSecurityException {
+ protected static KeyPair initializeSigningKeyPair(String algorithm)
+ throws IOException, GeneralSecurityException {
String resourceKey = ClientIdentity.getIdentityFileName(algorithm);
URL urlKeyPair =
SignatureVariantTestSupport.class.getResource(resourceKey);
assertNotNull("Missing key-pair resource: " + resourceKey, urlKeyPair);
try (InputStream stream = urlKeyPair.openStream()) {
Iterable<KeyPair> ids =
- SecurityUtils.loadKeyPairIdentities(null,
NamedResource.ofName(resourceKey), stream, null);
+ SecurityUtils.loadKeyPairIdentities(
+ null, NamedResource.ofName(resourceKey), stream, null);
return GenericUtils.head(ids);
}
}
@Test
public void testSignature() throws Exception {
- byte[] data = (getClass().getName() + "#" +
getCurrentTestName()).getBytes(StandardCharsets.UTF_8);
+ byte[] data = (getClass().getName() + "#" + getCurrentTestName())
+ .getBytes(StandardCharsets.UTF_8);
Signature signer = factory.create();
- signer.initSigner(kp.getPrivate());
- signer.update(data);
+ signer.initSigner(null, kp.getPrivate());
+ signer.update(null, data);
- byte[] signature = signer.sign();
+ byte[] signature = signer.sign(null);
Signature verifier = factory.create();
- verifier.initVerifier(kp.getPublic());
- verifier.update(data);
- verifier.verify(signature);
+ verifier.initVerifier(null, kp.getPublic());
+ verifier.update(null, data);
+ verifier.verify(null, signature);
}
@Override
diff --git
a/sshd-common/src/test/java/org/apache/sshd/common/signature/SignaturesDevelopment.java
b/sshd-common/src/test/java/org/apache/sshd/common/signature/SignaturesDevelopment.java
index 2e15341..ed27247 100644
---
a/sshd-common/src/test/java/org/apache/sshd/common/signature/SignaturesDevelopment.java
+++
b/sshd-common/src/test/java/org/apache/sshd/common/signature/SignaturesDevelopment.java
@@ -44,14 +44,14 @@ public class SignaturesDevelopment extends JUnitTestSupport
{
throws Exception {
Signature signer = factory.create();
if (generateSignature) {
- signer.initSigner(kp.getPrivate());
- signer.update(data);
- signature = signer.sign();
+ signer.initSigner(null, kp.getPrivate());
+ signer.update(null, data);
+ signature = signer.sign(null);
System.out.append('\t').append("Signature:
").println(BufferUtils.toHex(':', signature));
} else {
- signer.initVerifier(kp.getPublic());
- signer.update(data);
- if (signer.verify(signature)) {
+ signer.initVerifier(null, kp.getPublic());
+ signer.update(null, data);
+ if (signer.verify(null, signature)) {
System.out.append('\t').println("Valid signature");
} else {
System.err.append('\t').println("Invalid signature");
diff --git
a/sshd-common/src/test/java/org/apache/sshd/common/util/security/eddsa/Ed25519VectorsTest.java
b/sshd-common/src/test/java/org/apache/sshd/common/util/security/eddsa/Ed25519VectorsTest.java
index cfebb85..490fdfd 100644
---
a/sshd-common/src/test/java/org/apache/sshd/common/util/security/eddsa/Ed25519VectorsTest.java
+++
b/sshd-common/src/test/java/org/apache/sshd/common/util/security/eddsa/Ed25519VectorsTest.java
@@ -202,16 +202,16 @@ public class Ed25519VectorsTest extends JUnitTestSupport {
@Test
public void testSignature() throws Exception {
Signature signer = EdDSASecurityProviderUtils.getEDDSASignature();
- signer.initSigner(privateKey);
- signer.update(msgBytes.clone());
+ signer.initSigner(null, privateKey);
+ signer.update(null, msgBytes.clone());
- byte[] actSignature = signer.sign();
+ byte[] actSignature = signer.sign(null);
assertArrayEquals("Mismatched signature", expSignature, actSignature);
Signature verifier = EdDSASecurityProviderUtils.getEDDSASignature();
- verifier.initVerifier(publicKey);
- verifier.update(msgBytes.clone());
- assertTrue("Verification failed", verifier.verify(expSignature));
+ verifier.initVerifier(null, publicKey);
+ verifier.update(null, msgBytes.clone());
+ assertTrue("Verification failed", verifier.verify(null, expSignature));
}
@Test
@@ -224,15 +224,15 @@ public class Ed25519VectorsTest extends JUnitTestSupport {
System.arraycopy(extraData, offset, dataBuf, offset + msgBytes.length,
extraData.length - offset);
Signature signer = EdDSASecurityProviderUtils.getEDDSASignature();
- signer.initSigner(privateKey);
- signer.update(dataBuf.clone(), offset, msgBytes.length);
+ signer.initSigner(null, privateKey);
+ signer.update(null, dataBuf.clone(), offset, msgBytes.length);
- byte[] actSignature = signer.sign();
+ byte[] actSignature = signer.sign(null);
assertArrayEquals("Mismatched signature", expSignature, actSignature);
Signature verifier = EdDSASecurityProviderUtils.getEDDSASignature();
- verifier.initVerifier(publicKey);
- verifier.update(dataBuf.clone(), offset, msgBytes.length);
- assertTrue("Verification failed", verifier.verify(expSignature));
+ verifier.initVerifier(null, publicKey);
+ verifier.update(null, dataBuf.clone(), offset, msgBytes.length);
+ assertTrue("Verification failed", verifier.verify(null, expSignature));
}
}
diff --git a/sshd-core/src/main/java/org/apache/sshd/agent/SshAgent.java
b/sshd-core/src/main/java/org/apache/sshd/agent/SshAgent.java
index c9ce8e7..7e286f5 100644
--- a/sshd-core/src/main/java/org/apache/sshd/agent/SshAgent.java
+++ b/sshd-core/src/main/java/org/apache/sshd/agent/SshAgent.java
@@ -23,6 +23,8 @@ import java.security.KeyPair;
import java.security.PublicKey;
import java.util.Map;
+import org.apache.sshd.common.session.SessionContext;
+
/**
* SSH key agent server
*/
@@ -32,7 +34,7 @@ public interface SshAgent extends java.nio.channels.Channel {
Iterable<? extends Map.Entry<PublicKey, String>> getIdentities() throws
IOException;
- byte[] sign(PublicKey key, byte[] data) throws IOException;
+ byte[] sign(SessionContext session, PublicKey key, byte[] data) throws
IOException;
void addIdentity(KeyPair key, String comment) throws IOException;
diff --git
a/sshd-core/src/main/java/org/apache/sshd/agent/common/AbstractAgentClient.java
b/sshd-core/src/main/java/org/apache/sshd/agent/common/AbstractAgentClient.java
index c614494..e50891c 100644
---
a/sshd-core/src/main/java/org/apache/sshd/agent/common/AbstractAgentClient.java
+++
b/sshd-core/src/main/java/org/apache/sshd/agent/common/AbstractAgentClient.java
@@ -135,7 +135,7 @@ public abstract class AbstractAgentClient extends
AbstractLoggingBean {
KeyUtils.getKeyType(signingKey),
"Cannot resolve key type of %s",
signingKey.getClass().getSimpleName());
- byte[] signature = agent.sign(signingKey, data);
+ byte[] signature = agent.sign(null, signingKey, data);
Buffer sig = new ByteArrayBuffer(keyType.length() +
signature.length + Long.SIZE, false);
sig.putString(keyType);
sig.putBytes(signature);
@@ -187,5 +187,4 @@ public abstract class AbstractAgentClient extends
AbstractLoggingBean {
}
protected abstract void reply(Buffer buf) throws IOException;
-
}
diff --git
a/sshd-core/src/main/java/org/apache/sshd/agent/common/AbstractAgentProxy.java
b/sshd-core/src/main/java/org/apache/sshd/agent/common/AbstractAgentProxy.java
index 574e8b2..6926dce 100644
---
a/sshd-core/src/main/java/org/apache/sshd/agent/common/AbstractAgentProxy.java
+++
b/sshd-core/src/main/java/org/apache/sshd/agent/common/AbstractAgentProxy.java
@@ -32,6 +32,7 @@ import org.apache.sshd.agent.SshAgentConstants;
import org.apache.sshd.common.FactoryManager;
import org.apache.sshd.common.SshException;
import org.apache.sshd.common.config.keys.KeyUtils;
+import org.apache.sshd.common.session.SessionContext;
import org.apache.sshd.common.util.GenericUtils;
import org.apache.sshd.common.util.buffer.Buffer;
import org.apache.sshd.common.util.buffer.BufferUtils;
@@ -102,7 +103,7 @@ public abstract class AbstractAgentProxy extends
AbstractLoggingBean implements
}
@Override
- public byte[] sign(PublicKey key, byte[] data) throws IOException {
+ public byte[] sign(SessionContext session, PublicKey key, byte[] data)
throws IOException {
int cmd = SshAgentConstants.SSH2_AGENTC_SIGN_REQUEST;
int okcmd = SshAgentConstants.SSH2_AGENT_SIGN_RESPONSE;
if (FactoryManager.AGENT_FORWARDING_TYPE_IETF.equals(channelType)) {
diff --git
a/sshd-core/src/main/java/org/apache/sshd/agent/common/AgentDelegate.java
b/sshd-core/src/main/java/org/apache/sshd/agent/common/AgentDelegate.java
index 8d1c488..4d55ca5 100644
--- a/sshd-core/src/main/java/org/apache/sshd/agent/common/AgentDelegate.java
+++ b/sshd-core/src/main/java/org/apache/sshd/agent/common/AgentDelegate.java
@@ -24,6 +24,7 @@ import java.security.PublicKey;
import java.util.Map;
import org.apache.sshd.agent.SshAgent;
+import org.apache.sshd.common.session.SessionContext;
public class AgentDelegate implements SshAgent {
@@ -49,8 +50,8 @@ public class AgentDelegate implements SshAgent {
}
@Override
- public byte[] sign(PublicKey key, byte[] data) throws IOException {
- return agent.sign(key, data);
+ public byte[] sign(SessionContext session, PublicKey key, byte[] data)
throws IOException {
+ return agent.sign(session, key, data);
}
@Override
diff --git a/sshd-core/src/main/java/org/apache/sshd/agent/local/AgentImpl.java
b/sshd-core/src/main/java/org/apache/sshd/agent/local/AgentImpl.java
index e230be6..8fd07b5 100644
--- a/sshd-core/src/main/java/org/apache/sshd/agent/local/AgentImpl.java
+++ b/sshd-core/src/main/java/org/apache/sshd/agent/local/AgentImpl.java
@@ -36,6 +36,7 @@ import java.util.concurrent.atomic.AtomicBoolean;
import org.apache.sshd.agent.SshAgent;
import org.apache.sshd.common.SshException;
import org.apache.sshd.common.config.keys.KeyUtils;
+import org.apache.sshd.common.session.SessionContext;
import org.apache.sshd.common.signature.BuiltinSignatures;
import org.apache.sshd.common.signature.Signature;
import org.apache.sshd.common.util.GenericUtils;
@@ -69,7 +70,7 @@ public class AgentImpl implements SshAgent {
}
@Override
- public byte[] sign(PublicKey key, byte[] data) throws IOException {
+ public byte[] sign(SessionContext session, PublicKey key, byte[] data)
throws IOException {
if (!isOpen()) {
throw new SshException("Agent closed");
}
@@ -79,7 +80,7 @@ public class AgentImpl implements SshAgent {
KeyPair kp = ValidateUtils.checkNotNull(pp.getKey(), "No key pair
for agent=%s", pp.getValue());
PublicKey pubKey = ValidateUtils.checkNotNull(kp.getPublic(), "No
public key for agent=%s", pp.getValue());
- final Signature verif;
+ Signature verif;
if (pubKey instanceof DSAPublicKey) {
verif = BuiltinSignatures.dsa.create();
} else if (pubKey instanceof ECPublicKey) {
@@ -92,9 +93,9 @@ public class AgentImpl implements SshAgent {
} else {
throw new InvalidKeySpecException("Unsupported key type: " +
pubKey.getClass().getSimpleName());
}
- verif.initSigner(kp.getPrivate());
- verif.update(data);
- return verif.sign();
+ verif.initSigner(session, kp.getPrivate());
+ verif.update(session, data);
+ return verif.sign(session);
} catch (IOException e) {
throw e;
} catch (Exception e) {
diff --git
a/sshd-core/src/main/java/org/apache/sshd/client/auth/hostbased/UserAuthHostBased.java
b/sshd-core/src/main/java/org/apache/sshd/client/auth/hostbased/UserAuthHostBased.java
index 1204fdd..4e8c92e 100644
---
a/sshd-core/src/main/java/org/apache/sshd/client/auth/hostbased/UserAuthHostBased.java
+++
b/sshd-core/src/main/java/org/apache/sshd/client/auth/hostbased/UserAuthHostBased.java
@@ -109,7 +109,7 @@ public class UserAuthHostBased extends AbstractUserAuth
implements SignatureFact
String keyType = KeyUtils.getKeyType(pub);
if (log.isTraceEnabled()) {
log.trace("sendAuthDataRequest({})[{}][{}] current key details:
type={}, fingerprint={}",
- session, service, name, keyType,
KeyUtils.getFingerPrint(pub));
+ session, service, name, keyType,
KeyUtils.getFingerPrint(pub));
}
Collection<NamedFactory<Signature>> factories =
@@ -118,9 +118,9 @@ public class UserAuthHostBased extends AbstractUserAuth
implements SignatureFact
"No signature factories for session=%s",
session);
Signature verifier = ValidateUtils.checkNotNull(
- NamedFactory.create(factories, keyType),
- "No signer could be located for key type=%s",
- keyType);
+ NamedFactory.create(factories, keyType),
+ "No signer could be located for key type=%s",
+ keyType);
byte[] id = session.getSessionId();
String username = session.getUsername();
@@ -128,12 +128,13 @@ public class UserAuthHostBased extends AbstractUserAuth
implements SignatureFact
String clientHostname = resolveClientHostname();
if (debugEnabled) {
log.debug("sendAuthDataRequest({})[{}][{}] client={}@{}",
- session, service, name, clientUsername, clientHostname);
+ session, service, name, clientUsername, clientHostname);
}
Buffer buffer =
session.createBuffer(SshConstants.SSH_MSG_USERAUTH_REQUEST,
- id.length + username.length() + service.length() +
clientUsername.length() + clientHostname.length()
- + keyType.length() + ByteArrayBuffer.DEFAULT_SIZE + Long.SIZE);
+ id.length + username.length() + service.length()
+ + clientUsername.length() + clientHostname.length()
+ + keyType.length() + ByteArrayBuffer.DEFAULT_SIZE + Long.SIZE);
buffer.clear();
buffer.putRawPublicKey(pub);
@@ -145,10 +146,11 @@ public class UserAuthHostBased extends AbstractUserAuth
implements SignatureFact
buffer.putRawBytes(c.getEncoded());
}
}
- verifier.initSigner(kp.getPrivate());
+ verifier.initSigner(session, kp.getPrivate());
byte[] keyBytes = buffer.getCompactData();
- buffer = session.prepareBuffer(SshConstants.SSH_MSG_USERAUTH_REQUEST,
BufferUtils.clear(buffer));
+ buffer = session.prepareBuffer(
+ SshConstants.SSH_MSG_USERAUTH_REQUEST, BufferUtils.clear(buffer));
buffer.putString(username);
buffer.putString(service);
buffer.putString(name);
@@ -171,7 +173,8 @@ public class UserAuthHostBased extends AbstractUserAuth
implements SignatureFact
byte[] id = session.getSessionId();
String username = session.getUsername();
String name = getName();
- Buffer bs = new ByteArrayBuffer(id.length + username.length() +
service.length() + name.length()
+ Buffer bs = new ByteArrayBuffer(
+ id.length + username.length() + service.length() + name.length()
+ keyType.length() + keyBytes.length
+ clientHostname.length() + clientUsername.length()
+ ByteArrayBuffer.DEFAULT_SIZE + Long.SIZE, false);
@@ -185,11 +188,11 @@ public class UserAuthHostBased extends AbstractUserAuth
implements SignatureFact
bs.putString(clientHostname);
bs.putString(clientUsername);
- verifier.update(bs.array(), bs.rpos(), bs.available());
- byte[] signature = verifier.sign();
+ verifier.update(session, bs.array(), bs.rpos(), bs.available());
+ byte[] signature = verifier.sign(session);
if (log.isTraceEnabled()) {
log.trace("appendSignature({})[{}][{}] type={}, fingerprint={},
client={}@{}: signature={}",
- session, service, name, keyType,
KeyUtils.getFingerPrint(key),
+ session, service, name, keyType,
KeyUtils.getFingerPrint(key),
clientUsername, clientHostname,
BufferUtils.toHex(signature));
}
@@ -201,10 +204,12 @@ public class UserAuthHostBased extends AbstractUserAuth
implements SignatureFact
}
@Override
- protected boolean processAuthDataRequest(ClientSession session, String
service, Buffer buffer) throws Exception {
+ protected boolean processAuthDataRequest(
+ ClientSession session, String service, Buffer buffer)
+ throws Exception {
int cmd = buffer.getUByte();
throw new IllegalStateException("processAuthDataRequest(" + session +
")[" + service + "]"
- + " received unknown packet: cmd=" +
SshConstants.getCommandMessageName(cmd));
+ + " received unknown packet: cmd=" +
SshConstants.getCommandMessageName(cmd));
}
protected String resolveClientUsername() {
@@ -215,7 +220,8 @@ public class UserAuthHostBased extends AbstractUserAuth
implements SignatureFact
protected String resolveClientHostname() {
String value = getClientHostname();
if (GenericUtils.isEmpty(value)) {
- value =
SshdSocketAddress.toAddressString(SshdSocketAddress.getFirstExternalNetwork4Address());
+ value = SshdSocketAddress.toAddressString(
+ SshdSocketAddress.getFirstExternalNetwork4Address());
}
return GenericUtils.isEmpty(value) ? SshdSocketAddress.LOCALHOST_IPV4
: value;
diff --git
a/sshd-core/src/main/java/org/apache/sshd/client/auth/pubkey/KeyAgentIdentity.java
b/sshd-core/src/main/java/org/apache/sshd/client/auth/pubkey/KeyAgentIdentity.java
index 6c68135..3fa0548 100644
---
a/sshd-core/src/main/java/org/apache/sshd/client/auth/pubkey/KeyAgentIdentity.java
+++
b/sshd-core/src/main/java/org/apache/sshd/client/auth/pubkey/KeyAgentIdentity.java
@@ -23,6 +23,7 @@ import java.util.Objects;
import org.apache.sshd.agent.SshAgent;
import org.apache.sshd.common.config.keys.KeyUtils;
+import org.apache.sshd.common.session.SessionContext;
/**
* Uses an {@link SshAgent} to generate the identity signature
@@ -50,8 +51,8 @@ public class KeyAgentIdentity implements PublicKeyIdentity {
}
@Override
- public byte[] sign(byte[] data) throws Exception {
- return agent.sign(getPublicKey(), data);
+ public byte[] sign(SessionContext session, byte[] data) throws Exception {
+ return agent.sign(session, getPublicKey(), data);
}
@Override
diff --git
a/sshd-core/src/main/java/org/apache/sshd/client/auth/pubkey/KeyPairIdentity.java
b/sshd-core/src/main/java/org/apache/sshd/client/auth/pubkey/KeyPairIdentity.java
index deb158c..d375ef0 100644
---
a/sshd-core/src/main/java/org/apache/sshd/client/auth/pubkey/KeyPairIdentity.java
+++
b/sshd-core/src/main/java/org/apache/sshd/client/auth/pubkey/KeyPairIdentity.java
@@ -26,6 +26,7 @@ import java.util.Objects;
import org.apache.sshd.common.NamedFactory;
import org.apache.sshd.common.NamedResource;
import org.apache.sshd.common.config.keys.KeyUtils;
+import org.apache.sshd.common.session.SessionContext;
import org.apache.sshd.common.signature.Signature;
import org.apache.sshd.common.signature.SignatureFactoriesManager;
import org.apache.sshd.common.util.ValidateUtils;
@@ -52,15 +53,15 @@ public class KeyPairIdentity implements PublicKeyIdentity {
}
@Override
- public byte[] sign(byte[] data) throws Exception {
+ public byte[] sign(SessionContext session, byte[] data) throws Exception {
String keyType = KeyUtils.getKeyType(getPublicKey());
Signature verifier = ValidateUtils.checkNotNull(
NamedFactory.create(signatureFactories, keyType),
"No signer could be located for key type=%s",
keyType);
- verifier.initSigner(pair.getPrivate());
- verifier.update(data);
- return verifier.sign();
+ verifier.initSigner(session, pair.getPrivate());
+ verifier.update(session, data);
+ return verifier.sign(session);
}
@Override
diff --git
a/sshd-core/src/main/java/org/apache/sshd/client/auth/pubkey/UserAuthPublicKey.java
b/sshd-core/src/main/java/org/apache/sshd/client/auth/pubkey/UserAuthPublicKey.java
index c4eda0a..7172ac4 100644
---
a/sshd-core/src/main/java/org/apache/sshd/client/auth/pubkey/UserAuthPublicKey.java
+++
b/sshd-core/src/main/java/org/apache/sshd/client/auth/pubkey/UserAuthPublicKey.java
@@ -206,7 +206,9 @@ public class UserAuthPublicKey extends AbstractUserAuth
implements SignatureFact
return true;
}
- protected void appendSignature(ClientSession session, String service,
String name, String username, String algo, PublicKey key, Buffer buffer) throws
Exception {
+ protected void appendSignature(
+ ClientSession session, String service, String name, String
username, String algo, PublicKey key, Buffer buffer)
+ throws Exception {
byte[] id = session.getSessionId();
Buffer bs = new ByteArrayBuffer(id.length + username.length() +
service.length() + name.length()
+ algo.length() + ByteArrayBuffer.DEFAULT_SIZE + Long.SIZE, false);
@@ -222,7 +224,7 @@ public class UserAuthPublicKey extends AbstractUserAuth
implements SignatureFact
byte[] contents = bs.getCompactData();
byte[] sig;
try {
- sig = current.sign(contents);
+ sig = current.sign(session, contents);
} catch (Error e) {
log.warn("appendSignature({})[{}][{}] failed ({}) to sign
contents: {}",
session, service, name, e.getClass().getSimpleName(),
e.getMessage());
@@ -235,9 +237,9 @@ public class UserAuthPublicKey extends AbstractUserAuth
implements SignatureFact
if (log.isTraceEnabled()) {
log.trace("appendSignature({})[{}] name={}, key type={},
fingerprint={} - verification data={}",
- session, service, name, algo,
KeyUtils.getFingerPrint(key), BufferUtils.toHex(contents));
+ session, service, name, algo, KeyUtils.getFingerPrint(key),
BufferUtils.toHex(contents));
log.trace("appendSignature({})[{}] name={}, key type={},
fingerprint={} - generated signature={}",
- session, service, name, algo,
KeyUtils.getFingerPrint(key), BufferUtils.toHex(sig));
+ session, service, name, algo, KeyUtils.getFingerPrint(key),
BufferUtils.toHex(sig));
}
bs.clear();
diff --git a/sshd-core/src/main/java/org/apache/sshd/client/kex/DHGClient.java
b/sshd-core/src/main/java/org/apache/sshd/client/kex/DHGClient.java
index 810e352..e2694ee 100644
--- a/sshd-core/src/main/java/org/apache/sshd/client/kex/DHGClient.java
+++ b/sshd-core/src/main/java/org/apache/sshd/client/kex/DHGClient.java
@@ -145,9 +145,9 @@ public class DHGClient extends AbstractDHClientKeyExchange {
Signature verif = ValidateUtils.checkNotNull(
NamedFactory.create(session.getSignatureFactories(), keyAlg),
"No verifier located for algorithm=%s", keyAlg);
- verif.initVerifier(serverKey);
- verif.update(h);
- if (!verif.verify(sig)) {
+ verif.initVerifier(session, serverKey);
+ verif.update(session, h);
+ if (!verif.verify(session, sig)) {
throw new
SshException(SshConstants.SSH2_DISCONNECT_KEY_EXCHANGE_FAILED,
"KeyExchange signature verification failed for key type=" +
keyAlg);
}
diff --git
a/sshd-core/src/main/java/org/apache/sshd/client/kex/DHGEXClient.java
b/sshd-core/src/main/java/org/apache/sshd/client/kex/DHGEXClient.java
index c6dcc35..fd3daee 100644
--- a/sshd-core/src/main/java/org/apache/sshd/client/kex/DHGEXClient.java
+++ b/sshd-core/src/main/java/org/apache/sshd/client/kex/DHGEXClient.java
@@ -197,9 +197,9 @@ public class DHGEXClient extends
AbstractDHClientKeyExchange {
Signature verif = ValidateUtils.checkNotNull(
NamedFactory.create(session.getSignatureFactories(), keyAlg),
"No verifier located for algorithm=%s", keyAlg);
- verif.initVerifier(serverKey);
- verif.update(h);
- if (!verif.verify(sig)) {
+ verif.initVerifier(session, serverKey);
+ verif.update(session, h);
+ if (!verif.verify(session, sig)) {
throw new
SshException(SshConstants.SSH2_DISCONNECT_KEY_EXCHANGE_FAILED,
"KeyExchange signature verification failed for key type="
+ keyAlg);
}
diff --git
a/sshd-core/src/main/java/org/apache/sshd/server/auth/hostbased/UserAuthHostBased.java
b/sshd-core/src/main/java/org/apache/sshd/server/auth/hostbased/UserAuthHostBased.java
index d724af4..610a14f 100644
---
a/sshd-core/src/main/java/org/apache/sshd/server/auth/hostbased/UserAuthHostBased.java
+++
b/sshd-core/src/main/java/org/apache/sshd/server/auth/hostbased/UserAuthHostBased.java
@@ -21,6 +21,7 @@ package org.apache.sshd.server.auth.hostbased;
import java.io.ByteArrayInputStream;
import java.security.PublicKey;
+import java.security.SignatureException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
@@ -126,7 +127,8 @@ public class UserAuthHostBased extends AbstractUserAuth
implements SignatureFact
boolean authed;
try {
- authed = authenticator.authenticate(session, username, clientKey,
clientHostName, clientUsername, certs);
+ authed = authenticator.authenticate(
+ session, username, clientKey, clientHostName, clientUsername,
certs);
} catch (Error e) {
log.warn("doAuth({}@{}) failed ({}) to consult authenticator for
{} key={}: {}",
username, session, e.getClass().getSimpleName(),
@@ -157,7 +159,7 @@ public class UserAuthHostBased extends AbstractUserAuth
implements SignatureFact
NamedFactory.create(factories, keyType),
"No verifier located for algorithm=%s",
keyType);
- verifier.initVerifier(clientKey);
+ verifier.initVerifier(session, clientKey);
byte[] id = session.getSessionId();
buf = new ByteArrayBuffer(dataLen + id.length + Long.SIZE, false);
@@ -175,22 +177,22 @@ public class UserAuthHostBased extends AbstractUserAuth
implements SignatureFact
if (log.isTraceEnabled()) {
log.trace("doAuth({}@{}) key type={}, fingerprint={},
client={}@{}, num-certs={} - verification data: {}",
- username, session, keyType,
KeyUtils.getFingerPrint(clientKey),
- clientUsername, clientHostName,
GenericUtils.size(certs), buf.toHex());
+ username, session, keyType,
KeyUtils.getFingerPrint(clientKey),
+ clientUsername, clientHostName, GenericUtils.size(certs),
buf.toHex());
log.trace("doAuth({}@{}) key type={}, fingerprint={},
client={}@{}, num-certs={} - expected signature: {}",
- username, session, keyType,
KeyUtils.getFingerPrint(clientKey),
- clientUsername, clientHostName, GenericUtils.size(certs),
BufferUtils.toHex(signature));
+ username, session, keyType, KeyUtils.getFingerPrint(clientKey),
+ clientUsername, clientHostName, GenericUtils.size(certs),
BufferUtils.toHex(signature));
}
- verifier.update(buf.array(), buf.rpos(), buf.available());
- if (!verifier.verify(signature)) {
- throw new Exception("Key verification failed");
+ verifier.update(session, buf.array(), buf.rpos(), buf.available());
+ if (!verifier.verify(session, signature)) {
+ throw new SignatureException("Key verification failed");
}
if (debugEnabled) {
log.debug("doAuth({}@{}) key type={}, fingerprint={},
client={}@{}, num-certs={} - verified signature",
- username, session, keyType,
KeyUtils.getFingerPrint(clientKey),
- clientUsername, clientHostName, GenericUtils.size(certs));
+ username, session, keyType, KeyUtils.getFingerPrint(clientKey),
+ clientUsername, clientHostName, GenericUtils.size(certs));
}
return Boolean.TRUE;
}
diff --git
a/sshd-core/src/main/java/org/apache/sshd/server/auth/pubkey/UserAuthPublicKey.java
b/sshd-core/src/main/java/org/apache/sshd/server/auth/pubkey/UserAuthPublicKey.java
index 29c3f5f..24b4916 100644
---
a/sshd-core/src/main/java/org/apache/sshd/server/auth/pubkey/UserAuthPublicKey.java
+++
b/sshd-core/src/main/java/org/apache/sshd/server/auth/pubkey/UserAuthPublicKey.java
@@ -104,7 +104,7 @@ public class UserAuthPublicKey extends AbstractUserAuth
implements SignatureFact
NamedFactory.create(factories, alg),
"No verifier located for algorithm=%s",
alg);
- verifier.initVerifier(key);
+ verifier.initVerifier(session, key);
buffer.wpos(oldLim);
byte[] sig = hasSig ? buffer.getBytes() : null;
@@ -182,8 +182,8 @@ public class UserAuthPublicKey extends AbstractUserAuth
implements SignatureFact
username, session, service, name, alg,
KeyUtils.getFingerPrint(key), BufferUtils.toHex(sig));
}
- verifier.update(buf.array(), buf.rpos(), buf.available());
- return verifier.verify(sig);
+ verifier.update(session, buf.array(), buf.rpos(), buf.available());
+ return verifier.verify(session, sig);
}
protected void sendPublicKeyResponse(
diff --git
a/sshd-core/src/main/java/org/apache/sshd/server/global/OpenSshHostKeysHandler.java
b/sshd-core/src/main/java/org/apache/sshd/server/global/OpenSshHostKeysHandler.java
index 4b38afc..83f8272 100644
---
a/sshd-core/src/main/java/org/apache/sshd/server/global/OpenSshHostKeysHandler.java
+++
b/sshd-core/src/main/java/org/apache/sshd/server/global/OpenSshHostKeysHandler.java
@@ -97,7 +97,7 @@ public class OpenSshHostKeysHandler extends
AbstractOpenSshHostKeysHandler imple
session);
if (log.isDebugEnabled()) {
log.debug("handleHostKeys({})[want-reply={}] received {} keys -
factories={}",
- session, wantReply, GenericUtils.size(keys),
NamedResource.getNames(factories));
+ session, wantReply, GenericUtils.size(keys),
NamedResource.getNames(factories));
}
// generate the required signatures
@@ -105,7 +105,8 @@ public class OpenSshHostKeysHandler extends
AbstractOpenSshHostKeysHandler imple
Buffer buf = new ByteArrayBuffer();
byte[] sessionId = session.getSessionId();
- KeyPairProvider kpp = Objects.requireNonNull(((ServerSession)
session).getKeyPairProvider(), "No server keys provider");
+ KeyPairProvider kpp = Objects.requireNonNull(
+ ((ServerSession) session).getKeyPairProvider(), "No server keys
provider");
for (PublicKey k : keys) {
String keyType = KeyUtils.getKeyType(k);
Signature verifier = ValidateUtils.checkNotNull(
@@ -118,14 +119,14 @@ public class OpenSshHostKeysHandler extends
AbstractOpenSshHostKeysHandler imple
kp = ValidateUtils.checkNotNull(kpp.loadKey(session, keyType),
"No key of type=%s available", keyType);
} catch (Error e) {
log.warn("handleHostKeys({}) failed ({}) to load key of
type={}: {}",
- session, e.getClass().getSimpleName(), keyType,
e.getMessage());
+ session, e.getClass().getSimpleName(), keyType,
e.getMessage());
if (log.isDebugEnabled()) {
log.debug("handleHostKey(" + session + ") " + keyType + "
key load failure details", e);
}
throw new RuntimeSshException(e);
}
- verifier.initSigner(kp.getPrivate());
+ verifier.initSigner(session, kp.getPrivate());
buf.clear();
buf.putString(REQUEST);
@@ -133,9 +134,9 @@ public class OpenSshHostKeysHandler extends
AbstractOpenSshHostKeysHandler imple
buf.putPublicKey(k);
byte[] data = buf.getCompactData();
- verifier.update(data);
+ verifier.update(session, data);
- byte[] signature = verifier.sign();
+ byte[] signature = verifier.sign(session);
buffer.putBytes(signature);
}
diff --git
a/sshd-core/src/main/java/org/apache/sshd/server/kex/DHGEXServer.java
b/sshd-core/src/main/java/org/apache/sshd/server/kex/DHGEXServer.java
index 27ed991..37c83d2 100644
--- a/sshd-core/src/main/java/org/apache/sshd/server/kex/DHGEXServer.java
+++ b/sshd-core/src/main/java/org/apache/sshd/server/kex/DHGEXServer.java
@@ -193,7 +193,7 @@ public class DHGEXServer extends
AbstractDHServerKeyExchange {
Signature sig = ValidateUtils.checkNotNull(
NamedFactory.create(session.getSignatureFactories(), algo),
"Unknown negotiated server keys: %s", algo);
- sig.initSigner(kp.getPrivate());
+ sig.initSigner(session, kp.getPrivate());
buffer = new ByteArrayBuffer();
buffer.putRawPublicKey(kp.getPublic());
@@ -221,11 +221,11 @@ public class DHGEXServer extends
AbstractDHServerKeyExchange {
buffer.putMPInt(k);
hash.update(buffer.array(), 0, buffer.available());
h = hash.digest();
- sig.update(h);
+ sig.update(session, h);
buffer.clear();
buffer.putString(algo);
- byte[] sigBytes = sig.sign();
+ byte[] sigBytes = sig.sign(session);
buffer.putBytes(sigBytes);
byte[] sigH = buffer.getCompactData();
diff --git a/sshd-core/src/main/java/org/apache/sshd/server/kex/DHGServer.java
b/sshd-core/src/main/java/org/apache/sshd/server/kex/DHGServer.java
index e5dad22..c8ee45e 100644
--- a/sshd-core/src/main/java/org/apache/sshd/server/kex/DHGServer.java
+++ b/sshd-core/src/main/java/org/apache/sshd/server/kex/DHGServer.java
@@ -107,7 +107,7 @@ public class DHGServer extends AbstractDHServerKeyExchange {
Signature sig = ValidateUtils.checkNotNull(
NamedFactory.create(session.getSignatureFactories(), algo),
"Unknown negotiated server keys: %s", algo);
- sig.initSigner(kp.getPrivate());
+ sig.initSigner(session, kp.getPrivate());
buffer = new ByteArrayBuffer();
buffer.putRawPublicKey(kp.getPublic());
@@ -124,11 +124,11 @@ public class DHGServer extends
AbstractDHServerKeyExchange {
buffer.putMPInt(k);
hash.update(buffer.array(), 0, buffer.available());
h = hash.digest();
- sig.update(h);
+ sig.update(session, h);
buffer.clear();
buffer.putString(algo);
- byte[] sigBytes = sig.sign();
+ byte[] sigBytes = sig.sign(session);
buffer.putBytes(sigBytes);
byte[] sigH = buffer.getCompactData();
diff --git
a/sshd-core/src/test/java/org/apache/sshd/common/signature/SignatureFactoriesTest.java
b/sshd-core/src/test/java/org/apache/sshd/common/signature/SignatureFactoriesTest.java
index d99ff2e..5242770 100644
---
a/sshd-core/src/test/java/org/apache/sshd/common/signature/SignatureFactoriesTest.java
+++
b/sshd-core/src/test/java/org/apache/sshd/common/signature/SignatureFactoriesTest.java
@@ -77,7 +77,8 @@ public class SignatureFactoriesTest extends BaseTestSupport
implements KeyTypeIn
private final PublicKeyEntryDecoder<?, ?> pubKeyDecoder;
public SignatureFactoriesTest(
- String keyType, NamedFactory<Signature> factory, int keySize,
boolean supported, PublicKeyEntryDecoder<?, ?> decoder) {
+ String keyType, NamedFactory<Signature> factory,
+ int keySize, boolean supported, PublicKeyEntryDecoder<?, ?>
decoder) {
this.keyType = ValidateUtils.checkNotNullAndNotEmpty(keyType, "No key
type specified");
this.factory = supported ? Objects.requireNonNull(factory, "No
signature factory provided") : factory;
if (supported) {
diff --git
a/sshd-core/src/test/java/org/apache/sshd/deprecated/UserAuthAgent.java
b/sshd-core/src/test/java/org/apache/sshd/deprecated/UserAuthAgent.java
index 94959ec..97363b5 100644
--- a/sshd-core/src/test/java/org/apache/sshd/deprecated/UserAuthAgent.java
+++ b/sshd-core/src/test/java/org/apache/sshd/deprecated/UserAuthAgent.java
@@ -78,7 +78,7 @@ public class UserAuthAgent extends AbstractUserAuth {
String keyType = KeyUtils.getKeyType(key);
byte[] contents = bs.getCompactData();
- byte[] signature = agent.sign(key, contents);
+ byte[] signature = agent.sign(session, key, contents);
Buffer bs2 = new ByteArrayBuffer(keyType.length() +
signature.length + Long.SIZE, false);
bs2.putString(keyType);
bs2.putBytes(signature);
diff --git
a/sshd-core/src/test/java/org/apache/sshd/deprecated/UserAuthPublicKey.java
b/sshd-core/src/test/java/org/apache/sshd/deprecated/UserAuthPublicKey.java
index 447e30b..3308c63 100644
--- a/sshd-core/src/test/java/org/apache/sshd/deprecated/UserAuthPublicKey.java
+++ b/sshd-core/src/test/java/org/apache/sshd/deprecated/UserAuthPublicKey.java
@@ -69,7 +69,7 @@ public class UserAuthPublicKey extends AbstractUserAuth {
ValidateUtils.checkNotNull(NamedFactory.create(session.getSignatureFactories(),
alg),
"No signature factory located for algorithm=%s",
alg);
- verif.initSigner(key.getPrivate());
+ verif.initSigner(session, key.getPrivate());
KeyExchange kexValue = session.getKex();
byte[] hValue = kexValue.getH();
@@ -82,9 +82,9 @@ public class UserAuthPublicKey extends AbstractUserAuth {
bs.putBoolean(true);
bs.putString(alg);
bs.putPublicKey(key.getPublic());
- verif.update(bs.array(), bs.rpos(), bs.available());
+ verif.update(session, bs.array(), bs.rpos(), bs.available());
- byte[] signature = verif.sign();
+ byte[] signature = verif.sign(session);
bs = new ByteArrayBuffer(alg.length() + signature.length +
Long.SIZE, false);
bs.putString(alg);
bs.putBytes(signature);
diff --git
a/sshd-core/src/test/java/org/apache/sshd/util/test/BaseTestSupport.java
b/sshd-core/src/test/java/org/apache/sshd/util/test/BaseTestSupport.java
index 4587ea3..90208c5 100644
--- a/sshd-core/src/test/java/org/apache/sshd/util/test/BaseTestSupport.java
+++ b/sshd-core/src/test/java/org/apache/sshd/util/test/BaseTestSupport.java
@@ -40,7 +40,8 @@ import org.junit.runner.Description;
*/
public abstract class BaseTestSupport extends JUnitTestSupport {
// can be used to override the 'localhost' with an address other than
127.0.0.1 in case it is required
- public static final String TEST_LOCALHOST =
System.getProperty("org.apache.sshd.test.localhost",
SshdSocketAddress.LOCALHOST_IPV4);
+ public static final String TEST_LOCALHOST =
+ System.getProperty("org.apache.sshd.test.localhost",
SshdSocketAddress.LOCALHOST_IPV4);
@Rule
public final TestWatcher rule = new TestWatcher() {
@@ -50,7 +51,10 @@ public abstract class BaseTestSupport extends
JUnitTestSupport {
@Override
protected void starting(Description description) {
- System.out.println("\nStarting " + description.getClassName() +
":" + description.getMethodName() + "...");
+ System.out.append(System.lineSeparator())
+ .append("Starting ").append(description.getClassName())
+ .append(':').append(description.getMethodName())
+ .println("...");
try {
IoServiceFactoryFactory ioProvider = getIoServiceProvider();
System.out.println("Using default provider: " +
ioProvider.getClass().getName());
@@ -64,7 +68,11 @@ public abstract class BaseTestSupport extends
JUnitTestSupport {
@Override
protected void finished(Description description) {
long duration = System.currentTimeMillis() - startTime;
- System.out.println("\nFinished " + description.getClassName() +
":" + description.getMethodName() + " in " + duration + " ms\n");
+ System.out.append(System.lineSeparator())
+ .append("Finished ").append(description.getClassName())
+ .append(':').append(description.getMethodName())
+ .append(" in ").append(Long.toString(duration))
+ .println(" ms");
}
};
@@ -80,7 +88,8 @@ public abstract class BaseTestSupport extends
JUnitTestSupport {
return CoreTestSupportUtils.setupTestClient(getClass());
}
- protected void
assumeNotIoServiceProvider(Collection<BuiltinIoServiceFactoryFactories>
excluded) {
+ protected void assumeNotIoServiceProvider(
+ Collection<BuiltinIoServiceFactoryFactories> excluded) {
assumeNotIoServiceProvider(getCurrentTestName(), excluded);
}
@@ -100,12 +109,14 @@ public abstract class BaseTestSupport extends
JUnitTestSupport {
}
public static void assumeNotIoServiceProvider(
- String message, AbstractFactoryManager manager,
Collection<BuiltinIoServiceFactoryFactories> excluded) {
+ String message, AbstractFactoryManager manager,
+ Collection<BuiltinIoServiceFactoryFactories> excluded) {
assumeNotIoServiceProvider(message,
manager.getIoServiceFactoryFactory(), excluded);
}
public static void assumeNotIoServiceProvider(
- String message, IoServiceFactoryFactory provider,
Collection<BuiltinIoServiceFactoryFactories> excluded) {
+ String message, IoServiceFactoryFactory provider,
+ Collection<BuiltinIoServiceFactoryFactories> excluded) {
if (GenericUtils.isEmpty(excluded)) {
return;
}
