This is an automated email from the ASF dual-hosted git repository.
twolf pushed a commit to branch dev_3.0
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git
commit d05ff1f9c9e292ca2bb683e5001f9f52485f936e
Author: Thomas Wolf <tw...@apache.org>
AuthorDate: Thu Apr 24 21:40:11 2025 +0200
Fix KnownHostEntry.getKeyEntry()
KnownHostEntry by mistake stored and returned an AuthorizedKeyEntry. It
should have been a PublicKeyEntry all along.
---
.../apache/sshd/client/config/hosts/KnownHostEntry.java | 9 ++++-----
.../sshd/common/config/keys/AuthorizedKeyEntry.java | 15 +--------------
.../apache/sshd/common/config/keys/PublicKeyEntry.java | 17 +++++++++++++++++
.../sshd/client/config/hosts/KnownHostEntryTest.java | 3 +--
.../client/keyverifier/KnownHostsServerKeyVerifier.java | 2 +-
.../keyverifier/KnownHostsServerKeyVerifierTest.java | 5 ++---
.../keyverifier/KnownHostsUnsupportedKeysTest.java | 6 +++---
7 files changed, 29 insertions(+), 28 deletions(-)
diff --git
a/sshd-common/src/main/java/org/apache/sshd/client/config/hosts/KnownHostEntry.java
b/sshd-common/src/main/java/org/apache/sshd/client/config/hosts/KnownHostEntry.java
index a0c35d666..fa82837aa 100644
---
a/sshd-common/src/main/java/org/apache/sshd/client/config/hosts/KnownHostEntry.java
+++
b/sshd-common/src/main/java/org/apache/sshd/client/config/hosts/KnownHostEntry.java
@@ -35,7 +35,6 @@ import java.util.Collections;
import java.util.List;
import org.apache.sshd.common.config.ConfigFileReaderSupport;
-import org.apache.sshd.common.config.keys.AuthorizedKeyEntry;
import org.apache.sshd.common.config.keys.PublicKeyEntry;
import org.apache.sshd.common.util.GenericUtils;
import org.apache.sshd.common.util.ValidateUtils;
@@ -69,7 +68,7 @@ public class KnownHostEntry extends HostPatternsHolder {
private String line;
private String marker;
- private AuthorizedKeyEntry keyEntry;
+ private PublicKeyEntry keyEntry;
private KnownHostHashValue hashedEntry;
public KnownHostEntry() {
@@ -102,11 +101,11 @@ public class KnownHostEntry extends HostPatternsHolder {
this.marker = marker;
}
- public AuthorizedKeyEntry getKeyEntry() {
+ public PublicKeyEntry getKeyEntry() {
return keyEntry;
}
- public void setKeyEntry(AuthorizedKeyEntry keyEntry) {
+ public void setKeyEntry(PublicKeyEntry keyEntry) {
this.keyEntry = keyEntry;
}
@@ -252,7 +251,7 @@ public class KnownHostEntry extends HostPatternsHolder {
entry.setHashedEntry(null);
entry.setPatterns(parsePatterns(GenericUtils.split(hostPattern,
',')));
}
- AuthorizedKeyEntry key = PublicKeyEntry.parsePublicKeyEntry(new
AuthorizedKeyEntry(),
+ PublicKeyEntry key = PublicKeyEntry.parsePublicKeyEntry(
ValidateUtils.checkNotNullAndNotEmpty(line, "No valid key
entry recovered from line=%s", data));
entry.setKeyEntry(key);
return entry;
diff --git
a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/AuthorizedKeyEntry.java
b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/AuthorizedKeyEntry.java
index 237c94354..fbddb32fa 100644
---
a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/AuthorizedKeyEntry.java
+++
b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/AuthorizedKeyEntry.java
@@ -32,7 +32,6 @@ import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
-import java.security.spec.InvalidKeySpecException;
import java.util.AbstractMap.SimpleImmutableEntry;
import java.util.ArrayList;
import java.util.Collections;
@@ -90,19 +89,7 @@ public class AuthorizedKeyEntry extends PublicKeyEntry {
}
}
- /**
- * @param session The {@link SessionContext} for
invoking this load command - may be {@code null}
- * if not invoked within a session
context (e.g., offline tool or session unknown).
- * @param fallbackResolver The {@link PublicKeyEntryResolver} to
consult if none of the built-in ones can
- * be used. If {@code null} and no
built-in resolver can be used then an
- * {@link InvalidKeySpecException} is
thrown.
- * @return The resolved {@link PublicKey} - or
{@code null} if could not be resolved.
- * <B>Note:</B> may be called only after
key type and data bytes have been set or
- * exception(s) may be thrown
- * @throws IOException If failed to decode the key
- * @throws GeneralSecurityException If failed to generate the key
- * @see
PublicKeyEntry#resolvePublicKey(SessionContext, Map, PublicKeyEntryResolver)
- */
+ @Override
public PublicKey resolvePublicKey(
SessionContext session, PublicKeyEntryResolver fallbackResolver)
throws IOException, GeneralSecurityException {
diff --git
a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/PublicKeyEntry.java
b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/PublicKeyEntry.java
index 42c4257fd..f8345c07b 100644
---
a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/PublicKeyEntry.java
+++
b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/PublicKeyEntry.java
@@ -126,6 +126,23 @@ public class PublicKeyEntry implements Serializable,
KeyTypeIndicator {
return (resolver == null) ? PublicKeyEntryDataResolver.DEFAULT :
resolver;
}
+ /**
+ * @param session The {@link SessionContext} for
invoking this load command - may be {@code null}
+ * if not invoked within a session
context (e.g., offline tool or session unknown).
+ * @param fallbackResolver The {@link PublicKeyEntryResolver} to
consult if none of the built-in ones can
+ * be used. If {@code null} and no
built-in resolver can be used then an
+ * {@link InvalidKeySpecException} is
thrown.
+ * @return The resolved {@link PublicKey} - or
{@code null} if could not be resolved.
+ * <B>Note:</B> may be called only after
key type and data bytes have been set or
+ * exception(s) may be thrown
+ * @throws IOException If failed to decode the key
+ * @throws GeneralSecurityException If failed to generate the key
+ */
+ public PublicKey resolvePublicKey(SessionContext session,
PublicKeyEntryResolver fallbackResolver)
+ throws IOException, GeneralSecurityException {
+ return resolvePublicKey(session, Collections.emptyMap(),
fallbackResolver);
+ }
+
/**
* @param session The {@link SessionContext} for
invoking this load command - may be {@code null}
* if not invoked within a session
context (e.g., offline tool or session unknown).
diff --git
a/sshd-common/src/test/java/org/apache/sshd/client/config/hosts/KnownHostEntryTest.java
b/sshd-common/src/test/java/org/apache/sshd/client/config/hosts/KnownHostEntryTest.java
index d7afffef3..ff0a2533d 100644
---
a/sshd-common/src/test/java/org/apache/sshd/client/config/hosts/KnownHostEntryTest.java
+++
b/sshd-common/src/test/java/org/apache/sshd/client/config/hosts/KnownHostEntryTest.java
@@ -22,7 +22,6 @@ import java.io.StringReader;
import java.security.PublicKey;
import java.util.List;
-import org.apache.sshd.common.config.keys.AuthorizedKeyEntry;
import org.apache.sshd.common.config.keys.PublicKeyEntry;
import org.apache.sshd.common.config.keys.PublicKeyEntryResolver;
import org.apache.sshd.common.config.keys.UnsupportedSshPublicKey;
@@ -42,7 +41,7 @@ class KnownHostEntryTest extends JUnitTestSupport {
assertNotNull(entries);
assertEquals(1, entries.size());
KnownHostEntry entry = entries.get(0);
- AuthorizedKeyEntry keyEntry = entry.getKeyEntry();
+ PublicKeyEntry keyEntry = entry.getKeyEntry();
assertNotNull(keyEntry);
assertEquals("ssh-ed448", keyEntry.getKeyType());
PublicKey pk = keyEntry.resolvePublicKey(null,
PublicKeyEntryResolver.UNSUPPORTED);
diff --git
a/sshd-core/src/main/java/org/apache/sshd/client/keyverifier/KnownHostsServerKeyVerifier.java
b/sshd-core/src/main/java/org/apache/sshd/client/keyverifier/KnownHostsServerKeyVerifier.java
index 10d97b1d6..beed3cb30 100644
---
a/sshd-core/src/main/java/org/apache/sshd/client/keyverifier/KnownHostsServerKeyVerifier.java
+++
b/sshd-core/src/main/java/org/apache/sshd/client/keyverifier/KnownHostsServerKeyVerifier.java
@@ -255,7 +255,7 @@ public class KnownHostsServerKeyVerifier
return null;
}
- AuthorizedKeyEntry authEntry =
ValidateUtils.checkNotNull(entry.getKeyEntry(), "No key extracted from %s",
entry);
+ PublicKeyEntry authEntry =
ValidateUtils.checkNotNull(entry.getKeyEntry(), "No key extracted from %s",
entry);
PublicKey key = authEntry.resolvePublicKey(session, resolver);
if (log.isDebugEnabled()) {
log.debug("resolveHostKey({}) loaded {}-{}", entry,
KeyUtils.getKeyType(key), KeyUtils.getFingerPrint(key));
diff --git
a/sshd-core/src/test/java/org/apache/sshd/client/keyverifier/KnownHostsServerKeyVerifierTest.java
b/sshd-core/src/test/java/org/apache/sshd/client/keyverifier/KnownHostsServerKeyVerifierTest.java
index 3e5fe55bf..b17dc5aa1 100644
---
a/sshd-core/src/test/java/org/apache/sshd/client/keyverifier/KnownHostsServerKeyVerifierTest.java
+++
b/sshd-core/src/test/java/org/apache/sshd/client/keyverifier/KnownHostsServerKeyVerifierTest.java
@@ -45,7 +45,6 @@ import org.apache.sshd.client.session.ClientSession;
import org.apache.sshd.common.Factory;
import org.apache.sshd.common.NamedFactory;
import org.apache.sshd.common.SshConstants;
-import org.apache.sshd.common.config.keys.AuthorizedKeyEntry;
import org.apache.sshd.common.config.keys.KeyUtils;
import org.apache.sshd.common.config.keys.PublicKeyEntry;
import org.apache.sshd.common.config.keys.PublicKeyEntryResolver;
@@ -89,9 +88,9 @@ public class KnownHostsServerKeyVerifierTest extends
BaseTestSupport {
// Cannot use forEach because of the potential
IOException/GeneralSecurityException being thrown
for (Map.Entry<SshdSocketAddress, List<KnownHostEntry>> entry :
hostsEntries.entrySet()) {
for (KnownHostEntry knownHostEntry : entry.getValue()) {
- AuthorizedKeyEntry authEntry
+ PublicKeyEntry authEntry
=
ValidateUtils.checkNotNull(knownHostEntry.getKeyEntry(), "No key extracted from
%s", entry.getKey());
- PublicKey key = authEntry.resolvePublicKey(null,
Collections.emptyMap(), PublicKeyEntryResolver.FAILING);
+ PublicKey key = authEntry.resolvePublicKey(null,
PublicKeyEntryResolver.FAILING);
HOST_KEYS.computeIfAbsent(entry.getKey(), k -> new
ArrayList<>()).add(key);
}
}
diff --git
a/sshd-core/src/test/java/org/apache/sshd/client/keyverifier/KnownHostsUnsupportedKeysTest.java
b/sshd-core/src/test/java/org/apache/sshd/client/keyverifier/KnownHostsUnsupportedKeysTest.java
index dedd9015d..c10c7f7e8 100644
---
a/sshd-core/src/test/java/org/apache/sshd/client/keyverifier/KnownHostsUnsupportedKeysTest.java
+++
b/sshd-core/src/test/java/org/apache/sshd/client/keyverifier/KnownHostsUnsupportedKeysTest.java
@@ -29,8 +29,8 @@ import java.util.concurrent.atomic.AtomicInteger;
import org.apache.sshd.client.config.hosts.KnownHostEntry;
import org.apache.sshd.client.session.ClientSession;
-import org.apache.sshd.common.config.keys.AuthorizedKeyEntry;
import org.apache.sshd.common.config.keys.KeyUtils;
+import org.apache.sshd.common.config.keys.PublicKeyEntry;
import org.apache.sshd.common.config.keys.PublicKeyEntryResolver;
import org.apache.sshd.common.config.keys.UnsupportedSshPublicKey;
import org.apache.sshd.common.util.net.SshdSocketAddress;
@@ -64,7 +64,7 @@ class KnownHostsUnsupportedKeysTest extends JUnitTestSupport {
Files.write(knownHosts, lines);
KnownHostsServerKeyVerifier verifier = new
KnownHostsServerKeyVerifier(RejectAllServerKeyVerifier.INSTANCE, knownHosts);
KnownHostEntry knownHost =
KnownHostEntry.parseKnownHostEntry(lines.get(1));
- AuthorizedKeyEntry keyEntry = knownHost.getKeyEntry();
+ PublicKeyEntry keyEntry = knownHost.getKeyEntry();
assertNotNull(keyEntry);
PublicKey key = keyEntry.resolvePublicKey(null,
PublicKeyEntryResolver.FAILING);
assertTrue(invokeVerifier(verifier, new SshdSocketAddress("127.0.0.1",
2222), key));
@@ -101,7 +101,7 @@ class KnownHostsUnsupportedKeysTest extends
JUnitTestSupport {
assertNotNull(newEntries);
assertEquals(2, newEntries.size());
KnownHostEntry knownHost = newEntries.get(1);
- AuthorizedKeyEntry keyEntry = knownHost.getKeyEntry();
+ PublicKeyEntry keyEntry = knownHost.getKeyEntry();
assertNotNull(keyEntry);
PublicKey key = keyEntry.resolvePublicKey(null,
PublicKeyEntryResolver.FAILING);
assertTrue(KeyUtils.compareKeys(newKey, key));
