This is an automated email from the ASF dual-hosted git repository.
twolf pushed a commit to branch dev_3.0
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git
commit c04d59f94e4ae3ca2c61802c63cf0dc94bb26ca3
Author: Thomas Wolf <tw...@apache.org>
AuthorDate: Wed May 7 20:16:22 2025 +0200
GH-740: Remove SecurityUtils.isECCSupported()
EC keys and key exchanges and the three standard curves used in SSH are
supported on all Java versions that Apache MINA sshd supports.
Support for EC keys in Java came in Java 1.5,[1][2] but the "EC"
algorithm name for KeyPairGenerator is mentioned only in the Java 6
documentation.[3] In any case, as of Java 8, which is the minimum
requirement for Apache MINA sshd, EC is fully supported by the standard
security providers.
EC is also fully supported by Bouncy Castle.
[1]
https://docs.oracle.com/javase/1.5.0/docs/guide/security/CryptoSpec.html#AppA
[2]
https://docs.oracle.com/javase/1.5.0/docs/guide/security/jce/JCERefGuide.html#AppA
[3]
https://docs.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html
---
.../org/apache/sshd/cli/client/SshKeyScanMain.java | 4 ---
.../org/apache/sshd/common/cipher/ECCurves.java | 3 +-
.../sshd/common/config/keys/BuiltinIdentities.java | 7 +----
.../apache/sshd/common/config/keys/KeyUtils.java | 10 +++----
.../keys/impl/ECDSAPublicKeyEntryDecoder.java | 17 ++---------
.../OpenSSHECDSAPrivateKeyEntryDecoder.java | 17 ++---------
.../openssh/OpenSSHKeyPairResourceParser.java | 5 ++--
.../loader/pem/ECDSAPEMResourceKeyPairParser.java | 4 ---
.../loader/pem/PKCS8PEMResourceKeyPairParser.java | 3 +-
.../sshd/common/signature/BuiltinSignatures.java | 35 ----------------------
.../sshd/common/util/security/SecurityUtils.java | 34 ---------------------
.../keys/EcdsaPublicKeyEntryDecoderTest.java | 3 --
.../sshd/common/config/keys/KeyRandomArtTest.java | 6 ++--
.../pem/PKCS8PEMResourceKeyPairParserTest.java | 14 ++++-----
.../Ssh2PublicKeyEntryDecoderByKeyTypeTest.java | 5 ++--
.../openssh/OpenSSHKeyPairResourceWriterTest.java | 17 ++---------
.../common/util/security/SecurityUtilsTest.java | 2 --
.../PEMGeneratorHostKeyProviderTest.java | 3 --
.../SimpleGeneratorHostKeyProviderTest.java | 3 --
.../sshd/util/test/CommonTestSupportUtils.java | 2 +-
.../config/keys/AuthorizedKeysTestSupport.java | 9 ------
.../common/signature/SignatureFactoriesTest.java | 16 ++++------
.../sshd/openpgp/PGPPrivateKeyExtractor.java | 4 ---
.../apache/sshd/openpgp/PGPPublicKeyExtractor.java | 4 ---
.../apache/sshd/putty/ECDSAPuttyKeyDecoder.java | 5 ----
.../java/org/apache/sshd/putty/PuttyKeyUtils.java | 4 +--
26 files changed, 33 insertions(+), 203 deletions(-)
diff --git
a/sshd-cli/src/main/java/org/apache/sshd/cli/client/SshKeyScanMain.java
b/sshd-cli/src/main/java/org/apache/sshd/cli/client/SshKeyScanMain.java
index 942101242..0eacd4b6d 100644
--- a/sshd-cli/src/main/java/org/apache/sshd/cli/client/SshKeyScanMain.java
+++ b/sshd-cli/src/main/java/org/apache/sshd/cli/client/SshKeyScanMain.java
@@ -558,10 +558,6 @@ public class SshKeyScanMain implements Channel,
Callable<Void>, ServerKeyVerifie
} else if (BuiltinIdentities.Constants.DSA.equalsIgnoreCase(keyType)) {
return
Collections.singletonList(KeyUtils.generateKeyPair(KeyPairProvider.SSH_DSS,
512));
} else if
(BuiltinIdentities.Constants.ECDSA.equalsIgnoreCase(keyType)) {
- if (!SecurityUtils.isECCSupported()) {
- throw new NoSuchAlgorithmException("ECC not supported: " +
keyType);
- }
-
List<KeyPair> kps = new ArrayList<>(ECCurves.NAMES.size());
for (ECCurves curve : ECCurves.VALUES) {
String curveName = curve.getName();
diff --git
a/sshd-common/src/main/java/org/apache/sshd/common/cipher/ECCurves.java
b/sshd-common/src/main/java/org/apache/sshd/common/cipher/ECCurves.java
index b3f98bc05..6db662ed7 100644
--- a/sshd-common/src/main/java/org/apache/sshd/common/cipher/ECCurves.java
+++ b/sshd-common/src/main/java/org/apache/sshd/common/cipher/ECCurves.java
@@ -51,7 +51,6 @@ import org.apache.sshd.common.keyprovider.KeyTypeIndicator;
import org.apache.sshd.common.util.GenericUtils;
import org.apache.sshd.common.util.NumberUtils;
import org.apache.sshd.common.util.ValidateUtils;
-import org.apache.sshd.common.util.security.SecurityUtils;
/**
* Utilities for working with elliptic curves.
@@ -199,7 +198,7 @@ public enum ECCurves implements KeyTypeIndicator,
KeySizeIndicator, NamedResourc
@Override
public final boolean isSupported() {
- return SecurityUtils.isECCSupported() && digestFactory.isSupported();
+ return digestFactory.isSupported();
}
public final ECParameterSpec getParameters() {
diff --git
a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/BuiltinIdentities.java
b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/BuiltinIdentities.java
index 2b6c9f6ed..e4c3b90f7 100644
---
a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/BuiltinIdentities.java
+++
b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/BuiltinIdentities.java
@@ -52,12 +52,7 @@ public enum BuiltinIdentities implements Identity {
RSA(Constants.RSA, RSAPublicKey.class, RSAPrivateKey.class,
KeyPairProvider.SSH_RSA),
DSA(Constants.DSA, DSAPublicKey.class, DSAPrivateKey.class,
KeyPairProvider.SSH_DSS),
ECDSA(Constants.ECDSA, KeyUtils.EC_ALGORITHM, ECPublicKey.class,
ECPrivateKey.class,
-
ECCurves.VALUES.stream().map(KeyTypeIndicator::getKeyType).collect(Collectors.toList()))
{
- @Override
- public boolean isSupported() {
- return SecurityUtils.isECCSupported();
- }
- },
+
ECCurves.VALUES.stream().map(KeyTypeIndicator::getKeyType).collect(Collectors.toList())),
ED25119(Constants.ED25519, SecurityUtils.EDDSA,
SecurityUtils.getEDDSAPublicKeyType(),
SecurityUtils.getEDDSAPrivateKeyType(),
diff --git
a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/KeyUtils.java
b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/KeyUtils.java
index 845362032..0cada2232 100644
--- a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/KeyUtils.java
+++ b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/KeyUtils.java
@@ -169,16 +169,14 @@ public final class KeyUtils {
registerPublicKeyEntryDecoder(RSAPublicKeyDecoder.INSTANCE);
registerPublicKeyEntryDecoder(DSSPublicKeyEntryDecoder.INSTANCE);
- if (SecurityUtils.isECCSupported()) {
- registerPublicKeyEntryDecoder(ECDSAPublicKeyEntryDecoder.INSTANCE);
- }
+ registerPublicKeyEntryDecoder(ECDSAPublicKeyEntryDecoder.INSTANCE);
+
if (SecurityUtils.isEDDSACurveSupported()) {
registerPublicKeyEntryDecoder(SecurityUtils.getEDDSAPublicKeyEntryDecoder());
}
- if (SecurityUtils.isECCSupported()) {
-
registerPublicKeyEntryDecoder(SkECDSAPublicKeyEntryDecoder.INSTANCE);
- }
+ registerPublicKeyEntryDecoder(SkECDSAPublicKeyEntryDecoder.INSTANCE);
+
if (SecurityUtils.isEDDSACurveSupported()) {
registerPublicKeyEntryDecoder(SkED25519PublicKeyEntryDecoder.INSTANCE);
}
diff --git
a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/impl/ECDSAPublicKeyEntryDecoder.java
b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/impl/ECDSAPublicKeyEntryDecoder.java
index b7b12dd99..aab561584 100644
---
a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/impl/ECDSAPublicKeyEntryDecoder.java
+++
b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/impl/ECDSAPublicKeyEntryDecoder.java
@@ -26,7 +26,6 @@ import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
-import java.security.NoSuchProviderException;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECParameterSpec;
@@ -75,10 +74,6 @@ public class ECDSAPublicKeyEntryDecoder extends
AbstractPublicKeyEntryDecoder<EC
}
ECPublicKey decodePublicKey(ECCurves curve, InputStream keyData) throws
IOException, GeneralSecurityException {
- if (!SecurityUtils.isECCSupported()) {
- throw new NoSuchProviderException("ECC not supported");
- }
-
String keyCurveName = curve.getName();
// see rfc5656 section 3.1
String encCurveName = KeyEntryResolver.decodeString(keyData,
MAX_CURVE_NAME_LENGTH);
@@ -126,11 +121,7 @@ public class ECDSAPublicKeyEntryDecoder extends
AbstractPublicKeyEntryDecoder<EC
@Override
public KeyFactory getKeyFactoryInstance() throws GeneralSecurityException {
- if (SecurityUtils.isECCSupported()) {
- return SecurityUtils.getKeyFactory(KeyUtils.EC_ALGORITHM);
- } else {
- throw new NoSuchProviderException("ECC not supported");
- }
+ return SecurityUtils.getKeyFactory(KeyUtils.EC_ALGORITHM);
}
@Override
@@ -147,10 +138,6 @@ public class ECDSAPublicKeyEntryDecoder extends
AbstractPublicKeyEntryDecoder<EC
@Override
public KeyPairGenerator getKeyPairGenerator() throws
GeneralSecurityException {
- if (SecurityUtils.isECCSupported()) {
- return SecurityUtils.getKeyPairGenerator(KeyUtils.EC_ALGORITHM);
- } else {
- throw new NoSuchProviderException("ECC not supported");
- }
+ return SecurityUtils.getKeyPairGenerator(KeyUtils.EC_ALGORITHM);
}
}
diff --git
a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHECDSAPrivateKeyEntryDecoder.java
b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHECDSAPrivateKeyEntryDecoder.java
index ab126807d..cb659cd32 100644
---
a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHECDSAPrivateKeyEntryDecoder.java
+++
b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHECDSAPrivateKeyEntryDecoder.java
@@ -27,7 +27,6 @@ import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
-import java.security.NoSuchProviderException;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECParameterSpec;
@@ -64,10 +63,6 @@ public class OpenSSHECDSAPrivateKeyEntryDecoder extends
AbstractPrivateKeyEntryD
throw new InvalidKeySpecException("Not an EC curve name: " +
keyType);
}
- if (!SecurityUtils.isECCSupported()) {
- throw new NoSuchProviderException("ECC not supported");
- }
-
String keyCurveName = curve.getName();
// see rfc5656 section 3.1
String encCurveName = KeyEntryResolver.decodeString(keyData,
ECDSAPublicKeyEntryDecoder.MAX_CURVE_NAME_LENGTH);
@@ -111,11 +106,7 @@ public class OpenSSHECDSAPrivateKeyEntryDecoder extends
AbstractPrivateKeyEntryD
@Override
public KeyFactory getKeyFactoryInstance() throws GeneralSecurityException {
- if (SecurityUtils.isECCSupported()) {
- return SecurityUtils.getKeyFactory(KeyUtils.EC_ALGORITHM);
- } else {
- throw new NoSuchProviderException("ECC not supported");
- }
+ return SecurityUtils.getKeyFactory(KeyUtils.EC_ALGORITHM);
}
@Override
@@ -132,10 +123,6 @@ public class OpenSSHECDSAPrivateKeyEntryDecoder extends
AbstractPrivateKeyEntryD
@Override
public KeyPairGenerator getKeyPairGenerator() throws
GeneralSecurityException {
- if (SecurityUtils.isECCSupported()) {
- return SecurityUtils.getKeyPairGenerator(KeyUtils.EC_ALGORITHM);
- } else {
- throw new NoSuchProviderException("ECC not supported");
- }
+ return SecurityUtils.getKeyPairGenerator(KeyUtils.EC_ALGORITHM);
}
}
diff --git
a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyPairResourceParser.java
b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyPairResourceParser.java
index a28989375..e4de11a1a 100644
---
a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyPairResourceParser.java
+++
b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyPairResourceParser.java
@@ -86,9 +86,8 @@ public class OpenSSHKeyPairResourceParser extends
AbstractKeyPairResourceParser
registerPrivateKeyEntryDecoder(OpenSSHRSAPrivateKeyDecoder.INSTANCE);
registerPrivateKeyEntryDecoder(OpenSSHDSSPrivateKeyEntryDecoder.INSTANCE);
- if (SecurityUtils.isECCSupported()) {
-
registerPrivateKeyEntryDecoder(OpenSSHECDSAPrivateKeyEntryDecoder.INSTANCE);
- }
+
registerPrivateKeyEntryDecoder(OpenSSHECDSAPrivateKeyEntryDecoder.INSTANCE);
+
if (SecurityUtils.isEDDSACurveSupported()) {
registerPrivateKeyEntryDecoder(SecurityUtils.getOpenSSHEDDSAPrivateKeyEntryDecoder());
}
diff --git
a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/pem/ECDSAPEMResourceKeyPairParser.java
b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/pem/ECDSAPEMResourceKeyPairParser.java
index 9ed808d84..30a8a7deb 100644
---
a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/pem/ECDSAPEMResourceKeyPairParser.java
+++
b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/pem/ECDSAPEMResourceKeyPairParser.java
@@ -26,7 +26,6 @@ import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair;
-import java.security.NoSuchProviderException;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECPoint;
@@ -104,9 +103,6 @@ public class ECDSAPEMResourceKeyPairParser extends
AbstractPEMResourceKeyPairPar
throws IOException, GeneralSecurityException {
ASN1Object sequence = parser.readObject();
Map.Entry<ECPublicKeySpec, ECPrivateKeySpec> spec =
decodeECPrivateKeySpec(curve, sequence);
- if (!SecurityUtils.isECCSupported()) {
- throw new NoSuchProviderException("ECC not supported");
- }
KeyFactory kf = SecurityUtils.getKeyFactory(KeyUtils.EC_ALGORITHM);
ECPublicKey pubKey = (ECPublicKey) kf.generatePublic(spec.getKey());
diff --git
a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/pem/PKCS8PEMResourceKeyPairParser.java
b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/pem/PKCS8PEMResourceKeyPairParser.java
index 8d86aa0bc..38134fc83 100644
---
a/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/pem/PKCS8PEMResourceKeyPairParser.java
+++
b/sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/pem/PKCS8PEMResourceKeyPairParser.java
@@ -129,8 +129,7 @@ public class PKCS8PEMResourceKeyPairParser extends
AbstractPEMResourceKeyPairPar
List<Integer> oidAlgorithm = pkcs8Info.getAlgorithmIdentifier();
String oid = GenericUtils.join(oidAlgorithm, '.');
KeyPair kp;
- if (SecurityUtils.isECCSupported()
- && ECDSAPEMResourceKeyPairParser.ECDSA_OID.equals(oid)) {
+ if (ECDSAPEMResourceKeyPairParser.ECDSA_OID.equals(oid)) {
ASN1Object privateKeyBytes = pkcs8Info.getPrivateKeyBytes();
ASN1Object extraInfo = pkcs8Info.getAlgorithmParameter();
ASN1Type objType = (extraInfo == null) ? ASN1Type.NULL :
extraInfo.getObjType();
diff --git
a/sshd-common/src/main/java/org/apache/sshd/common/signature/BuiltinSignatures.java
b/sshd-common/src/main/java/org/apache/sshd/common/signature/BuiltinSignatures.java
index de919a7f5..54aea9533 100644
---
a/sshd-common/src/main/java/org/apache/sshd/common/signature/BuiltinSignatures.java
+++
b/sshd-common/src/main/java/org/apache/sshd/common/signature/BuiltinSignatures.java
@@ -157,77 +157,42 @@ public enum BuiltinSignatures implements SignatureFactory
{
public Signature create() {
return new SignatureECDSA.SignatureECDSA256();
}
-
- @Override
- public boolean isSupported() {
- return SecurityUtils.isECCSupported();
- }
},
nistp256_cert(KeyPairProvider.SSH_ECDSA_SHA2_NISTP256_CERT) {
@Override
public Signature create() {
return new SignatureECDSA.SignatureECDSA256();
}
-
- @Override
- public boolean isSupported() {
- return SecurityUtils.isECCSupported();
- }
},
nistp384(KeyPairProvider.ECDSA_SHA2_NISTP384) {
@Override
public Signature create() {
return new SignatureECDSA.SignatureECDSA384();
}
-
- @Override
- public boolean isSupported() {
- return SecurityUtils.isECCSupported();
- }
},
nistp384_cert(KeyPairProvider.SSH_ECDSA_SHA2_NISTP384_CERT) {
@Override
public Signature create() {
return new SignatureECDSA.SignatureECDSA384();
}
-
- @Override
- public boolean isSupported() {
- return SecurityUtils.isECCSupported();
- }
},
nistp521(KeyPairProvider.ECDSA_SHA2_NISTP521) {
@Override
public Signature create() {
return new SignatureECDSA.SignatureECDSA521();
}
-
- @Override
- public boolean isSupported() {
- return SecurityUtils.isECCSupported();
- }
},
nistp521_cert(KeyPairProvider.SSH_ECDSA_SHA2_NISTP521_CERT) {
@Override
public Signature create() {
return new SignatureECDSA.SignatureECDSA521();
}
-
- @Override
- public boolean isSupported() {
- return SecurityUtils.isECCSupported();
- }
},
sk_ecdsa_sha2_nistp256(SkECDSAPublicKeyEntryDecoder.KEY_TYPE) {
@Override
public Signature create() {
return new SignatureSkECDSA();
}
-
- @Override
- public boolean isSupported() {
- return SecurityUtils.isECCSupported();
- }
},
ed25519(KeyPairProvider.SSH_ED25519) {
@Override
diff --git
a/sshd-common/src/main/java/org/apache/sshd/common/util/security/SecurityUtils.java
b/sshd-common/src/main/java/org/apache/sshd/common/util/security/SecurityUtils.java
index e524dabc3..a75d83594 100644
---
a/sshd-common/src/main/java/org/apache/sshd/common/util/security/SecurityUtils.java
+++
b/sshd-common/src/main/java/org/apache/sshd/common/util/security/SecurityUtils.java
@@ -60,7 +60,6 @@ import javax.crypto.spec.DHParameterSpec;
import org.apache.sshd.common.NamedResource;
import org.apache.sshd.common.PropertyResolverUtils;
import org.apache.sshd.common.config.keys.FilePasswordProvider;
-import org.apache.sshd.common.config.keys.KeyUtils;
import org.apache.sshd.common.config.keys.PrivateKeyEntryDecoder;
import org.apache.sshd.common.config.keys.PublicKeyEntryDecoder;
import org.apache.sshd.common.config.keys.loader.KeyPairResourceParser;
@@ -141,13 +140,6 @@ public final class SecurityUtils {
"org.apache.sshd.common.util.security.bouncycastle.BouncyCastleSecurityProviderRegistrar",
"org.apache.sshd.common.util.security.eddsa.EdDSASecurityProviderRegistrar"));
- /**
- * System property used to control whether Elliptic Curves are supported
or not. If not set then the support is
- * auto-detected. <B>Note:</B> if set to {@code true} it is up to the user
to make sure that indeed there is a
- * provider for them
- */
- public static final String ECC_SUPPORTED_PROP =
"org.apache.sshd.eccSupport";
-
public static final String PROP_DEFAULT_SECURITY_PROVIDER =
"org.apache.sshd.security.defaultProvider";
/**
@@ -177,8 +169,6 @@ public final class SecurityUtils {
private static final AtomicReference<Boolean> FIPS_MODE = new
AtomicReference<>();
- private static Boolean hasEcc;
-
private SecurityUtils() {
throw new UnsupportedOperationException("No instance");
}
@@ -255,30 +245,6 @@ public final class SecurityUtils {
}
}
- /**
- * @return {@code true} if Elliptic Curve Cryptography is supported
- * @see #ECC_SUPPORTED_PROP
- */
- public static boolean isECCSupported() {
- if (hasEcc == null) {
- String propValue = System.getProperty(ECC_SUPPORTED_PROP);
- if (GenericUtils.isEmpty(propValue)) {
- try {
- getKeyPairGenerator(KeyUtils.EC_ALGORITHM);
- hasEcc = Boolean.TRUE;
- } catch (Throwable t) {
- hasEcc = Boolean.FALSE;
- }
- } else {
- Logger logger = LoggerFactory.getLogger(SecurityUtils.class);
- logger.info("Override ECC support value: {}", propValue);
- hasEcc = Boolean.valueOf(propValue);
- }
- }
-
- return hasEcc;
- }
-
/**
* @return {@code true} if Diffie-Hellman Group Exchange is supported
* @see #getMinDHGroupExchangeKeySize()
diff --git
a/sshd-common/src/test/java/org/apache/sshd/common/config/keys/EcdsaPublicKeyEntryDecoderTest.java
b/sshd-common/src/test/java/org/apache/sshd/common/config/keys/EcdsaPublicKeyEntryDecoderTest.java
index 1e844a5b2..4e564f2e2 100644
---
a/sshd-common/src/test/java/org/apache/sshd/common/config/keys/EcdsaPublicKeyEntryDecoderTest.java
+++
b/sshd-common/src/test/java/org/apache/sshd/common/config/keys/EcdsaPublicKeyEntryDecoderTest.java
@@ -27,9 +27,7 @@ import java.util.Collection;
import java.util.Collections;
import org.apache.sshd.common.cipher.ECCurves;
-import org.apache.sshd.common.util.security.SecurityUtils;
import org.apache.sshd.util.test.JUnitTestSupport;
-import org.junit.jupiter.api.Assumptions;
import org.junit.jupiter.api.MethodOrderer.MethodName;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.TestMethodOrder;
@@ -52,7 +50,6 @@ class EcdsaPublicKeyEntryDecoderTest extends JUnitTestSupport
{
@MethodSource("parameters")
@ParameterizedTest(name = "{0}") // see SSHD-934
void encodeDecodePublicKey(ECCurves curve) throws Exception {
- Assumptions.assumeTrue(SecurityUtils.isECCSupported(), "ECC not
supported");
int keySize = curve.getKeySize();
String keyType = curve.getKeyType();
for (int index = 1; index <= TESTS_COUNT; index++) {
diff --git
a/sshd-common/src/test/java/org/apache/sshd/common/config/keys/KeyRandomArtTest.java
b/sshd-common/src/test/java/org/apache/sshd/common/config/keys/KeyRandomArtTest.java
index 9423ae5fd..febcf9e33 100644
---
a/sshd-common/src/test/java/org/apache/sshd/common/config/keys/KeyRandomArtTest.java
+++
b/sshd-common/src/test/java/org/apache/sshd/common/config/keys/KeyRandomArtTest.java
@@ -55,10 +55,8 @@ class KeyRandomArtTest extends JUnitTestSupport {
params.add(new Object[] { KeyUtils.DSS_ALGORITHM, keySize });
}
- if (SecurityUtils.isECCSupported()) {
- for (ECCurves curve : ECCurves.VALUES) {
- params.add(new Object[] { KeyUtils.EC_ALGORITHM,
curve.getKeySize() });
- }
+ for (ECCurves curve : ECCurves.VALUES) {
+ params.add(new Object[] { KeyUtils.EC_ALGORITHM,
curve.getKeySize() });
}
if (SecurityUtils.isEDDSACurveSupported()) {
diff --git
a/sshd-common/src/test/java/org/apache/sshd/common/config/keys/loader/pem/PKCS8PEMResourceKeyPairParserTest.java
b/sshd-common/src/test/java/org/apache/sshd/common/config/keys/loader/pem/PKCS8PEMResourceKeyPairParserTest.java
index bafcec545..d81e4347b 100644
---
a/sshd-common/src/test/java/org/apache/sshd/common/config/keys/loader/pem/PKCS8PEMResourceKeyPairParserTest.java
+++
b/sshd-common/src/test/java/org/apache/sshd/common/config/keys/loader/pem/PKCS8PEMResourceKeyPairParserTest.java
@@ -63,15 +63,13 @@ class PKCS8PEMResourceKeyPairParserTest extends
JUnitTestSupport {
for (Integer ks : DSS_SIZES) {
params.add(new Object[] { KeyUtils.DSS_ALGORITHM, ks });
}
- if (SecurityUtils.isECCSupported()) {
- for (ECCurves curve : ECCurves.VALUES) {
- if (!curve.isSupported()) {
- outputDebugMessage("Skip unsupported curve=%s", curve);
- continue;
- }
-
- params.add(new Object[] { KeyUtils.EC_ALGORITHM,
curve.getKeySize() });
+ for (ECCurves curve : ECCurves.VALUES) {
+ if (!curve.isSupported()) {
+ outputDebugMessage("Skip unsupported curve=%s", curve);
+ continue;
}
+
+ params.add(new Object[] { KeyUtils.EC_ALGORITHM,
curve.getKeySize() });
}
if (SecurityUtils.isEDDSACurveSupported()) {
params.add(new Object[] { SecurityUtils.EDDSA, 0 });
diff --git
a/sshd-common/src/test/java/org/apache/sshd/common/config/keys/loader/ssh2/Ssh2PublicKeyEntryDecoderByKeyTypeTest.java
b/sshd-common/src/test/java/org/apache/sshd/common/config/keys/loader/ssh2/Ssh2PublicKeyEntryDecoderByKeyTypeTest.java
index 2f39729ee..7fc939936 100644
---
a/sshd-common/src/test/java/org/apache/sshd/common/config/keys/loader/ssh2/Ssh2PublicKeyEntryDecoderByKeyTypeTest.java
+++
b/sshd-common/src/test/java/org/apache/sshd/common/config/keys/loader/ssh2/Ssh2PublicKeyEntryDecoderByKeyTypeTest.java
@@ -50,9 +50,8 @@ class Ssh2PublicKeyEntryDecoderByKeyTypeTest extends
JUnitTestSupport {
List<String> result = new ArrayList<>();
result.add(KeyPairProvider.SSH_RSA);
result.add(KeyPairProvider.SSH_DSS);
- if (SecurityUtils.isECCSupported()) {
- result.addAll(ECCurves.KEY_TYPES);
- }
+ result.addAll(ECCurves.KEY_TYPES);
+
if (SecurityUtils.isEDDSACurveSupported()) {
result.add(KeyPairProvider.SSH_ED25519);
}
diff --git
a/sshd-common/src/test/java/org/apache/sshd/common/config/keys/writer/openssh/OpenSSHKeyPairResourceWriterTest.java
b/sshd-common/src/test/java/org/apache/sshd/common/config/keys/writer/openssh/OpenSSHKeyPairResourceWriterTest.java
index db56ee8b4..a9f28c8a8 100644
---
a/sshd-common/src/test/java/org/apache/sshd/common/config/keys/writer/openssh/OpenSSHKeyPairResourceWriterTest.java
+++
b/sshd-common/src/test/java/org/apache/sshd/common/config/keys/writer/openssh/OpenSSHKeyPairResourceWriterTest.java
@@ -64,20 +64,9 @@ class OpenSSHKeyPairResourceWriterTest extends
JUnitTestSupport {
result.add(new TestData("RSA", 1024, null));
result.add(new TestData("RSA", 2048, null));
result.add(new TestData("DSA", 1024, null));
- if (SecurityUtils.isECCSupported()) {
- result.add(
- new TestData(
- "ECDSA", 256,
- new ECGenParameterSpec("secp256r1")));
- result.add(
- new TestData(
- "ECDSA", 384,
- new ECGenParameterSpec("secp384r1")));
- result.add(
- new TestData(
- "ECDSA", 521,
- new ECGenParameterSpec("secp521r1")));
- }
+ result.add(new TestData("ECDSA", 256, new
ECGenParameterSpec("secp256r1")));
+ result.add(new TestData("ECDSA", 384, new
ECGenParameterSpec("secp384r1")));
+ result.add(new TestData("ECDSA", 521, new
ECGenParameterSpec("secp521r1")));
if (SecurityUtils.isEDDSACurveSupported()) {
// Note: BC also has an EDDSA provider, but that one returns
// "Ed25519" as algorithm from its keys, while the one in
diff --git
a/sshd-common/src/test/java/org/apache/sshd/common/util/security/SecurityUtilsTest.java
b/sshd-common/src/test/java/org/apache/sshd/common/util/security/SecurityUtilsTest.java
index 3c9d84400..e7b3454ce 100644
---
a/sshd-common/src/test/java/org/apache/sshd/common/util/security/SecurityUtilsTest.java
+++
b/sshd-common/src/test/java/org/apache/sshd/common/util/security/SecurityUtilsTest.java
@@ -46,7 +46,6 @@ import
org.apache.sshd.common.keyprovider.ClassLoadableResourceKeyPairProvider;
import org.apache.sshd.common.keyprovider.FileKeyPairProvider;
import org.apache.sshd.common.util.GenericUtils;
import org.apache.sshd.common.util.io.resource.PathResource;
-import org.junit.jupiter.api.Assumptions;
import org.junit.jupiter.api.MethodOrderer.MethodName;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
@@ -109,7 +108,6 @@ class SecurityUtilsTest extends SecurityUtilsTestSupport {
@Test
void loadUnencryptedECPrivateKey() throws Exception {
- Assumptions.assumeTrue(SecurityUtils.isECCSupported(), "EC not
supported");
for (ECCurves c : ECCurves.VALUES) {
if (!c.isSupported()) {
System.out.println("Skip unsupported curve: " + c.getName());
diff --git
a/sshd-common/src/test/java/org/apache/sshd/server/keyprovider/PEMGeneratorHostKeyProviderTest.java
b/sshd-common/src/test/java/org/apache/sshd/server/keyprovider/PEMGeneratorHostKeyProviderTest.java
index 8dad0e318..a40ca617d 100644
---
a/sshd-common/src/test/java/org/apache/sshd/server/keyprovider/PEMGeneratorHostKeyProviderTest.java
+++
b/sshd-common/src/test/java/org/apache/sshd/server/keyprovider/PEMGeneratorHostKeyProviderTest.java
@@ -66,7 +66,6 @@ class PEMGeneratorHostKeyProviderTest extends
JUnitTestSupport {
@Test
void eCnistp256() throws IOException, GeneralSecurityException {
Assumptions.assumeTrue(SecurityUtils.isBouncyCastleRegistered(),
"BouncyCastle not registered");
- Assumptions.assumeTrue(SecurityUtils.isECCSupported(), "ECC not
supported");
Assumptions.assumeTrue(ECCurves.nistp256.isSupported(),
ECCurves.nistp256 + " N/A");
testPEMGeneratorHostKeyProvider(KeyUtils.EC_ALGORITHM,
KeyPairProvider.ECDSA_SHA2_NISTP256, -1,
new ECGenParameterSpec("prime256v1"));
@@ -75,7 +74,6 @@ class PEMGeneratorHostKeyProviderTest extends
JUnitTestSupport {
@Test
void eCnistp384() throws IOException, GeneralSecurityException {
Assumptions.assumeTrue(SecurityUtils.isBouncyCastleRegistered(),
"BouncyCastle not registered");
- Assumptions.assumeTrue(SecurityUtils.isECCSupported(), "ECC not
supported");
Assumptions.assumeTrue(ECCurves.nistp384.isSupported(),
ECCurves.nistp384 + " N/A");
testPEMGeneratorHostKeyProvider(KeyUtils.EC_ALGORITHM,
KeyPairProvider.ECDSA_SHA2_NISTP384, -1,
new ECGenParameterSpec("P-384"));
@@ -84,7 +82,6 @@ class PEMGeneratorHostKeyProviderTest extends
JUnitTestSupport {
@Test
void eCnistp521() throws IOException, GeneralSecurityException {
Assumptions.assumeTrue(SecurityUtils.isBouncyCastleRegistered(),
"BouncyCastle not registered");
- Assumptions.assumeTrue(SecurityUtils.isECCSupported(), "ECC not
supported");
Assumptions.assumeTrue(ECCurves.nistp521.isSupported(),
ECCurves.nistp521 + " N/A");
testPEMGeneratorHostKeyProvider(KeyUtils.EC_ALGORITHM,
KeyPairProvider.ECDSA_SHA2_NISTP521, -1,
new ECGenParameterSpec("P-521"));
diff --git
a/sshd-common/src/test/java/org/apache/sshd/server/keyprovider/SimpleGeneratorHostKeyProviderTest.java
b/sshd-common/src/test/java/org/apache/sshd/server/keyprovider/SimpleGeneratorHostKeyProviderTest.java
index 7aeffbf0b..8712fa4b7 100644
---
a/sshd-common/src/test/java/org/apache/sshd/server/keyprovider/SimpleGeneratorHostKeyProviderTest.java
+++
b/sshd-common/src/test/java/org/apache/sshd/server/keyprovider/SimpleGeneratorHostKeyProviderTest.java
@@ -61,7 +61,6 @@ class SimpleGeneratorHostKeyProviderTest extends
JUnitTestSupport {
@Test
void eCnistp256() throws IOException, GeneralSecurityException {
Assumptions.assumeTrue(SecurityUtils.isBouncyCastleRegistered(),
"BouncyCastle not registered");
- Assumptions.assumeTrue(SecurityUtils.isECCSupported(), "ECC not
supported");
Assumptions.assumeTrue(ECCurves.nistp256.isSupported(),
ECCurves.nistp256 + " N/A");
testSimpleGeneratorHostKeyProvider(KeyUtils.EC_ALGORITHM,
KeyPairProvider.ECDSA_SHA2_NISTP256, -1,
new ECGenParameterSpec("prime256v1"));
@@ -70,7 +69,6 @@ class SimpleGeneratorHostKeyProviderTest extends
JUnitTestSupport {
@Test
void eCnistp384() throws IOException, GeneralSecurityException {
Assumptions.assumeTrue(SecurityUtils.isBouncyCastleRegistered(),
"BouncyCastle not registered");
- Assumptions.assumeTrue(SecurityUtils.isECCSupported(), "ECC not
supported");
Assumptions.assumeTrue(ECCurves.nistp384.isSupported(),
ECCurves.nistp384 + " N/A");
testSimpleGeneratorHostKeyProvider(KeyUtils.EC_ALGORITHM,
KeyPairProvider.ECDSA_SHA2_NISTP384, -1,
new ECGenParameterSpec("P-384"));
@@ -79,7 +77,6 @@ class SimpleGeneratorHostKeyProviderTest extends
JUnitTestSupport {
@Test
void eCnistp521() throws IOException, GeneralSecurityException {
Assumptions.assumeTrue(SecurityUtils.isBouncyCastleRegistered(),
"BouncyCastle not registered");
- Assumptions.assumeTrue(SecurityUtils.isECCSupported(), "ECC not
supported");
Assumptions.assumeTrue(ECCurves.nistp521.isSupported(),
ECCurves.nistp521 + " N/A");
testSimpleGeneratorHostKeyProvider(KeyUtils.EC_ALGORITHM,
KeyPairProvider.ECDSA_SHA2_NISTP521, -1,
new ECGenParameterSpec("P-521"));
diff --git
a/sshd-common/src/test/java/org/apache/sshd/util/test/CommonTestSupportUtils.java
b/sshd-common/src/test/java/org/apache/sshd/util/test/CommonTestSupportUtils.java
index 57f43fbe3..32a209157 100644
---
a/sshd-common/src/test/java/org/apache/sshd/util/test/CommonTestSupportUtils.java
+++
b/sshd-common/src/test/java/org/apache/sshd/util/test/CommonTestSupportUtils.java
@@ -611,7 +611,7 @@ public final class CommonTestSupportUtils {
return Optional.of(verifySignatureMatch(privateKey, publicKey,
BuiltinSignatures.rsa));
} else if (privateKey instanceof DSAPrivateKey) {
return Optional.of(verifySignatureMatch(privateKey, publicKey,
BuiltinSignatures.dsa));
- } else if (SecurityUtils.isECCSupported() && (privateKey instanceof
ECKey)) {
+ } else if (privateKey instanceof ECKey) {
ECCurves curve = ECCurves.fromECKey((ECKey) privateKey);
ValidateUtils.checkNotNull(curve, "Unsupported EC key: %s",
privateKey);
switch (curve) {
diff --git
a/sshd-core/src/test/java/org/apache/sshd/common/config/keys/AuthorizedKeysTestSupport.java
b/sshd-core/src/test/java/org/apache/sshd/common/config/keys/AuthorizedKeysTestSupport.java
index f2045da36..96a5c6278 100644
---
a/sshd-core/src/test/java/org/apache/sshd/common/config/keys/AuthorizedKeysTestSupport.java
+++
b/sshd-core/src/test/java/org/apache/sshd/common/config/keys/AuthorizedKeysTestSupport.java
@@ -34,12 +34,10 @@ import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
-import org.apache.sshd.common.cipher.ECCurves;
import org.apache.sshd.common.util.GenericUtils;
import org.apache.sshd.common.util.io.IoUtils;
import org.apache.sshd.common.util.io.input.NoCloseInputStream;
import org.apache.sshd.common.util.io.input.NoCloseReader;
-import org.apache.sshd.common.util.security.SecurityUtils;
import org.apache.sshd.server.config.keys.AuthorizedKeysAuthenticator;
import org.apache.sshd.util.test.BaseTestSupport;
import org.junit.jupiter.api.Tag;
@@ -100,7 +98,6 @@ public abstract class AuthorizedKeysTestSupport extends
BaseTestSupport {
public static List<String> loadSupportedKeys(BufferedReader rdr) throws
IOException {
List<String> keyLines = new ArrayList<>();
- boolean eccSupported = SecurityUtils.isECCSupported();
for (String l = rdr.readLine(); l != null; l = rdr.readLine()) {
l = GenericUtils.trimToEmpty(l);
// filter out empty and comment lines
@@ -108,12 +105,6 @@ public abstract class AuthorizedKeysTestSupport extends
BaseTestSupport {
continue;
}
- // skip EC keys if ECC not supported
- if (l.contains(ECCurves.Constants.ECDSA_SHA2_PREFIX) &&
(!eccSupported)) {
- System.out.println("Skip (ECC not supported) " + l);
- continue;
- }
-
keyLines.add(l);
}
diff --git
a/sshd-core/src/test/java/org/apache/sshd/common/signature/SignatureFactoriesTest.java
b/sshd-core/src/test/java/org/apache/sshd/common/signature/SignatureFactoriesTest.java
index cff434448..257563b8e 100644
---
a/sshd-core/src/test/java/org/apache/sshd/common/signature/SignatureFactoriesTest.java
+++
b/sshd-core/src/test/java/org/apache/sshd/common/signature/SignatureFactoriesTest.java
@@ -87,17 +87,11 @@ class SignatureFactoriesTest extends BaseTestSupport
implements KeyTypeIndicator
addTests(list, KeyPairProvider.SSH_DSS, BuiltinSignatures.dsa,
DSS_SIZES, DSSPublicKeyEntryDecoder.INSTANCE);
addTests(list, KeyPairProvider.SSH_RSA, BuiltinSignatures.rsa,
RSA_SIZES, RSAPublicKeyDecoder.INSTANCE);
- if (SecurityUtils.isECCSupported()) {
- for (ECCurves curve : ECCurves.VALUES) {
- BuiltinSignatures factory =
BuiltinSignatures.fromFactoryName(curve.getKeyType());
- addTests(list, curve.getName(), factory,
- curve.isSupported() ?
Collections.singletonList(curve.getKeySize()) : Collections.singletonList(-1),
- curve.isSupported() ?
ECDSAPublicKeyEntryDecoder.INSTANCE : null);
- }
- } else {
- for (String name : ECCurves.NAMES) {
- addTests(list, name, null, Collections.singletonList(-1),
null);
- }
+ for (ECCurves curve : ECCurves.VALUES) {
+ BuiltinSignatures factory =
BuiltinSignatures.fromFactoryName(curve.getKeyType());
+ addTests(list, curve.getName(), factory,
+ curve.isSupported() ?
Collections.singletonList(curve.getKeySize()) : Collections.singletonList(-1),
+ curve.isSupported() ? ECDSAPublicKeyEntryDecoder.INSTANCE
: null);
}
addTests(list, KeyPairProvider.SSH_ED25519, BuiltinSignatures.ed25519,
ED25519_SIZES,
SecurityUtils.isEDDSACurveSupported() ?
SecurityUtils.getEDDSAPublicKeyEntryDecoder() : null);
diff --git
a/sshd-openpgp/src/main/java/org/apache/sshd/openpgp/PGPPrivateKeyExtractor.java
b/sshd-openpgp/src/main/java/org/apache/sshd/openpgp/PGPPrivateKeyExtractor.java
index 3c6194e45..cd564e02c 100644
---
a/sshd-openpgp/src/main/java/org/apache/sshd/openpgp/PGPPrivateKeyExtractor.java
+++
b/sshd-openpgp/src/main/java/org/apache/sshd/openpgp/PGPPrivateKeyExtractor.java
@@ -89,10 +89,6 @@ public interface PGPPrivateKeyExtractor {
return null;
}
- if (!SecurityUtils.isECCSupported()) {
- throw new NoSuchProviderException("ECC not supported");
- }
-
ECParameterSpec params = pubKey.getParams();
BigInteger x = bcKey.getX();
return generatePrivateKey(KeyUtils.EC_ALGORITHM, ECPrivateKey.class,
new ECPrivateKeySpec(x, params));
diff --git
a/sshd-openpgp/src/main/java/org/apache/sshd/openpgp/PGPPublicKeyExtractor.java
b/sshd-openpgp/src/main/java/org/apache/sshd/openpgp/PGPPublicKeyExtractor.java
index 368cec866..03ffab6f0 100644
---
a/sshd-openpgp/src/main/java/org/apache/sshd/openpgp/PGPPublicKeyExtractor.java
+++
b/sshd-openpgp/src/main/java/org/apache/sshd/openpgp/PGPPublicKeyExtractor.java
@@ -118,10 +118,6 @@ public interface PGPPublicKeyExtractor {
throw new InvalidKeySpecException("Not an EC curve OID: " + oid);
}
- if (!SecurityUtils.isECCSupported()) {
- throw new NoSuchProviderException("ECC not supported");
- }
-
BigInteger encPoint = bcKey.getEncodedPoint();
byte[] octets = encPoint.toByteArray();
ECPoint w;
diff --git
a/sshd-putty/src/main/java/org/apache/sshd/putty/ECDSAPuttyKeyDecoder.java
b/sshd-putty/src/main/java/org/apache/sshd/putty/ECDSAPuttyKeyDecoder.java
index 92e27ab3a..ce1eeb2e2 100644
--- a/sshd-putty/src/main/java/org/apache/sshd/putty/ECDSAPuttyKeyDecoder.java
+++ b/sshd-putty/src/main/java/org/apache/sshd/putty/ECDSAPuttyKeyDecoder.java
@@ -23,7 +23,6 @@ import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair;
-import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.ECPrivateKey;
@@ -60,10 +59,6 @@ public class ECDSAPuttyKeyDecoder extends
AbstractPuttyKeyDecoder<ECPublicKey, E
NamedResource resourceKey, int formatVersion, PuttyKeyReader
pubReader, PuttyKeyReader prvReader,
Map<String, String> headers)
throws IOException, GeneralSecurityException {
- if (!SecurityUtils.isECCSupported()) {
- throw new NoSuchAlgorithmException("ECC not supported for " +
resourceKey);
- }
-
String keyType = pubReader.readString();
ECCurves curve = ECCurves.fromKeyType(keyType);
if (curve == null) {
diff --git a/sshd-putty/src/main/java/org/apache/sshd/putty/PuttyKeyUtils.java
b/sshd-putty/src/main/java/org/apache/sshd/putty/PuttyKeyUtils.java
index 0db180931..38cdeaa4d 100644
--- a/sshd-putty/src/main/java/org/apache/sshd/putty/PuttyKeyUtils.java
+++ b/sshd-putty/src/main/java/org/apache/sshd/putty/PuttyKeyUtils.java
@@ -43,9 +43,7 @@ public final class PuttyKeyUtils {
List<PuttyKeyPairResourceParser<?, ?>> parsers = new ArrayList<>();
parsers.add(RSAPuttyKeyDecoder.INSTANCE);
parsers.add(DSSPuttyKeyDecoder.INSTANCE);
- if (SecurityUtils.isECCSupported()) {
- parsers.add(ECDSAPuttyKeyDecoder.INSTANCE);
- }
+ parsers.add(ECDSAPuttyKeyDecoder.INSTANCE);
if (SecurityUtils.isEDDSACurveSupported()) {
parsers.add(EdDSAPuttyKeyDecoder.INSTANCE);
}
