This is an automated email from the ASF dual-hosted git repository. twolf pushed a commit to branch dev_3.0 in repository https://gitbox.apache.org/repos/asf/mina-sshd.git
commit 36a87bbe06534308bfda2ebef776d34790564f9a Author: Thomas Wolf <[email protected]> AuthorDate: Sat Sep 13 14:33:56 2025 +0200 Run sshd-common tests with different providers The normal run has both net.i2p and Bouncy Castle enabled. Run the tests twice more, once with net.i2p disabled, and once with both disabled and thus using only JCE. Fix tests; some tests assume ed25519 was available, and some EC tests cannot work on plain JCE. --- sshd-common/pom.xml | 70 ++++++++++++++++++++++ .../OpenSSHKeyPairResourceParserAEADTest.java | 8 +++ .../pem/PKCS8PEMResourceKeyPairParserTest.java | 14 +++++ .../common/signature/SignatureSkED25519Test.java | 8 +++ .../BouncyCastleGeneratorHostKeyProviderTest.java | 7 +++ 5 files changed, 107 insertions(+) diff --git a/sshd-common/pom.xml b/sshd-common/pom.xml index 7ea27094c..b4f95fb18 100644 --- a/sshd-common/pom.xml +++ b/sshd-common/pom.xml @@ -72,6 +72,76 @@ </dependency> </dependencies> + <profiles> + <profile> + <id>no-net-i2p</id> + <activation> + <property> + <name>test.no-net-i2p</name> + <value>!disable</value> + </property> + </activation> + + <build> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-surefire-plugin</artifactId> + <executions> + <execution> + <id>no-net-i2p</id> + <goals> + <goal>test</goal> + </goals> + <configuration> + <redirectTestOutputToFile>true</redirectTestOutputToFile> + <reportsDirectory>${project.build.directory}/surefire-reports-no-net-i2p</reportsDirectory> + <systemPropertyVariables> + <org.apache.sshd.security.provider.EdDSA.enabled>false</org.apache.sshd.security.provider.EdDSA.enabled> + </systemPropertyVariables> + </configuration> + </execution> + </executions> + </plugin> + </plugins> + </build> + </profile> + <profile> + <id>jce</id> + <activation> + <property> + <name>test.jce</name> + <value>!disable</value> + </property> + </activation> + + <build> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-surefire-plugin</artifactId> + <executions> + <execution> + <id>jce</id> + <goals> + <goal>test</goal> + </goals> + <configuration> + <redirectTestOutputToFile>true</redirectTestOutputToFile> + <reportsDirectory>${project.build.directory}/surefire-reports-jce</reportsDirectory> + <systemPropertyVariables> + <org.apache.sshd.security.provider.EdDSA.enabled>false</org.apache.sshd.security.provider.EdDSA.enabled> + <org.apache.sshd.security.provider.BC.enabled>false</org.apache.sshd.security.provider.BC.enabled> + </systemPropertyVariables> + </configuration> + </execution> + </executions> + </plugin> + </plugins> + </build> + </profile> + </profiles> + <build> <resources> <resource> diff --git a/sshd-common/src/test/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyPairResourceParserAEADTest.java b/sshd-common/src/test/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyPairResourceParserAEADTest.java index 17ddbad08..6383e8d75 100644 --- a/sshd-common/src/test/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyPairResourceParserAEADTest.java +++ b/sshd-common/src/test/java/org/apache/sshd/common/config/keys/loader/openssh/OpenSSHKeyPairResourceParserAEADTest.java @@ -23,7 +23,10 @@ import java.security.KeyPair; import java.util.Collection; import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.util.security.SecurityUtils; import org.apache.sshd.util.test.JUnitTestSupport; +import org.junit.jupiter.api.Assumptions; +import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Tag; import org.junit.jupiter.params.ParameterizedTest; @@ -54,6 +57,11 @@ class OpenSSHKeyPairResourceParserAEADTest extends JUnitTestSupport { return result; } + @BeforeAll + static void requireEd25519() { + Assumptions.assumeTrue(SecurityUtils.isEDDSACurveSupported(), "Test requires ed25519"); + } + @BeforeEach void loadUnencrypted() throws Exception { unencrypted = load(BASE); diff --git a/sshd-common/src/test/java/org/apache/sshd/common/config/keys/loader/pem/PKCS8PEMResourceKeyPairParserTest.java b/sshd-common/src/test/java/org/apache/sshd/common/config/keys/loader/pem/PKCS8PEMResourceKeyPairParserTest.java index b162a425a..8fdbd75ec 100644 --- a/sshd-common/src/test/java/org/apache/sshd/common/config/keys/loader/pem/PKCS8PEMResourceKeyPairParserTest.java +++ b/sshd-common/src/test/java/org/apache/sshd/common/config/keys/loader/pem/PKCS8PEMResourceKeyPairParserTest.java @@ -77,6 +77,19 @@ class PKCS8PEMResourceKeyPairParserTest extends JUnitTestSupport { return params; } + private boolean canRun(String algorithm, KeyPair kp) { + if (!KeyUtils.EC_ALGORITHM.equals(algorithm)) { + return true; + } + // Cannot work with JCE EC keys because the public key is not in the encoding. + // See https://bugs.openjdk.org/browse/JDK-8234465, which was fixed in Java 15 but + // then again reverted: https://bugs.openjdk.org/browse/JDK-8236070 + // If we wanted to be able to parse such key pairs with only having the private key, + // we would need to have a way to compute the public key from the private key. + // With standard Java, there is no such way. + return kp.getPublic().getClass().getCanonicalName().startsWith("org.bouncycastle."); + } + @MethodSource("parameters") @ParameterizedTest(name = "{0}-{1}") // see SSHD-760 void locallyGeneratedPkcs8(String algorithm, int keySize) throws IOException, GeneralSecurityException { @@ -86,6 +99,7 @@ class PKCS8PEMResourceKeyPairParserTest extends JUnitTestSupport { } KeyPair kp = generator.generateKeyPair(); + Assumptions.assumeTrue(canRun(algorithm, kp), "Cannot work with JCE; see JDK-8234465 and its revert JDK-8236070"); try (ByteArrayOutputStream os = new ByteArrayOutputStream()) { Collection<Object> items = new ArrayList<>(); PrivateKey prv1 = kp.getPrivate(); diff --git a/sshd-common/src/test/java/org/apache/sshd/common/signature/SignatureSkED25519Test.java b/sshd-common/src/test/java/org/apache/sshd/common/signature/SignatureSkED25519Test.java index dd7aa156a..d2633150f 100644 --- a/sshd-common/src/test/java/org/apache/sshd/common/signature/SignatureSkED25519Test.java +++ b/sshd-common/src/test/java/org/apache/sshd/common/signature/SignatureSkED25519Test.java @@ -22,7 +22,10 @@ import java.security.PublicKey; import java.util.Base64; import org.apache.sshd.common.config.keys.AuthorizedKeyEntry; +import org.apache.sshd.common.util.security.SecurityUtils; import org.apache.sshd.util.test.JUnitTestSupport; +import org.junit.jupiter.api.Assumptions; +import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.MethodOrderer.MethodName; import org.junit.jupiter.api.Tag; import org.junit.jupiter.api.Test; @@ -57,6 +60,11 @@ class SignatureSkED25519Test extends JUnitTestSupport { super(); } + @BeforeAll + static void requireEd25519() { + Assumptions.assumeTrue(SecurityUtils.isEDDSACurveSupported(), "Test requires ed25519"); + } + @Test void validSignatureWithTouch() throws Exception { testSignature(AUTHORIZED_KEY_ENTRY, MSG1, SIG_FOR_MSG1_WITH_TOUCH, true); diff --git a/sshd-common/src/test/java/org/apache/sshd/common/util/security/bouncycastle/BouncyCastleGeneratorHostKeyProviderTest.java b/sshd-common/src/test/java/org/apache/sshd/common/util/security/bouncycastle/BouncyCastleGeneratorHostKeyProviderTest.java index 58f9aeede..64a557e07 100644 --- a/sshd-common/src/test/java/org/apache/sshd/common/util/security/bouncycastle/BouncyCastleGeneratorHostKeyProviderTest.java +++ b/sshd-common/src/test/java/org/apache/sshd/common/util/security/bouncycastle/BouncyCastleGeneratorHostKeyProviderTest.java @@ -38,6 +38,8 @@ import org.apache.sshd.common.keyprovider.KeyPairProvider; import org.apache.sshd.common.util.security.SecurityUtils; import org.apache.sshd.server.keyprovider.AbstractGeneratorHostKeyProvider; import org.apache.sshd.util.test.JUnitTestSupport; +import org.junit.jupiter.api.Assumptions; +import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.MethodOrderer.MethodName; import org.junit.jupiter.api.Tag; import org.junit.jupiter.api.TestMethodOrder; @@ -72,6 +74,11 @@ class BouncyCastleGeneratorHostKeyProviderTest extends JUnitTestSupport { return params; } + @BeforeAll + static void requireBouncyCastle() { + Assumptions.assumeTrue(SecurityUtils.isBouncyCastleRegistered(), "Test requires Bouncy Castle"); + } + @MethodSource("parameters") @ParameterizedTest(name = "{0} / {1}") void keyReadWrite(String keyType, int keySize) throws IOException, GeneralSecurityException {
