This is an automated email from the ASF dual-hosted git repository. twolf pushed a commit to branch dev_3.0 in repository https://gitbox.apache.org/repos/asf/mina-sshd.git
commit 22de9b28f62ec685632725c524e4c576c1c1a0bd Merge: b900b2d8b 22b9b07d9 Author: Thomas Wolf <[email protected]> AuthorDate: Mon Sep 29 19:25:10 2025 +0200 Merge branch 'master' into 3.0.0 pom.xml | 6 +- .../sshd/client/config/hosts/KnownHostEntry.java | 67 +++++++++++----------- sshd-contrib/pom.xml | 2 +- .../keyverifier/KnownHostsUnsupportedKeysTest.java | 17 ++++++ 4 files changed, 53 insertions(+), 39 deletions(-) diff --cc pom.xml index 8985b14fb,83dab1782..abbda7722 --- a/pom.xml +++ b/pom.xml @@@ -81,18 -80,24 +81,18 @@@ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> - <project.build.outputTimestamp>2025-08-17T20:59:29Z</project.build.outputTimestamp> + <project.build.outputTimestamp>2025-08-29T21:59:28Z</project.build.outputTimestamp> <java.sdk.version>8</java.sdk.version> - <javac.source>${java.sdk.version}</javac.source> - <project.build.java.source>${javac.source}</project.build.java.source> - <maven.compiler.source>${javac.source}</maven.compiler.source> + <javac.release>${java.sdk.version}</javac.release> + <maven.compiler.release>${java.sdk.version}</maven.compiler.release> <ant.version>1.10.15</ant.version> - <ant.build.javac.source>${javac.source}</ant.build.javac.source> <build-helper-maven-plugin.version>3.6.1</build-helper-maven-plugin.version> - <javac.target>${javac.source}</javac.target> - <required.java.version>[${javac.target},)</required.java.version> - <project.build.java.target>${javac.target}</project.build.java.target> - <maven.compiler.target>${javac.target}</maven.compiler.target> - <ant.build.javac.target>${javac.target}</ant.build.javac.target> + <required.java.version>[${java.sdk.version},)</required.java.version> <groovy.version>4.0.17</groovy.version> - <bouncycastle.version>1.81</bouncycastle.version> + <bouncycastle.version>1.82</bouncycastle.version> <!-- NOTE: upgrading slf4j beyond this version causes Execution verify-style of goal org.apache.maven.plugins:maven-checkstyle-plugin:3.1.2:check failed.: NullPointerException @@@ -260,18 -263,18 +260,18 @@@ <showWarnings>true</showWarnings> </configuration> <dependencies> - <dependency> - <groupId>org.codehaus.plexus</groupId> + <dependency> + <groupId>org.codehaus.plexus</groupId> <artifactId>plexus-compiler-javac-errorprone</artifactId> - <version>2.15.0</version> - </dependency> - <!-- override plexus-compiler-javac-errorprone's dependency on Error Prone with the latest version --> - <dependency> + <version>2.15.0</version> + </dependency> + <!-- override plexus-compiler-javac-errorprone's dependency on Error Prone with the latest version --> + <dependency> <groupId>com.google.errorprone</groupId> <artifactId>error_prone_core</artifactId> - <version>2.41.0</version> - <version>2.42.0</version> ++ <version>2.42.0</version> </dependency> - </dependencies> + </dependencies> </plugin> </plugins> </build> diff --cc sshd-common/src/main/java/org/apache/sshd/client/config/hosts/KnownHostEntry.java index fa82837aa,aa2ba97db..238d3ecc6 --- a/sshd-common/src/main/java/org/apache/sshd/client/config/hosts/KnownHostEntry.java +++ b/sshd-common/src/main/java/org/apache/sshd/client/config/hosts/KnownHostEntry.java @@@ -34,7 -33,7 +33,6 @@@ import java.util.ArrayList import java.util.Collections; import java.util.List; - import org.apache.sshd.common.config.ConfigFileReaderSupport; -import org.apache.sshd.common.config.keys.AuthorizedKeyEntry; import org.apache.sshd.common.config.keys.PublicKeyEntry; import org.apache.sshd.common.util.GenericUtils; import org.apache.sshd.common.util.ValidateUtils; @@@ -181,17 -184,17 +183,6 @@@ public class KnownHostEntry extends Hos if (GenericUtils.isEmpty(line)) { continue; } -- - int pos = line.indexOf(ConfigFileReaderSupport.COMMENT_CHAR); - int pos = line.indexOf(PublicKeyEntry.COMMENT_CHAR); -- if (pos == 0) { -- continue; -- } -- -- if (pos > 0) { -- line = line.substring(0, pos); -- line = line.trim(); -- } -- try { KnownHostEntry entry = parseKnownHostEntry(line); if (entry == null) { @@@ -216,43 -218,49 +206,50 @@@ } public static KnownHostEntry parseKnownHostEntry(String line) { - return parseKnownHostEntry(GenericUtils.isEmpty(line) ? null : new KnownHostEntry(), line); - return GenericUtils.isEmpty(line) ? null : parseKnownHostEntry(new KnownHostEntry(), line); -- } -- -- public static <E extends KnownHostEntry> E parseKnownHostEntry(E entry, String data) { - String line = GenericUtils.replaceWhitespaceAndTrim(data); - if (GenericUtils.isEmpty(line) || (line.charAt(0) == PublicKeyEntry.COMMENT_CHAR)) { - return entry; - if (data == null) { ++ if (line == null) { + return null; + } - String line = GenericUtils.replaceWhitespaceAndTrim(data); - if (GenericUtils.isEmpty(line) || (line.charAt(0) == PublicKeyEntry.COMMENT_CHAR)) { ++ String tmp = GenericUtils.replaceWhitespaceAndTrim(line); ++ int i = tmp.indexOf(PublicKeyEntry.COMMENT_CHAR); ++ if (i >= 0) { ++ tmp = tmp.substring(0, i).trim(); ++ } ++ if (GenericUtils.isEmpty(tmp)) { + return null; } ++ KnownHostEntry entry = new KnownHostEntry(); entry.setConfigLine(line); -- if (line.charAt(0) == MARKER_INDICATOR) { -- int pos = line.indexOf(' '); -- ValidateUtils.checkTrue(pos > 0, "Missing marker name end delimiter in line=%s", data); -- ValidateUtils.checkTrue(pos > 1, "No marker name after indicator in line=%s", data); -- entry.setMarker(line.substring(1, pos)); -- line = line.substring(pos + 1).trim(); ++ if (tmp.charAt(0) == MARKER_INDICATOR) { ++ int pos = tmp.indexOf(' '); ++ ValidateUtils.checkTrue(pos > 0, "Missing marker name end delimiter in line=%s", line); ++ ValidateUtils.checkTrue(pos > 1, "No marker name after indicator in line=%s", line); ++ entry.setMarker(tmp.substring(1, pos)); ++ tmp = tmp.substring(pos + 1).trim(); } else { entry.setMarker(null); } -- int pos = line.indexOf(' '); -- ValidateUtils.checkTrue(pos > 0, "Missing host patterns end delimiter in line=%s", data); -- String hostPattern = line.substring(0, pos); -- line = line.substring(pos + 1).trim(); ++ int pos = tmp.indexOf(' '); ++ ValidateUtils.checkTrue(pos > 0, "Missing host patterns end delimiter in line=%s", line); ++ String hostPattern = tmp.substring(0, pos); ++ tmp = tmp.substring(pos + 1).trim(); if (hostPattern.charAt(0) == KnownHostHashValue.HASHED_HOST_DELIMITER) { KnownHostHashValue hash = ValidateUtils.checkNotNull(KnownHostHashValue.parse(hostPattern), -- "Failed to extract host hash value from line=%s", data); ++ "Failed to extract host hash value from line=%s", line); entry.setHashedEntry(hash); entry.setPatterns(null); } else { entry.setHashedEntry(null); entry.setPatterns(parsePatterns(GenericUtils.split(hostPattern, ','))); } - AuthorizedKeyEntry key = PublicKeyEntry.parsePublicKeyEntry(new AuthorizedKeyEntry(), - ValidateUtils.checkNotNullAndNotEmpty(line, "No valid key entry recovered from line=%s", data)); + PublicKeyEntry key = PublicKeyEntry.parsePublicKeyEntry( - ValidateUtils.checkNotNullAndNotEmpty(line, "No valid key entry recovered from line=%s", data)); ++ ValidateUtils.checkNotNullAndNotEmpty(tmp, "No valid key entry recovered from line=%s", line)); + if (key == null) { + return null; + } entry.setKeyEntry(key); return entry; } diff --cc sshd-core/src/test/java/org/apache/sshd/client/keyverifier/KnownHostsUnsupportedKeysTest.java index c10c7f7e8,4b34056c6..ec997db33 --- a/sshd-core/src/test/java/org/apache/sshd/client/keyverifier/KnownHostsUnsupportedKeysTest.java +++ b/sshd-core/src/test/java/org/apache/sshd/client/keyverifier/KnownHostsUnsupportedKeysTest.java @@@ -71,6 -71,23 +71,23 @@@ class KnownHostsUnsupportedKeysTest ext } @Test + void invalidLineIgnored() throws Exception { + Path knownHosts = tmp.resolve("known_hosts"); + String entry + = "[127.0.0.1]:2222 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCbZVVpqEHGLNWMqMeyU1VbWb91XteoamVcgpy4yxNVbZffb5IDdbo1ons/y9KAhcub6LZeLrvXzVUZbXCZiUkg="; + List<String> lines = new ArrayList<>(); + lines.add(entry + entry); + lines.add(entry); + Files.write(knownHosts, lines); + KnownHostsServerKeyVerifier verifier = new KnownHostsServerKeyVerifier(RejectAllServerKeyVerifier.INSTANCE, knownHosts); + KnownHostEntry knownHost = KnownHostEntry.parseKnownHostEntry(lines.get(1)); - AuthorizedKeyEntry keyEntry = knownHost.getKeyEntry(); ++ PublicKeyEntry keyEntry = knownHost.getKeyEntry(); + assertNotNull(keyEntry); + PublicKey key = keyEntry.resolvePublicKey(null, PublicKeyEntryResolver.FAILING); + assertTrue(invokeVerifier(verifier, new SshdSocketAddress("127.0.0.1", 2222), key)); + } + + @Test void unknownNewKey() throws Exception { KeyPair kp = CommonTestSupportUtils.generateKeyPair(KeyUtils.RSA_ALGORITHM, 1024); PublicKey newKey = kp.getPublic();
