sshd: fix IdentiesOnly if SSH agent is enabled and has keys

Commit a44b9e8bf changed the logic so that we try to read a public key
from the file given first, and only then try the file with the ".pub"
extension. Unfortunately the exception handling was not sufficient to
correctly deal with the given file containing a private key.

Apache MINA SSHD may throw a StreamCorruptedException when one tries
to read a public key from a file containing a private key. Handle
this exception in addition to GeneralSecurityException, and change
the order of exception handlers because StreamCorruptedException is
an IOException.

Bug: jgit-53
Change-Id: I7dddc2c11aa75d7663f7fe41652df612bf8c88cd
Signed-off-by: Thomas Wolf <twolf@apache.org>

diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPublicKeyAuthentication.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPublicKeyAuthentication.java
index b0b1028daa00f1d01ae4495253c4ee898fc21a4b..6aace4753acbdad12a8b09f36af683dbdde8470c 100644 (file)
--- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPublicKeyAuthentication.java
+++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPublicKeyAuthentication.java
@@ -17,6 +17,7 @@ import static org.eclipse.jgit.transport.SshConstants.PUBKEY_ACCEPTED_ALGORITHMS
 
 import java.io.File;
 import java.io.IOException;
+import java.io.StreamCorruptedException;
 import java.net.URISyntaxException;
 import java.nio.file.Files;
 import java.nio.file.InvalidPathException;
@@ -355,20 +356,20 @@ public class JGitPublicKeyAuthentication extends UserAuthPublicKey {
                                // only warn about non-existing files in case the key file is
                                // not derived
                                if (!isDerived) {
-                                       log.warn("{}", //$NON-NLS-1$
+                                       log.warn(LOG_FORMAT,
                                                format(SshdText.get().cannotReadPublicKey, keyFile));
                                }
-                       } catch (InvalidPathException | IOException e) {
-                               log.warn("{}", //$NON-NLS-1$
-                                               format(SshdText.get().cannotReadPublicKey, keyFile), e);
-                       } catch (GeneralSecurityException e) {
+                       } catch (GeneralSecurityException | StreamCorruptedException e) {
                                // ignore in case this is not a derived key path, as in most
                                // cases this specifies a private key
                                if (isDerived) {
-                                       log.warn("{}", //$NON-NLS-1$
+                                       log.warn(LOG_FORMAT,
                                                        format(SshdText.get().cannotReadPublicKey, keyFile),
                                                        e);
                                }
+                       } catch (InvalidPathException | IOException e) {
+                               log.warn(LOG_FORMAT,
+                                               format(SshdText.get().cannotReadPublicKey, keyFile), e);
                        }
                        return null;
                }