upgrade to sshd 1.6.0, add eddsa dependency, upgrade jgit to 4.1.2

(cherry picked from commit d8fbdda2ab3fa48e92bdf37399d4b75c48409c5c@rpardini:master) # Conflicts: # .classpath # build.moxie # src/test/java/com/gitblit/tests/SshUnitTest.java
author: ricardop <ricardo.pardini@me.com.br> 2018-01-03 16:09:27 +0100
committer: Florian Zschocke <f.zschocke+git@gmail.com> 2022-10-08 21:14:19 +0200
commit: 0f3fdd8d4d8884a821069b65e08cfe197bf45bd2 (patch)
tree: 5dce3f2f8b36a32c2bfa92ef297c794ddda889b2
parent: 541472fe1d74130d8f0105331a1d16c07c676027 (diff)
download: gitblit-0f3fdd8d4d8884a821069b65e08cfe197bf45bd2.tar.gz
gitblit-0f3fdd8d4d8884a821069b65e08cfe197bf45bd2.zip
8 files changed, 48 insertions, 26 deletions
diff --git a/.classpath b/.classpath
index a5da35ab..e1929122 100644
--- a/.classpath
+++ b/.classpath
@@ -54,7 +54,8 @@
 	<classpathentry kind="lib" path="ext/bcprov-jdk15on-1.57.jar" sourcepath="ext/src/bcprov-jdk15on-1.57.jar" />
 	<classpathentry kind="lib" path="ext/bcmail-jdk15on-1.57.jar" sourcepath="ext/src/bcmail-jdk15on-1.57.jar" />
 	<classpathentry kind="lib" path="ext/bcpkix-jdk15on-1.57.jar" sourcepath="ext/src/bcpkix-jdk15on-1.57.jar" />
-	<classpathentry kind="lib" path="ext/sshd-core-1.2.0.jar" sourcepath="ext/src/sshd-core-1.2.0.jar" />
+	<classpathentry kind="lib" path="ext/eddsa-0.2.0.jar" sourcepath="ext/src/eddsa-0.2.0.jar" />
+	<classpathentry kind="lib" path="ext/sshd-core-1.6.0.jar" sourcepath="ext/src/sshd-core-1.6.0.jar" />
 	<classpathentry kind="lib" path="ext/mina-core-2.0.21.jar" sourcepath="ext/src/mina-core-2.0.21.jar" />
 	<classpathentry kind="lib" path="ext/rome-0.9.jar" sourcepath="ext/src/rome-0.9.jar" />
 	<classpathentry kind="lib" path="ext/jdom-1.0.jar" sourcepath="ext/src/jdom-1.0.jar" />
diff --git a/build.moxie b/build.moxie
index 07926ab5..8857dca8 100644
--- a/build.moxie
+++ b/build.moxie
@@ -114,7 +114,7 @@ properties: {
   bouncycastle.version : 1.57
   selenium.version : 2.28.0
   wikitext.version : 1.4
-  sshd.version: 1.2.0
+  sshd.version: 1.6.0
   mina.version: 2.0.21
   guice.version : 4.0
   # Gitblit maintains a fork of guice-servlet
@@ -163,6 +163,7 @@ dependencies:
 - compile 'org.bouncycastle:bcprov-jdk15on:${bouncycastle.version}' :war
 - compile 'org.bouncycastle:bcmail-jdk15on:${bouncycastle.version}' :war
 - compile 'org.bouncycastle:bcpkix-jdk15on:${bouncycastle.version}' :war
+- compile 'net.i2p.crypto:eddsa:0.2.0' :war !org.easymock
 - compile 'org.apache.sshd:sshd-core:${sshd.version}' :war !org.easymock
 - compile 'org.apache.mina:mina-core:${mina.version}' :war !org.easymock
 - compile 'rome:rome:0.9' :war :manager :api
diff --git a/gitblit.iml b/gitblit.iml
index 48f3819b..5d54b431 100644
--- a/gitblit.iml
+++ b/gitblit.iml
@@ -541,13 +541,24 @@
       </library>
     </orderEntry>
     <orderEntry type="module-library">
-      <library name="sshd-core-1.2.0.jar">
+      <library name="eddsa-0.2.0.jar">
         <CLASSES>
-          <root url="jar://$MODULE_DIR$/ext/sshd-core-1.2.0.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/eddsa-0.2.0.jar!/" />
         </CLASSES>
         <JAVADOC />
         <SOURCES>
-          <root url="jar://$MODULE_DIR$/ext/src/sshd-core-1.2.0.jar!/" />
+          <root url="jar://$MODULE_DIR$/ext/src/eddsa-0.2.0.jar!/" />
+        </SOURCES>
+      </library>
+    </orderEntry>
+    <orderEntry type="module-library">
+      <library name="sshd-core-1.6.0.jar">
+        <CLASSES>
+          <root url="jar://$MODULE_DIR$/ext/sshd-core-1.6.0.jar!/" />
+        </CLASSES>
+        <JAVADOC />
+        <SOURCES>
+          <root url="jar://$MODULE_DIR$/ext/src/sshd-core-1.6.0.jar!/" />
         </SOURCES>
       </library>
     </orderEntry>
diff --git a/src/main/java/com/gitblit/transport/ssh/FileKeyPairProvider.java b/src/main/java/com/gitblit/transport/ssh/FileKeyPairProvider.java
index db0741e0..cc91bb8c 100644
--- a/src/main/java/com/gitblit/transport/ssh/FileKeyPairProvider.java
+++ b/src/main/java/com/gitblit/transport/ssh/FileKeyPairProvider.java
@@ -26,7 +26,7 @@ import java.util.Iterator;
 import java.util.NoSuchElementException;
 
 import org.apache.sshd.common.keyprovider.AbstractKeyPairProvider;
-import org.apache.sshd.common.util.SecurityUtils;
+import org.apache.sshd.common.util.security.SecurityUtils;
 import org.bouncycastle.openssl.PEMDecryptorProvider;
 import org.bouncycastle.openssl.PEMEncryptedKeyPair;
 import org.bouncycastle.openssl.PEMKeyPair;
diff --git a/src/main/java/com/gitblit/transport/ssh/NonForwardingFilter.java b/src/main/java/com/gitblit/transport/ssh/NonForwardingFilter.java
index f2176cb0..3164ad79 100644
--- a/src/main/java/com/gitblit/transport/ssh/NonForwardingFilter.java
+++ b/src/main/java/com/gitblit/transport/ssh/NonForwardingFilter.java
@@ -21,23 +21,23 @@ import org.apache.sshd.server.forward.ForwardingFilter;
 
 public class NonForwardingFilter implements ForwardingFilter {
 
-	@Override
-	public boolean canConnect(Type type, SshdSocketAddress address, Session session) {
-		return false;
-	}
+    @Override
+    public boolean canConnect(Type type, SshdSocketAddress address, Session session) {
+        return false;
+    }
 
-	@Override
-	public boolean canForwardAgent(Session session) {
-		return false;
-	}
+    @Override
+    public boolean canForwardAgent(Session session, String requestType) {
+        return false;
+    }
 
-	@Override
-	public boolean canForwardX11(Session session) {
-		return false;
-	}
+    @Override
+    public boolean canForwardX11(Session session, String requestType) {
+        return false;
+    }
 
-	@Override
-	public boolean canListen(SshdSocketAddress address, Session session) {
-		return false;
-	}
+    @Override
+    public boolean canListen(SshdSocketAddress address, Session session) {
+        return false;
+    }
 }
diff --git a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java
index 63fa51dd..405c794e 100644
--- a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java
+++ b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java
@@ -29,7 +29,9 @@ import java.util.concurrent.atomic.AtomicBoolean;
 import org.apache.sshd.common.io.IoServiceFactoryFactory;
 import org.apache.sshd.common.io.mina.MinaServiceFactoryFactory;
 import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory;
-import org.apache.sshd.common.util.SecurityUtils;
+import org.apache.sshd.common.util.security.SecurityUtils;
+import org.apache.sshd.common.util.security.bouncycastle.BouncyCastleSecurityProviderRegistrar;
+import org.apache.sshd.common.util.security.eddsa.EdDSASecurityProviderRegistrar;
 import org.apache.sshd.server.SshServer;
 import org.apache.sshd.server.auth.pubkey.CachingPublicKeyAuthenticator;
 import org.bouncycastle.openssl.PEMWriter;
@@ -92,9 +94,11 @@ public class SshDaemon {
 		IStoredSettings settings = gitblit.getSettings();
 
 		// Ensure that Bouncy Castle is our JCE provider
-		SecurityUtils.setRegisterBouncyCastle(true);
+		SecurityUtils.registerSecurityProvider(new BouncyCastleSecurityProviderRegistrar());
+		// Add support for ED25519_SHA512
+		SecurityUtils.registerSecurityProvider(new EdDSASecurityProviderRegistrar());
 		if (SecurityUtils.isBouncyCastleRegistered()) {
-			log.debug("BouncyCastle is registered as a JCE provider");
+			log.info("BouncyCastle is registered as a JCE provider");
 		}
 
 		// Generate host RSA and DSA keypairs and create the host keypair provider
diff --git a/src/main/java/com/gitblit/transport/ssh/WelcomeShell.java b/src/main/java/com/gitblit/transport/ssh/WelcomeShell.java
index 7c407d36..7ea0f248 100644
--- a/src/main/java/com/gitblit/transport/ssh/WelcomeShell.java
+++ b/src/main/java/com/gitblit/transport/ssh/WelcomeShell.java
@@ -57,6 +57,11 @@ public class WelcomeShell implements Factory<Command> {
 		return new SendMessage(gitblit);
 	}
 
+	@Override
+	public Command get() {
+		return create();
+	}
+
 	private static class SendMessage implements Command, SessionAware {
 
 		private final IPublicKeyManager km;
diff --git a/src/test/java/com/gitblit/tests/LdapPublicKeyManagerTest.java b/src/test/java/com/gitblit/tests/LdapPublicKeyManagerTest.java
index c426254f..1ec6671a 100644
--- a/src/test/java/com/gitblit/tests/LdapPublicKeyManagerTest.java
+++ b/src/test/java/com/gitblit/tests/LdapPublicKeyManagerTest.java
@@ -28,7 +28,7 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
-import org.apache.sshd.common.util.SecurityUtils;
+import org.apache.sshd.common.util.security.SecurityUtils;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.junit.runner.RunWith;
author	ricardop <ricardo.pardini@me.com.br>	2018-01-03 16:09:27 +0100
committer	Florian Zschocke <f.zschocke+git@gmail.com>	2022-10-08 21:14:19 +0200
commit	0f3fdd8d4d8884a821069b65e08cfe197bf45bd2 (patch)
tree	5dce3f2f8b36a32c2bfa92ef297c794ddda889b2
parent	541472fe1d74130d8f0105331a1d16c07c676027 (diff)
download	gitblit-0f3fdd8d4d8884a821069b65e08cfe197bf45bd2.tar.gz gitblit-0f3fdd8d4d8884a821069b65e08cfe197bf45bd2.zip