From 366a14f278095bb28956298bd8c3c64b247700cb Mon Sep 17 00:00:00 2001 From: Florian Zschocke Date: Mon, 24 Oct 2022 21:10:13 +0200 Subject: Add SSH host keys with ECDSA and Ed25519 Create new host keys, one with ECDSA and one with Ed25519 algorithms. For the Ed25519 currently the EdDSA library from i2p is used. This requires some quirks, compared to a modern BouncyCastle. But the SSHD library used cannot use BouncyCastle yet for Ed25519. No DSA key is generated anymore, but we still support existing ones. --- .../transport/ssh/FileKeyPairProviderTest.java | 134 +++++++++++++++++++++ 1 file changed, 134 insertions(+) create mode 100644 src/test/java/com/gitblit/transport/ssh/FileKeyPairProviderTest.java (limited to 'src/test/java') diff --git a/src/test/java/com/gitblit/transport/ssh/FileKeyPairProviderTest.java b/src/test/java/com/gitblit/transport/ssh/FileKeyPairProviderTest.java new file mode 100644 index 00000000..d36adc7f --- /dev/null +++ b/src/test/java/com/gitblit/transport/ssh/FileKeyPairProviderTest.java @@ -0,0 +1,134 @@ +package com.gitblit.transport.ssh; + +import org.junit.Rule; +import org.junit.Test; +import org.junit.rules.TemporaryFolder; + +import java.io.File; +import java.io.IOException; +import java.security.KeyPair; +import java.util.Iterator; + +import static org.junit.Assert.*; + +public class FileKeyPairProviderTest +{ + @Rule + public TemporaryFolder testFolder = new TemporaryFolder(); + + private void generateKeyPair(File file, String algorithm, int keySize) { + if (file.exists()) { + file.delete(); + } + SshDaemon.generateKeyPair(file, algorithm, keySize); + } + + @Test + public void loadKeysEddsa() throws IOException + { + File file = testFolder.newFile("eddsa.pem"); + generateKeyPair(file, "EdDSA", 0); + + FileKeyPairProvider hostKeyPairProvider = new FileKeyPairProvider(); + hostKeyPairProvider.setFiles(new String [] { file.getPath() }); + + Iterable keyPairs = hostKeyPairProvider.loadKeys(); + Iterator iterator = keyPairs.iterator(); + assertTrue(iterator.hasNext()); + KeyPair keyPair = iterator.next(); + assertNotNull(keyPair); + assertEquals("Unexpected key pair type", "EdDSA", keyPair.getPrivate().getAlgorithm()); + } + + @Test + public void loadKeysEd25519() throws IOException + { + File file = testFolder.newFile("ed25519.pem"); + generateKeyPair(file, "ED25519", 0); + + FileKeyPairProvider hostKeyPairProvider = new FileKeyPairProvider(); + hostKeyPairProvider.setFiles(new String [] { file.getPath() }); + + Iterable keyPairs = hostKeyPairProvider.loadKeys(); + Iterator iterator = keyPairs.iterator(); + assertTrue(iterator.hasNext()); + KeyPair keyPair = iterator.next(); + assertNotNull(keyPair); + assertEquals("Unexpected key pair type", "Ed25519", keyPair.getPrivate().getAlgorithm()); + } + + @Test + public void loadKeysECDSA() throws IOException + { + File file = testFolder.newFile("ecdsa.pem"); + generateKeyPair(file, "ECDSA", 0); + + FileKeyPairProvider hostKeyPairProvider = new FileKeyPairProvider(); + hostKeyPairProvider.setFiles(new String [] { file.getPath() }); + + Iterable keyPairs = hostKeyPairProvider.loadKeys(); + Iterator iterator = keyPairs.iterator(); + assertTrue(iterator.hasNext()); + KeyPair keyPair = iterator.next(); + assertNotNull(keyPair); + assertEquals("Unexpected key pair type", "ECDSA", keyPair.getPrivate().getAlgorithm()); + } + + @Test + public void loadKeysRSA() throws IOException + { + File file = testFolder.newFile("rsa.pem"); + generateKeyPair(file, "RSA", 4096); + + FileKeyPairProvider hostKeyPairProvider = new FileKeyPairProvider(); + hostKeyPairProvider.setFiles(new String [] { file.getPath() }); + + Iterable keyPairs = hostKeyPairProvider.loadKeys(); + Iterator iterator = keyPairs.iterator(); + assertTrue(iterator.hasNext()); + KeyPair keyPair = iterator.next(); + assertNotNull(keyPair); + assertEquals("Unexpected key pair type", "RSA", keyPair.getPrivate().getAlgorithm()); + } + + @Test + public void loadKeysDefault() throws IOException + { + File rsa = testFolder.newFile("rsa.pem"); + generateKeyPair(rsa, "RSA", 2048); + File ecdsa = testFolder.newFile("ecdsa.pem"); + generateKeyPair(ecdsa, "ECDSA", 0); + File eddsa = testFolder.newFile("eddsa.pem"); + generateKeyPair(eddsa, "EdDSA", 0); + File ed25519 = testFolder.newFile("ed25519.pem"); + generateKeyPair(ed25519, "ED25519", 0); + + FileKeyPairProvider hostKeyPairProvider = new FileKeyPairProvider(); + hostKeyPairProvider.setFiles(new String [] { ecdsa.getPath(), eddsa.getPath(), rsa.getPath(), ed25519.getPath() }); + + Iterable keyPairs = hostKeyPairProvider.loadKeys(); + Iterator iterator = keyPairs.iterator(); + + assertTrue(iterator.hasNext()); + KeyPair keyPair = iterator.next(); + assertNotNull(keyPair); + assertEquals("Unexpected key pair type", "ECDSA", keyPair.getPrivate().getAlgorithm()); + + assertTrue(iterator.hasNext()); + keyPair = iterator.next(); + assertNotNull(keyPair); + assertEquals("Unexpected key pair type", "EdDSA", keyPair.getPrivate().getAlgorithm()); + + assertTrue(iterator.hasNext()); + keyPair = iterator.next(); + assertNotNull(keyPair); + assertEquals("Unexpected key pair type", "RSA", keyPair.getPrivate().getAlgorithm()); + + assertTrue(iterator.hasNext()); + keyPair = iterator.next(); + assertNotNull(keyPair); + assertEquals("Unexpected key pair type", "Ed25519", keyPair.getPrivate().getAlgorithm()); + + assertFalse(iterator.hasNext()); + } +} -- cgit v1.2.3