From 0f3fdd8d4d8884a821069b65e08cfe197bf45bd2 Mon Sep 17 00:00:00 2001 From: ricardop Date: Wed, 3 Jan 2018 16:09:27 +0100 Subject: upgrade to sshd 1.6.0, add eddsa dependency, upgrade jgit to 4.1.2 (cherry picked from commit d8fbdda2ab3fa48e92bdf37399d4b75c48409c5c@rpardini:master) # Conflicts: # .classpath # build.moxie # src/test/java/com/gitblit/tests/SshUnitTest.java --- .../gitblit/transport/ssh/FileKeyPairProvider.java | 2 +- .../gitblit/transport/ssh/NonForwardingFilter.java | 32 +++++++++++----------- .../java/com/gitblit/transport/ssh/SshDaemon.java | 10 +++++-- .../com/gitblit/transport/ssh/WelcomeShell.java | 5 ++++ .../gitblit/tests/LdapPublicKeyManagerTest.java | 2 +- 5 files changed, 30 insertions(+), 21 deletions(-) (limited to 'src') diff --git a/src/main/java/com/gitblit/transport/ssh/FileKeyPairProvider.java b/src/main/java/com/gitblit/transport/ssh/FileKeyPairProvider.java index db0741e0..cc91bb8c 100644 --- a/src/main/java/com/gitblit/transport/ssh/FileKeyPairProvider.java +++ b/src/main/java/com/gitblit/transport/ssh/FileKeyPairProvider.java @@ -26,7 +26,7 @@ import java.util.Iterator; import java.util.NoSuchElementException; import org.apache.sshd.common.keyprovider.AbstractKeyPairProvider; -import org.apache.sshd.common.util.SecurityUtils; +import org.apache.sshd.common.util.security.SecurityUtils; import org.bouncycastle.openssl.PEMDecryptorProvider; import org.bouncycastle.openssl.PEMEncryptedKeyPair; import org.bouncycastle.openssl.PEMKeyPair; diff --git a/src/main/java/com/gitblit/transport/ssh/NonForwardingFilter.java b/src/main/java/com/gitblit/transport/ssh/NonForwardingFilter.java index f2176cb0..3164ad79 100644 --- a/src/main/java/com/gitblit/transport/ssh/NonForwardingFilter.java +++ b/src/main/java/com/gitblit/transport/ssh/NonForwardingFilter.java @@ -21,23 +21,23 @@ import org.apache.sshd.server.forward.ForwardingFilter; public class NonForwardingFilter implements ForwardingFilter { - @Override - public boolean canConnect(Type type, SshdSocketAddress address, Session session) { - return false; - } + @Override + public boolean canConnect(Type type, SshdSocketAddress address, Session session) { + return false; + } - @Override - public boolean canForwardAgent(Session session) { - return false; - } + @Override + public boolean canForwardAgent(Session session, String requestType) { + return false; + } - @Override - public boolean canForwardX11(Session session) { - return false; - } + @Override + public boolean canForwardX11(Session session, String requestType) { + return false; + } - @Override - public boolean canListen(SshdSocketAddress address, Session session) { - return false; - } + @Override + public boolean canListen(SshdSocketAddress address, Session session) { + return false; + } } diff --git a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java index 63fa51dd..405c794e 100644 --- a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java +++ b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java @@ -29,7 +29,9 @@ import java.util.concurrent.atomic.AtomicBoolean; import org.apache.sshd.common.io.IoServiceFactoryFactory; import org.apache.sshd.common.io.mina.MinaServiceFactoryFactory; import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory; -import org.apache.sshd.common.util.SecurityUtils; +import org.apache.sshd.common.util.security.SecurityUtils; +import org.apache.sshd.common.util.security.bouncycastle.BouncyCastleSecurityProviderRegistrar; +import org.apache.sshd.common.util.security.eddsa.EdDSASecurityProviderRegistrar; import org.apache.sshd.server.SshServer; import org.apache.sshd.server.auth.pubkey.CachingPublicKeyAuthenticator; import org.bouncycastle.openssl.PEMWriter; @@ -92,9 +94,11 @@ public class SshDaemon { IStoredSettings settings = gitblit.getSettings(); // Ensure that Bouncy Castle is our JCE provider - SecurityUtils.setRegisterBouncyCastle(true); + SecurityUtils.registerSecurityProvider(new BouncyCastleSecurityProviderRegistrar()); + // Add support for ED25519_SHA512 + SecurityUtils.registerSecurityProvider(new EdDSASecurityProviderRegistrar()); if (SecurityUtils.isBouncyCastleRegistered()) { - log.debug("BouncyCastle is registered as a JCE provider"); + log.info("BouncyCastle is registered as a JCE provider"); } // Generate host RSA and DSA keypairs and create the host keypair provider diff --git a/src/main/java/com/gitblit/transport/ssh/WelcomeShell.java b/src/main/java/com/gitblit/transport/ssh/WelcomeShell.java index 7c407d36..7ea0f248 100644 --- a/src/main/java/com/gitblit/transport/ssh/WelcomeShell.java +++ b/src/main/java/com/gitblit/transport/ssh/WelcomeShell.java @@ -57,6 +57,11 @@ public class WelcomeShell implements Factory { return new SendMessage(gitblit); } + @Override + public Command get() { + return create(); + } + private static class SendMessage implements Command, SessionAware { private final IPublicKeyManager km; diff --git a/src/test/java/com/gitblit/tests/LdapPublicKeyManagerTest.java b/src/test/java/com/gitblit/tests/LdapPublicKeyManagerTest.java index c426254f..1ec6671a 100644 --- a/src/test/java/com/gitblit/tests/LdapPublicKeyManagerTest.java +++ b/src/test/java/com/gitblit/tests/LdapPublicKeyManagerTest.java @@ -28,7 +28,7 @@ import java.util.HashMap; import java.util.List; import java.util.Map; -import org.apache.sshd.common.util.SecurityUtils; +import org.apache.sshd.common.util.security.SecurityUtils; import org.junit.BeforeClass; import org.junit.Test; import org.junit.runner.RunWith; -- cgit v1.2.3