From 0f3fdd8d4d8884a821069b65e08cfe197bf45bd2 Mon Sep 17 00:00:00 2001 From: ricardop Date: Wed, 3 Jan 2018 16:09:27 +0100 Subject: upgrade to sshd 1.6.0, add eddsa dependency, upgrade jgit to 4.1.2 (cherry picked from commit d8fbdda2ab3fa48e92bdf37399d4b75c48409c5c@rpardini:master) # Conflicts: # .classpath # build.moxie # src/test/java/com/gitblit/tests/SshUnitTest.java --- .../gitblit/transport/ssh/FileKeyPairProvider.java | 2 +- .../gitblit/transport/ssh/NonForwardingFilter.java | 32 +++++++++++----------- .../java/com/gitblit/transport/ssh/SshDaemon.java | 10 +++++-- .../com/gitblit/transport/ssh/WelcomeShell.java | 5 ++++ .../gitblit/tests/LdapPublicKeyManagerTest.java | 2 +- 5 files changed, 30 insertions(+), 21 deletions(-) (limited to 'src') diff --git a/src/main/java/com/gitblit/transport/ssh/FileKeyPairProvider.java b/src/main/java/com/gitblit/transport/ssh/FileKeyPairProvider.java index db0741e0..cc91bb8c 100644 --- a/src/main/java/com/gitblit/transport/ssh/FileKeyPairProvider.java +++ b/src/main/java/com/gitblit/transport/ssh/FileKeyPairProvider.java @@ -26,7 +26,7 @@ import java.util.Iterator; import java.util.NoSuchElementException; import org.apache.sshd.common.keyprovider.AbstractKeyPairProvider; -import org.apache.sshd.common.util.SecurityUtils; +import org.apache.sshd.common.util.security.SecurityUtils; import org.bouncycastle.openssl.PEMDecryptorProvider; import org.bouncycastle.openssl.PEMEncryptedKeyPair; import org.bouncycastle.openssl.PEMKeyPair; diff --git a/src/main/java/com/gitblit/transport/ssh/NonForwardingFilter.java b/src/main/java/com/gitblit/transport/ssh/NonForwardingFilter.java index f2176cb0..3164ad79 100644 --- a/src/main/java/com/gitblit/transport/ssh/NonForwardingFilter.java +++ b/src/main/java/com/gitblit/transport/ssh/NonForwardingFilter.java @@ -21,23 +21,23 @@ import org.apache.sshd.server.forward.ForwardingFilter; public class NonForwardingFilter implements ForwardingFilter { - @Override - public boolean canConnect(Type type, SshdSocketAddress address, Session session) { - return false; - } + @Override + public boolean canConnect(Type type, SshdSocketAddress address, Session session) { + return false; + } - @Override - public boolean canForwardAgent(Session session) { - return false; - } + @Override + public boolean canForwardAgent(Session session, String requestType) { + return false; + } - @Override - public boolean canForwardX11(Session session) { - return false; - } + @Override + public boolean canForwardX11(Session session, String requestType) { + return false; + } - @Override - public boolean canListen(SshdSocketAddress address, Session session) { - return false; - } + @Override + public boolean canListen(SshdSocketAddress address, Session session) { + return false; + } } diff --git a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java index 63fa51dd..405c794e 100644 --- a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java +++ b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java @@ -29,7 +29,9 @@ import java.util.concurrent.atomic.AtomicBoolean; import org.apache.sshd.common.io.IoServiceFactoryFactory; import org.apache.sshd.common.io.mina.MinaServiceFactoryFactory; import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory; -import org.apache.sshd.common.util.SecurityUtils; +import org.apache.sshd.common.util.security.SecurityUtils; +import org.apache.sshd.common.util.security.bouncycastle.BouncyCastleSecurityProviderRegistrar; +import org.apache.sshd.common.util.security.eddsa.EdDSASecurityProviderRegistrar; import org.apache.sshd.server.SshServer; import org.apache.sshd.server.auth.pubkey.CachingPublicKeyAuthenticator; import org.bouncycastle.openssl.PEMWriter; @@ -92,9 +94,11 @@ public class SshDaemon { IStoredSettings settings = gitblit.getSettings(); // Ensure that Bouncy Castle is our JCE provider - SecurityUtils.setRegisterBouncyCastle(true); + SecurityUtils.registerSecurityProvider(new BouncyCastleSecurityProviderRegistrar()); + // Add support for ED25519_SHA512 + SecurityUtils.registerSecurityProvider(new EdDSASecurityProviderRegistrar()); if (SecurityUtils.isBouncyCastleRegistered()) { - log.debug("BouncyCastle is registered as a JCE provider"); + log.info("BouncyCastle is registered as a JCE provider"); } // Generate host RSA and DSA keypairs and create the host keypair provider diff --git a/src/main/java/com/gitblit/transport/ssh/WelcomeShell.java b/src/main/java/com/gitblit/transport/ssh/WelcomeShell.java index 7c407d36..7ea0f248 100644 --- a/src/main/java/com/gitblit/transport/ssh/WelcomeShell.java +++ b/src/main/java/com/gitblit/transport/ssh/WelcomeShell.java @@ -57,6 +57,11 @@ public class WelcomeShell implements Factory { return new SendMessage(gitblit); } + @Override + public Command get() { + return create(); + } + private static class SendMessage implements Command, SessionAware { private final IPublicKeyManager km; diff --git a/src/test/java/com/gitblit/tests/LdapPublicKeyManagerTest.java b/src/test/java/com/gitblit/tests/LdapPublicKeyManagerTest.java index c426254f..1ec6671a 100644 --- a/src/test/java/com/gitblit/tests/LdapPublicKeyManagerTest.java +++ b/src/test/java/com/gitblit/tests/LdapPublicKeyManagerTest.java @@ -28,7 +28,7 @@ import java.util.HashMap; import java.util.List; import java.util.Map; -import org.apache.sshd.common.util.SecurityUtils; +import org.apache.sshd.common.util.security.SecurityUtils; import org.junit.BeforeClass; import org.junit.Test; import org.junit.runner.RunWith; -- cgit v1.2.3 From 57365bf17dfc2ed222a5bf347dd83a9c228cae1a Mon Sep 17 00:00:00 2001 From: Florian Zschocke Date: Sat, 8 Oct 2022 22:22:54 +0200 Subject: Update dependency MINA SSHD to version 1.7.0 --- .classpath | 2 +- build.moxie | 2 +- gitblit.iml | 6 +++--- src/main/java/com/gitblit/transport/ssh/SshDaemon.java | 9 ++++++--- src/test/java/com/gitblit/tests/SshUnitTest.java | 2 +- 5 files changed, 12 insertions(+), 9 deletions(-) (limited to 'src') diff --git a/.classpath b/.classpath index e1929122..7c32205b 100644 --- a/.classpath +++ b/.classpath @@ -55,7 +55,7 @@ - + diff --git a/build.moxie b/build.moxie index 8857dca8..026ab5bb 100644 --- a/build.moxie +++ b/build.moxie @@ -114,7 +114,7 @@ properties: { bouncycastle.version : 1.57 selenium.version : 2.28.0 wikitext.version : 1.4 - sshd.version: 1.6.0 + sshd.version: 1.7.0 mina.version: 2.0.21 guice.version : 4.0 # Gitblit maintains a fork of guice-servlet diff --git a/gitblit.iml b/gitblit.iml index 5d54b431..694cd94f 100644 --- a/gitblit.iml +++ b/gitblit.iml @@ -552,13 +552,13 @@ - + - + - + diff --git a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java index 405c794e..8bb880b0 100644 --- a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java +++ b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java @@ -95,11 +95,14 @@ public class SshDaemon { // Ensure that Bouncy Castle is our JCE provider SecurityUtils.registerSecurityProvider(new BouncyCastleSecurityProviderRegistrar()); - // Add support for ED25519_SHA512 - SecurityUtils.registerSecurityProvider(new EdDSASecurityProviderRegistrar()); if (SecurityUtils.isBouncyCastleRegistered()) { log.info("BouncyCastle is registered as a JCE provider"); } + // Add support for ED25519_SHA512 + SecurityUtils.registerSecurityProvider(new EdDSASecurityProviderRegistrar()); + if (SecurityUtils.isProviderRegistered("EdDSA")) { + log.info("EdDSA is registered as a JCE provider"); + } // Generate host RSA and DSA keypairs and create the host keypair provider File rsaKeyStore = new File(gitblit.getBaseFolder(), "ssh-rsa-hostkey.pem"); @@ -164,7 +167,7 @@ public class SshDaemon { sshd.setSessionFactory(new SshServerSessionFactory(sshd)); sshd.setFileSystemFactory(new DisabledFilesystemFactory()); - sshd.setTcpipForwardingFilter(new NonForwardingFilter()); + sshd.setForwardingFilter(new NonForwardingFilter()); sshd.setCommandFactory(new SshCommandFactory(gitblit, workQueue)); sshd.setShellFactory(new WelcomeShell(gitblit)); diff --git a/src/test/java/com/gitblit/tests/SshUnitTest.java b/src/test/java/com/gitblit/tests/SshUnitTest.java index 2f65fe99..acb0269c 100644 --- a/src/test/java/com/gitblit/tests/SshUnitTest.java +++ b/src/test/java/com/gitblit/tests/SshUnitTest.java @@ -36,7 +36,7 @@ import org.apache.sshd.client.future.AuthFuture; import org.apache.sshd.client.keyverifier.ServerKeyVerifier; import org.apache.sshd.client.session.ClientSession; import org.apache.sshd.common.config.keys.FilePasswordProvider; -import org.apache.sshd.common.util.SecurityUtils; +import org.apache.sshd.common.util.security.SecurityUtils; import org.eclipse.jgit.lib.Config; import org.eclipse.jgit.storage.file.FileBasedConfig; import org.eclipse.jgit.util.FS; -- cgit v1.2.3