summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas Wolf <thomas.wolf@paranor.ch>2018-12-17 13:02:19 +0100
committerThomas Wolf <thomas.wolf@paranor.ch>2019-01-05 17:59:32 +0100
commit5663b67575bbde942b59ceca23d40212dc82e6a3 (patch)
treec47f73f1719324b1d4ac47b942dc3a7986d6711c
parentb952d9e65a30c7ebbdf4911e0086ee724a9d460d (diff)
downloadjgit-5663b67575bbde942b59ceca23d40212dc82e6a3.tar.gz
jgit-5663b67575bbde942b59ceca23d40212dc82e6a3.zip
Apache MINA sshd client: less aggressive key file name caching
Don't use the ~/.ssh directory as cache key for the key provider but the configured paths of the default keys. Otherwise changes in that list of paths are not picked up. This is in particular a problem for EGit, where the user can modify this list of keys interactively in the preferences. Without this change, Eclipse needs to be restarted to pick up such changes. Bug: 542845 Change-Id: I63432fb10729a90b3c5e14f13e39bf482aef811b Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
-rw-r--r--org.eclipse.jgit.ssh.apache/resources/org/eclipse/jgit/internal/transport/sshd/SshdText.properties1
-rw-r--r--org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/CachingKeyPairProvider.java5
-rw-r--r--org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/SshdText.java1
-rw-r--r--org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSessionFactory.java12
4 files changed, 14 insertions, 5 deletions
diff --git a/org.eclipse.jgit.ssh.apache/resources/org/eclipse/jgit/internal/transport/sshd/SshdText.properties b/org.eclipse.jgit.ssh.apache/resources/org/eclipse/jgit/internal/transport/sshd/SshdText.properties
index aa4e4ccec3..bdb4a7d0d1 100644
--- a/org.eclipse.jgit.ssh.apache/resources/org/eclipse/jgit/internal/transport/sshd/SshdText.properties
+++ b/org.eclipse.jgit.ssh.apache/resources/org/eclipse/jgit/internal/transport/sshd/SshdText.properties
@@ -13,6 +13,7 @@ gssapiUnexpectedMessage=Received unexpected ssh message {1} in {0} authenticatio
identityFileCannotDecrypt=Given passphrase cannot decrypt identity {0}
identityFileNoKey=No keys found in identity {0}
identityFileMultipleKeys=Multiple key pairs found in identity {0}
+identityFileNotFound=Skipping identity ''{0}'': file not found
identityFileUnsupportedFormat=Unsupported format in identity {0}
kexServerKeyInvalid=Server key did not validate
keyEncryptedMsg=Key ''{0}'' is encrypted. Enter the passphrase to decrypt it.
diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/CachingKeyPairProvider.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/CachingKeyPairProvider.java
index ad2ff5256c..06a0a5f07f 100644
--- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/CachingKeyPairProvider.java
+++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/CachingKeyPairProvider.java
@@ -45,6 +45,7 @@ package org.eclipse.jgit.internal.transport.sshd;
import static java.text.MessageFormat.format;
import java.io.IOException;
+import java.nio.file.Files;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
@@ -92,6 +93,10 @@ public class CachingKeyPairProvider extends EncryptedFileKeyPairProvider {
@Override
protected KeyPair doLoadKey(Path resource)
throws IOException, GeneralSecurityException {
+ if (!Files.exists(resource)) {
+ log.warn(format(SshdText.get().identityFileNotFound, resource));
+ return null;
+ }
// By calling doLoadKey(String, Path, FilePasswordProvider) instead of
// super.doLoadKey(Path) we can bypass the key caching in
// AbstractResourceKeyPairProvider, over which we have no real control.
diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/SshdText.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/SshdText.java
index 5c79f2d40e..bf432be5a6 100644
--- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/SshdText.java
+++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/SshdText.java
@@ -33,6 +33,7 @@ public final class SshdText extends TranslationBundle {
/***/ public String identityFileCannotDecrypt;
/***/ public String identityFileNoKey;
/***/ public String identityFileMultipleKeys;
+ /***/ public String identityFileNotFound;
/***/ public String identityFileUnsupportedFormat;
/***/ public String kexServerKeyInvalid;
/***/ public String keyEncryptedMsg;
diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSessionFactory.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSessionFactory.java
index 4ec6f22094..275cf5824d 100644
--- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSessionFactory.java
+++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSessionFactory.java
@@ -161,7 +161,7 @@ public class SshdSessionFactory extends SshSessionFactory implements Closeable {
private static final class Tuple {
private Object[] objects;
- public Tuple(Object... objects) {
+ public Tuple(Object[] objects) {
this.objects = objects;
}
@@ -351,7 +351,7 @@ public class SshdSessionFactory extends SshSessionFactory implements Closeable {
private HostConfigEntryResolver getHostConfigEntryResolver(
@NonNull File homeDir, @NonNull File sshDir) {
return defaultHostConfigEntryResolver.computeIfAbsent(
- new Tuple(homeDir, sshDir),
+ new Tuple(new Object[] { homeDir, sshDir }),
t -> new JGitSshConfig(homeDir,
new File(sshDir, SshConstants.CONFIG),
getLocalUserName()));
@@ -375,7 +375,7 @@ public class SshdSessionFactory extends SshSessionFactory implements Closeable {
private ServerKeyVerifier getServerKeyVerifier(@NonNull File homeDir,
@NonNull File sshDir) {
return defaultServerKeyVerifier.computeIfAbsent(
- new Tuple(homeDir, sshDir),
+ new Tuple(new Object[] { homeDir, sshDir }),
t -> new OpenSshServerKeyVerifier(true,
getDefaultKnownHostsFiles(sshDir)));
}
@@ -403,8 +403,10 @@ public class SshdSessionFactory extends SshSessionFactory implements Closeable {
*/
@NonNull
private KeyPairProvider getDefaultKeysProvider(@NonNull File sshDir) {
- return defaultKeys.computeIfAbsent(new Tuple(sshDir),
- t -> new CachingKeyPairProvider(getDefaultIdentities(sshDir),
+ List<Path> defaultIdentities = getDefaultIdentities(sshDir);
+ return defaultKeys.computeIfAbsent(
+ new Tuple(defaultIdentities.toArray(new Path[0])),
+ t -> new CachingKeyPairProvider(defaultIdentities,
getKeyCache()));
}