[ssh signing] AllowedSigners: fix validity check

Not all SSH key types start with "ssh-" (for instance ECDSA keys). Don't test for this; instead test that the string we want to use as base64-encoded key starts with "AAAA". Change-Id: Ia0e24d63c69c98813ac7419f4a688f3d15139a10
author: Thomas Wolf <twolf@apache.org> 2024-12-25 17:24:48 +0100
committer: Thomas Wolf <twolf@apache.org> 2025-01-28 21:53:22 +0100
commit: 517a7b210fba00661bf42e3d4bc473cc1428c93b (patch)
tree: 2a17233bbfc323a9db2e421c557a675d7cade54e
parent: bd9bb1920d6b02bca3927a151c0a2f715587183e (diff)
download: jgit-517a7b210fba00661bf42e3d4bc473cc1428c93b.tar.gz
jgit-517a7b210fba00661bf42e3d4bc473cc1428c93b.zip
2 files changed, 14 insertions, 5 deletions
diff --git a/org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/internal/signing/ssh/AllowedSignersParseTest.java b/org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/internal/signing/ssh/AllowedSignersParseTest.java
index 90fde3fb28..84d8179a3d 100644
--- a/org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/internal/signing/ssh/AllowedSignersParseTest.java
+++ b/org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/internal/signing/ssh/AllowedSignersParseTest.java
@@ -168,6 +168,14 @@ public class AllowedSignersParseTest {
 				"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGATOZ8PcOKdY978fzIstnZ0+FuefIWKp7wRZynQLdzO"),
 				AllowedSigners.parseLine(
 						"*@a.com,*@b.a.com cert-authority namespaces=\"git\" valid-after=\"20240901\" valid-before=\"202409011200Z\" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGATOZ8PcOKdY978fzIstnZ0+FuefIWKp7wRZynQLdzO"));
+		assertEquals(new AllowedSigners.AllowedEntry(
+				new String[] { "foo@a.com" },
+				false, new String[] { "git" },
+				Instant.parse("2024-09-01T03:30:00.00Z"),
+				Instant.parse("2024-09-01T12:00:00.00Z"),
+				"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGxkz2AUld8eitmyIYlVV+Sot4jT3CigyBmvFRff0q4cSsKLx4x2TxGQeKKVueJEawtsUC2GNRV9FxXsTCUGcZU="),
+				AllowedSigners.parseLine(
+						"foo@a.com namespaces=\"git\" valid-after=\"20240901\" valid-before=\"202409011200Z\" ecdsa-sha2-nistp256   AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGxkz2AUld8eitmyIYlVV+Sot4jT3CigyBmvFRff0q4cSsKLx4x2TxGQeKKVueJEawtsUC2GNRV9FxXsTCUGcZU="));
 	}
 
 	@Test
@@ -183,6 +191,8 @@ public class AllowedSignersParseTest {
 		assertThrows(Exception.class, () -> AllowedSigners.parseLine(
 				"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGATOZ8PcOKdY978fzIstnZ0+FuefIWKp7wRZynQLdzO"));
 		assertThrows(Exception.class, () -> AllowedSigners.parseLine(
+				"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGATOZ8PcOKdY978fzIstnZ0+FuefIWKp7wRZynQLdzO foo@bar.com"));
+		assertThrows(Exception.class, () -> AllowedSigners.parseLine(
 				"AAAAC3NzaC1lZDI1NTE5AAAAIGATOZ8PcOKdY978fzIstnZ0+FuefIWKp7wRZynQLdzO"));
 		assertThrows(Exception.class, () -> AllowedSigners.parseLine(
 				"a@a.com namespaces=\"\" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGATOZ8PcOKdY978fzIstnZ0+FuefIWKp7wRZynQLdzO"));
diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/signing/ssh/AllowedSigners.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/signing/ssh/AllowedSigners.java
index e31ed64ed9..80b171f216 100644
--- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/signing/ssh/AllowedSigners.java
+++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/signing/ssh/AllowedSigners.java
@@ -63,8 +63,6 @@ final class AllowedSigners extends ModifiableFileWatcher {
 
 	private static final String VALID_BEFORE = "valid-before="; //$NON-NLS-1$
 
-	private static final String SSH_KEY_PREFIX = "ssh-"; //$NON-NLS-1$
-
 	private static final DateTimeFormatter SSH_DATE_FORMAT = new DateTimeFormatterBuilder()
 			.appendValue(ChronoField.YEAR, 4)
 			.appendValue(ChronoField.MONTH_OF_YEAR, 2)
@@ -322,8 +320,7 @@ final class AllowedSigners extends ModifiableFileWatcher {
 				&& Character.isWhitespace(line.charAt(CERT_AUTHORITY.length())))
 				|| matches(line, NAMESPACES, 0)
 				|| matches(line, VALID_AFTER, 0)
-				|| matches(line, VALID_BEFORE, 0)
-				|| matches(line, SSH_KEY_PREFIX, 0)) {
+				|| matches(line, VALID_BEFORE, 0)) {
 			throw new StreamCorruptedException(
 					SshdText.get().signAllowedSignersNoIdentities);
 		}
@@ -448,7 +445,9 @@ final class AllowedSigners extends ModifiableFileWatcher {
 					s.substring(start)));
 		}
 		String keyType = s.substring(start, endOfKeyType);
-		if (!keyType.startsWith(SSH_KEY_PREFIX)) {
+		String key = s.substring(startOfKey, i);
+		if (!key.startsWith("AAAA")) { //$NON-NLS-1$
+			// base64 encoded SSH keys always start with four 'A's.
 			throw new StreamCorruptedException(MessageFormat.format(
 					SshdText.get().signAllowedSignersPublicKeyParsing,
 					s.substring(start)));
author	Thomas Wolf <twolf@apache.org>	2024-12-25 17:24:48 +0100
committer	Thomas Wolf <twolf@apache.org>	2025-01-28 21:53:22 +0100
commit	517a7b210fba00661bf42e3d4bc473cc1428c93b (patch)
tree	2a17233bbfc323a9db2e421c557a675d7cade54e
parent	bd9bb1920d6b02bca3927a151c0a2f715587183e (diff)
download	jgit-517a7b210fba00661bf42e3d4bc473cc1428c93b.tar.gz jgit-517a7b210fba00661bf42e3d4bc473cc1428c93b.zip