Switch to Apache MINA sshd 2.10.0

Bump the version numbers in pom.xml and in MANIFESTs, and in the bazel WORKSPACE file. Update the target platforms. Remove work-arounds in org.eclipse.jgit.ssh.apache that are no longer necessary. The release notes for Apache MINA sshd are at [1]. [1] https://github.com/apache/mina-sshd/blob/master/docs/changes/2.10.0.md Bug: 581770 Change-Id: Id27e73e9712b7865353c9b32b5b768f6e998b05e Signed-off-by: Thomas Wolf <twolf@apache.org>
author: Thomas Wolf <twolf@apache.org> 2023-04-03 19:33:24 +0200
committer: Matthias Sohn <matthias.sohn@sap.com> 2023-05-16 12:59:37 +0200
commit: 913e6cf3f6c2a28f162831cd64a6273b751b917a (patch)
tree: 8933ee6e667e8bbf8f14c90b6ab1ee0e597dc1f6 /org.eclipse.jgit.ssh.apache
parent: 43954ea62ade1161ce446818ca7f7e36b1c10042 (diff)
download: jgit-913e6cf3f6c2a28f162831cd64a6273b751b917a.tar.gz
jgit-913e6cf3f6c2a28f162831cd64a6273b751b917a.zip
7 files changed, 80 insertions, 166 deletions
diff --git a/org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF b/org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF
index 83859e2eb6..82c83be921 100644
--- a/org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF
+++ b/org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF
@@ -35,57 +35,57 @@ Export-Package: org.eclipse.jgit.internal.transport.sshd;version="6.6.0";x-inter
    org.apache.sshd.client.keyverifier",
  org.eclipse.jgit.transport.sshd.agent;version="6.6.0"
 Import-Package: net.i2p.crypto.eddsa;version="[0.3.0,0.4.0)",
- org.apache.sshd.agent;version="[2.9.2,2.10.0)",
- org.apache.sshd.client;version="[2.9.2,2.10.0)",
- org.apache.sshd.client.auth;version="[2.9.2,2.10.0)",
- org.apache.sshd.client.auth.keyboard;version="[2.9.2,2.10.0)",
- org.apache.sshd.client.auth.password;version="[2.9.2,2.10.0)",
- org.apache.sshd.client.auth.pubkey;version="[2.9.2,2.10.0)",
- org.apache.sshd.client.channel;version="[2.9.2,2.10.0)",
- org.apache.sshd.client.config.hosts;version="[2.9.2,2.10.0)",
- org.apache.sshd.client.config.keys;version="[2.9.2,2.10.0)",
- org.apache.sshd.client.future;version="[2.9.2,2.10.0)",
- org.apache.sshd.client.keyverifier;version="[2.9.2,2.10.0)",
- org.apache.sshd.client.session;version="[2.9.2,2.10.0)",
- org.apache.sshd.client.session.forward;version="[2.9.2,2.10.0)",
- org.apache.sshd.common;version="[2.9.2,2.10.0)",
- org.apache.sshd.common.auth;version="[2.9.2,2.10.0)",
- org.apache.sshd.common.channel;version="[2.9.2,2.10.0)",
- org.apache.sshd.common.compression;version="[2.9.2,2.10.0)",
- org.apache.sshd.common.config.keys;version="[2.9.2,2.10.0)",
- org.apache.sshd.common.config.keys.loader;version="[2.9.2,2.10.0)",
- org.apache.sshd.common.config.keys.loader.openssh.kdf;version="[2.9.2,2.10.0)",
- org.apache.sshd.common.config.keys.u2f;version="[2.9.2,2.10.0)",
- org.apache.sshd.common.digest;version="[2.9.2,2.10.0)",
- org.apache.sshd.common.forward;version="[2.9.2,2.10.0)",
- org.apache.sshd.common.future;version="[2.9.2,2.10.0)",
- org.apache.sshd.common.helpers;version="[2.9.2,2.10.0)",
- org.apache.sshd.common.io;version="[2.9.2,2.10.0)",
- org.apache.sshd.common.kex;version="[2.9.2,2.10.0)",
- org.apache.sshd.common.kex.extension;version="[2.9.2,2.10.0)",
- org.apache.sshd.common.kex.extension.parser;version="[2.9.2,2.10.0)",
- org.apache.sshd.common.keyprovider;version="[2.9.2,2.10.0)",
- org.apache.sshd.common.mac;version="[2.9.2,2.10.0)",
- org.apache.sshd.common.random;version="[2.9.2,2.10.0)",
- org.apache.sshd.common.session;version="[2.9.2,2.10.0)",
- org.apache.sshd.common.session.helpers;version="[2.9.2,2.10.0)",
- org.apache.sshd.common.signature;version="[2.9.2,2.10.0)",
- org.apache.sshd.common.util;version="[2.9.2,2.10.0)",
- org.apache.sshd.common.util.buffer;version="[2.9.2,2.10.0)",
- org.apache.sshd.common.util.buffer.keys;version="[2.9.2,2.10.0)",
- org.apache.sshd.common.util.closeable;version="[2.9.2,2.10.0)",
- org.apache.sshd.common.util.io;version="[2.9.2,2.10.0)",
- org.apache.sshd.common.util.io.der;version="[2.9.2,2.10.0)",
- org.apache.sshd.common.util.io.functors;version="[2.9.2,2.10.0)",
- org.apache.sshd.common.util.io.resource;version="[2.9.2,2.10.0)",
- org.apache.sshd.common.util.logging;version="[2.9.2,2.10.0)",
- org.apache.sshd.common.util.net;version="[2.9.2,2.10.0)",
- org.apache.sshd.common.util.security;version="[2.9.2,2.10.0)",
- org.apache.sshd.core;version="[2.9.2,2.10.0)",
- org.apache.sshd.server.auth;version="[2.9.2,2.10.0)",
- org.apache.sshd.sftp;version="[2.9.2,2.10.0)",
- org.apache.sshd.sftp.client;version="[2.9.2,2.10.0)",
- org.apache.sshd.sftp.common;version="[2.9.2,2.10.0)",
+ org.apache.sshd.agent;version="[2.10.0,2.11.0)",
+ org.apache.sshd.client;version="[2.10.0,2.11.0)",
+ org.apache.sshd.client.auth;version="[2.10.0,2.11.0)",
+ org.apache.sshd.client.auth.keyboard;version="[2.10.0,2.11.0)",
+ org.apache.sshd.client.auth.password;version="[2.10.0,2.11.0)",
+ org.apache.sshd.client.auth.pubkey;version="[2.10.0,2.11.0)",
+ org.apache.sshd.client.channel;version="[2.10.0,2.11.0)",
+ org.apache.sshd.client.config.hosts;version="[2.10.0,2.11.0)",
+ org.apache.sshd.client.config.keys;version="[2.10.0,2.11.0)",
+ org.apache.sshd.client.future;version="[2.10.0,2.11.0)",
+ org.apache.sshd.client.keyverifier;version="[2.10.0,2.11.0)",
+ org.apache.sshd.client.session;version="[2.10.0,2.11.0)",
+ org.apache.sshd.client.session.forward;version="[2.10.0,2.11.0)",
+ org.apache.sshd.common;version="[2.10.0,2.11.0)",
+ org.apache.sshd.common.auth;version="[2.10.0,2.11.0)",
+ org.apache.sshd.common.channel;version="[2.10.0,2.11.0)",
+ org.apache.sshd.common.compression;version="[2.10.0,2.11.0)",
+ org.apache.sshd.common.config.keys;version="[2.10.0,2.11.0)",
+ org.apache.sshd.common.config.keys.loader;version="[2.10.0,2.11.0)",
+ org.apache.sshd.common.config.keys.loader.openssh.kdf;version="[2.10.0,2.11.0)",
+ org.apache.sshd.common.config.keys.u2f;version="[2.10.0,2.11.0)",
+ org.apache.sshd.common.digest;version="[2.10.0,2.11.0)",
+ org.apache.sshd.common.forward;version="[2.10.0,2.11.0)",
+ org.apache.sshd.common.future;version="[2.10.0,2.11.0)",
+ org.apache.sshd.common.helpers;version="[2.10.0,2.11.0)",
+ org.apache.sshd.common.io;version="[2.10.0,2.11.0)",
+ org.apache.sshd.common.kex;version="[2.10.0,2.11.0)",
+ org.apache.sshd.common.kex.extension;version="[2.10.0,2.11.0)",
+ org.apache.sshd.common.kex.extension.parser;version="[2.10.0,2.11.0)",
+ org.apache.sshd.common.keyprovider;version="[2.10.0,2.11.0)",
+ org.apache.sshd.common.mac;version="[2.10.0,2.11.0)",
+ org.apache.sshd.common.random;version="[2.10.0,2.11.0)",
+ org.apache.sshd.common.session;version="[2.10.0,2.11.0)",
+ org.apache.sshd.common.session.helpers;version="[2.10.0,2.11.0)",
+ org.apache.sshd.common.signature;version="[2.10.0,2.11.0)",
+ org.apache.sshd.common.util;version="[2.10.0,2.11.0)",
+ org.apache.sshd.common.util.buffer;version="[2.10.0,2.11.0)",
+ org.apache.sshd.common.util.buffer.keys;version="[2.10.0,2.11.0)",
+ org.apache.sshd.common.util.closeable;version="[2.10.0,2.11.0)",
+ org.apache.sshd.common.util.io;version="[2.10.0,2.11.0)",
+ org.apache.sshd.common.util.io.der;version="[2.10.0,2.11.0)",
+ org.apache.sshd.common.util.io.functors;version="[2.10.0,2.11.0)",
+ org.apache.sshd.common.util.io.resource;version="[2.10.0,2.11.0)",
+ org.apache.sshd.common.util.logging;version="[2.10.0,2.11.0)",
+ org.apache.sshd.common.util.net;version="[2.10.0,2.11.0)",
+ org.apache.sshd.common.util.security;version="[2.10.0,2.11.0)",
+ org.apache.sshd.core;version="[2.10.0,2.11.0)",
+ org.apache.sshd.server.auth;version="[2.10.0,2.11.0)",
+ org.apache.sshd.sftp;version="[2.10.0,2.11.0)",
+ org.apache.sshd.sftp.client;version="[2.10.0,2.11.0)",
+ org.apache.sshd.sftp.common;version="[2.10.0,2.11.0)",
  org.eclipse.jgit.annotations;version="[6.6.0,6.7.0)",
  org.eclipse.jgit.errors;version="[6.6.0,6.7.0)",
  org.eclipse.jgit.fnmatch;version="[6.6.0,6.7.0)",
diff --git a/org.eclipse.jgit.ssh.apache/pom.xml b/org.eclipse.jgit.ssh.apache/pom.xml
index 8a4d6690a7..6b1f08c35f 100644
--- a/org.eclipse.jgit.ssh.apache/pom.xml
+++ b/org.eclipse.jgit.ssh.apache/pom.xml
@@ -50,6 +50,16 @@
       <groupId>org.apache.sshd</groupId>
       <artifactId>sshd-sftp</artifactId>
       <version>${apache-sshd-version}</version>
+      <exclusions>
+        <exclusion>
+          <groupId>org.apache.sshd</groupId>
+          <artifactId>sshd-common</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.apache.sshd</groupId>
+          <artifactId>sshd-core</artifactId>
+        </exclusion>
+      </exclusions>
     </dependency>
 
     <dependency>
diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPasswordAuthFactory.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPasswordAuthFactory.java
deleted file mode 100644
index 715f3b8edd..0000000000
--- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPasswordAuthFactory.java
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- * Copyright (C) 2018, Thomas Wolf <thomas.wolf@paranor.ch> and others
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Distribution License v. 1.0 which is available at
- * https://www.eclipse.org/org/documents/edl-v10.php.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-package org.eclipse.jgit.internal.transport.sshd;
-
-import java.io.IOException;
-
-import org.apache.sshd.client.auth.AbstractUserAuthFactory;
-import org.apache.sshd.client.auth.password.UserAuthPassword;
-import org.apache.sshd.client.auth.password.UserAuthPasswordFactory;
-import org.apache.sshd.client.session.ClientSession;
-
-/**
- * A customized {@link UserAuthPasswordFactory} that creates instance of
- * {@link JGitPasswordAuthentication}.
- */
-public class JGitPasswordAuthFactory extends AbstractUserAuthFactory {
-
-	/** The singleton {@link JGitPasswordAuthFactory}. */
-	public static final JGitPasswordAuthFactory INSTANCE = new JGitPasswordAuthFactory();
-
-	private JGitPasswordAuthFactory() {
-		super(UserAuthPasswordFactory.NAME);
-	}
-
-	@Override
-	public UserAuthPassword createUserAuth(ClientSession session)
-			throws IOException {
-		return new JGitPasswordAuthentication();
-	}
-}
diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPasswordAuthentication.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPasswordAuthentication.java
deleted file mode 100644
index 33c3c608f6..0000000000
--- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPasswordAuthentication.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright (C) 2018, 2022 Thomas Wolf <thomas.wolf@paranor.ch> and others
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Distribution License v. 1.0 which is available at
- * https://www.eclipse.org/org/documents/edl-v10.php.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-package org.eclipse.jgit.internal.transport.sshd;
-
-import static org.apache.sshd.core.CoreModuleProperties.PASSWORD_PROMPTS;
-
-import org.apache.sshd.client.auth.password.UserAuthPassword;
-import org.apache.sshd.client.session.ClientSession;
-
-/**
- * A password authentication handler that respects the
- * {@code NumberOfPasswordPrompts} ssh config.
- */
-public class JGitPasswordAuthentication extends UserAuthPassword {
-
-	private int maxAttempts;
-
-	private int attempts;
-
-	@Override
-	public void init(ClientSession session, String service) throws Exception {
-		super.init(session, service);
-		maxAttempts = Math.max(1,
-				PASSWORD_PROMPTS.getRequired(session).intValue());
-		attempts = 0;
-	}
-
-	@Override
-	protected String resolveAttemptedPassword(ClientSession session,
-			String service) throws Exception {
-		if (++attempts > maxAttempts) {
-			return null;
-		}
-		return super.resolveAttemptedPassword(session, service);
-	}
-}
diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshClient.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshClient.java
index 72f0bdb6ee..311cf198ae 100644
--- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshClient.java
+++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshClient.java
@@ -32,10 +32,8 @@ import java.util.List;
 import java.util.Map;
 import java.util.NoSuchElementException;
 import java.util.Objects;
-import java.util.function.Supplier;
 import java.util.stream.Collectors;
 
-import org.apache.sshd.agent.SshAgentFactory;
 import org.apache.sshd.client.SshClient;
 import org.apache.sshd.client.config.hosts.HostConfigEntry;
 import org.apache.sshd.client.future.ConnectFuture;
@@ -107,8 +105,6 @@ public class JGitSshClient extends SshClient {
 
 	private ProxyDataFactory proxyDatabase;
 
-	private Supplier<SshAgentFactory> agentFactorySupplier = () -> null;
-
 	@Override
 	protected SessionFactory createSessionFactory() {
 		// Override the parent's default
@@ -377,22 +373,6 @@ public class JGitSshClient extends SshClient {
 		return credentialsProvider;
 	}
 
-	@Override
-	public SshAgentFactory getAgentFactory() {
-		return agentFactorySupplier.get();
-	}
-
-	@Override
-	protected void checkConfig() {
-		// The super class requires channel factories for agent forwarding if a
-		// factory for an SSH agent is set. We haven't implemented this yet, and
-		// we don't do SSH agent forwarding for now. Unfortunately, there is no
-		// way to bypass this check in the super class except making
-		// getAgentFactory() return null until after the check.
-		super.checkConfig();
-		agentFactorySupplier = super::getAgentFactory;
-	}
-
 	/**
 	 * A {@link SessionFactory} to create our own specialized
 	 * {@link JGitClientSession}s.
diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/IdentityPasswordProvider.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/IdentityPasswordProvider.java
index dd6894b662..807bda89bc 100644
--- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/IdentityPasswordProvider.java
+++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/IdentityPasswordProvider.java
@@ -252,22 +252,26 @@ public class IdentityPasswordProvider implements KeyPasswordProvider {
 	protected boolean keyLoaded(URIish uri,
 			State state, char[] password, Exception err)
 			throws IOException, GeneralSecurityException {
-		if (err == null) {
-			return false; // Success, don't retry
-		} else if (err instanceof GeneralSecurityException) {
+		if (err == null || password == null) {
+			// Success, or an error before we even asked for a password (could
+			// also be a non-encrypted key, or a user cancellation): don't
+			// retry.
+			return false;
+		}
+		if (state != null && state.getCount() < attempts) {
+			// We asked for a password, and have not yet exhausted the number of
+			// attempts. Assume the password was incorrect.
+			return true;
+		}
+		// Attempts exhausted
+		if (err instanceof GeneralSecurityException) {
+			// Top-level exception with a better exception message. The
+			// framework would otherwise re-throw 'err'.
 			throw new InvalidKeyException(
 					format(SshdText.get().identityFileCannotDecrypt, uri), err);
-		} else {
-			// Unencrypted key (state == null && password == null), or exception
-			// before having asked for the password (state != null && password
-			// == null; might also be a user cancellation), or number of
-			// attempts exhausted.
-			if (state == null || password == null
-					|| state.getCount() >= attempts) {
-				return false;
-			}
-			return true;
 		}
+		// I/O error.
+		return false;
 	}
 
 	@Override
diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSessionFactory.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSessionFactory.java
index c792c1889c..7798b80f18 100644
--- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSessionFactory.java
+++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSessionFactory.java
@@ -33,6 +33,7 @@ import org.apache.sshd.client.ClientBuilder;
 import org.apache.sshd.client.SshClient;
 import org.apache.sshd.client.auth.UserAuthFactory;
 import org.apache.sshd.client.auth.keyboard.UserAuthKeyboardInteractiveFactory;
+import org.apache.sshd.client.auth.password.UserAuthPasswordFactory;
 import org.apache.sshd.client.config.hosts.HostConfigEntryResolver;
 import org.apache.sshd.common.NamedFactory;
 import org.apache.sshd.common.compression.BuiltinCompressions;
@@ -46,7 +47,6 @@ import org.eclipse.jgit.errors.TransportException;
 import org.eclipse.jgit.internal.transport.ssh.OpenSshConfigFile;
 import org.eclipse.jgit.internal.transport.sshd.CachingKeyPairProvider;
 import org.eclipse.jgit.internal.transport.sshd.GssApiWithMicAuthFactory;
-import org.eclipse.jgit.internal.transport.sshd.JGitPasswordAuthFactory;
 import org.eclipse.jgit.internal.transport.sshd.JGitPublicKeyAuthFactory;
 import org.eclipse.jgit.internal.transport.sshd.JGitServerKeyVerifier;
 import org.eclipse.jgit.internal.transport.sshd.JGitSshClient;
@@ -607,7 +607,7 @@ public class SshdSessionFactory extends SshSessionFactory implements Closeable {
 		return Collections.unmodifiableList(
 				Arrays.asList(GssApiWithMicAuthFactory.INSTANCE,
 						JGitPublicKeyAuthFactory.FACTORY,
-						JGitPasswordAuthFactory.INSTANCE,
+						UserAuthPasswordFactory.INSTANCE,
 						UserAuthKeyboardInteractiveFactory.INSTANCE));
 	}
author	Thomas Wolf <twolf@apache.org>	2023-04-03 19:33:24 +0200
committer	Matthias Sohn <matthias.sohn@sap.com>	2023-05-16 12:59:37 +0200
commit	913e6cf3f6c2a28f162831cd64a6273b751b917a (patch)
tree	8933ee6e667e8bbf8f14c90b6ab1ee0e597dc1f6 /org.eclipse.jgit.ssh.apache
parent	43954ea62ade1161ce446818ca7f7e36b1c10042 (diff)
download	jgit-913e6cf3f6c2a28f162831cd64a6273b751b917a.tar.gz jgit-913e6cf3f6c2a28f162831cd64a6273b751b917a.zip