summaryrefslogtreecommitdiffstats
path: root/org.eclipse.jgit.ssh.apache
diff options
context:
space:
mode:
authorThomas Wolf <thomas.wolf@paranor.ch>2021-05-18 21:44:18 +0200
committerThomas Wolf <thomas.wolf@paranor.ch>2021-07-16 08:45:24 +0200
commit13777a3a6265ee68966547e69de83410e0621dfc (patch)
tree69479b17d626e400f37c3f634e926d4636f257fe /org.eclipse.jgit.ssh.apache
parent4c5c3e9fb8e6f11cee3245a4b374a96b9a4f0ee4 (diff)
downloadjgit-13777a3a6265ee68966547e69de83410e0621dfc.tar.gz
jgit-13777a3a6265ee68966547e69de83410e0621dfc.zip
[sshd] Ignore revoked keys in OpenSshServerKeyDatabase.lookup()
It makes no sense to return revoked keys. Change-Id: I99eee1de3dba5c0c8d275b7c1a24053874b3cb03 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Diffstat (limited to 'org.eclipse.jgit.ssh.apache')
-rw-r--r--org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/OpenSshServerKeyDatabase.java25
-rw-r--r--org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/ServerKeyDatabase.java4
2 files changed, 18 insertions, 11 deletions
diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/OpenSshServerKeyDatabase.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/OpenSshServerKeyDatabase.java
index 1a530b7743..85e406f422 100644
--- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/OpenSshServerKeyDatabase.java
+++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/OpenSshServerKeyDatabase.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2018, 2019 Thomas Wolf <thomas.wolf@paranor.ch> and others
+ * Copyright (C) 2018, 2021 Thomas Wolf <thomas.wolf@paranor.ch> and others
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Distribution License v. 1.0 which is available at
@@ -182,10 +182,13 @@ public class OpenSshServerKeyDatabase
for (HostKeyFile file : filesToUse) {
for (HostEntryPair current : file.get()) {
KnownHostEntry entry = current.getHostEntry();
- for (SshdSocketAddress host : candidates) {
- if (entry.isHostMatch(host.getHostName(), host.getPort())) {
- result.add(current.getServerKey());
- break;
+ if (!isRevoked(entry)) {
+ for (SshdSocketAddress host : candidates) {
+ if (entry.isHostMatch(host.getHostName(),
+ host.getPort())) {
+ result.add(current.getServerKey());
+ break;
+ }
}
}
}
@@ -266,6 +269,10 @@ public class OpenSshServerKeyDatabase
private static final long serialVersionUID = 1L;
}
+ private boolean isRevoked(KnownHostEntry entry) {
+ return MARKER_REVOKED.equals(entry.getMarker());
+ }
+
private boolean find(Collection<SshdSocketAddress> candidates,
PublicKey serverKey, List<HostEntryPair> entries,
HostEntryPair[] modified) throws RevokedKeyException {
@@ -273,22 +280,22 @@ public class OpenSshServerKeyDatabase
KnownHostEntry entry = current.getHostEntry();
for (SshdSocketAddress host : candidates) {
if (entry.isHostMatch(host.getHostName(), host.getPort())) {
- boolean isRevoked = MARKER_REVOKED
- .equals(entry.getMarker());
+ boolean revoked = isRevoked(entry);
if (KeyUtils.compareKeys(serverKey,
current.getServerKey())) {
// Exact match
- if (isRevoked) {
+ if (revoked) {
throw new RevokedKeyException();
}
modified[0] = null;
return true;
- } else if (!isRevoked) {
+ } else if (!revoked) {
// Server sent a different key
modified[0] = current;
// Keep going -- maybe there's another entry for this
// host
}
+ break;
}
}
}
diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/ServerKeyDatabase.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/ServerKeyDatabase.java
index b8e6cfd14d..b1b3c1808a 100644
--- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/ServerKeyDatabase.java
+++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/ServerKeyDatabase.java
@@ -30,7 +30,7 @@ import org.eclipse.jgit.transport.CredentialsProvider;
public interface ServerKeyDatabase {
/**
- * Retrieves all known host keys for the given addresses.
+ * Retrieves all known and not revoked host keys for the given addresses.
*
* @param connectAddress
* IP address the session tried to connect to
@@ -39,7 +39,7 @@ public interface ServerKeyDatabase {
* @param config
* giving access to potentially interesting configuration
* settings
- * @return the list of known keys for the given addresses
+ * @return the list of known and not revoked keys for the given addresses
*/
@NonNull
List<PublicKey> lookup(@NonNull String connectAddress,