aboutsummaryrefslogtreecommitdiffstats
path: root/org.eclipse.jgit.ssh.apache
Commit message (Collapse)AuthorAgeFilesLines
* Prepare 7.4.0-SNAPSHOT buildsMatthias Sohn2025-06-033-23/+23
| | | | Change-Id: I4d81243b396783a9dca62f320a32eb8e91168e93
* Prepare 7.3.1-SNAPSHOT buildsMatthias Sohn2025-06-033-23/+23
| | | | Change-Id: If6c3473f3d4bfdf1e61dab3cf82db1d251ed5a15
* JGit v7.3.0.202506031305-rv7.3.0.202506031305-rMatthias Sohn2025-06-033-4/+4
| | | | | Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Change-Id: Ie8520484ce2bfad36989cf58a9d81ddccc64f153
* Prepare 7.3.0-SNAPSHOT buildsMatthias Sohn2025-05-293-4/+4
| | | | Change-Id: I483ab43823984c031828e326892cc43b75023eb3
* JGit v7.3.0.202505281347-rc1v7.3.0.202505281347-rc1Matthias Sohn2025-05-283-4/+4
| | | | | Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Change-Id: I08bb10e50b55800a0d20f9ef463537caf42769a6
* Prepare 7.3.0-SNAPSHOT buildsMatthias Sohn2025-05-213-4/+4
| | | | Change-Id: I1fc82b7453287b6dc40dcda84f606bd637cf1ee3
* JGit v7.3.0.202505211123-m3v7.3.0.202505211123-m3Matthias Sohn2025-05-213-4/+4
| | | | | Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Change-Id: I425b58e62c158a036dd2793b4e699bdc77f7204b
* Prepare 7.3.0-SNAPSHOT buildsMatthias Sohn2025-05-073-4/+4
| | | | Change-Id: I68408f285a3be41fc6477dc746083a862cd7ee71
* JGit v7.3.0.202505070700-m2v7.3.0.202505070700-m2Matthias Sohn2025-05-073-4/+4
| | | | | Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Change-Id: I818dcd940781f5ac2f5c0a171f84ea4a82b238d2
* Prepare 7.3.0-SNAPSHOT buildsMatthias Sohn2025-04-103-4/+4
| | | | Change-Id: Ic765e5198be3ba265c269911c30e5a67ba361ada
* JGit v7.3.0.202504081226-m1v7.3.0.202504081226-m1Matthias Sohn2025-04-083-4/+4
| | | | | Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Change-Id: I446e2d7370880f6270af55fbe37805a2b1d11e63
* Bump minimum dependency for Bouncy Castle to 1.80.0Thomas Wolf2025-03-202-1/+6
| | | | | | | | Add an extra dependency in o.e.j.ssh.apache to ensure BC 1.80.0 gets pulled in if the bundle is installed. Bug: jgit-148 Change-Id: I13c3365440bedb73251760bcf77907081e8ba1cf
* Prepare 7.3.0-SNAPSHOT buildsMatthias Sohn2025-03-043-23/+23
| | | | Change-Id: Id871f3084a8195fdfa2f7eab058515656bd2c9f9
* Prepare 7.2.1-SNAPSHOT buildsMatthias Sohn2025-03-043-23/+23
| | | | Change-Id: Iddc02bb3c2235b491d9b7034f29591b09d042e11
* JGit v7.2.0.202503040940-rv7.2.0.202503040940-rMatthias Sohn2025-03-043-4/+4
| | | | | Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Change-Id: I3d3f7fc6732b3204970a7be7886361920d8ec60e
* JGit v7.2.0.202503040805-rMatthias Sohn2025-03-043-4/+4
| | | | | Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Change-Id: Ie3159a6610f3a1425c3b812f8284c073ee2b429c
* [ssh known_hosts] Handle unknown keys betterThomas Wolf2025-02-261-20/+36
| | | | | | | | | | | | | | | | Ignoring host keys that cannot be read means we may ask the user whether to accept a host key for a hitherto unknown server. This is subtly different from asking the user whether to accept a new or modified host key for a server for which a different host key is already known. So do not ignore such keys but store them as UnsupportedSshPublicKey. That enables us to give the user the correct feedback. If the user allows connecting and wants the new key to be stored, do not replace the line with the unknown key type as it might be perfectly fine for some other SSH program the user uses outside of JGit. Instead, add the new key as a new line. Change-Id: I304cb877d37b926c25a39acc16844088f54e0bde
* [ssh known_hosts] Handle host certificatesThomas Wolf2025-02-263-12/+42
| | | | | | | | | | | | | | | | | | | | | Implement the "@cert-authority" marker and its handling: if the server sent an OpenSshCertificate, consider only entries marked as CA and look for the certificate's CA key. If the CA key cannot be found, just return false, rejecting the certificate. Never ask to add such keys to the file. Certificate authorities must always be added manually. Checking that the certificate is a valid host certificate and lists a matching principal is beyond the scope of the ServerKeyDatabase and is done in the key exchange even before the database is queried. In lookup(), skip CA keys. The purpose of lookup() is to do an early re-ordering of the signatures proposal in the initial key exchange, but since a CA key can be used to sign any other key of any key type it has no real benefit in this case. Also, the return value of lookup() is just a list of PublicKeys, so the caller couldn't distinguish CA keys from other keys anyway. Change-Id: I92c2c9d69d73cc4b125e8cad0262a48d2ec3c466
* [ssh known_hosts] Improve updating modified keysThomas Wolf2025-02-261-1/+41
| | | | | | | | | | | | | If there are several keys for a host in the known_hosts files, prefer reporting and updating a line for the same key type as the host key received from the server. For instance, if there's an RSA and an EC key for a server but neither match an EC host key received from that server, report and overwrite the EC key, not the RSA key. And vice versa: if the server sent an RSA key, report an update the line for the RSA key, not the one for the EC key. Change-Id: I30c8a23ffe15242469bc538edba68ac3e38c6a55
* [ssh known_hosts] Add tests and fix problemsThomas Wolf2025-02-261-26/+42
| | | | | | | | | | | | | | | | | | | | | | Add tests for known_hosts handling and fix two problems uncovered. When host patterns from different known_host files matched, but none had the key wanted, and the user said to accept the new key and store it, we'd try to always update a line read from the second file in the first file. As a result the new host key was not stored. Fix this by ensuring that we always try to modify the file the matching line was read from. When adding a new key (no host patterns matched), the new line would have duplicates in the host patterns, for instance, twice the same hostname. It did not have the IP address, though. Fix this by making sure we also add the IP address to the candidates to check against host patterns, and avoid writing duplicates when the new line is added to the file. Change-Id: I4c61050422ea635fb9bc30f585f00287fc437486
* [ssh, releng] Remove net.i2p.crypto.eddsaThomas Wolf2025-02-264-15/+2
| | | | | | | | | | | | | | | It's no longer needed; Apache MINA sshd now can work with the Bouncy Castle ed25519 implementation. Get rid of the unmaintained net.i2p bundle as dependency and drop it from the p2 repository. Also remove the hacky export of sun.security.x509 in oej.ssh.apache; it was added because of buggy test (sic!) dependency in net.i2p. In the bazel build make the Bouncy Castle libraries available to the ssh tests so that they have ed25519 even without the net.i2p library. Remove the net.i2p (eddsa) library throughout. Change-Id: I8e79afa84b8cce62ac8c3436c36fb02507af75b3
* ssh: bump Apache MINA sshd 2.14.0 -> 2.15.0Thomas Wolf2025-02-241-52/+52
| | | | | | | Brings support for ML-KEM PQC hybrid key exchanges, plus support for using the Bouncy Castle ed25519 provider. Change-Id: Ib44e89ff96799c6e4f6ac546284a0e7c4726898d
* [ssh known_hosts] Correct parsing of host key linesThomas Wolf2025-02-102-4/+5
| | | | | | | | Use the correct parsing method to parse just a key type followed by the base64-encoded key data. If we parse an AuthorizedKeyEntry, we may get an exception if an unknown key type is listed. Change-Id: I9e4e58410f1bb4e1af849d0586085052e04284d7
* [ssh signing] AllowedSigners: fix validity checkThomas Wolf2025-01-281-5/+4
| | | | | | | | Not all SSH key types start with "ssh-" (for instance ECDSA keys). Don't test for this; instead test that the string we want to use as base64-encoded key starts with "AAAA". Change-Id: Ia0e24d63c69c98813ac7419f4a688f3d15139a10
* AllowedSigners: use java.time APIMatthias Sohn2024-12-251-8/+3
| | | | | | | We are moving away from the old java.util.Date API to the java.time API. Change-Id: I66147445b90df8ca8c8c65239bc9f1ca3f086e75
* Remove use of deprecated java.security.AccessControllerMatthias Sohn2024-12-101-9/+6
| | | | | | It's deprecated and marked for removal since Java 17. Change-Id: I6d0d4ac08f10cc73a409f202628a23faed4e5b36
* Prepare 7.2.0-SNAPSHOT buildsMatthias Sohn2024-11-273-23/+23
| | | | Change-Id: Ie3108fefbcbb55a4f26273833c9817ce4bd750f1
* Prepare 7.1.1-SNAPSHOT buildsMatthias Sohn2024-11-263-23/+23
| | | | Change-Id: Ifc710a83cda50f1275cbbd5a828f92d95607f298
* JGit v7.1.0.202411261347-rv7.1.0.202411261347-rMatthias Sohn2024-11-263-4/+4
| | | | | Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Change-Id: I70f154dd1dc8571c5e2057d09d08d4a4d1b7ee37
* Prepare 7.1.0-SNAPSHOT buildsMatthias Sohn2024-11-193-4/+4
| | | | Change-Id: I69f57f933899b9926ab5124b24b90ae75f7a8d09
* JGit v7.1.0.202411191359-rc1v7.1.0.202411191359-rc1Matthias Sohn2024-11-193-4/+4
| | | | | Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Change-Id: I802c3dbcbb05470aad6255cc05402647e704b446
* [errorprone] ssh: suppress warning for arrays in recordsIvan Frade2024-11-132-0/+2
| | | | | | | | | | | | Errorpone considers an error to have arrays (mutable) inside records (immutable) [1]. Suppress the warnings in these records, as they are overriding equals and hash to do the right thing. [1] https://errorprone.info/bugpattern/ArrayRecordComponent Change-Id: I01c724516b1b14d512d366a35708436463fccffc
* ssh: Minor simplification in SerialRangeSetThomas Wolf2024-11-081-19/+12
| | | | | | | Instead of set.headMap(x).lastKey() use set.floorKey(x) and instead of set.tailMap(x).firstKey() use set.ceilingKey(x). Change-Id: I22f44cbe82b9ead06d6ff517d609dfdbc89a758c
* SSH signing: implement a SignatureVerifierThomas Wolf2024-10-2315-1/+2151
| | | | | | | | | | | | | | | | | | | | | | | Signature verification needs quite a bit of infrastructure. There are two files to read: a list of allowed signers, and a list of revoked keys or certificates. Introduce a SigningKeyDatabase abstraction for these, and give client code the possibility to plug in its own implementation. Loading these files afresh for every signature to be checked would be prohibitively expensive. Introduce a cache of SigningKeyDatabases, and have them reload the files only when they have changed. Include a default implementation that works with the OpenSSH allowed signers file and with OpenSSH revocation lists. Binary KRLs are parsed according to [1]; the test data was generated using the OpenSSH test script[2]. [1] https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.krl [2] https://github.com/openssh/openssh-portable/blob/67a115e/regress/krl.sh Bug: jgit-44 Change-Id: I6a2fa24f38a2f2fe63ffb353da5b6665ca7277e1 Signed-off-by: Thomas Wolf <twolf@apache.org>
* SSH signing: implement a SignerThomas Wolf2024-10-238-1/+780
| | | | | | | | | | | | | | | | | | Implement a Signer and its factory, and publish the factory for the ServiceLoader. SSH signatures can be created directly if the key is given via a file in user.signingKey and the private key can be found. Otherwise, signing is delegated to an SSH agent, if available. If a certificate is used as public key, the signer verifies the certificate (correct signature, and valid at the commit time). SSH signatures are documented at [1]. [1] https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.sshsig Bug: jgit-44 Change-Id: I3848ccc06ba3be5e868f879bd5705fee1b39c632 Signed-off-by: Thomas Wolf <twolf@apache.org>
* SSH signing: don't require a session in PasswordProviderWrapperThomas Wolf2024-10-221-3/+10
| | | | | | | To read passphrase-protected private keys SSH signing will need to use a PasswordProviderWrapper without SSH session. Change-Id: I3ecac6c099f3ed1565fb4f0d56d55aee16edb9fc Signed-off-by: Thomas Wolf <twolf@apache.org>
* ssh: add a factory for KeyPasswordProviderThomas Wolf2024-10-222-5/+86
| | | | | | | | | Introduce a global default factory to create KeyPasswordProvider. Previously, their creation was tied to the SSH session, but for SSH signatures, we will need to be able to create KeyPasswordProviders without having an SSH session. Change-Id: If4a69c4d4c4e8de390cb1ef3b65966d0e39c24ff Signed-off-by: Thomas Wolf <twolf@apache.org>
* Update Apache sshd to 2.14.0Matthias Sohn2024-10-091-52/+52
| | | | | | | | | | | | | | | | | This fixes an 'incorrect signature' error when trying to use the keys generated by SSHD during server init with an OpenSSH client. This also includes a few other changes since 2.13.2: * GH-524 Performance improvements * GH-533 Fix multi-step authentication * GH-582 Fix filtering in NamedFactory * GH-587 Prevent NullPointerExceptionon closed channel in NettyIoSession * GH-590 Better support for FIPS * GH-597 Pass on Charset in ClientSession.executeRemoteCommand() https://github.com/apache/mina-sshd/releases/tag/sshd-2.14.0 Change-Id: I76909fd56e70ee4ce16a075bd40ed6b2a609cc47
* Prepare 7.1.0-SNAPSHOT buildsMatthias Sohn2024-09-033-19/+19
| | | | Change-Id: Iba206a2d4645fc275cd2cd1cb3ae965b8ceafb28
* Prepare 7.0.1-SNAPSHOT buildsMatthias Sohn2024-09-033-19/+19
| | | | Change-Id: I5a6a9e398d8b81bf7bd0afbd6c82116d4472a349
* JGit v7.0.0.202409031743-rv7.0.0.202409031743-rMatthias Sohn2024-09-033-4/+4
| | | | | Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Change-Id: I86507936091e6f7af7588835722672ff2668a205
* Prepare 7.0.0-SNAPSHOT buildsMatthias Sohn2024-08-283-4/+4
| | | | Change-Id: Ifa0a549e9551a2016241169e1c1e9052174c49d1
* JGit v7.0.0.202408271414-rc1v7.0.0.202408271414-rc1Matthias Sohn2024-08-273-4/+4
| | | | | Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Change-Id: I969947a7c5fef72ed0c2f50e96a60787474f9906
* Prepare 7.0.0-SNAPSHOT buildsMatthias Sohn2024-08-213-4/+4
| | | | Change-Id: I07b258a9f94823c9c390daf6e1d3034ca5ace81f
* JGit v7.0.0.202408202050-m3Matthias Sohn2024-08-203-4/+4
| | | | | Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Change-Id: I44280658582c23ca0d9b85c4c24a1c2e7b82c6d8
* JGit v7.0.0.202408201547-m3v7.0.0.202408201547-m3Matthias Sohn2024-08-203-4/+4
| | | | | Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Change-Id: Ic04bf96a04e38da82a7ff41334db44891f02419b
* JGit v7.0.0.202409201410-m3v7.0.0.202409201410-m3Matthias Sohn2024-08-203-4/+4
| | | | | Signed-off-by: Matthias Sohn <matthias.sohn@sap.com> Change-Id: If35e97f9fb415669bac6dfa10ac35b509b3ee921
* [ssh] Bump Apache MINA sshd 2.13.1 -> 2.13.2Thomas Wolf2024-08-101-52/+52
| | | | | | | | | | | | Apache MINA 2.13.[01] had a bug in the new sntrup761x25519-sha256 KEX exchange that was fixed in 2.13.2.[1] This is the only upstream code change. Bump the lower bound in the MANIFEST.MFs to 2.13.2 to avoid we ever use the broken 2.13.[01]. [1] https://github.com/apache/mina-sshd/issues/525 Change-Id: I5904f9826f99c46b50abc634153f90035646ce50 Signed-off-by: Thomas Wolf <twolf@apache.org>
* Update org.apache.sshd to 2.13.1Matthias Sohn2024-07-011-52/+52
| | | | Change-Id: I040ccaffba337b252d731fe9661209818b5b63e3
* Merge branch 'next'Matthias Sohn2024-06-043-5/+5
|\ | | | | | | | | | | | | | | | | | | * next: Bump jetty version to 12.0.9 and servlet-api to 6.0 Bump jetty version to 11.0.20 Update minimum Java version to 17 Prepare 7.0.0-SNAPSHOT builds Change-Id: I99c02f19a580101d34a5b4f9ab4daac33c755b89
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-06 06:25:13 +0000