Include the net.i2p.crypto.eddsa bundle via a hard dependency. Add tests for dealing with ed25519 host keys and user key files. Manual tests: fetching from git.eclipse.org with an ed25519 user key, and pushing this change itself using the same ed25519 key. Note that sshd 2.0.0 does not yet support encrypted ed25519 private keys. Bug: 541272 Change-Id: I7072f4014d9eca755b4a2412e19c086235e5eae9 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>

5 år sedan · db627c4177
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -22,6 +22,12 @@ load(
    "maven_jar",
 )

 maven_jar(
    name = "eddsa",
    artifact = "net.i2p.crypto:eddsa:0.3.0",
    sha1 = "1901c8d4d8bffb7d79027686cfb91e704217c3e1",
 )

 maven_jar(
    name = "jsch",
    artifact = "com.jcraft:jsch:0.1.54",
--- a/lib/BUILD
+++ b/lib/BUILD
@@ -27,6 +27,15 @@ java_library(
    exports = ["@commons-logging//jar"],
 )

 java_library(
    name = "eddsa",
    visibility = [
        "//org.eclipse.jgit.ssh.apache:__pkg__",
        "//org.eclipse.jgit.ssh.apache.test:__pkg__",
    ],
    exports = ["@eddsa//jar"],
 )

 java_library(
    name = "gson",
    visibility = [
--- a/org.eclipse.jgit.packaging/org.eclipse.jgit.ssh.apache.feature/feature.xml
+++ b/org.eclipse.jgit.packaging/org.eclipse.jgit.ssh.apache.feature/feature.xml
@@ -47,4 +47,11 @@
         version="0.0.0"
         unpack="false"/>

   <plugin
         id="net.i2p.crypto.eddsa"
         download-size="0"
         install-size="0"
         version="0.0.0"
         unpack="false"/>

 </feature>
--- a/org.eclipse.jgit.ssh.apache.test/BUILD
+++ b/org.eclipse.jgit.ssh.apache.test/BUILD
@@ -8,6 +8,7 @@ junit_tests(
    srcs = glob(["tst/**/*.java"]),
    tags = ["sshd"],
    deps = [
        "//lib:eddsa",
        "//lib:junit",
        "//lib:sshd-core",
        "//lib:sshd-sftp",
--- a/org.eclipse.jgit.ssh.apache.test/META-INF/MANIFEST.MF
+++ b/org.eclipse.jgit.ssh.apache.test/META-INF/MANIFEST.MF
@@ -8,6 +8,7 @@ Bundle-Vendor: %Provider-Name
 Bundle-RequiredExecutionEnvironment: JavaSE-1.8
 Import-Package: org.eclipse.jgit.internal.transport.sshd.proxy;version="[5.2.0,5.3.0)",
 org.eclipse.jgit.junit;version="[5.2.0,5.3.0)",
 org.eclipse.jgit.junit.ssh;version="[5.2.0,5.3.0)",
 org.eclipse.jgit.lib;version="[5.2.0,5.3.0)",
 org.eclipse.jgit.transport;version="[5.2.0,5.3.0)",
 org.eclipse.jgit.transport.ssh;version="[5.2.0,5.3.0)",
--- a/org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/transport/sshd/ApacheSshTest.java
+++ b/org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/transport/sshd/ApacheSshTest.java
@@ -53,6 +53,7 @@ import org.eclipse.jgit.transport.SshSessionFactory;
 import org.eclipse.jgit.transport.ssh.SshTestBase;
 import org.eclipse.jgit.transport.sshd.SshdSessionFactory;
 import org.eclipse.jgit.util.FS;
 import org.junit.Test;
 import org.junit.experimental.theories.Theories;
 import org.junit.runner.RunWith;

@@ -81,4 +82,24 @@ public class ApacheSshTest extends SshTestBase {
 		}
 	}

 	// Using an ed25519 (unencrypted) user key is tested in the super class in
 	// testSshKeys(). sshd 2.0.0 cannot yet read encrypted ed25519 keys.

 	@Test
 	public void testEd25519HostKey() throws Exception {
 		File newHostKey = new File(getTemporaryDirectory(), "newhostkey");
 		copyTestResource("id_ed25519", newHostKey);
 		server.addHostKey(newHostKey.toPath(), true);
 		File newHostKeyPub = new File(getTemporaryDirectory(),
 				"newhostkey.pub");
 		copyTestResource("id_ed25519.pub", newHostKeyPub);
 		createKnownHostsFile(knownHosts, "localhost", testPort, newHostKeyPub);
 		cloneWith("ssh://git/doesntmatter", defaultCloneDir, null, //
 				"Host git", //
 				"HostName localhost", //
 				"Port " + testPort, //
 				"User " + TEST_USER, //
 				"IdentityFile " + privateKey1.getAbsolutePath());
 	}

 }
--- a/org.eclipse.jgit.ssh.apache/BUILD
+++ b/org.eclipse.jgit.ssh.apache/BUILD
@@ -10,6 +10,7 @@ java_library(
    resource_strip_prefix = "org.eclipse.jgit.ssh.apache/resources",
    resources = RESOURCES,
    deps = [
        "//lib:eddsa",
        "//lib:slf4j-api",
        "//lib:sshd-core",
        "//lib:sshd-sftp",
--- a/org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF
+++ b/org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF
@@ -31,7 +31,8 @@ Export-Package: org.eclipse.jgit.internal.transport.sshd;version="5.2.0";x-inter
   org.eclipse.jgit.util,
   org.apache.sshd.client.session,
   org.apache.sshd.client.keyverifier"
 Import-Package: org.apache.sshd.agent;version="[2.0.0,2.1.0)",
 Import-Package: net.i2p.crypto.eddsa;version="[0.3.0,0.4.0)",
 org.apache.sshd.agent;version="[2.0.0,2.1.0)",
 org.apache.sshd.client;version="[2.0.0,2.1.0)",
 org.apache.sshd.client.auth;version="[2.0.0,2.1.0)",
 org.apache.sshd.client.auth.keyboard;version="[2.0.0,2.1.0)",
--- a/org.eclipse.jgit.ssh.apache/pom.xml
+++ b/org.eclipse.jgit.ssh.apache/pom.xml
@@ -63,6 +63,7 @@
  <properties>
    <translate-qualifier/>
    <source-bundle-manifest>${project.build.directory}/META-INF/SOURCE-MANIFEST.MF</source-bundle-manifest>
    <eddsa-version>0.3.0</eddsa-version>
  </properties>

  <dependencies>
@@ -84,6 +85,12 @@
      <version>${apache-sshd-version}</version>
    </dependency>

    <dependency>
      <groupId>net.i2p.crypto</groupId>
      <artifactId>eddsa</artifactId>
      <version>${eddsa-version}</version>
    </dependency>

    <dependency>
      <groupId>org.slf4j</groupId>
      <artifactId>slf4j-api</artifactId>
--- a/org.eclipse.jgit.test/src/org/eclipse/jgit/transport/ssh/SshTestBase.java
+++ b/org.eclipse.jgit.test/src/org/eclipse/jgit/transport/ssh/SshTestBase.java
@@ -80,6 +80,7 @@ public abstract class SshTestBase extends SshTestHarness {
 			"id_ecdsa_256", //
 			"id_ecdsa_384", //
 			"id_ecdsa_521", //
 			"id_ed25519", //
 			// And now encrypted. Passphrase is "testpass".
 			"id_dsa_testpass", //
 			"id_rsa_1024_testpass", //
@@ -805,7 +806,8 @@ public abstract class SshTestBase extends SshTestHarness {
 		// JSch fails on ECDSA 384/521 keys. Compare
 		// https://sourceforge.net/p/jsch/patches/10/
 		assumeTrue(!(getSessionFactory() instanceof JschConfigSessionFactory
 				&& (keyName.startsWith("id_ecdsa_384")
 				&& (keyName.contains("ed25519")
 						|| keyName.startsWith("id_ecdsa_384")
 						|| keyName.startsWith("id_ecdsa_521"))));
 		File cloned = new File(getTemporaryDirectory(), "cloned");
 		String keyFileName = keyName + "_key";