From 6806d81e1f8b4c2361f9de50445525c6bea4dd47 Mon Sep 17 00:00:00 2001 From: Li Fangning Date: Wed, 5 Jul 2017 15:47:11 +0800 Subject: [PATCH 1/5] [SSHD-700] Fix the issues of the agent forwarding implementation of IETF. --- .../apache/sshd/agent/SshAgentConstants.java | 8 +++ .../sshd/agent/common/AbstractAgentProxy.java | 61 +++++++++++++++---- .../agent/local/AgentForwardedChannel.java | 6 +- .../sshd/agent/local/ProxyAgentFactory.java | 3 +- .../apache/sshd/common/FactoryManager.java | 6 ++ .../sshd/server/channel/ChannelSession.java | 1 + 6 files changed, 71 insertions(+), 14 deletions(-) diff --git a/sshd-core/src/main/java/org/apache/sshd/agent/SshAgentConstants.java b/sshd-core/src/main/java/org/apache/sshd/agent/SshAgentConstants.java index 3c86197ab..baa3feefc 100644 --- a/sshd-core/src/main/java/org/apache/sshd/agent/SshAgentConstants.java +++ b/sshd-core/src/main/java/org/apache/sshd/agent/SshAgentConstants.java @@ -69,6 +69,14 @@ public final class SshAgentConstants { public static final byte SSH_AGENT_CONSTRAIN_LIFETIME = 1; public static final byte SSH_AGENT_CONSTRAIN_CONFIRM = 2; + // Packet types defined by IETF (https://tools.ietf.org/html/draft-ietf-secsh-agent-02) + // Messages sent by the client + public static final byte SSH_AGENT_LIST_KEYS = (byte) 204; + public static final byte SSH_AGENT_PRIVATE_KEY_OP = (byte) 205; + // Messages sent by the agent + public static final byte SSH_AGENT_KEY_LIST = 104; + public static final byte SSH_AGENT_OPERATION_COMPLETE = 105; + private SshAgentConstants() { } diff --git a/sshd-core/src/main/java/org/apache/sshd/agent/common/AbstractAgentProxy.java b/sshd-core/src/main/java/org/apache/sshd/agent/common/AbstractAgentProxy.java index c038e7f6a..e5ae92641 100644 --- a/sshd-core/src/main/java/org/apache/sshd/agent/common/AbstractAgentProxy.java +++ b/sshd-core/src/main/java/org/apache/sshd/agent/common/AbstractAgentProxy.java @@ -42,13 +42,25 @@ * @author Apache MINA SSHD Project */ public abstract class AbstractAgentProxy extends AbstractLoggingBean implements SshAgent, ExecutorServiceConfigurer { + public static final String CHANNEL_TYPE_IETF = "auth-agent-req"; + public static final String CHANNEL_TYPE_OPENSSH = "auth-agent-req@openssh.com"; + private ExecutorService executor; private boolean shutdownExecutor; + private String channelType = CHANNEL_TYPE_OPENSSH; protected AbstractAgentProxy() { super(); } + public String getChannelType() { + return channelType; + } + + public void setChannelType(String channelType) { + this.channelType = channelType; + } + @Override public ExecutorService getExecutorService() { return executor; @@ -71,10 +83,17 @@ public void setShutdownOnExit(boolean shutdown) { @Override public List> getIdentities() throws IOException { - Buffer buffer = createBuffer(SshAgentConstants.SSH2_AGENTC_REQUEST_IDENTITIES, 1); + byte cmd = SshAgentConstants.SSH2_AGENTC_REQUEST_IDENTITIES; + byte okcmd = SshAgentConstants.SSH2_AGENT_IDENTITIES_ANSWER; + if (CHANNEL_TYPE_IETF.equals(channelType)) { + cmd = SshAgentConstants.SSH_AGENT_LIST_KEYS; + okcmd = SshAgentConstants.SSH_AGENT_KEY_LIST; + } + + Buffer buffer = createBuffer(cmd, 1); buffer = request(prepare(buffer)); int type = buffer.getUByte(); - if (type != SshAgentConstants.SSH2_AGENT_IDENTITIES_ANSWER) { + if (type != okcmd) { throw new SshException("Bad agent identities answer: " + SshAgentConstants.getCommandMessageName(type)); } @@ -99,24 +118,44 @@ public List> getIdentities() throws IOException { @Override public byte[] sign(PublicKey key, byte[] data) throws IOException { - Buffer buffer = createBuffer(SshAgentConstants.SSH2_AGENTC_SIGN_REQUEST); + byte cmd = SshAgentConstants.SSH2_AGENTC_SIGN_REQUEST; + byte okcmd = SshAgentConstants.SSH2_AGENT_SIGN_RESPONSE; + if (CHANNEL_TYPE_IETF.equals(channelType)) { + cmd = SshAgentConstants.SSH_AGENT_PRIVATE_KEY_OP; + okcmd = SshAgentConstants.SSH_AGENT_OPERATION_COMPLETE; + } + + Buffer buffer = createBuffer(cmd); + if (CHANNEL_TYPE_IETF.equals(channelType)) { + buffer.putString("sign"); + } buffer.putPublicKey(key); buffer.putBytes(data); buffer.putInt(0); buffer = request(prepare(buffer)); int responseType = buffer.getUByte(); - if (responseType != SshAgentConstants.SSH2_AGENT_SIGN_RESPONSE) { + if (responseType != okcmd) { throw new SshException("Bad signing response type: " + SshAgentConstants.getCommandMessageName(responseType)); } - Buffer buf = new ByteArrayBuffer(buffer.getBytes()); - String algorithm = buf.getString(); - byte[] signature = buf.getBytes(); - if (log.isDebugEnabled()) { - log.debug("sign({})[{}] {}: {}", - KeyUtils.getKeyType(key), KeyUtils.getFingerPrint(key), - algorithm, BufferUtils.toHex(':', signature)); + byte[] signature = null; + if (CHANNEL_TYPE_IETF.equals(channelType)) { + signature = buffer.getBytes(); + if (log.isDebugEnabled()) { + log.debug("sign({})[{}] : {}", + KeyUtils.getKeyType(key), KeyUtils.getFingerPrint(key), + BufferUtils.toHex(':', signature)); + } + } else { + Buffer buf = new ByteArrayBuffer(buffer.getBytes()); + String algorithm = buf.getString(); + signature = buf.getBytes(); + if (log.isDebugEnabled()) { + log.debug("sign({})[{}] {}: {}", + KeyUtils.getKeyType(key), KeyUtils.getFingerPrint(key), + algorithm, BufferUtils.toHex(':', signature)); + } } return signature; diff --git a/sshd-core/src/main/java/org/apache/sshd/agent/local/AgentForwardedChannel.java b/sshd-core/src/main/java/org/apache/sshd/agent/local/AgentForwardedChannel.java index 355856a5b..277e7494d 100644 --- a/sshd-core/src/main/java/org/apache/sshd/agent/local/AgentForwardedChannel.java +++ b/sshd-core/src/main/java/org/apache/sshd/agent/local/AgentForwardedChannel.java @@ -28,6 +28,8 @@ import org.apache.sshd.agent.SshAgent; import org.apache.sshd.agent.common.AbstractAgentProxy; import org.apache.sshd.client.channel.AbstractClientChannel; +import org.apache.sshd.common.FactoryManager; +import org.apache.sshd.common.PropertyResolverUtils; import org.apache.sshd.common.SshConstants; import org.apache.sshd.common.channel.ChannelOutputStream; import org.apache.sshd.common.channel.Window; @@ -44,7 +46,7 @@ public AgentForwardedChannel(String channelType) { } public SshAgent getAgent() { - return new AbstractAgentProxy() { + AbstractAgentProxy rtn = new AbstractAgentProxy() { private final AtomicBoolean open = new AtomicBoolean(true); @Override @@ -65,6 +67,8 @@ public void close() throws IOException { } } }; + rtn.setChannelType(PropertyResolverUtils.getString(getSession(), FactoryManager.AGENT_FORWARD_AUTH_TYPE)); + return rtn; } protected Buffer request(Buffer buffer) throws IOException { diff --git a/sshd-core/src/main/java/org/apache/sshd/agent/local/ProxyAgentFactory.java b/sshd-core/src/main/java/org/apache/sshd/agent/local/ProxyAgentFactory.java index 4c7a5d3d1..897431967 100644 --- a/sshd-core/src/main/java/org/apache/sshd/agent/local/ProxyAgentFactory.java +++ b/sshd-core/src/main/java/org/apache/sshd/agent/local/ProxyAgentFactory.java @@ -27,7 +27,6 @@ import org.apache.sshd.agent.SshAgent; import org.apache.sshd.agent.SshAgentFactory; import org.apache.sshd.agent.SshAgentServer; -import org.apache.sshd.agent.unix.UnixAgentFactory; import org.apache.sshd.common.FactoryManager; import org.apache.sshd.common.NamedFactory; import org.apache.sshd.common.channel.Channel; @@ -49,7 +48,7 @@ public ProxyAgentFactory() { @Override public List> getChannelForwardingFactories(FactoryManager manager) { - return UnixAgentFactory.DEFAULT_FORWARDING_CHANNELS; + return LocalAgentFactory.DEFAULT_FORWARDING_CHANNELS; } @Override diff --git a/sshd-core/src/main/java/org/apache/sshd/common/FactoryManager.java b/sshd-core/src/main/java/org/apache/sshd/common/FactoryManager.java index 0717323bd..553245ca2 100644 --- a/sshd-core/src/main/java/org/apache/sshd/common/FactoryManager.java +++ b/sshd-core/src/main/java/org/apache/sshd/common/FactoryManager.java @@ -348,6 +348,12 @@ public interface FactoryManager */ String IGNORE_MESSAGE_SIZE = "ignore-message-size"; + /** + * The request type of agent forwarding. The value may be "auth-agent-req" (IETF) or + * "auth-agent-req@openssh.com" (OpenSSH). + */ + String AGENT_FORWARD_AUTH_TYPE = "agent-fw-auth-type"; + /** * Value of {@value #IGNORE_MESSAGE_SIZE} if none configured */ diff --git a/sshd-core/src/main/java/org/apache/sshd/server/channel/ChannelSession.java b/sshd-core/src/main/java/org/apache/sshd/server/channel/ChannelSession.java index fcdc6bd2b..6b08a25f9 100644 --- a/sshd-core/src/main/java/org/apache/sshd/server/channel/ChannelSession.java +++ b/sshd-core/src/main/java/org/apache/sshd/server/channel/ChannelSession.java @@ -698,6 +698,7 @@ protected int getPtyModeValue(PtyMode mode) { protected RequestHandler.Result handleAgentForwarding(String requestType, Buffer buffer, boolean wantReply) throws IOException { ServerSession session = getServerSession(); + PropertyResolverUtils.updateProperty(session, FactoryManager.AGENT_FORWARD_AUTH_TYPE, requestType); FactoryManager manager = Objects.requireNonNull(session.getFactoryManager(), "No session factory manager"); ForwardingFilter filter = manager.getTcpipForwardingFilter(); SshAgentFactory factory = manager.getAgentFactory(); From 9c430db415d727208a38c98b9d79ef68e429edd7 Mon Sep 17 00:00:00 2001 From: Li Fangning Date: Wed, 5 Jul 2017 16:22:04 +0800 Subject: [PATCH 2/5] Move agent forwarding constants to FactoryManager. --- .../sshd/agent/common/AbstractAgentProxy.java | 13 ++++++------- .../sshd/agent/local/AgentForwardedChannel.java | 2 +- .../org/apache/sshd/common/FactoryManager.java | 16 +++++++++++++--- .../sshd/server/channel/ChannelSession.java | 2 +- 4 files changed, 21 insertions(+), 12 deletions(-) diff --git a/sshd-core/src/main/java/org/apache/sshd/agent/common/AbstractAgentProxy.java b/sshd-core/src/main/java/org/apache/sshd/agent/common/AbstractAgentProxy.java index e5ae92641..96d9d1ffa 100644 --- a/sshd-core/src/main/java/org/apache/sshd/agent/common/AbstractAgentProxy.java +++ b/sshd-core/src/main/java/org/apache/sshd/agent/common/AbstractAgentProxy.java @@ -28,6 +28,7 @@ import org.apache.sshd.agent.SshAgent; import org.apache.sshd.agent.SshAgentConstants; +import org.apache.sshd.common.FactoryManager; import org.apache.sshd.common.SshException; import org.apache.sshd.common.config.keys.KeyUtils; import org.apache.sshd.common.util.GenericUtils; @@ -42,12 +43,10 @@ * @author Apache MINA SSHD Project */ public abstract class AbstractAgentProxy extends AbstractLoggingBean implements SshAgent, ExecutorServiceConfigurer { - public static final String CHANNEL_TYPE_IETF = "auth-agent-req"; - public static final String CHANNEL_TYPE_OPENSSH = "auth-agent-req@openssh.com"; private ExecutorService executor; private boolean shutdownExecutor; - private String channelType = CHANNEL_TYPE_OPENSSH; + private String channelType = FactoryManager.AGENT_FORWARDING_TYPE_OPENSSH; protected AbstractAgentProxy() { super(); @@ -85,7 +84,7 @@ public void setShutdownOnExit(boolean shutdown) { public List> getIdentities() throws IOException { byte cmd = SshAgentConstants.SSH2_AGENTC_REQUEST_IDENTITIES; byte okcmd = SshAgentConstants.SSH2_AGENT_IDENTITIES_ANSWER; - if (CHANNEL_TYPE_IETF.equals(channelType)) { + if (FactoryManager.AGENT_FORWARDING_TYPE_IETF.equals(channelType)) { cmd = SshAgentConstants.SSH_AGENT_LIST_KEYS; okcmd = SshAgentConstants.SSH_AGENT_KEY_LIST; } @@ -120,13 +119,13 @@ public List> getIdentities() throws IOException { public byte[] sign(PublicKey key, byte[] data) throws IOException { byte cmd = SshAgentConstants.SSH2_AGENTC_SIGN_REQUEST; byte okcmd = SshAgentConstants.SSH2_AGENT_SIGN_RESPONSE; - if (CHANNEL_TYPE_IETF.equals(channelType)) { + if (FactoryManager.AGENT_FORWARDING_TYPE_IETF.equals(channelType)) { cmd = SshAgentConstants.SSH_AGENT_PRIVATE_KEY_OP; okcmd = SshAgentConstants.SSH_AGENT_OPERATION_COMPLETE; } Buffer buffer = createBuffer(cmd); - if (CHANNEL_TYPE_IETF.equals(channelType)) { + if (FactoryManager.AGENT_FORWARDING_TYPE_IETF.equals(channelType)) { buffer.putString("sign"); } buffer.putPublicKey(key); @@ -140,7 +139,7 @@ public byte[] sign(PublicKey key, byte[] data) throws IOException { } byte[] signature = null; - if (CHANNEL_TYPE_IETF.equals(channelType)) { + if (FactoryManager.AGENT_FORWARDING_TYPE_IETF.equals(channelType)) { signature = buffer.getBytes(); if (log.isDebugEnabled()) { log.debug("sign({})[{}] : {}", diff --git a/sshd-core/src/main/java/org/apache/sshd/agent/local/AgentForwardedChannel.java b/sshd-core/src/main/java/org/apache/sshd/agent/local/AgentForwardedChannel.java index 277e7494d..9306bc8db 100644 --- a/sshd-core/src/main/java/org/apache/sshd/agent/local/AgentForwardedChannel.java +++ b/sshd-core/src/main/java/org/apache/sshd/agent/local/AgentForwardedChannel.java @@ -67,7 +67,7 @@ public void close() throws IOException { } } }; - rtn.setChannelType(PropertyResolverUtils.getString(getSession(), FactoryManager.AGENT_FORWARD_AUTH_TYPE)); + rtn.setChannelType(PropertyResolverUtils.getString(getSession(), FactoryManager.AGENT_FORWARDING_TYPE)); return rtn; } diff --git a/sshd-core/src/main/java/org/apache/sshd/common/FactoryManager.java b/sshd-core/src/main/java/org/apache/sshd/common/FactoryManager.java index 553245ca2..8652cd82b 100644 --- a/sshd-core/src/main/java/org/apache/sshd/common/FactoryManager.java +++ b/sshd-core/src/main/java/org/apache/sshd/common/FactoryManager.java @@ -349,10 +349,20 @@ public interface FactoryManager String IGNORE_MESSAGE_SIZE = "ignore-message-size"; /** - * The request type of agent forwarding. The value may be "auth-agent-req" (IETF) or - * "auth-agent-req@openssh.com" (OpenSSH). + * The request type of agent forwarding. The value may be {@value #AGENT_FORWARDING_TYPE_IETF} or + * {@value #AGENT_FORWARDING_TYPE_OPENSSH}. */ - String AGENT_FORWARD_AUTH_TYPE = "agent-fw-auth-type"; + String AGENT_FORWARDING_TYPE = "agent-fw-auth-type"; + + /** + * The agent forwarding type defined by IETF (https://tools.ietf.org/html/draft-ietf-secsh-agent-02). + */ + String AGENT_FORWARDING_TYPE_IETF = "auth-agent-req"; + + /** + * The agent forwarding type defined by OpenSSH. + */ + String AGENT_FORWARDING_TYPE_OPENSSH = "auth-agent-req@openssh.com"; /** * Value of {@value #IGNORE_MESSAGE_SIZE} if none configured diff --git a/sshd-core/src/main/java/org/apache/sshd/server/channel/ChannelSession.java b/sshd-core/src/main/java/org/apache/sshd/server/channel/ChannelSession.java index 6b08a25f9..053d2bc43 100644 --- a/sshd-core/src/main/java/org/apache/sshd/server/channel/ChannelSession.java +++ b/sshd-core/src/main/java/org/apache/sshd/server/channel/ChannelSession.java @@ -698,7 +698,7 @@ protected int getPtyModeValue(PtyMode mode) { protected RequestHandler.Result handleAgentForwarding(String requestType, Buffer buffer, boolean wantReply) throws IOException { ServerSession session = getServerSession(); - PropertyResolverUtils.updateProperty(session, FactoryManager.AGENT_FORWARD_AUTH_TYPE, requestType); + PropertyResolverUtils.updateProperty(session, FactoryManager.AGENT_FORWARDING_TYPE, requestType); FactoryManager manager = Objects.requireNonNull(session.getFactoryManager(), "No session factory manager"); ForwardingFilter filter = manager.getTcpipForwardingFilter(); SshAgentFactory factory = manager.getAgentFactory(); From e5743072a4e80c8dd8443abf5e4571b469eec38a Mon Sep 17 00:00:00 2001 From: Li Fangning Date: Fri, 14 Jul 2017 09:46:02 +0800 Subject: [PATCH 3/5] Choose UnixAgentFactory if running on Unix OS and Tomcat APR is available --- .../sshd/agent/local/ProxyAgentFactory.java | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/sshd-core/src/main/java/org/apache/sshd/agent/local/ProxyAgentFactory.java b/sshd-core/src/main/java/org/apache/sshd/agent/local/ProxyAgentFactory.java index 897431967..a02a28da3 100644 --- a/sshd-core/src/main/java/org/apache/sshd/agent/local/ProxyAgentFactory.java +++ b/sshd-core/src/main/java/org/apache/sshd/agent/local/ProxyAgentFactory.java @@ -27,12 +27,15 @@ import org.apache.sshd.agent.SshAgent; import org.apache.sshd.agent.SshAgentFactory; import org.apache.sshd.agent.SshAgentServer; +import org.apache.sshd.agent.unix.AprLibrary; +import org.apache.sshd.agent.unix.UnixAgentFactory; import org.apache.sshd.common.FactoryManager; import org.apache.sshd.common.NamedFactory; import org.apache.sshd.common.channel.Channel; import org.apache.sshd.common.session.ConnectionService; import org.apache.sshd.common.session.Session; import org.apache.sshd.common.util.GenericUtils; +import org.apache.sshd.common.util.OsUtils; import org.apache.sshd.common.util.ValidateUtils; import org.apache.sshd.server.session.ServerSession; @@ -42,13 +45,24 @@ public class ProxyAgentFactory implements SshAgentFactory { private final Map proxies = new ConcurrentHashMap<>(); + static boolean useUnixAgentFactory = false; + static { + if (OsUtils.isUNIX() || Boolean.getBoolean("org.apache.sshd.agent.PreferUnixAgentFactory")) { + try { + useUnixAgentFactory = AprLibrary.getInstance() != null; + } catch (Exception ignore) { + } + } + } + public ProxyAgentFactory() { super(); } @Override public List> getChannelForwardingFactories(FactoryManager manager) { - return LocalAgentFactory.DEFAULT_FORWARDING_CHANNELS; + return useUnixAgentFactory ? UnixAgentFactory.DEFAULT_FORWARDING_CHANNELS : + LocalAgentFactory.DEFAULT_FORWARDING_CHANNELS; } @Override From 9aa73c01cc7fa329270617b67395d23e5ac8c67c Mon Sep 17 00:00:00 2001 From: Li Fangning Date: Fri, 14 Jul 2017 10:38:50 +0800 Subject: [PATCH 4/5] Make changes based on Goldstein's suggestions. --- .../apache/sshd/agent/SshAgentConstants.java | 4 ++-- .../sshd/agent/common/AbstractAgentProxy.java | 17 ++++++++--------- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/sshd-core/src/main/java/org/apache/sshd/agent/SshAgentConstants.java b/sshd-core/src/main/java/org/apache/sshd/agent/SshAgentConstants.java index baa3feefc..83443ff50 100644 --- a/sshd-core/src/main/java/org/apache/sshd/agent/SshAgentConstants.java +++ b/sshd-core/src/main/java/org/apache/sshd/agent/SshAgentConstants.java @@ -71,8 +71,8 @@ public final class SshAgentConstants { // Packet types defined by IETF (https://tools.ietf.org/html/draft-ietf-secsh-agent-02) // Messages sent by the client - public static final byte SSH_AGENT_LIST_KEYS = (byte) 204; - public static final byte SSH_AGENT_PRIVATE_KEY_OP = (byte) 205; + public static final int SSH_AGENT_LIST_KEYS = 204; + public static final int SSH_AGENT_PRIVATE_KEY_OP = 205; // Messages sent by the agent public static final byte SSH_AGENT_KEY_LIST = 104; public static final byte SSH_AGENT_OPERATION_COMPLETE = 105; diff --git a/sshd-core/src/main/java/org/apache/sshd/agent/common/AbstractAgentProxy.java b/sshd-core/src/main/java/org/apache/sshd/agent/common/AbstractAgentProxy.java index 96d9d1ffa..21bd92ca2 100644 --- a/sshd-core/src/main/java/org/apache/sshd/agent/common/AbstractAgentProxy.java +++ b/sshd-core/src/main/java/org/apache/sshd/agent/common/AbstractAgentProxy.java @@ -82,14 +82,14 @@ public void setShutdownOnExit(boolean shutdown) { @Override public List> getIdentities() throws IOException { - byte cmd = SshAgentConstants.SSH2_AGENTC_REQUEST_IDENTITIES; - byte okcmd = SshAgentConstants.SSH2_AGENT_IDENTITIES_ANSWER; + int cmd = SshAgentConstants.SSH2_AGENTC_REQUEST_IDENTITIES; + int okcmd = SshAgentConstants.SSH2_AGENT_IDENTITIES_ANSWER; if (FactoryManager.AGENT_FORWARDING_TYPE_IETF.equals(channelType)) { cmd = SshAgentConstants.SSH_AGENT_LIST_KEYS; okcmd = SshAgentConstants.SSH_AGENT_KEY_LIST; } - Buffer buffer = createBuffer(cmd, 1); + Buffer buffer = createBuffer((byte) cmd, 1); buffer = request(prepare(buffer)); int type = buffer.getUByte(); if (type != okcmd) { @@ -117,14 +117,14 @@ public List> getIdentities() throws IOException { @Override public byte[] sign(PublicKey key, byte[] data) throws IOException { - byte cmd = SshAgentConstants.SSH2_AGENTC_SIGN_REQUEST; - byte okcmd = SshAgentConstants.SSH2_AGENT_SIGN_RESPONSE; + int cmd = SshAgentConstants.SSH2_AGENTC_SIGN_REQUEST; + int okcmd = SshAgentConstants.SSH2_AGENT_SIGN_RESPONSE; if (FactoryManager.AGENT_FORWARDING_TYPE_IETF.equals(channelType)) { cmd = SshAgentConstants.SSH_AGENT_PRIVATE_KEY_OP; okcmd = SshAgentConstants.SSH_AGENT_OPERATION_COMPLETE; } - Buffer buffer = createBuffer(cmd); + Buffer buffer = createBuffer((byte) cmd); if (FactoryManager.AGENT_FORWARDING_TYPE_IETF.equals(channelType)) { buffer.putString("sign"); } @@ -138,16 +138,15 @@ public byte[] sign(PublicKey key, byte[] data) throws IOException { throw new SshException("Bad signing response type: " + SshAgentConstants.getCommandMessageName(responseType)); } - byte[] signature = null; + byte[] signature = buffer.getBytes(); if (FactoryManager.AGENT_FORWARDING_TYPE_IETF.equals(channelType)) { - signature = buffer.getBytes(); if (log.isDebugEnabled()) { log.debug("sign({})[{}] : {}", KeyUtils.getKeyType(key), KeyUtils.getFingerPrint(key), BufferUtils.toHex(':', signature)); } } else { - Buffer buf = new ByteArrayBuffer(buffer.getBytes()); + Buffer buf = new ByteArrayBuffer(signature); String algorithm = buf.getString(); signature = buf.getBytes(); if (log.isDebugEnabled()) { From 1f278ade97da2113e8c801316a2546a383c84dfb Mon Sep 17 00:00:00 2001 From: Li Fangning Date: Fri, 14 Jul 2017 17:02:03 +0800 Subject: [PATCH 5/5] Fix checkstyle errors --- .../java/org/apache/sshd/agent/local/ProxyAgentFactory.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sshd-core/src/main/java/org/apache/sshd/agent/local/ProxyAgentFactory.java b/sshd-core/src/main/java/org/apache/sshd/agent/local/ProxyAgentFactory.java index a02a28da3..dfc5fff52 100644 --- a/sshd-core/src/main/java/org/apache/sshd/agent/local/ProxyAgentFactory.java +++ b/sshd-core/src/main/java/org/apache/sshd/agent/local/ProxyAgentFactory.java @@ -43,9 +43,9 @@ * @author Apache MINA SSHD Project */ public class ProxyAgentFactory implements SshAgentFactory { + private static boolean useUnixAgentFactory; private final Map proxies = new ConcurrentHashMap<>(); - static boolean useUnixAgentFactory = false; static { if (OsUtils.isUNIX() || Boolean.getBoolean("org.apache.sshd.agent.PreferUnixAgentFactory")) { try { @@ -61,8 +61,8 @@ public ProxyAgentFactory() { @Override public List> getChannelForwardingFactories(FactoryManager manager) { - return useUnixAgentFactory ? UnixAgentFactory.DEFAULT_FORWARDING_CHANNELS : - LocalAgentFactory.DEFAULT_FORWARDING_CHANNELS; + return useUnixAgentFactory ? UnixAgentFactory.DEFAULT_FORWARDING_CHANNELS + : LocalAgentFactory.DEFAULT_FORWARDING_CHANNELS; } @Override