[JENKINS-56167] Replace Trilead-ssh2 PEMParser class #3902
Conversation
…urityUtils.loadKeyPairIdentity implementation
| @@ -0,0 +1,12 @@ | |||
| -----BEGIN DSA PRIVATE KEY----- | |||
There was a problem hiding this comment.
Not sure if there's an easy pure-Java way to generate these keys, but using randomly generated keys each time the test is run would at least prevent security scanners from complaining about versioned secrets.
There was a problem hiding this comment.
There probably isn't a way to easily generate these for tests. Do security scanners look in test code for such things?
There was a problem hiding this comment.
Some do, yes. I updated a test in jsch-plugin to avoid the warning: jenkinsci/jsch-plugin#6
There was a problem hiding this comment.
those keys are generated with ssh-keygen that it is probably the most common tool to make it. If I make it using Java, it would add a bunch of code not related to tests.
Co-Authored-By: kuisathaverat <kuisathaverat@users.noreply.github.com>
| CEuJqU5VRW5WlayYRUsJnQTSaeUuJJvQWAeo9TI/DtYzvp8AAAADAQABAAAAgBRXdq7kj/ | ||
| iR+WIEs7uifSMwuPGDjtxksg2Uj09kSGRLFmZdu4EWtvUh0uV0J37vbfBSkubU3fAvrP99 | ||
| bRxUHhD5Z444BIyht8jlBetfoJOBSE/TQJ/69xguSmHB8XH8/WUqEaNZ2F+q0AAkRt5CTs | ||
| y0qIAH7i6ZHFqHlr1OnCPzqtzIt4McoyIDEf+9eH3ktKAAAAQQD8uQ/jcs27tMPwb2GYyU |
There was a problem hiding this comment.
FTR: the line lkML/YJI1mPzy+0ny6tS8hAAAAQQD6N3CByknj5WrDIJQCce+zbhbftnN4RM6OBuaHv4mm from openssh was removed
There was a problem hiding this comment.
it is made on purpose to break the key and cause an error
There was a problem hiding this comment.
Yeah I put the comment for the next reviewers, to make the things clearer :)
There was a problem hiding this comment.
you didn't see the comment in the test :P
| } | ||
|
|
||
| @Test(expected = NoSuchAlgorithmException.class) | ||
| public void loadKeyUnsupportedCipher() throws IOException, GeneralSecurityException { |
There was a problem hiding this comment.
Could you add a comment explaining how the key was generated, what cypher is not supported, etc. Without more information the 3 keys are equivalent
Wadeck
added
the
ready-for-merge
|
Thanks @kuisathaverat ! |
See JENKINS-56167.
Replace Trilead-ssh2 PEMParser class by Mina SSHD SecurityUtils.loadKeyPairIdentity implementation, this allows to remove the trilead-ssh2 library from the core and support the new key OpenSSH armory format.
Proposed changelog entries
Submitter checklist
* Use the
Internal:prefix if the change has no user-visible impact (API, test frameworks, etc.)Desired reviewers
@oleg-nenashev @Wadeck @daniel-beck @alecharp @jeffret-b