Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #54 from mc1arke/jenkins-42959-specify-hostkey-alg…
…orithms [FIXED JENKINS-42959] Specify preferred host keys during connect
- Loading branch information
Showing
11 changed files
with
324 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
42 changes: 42 additions & 0 deletions
42
src/main/java/hudson/plugins/sshslaves/verifiers/JenkinsTrilead9VersionSupport.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
package hudson.plugins.sshslaves.verifiers; | ||
|
||
import com.trilead.ssh2.signature.KeyAlgorithm; | ||
import com.trilead.ssh2.signature.KeyAlgorithmManager; | ||
import hudson.plugins.sshslaves.Messages; | ||
import org.kohsuke.accmod.Restricted; | ||
import org.kohsuke.accmod.restrictions.NoExternalUse; | ||
|
||
import java.io.IOException; | ||
import java.util.ArrayList; | ||
import java.util.List; | ||
|
||
/** | ||
* @author Michael Clarke | ||
*/ | ||
@Restricted(NoExternalUse.class) | ||
class JenkinsTrilead9VersionSupport extends TrileadVersionSupportManager.TrileadVersionSupport { | ||
|
||
@Override | ||
public String[] getSupportedAlgorithms() { | ||
List<String> algorithms = new ArrayList<>(); | ||
for (KeyAlgorithm<?, ?> algorithm : KeyAlgorithmManager.getSupportedAlgorithms()) { | ||
algorithms.add(algorithm.getKeyFormat()); | ||
} | ||
return algorithms.toArray(new String[algorithms.size()]); | ||
} | ||
|
||
@Override | ||
public HostKey parseKey(String algorithm, byte[] keyValue) throws KeyParseException { | ||
for (KeyAlgorithm<?, ?> keyAlgorithm : KeyAlgorithmManager.getSupportedAlgorithms()) { | ||
try { | ||
if (keyAlgorithm.getKeyFormat().equals(algorithm)) { | ||
keyAlgorithm.decodePublicKey(keyValue); | ||
return new HostKey(algorithm, keyValue); | ||
} | ||
} catch (IOException ex) { | ||
throw new KeyParseException(Messages.ManualKeyProvidedHostKeyVerifier_KeyValueDoesNotParse(algorithm), ex); | ||
} | ||
} | ||
throw new KeyParseException("Unexpected key algorithm: " + algorithm); | ||
} | ||
} |
16 changes: 16 additions & 0 deletions
16
src/main/java/hudson/plugins/sshslaves/verifiers/KeyParseException.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
package hudson.plugins.sshslaves.verifiers; | ||
|
||
/** | ||
* @author Michael Clarke | ||
* @since 1.18 | ||
*/ | ||
public class KeyParseException extends Exception { | ||
|
||
public KeyParseException(String message) { | ||
super(message); | ||
} | ||
|
||
public KeyParseException(String message, Throwable cause) { | ||
super(message, cause); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
104 changes: 104 additions & 0 deletions
104
src/main/java/hudson/plugins/sshslaves/verifiers/TrileadVersionSupportManager.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,104 @@ | ||
package hudson.plugins.sshslaves.verifiers; | ||
|
||
import com.trilead.ssh2.signature.DSASHA1Verify; | ||
import com.trilead.ssh2.signature.RSASHA1Verify; | ||
import hudson.plugins.sshslaves.Messages; | ||
import org.kohsuke.accmod.Restricted; | ||
import org.kohsuke.accmod.restrictions.NoExternalUse; | ||
|
||
import java.io.IOException; | ||
import java.util.logging.Level; | ||
import java.util.logging.Logger; | ||
|
||
/** | ||
* An abstraction layer to allow handling of feature changes (e.g. new key types) between different Trilead versions. | ||
* @author Michael Clarke | ||
* @since 1.18 | ||
*/ | ||
@Restricted(NoExternalUse.class) | ||
final class TrileadVersionSupportManager { | ||
|
||
private static final Logger LOGGER = Logger.getLogger(TrileadVersionSupportManager.class.getName()); | ||
|
||
/** | ||
* Craetes an instance of TrileadVersionSupport that can provide functionality relevant to the version of Trilead | ||
* available in the current executing instance of Jenkins. | ||
* @return an instance of TrileadVersionSupport that provides functionality relevant for the version of Trilead | ||
* currently on the classpath | ||
*/ | ||
static TrileadVersionSupport getTrileadSupport() { | ||
try { | ||
if (isAfterTrilead8()) { | ||
return createVersion9Instance(); | ||
} | ||
} catch (Exception e) { | ||
LOGGER.log(Level.WARNING, "Could not create Trilead support class. Using legacy Trilead features", e); | ||
} | ||
// We're on an old version of Triilead or couldn't create a new handler, fall back to legacy trilead handler | ||
return new LegacyTrileadVersionSupport(); | ||
} | ||
|
||
private static boolean isAfterTrilead8() { | ||
try { | ||
Thread.currentThread().getContextClassLoader().loadClass("com.trilead.ssh2.signature.KeyAlgorithmManager"); | ||
} catch (ClassNotFoundException ex) { | ||
return false; | ||
} | ||
return true; | ||
} | ||
|
||
private static TrileadVersionSupport createVersion9Instance() throws ReflectiveOperationException { | ||
return (TrileadVersionSupport) Thread.currentThread().getContextClassLoader() | ||
.loadClass("hudson.plugins.sshslaves.verifiers.JenkinsTrilead9VersionSupport").newInstance(); | ||
|
||
} | ||
|
||
public abstract static class TrileadVersionSupport { | ||
|
||
@Restricted(NoExternalUse.class) | ||
/*package*/ TrileadVersionSupport() { | ||
super(); | ||
} | ||
|
||
/** | ||
* Returns an array of all Key algorithms supported by Yrilead, e.g. ssh-rsa, ssh-dsa, ssh-eds25519 | ||
* @return an array containing all the key algorithms the version of Trilead in use can support. | ||
*/ | ||
public abstract String[] getSupportedAlgorithms(); | ||
|
||
/** | ||
* Parses a raw key into a {@link HostKey} for later storage or comparison. | ||
* @param algorithm the algorithm the key has been generated with, e.h. ssh-rsa, ssh-dss, ssh-ed25519 | ||
* @param keyValue the value of the key, typically encoded in PEM format. | ||
* @return the input key in a format that can be compared to other keys | ||
* @throws KeyParseException on any failure parsing the key, such as an unknown algorithm or invalid keyValue | ||
*/ | ||
public abstract HostKey parseKey(String algorithm, byte[] keyValue) throws KeyParseException; | ||
} | ||
|
||
private static class LegacyTrileadVersionSupport extends TrileadVersionSupport { | ||
|
||
@Override | ||
public String[] getSupportedAlgorithms() { | ||
return new String[]{"ssh-rsa", "ssh-dss"}; | ||
} | ||
|
||
@Override | ||
public HostKey parseKey(String algorithm, byte[] keyValue) throws KeyParseException { | ||
try { | ||
if ("ssh-rsa".equals(algorithm)) { | ||
RSASHA1Verify.decodeSSHRSAPublicKey(keyValue); | ||
} else if ("ssh-dss".equals(algorithm)) { | ||
DSASHA1Verify.decodeSSHDSAPublicKey(keyValue); | ||
} else { | ||
throw new KeyParseException("Key algorithm should be one of ssh-rsa or ssh-dss"); | ||
} | ||
} catch (IOException | StringIndexOutOfBoundsException ex) { | ||
throw new KeyParseException(Messages.ManualKeyProvidedHostKeyVerifier_KeyValueDoesNotParse(algorithm), ex); | ||
} | ||
|
||
return new HostKey(algorithm, keyValue); | ||
} | ||
} | ||
|
||
} |
Oops, something went wrong.