From 4058724a335f81d4697c7a762f8fb67af31428b3 Mon Sep 17 00:00:00 2001 From: Jan Henrik Wiesner Date: Sun, 31 Dec 2023 18:53:31 +0100 Subject: [PATCH] mina improvements --- sshsig-mina/pom.xml | 10 +++---- .../sshsig/mina/ApacheMinaSshAgentEngine.java | 27 +++++++++++-------- 2 files changed, 21 insertions(+), 16 deletions(-) diff --git a/sshsig-mina/pom.xml b/sshsig-mina/pom.xml index 7ecea99..d8b660a 100644 --- a/sshsig-mina/pom.xml +++ b/sshsig-mina/pom.xml @@ -19,11 +19,6 @@ org.apache.sshd sshd-core - - net.i2p.crypto - eddsa - - org.junit.jupiter @@ -35,6 +30,11 @@ assertj-core test + + net.i2p.crypto + eddsa + test + org.slf4j diff --git a/sshsig-mina/src/main/java/de/profhenry/sshsig/mina/ApacheMinaSshAgentEngine.java b/sshsig-mina/src/main/java/de/profhenry/sshsig/mina/ApacheMinaSshAgentEngine.java index 3420f52..983e364 100644 --- a/sshsig-mina/src/main/java/de/profhenry/sshsig/mina/ApacheMinaSshAgentEngine.java +++ b/sshsig-mina/src/main/java/de/profhenry/sshsig/mina/ApacheMinaSshAgentEngine.java @@ -19,19 +19,23 @@ import java.security.PublicKey; import java.security.interfaces.DSAPublicKey; import java.security.interfaces.RSAPublicKey; +import java.util.Map.Entry; import org.apache.sshd.agent.SshAgent; import de.profhenry.sshsig.core.SignatureAlgorithm; import de.profhenry.sshsig.core.SshSignatureException; import de.profhenry.sshsig.core.spi.SigningBackend; -import net.i2p.crypto.eddsa.EdDSAPublicKey; /** + * Signing backend which uses an (external) SSH agent via Apache MINA. + *

+ * * @author profhenry */ public class ApacheMinaSshAgentEngine implements SigningBackend { + /** The SSH agent. */ private final SshAgent sshAgent; public ApacheMinaSshAgentEngine(SshAgent anSshAgent) { @@ -45,20 +49,21 @@ public PublicKey extractPublicKey(PublicKey aPublicKey) { @Override public SigningResult signData(PublicKey aPublicKey, byte[] someDataToSign) throws SshSignatureException { - // 1) determine signature algorithm SignatureAlgorithm tSignatureAlgorithm = determineSignatureAlgorithm(aPublicKey); - - byte[] tSignedContent; + String tSigningAlgorithm = tSignatureAlgorithm.getNameUsedInSshProtocol(); try { - tSignedContent = - sshAgent.sign(null, aPublicKey, tSignatureAlgorithm.getNameUsedInSshProtocol(), someDataToSign) - .getValue(); + Entry tResult = sshAgent.sign(null, aPublicKey, tSigningAlgorithm, someDataToSign); + if (!tSigningAlgorithm.equals(tResult.getKey())) { + throw new SshSignatureException("SSH Agent used wrong signing algorithm, requested: " + + tSigningAlgorithm + + " used: " + + tResult.getKey()); + } + return new SigningResult(tSignatureAlgorithm, tResult.getValue()); } catch (IOException exc) { - throw new SshSignatureException("", exc); + throw new SshSignatureException("Signing via SSH Agent failed!", exc); } - - return new SigningResult(tSignatureAlgorithm, tSignedContent); } protected SignatureAlgorithm determineSignatureAlgorithm(PublicKey aPublicKey) throws SshSignatureException { @@ -69,7 +74,7 @@ protected SignatureAlgorithm determineSignatureAlgorithm(PublicKey aPublicKey) t // TODO RSA_SHA2_256 would also be an option here return SignatureAlgorithm.RSA_SHA2_512; } - if (aPublicKey instanceof EdDSAPublicKey) { + if ("EdDSA".equals(aPublicKey.getAlgorithm())) { return SignatureAlgorithm.SSH_ED25519; } throw new SshSignatureException(