Merge pull request #363 from norrisjeremy/20230721

0.2.10 changes

ChangeLog.md

@@ -1,6 +1,9 @@
 * [0.2.10](https://github.com/mwiede/jsch/releases/tag/jsch-0.2.10)
   * Fix new Java 21 compiler warning: `possible 'this' escape before subclass is fully initialized`.
   * Tweak OSGi bundle manifest to allow Log4j 3.
+  * [#362](https://github.com/mwiede/jsch/issues/362) fix PEM key parsing to work with windows line endings.
+  * [#361](https://github.com/mwiede/jsch/issues/361) guard against `UIKeyboardInteractive` implementations that include NULL elements in the `String[]` returned from `promptKeyboardInteractive()`.
+  * Add a default implmentation of the deprecated `decrypt()` method to the `Identity` interface that throws an `UnsupportedOperationException`.
 * [0.2.9](https://github.com/mwiede/jsch/releases/tag/jsch-0.2.9)
   * [#293](https://github.com/mwiede/jsch/issues/293) allow UserAuthNone to be extended.
   * Make JGSS module optional.

pom.xml

@@ -156,15 +156,15 @@
             <scope>test</scope>
         </dependency>
         <dependency>
-            <groupId>com.kohlschutter.junixsocket</groupId>
-            <artifactId>junixsocket-native-common</artifactId>
-            <version>${junixsocket.version}</version>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+            <version>2.13.0</version>
             <scope>test</scope>
         </dependency>
         <dependency>
-            <groupId>com.google.guava</groupId>
-            <artifactId>guava</artifactId>
-            <version>32.1.1-jre</version>
+            <groupId>com.kohlschutter.junixsocket</groupId>
+            <artifactId>junixsocket-native-common</artifactId>
+            <version>${junixsocket.version}</version>
             <scope>test</scope>
         </dependency>
         <dependency>

src/main/java/com/jcraft/jsch/AgentIdentity.java

@@ -60,12 +60,6 @@ public byte[] getSignature(byte[] data, String alg) {
     return agent.sign(blob, data, alg);
   }
 
-  @Override
-  @Deprecated
-  public boolean decrypt() {
-    throw new RuntimeException("not implemented");
-  }
-
   @Override
   public String getAlgName() {
     return algname;

src/main/java/com/jcraft/jsch/Identity.java

@@ -83,22 +83,30 @@ public default byte[] getSignature(byte[] data, String alg) {
   }
 
   /**
+   * This method is deprecated and the default implmentation of this method will throw an
+   * {@link UnsupportedOperationException}.
+   *
    * @deprecated The decryption should be done automatically in {@link #setPassphrase(byte[])}
+   * @return <code>true</code> if the decryption is succeeded or this identity is not cyphered.
    * @see #setPassphrase(byte[])
    */
   @Deprecated
-  public boolean decrypt();
+  public default boolean decrypt() {
+    throw new UnsupportedOperationException("not implemented");
+  }
 
   /**
    * Returns the name of the key algorithm.
    *
-   * @return "ssh-rsa" or "ssh-dss"
+   * @return the name of the key algorithm
    */
   public String getAlgName();
 
   /**
    * Returns the name of this identity. It will be useful to identify this object in the
    * {@link IdentityRepository}.
+   *
+   * @return the name of this identity
    */
   public String getName();
 

src/main/java/com/jcraft/jsch/IdentityFile.java

@@ -45,7 +45,7 @@ static IdentityFile newInstance(String name, byte[] prvkey, byte[] pubkey,
     return new IdentityFile(name, kpair);
   }
 
-  private IdentityFile(String name, KeyPair kpair) throws JSchException {
+  private IdentityFile(String name, KeyPair kpair) {
     this.identity = name;
     this.kpair = kpair;
   }
@@ -94,30 +94,21 @@ public byte[] getSignature(byte[] data, String alg) {
     return kpair.getSignature(data, alg);
   }
 
-  /**
-   * @deprecated This method should not be invoked.
-   * @see #setPassphrase(byte[] passphrase)
-   */
-  @Override
-  @Deprecated
-  public boolean decrypt() {
-    throw new RuntimeException("not implemented");
-  }
-
   /**
    * Returns the name of the key algorithm.
    *
-   * @return "ssh-rsa" or "ssh-dss"
+   * @return the name of the key algorithm
    */
   @Override
   public String getAlgName() {
-    byte[] name = kpair.getKeyTypeName();
-    return Util.byte2str(name);
+    return kpair.getKeyTypeString();
   }
 
   /**
    * Returns the name of this identity. It will be useful to identify this object in the
    * {@link IdentityRepository}.
+   *
+   * @return the name of this identity
    */
   @Override
   public String getName() {

src/main/java/com/jcraft/jsch/KeyPair.java

@@ -891,15 +891,18 @@ static KeyPair load(JSch.InstanceLogger instLogger, byte[] prvkey, byte[] pubkey
 
         start = 0;
         i = 0;
+        int xds = 0;
 
         int _len = _buf.length;
         while (i < _len) {
           if (_buf[i] == '\n') {
             boolean xd = (_buf[i - 1] == '\r');
             // ignore \n (or \r\n)
             System.arraycopy(_buf, i + 1, _buf, i - (xd ? 1 : 0), _len - (i + 1));
-            if (xd)
+            if (xd) {
               _len--;
+              xds++;
+            }
             _len--;
             continue;
           }
@@ -909,8 +912,8 @@ static KeyPair load(JSch.InstanceLogger instLogger, byte[] prvkey, byte[] pubkey
           i++;
         }
 
-        if (i - start > 0)
-          data = Util.fromBase64(_buf, start, i - start);
+        if (i - xds - start > 0)
+          data = Util.fromBase64(_buf, start, i - xds - start);
 
         Util.bzero(_buf);
       }

src/main/java/com/jcraft/jsch/UserAuthKeyboardInteractive.java

@@ -141,7 +141,7 @@ public boolean start(Session session) throws Exception {
               if (_response != null) {
                 response = new byte[_response.length][];
                 for (int i = 0; i < _response.length; i++) {
-                  response[i] = Util.str2byte(_response[i]);
+                  response[i] = _response[i] != null ? Util.str2byte(_response[i]) : Util.empty;
                 }
               }
             }

src/main/java/com/jcraft/jsch/UserAuthPassword.java

@@ -127,7 +127,7 @@ public boolean start(Session session) throws Exception {
               throw new JSchAuthCancelException("password");
             }
 
-            byte[] newpassword = Util.str2byte(response[0]);
+            byte[] newpassword = response[0] != null ? Util.str2byte(response[0]) : Util.empty;
 
             // send
             // byte SSH_MSG_USERAUTH_REQUEST(50)

src/test/java/com/jcraft/jsch/AbstractBufferMargin.java

@@ -6,7 +6,6 @@
 import com.github.valfirst.slf4jtest.LoggingEvent;
 import com.github.valfirst.slf4jtest.TestLogger;
 import com.github.valfirst.slf4jtest.TestLoggerFactory;
-import com.google.common.io.ByteStreams;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
@@ -17,6 +16,7 @@
 import java.util.List;
 import java.util.Random;
 import org.apache.commons.codec.digest.DigestUtils;
+import org.apache.commons.io.input.BoundedInputStream;
 import org.junit.jupiter.api.AfterAll;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.BeforeEach;
@@ -209,7 +209,7 @@ private void doScp(Session session, boolean debugException) throws Exception {
             byte[] buf = new byte[17];
             is.read(buf, 0, 17);
             sendAck(os);
-            Files.copy(ByteStreams.limit(is, 100L * 1024L), out);
+            Files.copy(new BoundedInputStream(is, 100L * 1024L), out);
             checkAck(is);
             sendAck(os);
           }

src/test/java/com/jcraft/jsch/KeyPairTest.java

@@ -35,6 +35,8 @@ static Stream<Arguments> keyArgs() {
         Arguments.of("docker/ssh_host_dsa_key", null, "ssh-dss"),
         // encrypted dsa
         Arguments.of("encrypted_openssh_private_key_dsa", "secret123", "ssh-dss"),
+        // unencrypted RSA with windows (\r\n) line endings
+        Arguments.of("issue362_rsa", null, "ssh-rsa"),
         // ecdsa EC private key format
         Arguments.of("docker/id_ecdsa256", null, "ecdsa-sha2-nistp256"), //
         Arguments.of("docker/id_ecdsa384", null, "ecdsa-sha2-nistp384"), //

src/test/resources/docker/authorized_keys.KeyPairIT

@@ -5,6 +5,7 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDNVEfQu64p2GczvWj0AlncuNG+PzPd0jZ1/hfx/JDz
 ssh-dss AAAAB3NzaC1kc3MAAACBAKCQzxCEIM7yb5fbSmuJCz/+v40WEbULx4JKCXBb7zmRtDtweBqUJXDM1bMjQ4VwGB1EkfMZJQR7rPrOAxfdMdCpkqgPR0+xlljZLVarSJHwt1KR9EudUjUdD2ZrPlvPlG1sAyvMVTK5KCx2QaS2Bn/gukxrvT7DkaqCFHg2P7rLAAAAFQCF+m0B12XxhF1P+3hF3ktGmfYpywAAAIBX+azef1TX90FwS7vyngCrdJsOYqWtj1zQ8MlrwrWL0jdbjcIG/0vcq1x84LTgs+hAPylDBCGGJa/td88kJ6jIUeWiebRUG0zEH8LM+nehQA5O6TuEV3U0Dg73I0Mb04ZzN2GqYqW+KwHdiaU5M8XQv3V/PCmY8d7R5WcMKKDCcQAAAIEAmy0FgQoaWyHdD84b7zD0YjziMsVELAbGWwdxNuNe6wtACcctCdIQigQYaC2HwGjlDKVMjQfd4RWArshg7p0PlEw7//HSgoVhwcBbDpmWGCS6TxSSQpDmdDgiVegERMYjo2BZoZQTuJIx/BhQggVISkELwZfsi1BnPC5Aecq7ILI= test
 ssh-dss AAAAB3NzaC1kc3MAAACBAMKmaZwslPWE83wv+Ofl9oaMeOR03Yk0cyDc5fSAgjepXZQR5sps0KFORRufI6dLQHY4XLoyPc/Hr0ra+vY/l+p20cJVjQ07oosPU/d2eLdZ66rdjXCyrJPjFjnNJtumnBnJZqWGObKspnWk73vPOflReyGpUFe51PF1usur3uDLAAAAFQC3dSlxZZVNbvqjJpg8/oSMuG27/QAAAIEApkd3miYVc/Cl1QwdqwInIjby1yGNCfFsZALGBYc67lkd5lGBdNlL+fgi+BwC6UXu5OAqWB/b9OtvJR8NRcM77V252IER4t95t2ZdG66M1T5q1aOVL/ehPZFHf0oPXHJLcsybzqKFAtQj5hEbnrwJYW0fWi87C9LApplzPTVYQikAAACAUEu5tFmImzyQsUBMN/j1GWCCSVznjfRHkeGwx5koC0D2iK3mMphnF9avsoX2PrboEbGqy69JPCekKQiPPWxcQRTRqFS/ySkECJ5lJ2zJrW1whjLQEJbOq7WmusSML9UXCpNSwCqhJxPYx5a8Pq7lrrBP21jT/Z/A4m4c4wMkLXo= test
 ssh-dss AAAAB3NzaC1kc3MAAACBAPmIBCP1AA8EiTL0VAdzau+1KuRmPkg+H2du4zt4ifhzEx4MscZ7cpBsUAM/EBC/ECWTHzDiWyFFuenvxDlfTi9XxySdOKM6XGLkY7oLsY1y5bShyLrycxDD7MRQ8HpUc9TPzE2PDH4Od6o98e+vdXP0+IDUZGbSuwEnaABX/1+ZAAAAFQDIB9KUd1/gnzM4s4FXCQb7zCnjVwAAAIBptrE9g/ooRnh4bOWiA3/StxbjMRmA9f9bJbM55CinL4yf/GdGmeBp6YjDBxDyk1oXmVJ2hLVXgW6kETbt+D01SouCTgLPlFwLFhqZQ+A4JQOKuLIBaM92hI7sAfTewkxbmAk/e1vyOeyfcQDhbncESzVBZrheXC1fTKv7O2PgbgAAAIBKhGEiNwKNA/pfYvkEbX90/jVoIEKZfqTk+PB2gbVMT98LWPaexrDwEGuCCK3KOtMncDai+0r1ujf1hzNJ4z43Z1n15tPvAIwQsObTL+eUQkVjHA8LXOq8n4yYyPidkjGzWcfBAm4Lm6vKkzFM3VRouQIHpWpjRl3wGTJZkOoH0Q== test
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDY+326Z0bUOn8kYUc399P2mr7Eh0E7Nc9zPrv80B05ykfmsCM053SiGYQgwP5aBzZk83PdWdYIK12U9eO5WzTwT2po9PrZT0AvsBGnU7MkzSSlXX79e9ELbGYNWV4DafT/VHxVwCuoctG7XKUorGA3ZHxGbhNWyo/+6LNwyCMcxfpjpCelJWn4MTwFqs0DVme4R2Sy+LaVg3Nv5Vbbi27cIbA+6Orit2ajDUUCHJvcQlpGrM6x9w0zbt4pUI6yHPCHIIqZEPzj1285GCF6ZQzi0TMEf4wHtA8fN1Xgn1vBw+IEkrAAnQUeTWOR1nc6CDFEGTlyYlIuz634I4BwfhBl test
 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBcLHSACx0yr1S902vlRRnXA12YpaXIOkZUXoNFb01+CxQBgGpVTEVMuakLpIW/XcD9ltu+c6Czk5WnBKEoHNuI= test
 ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBPKyvhX/3Q32EEhZKF6s+fEzfQwabsSpXgFJ2LwpGxKFxzE2jw4Nvwe9W3YbPyrZU6K2MMA7p7ZdJwdDP/tQ9dhttOGGSkea9Cq4dcdgC9cdBuQ4aGb8crmY3Z5wc1dPxQ== test
 ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAG3XTlAFoQd4iIBt5KoTHJk46v1AdZSd+wfCSpc2/GCzHNGVqidrKCrypszpkQOW6vYG8riilyfF36rJa9ipjR+5gDApLIe/ix1Fknr8MU6nWoYv2+NBTsEcaS/VTeiUuMKftMtlO2wOaWFcbZBQUAlb3LDnpMyYKCqIXhhl4vqCxBukg== test

src/test/resources/issue362_rsa

@@ -0,0 +1,3 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA2Pt9umdG1Dp/JGFHN/fT9pq+xIdBOzXPcz67/NAdOcpH5rAjNOd0ohmEIMD+Wgc2ZPNz3VnWCCtdlPXjuVs08E9qaPT62U9AL7ARp1OzJM0kpV1+/XvRC2xmDVleA2n0/1R8VcArqHLRu1ylKKxgN2R8Rm4TVsqP/uizcMgjHMX6Y6QnpSVp+DE8BarNA1ZnuEdksvi2lYNzb+VW24tu3CGwPujq4rdmow1FAhyb3EJaRqzOsfcNM27eKVCOshzwhyCKmRD849dvORghemUM4tEzBH+MB7QPHzdV4J9bwcPiBJKwAJ0FHk1jkdZ3OggxRBk5cmJSLs+t+COAcH4QZQIDAQABAoIBAGcA5AuEEWyYJFkZ0Nwxyq6LgTn8VywLfGJiCo2WIfmYHA/X1666nXSCFmYSF+yW9exwYbVXezI/m9ol7CfGs1fM61/Nw/M7GuZId+jt4+H5fIb/3lPo3jDFEaEOpoGKYCKBcdCnPFJnx0ZhUYoAYmCJVDF++bE+0aKZxu0oJPr35Lda1hBeCfrb8fDReAAU71jIoOGyuSyOXlCVyT+OmBhVme0u2xDpdY8cd5t9YueTK7BFNjNt3sJOI4L+2wRskNwxqHCrECtuOXmzEyza7vqo8cjRGSx1HZfqhoKgiRpRkRmSi8p+X1+DZOVZuCxc3BTZ7WrPgVZhu7u9hsISKyECgYEA+C9ajUNsx7Hx9gOg6Zvr+zV461PjKI/0n9g0DTZ5RHdcAfeNs3ugmsiDK6b9SayUW08EVyveJ1OJjT/NPvdP0/KhCAjUt+kN0j9f9CPdHKEWoboDca8u67dayOAhC10mNhoAp3tFQryfgpb678GIzqnXkVjGgyWC/8Z81AN7uAkCgYEA39CcJAUVMc6FigTwoMOkdOgNK6qCxAxkNBTdfB/cBBtG3h8g49n0u/fAMjkfL6awdl53j3jVCP4pUZgSSqArLb0aGo84G2vP92iN3d3j/kPiox22w8KG2XR7tHLWcc+CFfk8mdiKdPFxaWVQaYJ6htGq9LGqY3sw5lVzmk0wlH0CgYEAuWim/WGhoo4NdPzA+cTCRqlr7GJ/EY558fBS8ov/jGafFdkawztYgEnLtJDMKH4FVzFwzK65CCggWqWPb7rSqERaiOYQBFTXPnqZ9InWZczyW1/bstJs+yu/ZtIJ3bN5GHHUi0pMM882Wxjv3q12xu2bXbo0k0Uy2GIwXzM6+gECgYBDByur0eXeC7aMdhxGWTEoXdKL8D3HTtq3ikQmhzgR9sVLglEMS9rybCkgIWFImQgh+vqdehd64Pso130q4jrsMMTfjWLFO42Fz8ck2e4M2PHH3f89M0XFXBAsI3Q7k2SnBgRzIpmcmi5X3SKu5oehVqt3KroXnu4vHQpI/LL+1QKBgD3zxf795zFXw53iZXtKkzYNQhEMVRzbx6dQE+tguB0YCb2vPvYaxfejg/02hCQ4twIMuMK18v0Y9W7E34C0m++lP8UbnHdR0Dsg9ryH7OlUMp4662060HWDnDy79swB/Nnk9dxf+BoPIXGny84bEpk6cLoiHuL6TRpQhuJ292DW
+-----END RSA PRIVATE KEY-----

src/test/resources/issue362_rsa.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDY+326Z0bUOn8kYUc399P2mr7Eh0E7Nc9zPrv80B05ykfmsCM053SiGYQgwP5aBzZk83PdWdYIK12U9eO5WzTwT2po9PrZT0AvsBGnU7MkzSSlXX79e9ELbGYNWV4DafT/VHxVwCuoctG7XKUorGA3ZHxGbhNWyo/+6LNwyCMcxfpjpCelJWn4MTwFqs0DVme4R2Sy+LaVg3Nv5Vbbi27cIbA+6Orit2ajDUUCHJvcQlpGrM6x9w0zbt4pUI6yHPCHIIqZEPzj1285GCF6ZQzi0TMEf4wHtA8fN1Xgn1vBw+IEkrAAnQUeTWOR1nc6CDFEGTlyYlIuz634I4BwfhBl test