Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Android Compability, again ;-) #392

Merged
merged 5 commits into from
Jan 30, 2018
Merged

Android Compability, again ;-) #392

merged 5 commits into from
Jan 30, 2018

Conversation

eidottermihi
Copy link
Contributor

As mentioned in #308 (comment), PCKS8KeyFile had a hard dependency on BouncyCastle as JCE provider.

In combination with SpongyCastle on Android an the updated AndroidConfig, this leads to exceptions when running on Android and using publickey auth (excerpt from my Android app):

21:18:17.060 [AsyncTask #5] ERROR net.schmizz.concurrent.Promise - <<authenticated>> woke to: net.schmizz.sshj.userauth.UserAuthException: Problem getting private key from PKCS8KeyFile{resource=[PrivateKeyFileResource] /storage/emulated/0/ssh/ID_Andromeda}
21:18:17.067 [AsyncTask #5] INFO  d.e.rpicheck.ssh.impl.RaspiQuery - Authentification failed.
net.schmizz.sshj.userauth.UserAuthException: Exhausted available authentication methods
	at net.schmizz.sshj.SSHClient.auth(SSHClient.java:231) ~[na:0.0]
	at net.schmizz.sshj.SSHClient.authPublickey(SSHClient.java:346) ~[na:0.0]
	at net.schmizz.sshj.SSHClient.authPublickey(SSHClient.java:365) ~[na:0.0]
	at de.eidottermihi.rpicheck.ssh.impl.RaspiQuery.connectWithPubKeyAuthAndPassphrase(RaspiQuery.java:1167) ~[na:0.0]
	at de.eidottermihi.rpicheck.activity.SSHQueryTask.doInBackground(SSHQueryTask.java:90) ~[na:0.0]
	at de.eidottermihi.rpicheck.activity.SSHQueryTask.doInBackground(SSHQueryTask.java:46) ~[na:0.0]
	at android.os.AsyncTask$2.call(AsyncTask.java:295) ~[na:0.0]
	at java.util.concurrent.FutureTask.run(FutureTask.java:237) ~[na:0.0]
	at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:234) ~[na:0.0]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1113) ~[na:0.0]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:588) ~[na:0.0]
	at java.lang.Thread.run(Thread.java:818) ~[na:0.0]
Caused by: net.schmizz.sshj.userauth.UserAuthException: Problem getting private key from PKCS8KeyFile{resource=[PrivateKeyFileResource] /storage/emulated/0/ssh/ID_Andromeda}
	at net.schmizz.sshj.userauth.method.KeyedAuthMethod.putSig(KeyedAuthMethod.java:61) ~[na:0.0]
	at net.schmizz.sshj.userauth.method.AuthPublickey.sendSignedReq(AuthPublickey.java:74) ~[na:0.0]
	at net.schmizz.sshj.userauth.method.AuthPublickey.handle(AuthPublickey.java:45) ~[na:0.0]
	at net.schmizz.sshj.userauth.UserAuthImpl.handle(UserAuthImpl.java:142) ~[na:0.0]
	at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:500) ~[na:0.0]
	at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:102) ~[na:0.0]
	at net.schmizz.sshj.transport.Decoder.received(Decoder.java:170) ~[na:0.0]
	at net.schmizz.sshj.transport.Reader.run(Reader.java:59) ~[na:0.0]
Caused by: org.bouncycastle.openssl.PEMException: Unable to create OpenSSL PBDKF: BC
	at org.bouncycastle.openssl.jcajce.PEMUtilities.getKey(Unknown Source) ~[na:0.0]
	at org.bouncycastle.openssl.jcajce.PEMUtilities.getKey(Unknown Source) ~[na:0.0]
	at org.bouncycastle.openssl.jcajce.PEMUtilities.crypt(Unknown Source) ~[na:0.0]
	at org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder$1$1.decrypt(Unknown Source) ~[na:0.0]
	at org.bouncycastle.openssl.PEMEncryptedKeyPair.decryptKeyPair(Unknown Source) ~[na:0.0]
	at net.schmizz.sshj.userauth.keyprovider.PKCS8KeyFile.readKeyPair(PKCS8KeyFile.java:73) ~[na:0.0]
	at net.schmizz.sshj.userauth.keyprovider.BaseFileKeyProvider.getPrivate(BaseFileKeyProvider.java:75) ~[na:0.0]
	at net.schmizz.sshj.userauth.method.KeyedAuthMethod.putSig(KeyedAuthMethod.java:59) ~[na:0.0]
	... 7 common frames omitted
Caused by: java.security.NoSuchProviderException: BC
	at javax.crypto.SecretKeyFactory.getInstance(SecretKeyFactory.java:139) ~[na:0.0]
	at org.bouncycastle.jcajce.util.NamedJcaJceHelper.createSecretKeyFactory(Unknown Source) ~[na:0.0]
	... 15 common frames omitted

With these changes PKCS8KeyFile relies on the previously registered JCE provider (which could be BC or SC).
Furthermore, AndroidConfig is now much simpler (no more dirty workarounds for isBouncyCastleRegistered() as this method now returns true when SpongyCastle was registered).

@codecov-io
Copy link

codecov-io commented Jan 9, 2018
edited
Loading

Codecov Report

Merging #392 into master will increase coverage by 0.05%.
The diff coverage is 50%.

Impacted file tree graph

@@             Coverage Diff              @@
##             master     #392      +/-   ##
============================================
+ Coverage      55.2%   55.26%   +0.05%     
- Complexity     1147     1148       +1     
============================================
  Files           189      189              
  Lines          7486     7482       -4     
  Branches        651      652       +1     
============================================
+ Hits           4133     4135       +2     
+ Misses         3005     2998       -7     
- Partials        348      349       +1
Impacted Files Coverage Δ Complexity Δ
src/main/java/net/schmizz/sshj/AndroidConfig.java 0% <ø> (ø) 0 <0> (ø) ⬇️
src/main/java/net/schmizz/sshj/DefaultConfig.java 87.37% <0%> (ø) 11 <0> (ø) ⬇️
...in/java/net/schmizz/sshj/common/SecurityUtils.java 48.27% <0%> (-1.15%) 16 <0> (ø)
...chmizz/sshj/userauth/keyprovider/PKCS8KeyFile.java 75% <100%> (ø) 4 <0> (ø) ⬇️
src/main/java/net/schmizz/sshj/SSHClient.java 58.28% <0%> (-0.62%) 32% <0%> (-1%)
...zz/sshj/connection/channel/ChannelInputStream.java 76.11% <0%> (+2.98%) 16% <0%> (+1%) ⬆️
...t/schmizz/sshj/connection/ConnectionException.java 44.44% <0%> (+11.11%) 4% <0%> (+1%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d55eb6d...cadeed8. Read the comment docs.

@eidottermihi eidottermihi mentioned this pull request Jan 9, 2018
Merged
@eidottermihi
Workaround for Android 5.0 bug when SpongyCastle is the default JCE p…
18b0cca 
…rovider.

On Android 5.0 reading the version from the jar does throw a SecurityException due to a bug in Android (see https://issuetracker.google.com/issues/36993752). Including that Exception in the catch provides a workaround for that issue.
@eidottermihi
Copy link
Contributor Author

I updated to PR to include another fix/workaround when SSHJ is used on Android 5.0 (see 18b0cca).

eidottermihi added a commit to eidottermihi/rpicheck that referenced this pull request Jan 27, 2018
@eidottermihi
Use local sshj build which includes Android 5.0 workaround (see hiery…
836a2d2 
…nomus/sshj#392).
@hierynomus hierynomus merged commit 39b72ee into hierynomus:master Jan 30, 2018
@hierynomus
Copy link
Owner

Thanks!

@TranceLove TranceLove mentioned this pull request Feb 14, 2018
Closed
@eidottermihi
Copy link
Contributor Author

@hierynomus I don't want to rush you, but do you have any plans for a new release which includes this fix?

eidottermihi added a commit to eidottermihi/rpicheck that referenced this pull request Mar 16, 2018
@eidottermihi
Fix build (rollback when new sshj version is released, hierynomus/ssh…
40d0295 
…j#392)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@eidottermihi @codecov-io @hierynomus