mirrors/onos
1
0
Fork 0
mirror of https://github.com/opennetworkinglab/onos.git synced 2025-10-18 19:01:06 +02:00
Code Issues Projects Releases Wiki Activity

Fix for ONOS-6766: "NETCONF: Exception when using SSH keys and Apache Mina SSHD"

Browse Source 
Modified SSH key handling. Now using BouncyCastle. (Update #2)

Change-Id: I27d8aefba6ed5548b9caa592fb5787cf98dfb5b6
This commit is contained in:
Holger Schulz 2017-08-31 17:52:30 +02:00 committed by Ray Milkey
parent dd7c3f8d78
commit 092cbbfb04
7 changed files with 55 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
features/BUCK
View File

@ -36,6 +36,8 @@ osgi_feature (
'//lib:commons-io', '//lib:commons-io',
'//lib:jersey-client', '//lib:jersey-client',
'//lib:mapdb', '//lib:mapdb',
'//lib:bcpkix-jdk15on',
'//lib:bcprov-jdk15on',
] ]
) )

20
lib/BUCK
View File

@ -1,4 +1,4 @@
# ***** This file was auto-generated at Thu, 31 Aug 2017 21:26:06 GMT. Do not edit this file manually. ***** # ***** This file was auto-generated at Sun, 3 Sep 2017 12:12:12 GMT. Do not edit this file manually. *****
# ***** Use onos-lib-gen ***** # ***** Use onos-lib-gen *****
pass_thru_pom( pass_thru_pom(
@ -1491,3 +1491,21 @@ remote_jar (
visibility = [ 'PUBLIC' ], visibility = [ 'PUBLIC' ],
) )
remote_jar (
name = 'bcpkix-jdk15on',
out = 'bcpkix-jdk15on-1.58.jar',
url = 'mvn:org.bouncycastle:bcpkix-jdk15on:jar:1.58',
sha1 = '15a760a039b040e767a75c77ffcc4ff62558f903',
maven_coords = 'org.bouncycastle:bcpkix-jdk15on:1.58',
visibility = [ 'PUBLIC' ],
)
remote_jar (
name = 'bcprov-jdk15on',
out = 'bcprov-jdk15on-1.58.jar',
url = 'mvn:org.bouncycastle:bcprov-jdk15on:jar:1.58',
sha1 = '2c9aa1c4e3372b447ba5daabade4adf2a2264b12',
maven_coords = 'org.bouncycastle:bcprov-jdk15on:1.58',
visibility = [ 'PUBLIC' ],
)

4
lib/deps.json
View File

@ -266,6 +266,8 @@
"google-truth-0.28": "mvn:com.google.truth:truth:0.28", "google-truth-0.28": "mvn:com.google.truth:truth:0.28",
"google-code-findbugs-3.0.0": "mvn:com.google.code.findbugs:jsr305:3.0.0", "google-code-findbugs-3.0.0": "mvn:com.google.code.findbugs:jsr305:3.0.0",
"google-errorprone-2.0.19": "mvn:com.google.errorprone:error_prone_annotations:2.0.19", "google-errorprone-2.0.19": "mvn:com.google.errorprone:error_prone_annotations:2.0.19",
"google-instrumentation-0.3.0": "mvn:com.google.instrumentation:instrumentation-api:0.3.0" "google-instrumentation-0.3.0": "mvn:com.google.instrumentation:instrumentation-api:0.3.0",
"bcpkix-jdk15on": "mvn:org.bouncycastle:bcpkix-jdk15on:1.58",
"bcprov-jdk15on": "mvn:org.bouncycastle:bcprov-jdk15on:1.58"
} }
} }

2
protocols/netconf/ctl/BUCK
View File

@ -6,6 +6,8 @@ COMPILE_DEPS = [
'//cli:onos-cli', '//cli:onos-cli',
'//lib:org.apache.karaf.shell.console', '//lib:org.apache.karaf.shell.console',
'//lib:sshd-core', '//lib:sshd-core',
'//lib:bcpkix-jdk15on',
'//lib:bcprov-jdk15on',
] ]
TEST_DEPS = [ TEST_DEPS = [

12
protocols/netconf/ctl/pom.xml
View File

@ -78,6 +78,18 @@
<artifactId>org.apache.karaf.shell.console</artifactId> <artifactId>org.apache.karaf.shell.console</artifactId>
</dependency> </dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<version>1.58</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.58</version>
</dependency>
</dependencies> </dependencies>
<build> <build>

4
protocols/netconf/ctl/src/main/java/org/onosproject/netconf/ctl/impl/NetconfControllerImpl.java
View File

@ -24,6 +24,7 @@ import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Reference; import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.ReferenceCardinality; import org.apache.felix.scr.annotations.ReferenceCardinality;
import org.apache.felix.scr.annotations.Service; import org.apache.felix.scr.annotations.Service;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.onlab.packet.IpAddress; import org.onlab.packet.IpAddress;
import org.onosproject.cfg.ComponentConfigService; import org.onosproject.cfg.ComponentConfigService;
import org.onosproject.net.AnnotationKeys; import org.onosproject.net.AnnotationKeys;
@ -49,6 +50,7 @@ import org.osgi.service.component.ComponentContext;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import java.security.Security;
import java.util.Arrays; import java.util.Arrays;
import java.util.Dictionary; import java.util.Dictionary;
import java.util.Map; import java.util.Map;
@ -128,6 +130,7 @@ public class NetconfControllerImpl implements NetconfController {
public void activate(ComponentContext context) { public void activate(ComponentContext context) {
cfgService.registerProperties(getClass()); cfgService.registerProperties(getClass());
modified(context); modified(context);
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
log.info("Started"); log.info("Started");
} }
@ -140,6 +143,7 @@ public class NetconfControllerImpl implements NetconfController {
cfgService.unregisterProperties(getClass(), false); cfgService.unregisterProperties(getClass(), false);
netconfDeviceListeners.clear(); netconfDeviceListeners.clear();
netconfDeviceMap.clear(); netconfDeviceMap.clear();
Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
log.info("Stopped"); log.info("Stopped");
} }

29
protocols/netconf/ctl/src/main/java/org/onosproject/netconf/ctl/impl/NetconfSessionMinaImpl.java
View File

@ -28,6 +28,10 @@ import org.apache.sshd.client.future.OpenFuture;
import org.apache.sshd.client.session.ClientSession; import org.apache.sshd.client.session.ClientSession;
import org.apache.sshd.common.FactoryManager; import org.apache.sshd.common.FactoryManager;
import org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider; import org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.onosproject.netconf.DatastoreId; import org.onosproject.netconf.DatastoreId;
import org.onosproject.netconf.NetconfDeviceInfo; import org.onosproject.netconf.NetconfDeviceInfo;
import org.onosproject.netconf.NetconfDeviceOutputEvent; import org.onosproject.netconf.NetconfDeviceOutputEvent;
@ -39,12 +43,11 @@ import org.onosproject.netconf.NetconfSessionFactory;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import static java.nio.charset.StandardCharsets.UTF_8; import static java.nio.charset.StandardCharsets.UTF_8;
import java.io.CharArrayReader;
import java.io.IOException; import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory; import java.security.KeyFactory;
import java.security.KeyPair; import java.security.KeyPair;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
@ -208,23 +211,15 @@ public class NetconfSessionMinaImpl implements NetconfSession {
session = connectFuture.getSession(); session = connectFuture.getSession();
//Using the device ssh key if possible //Using the device ssh key if possible
if (deviceInfo.getKey() != null) { if (deviceInfo.getKey() != null) {
ByteBuffer buf = StandardCharsets.UTF_8.encode(CharBuffer.wrap(deviceInfo.getKey())); PEMParser pemParser = new PEMParser(new CharArrayReader(deviceInfo.getKey()));
byte[] byteKey = new byte[buf.limit()]; JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME);
buf.get(byteKey);
PublicKey key;
try { try {
key = getPublicKey(byteKey, RSA); KeyPair kp = converter.getKeyPair((PEMKeyPair) pemParser.readObject());
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) { session.addPublicKeyIdentity(kp);
try { } catch (java.io.IOException e) {
key = getPublicKey(byteKey, DSA);
} catch (NoSuchAlgorithmException | InvalidKeySpecException e1) {
throw new NetconfException("Failed to authenticate session with device " + throw new NetconfException("Failed to authenticate session with device " +
deviceInfo + "check key to be the " + deviceInfo + "check key to be a valid key", e);
"proper DSA or RSA key", e1);
} }
}
//privateKye can set tu null because is not used by the method.
session.addPublicKeyIdentity(new KeyPair(key, null));
} else { } else {
session.addPasswordIdentity(deviceInfo.password()); session.addPasswordIdentity(deviceInfo.password());
} }