-
Notifications
You must be signed in to change notification settings - Fork 605
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Gracefully load OpenSSH known_hosts without requiring BouncyCastle #271
Conversation
…y types requiring BouncyCastle, but we're not including BouncyCastle.
Do you really want me to use four spaces to indent cases in a switch statement? :( |
Well actually, that spacing is a pretty default and widely accepted setting ;) |
I'm missing some tests that showcase the problem you had and that was fixed now. From the code I don't see much difference except for the type of exception that might now be thrown. You might've first gotten a SecurityException and now a BufferException. |
The BufferException is declared, the RuntimeException would generally be uncaught and terminate processing. That's the difference. I thought the tests were all run with BouncyCastle in the classpath. How would I write a test case that requires BouncyCastle not be loaded? Is there an example you could point me to? |
The whole problem with this is that there is also requests for being able 2016-09-12 13:30 GMT+02:00 David Solin [email protected]:
|
There are other places in the code that check for BouncyCastle -- the utility method is pre-existing. If SpongyCastle is a true replacement for BC, only that utility method would need to be changed to check for it to add SC support. |
Would you prefer it if I checked for BC in the individual KeyType implementations? |
Another possibility would be for me to modify the OpenSSHKnownHosts class, to catch SSHRuntimeExceptions in the constructor and log a different message. Would that be preferable? |
Actually that won't work... this is the error I was aiming to avoid:
|
Hi David, I think for the |
Hi Jeroen, you're quite right (of course)! I've verified that the last set of changes work, and avoid the ClassNotFoundException when BC is not available. It would be nice if it would be possible to create automated test cases without the BouncyCastle dependency, to prevent future regressions. Do you have any ideas how that could be accomplished? |
(Note, I also re-formatted the switch statement in PKCS5KeyFile per the style in this project). |
There are a number of scenarios that I could think of:
Currently only 4. is being tested against. In order to test for 1 you would maybe need to spin up a new JVM with a classpath without BC present in a unit test. We could maybe do that as a separate test task in Gradle. That should not be all too hard. |
Merged! Thanks again for the PR :) |
If BouncyCastle is not present, I want to be able to load whatever bits of the known_hosts file I can (i.e., the ssh-dss and ssh-rsa keys).
While making this change I noticed the KeyType.readPubKeyFromBuffer method didn't require passing in the String type name, so I cleaned that up too.