commit 092cbbfb04a4ae69c93280c6c300bb766ddb89dc
author Holger Schulz <holgerwfoss@gmail.com> Thu Aug 31 17:52:30 2017 +0200
committer Ray Milkey <ray@opennetworking.org> Tue Sep 05 16:58:48 2017 +0000
tree 5cdf00f81bc4c0bf9e74c0eec43187bd7cff0aa7
parent dd7c3f8d78dc30b0799b76545733cc03e0be1d13

Fix for ONOS-6766: "NETCONF: Exception when using SSH keys and Apache Mina SSHD"
    Modified SSH key handling. Now using BouncyCastle. (Update #2)

Change-Id: I27d8aefba6ed5548b9caa592fb5787cf98dfb5b6

protocols/netconf/ctl/src/main/java/org/onosproject/netconf/ctl/impl/NetconfControllerImpl.java

diff --git a/protocols/netconf/ctl/src/main/java/org/onosproject/netconf/ctl/impl/NetconfControllerImpl.java b/protocols/netconf/ctl/src/main/java/org/onosproject/netconf/ctl/impl/NetconfControllerImpl.java
index daba5be..a1797d7 100644
--- a/protocols/netconf/ctl/src/main/java/org/onosproject/netconf/ctl/impl/NetconfControllerImpl.java
+++ b/protocols/netconf/ctl/src/main/java/org/onosproject/netconf/ctl/impl/NetconfControllerImpl.java
@@ -24,6 +24,7 @@
 import org.apache.felix.scr.annotations.Reference;
 import org.apache.felix.scr.annotations.ReferenceCardinality;
 import org.apache.felix.scr.annotations.Service;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.onlab.packet.IpAddress;
 import org.onosproject.cfg.ComponentConfigService;
 import org.onosproject.net.AnnotationKeys;
@@ -49,6 +50,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import java.security.Security;
 import java.util.Arrays;
 import java.util.Dictionary;
 import java.util.Map;
@@ -128,6 +130,7 @@
     public void activate(ComponentContext context) {
         cfgService.registerProperties(getClass());
         modified(context);
+        Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
         log.info("Started");
     }
 
@@ -140,6 +143,7 @@
         cfgService.unregisterProperties(getClass(), false);
         netconfDeviceListeners.clear();
         netconfDeviceMap.clear();
+        Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
         log.info("Stopped");
     }
 

protocols/netconf/ctl/src/main/java/org/onosproject/netconf/ctl/impl/NetconfSessionMinaImpl.java

diff --git a/protocols/netconf/ctl/src/main/java/org/onosproject/netconf/ctl/impl/NetconfSessionMinaImpl.java b/protocols/netconf/ctl/src/main/java/org/onosproject/netconf/ctl/impl/NetconfSessionMinaImpl.java
index 357ae16..241ea23 100644
--- a/protocols/netconf/ctl/src/main/java/org/onosproject/netconf/ctl/impl/NetconfSessionMinaImpl.java
+++ b/protocols/netconf/ctl/src/main/java/org/onosproject/netconf/ctl/impl/NetconfSessionMinaImpl.java
@@ -28,6 +28,10 @@
 import org.apache.sshd.client.session.ClientSession;
 import org.apache.sshd.common.FactoryManager;
 import org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.openssl.PEMParser;
+import org.bouncycastle.openssl.PEMKeyPair;
+import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
 import org.onosproject.netconf.DatastoreId;
 import org.onosproject.netconf.NetconfDeviceInfo;
 import org.onosproject.netconf.NetconfDeviceOutputEvent;
@@ -39,12 +43,11 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+
 import static java.nio.charset.StandardCharsets.UTF_8;
 
+import java.io.CharArrayReader;
 import java.io.IOException;
-import java.nio.ByteBuffer;
-import java.nio.CharBuffer;
-import java.nio.charset.StandardCharsets;
 import java.security.KeyFactory;
 import java.security.KeyPair;
 import java.security.NoSuchAlgorithmException;
@@ -208,23 +211,15 @@
         session = connectFuture.getSession();
         //Using the device ssh key if possible
         if (deviceInfo.getKey() != null) {
-            ByteBuffer buf = StandardCharsets.UTF_8.encode(CharBuffer.wrap(deviceInfo.getKey()));
-            byte[] byteKey = new byte[buf.limit()];
-            buf.get(byteKey);
-            PublicKey key;
+            PEMParser pemParser = new PEMParser(new CharArrayReader(deviceInfo.getKey()));
+            JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME);
             try {
-                key = getPublicKey(byteKey, RSA);
-            } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
-                try {
-                    key = getPublicKey(byteKey, DSA);
-                } catch (NoSuchAlgorithmException | InvalidKeySpecException e1) {
-                    throw new NetconfException("Failed to authenticate session with device " +
-                            deviceInfo + "check key to be the " +
-                            "proper DSA or RSA key", e1);
-                }
+                KeyPair kp = converter.getKeyPair((PEMKeyPair) pemParser.readObject());
+                session.addPublicKeyIdentity(kp);
+            } catch (java.io.IOException e) {
+                throw new NetconfException("Failed to authenticate session with device " +
+                                           deviceInfo + "check key to be a valid key", e);
             }
-            //privateKye can set tu null because is not used by the method.
-            session.addPublicKeyIdentity(new KeyPair(key, null));
         } else {
             session.addPasswordIdentity(deviceInfo.password());
         }