Merge branch 'master' into pr/uttamgupta/976

Author: hierynomus

build.gradle

@@ -9,7 +9,7 @@ plugins {
   id 'pl.allegro.tech.build.axion-release' version '1.15.3'
   id "com.github.hierynomus.license" version "0.16.1"
   id "com.bmuschko.docker-remote-api" version "9.2.1"
-  id 'ru.vyarus.github-info' version '1.5.0'
+  id 'ru.vyarus.github-info' version '2.0.0'
   id "io.github.gradle-nexus.publish-plugin" version "1.3.0"
 }
 
@@ -22,6 +22,11 @@ repositories {
   mavenCentral()
 }
 
+github {
+    user 'hierynomus'
+    license 'Apache'
+}
+
 scmVersion {
   tag {
     prefix = 'v'
@@ -41,11 +46,11 @@ compileJava {
 
 configurations.implementation.transitive = false
 
-def bouncycastleVersion = "1.78.1"
-def sshdVersion = "2.12.1"
+def bouncycastleVersion = "1.80"
+def sshdVersion = "2.14.0"
 
 dependencies {
-  implementation "org.slf4j:slf4j-api:2.0.13"
+  implementation "org.slf4j:slf4j-api:2.0.16"
   implementation "org.bouncycastle:bcprov-jdk18on:$bouncycastleVersion"
   implementation "org.bouncycastle:bcpkix-jdk18on:$bouncycastleVersion"
   implementation "com.hierynomus:asn-one:0.6.0"
@@ -85,15 +90,15 @@ testing {
     configureEach {
       useJUnitJupiter()
       dependencies {
-        implementation "org.slf4j:slf4j-api:2.0.13"
+        implementation "org.slf4j:slf4j-api:2.0.16"
         implementation "org.spockframework:spock-core:2.4-M5-groovy-4.0"
         implementation "org.mockito:mockito-core:5.15.2"
         implementation "org.assertj:assertj-core:3.24.2"
         implementation "ru.vyarus:spock-junit5:1.2.0"
         implementation "org.apache.sshd:sshd-core:$sshdVersion"
         implementation "org.apache.sshd:sshd-sftp:$sshdVersion"
         implementation "org.apache.sshd:sshd-scp:$sshdVersion"
-        implementation "ch.qos.logback:logback-classic:1.3.14"
+        implementation "ch.qos.logback:logback-classic:1.3.15"
         implementation 'org.glassfish.grizzly:grizzly-http-server:3.0.1'
       }
 
@@ -129,8 +134,8 @@ testing {
     integrationTest(JvmTestSuite) {
       dependencies {
         implementation project()
-        implementation 'org.testcontainers:testcontainers:1.19.8'
-        implementation 'org.testcontainers:junit-jupiter:1.19.8'
+        implementation 'org.testcontainers:testcontainers:1.20.4'
+        implementation 'org.testcontainers:junit-jupiter:1.20.4'
       }
 
       sources {
@@ -202,11 +207,6 @@ sourcesJar {
   }
 }
 
-github {
-  user 'hierynomus'
-  license 'Apache'
-}
-
 publishing {
 	publications {
 		maven(MavenPublication) {

gradle/wrapper/gradle-wrapper.jar

@@ -1,5 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.11-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.12.1-bin.zip
+networkTimeout=10000
+validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

gradle/wrapper/gradle-wrapper.properties

@@ -15,6 +15,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+# SPDX-License-Identifier: Apache-2.0
+#
 
 ##############################################################################
 #
@@ -55,7 +57,7 @@
 #       Darwin, MinGW, and NonStop.
 #
 #   (3) This script is generated from the Groovy template
-#       https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
 #       within the Gradle project.
 #
 #       You can find Gradle at https://github.com/gradle/gradle/.
@@ -80,13 +82,11 @@ do
     esac
 done
 
-APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
-
-APP_NAME="Gradle"
+# This is normally unused
+# shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
-
-# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
-DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s\n' "$PWD" ) || exit
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
@@ -133,22 +133,29 @@ location of your Java installation."
     fi
 else
     JAVACMD=java
-    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+    if ! command -v java >/dev/null 2>&1
+    then
+        die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
 
 Please set the JAVA_HOME variable in your environment to match the
 location of your Java installation."
+    fi
 fi
 
 # Increase the maximum file descriptors if we can.
 if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
     case $MAX_FD in #(
       max*)
+        # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
+        # shellcheck disable=SC2039,SC3045
         MAX_FD=$( ulimit -H -n ) ||
             warn "Could not query maximum file descriptor limit"
     esac
     case $MAX_FD in  #(
       '' | soft) :;; #(
       *)
+        # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
+        # shellcheck disable=SC2039,SC3045
         ulimit -n "$MAX_FD" ||
             warn "Could not set maximum file descriptor limit to $MAX_FD"
     esac
@@ -193,18 +200,28 @@ if "$cygwin" || "$msys" ; then
     done
 fi
 
-# Collect all arguments for the java command;
-#   * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
-#     shell script including quotes and variable substitutions, so put them in
-#     double quotes to make sure that they get re-expanded; and
-#   * put everything else in single quotes, so that it's not re-expanded.
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+
+# Collect all arguments for the java command:
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+#     and any embedded shellness will be escaped.
+#   * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
+#     treated as '${Hostname}' itself on the command line.
 
 set -- \
         "-Dorg.gradle.appname=$APP_BASE_NAME" \
         -classpath "$CLASSPATH" \
         org.gradle.wrapper.GradleWrapperMain \
         "$@"
 
+# Stop when "xargs" is not available.
+if ! command -v xargs >/dev/null 2>&1
+then
+    die "xargs is not available"
+fi
+
 # Use "xargs" to parse quoted args.
 #
 # With -n1 it outputs one arg per line, with the quotes and backslashes removed.

gradlew

@@ -13,8 +13,10 @@
 @rem See the License for the specific language governing permissions and
 @rem limitations under the License.
 @rem
+@rem SPDX-License-Identifier: Apache-2.0
+@rem
 
-@if "%DEBUG%" == "" @echo off
+@if "%DEBUG%"=="" @echo off
 @rem ##########################################################################
 @rem
 @rem  Gradle startup script for Windows
@@ -25,7 +27,8 @@
 if "%OS%"=="Windows_NT" setlocal
 
 set DIRNAME=%~dp0
-if "%DIRNAME%" == "" set DIRNAME=.
+if "%DIRNAME%"=="" set DIRNAME=.
+@rem This is normally unused
 set APP_BASE_NAME=%~n0
 set APP_HOME=%DIRNAME%
 
@@ -40,13 +43,13 @@ if defined JAVA_HOME goto findJavaFromJavaHome
 
 set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
-if "%ERRORLEVEL%" == "0" goto execute
+if %ERRORLEVEL% equ 0 goto execute
 
-echo.
-echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail
 
@@ -56,11 +59,11 @@ set JAVA_EXE=%JAVA_HOME%/bin/java.exe
 
 if exist "%JAVA_EXE%" goto execute
 
-echo.
-echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail
 
@@ -75,13 +78,15 @@ set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
 
 :end
 @rem End local scope for the variables with windows NT shell
-if "%ERRORLEVEL%"=="0" goto mainEnd
+if %ERRORLEVEL% equ 0 goto mainEnd
 
 :fail
 rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
 rem the _cmd.exe /c_ return code!
-if  not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
-exit /b 1
+set EXIT_CODE=%ERRORLEVEL%
+if %EXIT_CODE% equ 0 set EXIT_CODE=1
+if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
+exit /b %EXIT_CODE%
 
 :mainEnd
 if "%OS%"=="Windows_NT" endlocal

gradlew.bat

@@ -15,8 +15,6 @@
  */
 package com.hierynomus.sshj.common;
 
-import org.bouncycastle.openssl.EncryptionException;
-
 import java.io.IOException;
 
 /**
@@ -32,7 +30,7 @@ public KeyDecryptionFailedException() {
         super(MESSAGE);
     }
 
-    public KeyDecryptionFailedException(EncryptionException cause) {
+    public KeyDecryptionFailedException(IOException cause) {
         super(MESSAGE, cause);
     }
 

src/main/java/com/hierynomus/sshj/common/KeyDecryptionFailedException.java

@@ -31,10 +31,6 @@
 import net.schmizz.sshj.userauth.keyprovider.FileKeyProvider;
 import net.schmizz.sshj.userauth.keyprovider.KeyFormat;
 import net.schmizz.sshj.userauth.password.PasswordFinder;
-import org.bouncycastle.asn1.nist.NISTNamedCurves;
-import org.bouncycastle.asn1.x9.X9ECParameters;
-import org.bouncycastle.jce.spec.ECNamedCurveSpec;
-import org.bouncycastle.openssl.EncryptionException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -47,15 +43,14 @@
 import java.security.KeyPair;
 import java.security.PrivateKey;
 import java.security.PublicKey;
-import java.security.spec.ECPrivateKeySpec;
 import java.security.spec.RSAPrivateCrtKeySpec;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.Map;
 
 /**
  * Reads a key file in the new OpenSSH format.
- * The format is described in the following document: https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key
+ * The format is described in the following document: <a href="https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key">Key Protocol</a>
  */
 public class OpenSSHKeyV1KeyFile extends BaseFileKeyProvider {
     private static final String BEGIN = "-----BEGIN ";
@@ -244,7 +239,7 @@ private PlainBuffer decryptPrivateKey(final byte[] privateKey, final int private
             cipher.update(privateKey, 0, privateKeyLength);
         } catch (final SSHRuntimeException e) {
             final String message = String.format("OpenSSH Private Key decryption failed with cipher [%s]", cipherName);
-            throw new KeyDecryptionFailedException(new EncryptionException(message, e));
+            throw new KeyDecryptionFailedException(new IOException(message, e));
         }
         final PlainBuffer decryptedPrivateKey = new PlainBuffer(privateKeyLength);
         decryptedPrivateKey.putRawBytes(privateKey, 0, privateKeyLength);
@@ -343,7 +338,7 @@ private KeyPair readUnencrypted(final PlainBuffer keyBuffer, final PublicKey pub
         int checkInt1 = keyBuffer.readUInt32AsInt(); // uint32 checkint1
         int checkInt2 = keyBuffer.readUInt32AsInt(); // uint32 checkint2
         if (checkInt1 != checkInt2) {
-            throw new KeyDecryptionFailedException(new EncryptionException("OpenSSH Private Key integer comparison failed"));
+            throw new KeyDecryptionFailedException(new IOException("OpenSSH Private Key integer comparison failed"));
         }
         // The private key section contains both the public key and the private key
         String keyType = keyBuffer.readString(); // string keytype
@@ -365,13 +360,13 @@ private KeyPair readUnencrypted(final PlainBuffer keyBuffer, final PublicKey pub
                 kp = new KeyPair(publicKey, privateKey);
                 break;
             case ECDSA256:
-                kp = new KeyPair(publicKey, createECDSAPrivateKey(kt, keyBuffer, "P-256"));
+                kp = new KeyPair(publicKey, createECDSAPrivateKey(kt, keyBuffer, ECDSACurve.SECP256R1));
                 break;
             case ECDSA384:
-                kp = new KeyPair(publicKey, createECDSAPrivateKey(kt, keyBuffer, "P-384"));
+                kp = new KeyPair(publicKey, createECDSAPrivateKey(kt, keyBuffer, ECDSACurve.SECP384R1));
                 break;
             case ECDSA521:
-                kp = new KeyPair(publicKey, createECDSAPrivateKey(kt, keyBuffer, "P-521"));
+                kp = new KeyPair(publicKey, createECDSAPrivateKey(kt, keyBuffer, ECDSACurve.SECP521R1));
                 break;
 
             default:
@@ -388,13 +383,10 @@ private KeyPair readUnencrypted(final PlainBuffer keyBuffer, final PublicKey pub
         return kp;
     }
 
-    private PrivateKey createECDSAPrivateKey(KeyType kt, PlainBuffer buffer, String name) throws GeneralSecurityException, Buffer.BufferException {
+    private PrivateKey createECDSAPrivateKey(KeyType kt, PlainBuffer buffer, ECDSACurve ecdsaCurve) throws GeneralSecurityException, Buffer.BufferException {
         kt.readPubKeyFromBuffer(buffer); // Public key
-        BigInteger s = new BigInteger(1, buffer.readBytes());
-        X9ECParameters ecParams = NISTNamedCurves.getByName(name);
-        ECNamedCurveSpec ecCurveSpec = new ECNamedCurveSpec(name, ecParams.getCurve(), ecParams.getG(), ecParams.getN());
-        ECPrivateKeySpec pks = new ECPrivateKeySpec(s, ecCurveSpec);
-        return SecurityUtils.getKeyFactory(KeyAlgorithm.ECDSA).generatePrivate(pks);
+        final BigInteger s = new BigInteger(1, buffer.readBytes());
+        return ECDSAKeyFactory.getPrivateKey(s, ecdsaCurve);
     }
 
     /**