mina improvements

profhenry · Dec 31, 2023 · 4058724 · 4058724
1 parent b81ffbe
commit 4058724
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 16 deletions.
diff --git a/sshsig-mina/pom.xml b/sshsig-mina/pom.xml
@@ -19,11 +19,6 @@
 			<groupId>org.apache.sshd</groupId>
 			<artifactId>sshd-core</artifactId>
 		</dependency>
-		<dependency>
-			<groupId>net.i2p.crypto</groupId>
-			<artifactId>eddsa</artifactId>
-		</dependency>
-
 		<!-- TESTING =============================================================================================== -->
 		<dependency>
 			<groupId>org.junit.jupiter</groupId>
@@ -35,6 +30,11 @@
 			<artifactId>assertj-core</artifactId>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>net.i2p.crypto</groupId>
+			<artifactId>eddsa</artifactId>
+			<scope>test</scope>
+		</dependency>
 		<!-- TESTING (Runtime) ===================================================================================== -->
 		<dependency>
 			<groupId>org.slf4j</groupId>

diff --git a/sshsig-mina/src/main/java/de/profhenry/sshsig/mina/ApacheMinaSshAgentEngine.java b/sshsig-mina/src/main/java/de/profhenry/sshsig/mina/ApacheMinaSshAgentEngine.java
@@ -19,19 +19,23 @@
 import java.security.PublicKey;
 import java.security.interfaces.DSAPublicKey;
 import java.security.interfaces.RSAPublicKey;
+import java.util.Map.Entry;
 
 import org.apache.sshd.agent.SshAgent;
 
 import de.profhenry.sshsig.core.SignatureAlgorithm;
 import de.profhenry.sshsig.core.SshSignatureException;
 import de.profhenry.sshsig.core.spi.SigningBackend;
-import net.i2p.crypto.eddsa.EdDSAPublicKey;
 
 /**
+ * Signing backend which uses an (external) SSH agent via Apache MINA.
+ * <p>
+ * 
  * @author profhenry
  */
 public class ApacheMinaSshAgentEngine implements SigningBackend<PublicKey> {
 
+	/** The SSH agent. */
 	private final SshAgent sshAgent;
 
 	public ApacheMinaSshAgentEngine(SshAgent anSshAgent) {
@@ -45,20 +49,21 @@ public PublicKey extractPublicKey(PublicKey aPublicKey) {
 
 	@Override
 	public SigningResult signData(PublicKey aPublicKey, byte[] someDataToSign) throws SshSignatureException {
-		// 1) determine signature algorithm
 		SignatureAlgorithm tSignatureAlgorithm = determineSignatureAlgorithm(aPublicKey);
-
-		byte[] tSignedContent;
+		String tSigningAlgorithm = tSignatureAlgorithm.getNameUsedInSshProtocol();
 
 		try {
-			tSignedContent =
-					sshAgent.sign(null, aPublicKey, tSignatureAlgorithm.getNameUsedInSshProtocol(), someDataToSign)
-							.getValue();
+			Entry<String, byte[]> tResult = sshAgent.sign(null, aPublicKey, tSigningAlgorithm, someDataToSign);
+			if (!tSigningAlgorithm.equals(tResult.getKey())) {
+				throw new SshSignatureException("SSH Agent used wrong signing algorithm, requested: "
+						+ tSigningAlgorithm
+						+ " used: "
+						+ tResult.getKey());
+			}
+			return new SigningResult(tSignatureAlgorithm, tResult.getValue());
 		} catch (IOException exc) {
-			throw new SshSignatureException("", exc);
+			throw new SshSignatureException("Signing via SSH Agent failed!", exc);
 		}
-
-		return new SigningResult(tSignatureAlgorithm, tSignedContent);
 	}
 
 	protected SignatureAlgorithm determineSignatureAlgorithm(PublicKey aPublicKey) throws SshSignatureException {
@@ -69,7 +74,7 @@ protected SignatureAlgorithm determineSignatureAlgorithm(PublicKey aPublicKey) t
 			// TODO RSA_SHA2_256 would also be an option here
 			return SignatureAlgorithm.RSA_SHA2_512;
 		}
-		if (aPublicKey instanceof EdDSAPublicKey) {
+		if ("EdDSA".equals(aPublicKey.getAlgorithm())) {
 			return SignatureAlgorithm.SSH_ED25519;
 		}
 		throw new SshSignatureException(