-
Notifications
You must be signed in to change notification settings - Fork 111
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
a61b579
commit 58da751
Showing
9 changed files
with
361 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,105 @@ | ||
package com.trilead.ssh2.jenkins; | ||
|
||
import java.util.ArrayList; | ||
import java.util.Arrays; | ||
import java.util.Collections; | ||
import java.util.List; | ||
|
||
import com.trilead.ssh2.log.Logger; | ||
|
||
/** | ||
* Class for filtering algorithms. | ||
* The reason for this filter is that some algorithms have security issues. | ||
* The filter can be disabled by setting the system property {@link #isEnabledFilterProperty} to false. | ||
* The list of algorithms to filter can be set by setting the system property {@link #filteredAlgorithmsProperty}. | ||
*/ | ||
public class FilterAlgorithms { | ||
/** | ||
* The system property suffix to enable/disable the filter. | ||
*/ | ||
private static final String ALGORITHMS = ".algorithms"; | ||
/** | ||
* The system property suffix to set the list of algorithms to filter. | ||
*/ | ||
private static final String ENABLED = ".enabled"; | ||
/** | ||
* The logger. | ||
*/ | ||
private static final Logger LOGGER = Logger.getLogger(FilterAlgorithms.class); | ||
/** | ||
* The system property to enable/disable the filter. | ||
*/ | ||
private final String isEnabledFilterProperty; | ||
/** | ||
* The system property to set the list of algorithms to filter. | ||
*/ | ||
private final String filteredAlgorithmsProperty; | ||
|
||
/** | ||
* The list of algorithms to filter. | ||
*/ | ||
private List<String> filteredAlgorithms = new ArrayList<>(); | ||
|
||
/** | ||
* Constructor. | ||
* @param clazz the class name used for the system properties | ||
* @param filteredAlgorithms the list of algorithms to filter | ||
*/ | ||
public FilterAlgorithms(String clazz, List<String> filteredAlgorithms) { | ||
this.filteredAlgorithms = filteredAlgorithms; | ||
this.isEnabledFilterProperty = clazz + ENABLED; | ||
this.filteredAlgorithmsProperty = clazz + ALGORITHMS; | ||
} | ||
|
||
/** | ||
* Filter algorithms. | ||
* @param algorithms the algorithms to filter | ||
* @return the filtered algorithms | ||
*/ | ||
public String[] filter(String[] algorithms) { | ||
String[] ret = Collections.emptySet().toArray(new String[0]); | ||
if (algorithms != null) { | ||
if (!isEnabled()) { | ||
LOGGER.log(20, "Algorithms filter is disabled"); | ||
ret = algorithms; | ||
} else { | ||
ret = Arrays.stream(algorithms) | ||
.filter(x -> !getFilteredAlgorithms().contains(x)) | ||
.toArray(String[]::new); | ||
} | ||
} else { | ||
LOGGER.log(20, "Algorithms is null"); | ||
} | ||
return ret; | ||
} | ||
|
||
/** | ||
* Check if the filter is enabled. | ||
* @return true if the filter is enabled | ||
*/ | ||
private boolean isEnabled() { | ||
return Boolean.parseBoolean(System.getProperty(isEnabledFilterProperty, "true")); | ||
} | ||
|
||
/** | ||
* Get the list of algorithms to filter. | ||
* @return the list of algorithms to filter | ||
*/ | ||
private List<String> getFilteredAlgorithms() { | ||
List<String> ret = new ArrayList<>(); | ||
if (System.getProperty(filteredAlgorithmsProperty) != null && !System.getProperty(filteredAlgorithmsProperty).isEmpty()) { | ||
ret = Arrays.asList(System.getProperty(filteredAlgorithmsProperty).split(",")); | ||
} else { | ||
ret = filteredAlgorithms; | ||
} | ||
return ret; | ||
} | ||
|
||
public String getIsEnabledFilterProperty() { | ||
return isEnabledFilterProperty; | ||
} | ||
|
||
public String getFilteredAlgorithmsProperty() { | ||
return filteredAlgorithmsProperty; | ||
} | ||
} |
33 changes: 33 additions & 0 deletions
33
src/com/trilead/ssh2/jenkins/FilterEncrytionAlgorithms.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
package com.trilead.ssh2.jenkins; | ||
|
||
import java.util.ArrayList; | ||
import java.util.Collection; | ||
import java.util.Collections; | ||
import java.util.List; | ||
|
||
import com.trilead.ssh2.log.Logger; | ||
|
||
/** | ||
* Filter encryption algorithms. | ||
* The reason for this filter is that some algorithms have security issues. | ||
* The filter can be disabled by setting the system property | ||
* com.trilead.ssh2.jenkins.FilterEncrytionAlgorithms.enabled to false. | ||
* The list of algorithms to filter can be set by setting the system property | ||
* com.trilead.ssh2.jenkins.FilterEncrytionAlgorithms.algorithms (e.g. type01,type02,type03). | ||
*/ | ||
public class FilterEncrytionAlgorithms { | ||
/* | ||
* The list of algorithms to filter by default. | ||
*/ | ||
private static final List<String> filteredAlgorithms = Collections.emptyList(); | ||
|
||
/** | ||
* Filter algorithms. | ||
* @param algorithms The algorithms to filter. | ||
* @return The filtered algorithms. | ||
*/ | ||
public static String[] filter(String[] algorithms) { | ||
FilterAlgorithms filter = new FilterAlgorithms(FilterEncrytionAlgorithms.class.getName(), filteredAlgorithms); | ||
return filter.filter(algorithms); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
package com.trilead.ssh2.jenkins; | ||
|
||
import java.util.ArrayList; | ||
import java.util.Collections; | ||
import java.util.List; | ||
|
||
import com.trilead.ssh2.log.Logger; | ||
|
||
/** | ||
* Filter host key algorithms. | ||
* The reason for this filter is that some algorithms have security issues. | ||
* The filter can be disabled by setting the system property | ||
* com.trilead.ssh2.jenkins.FilterHostKeyAlgorithms.enabled to false. | ||
* The list of algorithms to filter can be set by setting the system property | ||
* com.trilead.ssh2.jenkins.FilterHostKeyAlgorithms.algorithms (e.g. type01,type02,type03). | ||
*/ | ||
public class FilterHostKeyAlgorithms { | ||
/* | ||
* The list of algorithms to filter. | ||
*/ | ||
private static final List<String> filteredAlgorithms = Collections.emptyList(); | ||
|
||
/** | ||
* Filter algorithms. | ||
* @param algorithms The algorithms to filter. | ||
* @return The filtered algorithms. | ||
*/ | ||
public static String[] filter(String[] algorithms) { | ||
FilterAlgorithms filter = new FilterAlgorithms(FilterHostKeyAlgorithms.class.getName(), filteredAlgorithms); | ||
return filter.filter(algorithms); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
package com.trilead.ssh2.jenkins; | ||
|
||
import java.util.ArrayList; | ||
import java.util.List; | ||
|
||
import com.trilead.ssh2.log.Logger; | ||
|
||
/** | ||
* Filter KEX algorithms. | ||
* The reason for this filter is that some algorithms have security issues. | ||
* The filter can be disabled by setting the system property | ||
* com.trilead.ssh2.jenkins.FilterKexAlgorithms.enabled to false. | ||
* The list of algorithms to filter can be set by setting the system property | ||
* com.trilead.ssh2.jenkins.FilterKexAlgorithms.algorithms (e.g. type01,type02,type03). | ||
*/ | ||
public class FilterKexAlgorithms { | ||
/* | ||
* The list of algorithms to filter. | ||
*/ | ||
private static final List<String> filteredAlgorithms = new ArrayList<>( | ||
List.of( | ||
// Terrapin attack see https://en.wikipedia.org/wiki/Terrapin_attack | ||
"chacha20-poly1305@openssh.com")); | ||
|
||
/** | ||
* Filter algorithms. | ||
* @param algorithms The algorithms to filter. | ||
* @return The filtered algorithms. | ||
*/ | ||
public static String[] filter(String[] algorithms) { | ||
FilterAlgorithms filter = new FilterAlgorithms(FilterKexAlgorithms.class.getName(), filteredAlgorithms); | ||
return filter.filter(algorithms); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
package com.trilead.ssh2.jenkins; | ||
|
||
import java.util.ArrayList; | ||
import java.util.List; | ||
|
||
import com.trilead.ssh2.log.Logger; | ||
|
||
/** | ||
* Filter host key algorithms. | ||
* The reason for this filter is that some algorithms have security issues. | ||
* The filter can be disabled by setting the system property | ||
* com.trilead.ssh2.jenkins.FilterHostKeyAlgorithms.enabled to false. | ||
* The list of algorithms to filter can be set by setting the system property | ||
* com.trilead.ssh2.jenkins.FilterHostKeyAlgorithms.algorithms (e.g. type01,type02,type03). | ||
*/ | ||
public class FilterMacAlgorithms { | ||
/* | ||
* The list of algorithms to filter. | ||
*/ | ||
private static final List<String> filteredAlgorithms = new ArrayList<>( | ||
List.of( | ||
// Terrapin attack see https://en.wikipedia.org/wiki/Terrapin_attack | ||
"hmac-sha2-512-etm@openssh.com", | ||
// Terrapin attack see https://en.wikipedia.org/wiki/Terrapin_attack | ||
"hmac-sha2-256-etm@openssh.com")); | ||
|
||
/** | ||
* Filter algorithms. | ||
* @param algorithms The algorithms to filter. | ||
* @return The filtered algorithms. | ||
*/ | ||
public static String[] filter(String[] algorithms) { | ||
FilterAlgorithms filter = new FilterAlgorithms(FilterMacAlgorithms.class.getName(), filteredAlgorithms); | ||
return filter.filter(algorithms); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
package com.trilead.ssh2.jenkins; | ||
|
||
import static org.junit.Assert.assertArrayEquals; | ||
|
||
import java.util.Arrays; | ||
|
||
import org.junit.After; | ||
import org.junit.Test; | ||
|
||
public class FilterAlgorithmsTest { | ||
|
||
@After | ||
public void setUp() { | ||
System.setProperty("foo.enabled", "true"); | ||
System.setProperty("foo.algorithms", ""); | ||
} | ||
|
||
@Test | ||
public void testFilter() { | ||
String[] kexAlgorithms = {"algorithm0", "algorithm2", "algorithm3"}; | ||
String[] expected = {"algorithm2", "algorithm3"}; | ||
String[] filteredAlgorithms = {"algorithm0"}; | ||
FilterAlgorithms filter = new FilterAlgorithms("foo",Arrays.asList(filteredAlgorithms)); | ||
|
||
assertArrayEquals(expected, filter.filter(kexAlgorithms)); | ||
} | ||
|
||
@Test | ||
public void testFilterWithNull() { | ||
String[] expected = {}; | ||
FilterAlgorithms filter = new FilterAlgorithms("foo",null); | ||
|
||
assertArrayEquals(expected, filter.filter(null)); | ||
} | ||
|
||
@Test | ||
public void testFilterWithEmptyArray() { | ||
String[] kexAlgorithms = {}; | ||
String[] expected = {}; | ||
FilterAlgorithms filter = new FilterAlgorithms("foo", Arrays.asList(kexAlgorithms)); | ||
|
||
assertArrayEquals(expected, filter.filter(kexAlgorithms)); | ||
} | ||
|
||
@Test | ||
public void testDisabledFilter() { | ||
String[] kexAlgorithms = {"algorithm0", "algorithm2", "algorithm3"}; | ||
FilterAlgorithms filter = new FilterAlgorithms("foo", Arrays.asList(kexAlgorithms)); | ||
System.setProperty(filter.getIsEnabledFilterProperty(), "false"); | ||
|
||
assertArrayEquals(kexAlgorithms, filter.filter(kexAlgorithms)); | ||
} | ||
|
||
@Test | ||
public void testFilterWithEmptyList() { | ||
String[] kexAlgorithms = {"algorithm0", "algorithm2", "algorithm3"}; | ||
String[] expected = {}; | ||
FilterAlgorithms filter = new FilterAlgorithms("foo", Arrays.asList(kexAlgorithms)); | ||
System.setProperty(filter.getFilteredAlgorithmsProperty(), ""); | ||
|
||
assertArrayEquals(expected, filter.filter(kexAlgorithms)); | ||
} | ||
|
||
@Test | ||
public void testFilterWithCustomList() { | ||
String[] kexAlgorithms = {"algorithm0", "algorithm2", "algorithm3"}; | ||
String[] expected = {"algorithm0"}; | ||
FilterAlgorithms filter = new FilterAlgorithms("foo", Arrays.asList(kexAlgorithms)); | ||
System.setProperty(filter.getFilteredAlgorithmsProperty(), "algorithm2,algorithm3"); | ||
|
||
assertArrayEquals(expected, filter.filter(kexAlgorithms)); | ||
} | ||
|
||
} |