diff --git a/Documentation/config-gerrit.txt b/Documentation/config-gerrit.txt index dcc3df3682..95d5283e3f 100644 --- a/Documentation/config-gerrit.txt +++ b/Documentation/config-gerrit.txt @@ -2696,14 +2696,6 @@ namespace. To alias `replication start` to `gerrit replicate`: [[sshd]] === Section sshd -[[sshd.backend]]sshd.backend:: -+ -Starting from version 0.9.0 Apache SSHD project added support for NIO2 -IoSession. To use the new NIO2 session the `backend` option must be set -to `NIO2`. -+ -By default, `MINA`. - [[sshd.listenAddress]]sshd.listenAddress:: + Specifies the local addresses the internal SSHD should listen diff --git a/gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config b/gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config index 16bceeeb51..b5e702f3d4 100644 --- a/gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config +++ b/gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config @@ -15,16 +15,16 @@ # Version should match lib/bouncycastle/BUCK [library "bouncyCastleProvider"] - name = Bouncy Castle Crypto Provider v151 - url = http://www.bouncycastle.org/download/bcprov-jdk15on-151.jar - sha1 = 9ab8afcc2842d5ef06eb775a0a2b12783b99aa80 + name = Bouncy Castle Crypto Provider v149 + url = http://www.bouncycastle.org/download/bcprov-jdk15on-149.jar + sha1 = f5155f04330459104b79923274db5060c1057b99 remove = bcprov-.*[.]jar # Version should match lib/bouncycastle/BUCK [library "bouncyCastleSSL"] - name = Bouncy Castle Crypto SSL v151 - url = http://www.bouncycastle.org/download/bcpkix-jdk15on-151.jar - sha1 = 6c8c1f61bf27a09f9b1a8abc201523669bba9597 + name = Bouncy Castle Crypto SSL v149 + url = http://www.bouncycastle.org/download/bcpkix-jdk15on-149.jar + sha1 = 924cc7ad2f589630c97b918f044296ebf1bb6855 needs = bouncyCastleProvider remove = bcpkix-.*[.]jar diff --git a/gerrit-server/src/main/java/com/google/gerrit/server/contact/EncryptedContactStore.java b/gerrit-server/src/main/java/com/google/gerrit/server/contact/EncryptedContactStore.java index d82180deaf..8c1fdb6b79 100644 --- a/gerrit-server/src/main/java/com/google/gerrit/server/contact/EncryptedContactStore.java +++ b/gerrit-server/src/main/java/com/google/gerrit/server/contact/EncryptedContactStore.java @@ -38,9 +38,6 @@ import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRingCollection; import org.bouncycastle.openpgp.PGPUtil; -import org.bouncycastle.openpgp.bc.BcPGPPublicKeyRingCollection; -import org.bouncycastle.openpgp.operator.bc.BcPGPDataEncryptorBuilder; -import org.bouncycastle.openpgp.operator.bc.BcPublicKeyKeyEncryptionMethodGenerator; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -114,7 +111,7 @@ class EncryptedContactStore implements ContactStore { private static PGPPublicKeyRingCollection readPubRing(final File pub) { try (InputStream fin = new FileInputStream(pub); InputStream in = PGPUtil.getDecoderStream(fin)) { - return new BcPGPPublicKeyRingCollection(in); + return new PGPPublicKeyRingCollection(in); } catch (IOException e) { throw new ProvisionException("Cannot read " + pub, e); } catch (PGPException e) { @@ -170,16 +167,12 @@ class EncryptedContactStore implements ContactStore { } } + @SuppressWarnings("deprecation") private final PGPEncryptedDataGenerator cpk() throws NoSuchProviderException, PGPException { - final BcPGPDataEncryptorBuilder builder = - new BcPGPDataEncryptorBuilder(PGPEncryptedData.CAST5) - .setSecureRandom(prng); PGPEncryptedDataGenerator cpk = - new PGPEncryptedDataGenerator(builder, true); - final BcPublicKeyKeyEncryptionMethodGenerator methodGenerator = - new BcPublicKeyKeyEncryptionMethodGenerator(dest); - cpk.addMethod(methodGenerator); + new PGPEncryptedDataGenerator(PGPEncryptedData.CAST5, true, prng, "BC"); + cpk.addMethod(dest); return cpk; } diff --git a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java index 92ab653c9c..ba5465573b 100644 --- a/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java +++ b/gerrit-sshd/src/main/java/com/google/gerrit/sshd/SshDaemon.java @@ -45,7 +45,6 @@ import org.apache.sshd.common.ForwardingFilter; import org.apache.sshd.common.KeyExchange; import org.apache.sshd.common.KeyPairProvider; import org.apache.sshd.common.NamedFactory; -import org.apache.sshd.common.RequestHandler; import org.apache.sshd.common.Session; import org.apache.sshd.common.Signature; import org.apache.sshd.common.SshdSocketAddress; @@ -68,11 +67,10 @@ import org.apache.sshd.common.forward.TcpipServerChannel; import org.apache.sshd.common.future.CloseFuture; import org.apache.sshd.common.future.SshFutureListener; import org.apache.sshd.common.io.IoAcceptor; -import org.apache.sshd.common.io.IoServiceFactoryFactory; +import org.apache.sshd.common.io.IoServiceFactory; import org.apache.sshd.common.io.IoSession; -import org.apache.sshd.common.io.mina.MinaServiceFactoryFactory; +import org.apache.sshd.common.io.mina.MinaServiceFactory; import org.apache.sshd.common.io.mina.MinaSession; -import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory; import org.apache.sshd.common.mac.HMACMD5; import org.apache.sshd.common.mac.HMACMD596; import org.apache.sshd.common.mac.HMACSHA1; @@ -81,7 +79,6 @@ import org.apache.sshd.common.random.BouncyCastleRandom; import org.apache.sshd.common.random.JceRandom; import org.apache.sshd.common.random.SingletonRandomFactory; import org.apache.sshd.common.session.AbstractSession; -import org.apache.sshd.common.session.ConnectionService; import org.apache.sshd.common.signature.SignatureDSA; import org.apache.sshd.common.signature.SignatureRSA; import org.apache.sshd.common.util.Buffer; @@ -94,10 +91,6 @@ import org.apache.sshd.server.auth.UserAuthPublicKey; import org.apache.sshd.server.auth.gss.GSSAuthenticator; import org.apache.sshd.server.auth.gss.UserAuthGSS; import org.apache.sshd.server.channel.ChannelSession; -import org.apache.sshd.server.global.CancelTcpipForwardHandler; -import org.apache.sshd.server.global.KeepAliveHandler; -import org.apache.sshd.server.global.NoMoreSessionsHandler; -import org.apache.sshd.server.global.TcpipForwardHandler; import org.apache.sshd.server.kex.DHG1; import org.apache.sshd.server.kex.DHG14; import org.apache.sshd.server.session.SessionFactory; @@ -200,13 +193,8 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener { final String kerberosPrincipal = cfg.getString( "sshd", null, "kerberosPrincipal"); - SshSessionBackend backend = cfg.getEnum( - "sshd", null, "backend", SshSessionBackend.MINA); - - System.setProperty(IoServiceFactoryFactory.class.getName(), - backend == SshSessionBackend.MINA - ? MinaServiceFactoryFactory.class.getName() - : Nio2ServiceFactoryFactory.class.getName()); + System.setProperty(IoServiceFactory.class.getName(), + MinaServiceFactory.class.getName()); if (SecurityUtils.isBouncyCastleRegistered()) { initProviderBouncyCastle(); @@ -263,12 +251,6 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener { return new GerritServerSession(server, ioSession); } }); - setGlobalRequestHandlers(Arrays.> asList( - new KeepAliveHandler(), - new NoMoreSessionsHandler(), - new TcpipForwardHandler(), - new CancelTcpipForwardHandler() - )); hostKeys = computeHostKeys(); } @@ -318,10 +300,8 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener { public synchronized void stop() { if (acceptor != null) { try { - acceptor.close(true).await(); + acceptor.dispose(); log.info("Stopped Gerrit SSHD"); - } catch (InterruptedException e) { - log.warn("Exception caught while closing", e); } finally { acceptor = null; } @@ -607,11 +587,6 @@ public class SshDaemon extends SshServer implements SshInfo, LifecycleListener { @Override public SshFile getFile(String file) { return null; - } - - @Override - public FileSystemView getNormalizedView() { - return null; }}; } }); diff --git a/lib/bouncycastle/BUCK b/lib/bouncycastle/BUCK index d1ec48de1b..99f960e81c 100644 --- a/lib/bouncycastle/BUCK +++ b/lib/bouncycastle/BUCK @@ -2,19 +2,19 @@ include_defs('//lib/maven.defs') # This version must match the version that also appears in # gerrit-pgm/src/main/resources/com/google/gerrit/pgm/libraries.config -VERSION = '1.51' +VERSION = '1.49' maven_jar( name = 'bcprov', id = 'org.bouncycastle:bcprov-jdk15on:' + VERSION, - sha1 = '9ab8afcc2842d5ef06eb775a0a2b12783b99aa80', + sha1 = 'f5155f04330459104b79923274db5060c1057b99', license = 'DO_NOT_DISTRIBUTE', #'bouncycastle' ) maven_jar( name = 'bcpg', id = 'org.bouncycastle:bcpg-jdk15on:' + VERSION, - sha1 = 'b5fa4c280dfbf8bf7c260bc1e78044c7a1de5133', + sha1 = '081d84be5b125e1997ab0e2244d1a2276b5de76c', license = 'DO_NOT_DISTRIBUTE', #'bouncycastle' deps = [':bcprov'], ) @@ -22,7 +22,7 @@ maven_jar( maven_jar( name = 'bcpkix', id = 'org.bouncycastle:bcpkix-jdk15on:' + VERSION, - sha1 = '6c8c1f61bf27a09f9b1a8abc201523669bba9597', + sha1 = '924cc7ad2f589630c97b918f044296ebf1bb6855', license = 'DO_NOT_DISTRIBUTE', #'bouncycastle' deps = [':bcprov'], ) diff --git a/lib/mina/BUCK b/lib/mina/BUCK index 5c51d3a22c..ff1df5a40e 100644 --- a/lib/mina/BUCK +++ b/lib/mina/BUCK @@ -8,17 +8,18 @@ EXCLUDE = [ maven_jar( name = 'sshd', - id = 'org.apache.sshd:sshd-core:0.13.0', - sha1 = 'c616c5865cc55473c6d63c6fcf46e60d382be172', + id = 'org.apache.sshd:sshd-core:0.9.0-4-g5967cfd', + sha1 = '8f4b6f7ebc54655dc7d25a77665cf51f2b1288b2', license = 'Apache2.0', deps = [':core'], exclude = EXCLUDE, + repository = GERRIT, ) maven_jar( name = 'core', - id = 'org.apache.mina:mina-core:2.0.8', - sha1 = 'd6ff69fa049aeaecdf0c04cafbb1ab53b7487883', + id = 'org.apache.mina:mina-core:2.0.7', + sha1 = 'c878e2aa82de748474a624ec3933e4604e446dec', license = 'Apache2.0', exclude = EXCLUDE, )