search

hierynomus / sshj

ssh, scp and sftp for java
Apache License 2.0
2.5k stars 601 forks source link

use BouncyCastle as a library vs a JCE provider #82

Open jclouds opened 12 years ago

jclouds commented 12 years ago

in jclouds, we'd like to make tools that can be completely contained in a single jar. Ex. http://skife.org/java/unix/2011/06/20/really_executable_jars.html

While sshj uses BouncyCastle as a JCE provider, this is not possible due to signed jar issues. It complicates things and many forget to put it separately or have to screw with their shade config, etc. In general, while a good idea, it introduces some accidental complexity.

Can we move sshj to just use BouncyCastle libraries? In doing so apps like jclouds don't need to dance around JCE issues, makine a much cleaner experience.

shikhar commented 12 years ago

agreed, this will make sshj usage more straightforward

petergardfjall commented 10 years ago

Has there been any progress on this issue? I'm facing the exact same issue as described here:

http://stackoverflow.com/questions/19815748/sshj-and-the-maven-shade-plugin

That is, I'm trying to create an executable jar file with the sshj "baked in" but I'm failing to use sshj since the bouncycastle jar file seems to be unusable as a JCE provider in such a setup.

hierynomus commented 9 years ago

A PR would be welcome. Currently bit short on time to implement this.

Zlika commented 9 years ago

This issue is really annoying for Java EE applications, where we use to deploy an uber WAR file including all the dendencies. Because of that I had to switch from sshj to Jsch :-(

hierynomus commented 9 years ago

I will try to solve this in 1.0.0 (which introduces more breaking changes)...

dkocher commented 9 years ago

Great. I suppose this will also resolve #188.

hierynomus commented 9 years ago

Yes, I will make it switchable so that on Android you can use Spongy

2015-04-21 10:36 GMT+02:00 David Kocher notifications@github.com:

Great. I suppose this will also resolve #188 https://github.com/hierynomus/sshj/issues/188.

— Reply to this email directly or view it on GitHub https://github.com/hierynomus/sshj/issues/82#issuecomment-94702733.

raskasa commented 8 years ago

@jclouds @hierynomus I'm assuming this is still an issue. As we wait for the release of v1.0.0, what is the recommended workaround solution for developers that want to bundle their apps as uber/fat jars?

For my project, I'm using Gradle to create my uber jar (as opposed to Maven Shade).

igkins commented 7 years ago

@jclouds @hierynomus @raskasa has there been any progress on this? we also have the exact use case where we must use a shade jar.

wilx commented 7 years ago

Welp, I think I have hit this as well.

FearlessHyena commented 7 years ago

Same here. Did anyone find a workaround for this?

daum commented 6 years ago

Hit this myself.

MrThomasWagner commented 5 years ago

Just hit this myself. Going to try a different library :(

wilx commented 5 years ago

Why does the code even try to force BouncyCastle? I tried to disable the BouncyCastle provider registration and I have changed some to not depend on it and most tests pass. It seems to me that the only major failing part is the Elliptic Curves stuff. It seems to me recent JDK should provide enough to implement at least few viable combinations of algorithms for SSH connections.

diff --git a/src/main/java/net/schmizz/sshj/DefaultConfig.java b/src/main/java/net/schmizz/sshj/DefaultConfig.java
index 00eb521..3d4e737 100644
--- a/src/main/java/net/schmizz/sshj/DefaultConfig.java
+++ b/src/main/java/net/schmizz/sshj/DefaultConfig.java
@@ -104,7 +104,7 @@ public class DefaultConfig
     }

     protected void initKeyExchangeFactories(boolean bouncyCastleRegistered) {
-        if (bouncyCastleRegistered) {
+        if (true || bouncyCastleRegistered) {
             setKeyExchangeFactories(
                     new Curve25519SHA256.Factory(),
                     new Curve25519SHA256.FactoryLibSsh(),
@@ -139,7 +139,7 @@ public class DefaultConfig
     }

     protected void initFileKeyProviderFactories(boolean bouncyCastleRegistered) {
-        if (bouncyCastleRegistered) {
+        if (true || bouncyCastleRegistered) {
             setFileKeyProviderFactories(
                     new OpenSSHKeyV1KeyFile.Factory(),
                     new PKCS8KeyFile.Factory(),
diff --git a/src/main/java/net/schmizz/sshj/common/SecurityUtils.java b/src/main/java/net/schmizz/sshj/common/SecurityUtils.java
index eb4bab0..01d4335 100644
--- a/src/main/java/net/schmizz/sshj/common/SecurityUtils.java
+++ b/src/main/java/net/schmizz/sshj/common/SecurityUtils.java
@@ -58,7 +58,7 @@ public class SecurityUtils {
     private static String securityProvider = null;

     // relate to BC registration (or SpongyCastle on Android)
-    private static Boolean registerBouncyCastle;
+    private static Boolean registerBouncyCastle = false;
     private static boolean registrationDone;

     public static boolean registerSecurityProvider(String providerClassName) {
nmoreaud commented 4 years ago

What is the impact of disabling bounty castle ? Will there be corner cases with some remote machines ? Less encryption models supported ?

I also had a problem with bounty castle because my vagrant vbox vm didn't have enough entropy (rndnd was not installed by default).