brooklyn-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From henev...@apache.org
Subject [brooklyn-server] 01/02: correctly handle multiple private keys supplied (including as default)
Date Tue, 10 Aug 2021 11:12:54 GMT
This is an automated email from the ASF dual-hosted git repository.

heneveld pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/brooklyn-server.git

commit 5cab8a38b60d6e3dfa6ec59bc13bfa030943c49b
Author: Alex Heneveld <alex.heneveld@cloudsoftcorp.com>
AuthorDate: Tue Aug 10 12:08:42 2021 +0100

    correctly handle multiple private keys supplied (including as default)
---
 .../util/core/internal/ssh/SshAbstractTool.java    | 38 +++++++++++++++++-----
 1 file changed, 29 insertions(+), 9 deletions(-)

diff --git a/core/src/main/java/org/apache/brooklyn/util/core/internal/ssh/SshAbstractTool.java
b/core/src/main/java/org/apache/brooklyn/util/core/internal/ssh/SshAbstractTool.java
index 612ccff..f65a622 100644
--- a/core/src/main/java/org/apache/brooklyn/util/core/internal/ssh/SshAbstractTool.java
+++ b/core/src/main/java/org/apache/brooklyn/util/core/internal/ssh/SshAbstractTool.java
@@ -20,6 +20,7 @@ package org.apache.brooklyn.util.core.internal.ssh;
 
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
+import java.util.Arrays;
 import static org.apache.brooklyn.util.net.Networking.checkPortValid;
 
 import java.io.File;
@@ -31,9 +32,13 @@ import org.apache.brooklyn.util.os.Os;
 
 import com.google.common.collect.Iterables;
 import com.google.common.collect.Sets;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 public abstract class SshAbstractTool extends ShellAbstractTool implements SshTool {
 
+    private static final Logger LOG = LoggerFactory.getLogger(SshAbstractTool.class);
+
     protected final String toString;
 
     protected final String host;
@@ -83,7 +88,9 @@ public abstract class SshAbstractTool extends ShellAbstractTool implements
SshTo
             // but sshj accepts only a single privateKeyFile; leave blank to use defaults
(i.e. ~/.ssh/id_rsa and id_dsa)
             warnOnDeprecated(props, "keyFiles", null);
             String privateKeyFile = getOptionalVal(props, PROP_PRIVATE_KEY_FILE);
-            if (privateKeyFile != null) privateKeyFiles.add(privateKeyFile);
+            if (privateKeyFile != null) {
+                privateKeyFiles.addAll(Arrays.asList(privateKeyFile.split(File.pathSeparator)));
+            }
             
             strictHostKeyChecking = getOptionalVal(props, PROP_STRICT_HOST_KEY_CHECKING);
             allocatePTY = getOptionalVal(props, PROP_ALLOCATE_PTY);
@@ -136,14 +143,27 @@ public abstract class SshAbstractTool extends ShellAbstractTool implements
SshTo
         allocatePTY = builder.allocatePTY;
         privateKeyPassphrase = builder.privateKeyPassphrase;
         privateKeyData = builder.privateKeyData;
-        
-        if (builder.privateKeyFiles.size() > 1) {
-            throw new IllegalArgumentException("sshj supports only a single private key-file;
" +
-                    "for defaults of ~/.ssh/id_rsa and ~/.ssh/id_dsa leave blank");
-        } else if (builder.privateKeyFiles.size() == 1) {
-            String privateKeyFileStr = Iterables.get(builder.privateKeyFiles, 0);
-            String amendedKeyFile = privateKeyFileStr.startsWith("~") ? (System.getProperty("user.home")+privateKeyFileStr.substring(1))
: privateKeyFileStr;
-            privateKeyFile = new File(amendedKeyFile);
+
+        String keyFile = null;
+        String lastCandidate = null;
+
+        for (String candidate: builder.privateKeyFiles) {
+            lastCandidate = candidate.startsWith("~") ? (System.getProperty("user.home")+candidate.substring(1))
: candidate;
+            if (new File(lastCandidate).exists()) {
+                keyFile = lastCandidate;
+                break;
+            }
+        }
+        if (keyFile==null) {
+            if (builder.privateKeyFiles.size()==1) {
+                // probably won't work, but use a single file if specified
+                keyFile = lastCandidate;
+            } else if (builder.privateKeyFiles.size()>1 && privateKeyData==null)
{
+                LOG.trace("None of the key files exist; unlikely for SSH to succeed");
+            }
+        }
+        if (keyFile!=null) {
+            privateKeyFile = new File(keyFile);
         } else {
             privateKeyFile = null;
         }

Mime
View raw message