Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » EGit / JGit » JGit exception java.security.spec.InvalidKeySpecException only when running unit test
JGit exception java.security.spec.InvalidKeySpecException only when running unit test [message #1851494] Wed, 06 April 2022 15:11 Go to next message
Jeffrey Fagerberg is currently offline Jeffrey FagerbergFriend
Messages: 3
Registered: April 2022
Junior Member
I am trying to use JGIT in my service to update a file in a different git project.

The git project I am trying to update is private, and I am using a ED25519 deploy key to grant access.

I am doing the following to set my SshSessionFactory
SshSessionFactory.setInstance(new SshdSessionFactoryBuilder()
                    .setHomeDirectory(FileUtils.toFile(this.getClass()
                            .getClassLoader()
                            .getResource(config.userHomeDirectory())))
                    .setSshDirectory(FileUtils.toFile(this.getClass()
                            .getClassLoader()
                            .getResource(config.sshDirectory())))
                    .build(null));


and my ssh directory has the ssh keys and ssh config.
My ssh config is only

Host *
    StrictHostKeyChecking no


The code works great when my service is running, but I am trying to write unit tests for it and I get this exception.

The service is written in Quarkus, and the tests are running as a Quarkus test

2022-04-06 10:54:30,146 DEBUG [org.apa.ssh.com.con.key.loa.ope.OpenSSHKeyPairResourceParser] (sshd-JGitSshClient[41c9df5c]-nio2-thread-2) extractKeyPairs(C:\code\prime-landing\target\classes\prime-cloudfront\.ssh\id_ed25519) decode 1 keys using context=OpenSSHParserContext[cipher=none, kdfOptions=none: options=]
2022-04-06 10:54:30,147 WARN  [org.ecl.jgi.int.tra.ssh.CachingKeyPairProvider] (sshd-JGitSshClient[41c9df5c]-nio2-thread-2) key spec not recognised: class net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec: java.security.spec.InvalidKeySpecException: key spec not recognised: class net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec
	at net.i2p.crypto.eddsa.KeyFactory.engineGeneratePublic(KeyFactory.java:52)
	at java.base/java.security.KeyFactory.generatePublic(KeyFactory.java:346)
	at org.apache.sshd.common.util.security.eddsa.EdDSASecurityProviderUtils.generateEDDSAPublicKey(EdDSASecurityProviderUtils.java:174)
	at org.apache.sshd.common.util.security.SecurityUtils.generateEDDSAPublicKey(SecurityUtils.java:630)
	at org.apache.sshd.common.util.security.eddsa.Ed25519PublicKeyDecoder.decodePublicKey(Ed25519PublicKeyDecoder.java:98)
	at org.apache.sshd.common.util.security.eddsa.Ed25519PublicKeyDecoder.decodePublicKey(Ed25519PublicKeyDecoder.java:44)
	at org.apache.sshd.common.config.keys.loader.openssh.OpenSSHKeyPairResourceParser.readPublicKey(OpenSSHKeyPairResourceParser.java:230)
	at org.apache.sshd.common.config.keys.loader.openssh.OpenSSHKeyPairResourceParser.extractKeyPairs(OpenSSHKeyPairResourceParser.java:133)
	at org.apache.sshd.common.config.keys.loader.AbstractKeyPairResourceParser.extractKeyPairs(AbstractKeyPairResourceParser.java:198)
	at org.apache.sshd.common.config.keys.loader.AbstractKeyPairResourceParser.extractKeyPairs(AbstractKeyPairResourceParser.java:167)
	at org.apache.sshd.common.config.keys.loader.AbstractKeyPairResourceParser.loadKeyPairs(AbstractKeyPairResourceParser.java:117)
	at org.apache.sshd.common.config.keys.loader.KeyPairResourceParser$2.loadKeyPairs(KeyPairResourceParser.java:166)
	at org.apache.sshd.common.config.keys.loader.KeyPairResourceLoader.loadKeyPairs(KeyPairResourceLoader.java:157)
	at org.apache.sshd.common.config.keys.loader.KeyPairResourceLoader.loadKeyPairs(KeyPairResourceLoader.java:148)
	at org.apache.sshd.common.config.keys.loader.KeyPairResourceLoader.loadKeyPairs(KeyPairResourceLoader.java:139)
	at org.apache.sshd.common.config.keys.loader.KeyPairResourceLoader.loadKeyPairs(KeyPairResourceLoader.java:130)
	at org.apache.sshd.common.util.security.SecurityUtils.loadKeyPairIdentities(SecurityUtils.java:522)
	at org.eclipse.jgit.internal.transport.sshd.CachingKeyPairProvider.loadKey(CachingKeyPairProvider.java:114)
	at org.eclipse.jgit.internal.transport.sshd.CachingKeyPairProvider.loadKey(CachingKeyPairProvider.java:89)
	at org.eclipse.jgit.internal.transport.sshd.CachingKeyPairProvider$CancellingKeyPairIterator.hasNext(CachingKeyPairProvider.java:169)
	at org.eclipse.jgit.internal.transport.sshd.JGitSshClient$CombinedKeyIdentityProvider$1.hasNext(JGitSshClient.java:442)
	at org.apache.sshd.common.keyprovider.MultiKeyIdentityIterator.hasNext(MultiKeyIdentityIterator.java:86)
	at org.apache.sshd.client.auth.pubkey.UserAuthPublicKeyIterator$1$1.hasNext(UserAuthPublicKeyIterator.java:119)
	at org.apache.sshd.common.util.helper.LazyIterablesConcatenator$1.hasNext(LazyIterablesConcatenator.java:68)
	at org.apache.sshd.common.util.GenericUtils.selectNextMatchingValue(GenericUtils.java:849)
	at org.apache.sshd.common.util.helper.LazyMatchingTypeIterator.hasNext(LazyMatchingTypeIterator.java:62)
	at org.apache.sshd.client.auth.pubkey.UserAuthPublicKeyIterator.hasNext(UserAuthPublicKeyIterator.java:199)
	at org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.resolveAttemptedPublicKeyIdentity(UserAuthPublicKey.java:233)
	at org.eclipse.jgit.internal.transport.sshd.JGitPublicKeyAuthentication.getNextKey(JGitPublicKeyAuthentication.java:140)
	at org.eclipse.jgit.internal.transport.sshd.JGitPublicKeyAuthentication.resolveAttemptedPublicKeyIdentity(JGitPublicKeyAuthentication.java:129)
	at org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.sendAuthDataRequest(UserAuthPublicKey.java:151)
	at org.apache.sshd.client.auth.AbstractUserAuth.process(AbstractUserAuth.java:71)
	at org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:317)
	at org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:288)
	at org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:225)
	at org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:526)
	at org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:452)
	at org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1524)
	at org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:412)
	at org.eclipse.jgit.internal.transport.sshd.JGitClientSession.messageReceived(JGitClientSession.java:197)
	at org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:64)
	at org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:359)
	at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:336)
	at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:333)
	at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
	at java.base/java.security.AccessController.doPrivileged(Native Method)
	at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
	at java.base/sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:127)
	at java.base/sun.nio.ch.Invoker$2.run(Invoker.java:219)
	at java.base/sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:829)


Any Idea why I am hitting this issue? Is there a dependency maybe I am missing when my code runs as a test?
Re: JGit exception java.security.spec.InvalidKeySpecException only when running unit test [message #1851500 is a reply to message #1851494] Wed, 06 April 2022 18:52 Go to previous messageGo to next message
Thomas Wolf is currently offline Thomas WolfFriend
Messages: 495
Registered: August 2016
Senior Member
Is the eddsa security provider installed? I guess so, otherwise you shouldn't even have gotten this far. But other than that I have no idea. JGit's own normal JUnit tests run fine.

The exception is raised in public key authentication, so unrelated to the host key or to StrictHostKeyChecking.
Re: JGit exception java.security.spec.InvalidKeySpecException only when running unit test [message #1851502 is a reply to message #1851500] Wed, 06 April 2022 19:27 Go to previous messageGo to next message
Jeffrey Fagerberg is currently offline Jeffrey FagerbergFriend
Messages: 3
Registered: April 2022
Junior Member
Is there anywhere I can see these tests? I am not finding the source code anywhere.
Re: JGit exception java.security.spec.InvalidKeySpecException only when running unit test [message #1851503 is a reply to message #1851502] Wed, 06 April 2022 21:15 Go to previous messageGo to next message
Jeffrey Fagerberg is currently offline Jeffrey FagerbergFriend
Messages: 3
Registered: April 2022
Junior Member
I switched to using RSA keys from ED25519 and now everything works for both my tests and service.

I do think there is a real bug here because it seems when I run my unit test
protected PublicKey engineGeneratePublic(KeySpec keySpec)
            throws InvalidKeySpecException {
        if (keySpec instanceof EdDSAPublicKeySpec) {
            return new EdDSAPublicKey((EdDSAPublicKeySpec) keySpec);
        }
        if (keySpec instanceof X509EncodedKeySpec) {
            return new EdDSAPublicKey((X509EncodedKeySpec) keySpec);
        }
        throw new InvalidKeySpecException("key spec not recognised: " + keySpec.getClass());
    }

that first If statement doesn't validate as true when I believe it should.
But this bug is likely not in JGit and might be in the net.i2p.crypto:eddsa dependency
Re: JGit exception java.security.spec.InvalidKeySpecException only when running unit test [message #1851539 is a reply to message #1851502] Thu, 07 April 2022 22:15 Go to previous message
Thomas Wolf is currently offline Thomas WolfFriend
Messages: 495
Registered: August 2016
Senior Member
Jeffrey Fagerberg wrote on Wed, 06 April 2022 19:27
Is there anywhere I can see these tests? I am not finding the source code anywhere.

The JGit unit tests? They are in the git repository. Main test class for the Apache MINA sshd SSH transport is ApacheSshTest, which inherits a lot of tests from a superclass.
Previous Topic:Idiomatic way of saving a file
Next Topic:Github.com RSA key with SHA-1 no longer allowed
Goto Forum:
  


Current Time: Wed Sep 28 19:42:14 GMT 2022

Powered by FUDForum. Page generated in 0.02278 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top