Eclipse Community Forums: EGit / JGit » JGit exception java.security.spec.InvalidKeySpecException only when running unit test

Home » Eclipse Projects » EGit / JGit » JGit exception java.security.spec.InvalidKeySpecException only when running unit test

JGit exception java.security.spec.InvalidKeySpecException only when running unit test [message #1851494]

Wed, 06 April 2022 11:11

Eclipse User

I am trying to use JGIT in my service to update a file in a different git project.

The git project I am trying to update is private, and I am using a ED25519 deploy key to grant access.

I am doing the following to set my SshSessionFactory

SshSessionFactory.setInstance(new SshdSessionFactoryBuilder()
                    .setHomeDirectory(FileUtils.toFile(this.getClass()
                            .getClassLoader()
                            .getResource(config.userHomeDirectory())))
                    .setSshDirectory(FileUtils.toFile(this.getClass()
                            .getClassLoader()
                            .getResource(config.sshDirectory())))
                    .build(null));

and my ssh directory has the ssh keys and ssh config.
My ssh config is only

Host *
    StrictHostKeyChecking no

The code works great when my service is running, but I am trying to write unit tests for it and I get this exception.

The service is written in Quarkus, and the tests are running as a Quarkus test

2022-04-06 10:54:30,146 DEBUG [org.apa.ssh.com.con.key.loa.ope.OpenSSHKeyPairResourceParser] (sshd-JGitSshClient[41c9df5c]-nio2-thread-2) extractKeyPairs(C:\code\prime-landing\target\classes\prime-cloudfront\.ssh\id_ed25519) decode 1 keys using context=OpenSSHParserContext[cipher=none, kdfOptions=none: options=]
2022-04-06 10:54:30,147 WARN  [org.ecl.jgi.int.tra.ssh.CachingKeyPairProvider] (sshd-JGitSshClient[41c9df5c]-nio2-thread-2) key spec not recognised: class net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec: java.security.spec.InvalidKeySpecException: key spec not recognised: class net.i2p.crypto.eddsa.spec.EdDSAPublicKeySpec
	at net.i2p.crypto.eddsa.KeyFactory.engineGeneratePublic(KeyFactory.java:52)
	at java.base/java.security.KeyFactory.generatePublic(KeyFactory.java:346)
	at org.apache.sshd.common.util.security.eddsa.EdDSASecurityProviderUtils.generateEDDSAPublicKey(EdDSASecurityProviderUtils.java:174)
	at org.apache.sshd.common.util.security.SecurityUtils.generateEDDSAPublicKey(SecurityUtils.java:630)
	at org.apache.sshd.common.util.security.eddsa.Ed25519PublicKeyDecoder.decodePublicKey(Ed25519PublicKeyDecoder.java:98)
	at org.apache.sshd.common.util.security.eddsa.Ed25519PublicKeyDecoder.decodePublicKey(Ed25519PublicKeyDecoder.java:44)
	at org.apache.sshd.common.config.keys.loader.openssh.OpenSSHKeyPairResourceParser.readPublicKey(OpenSSHKeyPairResourceParser.java:230)
	at org.apache.sshd.common.config.keys.loader.openssh.OpenSSHKeyPairResourceParser.extractKeyPairs(OpenSSHKeyPairResourceParser.java:133)
	at org.apache.sshd.common.config.keys.loader.AbstractKeyPairResourceParser.extractKeyPairs(AbstractKeyPairResourceParser.java:198)
	at org.apache.sshd.common.config.keys.loader.AbstractKeyPairResourceParser.extractKeyPairs(AbstractKeyPairResourceParser.java:167)
	at org.apache.sshd.common.config.keys.loader.AbstractKeyPairResourceParser.loadKeyPairs(AbstractKeyPairResourceParser.java:117)
	at org.apache.sshd.common.config.keys.loader.KeyPairResourceParser$2.loadKeyPairs(KeyPairResourceParser.java:166)
	at org.apache.sshd.common.config.keys.loader.KeyPairResourceLoader.loadKeyPairs(KeyPairResourceLoader.java:157)
	at org.apache.sshd.common.config.keys.loader.KeyPairResourceLoader.loadKeyPairs(KeyPairResourceLoader.java:148)
	at org.apache.sshd.common.config.keys.loader.KeyPairResourceLoader.loadKeyPairs(KeyPairResourceLoader.java:139)
	at org.apache.sshd.common.config.keys.loader.KeyPairResourceLoader.loadKeyPairs(KeyPairResourceLoader.java:130)
	at org.apache.sshd.common.util.security.SecurityUtils.loadKeyPairIdentities(SecurityUtils.java:522)
	at org.eclipse.jgit.internal.transport.sshd.CachingKeyPairProvider.loadKey(CachingKeyPairProvider.java:114)
	at org.eclipse.jgit.internal.transport.sshd.CachingKeyPairProvider.loadKey(CachingKeyPairProvider.java:89)
	at org.eclipse.jgit.internal.transport.sshd.CachingKeyPairProvider$CancellingKeyPairIterator.hasNext(CachingKeyPairProvider.java:169)
	at org.eclipse.jgit.internal.transport.sshd.JGitSshClient$CombinedKeyIdentityProvider$1.hasNext(JGitSshClient.java:442)
	at org.apache.sshd.common.keyprovider.MultiKeyIdentityIterator.hasNext(MultiKeyIdentityIterator.java:86)
	at org.apache.sshd.client.auth.pubkey.UserAuthPublicKeyIterator$1$1.hasNext(UserAuthPublicKeyIterator.java:119)
	at org.apache.sshd.common.util.helper.LazyIterablesConcatenator$1.hasNext(LazyIterablesConcatenator.java:68)
	at org.apache.sshd.common.util.GenericUtils.selectNextMatchingValue(GenericUtils.java:849)
	at org.apache.sshd.common.util.helper.LazyMatchingTypeIterator.hasNext(LazyMatchingTypeIterator.java:62)
	at org.apache.sshd.client.auth.pubkey.UserAuthPublicKeyIterator.hasNext(UserAuthPublicKeyIterator.java:199)
	at org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.resolveAttemptedPublicKeyIdentity(UserAuthPublicKey.java:233)
	at org.eclipse.jgit.internal.transport.sshd.JGitPublicKeyAuthentication.getNextKey(JGitPublicKeyAuthentication.java:140)
	at org.eclipse.jgit.internal.transport.sshd.JGitPublicKeyAuthentication.resolveAttemptedPublicKeyIdentity(JGitPublicKeyAuthentication.java:129)
	at org.apache.sshd.client.auth.pubkey.UserAuthPublicKey.sendAuthDataRequest(UserAuthPublicKey.java:151)
	at org.apache.sshd.client.auth.AbstractUserAuth.process(AbstractUserAuth.java:71)
	at org.apache.sshd.client.session.ClientUserAuthService.tryNext(ClientUserAuthService.java:317)
	at org.apache.sshd.client.session.ClientUserAuthService.processUserAuth(ClientUserAuthService.java:288)
	at org.apache.sshd.client.session.ClientUserAuthService.process(ClientUserAuthService.java:225)
	at org.apache.sshd.common.session.helpers.AbstractSession.doHandleMessage(AbstractSession.java:526)
	at org.apache.sshd.common.session.helpers.AbstractSession.handleMessage(AbstractSession.java:452)
	at org.apache.sshd.common.session.helpers.AbstractSession.decode(AbstractSession.java:1524)
	at org.apache.sshd.common.session.helpers.AbstractSession.messageReceived(AbstractSession.java:412)
	at org.eclipse.jgit.internal.transport.sshd.JGitClientSession.messageReceived(JGitClientSession.java:197)
	at org.apache.sshd.common.session.helpers.AbstractSessionIoHandler.messageReceived(AbstractSessionIoHandler.java:64)
	at org.apache.sshd.common.io.nio2.Nio2Session.handleReadCycleCompletion(Nio2Session.java:359)
	at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:336)
	at org.apache.sshd.common.io.nio2.Nio2Session$1.onCompleted(Nio2Session.java:333)
	at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.lambda$completed$0(Nio2CompletionHandler.java:38)
	at java.base/java.security.AccessController.doPrivileged(Native Method)
	at org.apache.sshd.common.io.nio2.Nio2CompletionHandler.completed(Nio2CompletionHandler.java:37)
	at java.base/sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:127)
	at java.base/sun.nio.ch.Invoker$2.run(Invoker.java:219)
	at java.base/sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
	at java.base/java.lang.Thread.run(Thread.java:829)

Any Idea why I am hitting this issue? Is there a dependency maybe I am missing when my code runs as a test?

Re: JGit exception java.security.spec.InvalidKeySpecException only when running unit test [message #1851500 is a reply to message #1851494]

Wed, 06 April 2022 14:52

Eclipse User

Is the eddsa security provider installed? I guess so, otherwise you shouldn't even have gotten this far. But other than that I have no idea. JGit's own normal JUnit tests run fine.

The exception is raised in public key authentication, so unrelated to the host key or to StrictHostKeyChecking.

Re: JGit exception java.security.spec.InvalidKeySpecException only when running unit test [message #1851502 is a reply to message #1851500]

Wed, 06 April 2022 15:27

Eclipse User

Is there anywhere I can see these tests? I am not finding the source code anywhere.

Re: JGit exception java.security.spec.InvalidKeySpecException only when running unit test [message #1851503 is a reply to message #1851502]

Wed, 06 April 2022 17:15

Eclipse User

I switched to using RSA keys from ED25519 and now everything works for both my tests and service.

I do think there is a real bug here because it seems when I run my unit test

protected PublicKey engineGeneratePublic(KeySpec keySpec)
            throws InvalidKeySpecException {
        if (keySpec instanceof EdDSAPublicKeySpec) {
            return new EdDSAPublicKey((EdDSAPublicKeySpec) keySpec);
        }
        if (keySpec instanceof X509EncodedKeySpec) {
            return new EdDSAPublicKey((X509EncodedKeySpec) keySpec);
        }
        throw new InvalidKeySpecException("key spec not recognised: " + keySpec.getClass());
    }

that first If statement doesn't validate as true when I believe it should.
But this bug is likely not in JGit and might be in the net.i2p.crypto:eddsa dependency

Re: JGit exception java.security.spec.InvalidKeySpecException only when running unit test [message #1851539 is a reply to message #1851502]

Thu, 07 April 2022 18:15

Eclipse User

Jeffrey Fagerberg wrote on Wed, 06 April 2022 19:27

Is there anywhere I can see these tests? I am not finding the source code anywhere.

The JGit unit tests? They are in the git repository. Main test class for the Apache MINA sshd SSH transport is ApacheSshTest, which inherits a lot of tests from a superclass.

Previous Topic:	Idiomatic way of saving a file
Next Topic:	Github.com RSA key with SHA-1 no longer allowed

Goto Forum:

-=] Back to Top [=-

Current Time: Wed May 21 02:04:01 EDT 2025

.:: Contact :: Home ::.

Breadcrumbs

Sign up to our Newsletter