add EdDSA support in SSH tunnel (#9494)

edgao · yurii-bidiuk · web-flow · commit 67a9f067d351 · 2022-06-23T10:36:59.000+03:00
* add EdDSA support

* verify EdDSA support works correct

Co-authored-by: Yurii Bidiuk &lt;yura.bidyuk@gmail.com&gt;
diff --git a/airbyte-integrations/bases/base-java/build.gradle b/airbyte-integrations/bases/base-java/build.gradle
@@ -11,6 +11,7 @@ dependencies {
     api 'io.sentry:sentry:5.6.0'
 
     implementation 'commons-cli:commons-cli:1.4'
+    implementation 'net.i2p.crypto:eddsa:0.3.0'
     implementation 'org.apache.sshd:sshd-mina:2.8.0'
     // bouncycastle is pinned to version-match the transitive dependency from kubernetes client-java
     // because a version conflict causes "parameter object not a ECParameterSpec" on ssh tunnel initiation
diff --git a/airbyte-integrations/bases/base-java/src/test/java/io/airbyte/integrations/base/ssh/SshTunnelTest.java b/airbyte-integrations/bases/base-java/src/test/java/io/airbyte/integrations/base/ssh/SshTunnelTest.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2022 Airbyte, Inc., all rights reserved.
+ */
+
+package io.airbyte.integrations.base.ssh;
+
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.nio.charset.StandardCharsets;
+import java.security.KeyPair;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import org.apache.sshd.common.util.security.SecurityUtils;
+import org.apache.sshd.common.util.security.eddsa.EdDSASecurityProviderRegistrar;
+import org.junit.jupiter.api.Test;
+
+class SshTunnelTest {
+
+  /**
+   * This test verifies that 'net.i2p.crypto:eddsa' is present and EdDSA is supported. If
+   * net.i2p.crypto:eddsa will be removed from project, then will be thrown: generator not correctly
+   * initialized
+   *
+   * @throws Exception
+   */
+  @Test
+  public void edDsaIsSupported() throws Exception {
+    var keygen = SecurityUtils.getKeyPairGenerator("EdDSA");
+    final String message = "hello world";
+    KeyPair keyPair = keygen.generateKeyPair();
+
+    byte[] signedMessage = sign(keyPair.getPrivate(), message);
+
+    assertTrue(new EdDSASecurityProviderRegistrar().isSupported());
+    assertTrue(verify(keyPair.getPublic(), signedMessage, message));
+  }
+
+  private byte[] sign(final PrivateKey privateKey, final String message) throws Exception {
+    var signature = SecurityUtils.getSignature("NONEwithEdDSA");
+    signature.initSign(privateKey);
+
+    signature.update(message.getBytes(StandardCharsets.UTF_8));
+
+    return signature.sign();
+  }
+
+  private boolean verify(final PublicKey publicKey, byte[] signed, final String message)
+      throws Exception {
+    var signature = SecurityUtils.getSignature("NONEwithEdDSA");
+    signature.initVerify(publicKey);
+
+    signature.update(message.getBytes(StandardCharsets.UTF_8));
+
+    return signature.verify(signed);
+  }
+
+}
