-
Notifications
You must be signed in to change notification settings - Fork 602
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wrap IllegalArgumentException thrown by Base64 decoder #936
Wrap IllegalArgumentException thrown by Base64 decoder #936
Conversation
Some time ago, there had been `net.schmizz.sshj.common.Base64`. This class used to throw `IOException` in case of any problem. Although `IOException` isn't an appropriate class for indicating on parsing issues, a lot of code has been expecting `IOException` from Base64. Once, the old Base64 decoder was replaced with the one, bundled into Java 14 (see f35c2bd). Copy-paste elimination and switching to standard implementations is undoubtedly a good decision. Unfortunately, `java.util.Base64.Decoder` brought a pesky issue. It throws `IllegalArgumentException` in case of any problem. Since it is an unchecked exception, it was quite challenging to notice it. It's especially challenging because the error appears during processing malformed base64 strings. So, a lot of places in the code kept expecting `IOException`. Sudden `IllegalArgumentException` led to authentication termination in cases where everything used to work perfectly. One of such issues is already found and fixed: 03f8b22 This commit represents a work, based on revising every change made in f35c2bd. It should fix all other similar issues.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for highlighting this issue and providing improvements @vladimirlagunov! The general approach makes sense, wrapping the Java Base64 Decoder in an SSHJ class that throws a checked exception seems like a good way to surface potential problems. I made several comments about class naming and message wording.
src/main/java/com/hierynomus/sshj/transport/verification/KnownHostMatchers.java
Outdated
Show resolved
Hide resolved
src/main/java/com/hierynomus/sshj/userauth/keyprovider/OpenSSHKeyFileUtil.java
Outdated
Show resolved
Hide resolved
src/main/java/com/hierynomus/sshj/userauth/keyprovider/OpenSSHKeyV1KeyFile.java
Outdated
Show resolved
Hide resolved
src/main/java/net/schmizz/sshj/userauth/keyprovider/PuTTYKeyFile.java
Outdated
Show resolved
Hide resolved
Rename Base64DecodeError -> Base64DecodingException
A better warning message in KnownHostMatchers
A better error message in OpenSSHKeyFileUtil
A better error message in OpenSSHKeyV1KeyFile
Get rid of unnecessary `throws IOException` in Base64Decoder
Better error messages in OpenSSHKeyFileUtil and PuTTYKeyFile
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for making the adjustments @vladimirlagunov, the latest version looks good.
I prefer explicit imports versus star imports, but I don't believe that is a consistent practice throughout SSHJ.
Otherwise, hopefully @hierynomus can review soon.
Thanks again for addressing this issue!
Going to look at this now... Just got back from Google Cloud Next, so didn't have time before. |
Some time ago, there had been
net.schmizz.sshj.common.Base64
. This class used to throwIOException
in case of any problem. AlthoughIOException
isn't an appropriate class for indicating on parsing issues, a lot of code has been expectingIOException
from Base64.Once, the old Base64 decoder was replaced with the one, bundled into Java 14 (see f35c2bd). Copy-paste elimination and switching to standard implementations is undoubtedly a good decision.
Unfortunately,
java.util.Base64.Decoder
brought a pesky issue. It throwsIllegalArgumentException
in case of any problem. Since it is an unchecked exception, it was quite challenging to notice it. It's especially challenging because the error appears during processing malformed base64 strings. So, a lot of places in the code kept expectingIOException
. SuddenIllegalArgumentException
led to authentication termination in cases where everything used to work perfectly.One of such issues is already found and fixed: 03f8b22
This commit represents a work, based on revising every change made in f35c2bd. It should fix all other similar issues.