Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Wrap IllegalArgumentException thrown by Base64 decoder #936

Merged

Conversation

vladimirlagunov
Copy link
Contributor

Some time ago, there had been net.schmizz.sshj.common.Base64. This class used to throw IOException in case of any problem. Although IOException isn't an appropriate class for indicating on parsing issues, a lot of code has been expecting IOException from Base64.

Once, the old Base64 decoder was replaced with the one, bundled into Java 14 (see f35c2bd). Copy-paste elimination and switching to standard implementations is undoubtedly a good decision.

Unfortunately, java.util.Base64.Decoder brought a pesky issue. It throws IllegalArgumentException in case of any problem. Since it is an unchecked exception, it was quite challenging to notice it. It's especially challenging because the error appears during processing malformed base64 strings. So, a lot of places in the code kept expecting IOException. Sudden IllegalArgumentException led to authentication termination in cases where everything used to work perfectly.

One of such issues is already found and fixed: 03f8b22

This commit represents a work, based on revising every change made in f35c2bd. It should fix all other similar issues.

Some time ago, there had been `net.schmizz.sshj.common.Base64`. This class used to throw `IOException` in case of any problem. Although `IOException` isn't an appropriate class for indicating on parsing issues, a lot of code has been expecting `IOException` from Base64.

Once, the old Base64 decoder was replaced with the one, bundled into Java 14 (see f35c2bd). Copy-paste elimination and switching to standard implementations is undoubtedly a good decision.

Unfortunately, `java.util.Base64.Decoder` brought a pesky issue. It throws `IllegalArgumentException` in case of any problem. Since it is an unchecked exception, it was quite challenging to notice it. It's especially challenging because the error appears during processing malformed base64 strings. So, a lot of places in the code kept expecting `IOException`. Sudden `IllegalArgumentException` led to authentication termination in cases where everything used to work perfectly.

One of such issues is already found and fixed: 03f8b22

This commit represents a work, based on revising every change made in f35c2bd. It should fix all other similar issues.
Copy link
Contributor

@exceptionfactory exceptionfactory left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for highlighting this issue and providing improvements @vladimirlagunov! The general approach makes sense, wrapping the Java Base64 Decoder in an SSHJ class that throws a checked exception seems like a good way to surface potential problems. I made several comments about class naming and message wording.

Rename Base64DecodeError -> Base64DecodingException
A better warning message in KnownHostMatchers
A better error message in OpenSSHKeyFileUtil
A better error message in OpenSSHKeyV1KeyFile
Get rid of unnecessary `throws IOException` in Base64Decoder
Better error messages in OpenSSHKeyFileUtil and PuTTYKeyFile
Copy link
Contributor

@exceptionfactory exceptionfactory left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for making the adjustments @vladimirlagunov, the latest version looks good.

I prefer explicit imports versus star imports, but I don't believe that is a consistent practice throughout SSHJ.

Otherwise, hopefully @hierynomus can review soon.

Thanks again for addressing this issue!

@hierynomus
Copy link
Owner

Going to look at this now... Just got back from Google Cloud Next, so didn't have time before.

@hierynomus hierynomus merged commit 70af58d into hierynomus:master Apr 15, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants