fix(ssh): add support for modern SSH key algorithms

- Added support for ed25519 and rsa-sha2 SSH deploy keys

- Verified locally that connections now work using the new SSH key algorithms supported by GitHub

- Built Docker image and tested it on existing ECR

- Verified by deploying to current ECS cluster, replacing old image with the freshly built one

Fix #607

Author: alexlukic

.dockerignore

@@ -1,2 +1,2 @@
-target
+#target
 node_modules

Dockerfile

@@ -0,0 +1,4 @@
+FROM eclipse-temurin:11-jre-focal
+VOLUME /tmp
+COPY target/*.jar app.jar
+ENTRYPOINT ["java","-jar","/app.jar"]

jgit-dependency.xml

@@ -0,0 +1,6 @@
+<dependency>
+  <groupId>org.eclipse.jgit</groupId>
+  <artifactId>org.eclipse.jgit</artifactId>
+  <version>5.13.1.202206130422-r</version>
+  <scope>runtime</scope>
+</dependency>

pom.xml

@@ -50,6 +50,7 @@
         <spring-boot.version>2.7.3</spring-boot.version>
         <archunit-junit5.version>0.22.0</archunit-junit5.version>
         <mapstruct.version>1.5.2.Final</mapstruct.version>
+        <jgit.version>5.13.1.202206130422-r</jgit.version>
         <!-- Plugin versions -->
         <maven-clean-plugin.version>3.2.0</maven-clean-plugin.version>
         <maven-site-plugin.version>3.12.1</maven-site-plugin.version>
@@ -79,6 +80,7 @@
         <properties-maven-plugin.version>1.1.0</properties-maven-plugin.version>
         <sonar-maven-plugin.version>3.9.1.2184</sonar-maven-plugin.version>
         <!-- jhipster-needle-maven-property -->
+        <spring-cloud.version>2021.0.8</spring-cloud.version>
     </properties>
 
     <dependencyManagement>
@@ -90,6 +92,21 @@
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
+    <dependency>
+      <groupId>org.springframework.cloud</groupId>
+      <artifactId>spring-cloud-context</artifactId>
+      <version>3.1.8</version>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.cloud</groupId>
+      <artifactId>spring-cloud-config-server</artifactId>
+      <version>3.1.8</version>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.cloud</groupId>
+      <artifactId>spring-cloud-starter-config</artifactId>
+      <version>3.1.8</version>
+    </dependency>
             <!-- jhipster-needle-maven-add-dependency-management -->
         </dependencies>
     </dependencyManagement>
@@ -253,6 +270,21 @@
             <groupId>org.springframework.cloud</groupId>
             <artifactId>spring-cloud-config-server</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.eclipse.jgit</groupId>
+            <artifactId>org.eclipse.jgit</artifactId>
+            <version>${jgit.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.jgit</groupId>
+            <artifactId>org.eclipse.jgit.http.apache</artifactId>
+            <version>${jgit.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.jgit</groupId>
+            <artifactId>org.eclipse.jgit.ssh.apache</artifactId>
+            <version>${jgit.version}</version>
+        </dependency>
         <dependency>
             <groupId>io.micrometer</groupId>
             <artifactId>micrometer-registry-prometheus</artifactId>

src/main/java/tech/jhipster/registry/config/JGitSshConfiguration.java

@@ -0,0 +1,45 @@
+package tech.jhipster.registry.config;
+
+import javax.annotation.PostConstruct;
+import javax.annotation.PreDestroy;
+import org.eclipse.jgit.transport.SshSessionFactory;
+import org.eclipse.jgit.transport.sshd.DefaultProxyDataFactory;
+import org.eclipse.jgit.transport.sshd.JGitKeyCache;
+import org.eclipse.jgit.transport.sshd.KeyCache;
+import org.eclipse.jgit.transport.sshd.SshdSessionFactory;
+import org.eclipse.jgit.transport.sshd.SshdSessionFactoryBuilder;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * Configures JGit to use the Apache MINA based SSH implementation so modern key algorithms are supported.
+ */
+@Configuration
+public class JGitSshConfiguration {
+
+    private static final Logger log = LoggerFactory.getLogger(JGitSshConfiguration.class);
+
+    private final KeyCache keyCache = new JGitKeyCache();
+
+    @PostConstruct
+    void configureSshClient() {
+        SshSessionFactory currentFactory = SshSessionFactory.getInstance();
+        if (currentFactory instanceof SshdSessionFactory) {
+            log.debug("JGit already uses Apache MINA SSHD session factory");
+            return;
+        }
+
+        SshdSessionFactory sshdSessionFactory = new SshdSessionFactoryBuilder()
+            .setProxyDataFactory(new DefaultProxyDataFactory())
+            .build(keyCache);
+
+        SshSessionFactory.setInstance(sshdSessionFactory);
+        log.info("Configured JGit to use Apache MINA SSHD for SSH connections");
+    }
+
+    @PreDestroy
+    void shutdownSshClient() {
+        keyCache.close();
+    }
+}