utils: use CertUtils.generateRandomKeyPair to create SSH keypair by weizhouapache · Pull Request #12708 · apache/cloudstack

weizhouapache · 2026-02-25T13:29:48Z

Description

This PR replaces the ssk key generation by jsch with CertUtils.generateRandomKeyPair

Types of changes

Breaking change (fix or feature that would cause existing functionality to change)
New feature (non-breaking change which adds functionality)
Bug fix (non-breaking change which fixes an issue)
Enhancement (improves an existing feature and functionality)
Cleanup (Code refactoring and cleanup, that may add test cases)
Build/CI
Test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

Major
Minor

Bug Severity

Screenshots (if appropriate):

How Has This Been Tested?

How did you try to break this feature and the system with this change?

Copilot

Pull request overview

This PR replaces the JSch library with the CertUtils utility for SSH key pair generation in the SSHKeysHelper class. The change modernizes the codebase by consolidating cryptographic operations under the already-used CertUtils class (which uses BouncyCastle) and removes a dependency on the JSch library.

Changes:

Replaced JSch-based key generation with CertUtils.generateRandomKeyPair in the constructor
Implemented manual SSH public key format encoding (ssh-rsa format with base64-encoded components)
Replaced JSch's key serialization methods with CertUtils.privateKeyToPem for private key export
Removed JSch dependency from both utils/pom.xml and the root pom.xml

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 8 comments.

File	Description
utils/src/main/java/com/cloud/utils/ssh/SSHKeysHelper.java	Replaces JSch key generation and serialization with CertUtils methods; implements SSH public key encoding manually
utils/pom.xml	Removes JSch dependency from the utils module
pom.xml	Removes JSch version property and dependency management entry from root POM

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

utils/src/main/java/com/cloud/utils/ssh/SSHKeysHelper.java

Copilot · 2026-02-25T13:34:55Z

utils/src/main/java/com/cloud/utils/ssh/SSHKeysHelper.java

    public String getPublicKey() {
-        ByteArrayOutputStream baos = new ByteArrayOutputStream();
-        keyPair.writePublicKey(baos, "");
+        try {
+            RSAPublicKey rsaPublicKey = (RSAPublicKey) keyPair.getPublic();
+
+            ByteArrayOutputStream buffer = new ByteArrayOutputStream();
+
+            writeString(buffer,"ssh-rsa");
+            writeBigInt(buffer, rsaPublicKey.getPublicExponent());
+            writeBigInt(buffer, rsaPublicKey.getModulus());

-        return baos.toString();
+            String base64 = Base64.encodeBase64String(buffer.toByteArray());
+
+            return "ssh-rsa " + base64;
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        return null;
    }


The new implementation of getPublicKey that uses CertUtils.generateRandomKeyPair and manually constructs the SSH public key format is not covered by tests. The existing tests only verify static methods (getPublicKeyFromKeyMaterial and getPublicKeyFingerprint). Consider adding a test that creates an SSHKeysHelper instance, generates a key pair, retrieves the public key, and validates that it can be correctly parsed back and used for encryption (similar to what RSAHelper.encryptWithSSHPublicKey does).

weizhouapache · 2026-02-25T13:38:28Z

@blueorangutan package

blueorangutan · 2026-02-25T13:40:05Z

@weizhouapache a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

blueorangutan · 2026-02-25T15:05:00Z

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 16945

weizhouapache · 2026-02-25T17:32:42Z

@blueorangutan test

blueorangutan · 2026-02-25T17:34:04Z

@weizhouapache a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

blueorangutan · 2026-02-26T10:01:11Z

[SF] Trillian test result (tid-15529)
Environment: kvm-ol8 (x2), zone: Advanced Networking with Mgmt server ol8
Total time taken: 56170 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr12708-t15529-kvm-ol8.zip
Smoke tests completed. 144 look OK, 5 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File
test_LoginApiDomain	`Error`	7.14	test_accounts.py
ContextSuite context=TestListIdsParams>:teardown	`Error`	1.14	test_list_ids_parameter.py
test_01_deployVMInSharedNetwork	`Error`	278.93	test_network.py
test_01_snapshot_root_disk	`Error`	5.94	test_snapshots.py
test_02_list_snapshots_with_removed_data_store	`Error`	47.68	test_snapshots.py
test_02_list_snapshots_with_removed_data_store	`Error`	47.69	test_snapshots.py
ContextSuite context=TestSnapshotStandaloneBackup>:teardown	`Error`	32.91	test_snapshots.py
test_01_snapshot_usage	`Error`	21.67	test_usage.py
test_01_vpn_usage	`Error`	1.09	test_usage.py

codecov · 2026-02-27T19:32:35Z

Codecov Report

❌ Patch coverage is 69.44444% with 11 lines in your changes missing coverage. Please review.
✅ Project coverage is 17.62%. Comparing base (5caf6cd) to head (9d6ec47).
⚠️ Report is 17 commits behind head on 4.22.

Files with missing lines	Patch %	Lines
...c/main/java/com/cloud/utils/ssh/SSHKeysHelper.java	69.44%	9 Missing and 2 partials ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##               4.22   #12708      +/-   ##
============================================
+ Coverage     17.60%   17.62%   +0.01%     
- Complexity    15659    15676      +17     
============================================
  Files          5917     5917              
  Lines        531394   531429      +35     
  Branches      64970    64971       +1     
============================================
+ Hits          93575    93641      +66     
+ Misses       427269   427235      -34     
- Partials      10550    10553       +3

Flag	Coverage Δ
uitests	`3.70% <ø> (-0.01%)`	⬇️
unittests	`18.69% <69.44%> (+0.01%)`	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

weizhouapache · 2026-02-28T10:44:23Z

@blueorangutan package

blueorangutan · 2026-02-28T10:46:04Z

@weizhouapache a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

blueorangutan · 2026-02-28T11:52:40Z

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 16975

weizhouapache · 2026-02-28T15:13:14Z

@blueorangutan test

blueorangutan · 2026-02-28T15:14:03Z

@weizhouapache a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

blueorangutan · 2026-02-28T15:37:19Z

[SF] Trillian Build Failed (tid-15544)

blueorangutan · 2026-02-28T17:22:13Z

[SF] Trillian Build Failed (tid-15545)

blueorangutan · 2026-03-01T10:57:58Z

[SF] Trillian test result (tid-15546)
Environment: kvm-ol8 (x2), zone: Advanced Networking with Mgmt server ol8
Total time taken: 52378 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr12708-t15546-kvm-ol8.zip
Smoke tests completed. 143 look OK, 6 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File
test_LoginApiDomain	`Error`	5.56	test_accounts.py
ContextSuite context=TestClusterDRS>:setup	`Error`	0.00	test_cluster_drs.py
ContextSuite context=TestListIdsParams>:teardown	`Error`	1.10	test_list_ids_parameter.py
test_01_snapshot_root_disk	`Error`	5.81	test_snapshots.py
test_02_list_snapshots_with_removed_data_store	`Error`	48.49	test_snapshots.py
test_02_list_snapshots_with_removed_data_store	`Error`	48.50	test_snapshots.py
ContextSuite context=TestSnapshotStandaloneBackup>:teardown	`Error`	25.28	test_snapshots.py
test_01_snapshot_usage	`Error`	22.64	test_usage.py
test_01_vpn_usage	`Error`	1.07	test_usage.py
test_01_redundant_vpc_site2site_vpn	`Failure`	365.16	test_vpc_vpn.py

sureshanaparti · 2026-03-04T14:36:06Z

@weizhouapache is this ready for review? also, check copilot comments if relevant.

Copilot

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

utils/src/test/java/com/cloud/utils/ssh/SSHKeysHelperTest.java

utils/src/main/java/com/cloud/utils/ssh/SSHKeysHelper.java

This reverts commit 960d2aa445a9adf5c0c71c800c40625359cb4c6e.

weizhouapache · 2026-03-10T10:30:03Z

@blueorangutan package

Copilot

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 5 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

utils/src/main/java/com/cloud/utils/ssh/SSHKeysHelper.java

test/integration/smoke/test_network.py

weizhouapache · 2026-03-10T10:45:29Z

@blueorangutan package

blueorangutan · 2026-03-10T10:48:04Z

@weizhouapache a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

blueorangutan · 2026-03-10T11:41:09Z

Packaging result [SF]: ✖️ el8 ✖️ el9 ✖️ debian ✖️ suse15. SL-JID 17072

weizhouapache · 2026-03-10T12:37:11Z

@blueorangutan package

blueorangutan · 2026-03-10T12:38:04Z

@weizhouapache a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

blueorangutan · 2026-03-10T13:50:24Z

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 17075

utils: use CertUtils.generateRandomKeyPair to create SSH keypair

a9627b4

weizhouapache requested a review from Copilot February 25, 2026 13:29

boring-cyborg bot added the component:build label Feb 25, 2026

Copilot started reviewing on behalf of weizhouapache February 25, 2026 13:30 View session

Copilot AI reviewed Feb 25, 2026

View reviewed changes

sureshanaparti added this to the 4.22.1 milestone Feb 26, 2026

sureshanaparti added this to Apache CloudStack 4.22.1 Feb 26, 2026

sureshanaparti moved this to In Progress in Apache CloudStack 4.22.1 Feb 26, 2026

utils: print "RSA PRIVATE KEY" instead of "PRIVATE KEY"

aa95bc0

boring-cyborg bot added component:integration-test Python Warning... Python code Ahead! labels Feb 27, 2026

SSHKeysHelper: add null checks and add unit tests

7be5a86

weizhouapache requested a review from Copilot March 5, 2026 11:18

Copilot started reviewing on behalf of weizhouapache March 5, 2026 11:19 View session

Copilot AI reviewed Mar 5, 2026

View reviewed changes

utils/src/test/java/com/cloud/utils/ssh/SSHKeysHelperTest.java Show resolved Hide resolved

utils/src/main/java/com/cloud/utils/ssh/SSHKeysHelper.java Outdated Show resolved Hide resolved

weizhouapache added 3 commits March 5, 2026 12:25

.github: update .pre-commit-config.yaml

738ec86

Revert "SSHKeysHelper: print "RSA PRIVATE KEY" instead of "PRIVATE KEY""

f0402ec

This reverts commit 960d2aa445a9adf5c0c71c800c40625359cb4c6e.

SSHKeysHelperTest: update header of private key

a876cfb

weizhouapache requested a review from Copilot March 10, 2026 10:30

Copilot AI reviewed Mar 10, 2026

View reviewed changes

Copilot started reviewing on behalf of weizhouapache March 10, 2026 10:41 View session

weizhouapache force-pushed the 4.22-create-ssh-keypair branch from d2809b6 to a876cfb Compare March 10, 2026 10:54

Update utils/src/main/java/com/cloud/utils/ssh/SSHKeysHelper.java

9d6ec47

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Conversation

weizhouapache commented Feb 25, 2026

Description

Types of changes

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

Bug Severity

Screenshots (if appropriate):

How Has This Been Tested?

How did you try to break this feature and the system with this change?

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Copilot AI Feb 25, 2026

Choose a reason for hiding this comment

Uh oh!

weizhouapache commented Feb 25, 2026

Uh oh!

blueorangutan commented Feb 25, 2026

Uh oh!

blueorangutan commented Feb 25, 2026

Uh oh!

weizhouapache commented Feb 25, 2026

Uh oh!

blueorangutan commented Feb 25, 2026

Uh oh!

blueorangutan commented Feb 26, 2026

Uh oh!

codecov bot commented Feb 27, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

weizhouapache commented Feb 28, 2026

Uh oh!

blueorangutan commented Feb 28, 2026

Uh oh!

blueorangutan commented Feb 28, 2026

Uh oh!

weizhouapache commented Feb 28, 2026

Uh oh!

blueorangutan commented Feb 28, 2026

Uh oh!

blueorangutan commented Feb 28, 2026

Uh oh!

blueorangutan commented Feb 28, 2026

Uh oh!

blueorangutan commented Mar 1, 2026

Uh oh!

sureshanaparti commented Mar 4, 2026

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Uh oh!

Uh oh!

Uh oh!

weizhouapache commented Mar 10, 2026

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

weizhouapache commented Mar 10, 2026

Uh oh!

blueorangutan commented Mar 10, 2026

codecov bot commented Feb 27, 2026 •

edited

Loading