/** * Configure known host database for connection * * @param c a connection * @throws IOException if there is a IO problem */ private void configureKnownHosts(Connection c) throws IOException { File knownHostFile = new File(knownHostPath); if (knownHostFile.exists()) { database.addHostkeys(knownHostFile); } final List<String> algorithms = myHost.getHostKeyAlgorithms(); c.setServerHostKeyAlgorithms(algorithms.toArray(new String[algorithms.size()])); }
/** * Try public key * * @param c a ssh connection * @param keyPath a path to key * @return true if authentication is successful */ private boolean tryPublicKey(final Connection c, final String keyPath) { try { final File file = new File(keyPath); if (file.exists()) { // if encrypted ask user for passphrase String passphrase = null; char[] text = FileUtil.loadFileText(file); if (isEncryptedKey(text)) { // need to ask passphrase from user int i; for (i = myHost.getNumberOfPasswordPrompts(); i > 0; i--) { passphrase = myXmlRpcClient.askPassphrase( myHandlerNo, getUserHostString(), keyPath, myLastError); if (passphrase == null) { // if no passphrase was entered, just return false and try something other return false; } else { try { PEMDecoder.decode(text, passphrase); myLastError = ""; } catch (IOException e) { // decoding failed myLastError = GitBundle.message("sshmain.invalidpassphrase", keyPath); continue; } break; } } if (i == 0) { myLastError = GitBundle.message( "sshmain.too.mush.passphrase.guesses", keyPath, myHost.getNumberOfPasswordPrompts()); return false; } } // try authentication if (c.authenticateWithPublicKey(myHost.getUser(), text, passphrase)) { myLastError = ""; return true; } else { if (passphrase != null) { // mark as failed authentication only if passphrase were asked myLastError = GitBundle.message("sshmain.pk.authenitication.failed", keyPath); } else { myLastError = ""; } } } return false; } catch (Exception e) { return false; } }
/** * Authenticate using some supported methods. If authentication fails, the method throws {@link * IOException}. * * @param c the connection to use for authentication * @throws IOException in case of IO error or authentication failure */ private void authenticate(final Connection c) throws IOException { for (String method : myHost.getPreferredMethods()) { if (c.isAuthenticationComplete()) { return; } if (PUBLIC_KEY_METHOD.equals(method)) { if (!myHost.supportsPubkeyAuthentication()) { continue; } if (!c.isAuthMethodAvailable(myHost.getUser(), PUBLIC_KEY_METHOD)) { continue; } File key = myHost.getIdentityFile(); if (key == null) { for (String a : myHost.getHostKeyAlgorithms()) { if (SSH_RSA_ALGORITHM.equals(a)) { if (tryPublicKey(c, idRSAPath)) { return; } } else if (SSH_DSS_ALGORITHM.equals(a)) { if (tryPublicKey(c, idDSAPath)) { return; } } } } else { if (tryPublicKey(c, key.getPath())) { return; } } } else if (KEYBOARD_INTERACTIVE_METHOD.equals(method)) { if (!c.isAuthMethodAvailable(myHost.getUser(), KEYBOARD_INTERACTIVE_METHOD)) { continue; } InteractiveSupport interactiveSupport = new InteractiveSupport(); for (int i = myHost.getNumberOfPasswordPrompts(); i > 0; i--) { if (c.isAuthenticationComplete()) { return; } if (c.authenticateWithKeyboardInteractive(myHost.getUser(), interactiveSupport)) { myLastError = ""; return; } else { myLastError = GitBundle.getString("sshmain.keyboard.interactive.failed"); } if (interactiveSupport.myPromptCount == 0 || interactiveSupport.myCancelled) { // the interactive callback has never been asked or it was cancelled, exit the loop myLastError = ""; break; } } } else if (PASSWORD_METHOD.equals(method)) { if (!myHost.supportsPasswordAuthentication()) { continue; } if (!c.isAuthMethodAvailable(myHost.getUser(), PASSWORD_METHOD)) { continue; } for (int i = myHost.getNumberOfPasswordPrompts(); i > 0; i--) { String password = myXmlRpcClient.askPassword(myHandlerNo, getUserHostString(), myLastError); if (password == null) { break; } else { if (c.authenticateWithPassword(myHost.getUser(), password)) { myLastError = ""; return; } else { myLastError = GitBundle.getString("sshmain.password.failed"); } } } } } throw new IOException("Authentication failed"); }