public DHG(Factory<Digest> digestFactory, BigInteger pValue, BigInteger gValue) throws Exception {
myKpairGen = SecurityUtils.getKeyPairGenerator("DH");
myKeyAgree = SecurityUtils.getKeyAgreement("DH");
factory = digestFactory;
p = pValue;
g = gValue;
}
@Override
public void start() throws ServiceException {
sshServer = SshServer.setUpDefaultServer();
sshServer.setPort(port);
sshServer.setHost(bind);
final String basePath = SystemInstance.get().getBase().getDirectory().getAbsolutePath();
if (SecurityUtils.isBouncyCastleRegistered()) {
sshServer.setKeyPairProvider(
new PEMGeneratorHostKeyProvider(new File(basePath, KEY_NAME + ".pem").getPath()));
} else {
sshServer.setKeyPairProvider(
new SimpleGeneratorHostKeyProvider(new File(basePath, KEY_NAME + ".ser").getPath()));
}
final OpenEJBShellFactory sf = new OpenEJBShellFactory(bind, port);
sshServer.setShellFactory(sf);
final JaasPasswordAuthenticator authenticator = new OpenEJBJaasPasswordAuthenticator();
authenticator.setDomain(domain);
sshServer.setPasswordAuthenticator(authenticator);
try {
sshServer.start();
} catch (IOException e) {
// no-op
}
}
/** {@inheritDoc} */
public void addIdentity(String privateKey, final String passphrase, String comment)
throws IOException {
if (!SecurityUtils.isBouncyCastleRegistered()) {
throw new IllegalStateException("BouncyCastle must be registered as a JCE provider");
}
try {
PEMReader r =
new PEMReader(
new StringReader(privateKey),
passphrase == null
? null
: new PasswordFinder() {
public char[] getPassword() {
return passphrase.toCharArray();
}
});
try {
Object o = r.readObject();
if (o instanceof KeyPair) {
agent.getAgent().addIdentity((KeyPair) o, comment);
}
} finally {
r.close();
}
} catch (Exception e) {
listener.getLogger().println(Messages.SSHAgentBuildWrapper_UnableToReadKey(e.getMessage()));
e.printStackTrace(listener.getLogger());
}
}
@Override
protected byte[] calculateK() throws Exception {
KeyFactory myKeyFac = SecurityUtils.getKeyFactory("DH");
DHPublicKeySpec keySpec = new DHPublicKeySpec(f, p, g);
PublicKey yourPubKey = myKeyFac.generatePublic(keySpec);
myKeyAgree.doPhase(yourPubKey, true);
return stripLeadingZeroes(myKeyAgree.generateSecret());
}
@Test
public void testLoadClientIdentities() throws Exception {
Assume.assumeTrue("BouncyCastle not registered", SecurityUtils.isBouncyCastleRegistered());
Path resFolder = getClassResourcesFolder(TEST_SUBFOLDER, getClass()).toPath();
LinkOption[] options = IoUtils.getLinkOptions(false);
Collection<BuiltinIdentities> expected = EnumSet.noneOf(BuiltinIdentities.class);
for (BuiltinIdentities type : BuiltinIdentities.VALUES) {
String fileName = ClientIdentity.getIdentityFileName(type);
Path file = resFolder.resolve(fileName);
if (!Files.exists(file, options)) {
System.out.println("Skip non-existing identity file " + file);
continue;
}
if (!type.isSupported()) {
System.out.println("Skip unsupported identity file " + file);
continue;
}
expected.add(type);
}
Map<String, KeyPair> ids =
ClientIdentity.loadDefaultIdentities(
resFolder, false, // don't be strict
null, // none of the files is password protected
options);
assertEquals(
"Mismatched loaded ids count", GenericUtils.size(expected), GenericUtils.size(ids));
Collection<KeyPair> pairs = new ArrayList<KeyPair>(ids.size());
for (BuiltinIdentities type : BuiltinIdentities.VALUES) {
if (expected.contains(type)) {
KeyPair kp = ids.get(type.getName());
assertNotNull("No key pair loaded for " + type, kp);
pairs.add(kp);
}
}
KeyPairProvider provider = IdentityUtils.createKeyPairProvider(ids, true /* supported only */);
assertNotNull("No provider generated", provider);
Iterable<KeyPair> keys = provider.loadKeys();
for (KeyPair kp : keys) {
assertTrue("Unexpected loaded key: " + kp, pairs.remove(kp));
}
assertEquals("Not all pairs listed", 0, pairs.size());
}
@Override
public Iterable<KeyPair> loadKeys() {
if (!SecurityUtils.isBouncyCastleRegistered()) {
throw new IllegalStateException("BouncyCastle must be registered as a JCE provider");
}
return new Iterable<KeyPair>() {
@Override
public Iterator<KeyPair> iterator() {
return new Iterator<KeyPair>() {
private final Iterator<String> iterator = Arrays.asList(files).iterator();
private KeyPair nextKeyPair;
private boolean nextKeyPairSet = false;
@Override
public boolean hasNext() {
return nextKeyPairSet || setNextObject();
}
@Override
public KeyPair next() {
if (!nextKeyPairSet) {
if (!setNextObject()) {
throw new NoSuchElementException();
}
}
nextKeyPairSet = false;
return nextKeyPair;
}
@Override
public void remove() {
throw new UnsupportedOperationException();
}
private boolean setNextObject() {
while (iterator.hasNext()) {
String file = iterator.next();
nextKeyPair = doLoadKey(file);
if (nextKeyPair != null) {
nextKeyPairSet = true;
return true;
}
}
return false;
}
};
}
};
}
@Inject
public Server(final Context ctx, CommandFactory factory) {
port = ctx.configuration().getSshPort();
sshd = SshServer.setUpDefaultServer();
if (SecurityUtils.isBouncyCastleRegistered()) {
sshd.setKeyPairProvider(new PEMGeneratorHostKeyProvider("key.pem"));
} else {
sshd.setKeyPairProvider(new SimpleGeneratorHostKeyProvider("key.ser"));
}
PublickeyAuthenticator auth = null;
if (ctx.configuration().getAuthentication() == Configuration.Authentication.SSH_PUBLIC_KEYS) {
auth = ctx.getInjector().getInstance(PublickeyAuthenticator.class);
}
setupUserAuth(auth);
sshd.setCommandFactory(factory);
if (!ctx.configuration().isRemoteAllowed()) {
sshd.setSessionFactory(new LocalOnlySessionFactory());
}
sshd.setForwardingFilter(
new ForwardingFilter() {
public boolean canForwardAgent(ServerSession session) {
return false;
}
public boolean canForwardX11(ServerSession session) {
return false;
}
public boolean canListen(InetSocketAddress address, ServerSession session) {
return false;
}
public boolean canConnect(InetSocketAddress address, ServerSession session) {
return false;
}
});
}
@Override
public KeyPairProvider get() {
Path objKey = site.ssh_key;
Path rsaKey = site.ssh_rsa;
Path dsaKey = site.ssh_dsa;
final List<String> stdKeys = new ArrayList<>(2);
if (Files.exists(rsaKey)) {
stdKeys.add(rsaKey.toAbsolutePath().toString());
}
if (Files.exists(dsaKey)) {
stdKeys.add(dsaKey.toAbsolutePath().toString());
}
if (Files.exists(objKey)) {
if (stdKeys.isEmpty()) {
SimpleGeneratorHostKeyProvider p = new SimpleGeneratorHostKeyProvider();
p.setPath(objKey.toAbsolutePath().toString());
return p;
} else {
// Both formats of host key exist, we don't know which format
// should be authoritative. Complain and abort.
//
stdKeys.add(objKey.toAbsolutePath().toString());
throw new ProvisionException("Multiple host keys exist: " + stdKeys);
}
} else {
if (stdKeys.isEmpty()) {
throw new ProvisionException("No SSH keys under " + site.etc_dir);
}
if (!SecurityUtils.isBouncyCastleRegistered()) {
throw new ProvisionException(
"Bouncy Castle Crypto not installed;"
+ " needed to read server host keys: "
+ stdKeys
+ "");
}
return new FileKeyPairProvider(stdKeys.toArray(new String[stdKeys.size()]));
}
}
@Override
protected KeyPair[] loadKeys() {
if (!SecurityUtils.isBouncyCastleRegistered()) {
throw new IllegalStateException("BouncyCastle must be registered as a JCE provider");
}
List<KeyPair> keys = new ArrayList<KeyPair>();
if (key != null) {
try {
PEMReader r =
new PEMReader(new InputStreamReader(new ByteArrayInputStream(key.getContent())));
try {
Object o = r.readObject();
if (o instanceof KeyPair) {
keys.add((KeyPair) o);
}
} finally {
r.close();
}
} catch (Exception e) {
LOG.info("Unable to read key {}: {}", key, e);
}
}
return keys.toArray(new KeyPair[keys.size()]);
}