/** {@inheritDoc} */
public void addIdentity(String privateKey, final String passphrase, String comment)
throws IOException {
if (!SecurityUtils.isBouncyCastleRegistered()) {
throw new IllegalStateException("BouncyCastle must be registered as a JCE provider");
}
try {
PEMReader r =
new PEMReader(
new StringReader(privateKey),
passphrase == null
? null
: new PasswordFinder() {
public char[] getPassword() {
return passphrase.toCharArray();
}
});
try {
Object o = r.readObject();
if (o instanceof KeyPair) {
agent.getAgent().addIdentity((KeyPair) o, comment);
}
} finally {
r.close();
}
} catch (Exception e) {
listener.getLogger().println(Messages.SSHAgentBuildWrapper_UnableToReadKey(e.getMessage()));
e.printStackTrace(listener.getLogger());
}
}
private static Key loadKeyEncryptionKey() throws Exception {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
PEMReader pr = new PEMReader(new FileReader(EncryptTool.PRIVATE_KEY));
KeyPair k = (KeyPair) pr.readObject();
pr.close();
return k.getPrivate();
}
public static X509CertificateObject getCertificate() {
if (cert == null) {
try {
File f = new File(XMPConfig.getCertfile());
FileReader fr;
fr = new FileReader(f);
PEMReader r = new PEMReader(fr);
Object o = r.readObject();
if (o instanceof X509CertificateObject) {
cert = (X509CertificateObject) o;
}
cert.checkValidity();
r.close();
} catch (FileNotFoundException e) {
logger.error("FATAL: couldn't load certificate file", e);
System.exit(1);
} catch (NullPointerException e) {
logger.error("FATAL: couldn't load certificate file", e);
System.exit(1);
} catch (IOException e) {
logger.error("FATAL: couldn't load certificate file", e);
System.exit(1);
} catch (CertificateExpiredException e) {
logger.error("FATAL: couldn't load certificate file", e);
System.exit(1);
} catch (CertificateNotYetValidException e) {
logger.error("FATAL: couldn't load certificate file", e);
System.exit(1);
}
}
return cert;
}
public static List<X509CertificateObject> getTrustedCerts() {
if (intermediates == null) {
intermediates = new ArrayList<X509CertificateObject>();
File dir = new File(XMPConfig.getTrustedCertsDir());
File[] listFiles = dir.listFiles();
for (File file : listFiles) {
try {
FileReader fr;
fr = new FileReader(file);
PEMReader p = new PEMReader(fr);
Object o = p.readObject();
X509CertificateObject cert = null;
if (o instanceof X509CertificateObject) {
cert = (X509CertificateObject) o;
intermediates.add(cert);
}
p.close();
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (NullPointerException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
}
return intermediates;
}
/** @param args */
public static void main(String[] args) throws Exception {
if (args.length < 3) {
System.err.println(
"Usage: OSSLoadAgent OSS_URL SECRET_NAME WRAPPED_PASSPHRASE AGENT_AUTH_SOCK [KEY_FILE]");
System.exit(1);
}
SSHAgentClient sshAgent = new SSHAgentClient(args[2]);
// Get the secret from OSS
// FIXME ? Provide a way to specify the ssh signing key fingerprint
byte[] secret = OSSClient.getSecret(args[0], args[1], null);
// Use the secret to unwrap the passphrase
byte[] unwrap = CryptoHelper.unwrapBlob(secret, Hex.decode(args[3]));
String password = new String(unwrap, "UTF-8");
// Read private keys
// openssh store it in PEM format
List<File> sshKeyFiles;
if (args.length > 4) {
sshKeyFiles = new ArrayList<File>(1);
sshKeyFiles.add(new File(args[4]));
} else {
sshKeyFiles = getDefaultsKeyFiles();
}
for (File sshKeyFile : sshKeyFiles) {
Reader fRd = new BufferedReader(new FileReader(sshKeyFile));
PEMReader pem = new PEMReader(fRd, new DefaultPasswordFinder(password.toCharArray()), "BC");
Object o;
try {
while ((o = pem.readObject()) != null) {
if (o instanceof KeyPair) {
KeyPair kp = (KeyPair) o;
// Add the identity in the ssh-agent
byte[] keyblob = CryptoHelper.sshPrivateKeyBlobFromKeyPair(kp);
System.out.println("Loading " + sshKeyFile.getPath());
sshAgent.addIdentity(keyblob, sshKeyFile.getPath());
}
}
} catch (EncryptionException ee) {
System.err.println("Can't read private key in " + sshKeyFile.getAbsolutePath());
ee.printStackTrace();
}
pem.close();
}
System.out.println("Keys in agent:");
List<SSHKey> identities = sshAgent.requestIdentities();
for (SSHKey identity : identities) {
System.out.println(identity);
}
}
private static KeyPair getKey() {
if (keyPair == null) {
try {
File f = new File(XMPConfig.getKeyfile());
FileReader r = new FileReader(f);
PEMReader pr = new PEMReader(r);
Object o = pr.readObject();
keyPair = (KeyPair) o;
pr.close();
} catch (FileNotFoundException e) {
logger.error("FATAL: couldn't load private key", e);
System.exit(1);
} catch (NullPointerException e) {
logger.error("FATAL: couldn't load private key", e);
System.exit(1);
} catch (IOException e) {
logger.error("FATAL: couldn't load private key", e);
System.exit(1);
}
}
return keyPair;
}
@Override
protected KeyPair[] loadKeys() {
if (!SecurityUtils.isBouncyCastleRegistered()) {
throw new IllegalStateException("BouncyCastle must be registered as a JCE provider");
}
List<KeyPair> keys = new ArrayList<KeyPair>();
if (key != null) {
try {
PEMReader r =
new PEMReader(new InputStreamReader(new ByteArrayInputStream(key.getContent())));
try {
Object o = r.readObject();
if (o instanceof KeyPair) {
keys.add((KeyPair) o);
}
} finally {
r.close();
}
} catch (Exception e) {
LOG.info("Unable to read key {}: {}", key, e);
}
}
return keys.toArray(new KeyPair[keys.size()]);
}
@Override
public KeyConfiguration getKeyConfiguration() throws ConfigurationLoadingException {
if (keyConfiguration == null) {
// Load values out of configuration
logger.trace("Loading Key Configuration");
keyConfiguration = new KeyConfiguration();
FileReader fileReader;
try {
// Load Key Agreement Private Key
fileReader =
new FileReader(
propertiesConfiguration.getString(
PropertiesConfigurationEntries.SECURITY_KEYAGREEMENT_KEYPATH));
PEMReader pemReader = new PEMReader(fileReader);
KeyPair keyPair = (KeyPair) pemReader.readObject();
keyConfiguration.setKeyAgreementPrivateKey(keyPair.getPrivate());
pemReader.close();
fileReader.close();
// Load Blob Private Key
fileReader =
new FileReader(
propertiesConfiguration.getString(
PropertiesConfigurationEntries.SECURITY_BLOB_KEYPATH_PRIVATE));
pemReader = new PEMReader(fileReader);
keyPair = (KeyPair) pemReader.readObject();
keyConfiguration.setBlobPrivateKey(keyPair.getPrivate());
pemReader.close();
fileReader.close();
// Load Blob Public Key
fileReader =
new FileReader(
propertiesConfiguration.getString(
PropertiesConfigurationEntries.SECURITY_BLOB_KEYPATH_PUBLIC));
pemReader = new PEMReader(fileReader);
X509Certificate cert = (X509Certificate) pemReader.readObject();
PublicKey publicKey = (PublicKey) cert.getPublicKey();
keyConfiguration.setBlobPublicKey(publicKey);
pemReader.close();
fileReader.close();
} catch (FileNotFoundException e) {
logger.error("Error loading the Key Configuration: " + e.getMessage());
keyConfiguration = null;
throw new ConfigurationLoadingException(
"Error loading the Key Configuration: " + e.getMessage());
} catch (IOException e) {
logger.error("Error loading the Key Configuration: " + e.getMessage());
keyConfiguration = null;
throw new ConfigurationLoadingException(
"Error loading the Key Configuration: " + e.getMessage());
} catch (Exception e) {
logger.error("Error loading the Key Configuration: " + e.getMessage());
throw new RuntimeException(e.getMessage());
}
} else {
logger.trace("Key Configuration already loaded");
}
return keyConfiguration;
}