/** * Utility function for createing a {@link KeyProvider} instance from given location on the file system. Creates a * one-off {@link PasswordFinder} using {@link PasswordUtils#createOneOff(char[])}, and calls {@link * #loadKeys(String, PasswordFinder)}. * * @param location location of the key file * @param passphrase passphrase as a char-array * * @return the key provider ready for use in authentication * * @throws SSHException if there was no suitable key provider available for the file format; typically because * BouncyCastle is not in the classpath * @throws IOException if the key file format is not known, if the file could not be read, etc. */ public KeyProvider loadKeys(String location, char[] passphrase) throws IOException { return loadKeys(location, PasswordUtils.createOneOff(passphrase)); }
@Override public char[] reqPassword(Resource<?> resource) { char[] cloned = password.clone(); blankOut(password); return cloned; }
@Test public void blankingOut() throws IOException, GeneralSecurityException { FileKeyProvider dsa = new OpenSSHKeyFile(); dsa.init(new File("src/test/resources/id_dsa"), PasswordUtils.createOneOff(correctPassphrase)); assertEquals(KeyUtil.newDSAPrivateKey(x, p, q, g), dsa.getPrivate()); char[] blank = new char[correctPassphrase.length]; Arrays.fill(blank, ' '); assertArrayEquals(blank, correctPassphrase); }
/** * Authenticate {@code username} using the {@code "password"} authentication method and as a fallback basic * challenge-response authentication.. The {@code password} array is blanked out after use. * * @param username user to authenticate * @param password the password to use for authentication * * @throws UserAuthException in case of authentication failure * @throws TransportException if there was a transport-layer error */ public void authPassword(final String username, final char[] password) throws UserAuthException, TransportException { try { authPassword(username, new PasswordFinder() { @Override public char[] reqPassword(Resource<?> resource) { return password.clone(); } @Override public boolean shouldRetry(Resource<?> resource) { return false; } }); } finally { PasswordUtils.blankOut(password); } }
@Test public void shouldSuccessfullyLoadSignedRSAPublicKey() throws IOException { FileKeyProvider keyFile = new OpenSSHKeyFile(); keyFile.init(new File("src/test/resources/keytypes/certificate/test_rsa"), PasswordUtils.createOneOff(correctPassphrase)); assertNotNull(keyFile.getPrivate()); PublicKey pubKey = keyFile.getPublic(); assertEquals("RSA", pubKey.getAlgorithm()); @SuppressWarnings("unchecked") Certificate<RSAPublicKey> certificate = (Certificate<RSAPublicKey>) pubKey; assertEquals(new BigInteger("9223372036854775809"), certificate.getSerial()); assertEquals("testrsa", certificate.getId()); assertEquals(2, certificate.getValidPrincipals().size()); assertTrue(certificate.getValidPrincipals().contains("jeroen")); assertTrue(certificate.getValidPrincipals().contains("nobody")); assertEquals(parseDate("2017-04-11 17:38:00 -0400"), certificate.getValidAfter()); assertEquals(parseDate("2017-04-11 18:09:27 -0400"), certificate.getValidBefore()); assertEquals(0, certificate.getCritOptions().size()); Map<String, String> extensions = certificate.getExtensions(); assertEquals(5, extensions.size()); assertEquals("", extensions.get("permit-X11-forwarding")); assertEquals("", extensions.get("permit-agent-forwarding")); assertEquals("", extensions.get("permit-port-forwarding")); assertEquals("", extensions.get("permit-pty")); assertEquals("", extensions.get("permit-user-rc")); }
this.verify(new String(passphrase)); } finally { PasswordUtils.blankOut(passphrase);
@Test public void shouldSuccessfullyLoadSignedDSAPublicKey() throws IOException { FileKeyProvider keyFile = new OpenSSHKeyFile(); keyFile.init(new File("src/test/resources/keytypes/certificate/test_dsa"), PasswordUtils.createOneOff(correctPassphrase)); assertNotNull(keyFile.getPrivate()); PublicKey pubKey = keyFile.getPublic(); assertEquals("DSA", pubKey.getAlgorithm()); @SuppressWarnings("unchecked") Certificate<RSAPublicKey> certificate = (Certificate<RSAPublicKey>) pubKey; assertEquals(new BigInteger("123"), certificate.getSerial()); assertEquals("testdsa", certificate.getId()); assertEquals(1, certificate.getValidPrincipals().size()); assertTrue(certificate.getValidPrincipals().contains("jeroen")); assertEquals(parseDate("2017-04-11 17:37:00 -0400"), certificate.getValidAfter()); assertEquals(parseDate("2017-04-12 03:38:49 -0400"), certificate.getValidBefore()); assertEquals(1, certificate.getCritOptions().size()); assertEquals("10.0.0.0/8", certificate.getCritOptions().get("source-address")); assertEquals(1, certificate.getExtensions().size()); assertEquals("", certificate.getExtensions().get("permit-pty")); }
kp = pemConverter.getKeyPair(encryptedKeyPair.decryptKeyPair(decryptorBuilder.build(passphrase))); } finally { PasswordUtils.blankOut(passphrase);
@Test public void fromString() throws IOException, GeneralSecurityException { FileKeyProvider dsa = new OpenSSHKeyFile(); String privateKey = readFile("src/test/resources/id_dsa"); String publicKey = readFile("src/test/resources/id_dsa.pub"); dsa.init(privateKey, publicKey, PasswordUtils.createOneOff(correctPassphrase)); assertEquals(dsa.getType(), KeyType.DSA); assertEquals(KeyUtil.newDSAPublicKey(y, p, q, g), dsa.getPublic()); assertEquals(KeyUtil.newDSAPrivateKey(x, p, q, g), dsa.getPrivate()); }
@Override public char[] reqPassword(Resource<?> resource) { char[] cloned = password.clone(); blankOut(password); return cloned; }
/** * Utility function for createing a {@link KeyProvider} instance from given location on the file system. Creates a * one-off {@link PasswordFinder} using {@link PasswordUtils#createOneOff(char[])}, and calls {@link * #loadKeys(String, PasswordFinder)}. * * @param location location of the key file * @param passphrase passphrase as a char-array * * @return the key provider ready for use in authentication * * @throws SSHException if there was no suitable key provider available for the file format; typically because * BouncyCastle is not in the classpath * @throws IOException if the key file format is not known, if the file could not be read, etc. */ public KeyProvider loadKeys(String location, char[] passphrase) throws IOException { return loadKeys(location, PasswordUtils.createOneOff(passphrase)); }
@Override public char[] reqPassword(Resource<?> resource) { char[] cloned = password.clone(); blankOut(password); return cloned; }
/** * Utility function for createing a {@link KeyProvider} instance from given location on the file system. Creates a * one-off {@link PasswordFinder} using {@link PasswordUtils#createOneOff(char[])}, and calls {@link * #loadKeys(String, PasswordFinder)}. * * @param location location of the key file * @param passphrase passphrase as a char-array * * @return the key provider ready for use in authentication * * @throws SSHException if there was no suitable key provider available for the file format; typically because * BouncyCastle is not in the classpath * @throws IOException if the key file format is not known, if the file could not be read, etc. */ public KeyProvider loadKeys(String location, char[] passphrase) throws IOException { return loadKeys(location, PasswordUtils.createOneOff(passphrase)); }
/** * Authenticate {@code username} using the {@code "password"} authentication method and as a fallback basic * challenge-response authentication.. The {@code password} array is blanked out after use. * * @param username user to authenticate * @param password the password to use for authentication * * @throws UserAuthException in case of authentication failure * @throws TransportException if there was a transport-layer error */ public void authPassword(final String username, final char[] password) throws UserAuthException, TransportException { try { authPassword(username, new PasswordFinder() { @Override public char[] reqPassword(Resource<?> resource) { return password.clone(); } @Override public boolean shouldRetry(Resource<?> resource) { return false; } }); } finally { PasswordUtils.blankOut(password); } }
key.init(privateKeyData, null, GroovyJavaMethods.truth(privateKeyPassphrase) ? PasswordUtils.createOneOff(privateKeyPassphrase.toCharArray()) : null); ssh.authPublickey(username, key); key.init(privateKeyFile, GroovyJavaMethods.truth(privateKeyPassphrase) ? PasswordUtils.createOneOff(privateKeyPassphrase.toCharArray()) : null); ssh.authPublickey(username, key);
/** * Authenticate {@code username} using the {@code "password"} authentication method and as a fallback basic * challenge-response authentication.. The {@code password} array is blanked out after use. * * @param username user to authenticate * @param password the password to use for authentication * * @throws UserAuthException in case of authentication failure * @throws TransportException if there was a transport-layer error */ public void authPassword(final String username, final char[] password) throws UserAuthException, TransportException { try { authPassword(username, new PasswordFinder() { @Override public char[] reqPassword(Resource<?> resource) { return password.clone(); } @Override public boolean shouldRetry(Resource<?> resource) { return false; } }); } finally { PasswordUtils.blankOut(password); } }
key.init(privateKeyData, null, JavaGroovyEquivalents.groovyTruth(privateKeyPassphrase) ? PasswordUtils.createOneOff(privateKeyPassphrase.toCharArray()) : null); ssh.authPublickey(username, key); key.init(privateKeyFile, JavaGroovyEquivalents.groovyTruth(privateKeyPassphrase) ? PasswordUtils.createOneOff(privateKeyPassphrase.toCharArray()) : null); ssh.authPublickey(username, key);
this.verify(new String(passphrase)); } finally { PasswordUtils.blankOut(passphrase);
PasswordUtils.blankOut(passphrase);
kp = pemConverter.getKeyPair(encryptedKeyPair.decryptKeyPair(decryptorBuilder.build(passphrase))); } finally { PasswordUtils.blankOut(passphrase);