/** * return a "public" -> rsa public key, "private" -> its corresponding private key */ public static Map<String, String> generate() { try { return generate(KeyPairGenerator.getInstance("RSA"), new SecureRandom()); } catch (NoSuchAlgorithmException e) { throw propagate(e); } }
public static Map<String, String> generate(KeyPairGenerator generator, SecureRandom rand) { KeyPair pair = generateRsaKeyPair(generator, rand); Builder<String, String> builder = ImmutableMap.builder(); builder.put("public", encodeAsOpenSSH(RSAPublicKey.class.cast(pair.getPublic()))); builder.put("private", pem(RSAPrivateKey.class.cast(pair.getPrivate()))); return builder.build(); }
/** * @param publicKeyOpenSSH * RSA public key in OpenSSH format * @return fingerprint ex. {@code 2b:a9:62:95:5b:8b:1d:61:e0:92:f7:03:10:e9:db:d9} */ public static String fingerprintPublicKey(String publicKeyOpenSSH) { RSAPublicKeySpec publicKeySpec = publicKeySpecFromOpenSSH(publicKeyOpenSSH); return fingerprint(publicKeySpec.getPublicExponent(), publicKeySpec.getModulus()); }
/** * @param publicKeyOpenSSH * RSA public key in OpenSSH format * @param fingerprint * ex. {@code 2b:a9:62:95:5b:8b:1d:61:e0:92:f7:03:10:e9:db:d9} * @return true if the keypair has the same fingerprint as supplied */ public static boolean publicKeyHasFingerprint(String publicKeyOpenSSH, String fingerprint) { return publicKeyHasFingerprint(publicKeySpecFromOpenSSH(publicKeyOpenSSH), fingerprint); }
/** * @param privateKeyPEM * RSA private key in PEM format * @param publicKeyOpenSSH * RSA public key in OpenSSH format * @return true if the keypairs match */ public static boolean privateKeyMatchesPublicKey(String privateKeyPEM, String publicKeyOpenSSH) { KeySpec privateKeySpec = privateKeySpec(privateKeyPEM); checkArgument(privateKeySpec instanceof RSAPrivateCrtKeySpec, "incorrect format expected RSAPrivateCrtKeySpec was %s", privateKeySpec); return privateKeyMatchesPublicKey(RSAPrivateCrtKeySpec.class.cast(privateKeySpec), publicKeySpecFromOpenSSH(publicKeyOpenSSH)); }
public JschSshClient(ProxyConfig proxyConfig, BackoffLimitedRetryHandler backoffLimitedRetryHandler, HostAndPort socket, LoginCredentials loginCredentials, int timeout, Optional<Connector> agentConnector) { this.user = checkNotNull(loginCredentials, "loginCredentials").getUser(); this.host = checkNotNull(socket, "socket").getHostText(); checkArgument(socket.getPort() > 0, "ssh port must be greater then zero" + socket.getPort()); checkArgument(loginCredentials.getOptionalPassword().isPresent() || loginCredentials.hasUnencryptedPrivateKey() || agentConnector.isPresent(), "you must specify a password, a key or an SSH agent needs to be available"); this.backoffLimitedRetryHandler = checkNotNull(backoffLimitedRetryHandler, "backoffLimitedRetryHandler"); if (loginCredentials.hasUnencryptedPrivateKey()) { String fingerPrint = fingerprintPrivateKey(loginCredentials.getOptionalPrivateKey().get()); String sha1 = sha1PrivateKey(loginCredentials.getOptionalPrivateKey().get()); this.toString = String.format("%s:rsa[fingerprint(%s),sha1(%s)]@%s:%d", loginCredentials.getUser(), fingerPrint, sha1, host, socket.getPort()); } else if (loginCredentials.getOptionalPassword().isPresent()) { this.toString = String.format("%s:pw[%s]@%s:%d", loginCredentials.getUser(), base16().lowerCase().encode(md5().hashString(loginCredentials.getOptionalPassword().get(), UTF_8).asBytes()), host, socket.getPort()); } else { this.toString = String.format("%s:rsa[ssh-agent]@%s:%d", loginCredentials.getUser(), host, socket.getPort()); } sessionConnection = SessionConnection.builder().hostAndPort(HostAndPort.fromParts(host, socket.getPort())).loginCredentials( loginCredentials).proxy(checkNotNull(proxyConfig, "proxyConfig")).connectTimeout(timeout).sessionTimeout(timeout) .agentConnector(agentConnector).build(); }
public KeyPair build() { if (fingerprint == null && keyMaterial != null) fingerprint(SshKeys.fingerprintPrivateKey(keyMaterial)); return new KeyPair(region, keyName, sha1OfPrivateKey, keyMaterial, fingerprint); }
assertTrue(SshKeys.privateKeyMatchesPublicKey(privateKey, publicKey)); assertEquals(SshKeys.fingerprintPublicKey(publicKey), expectedFingerprint); assertEquals(SshKeys.fingerprintPrivateKey(privateKey), expectedFingerprint);
private static String computeFingerprint(PublicKey key) { if (key instanceof RSAPublicKey) { RSAPublicKey rsaKey = (RSAPublicKey) key; return SshKeys.fingerprint(rsaKey.getPublicExponent(), rsaKey.getModulus()); } else { throw new IllegalArgumentException("Only RSA keys are supported"); } }
@Test public void testCanGenerate() { Map<String, String> map = generate(); assert map.get("public").startsWith("ssh-rsa ") : map; assert map.get("private").startsWith("-----BEGIN RSA PRIVATE KEY-----") : map; assert privateKeyMatchesPublicKey(map.get("private"), map.get("public")) : map; }
@Test public void testEncodeAsOpenSSH() throws IOException, InvalidKeySpecException, NoSuchAlgorithmException { String encoded = SshKeys.encodeAsOpenSSH((RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic( SshKeys.publicKeySpecFromOpenSSH(Payloads.newPayload(getClass().getResourceAsStream("/test.pub"))))); assertEquals(encoded, Strings2.toStringAndClose(getClass().getResourceAsStream("/test.pub")).trim()); }
@Test public void testRegisterDeleteSSHKeyPair() { final Map<String, String> sshKey = SshKeys.generate(); final String publicKey = sshKey.get("public"); sshKeyPair = client.getSSHKeyPairClient().registerSSHKeyPair(keyPairName, publicKey); assertNull(sshKeyPair.getPrivateKey()); checkSSHKeyPair(sshKeyPair); client.getSSHKeyPairClient().deleteSSHKeyPair(keyPairName); assertEquals(client.getSSHKeyPairClient().getSSHKeyPair(sshKeyPair.getName()), null); assertEquals(SshKeys.fingerprintPublicKey(publicKey), sshKeyPair.getFingerprint()); sshKeyPair = null; }
/** * @param privateKeyPEM * RSA private key in PEM format * @param fingerprint * ex. {@code 2b:a9:62:95:5b:8b:1d:61:e0:92:f7:03:10:e9:db:d9} * @return true if the keypair has the same fingerprint as supplied */ public static boolean privateKeyHasFingerprint(String privateKeyPEM, String fingerprint) { KeySpec privateKeySpec = privateKeySpec(privateKeyPEM); checkArgument(privateKeySpec instanceof RSAPrivateCrtKeySpec, "incorrect format expected RSAPrivateCrtKeySpec was %s", privateKeySpec); return privateKeyHasFingerprint(RSAPrivateCrtKeySpec.class.cast(privateKeySpec), fingerprint); }
/** * @param privateKeyPEM * RSA private key in PEM format * @param sha1HexColonDelimited * ex. {@code 2b:a9:62:95:5b:8b:1d:61:e0:92:f7:03:10:e9:db:d9} * @return true if the keypair has the same fingerprint as supplied */ public static boolean privateKeyHasSha1(String privateKeyPEM, String sha1HexColonDelimited) { KeySpec privateKeySpec = privateKeySpec(privateKeyPEM); checkArgument(privateKeySpec instanceof RSAPrivateCrtKeySpec, "incorrect format expected RSAPrivateCrtKeySpec was %s", privateKeySpec); return privateKeyHasSha1(RSAPrivateCrtKeySpec.class.cast(privateKeySpec), sha1HexColonDelimited); }
assert SshKeys.privateKeyHasSha1(result.getKeyMaterial(), result.getSha1OfPrivateKey()); assert SshKeys.privateKeyHasFingerprint(result.getKeyMaterial(), result.getFingerprint());
@Override public String apply(PublicKey input) { if (input instanceof RSAPublicKey) { return SshKeys.encodeAsOpenSSH((RSAPublicKey) input); } else if (input instanceof DSAPublicKey) { return DSAKeys.encodeAsOpenSSH((DSAPublicKey) input); } else { throw new IllegalArgumentException("Only RSA and DSA keys are supported"); } } };
@Test public void testPrivateKeyMatchesPublicKeyString() throws IOException { String privKey = Strings2.toStringAndClose(getClass().getResourceAsStream("/test")); String pubKey = Strings2.toStringAndClose(getClass().getResourceAsStream("/test.pub")); assert privateKeyMatchesPublicKey(privKey, pubKey); }
public JschSshClient(ProxyConfig proxyConfig, BackoffLimitedRetryHandler backoffLimitedRetryHandler, HostAndPort socket, LoginCredentials loginCredentials, int timeout) { this.user = checkNotNull(loginCredentials, "loginCredentials").getUser(); this.host = checkNotNull(socket, "socket").getHostText(); checkArgument(socket.getPort() > 0, "ssh port must be greater then zero" + socket.getPort()); checkArgument(loginCredentials.getPassword() != null || loginCredentials.getPrivateKey() != null, "you must specify a password or a key"); this.backoffLimitedRetryHandler = checkNotNull(backoffLimitedRetryHandler, "backoffLimitedRetryHandler"); if (loginCredentials.getPrivateKey() == null) { this.toString = String.format("%s:pw[%s]@%s:%d", loginCredentials.getUser(), base16().lowerCase().encode(md5().hashString(loginCredentials.getPassword(), UTF_8).asBytes()), host, socket.getPort()); } else { String fingerPrint = fingerprintPrivateKey(loginCredentials.getPrivateKey()); String sha1 = sha1PrivateKey(loginCredentials.getPrivateKey()); this.toString = String.format("%s:rsa[fingerprint(%s),sha1(%s)]@%s:%d", loginCredentials.getUser(), fingerPrint, sha1, host, socket.getPort()); } sessionConnection = SessionConnection.builder().hostAndPort(HostAndPort.fromParts(host, socket.getPort())).loginCredentials( loginCredentials).proxy(checkNotNull(proxyConfig, "proxyConfig")).connectTimeout(timeout).sessionTimeout(timeout).build(); }
public KeyPair build() { if (fingerprint == null && keyMaterial != null) fingerprint(SshKeys.fingerprintPrivateKey(keyMaterial)); return new KeyPair(region, keyName, sha1OfPrivateKey, keyMaterial, fingerprint); }
assertTrue(SshKeys.privateKeyMatchesPublicKey(privateKey, publicKey)); assertEquals(SshKeys.fingerprintPublicKey(publicKey), expectedFingerprint); assertEquals(SshKeys.fingerprintPrivateKey(privateKey), expectedFingerprint);