public KeyPairWrapper(KeyPair kp) { this.kp = kp; type = KeyType.fromKey(kp.getPublic()); }
@SuppressWarnings("unchecked") public T putPublicKey(PublicKey key) { KeyType.fromKey(key).putPubKeyIntoBuffer(key, this); return (T) this; }
@Override public KeyType getType() throws IOException { return type != null ? type : (type = KeyType.fromKey(getPublic())); }
@Override protected boolean hostKeyUnverifiableAction(String hostname, PublicKey key) { final KeyType type = KeyType.fromKey(key); console.printf("The authenticity of host '%s' can't be established.\n" + "%s key fingerprint is %s.\n", hostname, type, SecurityUtils.getFingerprint(key)); String response = console.readLine("Are you sure you want to continue connecting (yes/no)? "); while (!(response.equalsIgnoreCase(YES) || response.equalsIgnoreCase(NO))) { response = console.readLine("Please explicitly enter yes/no: "); } if (response.equalsIgnoreCase(YES)) { try { entries().add(new HostEntry(null, hostname, KeyType.fromKey(key), key)); write(); console.printf("Warning: Permanently added '%s' (%s) to the list of known hosts.\n", hostname, type); } catch (IOException e) { throw new RuntimeException(e); } return true; } return false; }
@Override protected boolean hostKeyChangedAction(String hostname, PublicKey key) { final KeyType type = KeyType.fromKey(key); final String fp = SecurityUtils.getFingerprint(key); final String path = getFile().getAbsolutePath(); console.printf( "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\n" + "@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @\n" + "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\n" + "IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!\n" + "Someone could be eavesdropping on you right now (man-in-the-middle attack)!\n" + "It is also possible that the host key has just been changed.\n" + "The fingerprint for the %s key sent by the remote host is\n" + "%s.\n" + "Please contact your system administrator or" + "add correct host key in %s to get rid of this message.\n", type, fp, path); return false; }
@Override public boolean verify(final String hostname, final int port, final PublicKey key) { final KeyType type = KeyType.fromKey(key); if (type == KeyType.UNKNOWN) { return false; } final String adjustedHostname = (port != 22) ? "[" + hostname + "]:" + port : hostname; boolean foundApplicableHostEntry = false; for (KnownHostEntry e : entries) { try { if (e.appliesTo(type, adjustedHostname)) { foundApplicableHostEntry = true; if (e.verify(key)) { return true; } } } catch (IOException ioe) { log.error("Error with {}: {}", e, ioe); return false; } } if (foundApplicableHostEntry) { return hostKeyChangedAction(adjustedHostname, key); } return hostKeyUnverifiableAction(adjustedHostname, key); }
/** * Tries to validate host key with all the host key verifiers known to this instance ( {@link #hostVerifiers}) * * @param key the host key to verify * * @throws TransportException */ private synchronized void verifyHost(PublicKey key) throws TransportException { for (HostKeyVerifier hkv : hostVerifiers) { log.debug("Trying to verify host key with {}", hkv); if (hkv.verify(transport.getRemoteHost(), transport.getRemotePort(), key)) return; } log.error("Disconnecting because none of the configured Host key verifiers ({}) could verify '{}' host key with fingerprint {} for {}:{}", hostVerifiers, KeyType.fromKey(key), SecurityUtils.getFingerprint(key), transport.getRemoteHost(), transport.getRemotePort()); throw new TransportException(DisconnectReason.HOST_KEY_NOT_VERIFIABLE, "Could not verify `" + KeyType.fromKey(key) + "` host key with fingerprint `" + SecurityUtils.getFingerprint(key) + "` for `" + transport.getRemoteHost() + "` on port " + transport.getRemotePort()); }
protected SSHPacket putPubKey(SSHPacket reqBuf) throws UserAuthException { PublicKey key; try { key = kProv.getPublic(); } catch (IOException ioe) { throw new UserAuthException("Problem getting public key from " + kProv, ioe); } // public key as 2 strings: [ key type | key blob ] reqBuf.putString(KeyType.fromKey(key).toString()) .putString(new Buffer.PlainBuffer().putPublicKey(key).getCompactData()); return reqBuf; }
protected SSHPacket putSig(SSHPacket reqBuf) throws UserAuthException { PrivateKey key; try { key = kProv.getPrivate(); } catch (IOException ioe) { throw new UserAuthException("Problem getting private key from " + kProv, ioe); } final String kt = KeyType.fromKey(key).toString(); Signature signature = Factory.Named.Util.create(params.getTransport().getConfig().getSignatureFactories(), kt); if (signature == null) throw new UserAuthException("Could not create signature instance for " + kt + " key"); signature.initSign(key); signature.update(new Buffer.PlainBuffer() .putString(params.getTransport().getSessionID()) .putBuffer(reqBuf) // & rest of the data for sig .getCompactData()); reqBuf.putSignature(kt, signature.encode(signature.sign())); return reqBuf; }
KeyType.fromKey(hostKey).toString()); signature.initVerify(hostKey); signature.update(H, 0, H.length);
private boolean parseGexReply(SSHPacket buffer) throws Buffer.BufferException, GeneralSecurityException, TransportException { byte[] K_S = buffer.readBytes(); byte[] f = buffer.readBytes(); byte[] sig = buffer.readBytes(); hostKey = new Buffer.PlainBuffer(K_S).readPublicKey(); dh.computeK(f); BigInteger k = dh.getK(); final Buffer.PlainBuffer buf = initializedBuffer() .putString(K_S) .putUInt32(minBits) .putUInt32(preferredBits) .putUInt32(maxBits) .putMPInt(((DH) dh).getP()) .putMPInt(((DH) dh).getG()) .putBytes(dh.getE()) .putBytes(f) .putMPInt(k); digest.update(buf.array(), buf.rpos(), buf.available()); H = digest.digest(); Signature signature = Factory.Named.Util.create(trans.getConfig().getSignatureFactories(), KeyType.fromKey(hostKey).toString()); signature.initVerify(hostKey); signature.update(H, 0, H.length); if (!signature.verify(sig)) throw new TransportException(DisconnectReason.KEY_EXCHANGE_FAILED, "KeyExchange signature verification failed"); return true; }
public KeyPairWrapper(KeyPair kp) { this.kp = kp; type = KeyType.fromKey(kp.getPublic()); }
@SuppressWarnings("unchecked") public T putPublicKey(PublicKey key) { KeyType.fromKey(key).putPubKeyIntoBuffer(key, this); return (T) this; }
@SuppressWarnings("unchecked") public T putPublicKey(PublicKey key) { KeyType.fromKey(key).putPubKeyIntoBuffer(key, this); return (T) this; }
@Override public KeyType getType() throws IOException { return type != null ? type : (type = KeyType.fromKey(getPublic())); }
@Override public KeyType getType() throws IOException { return type != null ? type : (type = KeyType.fromKey(getPublic())); }
@Override protected boolean isUnknownKeyAccepted(final String hostname, final PublicKey key) throws ConnectionCanceledException, ChecksumException { final String message = String.format("%s. %s %s?", LocaleFactory.localizedString("Unknown fingerprint", "Sftp"), MessageFormat.format(LocaleFactory.localizedString("The fingerprint for the {1} key sent by the server is {0}.", "Sftp"), new SSHFingerprintGenerator().fingerprint(key), KeyType.fromKey(key).name()), LocaleFactory.localizedString("Continue", "Credentials")); if(!prompt.prompt(message)) { throw new ConnectionCanceledException(); } this.allow(hostname, key, true); return true; }
@Override public void loadBundle() { final NSAlert alert = NSAlert.alert(); alert.setAlertStyle(NSAlert.NSWarningAlertStyle); alert.setMessageText(MessageFormat.format(LocaleFactory.localizedString("Changed fingerprint", "Sftp"), hostname)); alert.setInformativeText(MessageFormat.format(LocaleFactory.localizedString("The fingerprint for the {1} key sent by the server is {0}.", "Sftp"), fingerprint, KeyType.fromKey(key).name())); alert.addButtonWithTitle(LocaleFactory.localizedString("Allow")); alert.addButtonWithTitle(LocaleFactory.localizedString("Deny")); alert.setShowsSuppressionButton(true); alert.suppressionButton().setTitle(LocaleFactory.localizedString("Always")); super.loadBundle(alert); }
protected SSHPacket putPubKey(SSHPacket reqBuf) throws UserAuthException { PublicKey key; try { key = kProv.getPublic(); } catch (IOException ioe) { throw new UserAuthException("Problem getting public key from " + kProv, ioe); } // public key as 2 strings: [ key type | key blob ] reqBuf.putString(KeyType.fromKey(key).toString()) .putString(new Buffer.PlainBuffer().putPublicKey(key).getCompactData()); return reqBuf; }
@Override public void loadBundle() { final NSAlert alert = NSAlert.alert(); alert.setAlertStyle(NSAlert.NSWarningAlertStyle); alert.setMessageText(MessageFormat.format(LocaleFactory.localizedString("Unknown fingerprint", "Sftp"), hostname)); alert.setInformativeText(MessageFormat.format(LocaleFactory.localizedString("The fingerprint for the {1} key sent by the server is {0}.", "Sftp"), fingerprint, KeyType.fromKey(key).name())); alert.addButtonWithTitle(LocaleFactory.localizedString("Allow")); alert.addButtonWithTitle(LocaleFactory.localizedString("Deny")); alert.setShowsSuppressionButton(true); alert.suppressionButton().setTitle(LocaleFactory.localizedString("Always")); super.loadBundle(alert); }