/* * Copyright (C) 2018, Thomas Wolf * and other copyright owners as documented in the project's IP log. * * This program and the accompanying materials are made available * under the terms of the Eclipse Distribution License v1.0 which * accompanies this distribution, is reproduced below, and is * available at http://www.eclipse.org/org/documents/edl-v10.php * * All rights reserved. * * Redistribution and use in source and binary forms, with or * without modification, are permitted provided that the following * conditions are met: * * - Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * - Redistributions in binary form must reproduce the above * copyright notice, this list of conditions and the following * disclaimer in the documentation and/or other materials provided * with the distribution. * * - Neither the name of the Eclipse Foundation, Inc. nor the * names of its contributors may be used to endorse or promote * products derived from this software without specific prior * written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package org.eclipse.jgit.internal.transport.sshd; import static java.text.MessageFormat.format; import java.io.IOException; import java.io.InputStream; import java.nio.file.Path; import java.security.GeneralSecurityException; import java.security.InvalidKeyException; import java.security.KeyPair; import java.security.NoSuchProviderException; import java.security.PrivateKey; import java.util.Collection; import java.util.Iterator; import java.util.List; import javax.security.auth.DestroyFailedException; import org.apache.sshd.common.config.keys.FilePasswordProvider; import org.apache.sshd.common.config.keys.loader.KeyPairResourceParser; import org.apache.sshd.common.keyprovider.FileKeyPairProvider; import org.apache.sshd.common.util.io.IoUtils; import org.apache.sshd.common.util.security.SecurityUtils; import org.eclipse.jgit.internal.transport.sshd.RepeatingFilePasswordProvider.ResourceDecodeResult; /** * A {@link FileKeyPairProvider} that asks repeatedly for a passphrase for an * encrypted private key if the {@link FilePasswordProvider} is a * {@link RepeatingFilePasswordProvider}. */ public abstract class EncryptedFileKeyPairProvider extends FileKeyPairProvider { // TODO: remove this class once we're based on sshd > 2.1.0. See upstream // issue SSHD-850 https://issues.apache.org/jira/browse/SSHD-850 and commit // https://github.com/apache/mina-sshd/commit/f19bd2e34 /** * Creates a new {@link EncryptedFileKeyPairProvider} for the given * {@link Path}s. * * @param paths * to read keys from */ public EncryptedFileKeyPairProvider(List paths) { super(paths); } @Override protected KeyPair doLoadKey(String resourceKey, InputStream inputStream, FilePasswordProvider provider) throws IOException, GeneralSecurityException { if (!(provider instanceof RepeatingFilePasswordProvider)) { return super.doLoadKey(resourceKey, inputStream, provider); } KeyPairResourceParser parser = SecurityUtils.getKeyPairResourceParser(); if (parser == null) { // This is an internal configuration error, thus no translation. throw new NoSuchProviderException( "No registered key-pair resource parser"); //$NON-NLS-1$ } RepeatingFilePasswordProvider realProvider = (RepeatingFilePasswordProvider) provider; // Read the stream now so that we can process the content several // times. List lines = IoUtils.readAllLines(inputStream); Collection ids = null; while (ids == null) { try { ids = parser.loadKeyPairs(resourceKey, realProvider, lines); realProvider.handleDecodeAttemptResult(resourceKey, "", null); //$NON-NLS-1$ // No exception; success. Exit the loop even if ids is still // null! break; } catch (IOException | GeneralSecurityException | RuntimeException e) { ResourceDecodeResult loadResult = realProvider .handleDecodeAttemptResult(resourceKey, "", e); //$NON-NLS-1$ if (loadResult == null || loadResult == ResourceDecodeResult.TERMINATE) { throw e; } else if (loadResult == ResourceDecodeResult.RETRY) { continue; } // IGNORE doesn't make any sense here, but OK, let's ignore it. // ids == null, so we'll throw an exception below. break; } } if (ids == null) { // The javadoc on loadKeyPairs says it might return null if no // key pair found. Bad API. throw new InvalidKeyException( format(SshdText.get().identityFileNoKey, resourceKey)); } Iterator keys = ids.iterator(); if (!keys.hasNext()) { throw new InvalidKeyException(format( SshdText.get().identityFileUnsupportedFormat, resourceKey)); } KeyPair result = keys.next(); if (keys.hasNext()) { log.warn(format(SshdText.get().identityFileMultipleKeys, resourceKey)); keys.forEachRemaining(k -> { PrivateKey pk = k.getPrivate(); if (pk != null) { try { pk.destroy(); } catch (DestroyFailedException e) { // Ignore } } }); } return result; } }