mirrors
/
jgit
mirror of https://github.com/eclipse/jgit.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 204 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6486 Commits
49 Branches
Tree: 488d95571f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '488d95571f'
${ noResults }
jgit/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPublicKeyIterator.java

JGitPublicKeyIterator.java 8.3KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275 
  1. /*

  2.  * Copyright (C) 2018, Thomas Wolf <thomas.wolf@paranor.ch>

  3.  * and other copyright owners as documented in the project's IP log.

  4.  *

  5.  * This program and the accompanying materials are made available

  6.  * under the terms of the Eclipse Distribution License v1.0 which

  7.  * accompanies this distribution, is reproduced below, and is

  8.  * available at http://www.eclipse.org/org/documents/edl-v10.php

  9.  *

  10.  * All rights reserved.

  11.  *

  12.  * Redistribution and use in source and binary forms, with or

  13.  * without modification, are permitted provided that the following

  14.  * conditions are met:

  15.  *

  16.  * - Redistributions of source code must retain the above copyright

  17.  *   notice, this list of conditions and the following disclaimer.

  18.  *

  19.  * - Redistributions in binary form must reproduce the above

  20.  *   copyright notice, this list of conditions and the following

  21.  *   disclaimer in the documentation and/or other materials provided

  22.  *   with the distribution.

  23.  *

  24.  * - Neither the name of the Eclipse Foundation, Inc. nor the

  25.  *   names of its contributors may be used to endorse or promote

  26.  *   products derived from this software without specific prior

  27.  *   written permission.

  28.  *

  29.  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND

  30.  * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,

  31.  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES

  32.  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  33.  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR

  34.  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  35.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  36.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  37.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER

  38.  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  39.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  40.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF

  41.  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

  42.  */

  43. package org.eclipse.jgit.internal.transport.sshd;

  44. 

  45. import java.io.IOException;

  46. import java.nio.channels.Channel;

  47. import java.security.KeyPair;

  48. import java.security.PublicKey;

  49. import java.util.ArrayList;

  50. import java.util.Iterator;

  51. import java.util.List;

  52. import java.util.Map;

  53. import java.util.NoSuchElementException;

  54. import java.util.concurrent.atomic.AtomicBoolean;

  55. 

  56. import org.apache.sshd.agent.SshAgent;

  57. import org.apache.sshd.agent.SshAgentFactory;

  58. import org.apache.sshd.client.auth.pubkey.AbstractKeyPairIterator;

  59. import org.apache.sshd.client.auth.pubkey.KeyAgentIdentity;

  60. import org.apache.sshd.client.auth.pubkey.KeyPairIdentity;

  61. import org.apache.sshd.client.auth.pubkey.PublicKeyIdentity;

  62. import org.apache.sshd.client.config.hosts.HostConfigEntry;

  63. import org.apache.sshd.client.session.ClientSession;

  64. import org.apache.sshd.common.FactoryManager;

  65. import org.apache.sshd.common.keyprovider.KeyIdentityProvider;

  66. import org.apache.sshd.common.signature.SignatureFactoriesManager;

  67. 

  68. /**

  69.  * A new iterator over key pairs that we use instead of the default

  70.  * {@link org.apache.sshd.client.auth.pubkey.UserAuthPublicKeyIterator}, which

  71.  * in its constructor does some strange {@link java.util.stream.Stream} "magic"

  72.  * that ends up loading keys prematurely. This class uses plain

  73.  * {@link Iterator}s instead to avoid that problem. Used in

  74.  * {@link JGitPublicKeyAuthentication}.

  75.  *

  76.  * @see <a href=

  77.  *      "https://issues.apache.org/jira/projects/SSHD/issues/SSHD-860">Upstream

  78.  *      issue SSHD-860</a>

  79.  */

  80. public class JGitPublicKeyIterator

  81. 		extends AbstractKeyPairIterator<PublicKeyIdentity> implements Channel {

  82. 

  83. 	// Re: the cause for the problem mentioned above has not been determined.

  84. 	// It looks as if either the Apache code inadvertently calls

  85. 	// GenericUtils.isEmpty() on all streams (which would load the first key

  86. 	// of each stream), or the Java stream implementation does some prefetching.

  87. 	// It's not entirely clear. Using Iterators we have more control over

  88. 	// what happens when.

  89. 

  90. 	private final AtomicBoolean open = new AtomicBoolean(true);

  91. 

  92. 	private SshAgent agent;

  93. 

  94. 	private final List<Iterator<PublicKeyIdentity>> keys = new ArrayList<>(3);

  95. 

  96. 	private final Iterator<Iterator<PublicKeyIdentity>> keyIter;

  97. 

  98. 	private Iterator<PublicKeyIdentity> current;

  99. 

  100. 	private Boolean hasElement;

  101. 

  102. 	/**

  103. 	 * Creates a new {@link JGitPublicKeyIterator}.

  104. 	 *

  105. 	 * @param session

  106. 	 *            we're trying to authenticate

  107. 	 * @param signatureFactories

  108. 	 *            to use

  109. 	 * @throws Exception

  110. 	 *             if an {@link SshAgentFactory} is configured and getting

  111. 	 *             identities from the agent fails

  112. 	 */

  113. 	public JGitPublicKeyIterator(ClientSession session,

  114. 			SignatureFactoriesManager signatureFactories) throws Exception {

  115. 		super(session);

  116. 		boolean useAgent = true;

  117. 		if (session instanceof JGitClientSession) {

  118. 			HostConfigEntry config = ((JGitClientSession) session)

  119. 					.getHostConfigEntry();

  120. 			useAgent = !config.isIdentitiesOnly();

  121. 		}

  122. 		if (useAgent) {

  123. 			FactoryManager manager = session.getFactoryManager();

  124. 			SshAgentFactory factory = manager == null ? null

  125. 					: manager.getAgentFactory();

  126. 			if (factory != null) {

  127. 				try {

  128. 					agent = factory.createClient(manager);

  129. 					keys.add(new AgentIdentityIterator(agent));

  130. 				} catch (IOException e) {

  131. 					try {

  132. 						closeAgent();

  133. 					} catch (IOException err) {

  134. 						e.addSuppressed(err);

  135. 					}

  136. 					throw e;

  137. 				}

  138. 			}

  139. 		}

  140. 		keys.add(

  141. 				new KeyPairIdentityIterator(session.getRegisteredIdentities(),

  142. 						session, signatureFactories));

  143. 		keys.add(new KeyPairIdentityIterator(session.getKeyPairProvider(),

  144. 				session, signatureFactories));

  145. 		keyIter = keys.iterator();

  146. 	}

  147. 

  148. 	@Override

  149. 	public boolean isOpen() {

  150. 		return open.get();

  151. 	}

  152. 

  153. 	@Override

  154. 	public void close() throws IOException {

  155. 		if (open.getAndSet(false)) {

  156. 			closeAgent();

  157. 		}

  158. 	}

  159. 

  160. 	@Override

  161. 	public boolean hasNext() {

  162. 		if (!isOpen()) {

  163. 			return false;

  164. 		}

  165. 		if (hasElement != null) {

  166. 			return hasElement.booleanValue();

  167. 		}

  168. 		while (current == null || !current.hasNext()) {

  169. 			if (keyIter.hasNext()) {

  170. 				current = keyIter.next();

  171. 			} else {

  172. 				current = null;

  173. 				hasElement = Boolean.FALSE;

  174. 				return false;

  175. 			}

  176. 		}

  177. 		hasElement = Boolean.TRUE;

  178. 		return true;

  179. 	}

  180. 

  181. 	@Override

  182. 	public PublicKeyIdentity next() {

  183. 		if (!isOpen() || hasElement == null && !hasNext()

  184. 				|| !hasElement.booleanValue()) {

  185. 			throw new NoSuchElementException();

  186. 		}

  187. 		hasElement = null;

  188. 		PublicKeyIdentity result;

  189. 		try {

  190. 			result = current.next();

  191. 		} catch (NoSuchElementException e) {

  192. 			result = null;

  193. 		}

  194. 		return result;

  195. 	}

  196. 

  197. 	private void closeAgent() throws IOException {

  198. 		if (agent == null) {

  199. 			return;

  200. 		}

  201. 		try {

  202. 			agent.close();

  203. 		} finally {

  204. 			agent = null;

  205. 		}

  206. 	}

  207. 

  208. 	/**

  209. 	 * An {@link Iterator} that maps the data obtained from an agent to

  210. 	 * {@link PublicKeyIdentity}.

  211. 	 */

  212. 	private static class AgentIdentityIterator

  213. 			implements Iterator<PublicKeyIdentity> {

  214. 

  215. 		private final SshAgent agent;

  216. 

  217. 		private final Iterator<? extends Map.Entry<PublicKey, String>> iter;

  218. 

  219. 		public AgentIdentityIterator(SshAgent agent) throws IOException {

  220. 			this.agent = agent;

  221. 			iter = agent == null ? null : agent.getIdentities().iterator();

  222. 		}

  223. 

  224. 		@Override

  225. 		public boolean hasNext() {

  226. 			return iter != null && iter.hasNext();

  227. 		}

  228. 

  229. 		@Override

  230. 		public PublicKeyIdentity next() {

  231. 			if (iter == null) {

  232. 				throw new NoSuchElementException();

  233. 			}

  234. 			Map.Entry<PublicKey, String> entry = iter.next();

  235. 			return new KeyAgentIdentity(agent, entry.getKey(),

  236. 					entry.getValue());

  237. 		}

  238. 	}

  239. 

  240. 	/**

  241. 	 * An {@link Iterator} that maps {@link KeyPair} to

  242. 	 * {@link PublicKeyIdentity}.

  243. 	 */

  244. 	private static class KeyPairIdentityIterator

  245. 			implements Iterator<PublicKeyIdentity> {

  246. 

  247. 		private final Iterator<KeyPair> keyPairs;

  248. 

  249. 		private final ClientSession session;

  250. 

  251. 		private final SignatureFactoriesManager signatureFactories;

  252. 

  253. 		public KeyPairIdentityIterator(KeyIdentityProvider provider,

  254. 				ClientSession session,

  255. 				SignatureFactoriesManager signatureFactories) {

  256. 			this.session = session;

  257. 			this.signatureFactories = signatureFactories;

  258. 			keyPairs = provider == null ? null : provider.loadKeys().iterator();

  259. 		}

  260. 

  261. 		@Override

  262. 		public boolean hasNext() {

  263. 			return keyPairs != null && keyPairs.hasNext();

  264. 		}

  265. 

  266. 		@Override

  267. 		public PublicKeyIdentity next() {

  268. 			if (keyPairs == null) {

  269. 				throw new NoSuchElementException();

  270. 			}

  271. 			KeyPair key = keyPairs.next();

  272. 			return new KeyPairIdentity(signatureFactories, session, key);

  273. 		}

  274. 	}

  275. }