mirrors
/
jgit
mirror of https://github.com/eclipse/jgit.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 204 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8425 Commits
49 Branches
Tree: 729c92d723
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '729c92d723'
${ noResults }
jgit/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/ServerKeyDatabase.java

ServerKeyDatabase.java 4.1KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144 
  1. /*

  2.  * Copyright (C) 2019 Thomas Wolf <thomas.wolf@paranor.ch> and others

  3.  *

  4.  * This program and the accompanying materials are made available under the

  5.  * terms of the Eclipse Distribution License v. 1.0 which is available at

  6.  * https://www.eclipse.org/org/documents/edl-v10.php.

  7.  *

  8.  * SPDX-License-Identifier: BSD-3-Clause

  9.  */

  10. package org.eclipse.jgit.transport.sshd;

  11. 

  12. import java.net.InetSocketAddress;

  13. import java.security.PublicKey;

  14. import java.util.List;

  15. 

  16. import org.eclipse.jgit.annotations.NonNull;

  17. import org.eclipse.jgit.transport.CredentialsProvider;

  18. 

  19. /**

  20.  * An interface for a database of known server keys, supporting finding all

  21.  * known keys and also deciding whether a server key is to be accepted.

  22.  * <p>

  23.  * Connection addresses are given as strings of the format

  24.  * {@code [hostName]:port} if using a non-standard port (i.e., not port 22),

  25.  * otherwise just {@code hostname}.

  26.  * </p>

  27.  *

  28.  * @since 5.5

  29.  */

  30. public interface ServerKeyDatabase {

  31. 

  32. 	/**

  33. 	 * Retrieves all known host keys for the given addresses.

  34. 	 *

  35. 	 * @param connectAddress

  36. 	 *            IP address the session tried to connect to

  37. 	 * @param remoteAddress

  38. 	 *            IP address as reported for the remote end point

  39. 	 * @param config

  40. 	 *            giving access to potentially interesting configuration

  41. 	 *            settings

  42. 	 * @return the list of known keys for the given addresses

  43. 	 */

  44. 	@NonNull

  45. 	List<PublicKey> lookup(@NonNull String connectAddress,

  46. 			@NonNull InetSocketAddress remoteAddress,

  47. 			@NonNull Configuration config);

  48. 

  49. 	/**

  50. 	 * Determines whether to accept a received server host key.

  51. 	 *

  52. 	 * @param connectAddress

  53. 	 *            IP address the session tried to connect to

  54. 	 * @param remoteAddress

  55. 	 *            IP address as reported for the remote end point

  56. 	 * @param serverKey

  57. 	 *            received from the remote end

  58. 	 * @param config

  59. 	 *            giving access to potentially interesting configuration

  60. 	 *            settings

  61. 	 * @param provider

  62. 	 *            for interacting with the user, if required; may be

  63. 	 *            {@code null}

  64. 	 * @return {@code true} if the serverKey is accepted, {@code false}

  65. 	 *         otherwise

  66. 	 */

  67. 	boolean accept(@NonNull String connectAddress,

  68. 			@NonNull InetSocketAddress remoteAddress,

  69. 			@NonNull PublicKey serverKey,

  70. 			@NonNull Configuration config, CredentialsProvider provider);

  71. 

  72. 	/**

  73. 	 * A simple provider for ssh config settings related to host key checking.

  74. 	 * An instance is created by the JGit sshd framework and passed into

  75. 	 * {@link ServerKeyDatabase#lookup(String, InetSocketAddress, Configuration)}

  76. 	 * and

  77. 	 * {@link ServerKeyDatabase#accept(String, InetSocketAddress, PublicKey, Configuration, CredentialsProvider)}.

  78. 	 */

  79. 	interface Configuration {

  80. 

  81. 		/**

  82. 		 * Retrieves the list of file names from the "UserKnownHostsFile" ssh

  83. 		 * config.

  84. 		 *

  85. 		 * @return the list as configured, with ~ already replaced

  86. 		 */

  87. 		List<String> getUserKnownHostsFiles();

  88. 

  89. 		/**

  90. 		 * Retrieves the list of file names from the "GlobalKnownHostsFile" ssh

  91. 		 * config.

  92. 		 *

  93. 		 * @return the list as configured, with ~ already replaced

  94. 		 */

  95. 		List<String> getGlobalKnownHostsFiles();

  96. 

  97. 		/**

  98. 		 * The possible values for the "StrictHostKeyChecking" ssh config.

  99. 		 */

  100. 		enum StrictHostKeyChecking {

  101. 			/**

  102. 			 * "ask"; default: ask the user whether to accept (and store) a new

  103. 			 * or mismatched key.

  104. 			 */

  105. 			ASK,

  106. 			/**

  107. 			 * "yes", "on": never accept new or mismatched keys.

  108. 			 */

  109. 			REQUIRE_MATCH,

  110. 			/**

  111. 			 * "no", "off": always accept new or mismatched keys.

  112. 			 */

  113. 			ACCEPT_ANY,

  114. 			/**

  115. 			 * "accept-new": accept new keys, but never accept modified keys.

  116. 			 */

  117. 			ACCEPT_NEW

  118. 		}

  119. 

  120. 		/**

  121. 		 * Obtains the value of the "StrictHostKeyChecking" ssh config.

  122. 		 *

  123. 		 * @return the {@link StrictHostKeyChecking}

  124. 		 */

  125. 		@NonNull

  126. 		StrictHostKeyChecking getStrictHostKeyChecking();

  127. 

  128. 		/**

  129. 		 * Obtains the value of the "HashKnownHosts" ssh config.

  130. 		 *

  131. 		 * @return {@code true} if new entries should be stored with hashed host

  132. 		 *         information, {@code false} otherwise

  133. 		 */

  134. 		boolean getHashKnownHosts();

  135. 

  136. 		/**

  137. 		 * Obtains the user name used in the connection attempt.

  138. 		 *

  139. 		 * @return the user name

  140. 		 */

  141. 		@NonNull

  142. 		String getUsername();

  143. 	}

  144. }