mirrors
/
jgit
mirror of https://github.com/eclipse/jgit.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 204 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7460 Commits
49 Branches
Tree: 98cdca9b5a
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '98cdca9b5a'
${ noResults }
jgit/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshClient.java

JGitSshClient.java 15KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446 
  1. /*

  2.  * Copyright (C) 2018, Thomas Wolf <thomas.wolf@paranor.ch>

  3.  * and other copyright owners as documented in the project's IP log.

  4.  *

  5.  * This program and the accompanying materials are made available

  6.  * under the terms of the Eclipse Distribution License v1.0 which

  7.  * accompanies this distribution, is reproduced below, and is

  8.  * available at http://www.eclipse.org/org/documents/edl-v10.php

  9.  *

  10.  * All rights reserved.

  11.  *

  12.  * Redistribution and use in source and binary forms, with or

  13.  * without modification, are permitted provided that the following

  14.  * conditions are met:

  15.  *

  16.  * - Redistributions of source code must retain the above copyright

  17.  *   notice, this list of conditions and the following disclaimer.

  18.  *

  19.  * - Redistributions in binary form must reproduce the above

  20.  *   copyright notice, this list of conditions and the following

  21.  *   disclaimer in the documentation and/or other materials provided

  22.  *   with the distribution.

  23.  *

  24.  * - Neither the name of the Eclipse Foundation, Inc. nor the

  25.  *   names of its contributors may be used to endorse or promote

  26.  *   products derived from this software without specific prior

  27.  *   written permission.

  28.  *

  29.  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND

  30.  * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,

  31.  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES

  32.  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  33.  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR

  34.  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  35.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  36.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  37.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER

  38.  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  39.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  40.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF

  41.  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

  42.  */

  43. package org.eclipse.jgit.internal.transport.sshd;

  44. 

  45. import static java.text.MessageFormat.format;

  46. import static org.eclipse.jgit.internal.transport.ssh.OpenSshConfigFile.positive;

  47. 

  48. import java.io.IOException;

  49. import java.net.InetSocketAddress;

  50. import java.net.Proxy;

  51. import java.net.SocketAddress;

  52. import java.nio.file.Files;

  53. import java.nio.file.InvalidPathException;

  54. import java.nio.file.Path;

  55. import java.nio.file.Paths;

  56. import java.security.GeneralSecurityException;

  57. import java.security.KeyPair;

  58. import java.util.Arrays;

  59. import java.util.Iterator;

  60. import java.util.List;

  61. import java.util.NoSuchElementException;

  62. import java.util.Objects;

  63. import java.util.stream.Collectors;

  64. 

  65. import org.apache.sshd.client.SshClient;

  66. import org.apache.sshd.client.config.hosts.HostConfigEntry;

  67. import org.apache.sshd.client.future.ConnectFuture;

  68. import org.apache.sshd.client.future.DefaultConnectFuture;

  69. import org.apache.sshd.client.session.ClientSessionImpl;

  70. import org.apache.sshd.client.session.SessionFactory;

  71. import org.apache.sshd.common.AttributeRepository;

  72. import org.apache.sshd.common.config.keys.FilePasswordProvider;

  73. import org.apache.sshd.common.future.SshFutureListener;

  74. import org.apache.sshd.common.io.IoConnectFuture;

  75. import org.apache.sshd.common.io.IoSession;

  76. import org.apache.sshd.common.keyprovider.AbstractResourceKeyPairProvider;

  77. import org.apache.sshd.common.keyprovider.KeyIdentityProvider;

  78. import org.apache.sshd.common.session.SessionContext;

  79. import org.apache.sshd.common.session.helpers.AbstractSession;

  80. import org.apache.sshd.common.util.ValidateUtils;

  81. import org.eclipse.jgit.internal.transport.sshd.proxy.HttpClientConnector;

  82. import org.eclipse.jgit.internal.transport.sshd.proxy.Socks5ClientConnector;

  83. import org.eclipse.jgit.transport.CredentialsProvider;

  84. import org.eclipse.jgit.transport.SshConstants;

  85. import org.eclipse.jgit.transport.sshd.KeyCache;

  86. import org.eclipse.jgit.transport.sshd.ProxyData;

  87. import org.eclipse.jgit.transport.sshd.ProxyDataFactory;

  88. 

  89. /**

  90.  * Customized {@link SshClient} for JGit. It creates specialized

  91.  * {@link JGitClientSession}s that know about the {@link HostConfigEntry} they

  92.  * were created for, and it loads all KeyPair identities lazily.

  93.  */

  94. public class JGitSshClient extends SshClient {

  95. 

  96. 	/**

  97. 	 * We need access to this during the constructor of the ClientSession,

  98. 	 * before setConnectAddress() can have been called. So we have to remember

  99. 	 * it in an attribute on the SshClient, from where we can then retrieve it.

  100. 	 */

  101. 	static final AttributeKey<HostConfigEntry> HOST_CONFIG_ENTRY = new AttributeKey<>();

  102. 

  103. 	static final AttributeKey<InetSocketAddress> ORIGINAL_REMOTE_ADDRESS = new AttributeKey<>();

  104. 

  105. 	/**

  106. 	 * An attribute key for the comma-separated list of default preferred

  107. 	 * authentication mechanisms.

  108. 	 */

  109. 	public static final AttributeKey<String> PREFERRED_AUTHENTICATIONS = new AttributeKey<>();

  110. 

  111. 	private KeyCache keyCache;

  112. 

  113. 	private CredentialsProvider credentialsProvider;

  114. 

  115. 	private ProxyDataFactory proxyDatabase;

  116. 

  117. 	@Override

  118. 	protected SessionFactory createSessionFactory() {

  119. 		// Override the parent's default

  120. 		return new JGitSessionFactory(this);

  121. 	}

  122. 

  123. 	@Override

  124. 	public ConnectFuture connect(HostConfigEntry hostConfig,

  125. 			AttributeRepository context, SocketAddress localAddress)

  126. 			throws IOException {

  127. 		if (connector == null) {

  128. 			throw new IllegalStateException("SshClient not started."); //$NON-NLS-1$

  129. 		}

  130. 		Objects.requireNonNull(hostConfig, "No host configuration"); //$NON-NLS-1$

  131. 		String host = ValidateUtils.checkNotNullAndNotEmpty(

  132. 				hostConfig.getHostName(), "No target host"); //$NON-NLS-1$

  133. 		int port = hostConfig.getPort();

  134. 		ValidateUtils.checkTrue(port > 0, "Invalid port: %d", port); //$NON-NLS-1$

  135. 		String userName = hostConfig.getUsername();

  136. 		InetSocketAddress address = new InetSocketAddress(host, port);

  137. 		ConnectFuture connectFuture = new DefaultConnectFuture(

  138. 				userName + '@' + address, null);

  139. 		SshFutureListener<IoConnectFuture> listener = createConnectCompletionListener(

  140. 				connectFuture, userName, address, hostConfig);

  141. 		// sshd needs some entries from the host config already in the

  142. 		// constructor of the session. Put those as properties on this client,

  143. 		// where it will find them. We can set the host config only once the

  144. 		// session object has been created.

  145. 		copyProperty(

  146. 				hostConfig.getProperty(SshConstants.PREFERRED_AUTHENTICATIONS,

  147. 						getAttribute(PREFERRED_AUTHENTICATIONS)),

  148. 				PREFERRED_AUTHS);

  149. 		setAttribute(HOST_CONFIG_ENTRY, hostConfig);

  150. 		setAttribute(ORIGINAL_REMOTE_ADDRESS, address);

  151. 		// Proxy support

  152. 		ProxyData proxy = getProxyData(address);

  153. 		if (proxy != null) {

  154. 			address = configureProxy(proxy, address);

  155. 			proxy.clearPassword();

  156. 		}

  157. 		connector.connect(address, this, localAddress).addListener(listener);

  158. 		return connectFuture;

  159. 	}

  160. 

  161. 	private void copyProperty(String value, String key) {

  162. 		if (value != null && !value.isEmpty()) {

  163. 			getProperties().put(key, value);

  164. 		}

  165. 	}

  166. 

  167. 	private ProxyData getProxyData(InetSocketAddress remoteAddress) {

  168. 		ProxyDataFactory factory = getProxyDatabase();

  169. 		return factory == null ? null : factory.get(remoteAddress);

  170. 	}

  171. 

  172. 	private InetSocketAddress configureProxy(ProxyData proxyData,

  173. 			InetSocketAddress remoteAddress) {

  174. 		Proxy proxy = proxyData.getProxy();

  175. 		if (proxy.type() == Proxy.Type.DIRECT

  176. 				|| !(proxy.address() instanceof InetSocketAddress)) {

  177. 			return remoteAddress;

  178. 		}

  179. 		InetSocketAddress address = (InetSocketAddress) proxy.address();

  180. 		if (address.isUnresolved()) {

  181. 			address = new InetSocketAddress(address.getHostName(),

  182. 					address.getPort());

  183. 		}

  184. 		switch (proxy.type()) {

  185. 		case HTTP:

  186. 			setClientProxyConnector(

  187. 					new HttpClientConnector(address, remoteAddress,

  188. 							proxyData.getUser(), proxyData.getPassword()));

  189. 			return address;

  190. 		case SOCKS:

  191. 			setClientProxyConnector(

  192. 					new Socks5ClientConnector(address, remoteAddress,

  193. 							proxyData.getUser(), proxyData.getPassword()));

  194. 			return address;

  195. 		default:

  196. 			log.warn(format(SshdText.get().unknownProxyProtocol,

  197. 					proxy.type().name()));

  198. 			return remoteAddress;

  199. 		}

  200. 	}

  201. 

  202. 	private SshFutureListener<IoConnectFuture> createConnectCompletionListener(

  203. 			ConnectFuture connectFuture, String username,

  204. 			InetSocketAddress address, HostConfigEntry hostConfig) {

  205. 		return new SshFutureListener<IoConnectFuture>() {

  206. 

  207. 			@Override

  208. 			public void operationComplete(IoConnectFuture future) {

  209. 				if (future.isCanceled()) {

  210. 					connectFuture.cancel();

  211. 					return;

  212. 				}

  213. 				Throwable t = future.getException();

  214. 				if (t != null) {

  215. 					connectFuture.setException(t);

  216. 					return;

  217. 				}

  218. 				IoSession ioSession = future.getSession();

  219. 				try {

  220. 					JGitClientSession session = createSession(ioSession,

  221. 							username, address, hostConfig);

  222. 					connectFuture.setSession(session);

  223. 				} catch (RuntimeException e) {

  224. 					connectFuture.setException(e);

  225. 					ioSession.close(true);

  226. 				}

  227. 			}

  228. 

  229. 			@Override

  230. 			public String toString() {

  231. 				return "JGitSshClient$ConnectCompletionListener[" + username //$NON-NLS-1$

  232. 						+ '@' + address + ']';

  233. 			}

  234. 		};

  235. 	}

  236. 

  237. 	private JGitClientSession createSession(IoSession ioSession,

  238. 			String username, InetSocketAddress address,

  239. 			HostConfigEntry hostConfig) {

  240. 		AbstractSession rawSession = AbstractSession.getSession(ioSession);

  241. 		if (!(rawSession instanceof JGitClientSession)) {

  242. 			throw new IllegalStateException("Wrong session type: " //$NON-NLS-1$

  243. 					+ rawSession.getClass().getCanonicalName());

  244. 		}

  245. 		JGitClientSession session = (JGitClientSession) rawSession;

  246. 		session.setUsername(username);

  247. 		session.setConnectAddress(address);

  248. 		session.setHostConfigEntry(hostConfig);

  249. 		if (session.getCredentialsProvider() == null) {

  250. 			session.setCredentialsProvider(getCredentialsProvider());

  251. 		}

  252. 		int numberOfPasswordPrompts = getNumberOfPasswordPrompts(hostConfig);

  253. 		session.getProperties().put(PASSWORD_PROMPTS,

  254. 				Integer.valueOf(numberOfPasswordPrompts));

  255. 		FilePasswordProvider passwordProvider = getFilePasswordProvider();

  256. 		if (passwordProvider instanceof RepeatingFilePasswordProvider) {

  257. 			((RepeatingFilePasswordProvider) passwordProvider)

  258. 					.setAttempts(numberOfPasswordPrompts);

  259. 		}

  260. 		List<Path> identities = hostConfig.getIdentities().stream()

  261. 				.map(s -> {

  262. 					try {

  263. 						return Paths.get(s);

  264. 					} catch (InvalidPathException e) {

  265. 						log.warn(format(SshdText.get().configInvalidPath,

  266. 								SshConstants.IDENTITY_FILE, s), e);

  267. 						return null;

  268. 					}

  269. 				}).filter(p -> p != null && Files.exists(p))

  270. 				.collect(Collectors.toList());

  271. 		CachingKeyPairProvider ourConfiguredKeysProvider = new CachingKeyPairProvider(

  272. 				identities, keyCache);

  273. 		ourConfiguredKeysProvider.setPasswordFinder(passwordProvider);

  274. 		if (hostConfig.isIdentitiesOnly()) {

  275. 			session.setKeyIdentityProvider(ourConfiguredKeysProvider);

  276. 		} else {

  277. 			KeyIdentityProvider defaultKeysProvider = getKeyIdentityProvider();

  278. 			if (defaultKeysProvider instanceof AbstractResourceKeyPairProvider<?>) {

  279. 				((AbstractResourceKeyPairProvider<?>) defaultKeysProvider)

  280. 						.setPasswordFinder(passwordProvider);

  281. 			}

  282. 			KeyIdentityProvider combinedProvider = new CombinedKeyIdentityProvider(

  283. 					ourConfiguredKeysProvider, defaultKeysProvider);

  284. 			session.setKeyIdentityProvider(combinedProvider);

  285. 		}

  286. 		return session;

  287. 	}

  288. 

  289. 	private int getNumberOfPasswordPrompts(HostConfigEntry hostConfig) {

  290. 		String prompts = hostConfig

  291. 				.getProperty(SshConstants.NUMBER_OF_PASSWORD_PROMPTS);

  292. 		if (prompts != null) {

  293. 			prompts = prompts.trim();

  294. 			int value = positive(prompts);

  295. 			if (value > 0) {

  296. 				return value;

  297. 			}

  298. 			log.warn(format(SshdText.get().configInvalidPositive,

  299. 					SshConstants.NUMBER_OF_PASSWORD_PROMPTS, prompts));

  300. 		}

  301. 		// Default for NumberOfPasswordPrompts according to

  302. 		// https://man.openbsd.org/ssh_config

  303. 		return 3;

  304. 	}

  305. 

  306. 	/**

  307. 	 * Set a cache for loaded keys. Newly discovered keys will be added when

  308. 	 * IdentityFile host entries from the ssh config file are used during

  309. 	 * session authentication.

  310. 	 *

  311. 	 * @param cache

  312. 	 *            to use

  313. 	 */

  314. 	public void setKeyCache(KeyCache cache) {

  315. 		keyCache = cache;

  316. 	}

  317. 

  318. 	/**

  319. 	 * Sets a {@link ProxyDataFactory} for connecting through proxies.

  320. 	 *

  321. 	 * @param factory

  322. 	 *            to use, or {@code null} if proxying is not desired or

  323. 	 *            supported

  324. 	 */

  325. 	public void setProxyDatabase(ProxyDataFactory factory) {

  326. 		proxyDatabase = factory;

  327. 	}

  328. 

  329. 	/**

  330. 	 * Retrieves the {@link ProxyDataFactory}.

  331. 	 *

  332. 	 * @return the factory, or {@code null} if none is set

  333. 	 */

  334. 	protected ProxyDataFactory getProxyDatabase() {

  335. 		return proxyDatabase;

  336. 	}

  337. 

  338. 	/**

  339. 	 * Sets the {@link CredentialsProvider} for this client.

  340. 	 *

  341. 	 * @param provider

  342. 	 *            to set

  343. 	 */

  344. 	public void setCredentialsProvider(CredentialsProvider provider) {

  345. 		credentialsProvider = provider;

  346. 	}

  347. 

  348. 	/**

  349. 	 * Retrieves the {@link CredentialsProvider} set for this client.

  350. 	 *

  351. 	 * @return the provider, or {@code null} if none is set.

  352. 	 */

  353. 	public CredentialsProvider getCredentialsProvider() {

  354. 		return credentialsProvider;

  355. 	}

  356. 

  357. 	/**

  358. 	 * A {@link SessionFactory} to create our own specialized

  359. 	 * {@link JGitClientSession}s.

  360. 	 */

  361. 	private static class JGitSessionFactory extends SessionFactory {

  362. 

  363. 		public JGitSessionFactory(JGitSshClient client) {

  364. 			super(client);

  365. 		}

  366. 

  367. 		@Override

  368. 		protected ClientSessionImpl doCreateSession(IoSession ioSession)

  369. 				throws Exception {

  370. 			return new JGitClientSession(getClient(), ioSession);

  371. 		}

  372. 	}

  373. 

  374. 	/**

  375. 	 * A {@link KeyIdentityProvider} that iterates over the {@link Iterable}s

  376. 	 * returned by other {@link KeyIdentityProvider}s.

  377. 	 */

  378. 	private static class CombinedKeyIdentityProvider

  379. 			implements KeyIdentityProvider {

  380. 

  381. 		private final List<KeyIdentityProvider> providers;

  382. 

  383. 		public CombinedKeyIdentityProvider(KeyIdentityProvider... providers) {

  384. 			this(Arrays.stream(providers).filter(Objects::nonNull)

  385. 					.collect(Collectors.toList()));

  386. 		}

  387. 

  388. 		public CombinedKeyIdentityProvider(

  389. 				List<KeyIdentityProvider> providers) {

  390. 			this.providers = providers;

  391. 		}

  392. 

  393. 		@Override

  394. 		public Iterable<KeyPair> loadKeys(SessionContext context) {

  395. 			return () -> new Iterator<KeyPair>() {

  396. 

  397. 				private Iterator<KeyIdentityProvider> factories = providers

  398. 						.iterator();

  399. 				private Iterator<KeyPair> current;

  400. 

  401. 				private Boolean hasElement;

  402. 

  403. 				@Override

  404. 				public boolean hasNext() {

  405. 					if (hasElement != null) {

  406. 						return hasElement.booleanValue();

  407. 					}

  408. 					while (current == null || !current.hasNext()) {

  409. 						if (factories.hasNext()) {

  410. 							try {

  411. 								current = factories.next().loadKeys(context)

  412. 										.iterator();

  413. 							} catch (IOException | GeneralSecurityException e) {

  414. 								throw new RuntimeException(e);

  415. 							}

  416. 						} else {

  417. 							current = null;

  418. 							hasElement = Boolean.FALSE;

  419. 							return false;

  420. 						}

  421. 					}

  422. 					hasElement = Boolean.TRUE;

  423. 					return true;

  424. 				}

  425. 

  426. 				@Override

  427. 				public KeyPair next() {

  428. 					if (hasElement == null && !hasNext()

  429. 							|| !hasElement.booleanValue()) {

  430. 						throw new NoSuchElementException();

  431. 					}

  432. 					hasElement = null;

  433. 					KeyPair result;

  434. 					try {

  435. 						result = current.next();

  436. 					} catch (NoSuchElementException e) {

  437. 						result = null;

  438. 					}

  439. 					return result;

  440. 				}

  441. 

  442. 			};

  443. 		}

  444. 

  445. 	}

  446. }