mirrors
/
jgit
mirror of https://github.com/eclipse/jgit.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 204 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8270 Commits
49 Branches
Tree: fd3edc7bfc
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'fd3edc7bfc'
${ noResults }
jgit/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPublicKeyAuthentication...

JGitPublicKeyAuthentication.java 4.2KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133 
  1. /*

  2.  * Copyright (C) 2018, 2021 Thomas Wolf <thomas.wolf@paranor.ch> and others

  3.  *

  4.  * This program and the accompanying materials are made available under the

  5.  * terms of the Eclipse Distribution License v. 1.0 which is available at

  6.  * https://www.eclipse.org/org/documents/edl-v10.php.

  7.  *

  8.  * SPDX-License-Identifier: BSD-3-Clause

  9.  */

  10. package org.eclipse.jgit.internal.transport.sshd;

  11. 

  12. import java.io.IOException;

  13. import java.security.PublicKey;

  14. import java.util.HashSet;

  15. import java.util.LinkedList;

  16. import java.util.List;

  17. import java.util.Set;

  18. 

  19. import org.apache.sshd.client.auth.pubkey.UserAuthPublicKey;

  20. import org.apache.sshd.client.session.ClientSession;

  21. import org.apache.sshd.common.NamedFactory;

  22. import org.apache.sshd.common.RuntimeSshException;

  23. import org.apache.sshd.common.SshConstants;

  24. import org.apache.sshd.common.config.keys.KeyUtils;

  25. import org.apache.sshd.common.signature.Signature;

  26. import org.apache.sshd.common.signature.SignatureFactoriesHolder;

  27. import org.apache.sshd.common.util.buffer.Buffer;

  28. 

  29. /**

  30.  * Custom {@link UserAuthPublicKey} implementation fixing SSHD-1105: if there

  31.  * are several signature algorithms applicable for a public key type, we must

  32.  * try them all, in the correct order.

  33.  *

  34.  * @see <a href="https://issues.apache.org/jira/browse/SSHD-1105">SSHD-1105</a>

  35.  * @see <a href="https://bugs.eclipse.org/bugs/show_bug.cgi?id=572056">Bug

  36.  *      572056</a>

  37.  */

  38. public class JGitPublicKeyAuthentication extends UserAuthPublicKey {

  39. 

  40. 	private final List<String> algorithms = new LinkedList<>();

  41. 

  42. 	JGitPublicKeyAuthentication(List<NamedFactory<Signature>> factories) {

  43. 		super(factories);

  44. 	}

  45. 

  46. 	@Override

  47. 	protected boolean sendAuthDataRequest(ClientSession session, String service)

  48. 			throws Exception {

  49. 		if (current == null) {

  50. 			algorithms.clear();

  51. 		}

  52. 		String currentAlgorithm = null;

  53. 		if (current != null && !algorithms.isEmpty()) {

  54. 			currentAlgorithm = algorithms.remove(0);

  55. 		}

  56. 		if (currentAlgorithm == null) {

  57. 			try {

  58. 				if (keys == null || !keys.hasNext()) {

  59. 					if (log.isDebugEnabled()) {

  60. 						log.debug(

  61. 								"sendAuthDataRequest({})[{}] no more keys to send", //$NON-NLS-1$

  62. 								session, service);

  63. 					}

  64. 					return false;

  65. 				}

  66. 				current = keys.next();

  67. 				algorithms.clear();

  68. 			} catch (Error e) { // Copied from superclass

  69. 				warn("sendAuthDataRequest({})[{}] failed ({}) to get next key: {}", //$NON-NLS-1$

  70. 						session, service, e.getClass().getSimpleName(),

  71. 						e.getMessage(), e);

  72. 				throw new RuntimeSshException(e);

  73. 			}

  74. 		}

  75. 		PublicKey key;

  76. 		try {

  77. 			key = current.getPublicKey();

  78. 		} catch (Error e) { // Copied from superclass

  79. 			warn("sendAuthDataRequest({})[{}] failed ({}) to retrieve public key: {}", //$NON-NLS-1$

  80. 					session, service, e.getClass().getSimpleName(),

  81. 					e.getMessage(), e);

  82. 			throw new RuntimeSshException(e);

  83. 		}

  84. 		if (currentAlgorithm == null) {

  85. 			String keyType = KeyUtils.getKeyType(key);

  86. 			Set<String> aliases = new HashSet<>(

  87. 					KeyUtils.getAllEquivalentKeyTypes(keyType));

  88. 			aliases.add(keyType);

  89. 			List<NamedFactory<Signature>> existingFactories;

  90. 			if (current instanceof SignatureFactoriesHolder) {

  91. 				existingFactories = ((SignatureFactoriesHolder) current)

  92. 						.getSignatureFactories();

  93. 			} else {

  94. 				existingFactories = getSignatureFactories();

  95. 			}

  96. 			if (existingFactories != null) {

  97. 				// Select the factories by name and in order

  98. 				existingFactories.forEach(f -> {

  99. 					if (aliases.contains(f.getName())) {

  100. 						algorithms.add(f.getName());

  101. 					}

  102. 				});

  103. 			}

  104. 			currentAlgorithm = algorithms.isEmpty() ? keyType

  105. 					: algorithms.remove(0);

  106. 		}

  107. 		String name = getName();

  108. 		if (log.isDebugEnabled()) {

  109. 			log.debug(

  110. 					"sendAuthDataRequest({})[{}] send SSH_MSG_USERAUTH_REQUEST request {} type={} - fingerprint={}", //$NON-NLS-1$

  111. 					session, service, name, currentAlgorithm,

  112. 					KeyUtils.getFingerPrint(key));

  113. 		}

  114. 

  115. 		Buffer buffer = session

  116. 				.createBuffer(SshConstants.SSH_MSG_USERAUTH_REQUEST);

  117. 		buffer.putString(session.getUsername());

  118. 		buffer.putString(service);

  119. 		buffer.putString(name);

  120. 		buffer.putBoolean(false);

  121. 		buffer.putString(currentAlgorithm);

  122. 		buffer.putPublicKey(key);

  123. 		session.writePacket(buffer);

  124. 		return true;

  125. 	}

  126. 

  127. 	@Override

  128. 	protected void releaseKeys() throws IOException {

  129. 		algorithms.clear();

  130. 		current = null;

  131. 		super.releaseKeys();

  132. 	}

  133. }