org.apache.sshd.common.config.keys.PrivateKeyEntryDecoder Maven / Gradle / Ivy
The newest version!
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.sshd.common.config.keys;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.StreamCorruptedException;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.util.Collection;
import java.util.Objects;
import org.apache.sshd.common.config.keys.loader.KeyPairResourceLoader;
import org.apache.sshd.common.session.SessionContext;
import org.apache.sshd.common.util.GenericUtils;
import org.apache.sshd.common.util.NumberUtils;
import org.apache.sshd.common.util.ValidateUtils;
import org.apache.sshd.common.util.io.output.SecureByteArrayOutputStream;
/**
* @param Type of {@link PublicKey}
* @param Type of {@link PrivateKey}
* @author Apache MINA SSHD Project
*/
public interface PrivateKeyEntryDecoder
extends KeyEntryResolver, PrivateKeyEntryResolver {
@Override
default PrivateKey resolve(
SessionContext session, String keyType, byte[] keyData)
throws IOException, GeneralSecurityException {
ValidateUtils.checkNotNullAndNotEmpty(keyType, "No key type provided");
Collection supported = getSupportedKeyTypes();
if ((GenericUtils.size(supported) > 0) && supported.contains(keyType)) {
return decodePrivateKey(session, FilePasswordProvider.EMPTY, keyData);
}
throw new InvalidKeySpecException("resolve(" + keyType + ") not in listed supported types: " + supported);
}
/**
* @param session The {@link SessionContext} for invoking this load command - may be {@code null}
* if not invoked within a session context (e.g., offline tool or session unknown).
* @param passwordProvider The {@link FilePasswordProvider} to use in case the data is encrypted - may be
* {@code null} if no encrypted data is expected
* @param keyData The key data bytes in {@code OpenSSH} format (after BASE64 decoding) - ignored
* if {@code null}/empty
* @return The decoded {@link PrivateKey} - or {@code null} if no data
* @throws IOException If failed to decode the key
* @throws GeneralSecurityException If failed to generate the key
*/
default PRV decodePrivateKey(
SessionContext session, FilePasswordProvider passwordProvider, byte... keyData)
throws IOException, GeneralSecurityException {
return decodePrivateKey(session, passwordProvider, keyData, 0, NumberUtils.length(keyData));
}
default PRV decodePrivateKey(
SessionContext session, FilePasswordProvider passwordProvider, byte[] keyData, int offset, int length)
throws IOException, GeneralSecurityException {
if (length <= 0) {
return null;
}
try (InputStream stream = new ByteArrayInputStream(keyData, offset, length)) {
return decodePrivateKey(session, passwordProvider, stream);
}
}
default PRV decodePrivateKey(
SessionContext session, FilePasswordProvider passwordProvider, InputStream keyData)
throws IOException, GeneralSecurityException {
// the actual data is preceded by a string that repeats the key type
String type = KeyEntryResolver.decodeString(keyData, KeyPairResourceLoader.MAX_KEY_TYPE_NAME_LENGTH);
if (GenericUtils.isEmpty(type)) {
throw new StreamCorruptedException("Missing key type string");
}
Collection supported = getSupportedKeyTypes();
if (GenericUtils.isEmpty(supported) || (!supported.contains(type))) {
throw new InvalidKeySpecException("Reported key type (" + type + ") not in supported list: " + supported);
}
return decodePrivateKey(session, type, passwordProvider, keyData);
}
/**
* @param session The {@link SessionContext} for invoking this load command - may be {@code null}
* if not invoked within a session context (e.g., offline tool or session unknown).
* @param keyType The reported / encode key type
* @param passwordProvider The {@link FilePasswordProvider} to use in case the data is encrypted - may be
* {@code null} if no encrypted data is expected
* @param keyData The key data bytes stream positioned after the key type decoding and making sure
* it is one of the supported types
* @return The decoded {@link PrivateKey}
* @throws IOException If failed to read from the data stream
* @throws GeneralSecurityException If failed to generate the key
*/
PRV decodePrivateKey(
SessionContext session, String keyType, FilePasswordProvider passwordProvider, InputStream keyData)
throws IOException, GeneralSecurityException;
/**
* Encodes the {@link PrivateKey} using the {@code OpenSSH} format - same one used by the {@code decodePublicKey}
* method(s)
*
* @param s The {@link SecureByteArrayOutputStream} to write the data to.
* @param key The {@link PrivateKey} - may not be {@code null}
* @param pubKey The {@link PublicKey} belonging to the private key - must be non-{@code null} if
* {@link #isPublicKeyRecoverySupported() public key recovery} is not supported
* @return The key type value - one of the {@link #getSupportedKeyTypes()} or {@code null} if encoding
* not supported
* @throws IOException If failed to generate the encoding
*/
default String encodePrivateKey(SecureByteArrayOutputStream s, PRV key, PUB pubKey) throws IOException {
Objects.requireNonNull(key, "No private key provided");
return null;
}
default boolean isPublicKeyRecoverySupported() {
return false;
}
/**
* Attempts to recover the public key given the private one
*
* @param prvKey The {@link PrivateKey}
* @return The recovered {@link PublicKey} - {@code null} if cannot recover it
* @throws GeneralSecurityException If failed to generate the public key
*/
default PUB recoverPublicKey(PRV prvKey) throws GeneralSecurityException {
return null;
}
}