All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.apache.sshd.client.config.keys.ClientIdentity Maven / Gradle / Ivy

There is a newer version: 2.14.0
Show newest version
/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

package org.apache.sshd.client.config.keys;

import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.util.Collection;
import java.util.Collections;
import java.util.Map;
import java.util.TreeMap;
import java.util.function.Function;

import org.apache.sshd.common.NamedResource;
import org.apache.sshd.common.config.keys.BuiltinIdentities;
import org.apache.sshd.common.config.keys.FilePasswordProvider;
import org.apache.sshd.common.config.keys.IdentityUtils;
import org.apache.sshd.common.config.keys.KeyUtils;
import org.apache.sshd.common.config.keys.PublicKeyEntry;
import org.apache.sshd.common.keyprovider.KeyPairProvider;
import org.apache.sshd.common.session.SessionContext;
import org.apache.sshd.common.util.GenericUtils;
import org.apache.sshd.common.util.ValidateUtils;
import org.apache.sshd.common.util.io.FileInfoExtractor;
import org.apache.sshd.common.util.io.IoUtils;

/**
 * Provides keys loading capability from the user's keys folder - e.g., {@code id_rsa}
 *
 * @author Apache MINA SSHD Project
 * @see    org.apache.sshd.common.util.security.SecurityUtils#getKeyPairResourceParser()
 */
public final class ClientIdentity {

    public static final String ID_FILE_PREFIX = "id_";

    public static final String ID_FILE_SUFFIX = "";

    public static final Function ID_GENERATOR = ClientIdentity::getIdentityFileName;

    private ClientIdentity() {
        throw new UnsupportedOperationException("No instance");
    }

    /**
     * @param  name The file name - ignored if {@code null}/empty
     * @return      The identity type - {@code null} if cannot determine it - e.g., does not start with the
     *              {@link #ID_FILE_PREFIX}
     */
    public static String getIdentityType(String name) {
        if (GenericUtils.isEmpty(name)
                || (name.length() <= ID_FILE_PREFIX.length())
                || (!name.startsWith(ID_FILE_PREFIX))) {
            return null;
        } else {
            return name.substring(ID_FILE_PREFIX.length());
        }
    }

    public static String getIdentityFileName(NamedResource r) {
        return getIdentityFileName((r == null) ? null : r.getName());
    }

    /**
     * @param  type The identity type - e.g., {@code rsa} - ignored if {@code null}/empty
     * @return      The matching file name for the identity - {@code null} if no name
     * @see         #ID_FILE_PREFIX
     * @see         #ID_FILE_SUFFIX
     * @see         IdentityUtils#getIdentityFileName(String, String, String)
     */
    public static String getIdentityFileName(String type) {
        return IdentityUtils.getIdentityFileName(ID_FILE_PREFIX, type, ID_FILE_SUFFIX);
    }

    /**
     * @param  strict                   If {@code true} then files that do not have the required access rights are
     *                                  excluded from consideration
     * @param  supportedOnly            If {@code true} then ignore identities that are not supported internally
     * @param  provider                 A {@link FilePasswordProvider} - may be {@code null} if the loaded keys are
     *                                  guaranteed not to be encrypted. The argument to
     *                                  {@code FilePasswordProvider#getPassword} is the path of the file whose key is to
     *                                  be loaded
     * @param  options                  The {@link LinkOption}s to apply when checking for existence
     * @return                          A {@link KeyPair} for the identities - {@code null} if no identities available
     *                                  (e.g., after filtering unsupported ones or strict permissions)
     * @throws IOException              If failed to access the file system
     * @throws GeneralSecurityException If failed to load the keys
     * @see                             PublicKeyEntry#getDefaultKeysFolderPath()
     * @see                             #loadDefaultIdentities(Path, boolean, FilePasswordProvider, LinkOption...)
     */
    public static KeyPairProvider loadDefaultKeyPairProvider(
            boolean strict, boolean supportedOnly, FilePasswordProvider provider, LinkOption... options)
            throws IOException, GeneralSecurityException {
        return loadDefaultKeyPairProvider(PublicKeyEntry.getDefaultKeysFolderPath(), strict, supportedOnly, provider, options);
    }

    /**
     * @param  dir                      The folder to scan for the built-in identities
     * @param  strict                   If {@code true} then files that do not have the required access rights are
     *                                  excluded from consideration
     * @param  supportedOnly            If {@code true} then ignore identities that are not supported internally
     * @param  provider                 A {@link FilePasswordProvider} - may be {@code null} if the loaded keys are
     *                                  guaranteed not to be encrypted. The argument to
     *                                  {@code FilePasswordProvider#getPassword} is the path of the file whose key is to
     *                                  be loaded
     * @param  options                  The {@link LinkOption}s to apply when checking for existence
     * @return                          A {@link KeyPair} for the identities - {@code null} if no identities available
     *                                  (e.g., after filtering unsupported ones or strict permissions)
     * @throws IOException              If failed to access the file system
     * @throws GeneralSecurityException If failed to load the keys
     * @see                             #loadDefaultIdentities(Path, boolean, FilePasswordProvider, LinkOption...)
     * @see                             IdentityUtils#createKeyPairProvider(Map, boolean)
     */
    public static KeyPairProvider loadDefaultKeyPairProvider(
            Path dir, boolean strict, boolean supportedOnly, FilePasswordProvider provider, LinkOption... options)
            throws IOException, GeneralSecurityException {
        Map ids = loadDefaultIdentities(dir, strict, provider, options);
        return IdentityUtils.createKeyPairProvider(ids, supportedOnly);
    }

    /**
     * @param  strict                   If {@code true} then files that do not have the required access rights are
     *                                  excluded from consideration
     * @param  provider                 A {@link FilePasswordProvider} - may be {@code null} if the loaded keys are
     *                                  guaranteed not to be encrypted. The argument to
     *                                  {@code FilePasswordProvider#getPassword} is the path of the file whose key is to
     *                                  be loaded
     * @param  options                  The {@link LinkOption}s to apply when checking for existence
     * @return                          A {@link Map} of the found files where key=identity type (case
     *                                  insensitive), value=the {@link KeyPair} of the identity
     * @throws IOException              If failed to access the file system
     * @throws GeneralSecurityException If failed to load the keys
     * @see                             PublicKeyEntry#getDefaultKeysFolderPath()
     * @see                             #loadDefaultIdentities(Path, boolean, FilePasswordProvider, LinkOption...)
     */
    public static Map loadDefaultIdentities(
            boolean strict, FilePasswordProvider provider, LinkOption... options)
            throws IOException, GeneralSecurityException {
        return loadDefaultIdentities(PublicKeyEntry.getDefaultKeysFolderPath(), strict, provider, options);
    }

    /**
     * @param  dir                      The folder to scan for the built-in identities
     * @param  strict                   If {@code true} then files that do not have the required access rights are
     *                                  excluded from consideration
     * @param  provider                 A {@link FilePasswordProvider} - may be {@code null} if the loaded keys are
     *                                  guaranteed not to be encrypted. The argument to
     *                                  {@code FilePasswordProvider#getPassword} is the path of the file whose key is to
     *                                  be loaded
     * @param  options                  The {@link LinkOption}s to apply when checking for existence
     * @return                          A {@link Map} of the found files where key=identity type (case
     *                                  insensitive), value=the {@link KeyPair} of the identity
     * @throws IOException              If failed to access the file system
     * @throws GeneralSecurityException If failed to load the keys
     * @see                             BuiltinIdentities
     */
    public static Map loadDefaultIdentities(
            Path dir, boolean strict, FilePasswordProvider provider, LinkOption... options)
            throws IOException, GeneralSecurityException {
        return loadIdentities(null, dir, strict, BuiltinIdentities.NAMES, ID_GENERATOR, provider, options);
    }

    /**
     * Scans a folder and loads all available identity files
     *
     * @param  session                  The {@link SessionContext} for invoking this load command - may be {@code null}
     *                                  if not invoked within a session context (e.g., offline tool or session unknown).
     * @param  dir                      The {@link Path} of the folder to scan - ignored if not exists
     * @param  strict                   If {@code true} then files that do not have the required access rights are
     *                                  excluded from consideration
     * @param  types                    The identity types - ignored if {@code null}/empty
     * @param  idGenerator              A {@link Function} to derive the file name holding the specified type
     * @param  provider                 A {@link FilePasswordProvider} - may be {@code null} if the loaded keys are
     *                                  guaranteed not to be encrypted. The argument to
     *                                  {@code FilePasswordProvider#getPassword} is the path of the file whose key is to
     *                                  be loaded
     * @param  options                  The {@link LinkOption}s to apply when checking for existence
     * @return                          A {@link Map} of the found files where key=identity type (case
     *                                  insensitive), value=the {@link KeyPair} of the identity
     * @throws IOException              If failed to access the file system
     * @throws GeneralSecurityException If failed to load the keys
     */
    public static Map loadIdentities(
            SessionContext session, Path dir, boolean strict,
            Collection types, Function idGenerator,
            FilePasswordProvider provider, LinkOption... options)
            throws IOException, GeneralSecurityException {
        Map paths = scanIdentitiesFolder(dir, strict, types, idGenerator, options);
        return IdentityUtils.loadIdentities(session, paths, provider, IoUtils.EMPTY_OPEN_OPTIONS);
    }

    /**
     * Scans a folder for possible identity files
     *
     * @param  dir         The {@link Path} of the folder to scan - ignored if not exists
     * @param  strict      If {@code true} then files that do not have the required access rights are excluded from
     *                     consideration
     * @param  types       The identity types - ignored if {@code null}/empty
     * @param  idGenerator A {@link Function} to derive the file name holding the specified type
     * @param  options     The {@link LinkOption}s to apply when checking for existence
     * @return             A {@link Map} of the found files where key=identity type (case insensitive), value=the
     *                     {@link Path} of the file holding the key
     * @throws IOException If failed to access the file system
     * @see                KeyUtils#validateStrictKeyFilePermissions(Path, LinkOption...)
     */
    public static Map scanIdentitiesFolder(
            Path dir, boolean strict, Collection types, Function idGenerator,
            LinkOption... options)
            throws IOException {
        if (GenericUtils.isEmpty(types)) {
            return Collections.emptyMap();
        }

        if (!Files.exists(dir, options)) {
            return Collections.emptyMap();
        }

        ValidateUtils.checkTrue(FileInfoExtractor.ISDIR.infoOf(dir, options), "Not a directory: %s", dir);

        Map paths = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
        for (String t : types) {
            String fileName = idGenerator.apply(t);
            Path p = dir.resolve(fileName);
            if (!Files.exists(p, options)) {
                continue;
            }

            if (strict) {
                if (KeyUtils.validateStrictKeyFilePermissions(p, options) != null) {
                    continue;
                }
            }

            Path prev = paths.put(t, p);
            ValidateUtils.checkTrue(prev == null, "Multiple mappings for type=%s", t);
        }

        return paths;
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy