All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.apache.sshd.common.keyprovider.KeyPairProvider Maven / Gradle / Ivy

There is a newer version: 2.14.0
Show newest version
/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.apache.sshd.common.keyprovider;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.Objects;
import java.util.stream.Collectors;

import org.apache.sshd.common.cipher.ECCurves;
import org.apache.sshd.common.config.keys.KeyUtils;
import org.apache.sshd.common.session.SessionContext;
import org.apache.sshd.common.util.GenericUtils;
import org.apache.sshd.common.util.ValidateUtils;

/**
 * Provider for key pairs. This provider is used on the server side to provide the host key, or on the client side to
 * provide the user key.
 *
 * @author Apache MINA SSHD Project
 */
public interface KeyPairProvider extends KeyIdentityProvider {

    /**
     * SSH identifier for RSA keys
     */
    String SSH_RSA = "ssh-rsa";

    /**
     * SSH identifier for DSA keys
     */
    String SSH_DSS = "ssh-dss";

    /**
     * SSH identifier for ED25519 elliptic curve keys
     */
    String SSH_ED25519 = "ssh-ed25519";

    /**
     * SSH identifier for EC keys in NIST curve P-256
     */
    String ECDSA_SHA2_NISTP256 = ECCurves.nistp256.getKeyType();

    /**
     * SSH identifier for EC keys in NIST curve P-384
     */
    String ECDSA_SHA2_NISTP384 = ECCurves.nistp384.getKeyType();

    /**
     * SSH identifier for EC keys in NIST curve P-521
     */
    String ECDSA_SHA2_NISTP521 = ECCurves.nistp521.getKeyType();

    /**
     * SSH identifier for openssh cert keys
     */
    String SSH_RSA_CERT = "[email protected]";
    String SSH_DSS_CERT = "[email protected]";
    String SSH_ED25519_CERT = "[email protected]";
    String SSH_ECDSA_SHA2_NISTP256_CERT = "[email protected]";
    String SSH_ECDSA_SHA2_NISTP384_CERT = "[email protected]";
    String SSH_ECDSA_SHA2_NISTP521_CERT = "[email protected]";

    /**
     * A {@link KeyPairProvider} that has no keys
     */
    KeyPairProvider EMPTY_KEYPAIR_PROVIDER = new KeyPairProvider() {
        @Override
        public KeyPair loadKey(SessionContext session, String type) {
            return null;
        }

        @Override
        public Iterable getKeyTypes(SessionContext session) {
            return Collections.emptySet();
        }

        @Override
        public Iterable loadKeys(SessionContext session) {
            return Collections.emptyList();
        }

        @Override
        public String toString() {
            return "EMPTY_KEYPAIR_PROVIDER";
        }
    };

    /**
     * Load a key of the specified type which can be "ssh-rsa", "ssh-dss", or
     * "ecdsa-sha2-nistp{256,384,521}". If there is no key of this type, return {@code null}
     *
     * @param  session                  The {@link SessionContext} for invoking this load command - may be {@code null}
     *                                  if not invoked within a session context (e.g., offline tool).
     * @param  type                     the type of key to load
     * @return                          a valid key pair or {@code null} if this type of key is not available
     * @throws IOException              If failed to read/parse the keys data
     * @throws GeneralSecurityException If failed to generate the keys
     */
    default KeyPair loadKey(SessionContext session, String type)
            throws IOException, GeneralSecurityException {
        ValidateUtils.checkNotNullAndNotEmpty(type, "No key type to load");
        return GenericUtils.stream(loadKeys(session))
                .filter(key -> type.equals(KeyUtils.getKeyType(key)))
                .findFirst()
                .orElse(null);
    }

    /**
     * @param  session                  The {@link SessionContext} for invoking this load command - may be {@code null}
     *                                  if not invoked within a session context (e.g., offline tool).
     * @return                          The available {@link Iterable} key types - never {@code null}
     * @throws IOException              If failed to read/parse the keys data
     * @throws GeneralSecurityException If failed to generate the keys
     */
    default Iterable getKeyTypes(SessionContext session)
            throws IOException, GeneralSecurityException {
        return GenericUtils.stream(loadKeys(session))
                .map(KeyUtils::getKeyType)
                .filter(GenericUtils::isNotEmpty)
                .collect(Collectors.toSet());
    }

    /**
     * Wrap the provided {@link KeyPair}s into a {@link KeyPairProvider}
     *
     * @param  pairs The available pairs - ignored if {@code null}/empty (i.e., returns {@link #EMPTY_KEYPAIR_PROVIDER})
     * @return       The provider wrapper
     * @see          #wrap(Iterable)
     */
    static KeyPairProvider wrap(KeyPair... pairs) {
        return GenericUtils.isEmpty(pairs) ? EMPTY_KEYPAIR_PROVIDER : wrap(Arrays.asList(pairs));
    }

    /**
     * Wrap the provided {@link KeyPair}s into a {@link KeyPairProvider}
     *
     * @param  pairs The available pairs {@link Iterable} - ignored if {@code null} (i.e., returns
     *               {@link #EMPTY_KEYPAIR_PROVIDER})
     * @return       The provider wrapper
     */
    static KeyPairProvider wrap(Iterable pairs) {
        return (pairs == null) ? EMPTY_KEYPAIR_PROVIDER : new KeyPairProvider() {
            @Override
            public Iterable loadKeys(SessionContext session) {
                return pairs;
            }

            @Override
            public KeyPair loadKey(SessionContext session, String type) {
                for (KeyPair kp : pairs) {
                    String t = KeyUtils.getKeyType(kp);
                    if (Objects.equals(type, t)) {
                        return kp;
                    }
                }

                return null;
            }

            @Override
            public Iterable getKeyTypes(SessionContext session) {
                // use a LinkedHashSet so as to preserve the order but avoid duplicates
                Collection types = new LinkedHashSet<>();
                for (KeyPair kp : pairs) {
                    String t = KeyUtils.getKeyType(kp);
                    if (GenericUtils.isEmpty(t)) {
                        continue; // avoid unknown key types
                    }

                    if (!types.add(t)) {
                        continue; // debug breakpoint
                    }
                }

                return types;
            }
        };
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy