All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.apache.sshd.common.config.keys.IdentityUtils Maven / Gradle / Ivy

There is a newer version: 2.14.0
Show newest version
/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

package org.apache.sshd.common.config.keys;

import java.io.IOException;
import java.io.InputStream;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.util.Collections;
import java.util.Map;
import java.util.NavigableMap;
import java.util.TreeMap;

import org.apache.sshd.common.keyprovider.KeyPairProvider;
import org.apache.sshd.common.keyprovider.MappedKeyPairProvider;
import org.apache.sshd.common.session.SessionContext;
import org.apache.sshd.common.util.GenericUtils;
import org.apache.sshd.common.util.MapEntryUtils;
import org.apache.sshd.common.util.ValidateUtils;
import org.apache.sshd.common.util.io.resource.PathResource;
import org.apache.sshd.common.util.security.SecurityUtils;

/**
 * @author Apache MINA SSHD Project
 */
public final class IdentityUtils {
    private IdentityUtils() {
        throw new UnsupportedOperationException("No instance");
    }

    /**
     * @param  prefix The file name prefix - ignored if {@code null}/empty
     * @param  type   The identity type - ignored if {@code null}/empty
     * @param  suffix The file name suffix - ignored if {@code null}/empty
     * @return        The identity file name or {@code null} if no name
     */
    public static String getIdentityFileName(String prefix, String type, String suffix) {
        if (GenericUtils.isEmpty(type)) {
            return null;
        } else {
            return GenericUtils.trimToEmpty(prefix)
                   + type.toLowerCase()
                   + GenericUtils.trimToEmpty(suffix);
        }
    }

    /**
     * @param  ids           A {@link Map} of the loaded identities where key=the identity type, value=the matching
     *                       {@link KeyPair} - ignored if {@code null}/empty
     * @param  supportedOnly If {@code true} then ignore identities that are not supported internally
     * @return               A {@link KeyPair} for the identities - {@code null} if no identities available (e.g., after
     *                       filtering unsupported ones)
     * @see                  BuiltinIdentities
     */
    public static KeyPairProvider createKeyPairProvider(Map ids, boolean supportedOnly) {
        if (MapEntryUtils.isEmpty(ids)) {
            return null;
        }

        Map pairsMap = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
        ids.forEach((type, kp) -> {
            BuiltinIdentities id = BuiltinIdentities.fromName(type);
            if (id == null) {
                id = BuiltinIdentities.fromKeyPair(kp);
            }

            if (supportedOnly && ((id == null) || (!id.isSupported()))) {
                return;
            }

            String keyType = KeyUtils.getKeyType(kp);
            if (GenericUtils.isEmpty(keyType)) {
                return;
            }

            KeyPair prev = pairsMap.put(keyType, kp);
            if (prev != null) {
                return; // less of an offense if 2 pairs mapped to same key type
            }
        });

        if (MapEntryUtils.isEmpty(pairsMap)) {
            return null;
        } else {
            return new MappedKeyPairProvider(pairsMap);
        }
    }

    /**
     * @param  session                  The {@link SessionContext} for invoking this load command - may be {@code null}
     *                                  if not invoked within a session context (e.g., offline tool or session unknown).
     * @param  paths                    A {@link Map} of the identities where key=identity type (case
     *                                  insensitive), value=the {@link Path} of file with the identity key
     * @param  provider                 A {@link FilePasswordProvider} - may be {@code null} if the loaded keys are
     *                                  guaranteed not to be encrypted. The argument to
     *                                  {@code FilePasswordProvider#getPassword} is the path of the file whose key is to
     *                                  be loaded
     * @param  options                  The {@link OpenOption}s to use when reading the key data
     * @return                          A {@link NavigableMap} of the identities where key=identity type (case
     *                                  insensitive), value=the {@link KeyPair} of the identity
     * @throws IOException              If failed to access the file system
     * @throws GeneralSecurityException If failed to load the keys
     */
    public static NavigableMap loadIdentities(
            SessionContext session, Map paths, FilePasswordProvider provider, OpenOption... options)
            throws IOException, GeneralSecurityException {
        if (MapEntryUtils.isEmpty(paths)) {
            return Collections.emptyNavigableMap();
        }

        NavigableMap ids = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
        // Cannot use forEach because the potential for IOExceptions being thrown
        for (Map.Entry pe : paths.entrySet()) {
            String type = pe.getKey();
            Path path = pe.getValue();
            PathResource location = new PathResource(path, options);
            Iterable pairs;
            try (InputStream inputStream = location.openInputStream()) {
                pairs = SecurityUtils.loadKeyPairIdentities(session, location, inputStream, provider);
            }

            if (pairs == null) {
                continue;
            }

            for (KeyPair kp : pairs) {
                KeyPair prev = ids.put(type, kp);
                ValidateUtils.checkTrue(prev == null, "Multiple keys for type=%s due to %s", type, path);
            }
        }

        return ids;
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy