org.apache.sshd.common.keyprovider.KeyPairProvider Maven / Gradle / Ivy

Go to download
Show more of this group Show more artifacts with this name
Show all versions of wildfly-client-all
This artifact provides a single jar that contains all classes required to use remote EJB and JMS, including all dependencies. It is intended for use by those not using maven, maven users should just import the EJB and JMS BOM's instead (shaded JAR's cause lots of problems with maven, as it is very easy to inadvertently end up with different versions on classes on the class path).
There is a newer version: 34.0.0.Final
Show newest version
/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.apache.sshd.common.keyprovider;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.Objects;
import java.util.stream.Collectors;

import org.apache.sshd.common.cipher.ECCurves;
import org.apache.sshd.common.config.keys.KeyUtils;
import org.apache.sshd.common.session.SessionContext;
import org.apache.sshd.common.util.GenericUtils;
import org.apache.sshd.common.util.ValidateUtils;

/**
 * Provider for key pairs. This provider is used on the server side to provide the host key, or on the client side to
 * provide the user key.
 *
 * @author Apache MINA SSHD Project
 */
public interface KeyPairProvider extends KeyIdentityProvider {

    /**
     * SSH identifier for RSA keys
     */
    String SSH_RSA = "ssh-rsa";

    /**
     * SSH identifier for DSA keys
     */
    String SSH_DSS = "ssh-dss";

    /**
     * SSH identifier for ED25519 elliptic curve keys
     */
    String SSH_ED25519 = "ssh-ed25519";

    /**
     * SSH identifier for EC keys in NIST curve P-256
     */
    String ECDSA_SHA2_NISTP256 = ECCurves.nistp256.getKeyType();

    /**
     * SSH identifier for EC keys in NIST curve P-384
     */
    String ECDSA_SHA2_NISTP384 = ECCurves.nistp384.getKeyType();

    /**
     * SSH identifier for EC keys in NIST curve P-521
     */
    String ECDSA_SHA2_NISTP521 = ECCurves.nistp521.getKeyType();

    /**
     * SSH identifier for openssh cert keys
     */
    String SSH_RSA_CERT = "[email protected]";
    String SSH_DSS_CERT = "[email protected]";
    String SSH_ED25519_CERT = "[email protected]";
    String SSH_ECDSA_SHA2_NISTP256_CERT = "[email protected]";
    String SSH_ECDSA_SHA2_NISTP384_CERT = "[email protected]";
    String SSH_ECDSA_SHA2_NISTP521_CERT = "[email protected]";

    /**
     * A {@link KeyPairProvider} that has no keys
     */
    KeyPairProvider EMPTY_KEYPAIR_PROVIDER = new KeyPairProvider() {
        @Override
        public KeyPair loadKey(SessionContext session, String type) {
            return null;
        }

        @Override
        public Iterable getKeyTypes(SessionContext session) {
            return Collections.emptySet();
        }

        @Override
        public Iterable loadKeys(SessionContext session) {
            return Collections.emptyList();
        }

        @Override
        public String toString() {
            return "EMPTY_KEYPAIR_PROVIDER";
        }
    };

    /**
     * Load a key of the specified type which can be "ssh-rsa", "ssh-dss", or
     * "ecdsa-sha2-nistp{256,384,521}". If there is no key of this type, return {@code null}
     *
     * @param  session                  The {@link SessionContext} for invoking this load command - may be {@code null}
     *                                  if not invoked within a session context (e.g., offline tool).
     * @param  type                     the type of key to load
     * @return                          a valid key pair or {@code null} if this type of key is not available
     * @throws IOException              If failed to read/parse the keys data
     * @throws GeneralSecurityException If failed to generate the keys
     */
    default KeyPair loadKey(SessionContext session, String type)
            throws IOException, GeneralSecurityException {
        ValidateUtils.checkNotNullAndNotEmpty(type, "No key type to load");
        return GenericUtils.stream(loadKeys(session))
                .filter(key -> type.equals(KeyUtils.getKeyType(key)))
                .findFirst()
                .orElse(null);
    }

    /**
     * @param  session                  The {@link SessionContext} for invoking this load command - may be {@code null}
     *                                  if not invoked within a session context (e.g., offline tool).
     * @return                          The available {@link Iterable} key types - never {@code null}
     * @throws IOException              If failed to read/parse the keys data
     * @throws GeneralSecurityException If failed to generate the keys
     */
    default Iterable getKeyTypes(SessionContext session)
            throws IOException, GeneralSecurityException {
        return GenericUtils.stream(loadKeys(session))
                .map(KeyUtils::getKeyType)
                .filter(GenericUtils::isNotEmpty)
                .collect(Collectors.toSet());
    }

    /**
     * Wrap the provided {@link KeyPair}s into a {@link KeyPairProvider}
     *
     * @param  pairs The available pairs - ignored if {@code null}/empty (i.e., returns {@link #EMPTY_KEYPAIR_PROVIDER})
     * @return       The provider wrapper
     * @see          #wrap(Iterable)
     */
    static KeyPairProvider wrap(KeyPair... pairs) {
        return GenericUtils.isEmpty(pairs) ? EMPTY_KEYPAIR_PROVIDER : wrap(Arrays.asList(pairs));
    }

    /**
     * Wrap the provided {@link KeyPair}s into a {@link KeyPairProvider}
     *
     * @param  pairs The available pairs {@link Iterable} - ignored if {@code null} (i.e., returns
     *               {@link #EMPTY_KEYPAIR_PROVIDER})
     * @return       The provider wrapper
     */
    static KeyPairProvider wrap(Iterable pairs) {
        return (pairs == null) ? EMPTY_KEYPAIR_PROVIDER : new KeyPairProvider() {
            @Override
            public Iterable loadKeys(SessionContext session) {
                return pairs;
            }

            @Override
            public KeyPair loadKey(SessionContext session, String type) {
                for (KeyPair kp : pairs) {
                    String t = KeyUtils.getKeyType(kp);
                    if (Objects.equals(type, t)) {
                        return kp;
                    }
                }

                return null;
            }

            @Override
            public Iterable getKeyTypes(SessionContext session) {
                // use a LinkedHashSet so as to preserve the order but avoid duplicates
                Collection types = new LinkedHashSet<>();
                for (KeyPair kp : pairs) {
                    String t = KeyUtils.getKeyType(kp);
                    if (GenericUtils.isEmpty(t)) {
                        continue; // avoid unknown key types
                    }

                    if (!types.add(t)) {
                        continue; // debug breakpoint
                    }
                }

                return types;
            }
        };
    }
}