You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mina.apache.org by gn...@apache.org on 2010/09/22 16:50:15 UTC
svn commit: r1000007 - in
/mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd: client/
client/kex/ common/ server/kex/
Author: gnodet
Date: Wed Sep 22 14:50:15 2010
New Revision: 1000007
URL: http://svn.apache.org/viewvc?rev=1000007&view=rev
Log:
[SSHD-92] Use PublicKey instead of a byte[] for the server key authentication
Modified:
mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/client/AcceptAllServerKeyVerifier.java
mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/client/DelegatingServerKeyVerifier.java
mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/client/RequiredServerKeyVerifier.java
mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/client/ServerKeyVerifier.java
mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/client/kex/AbstractDHGClient.java
mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/common/KeyExchange.java
mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/server/kex/AbstractDHGServer.java
Modified: mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/client/AcceptAllServerKeyVerifier.java
URL: http://svn.apache.org/viewvc/mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/client/AcceptAllServerKeyVerifier.java?rev=1000007&r1=1000006&r2=1000007&view=diff
==============================================================================
--- mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/client/AcceptAllServerKeyVerifier.java (original)
+++ mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/client/AcceptAllServerKeyVerifier.java Wed Sep 22 14:50:15 2010
@@ -1,6 +1,7 @@
package org.apache.sshd.client;
import java.net.SocketAddress;
+import java.security.PublicKey;
import org.apache.sshd.ClientSession;
import org.apache.sshd.common.util.BufferUtils;
@@ -18,8 +19,8 @@ public class AcceptAllServerKeyVerifier
private AcceptAllServerKeyVerifier() {
}
- public boolean verifyServerKey(ClientSession sshClientSession, SocketAddress remoteAddress, byte[] serverKey) {
- log.trace("Accepting key for " + remoteAddress + " key=" + BufferUtils.printHex(serverKey));
+ public boolean verifyServerKey(ClientSession sshClientSession, SocketAddress remoteAddress, PublicKey serverKey) {
+ log.trace("Accepting key for " + remoteAddress + " key=" + BufferUtils.printHex(serverKey.getEncoded()));
return true;
}
}
Modified: mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/client/DelegatingServerKeyVerifier.java
URL: http://svn.apache.org/viewvc/mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/client/DelegatingServerKeyVerifier.java?rev=1000007&r1=1000006&r2=1000007&view=diff
==============================================================================
--- mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/client/DelegatingServerKeyVerifier.java (original)
+++ mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/client/DelegatingServerKeyVerifier.java Wed Sep 22 14:50:15 2010
@@ -1,6 +1,7 @@
package org.apache.sshd.client;
import java.net.SocketAddress;
+import java.security.PublicKey;
import java.util.Map;
import org.apache.sshd.ClientSession;
@@ -16,7 +17,7 @@ import org.slf4j.LoggerFactory;
public class DelegatingServerKeyVerifier implements ServerKeyVerifier {
protected final Logger log = LoggerFactory.getLogger(getClass());
- public boolean verifyServerKey(ClientSession sshClientSession, SocketAddress remoteAddress, byte[] serverKey) {
+ public boolean verifyServerKey(ClientSession sshClientSession, SocketAddress remoteAddress, PublicKey serverKey) {
Map<Object, Object> metadataMap = sshClientSession.getMetadataMap();
Object verifier = metadataMap.get(ServerKeyVerifier.class);
if (verifier == null) {
Modified: mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/client/RequiredServerKeyVerifier.java
URL: http://svn.apache.org/viewvc/mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/client/RequiredServerKeyVerifier.java?rev=1000007&r1=1000006&r2=1000007&view=diff
==============================================================================
--- mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/client/RequiredServerKeyVerifier.java (original)
+++ mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/client/RequiredServerKeyVerifier.java Wed Sep 22 14:50:15 2010
@@ -1,6 +1,7 @@
package org.apache.sshd.client;
import java.net.SocketAddress;
+import java.security.PublicKey;
import java.util.Arrays;
import org.apache.sshd.ClientSession;
@@ -14,19 +15,19 @@ import org.slf4j.LoggerFactory;
*/
public class RequiredServerKeyVerifier implements ServerKeyVerifier {
protected final Logger log = LoggerFactory.getLogger(getClass());
- final byte[] requiredKey;
+ final PublicKey requiredKey;
- public RequiredServerKeyVerifier(byte[] requiredKey) {
+ public RequiredServerKeyVerifier(PublicKey requiredKey) {
super();
this.requiredKey = requiredKey;
}
- public boolean verifyServerKey(ClientSession sshClientSession, SocketAddress remoteAddress, byte[] serverKey) {
- if (Arrays.equals(requiredKey, serverKey)) {
+ public boolean verifyServerKey(ClientSession sshClientSession, SocketAddress remoteAddress, PublicKey serverKey) {
+ if (requiredKey.equals(serverKey)) {
return true;
}
- log.info("Server at " + remoteAddress + " presented wrong key: " + BufferUtils.printHex(serverKey));
+ log.info("Server at " + remoteAddress + " presented wrong key: " + BufferUtils.printHex(serverKey.getEncoded()));
return false;
}
}
Modified: mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/client/ServerKeyVerifier.java
URL: http://svn.apache.org/viewvc/mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/client/ServerKeyVerifier.java?rev=1000007&r1=1000006&r2=1000007&view=diff
==============================================================================
--- mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/client/ServerKeyVerifier.java (original)
+++ mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/client/ServerKeyVerifier.java Wed Sep 22 14:50:15 2010
@@ -1,9 +1,10 @@
package org.apache.sshd.client;
import java.net.SocketAddress;
+import java.security.PublicKey;
import org.apache.sshd.ClientSession;
public interface ServerKeyVerifier {
- boolean verifyServerKey(ClientSession sshClientSession, SocketAddress remoteAddress, byte[] serverKey);
+ boolean verifyServerKey(ClientSession sshClientSession, SocketAddress remoteAddress, PublicKey serverKey);
}
Modified: mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/client/kex/AbstractDHGClient.java
URL: http://svn.apache.org/viewvc/mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/client/kex/AbstractDHGClient.java?rev=1000007&r1=1000006&r2=1000007&view=diff
==============================================================================
--- mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/client/kex/AbstractDHGClient.java (original)
+++ mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/client/kex/AbstractDHGClient.java Wed Sep 22 14:50:15 2010
@@ -58,8 +58,7 @@ public abstract class AbstractDHGClient
private byte[] f;
private byte[] K;
private byte[] H;
-
- private byte[] serverKey;
+ private PublicKey serverKey;
public void init(AbstractSession s, byte[] V_S, byte[] V_C, byte[] I_S, byte[] I_C) throws Exception {
if (!(s instanceof ClientSessionImpl)) {
@@ -93,22 +92,22 @@ public abstract class AbstractDHGClient
log.info("Received SSH_MSG_KEXDH_REPLY");
- serverKey = buffer.getBytes();
+ byte[] K_S = buffer.getBytes();
f = buffer.getMPIntAsBytes();
byte[] sig = buffer.getBytes();
dh.setF(f);
K = dh.getK();
- buffer = new Buffer(serverKey);
- PublicKey key = buffer.getRawPublicKey();
- String keyAlg = (key instanceof RSAPublicKey) ? KeyPairProvider.SSH_RSA : KeyPairProvider.SSH_DSS;
+ buffer = new Buffer(K_S);
+ serverKey = buffer.getRawPublicKey();
+ String keyAlg = (serverKey instanceof RSAPublicKey) ? KeyPairProvider.SSH_RSA : KeyPairProvider.SSH_DSS;
buffer = new Buffer();
buffer.putString(V_C);
buffer.putString(V_S);
buffer.putString(I_C);
buffer.putString(I_S);
- buffer.putString(serverKey);
+ buffer.putString(K_S);
buffer.putMPInt(e);
buffer.putMPInt(f);
buffer.putMPInt(K);
@@ -116,7 +115,7 @@ public abstract class AbstractDHGClient
H = sha.digest();
Signature verif = NamedFactory.Utils.create(session.getFactoryManager().getSignatureFactories(), keyAlg);
- verif.init(key, null);
+ verif.init(serverKey, null);
verif.update(H, 0, H.length);
if (!verif.verify(sig)) {
throw new SshException(SshConstants.SSH2_DISCONNECT_KEY_EXCHANGE_FAILED,
@@ -137,7 +136,7 @@ public abstract class AbstractDHGClient
return K;
}
- public byte[] getServerKey() {
+ public PublicKey getServerKey() {
return serverKey;
}
Modified: mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/common/KeyExchange.java
URL: http://svn.apache.org/viewvc/mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/common/KeyExchange.java?rev=1000007&r1=1000006&r2=1000007&view=diff
==============================================================================
--- mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/common/KeyExchange.java (original)
+++ mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/common/KeyExchange.java Wed Sep 22 14:50:15 2010
@@ -18,6 +18,8 @@
*/
package org.apache.sshd.common;
+import java.security.PublicKey;
+
import org.apache.sshd.common.session.AbstractSession;
import org.apache.sshd.common.util.Buffer;
@@ -73,5 +75,5 @@ public interface KeyExchange {
/**
* Retrieves the server's key
*/
- byte[] getServerKey();
+ PublicKey getServerKey();
}
Modified: mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/server/kex/AbstractDHGServer.java
URL: http://svn.apache.org/viewvc/mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/server/kex/AbstractDHGServer.java?rev=1000007&r1=1000006&r2=1000007&view=diff
==============================================================================
--- mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/server/kex/AbstractDHGServer.java (original)
+++ mina/sshd/trunk/sshd-core/src/main/java/org/apache/sshd/server/kex/AbstractDHGServer.java Wed Sep 22 14:50:15 2010
@@ -19,6 +19,7 @@
package org.apache.sshd.server.kex;
import java.security.KeyPair;
+import java.security.PublicKey;
import org.apache.sshd.common.Digest;
import org.apache.sshd.common.KeyExchange;
@@ -145,8 +146,8 @@ public abstract class AbstractDHGServer
return K;
}
- public byte[] getServerKey() {
- throw new UnsupportedOperationException();
+ public PublicKey getServerKey() {
+ return session.getHostKey().getPublic();
}
}