public class UserAuthPublicKey extends AbstractUserAuth implements SignatureFactoriesManager
Modifier and Type | Field and Description |
---|---|
protected String |
chosenAlgorithm |
protected PublicKeyIdentity |
current |
protected Deque<String> |
currentAlgorithms |
protected List<NamedFactory<Signature>> |
factories |
static AttributeRepository.AttributeKey<String> |
IDENTITY_AGENT
Is set on a
ClientSession when it is created; contains the value of the IdentityAgent SSH config
setting. |
protected Iterator<PublicKeyIdentity> |
keys |
static String |
NAME |
static AttributeRepository.AttributeKey<Boolean> |
USE_DEFAULT_IDENTITIES
Is set on a
ClientSession when it is created; if Boolean.FALSE , no default identities shall be
used. |
log
BY_NAME_COMPARATOR, NAME_EXTRACTOR
Constructor and Description |
---|
UserAuthPublicKey() |
UserAuthPublicKey(List<NamedFactory<Signature>> factories) |
Modifier and Type | Method and Description |
---|---|
protected byte[] |
appendSignature(ClientSession session,
String service,
String name,
String username,
String algo,
PublicKey key,
PublicKey serverKey,
Buffer buffer) |
protected Iterator<PublicKeyIdentity> |
createPublicKeyIterator(ClientSession session,
SignatureFactoriesManager manager) |
void |
destroy()
Called to release any allocated resources
|
protected String |
getDefaultSignatureAlgorithm(ClientSession session,
String service,
PublicKeyIdentity identity,
KeyPair keyPair,
String keyType)
Determines a signature algorithm name to use for the authentication request if none could be determined from the
installed signature factories.
|
List<NamedFactory<Signature>> |
getSignatureFactories() |
void |
init(ClientSession session,
String service) |
protected boolean |
processAuthDataRequest(ClientSession session,
String service,
Buffer buffer) |
protected void |
releaseKeys() |
protected PublicKeyIdentity |
resolveAttemptedPublicKeyIdentity(ClientSession session,
String service) |
protected PublicKeyIdentity |
resolveAttemptedPublicKeyIdentity(ClientSession session,
String service,
PublicKeyAuthenticationReporter reporter) |
protected boolean |
sendAuthDataRequest(ClientSession session,
String service) |
void |
setSignatureFactories(List<NamedFactory<Signature>> factories) |
void |
signalAuthMethodFailure(ClientSession session,
String service,
boolean partial,
List<String> serverMethods,
Buffer buffer)
Signals reception of
SSH_MSG_USERAUTH_FAILURE message |
void |
signalAuthMethodSuccess(ClientSession session,
String service,
Buffer buffer)
Signal reception of
SSH_MSG_USERAUTH_SUCCESS message |
getClientSession, getName, getService, getSession, process, toString
debug, debug, debug, debug, debug, error, error, error, error, error, getSimplifiedLogger, info, info, warn, warn, warn, warn, warn, warn, warn, warn
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
getSignatureFactories, resolveSignatureFactories, setSignatureFactoriesNameList, setSignatureFactoriesNames, setSignatureFactoriesNames
getSignatureFactoriesNameList, getSignatureFactoriesNames
findByName, findFirstMatchByName, getNameList, getNames, ofName, removeByName, safeCompareByName
public static final String NAME
public static final AttributeRepository.AttributeKey<Boolean> USE_DEFAULT_IDENTITIES
ClientSession
when it is created; if Boolean.FALSE
, no default identities shall be
used.public static final AttributeRepository.AttributeKey<String> IDENTITY_AGENT
ClientSession
when it is created; contains the value of the IdentityAgent
SSH config
setting. May be the empty string if not specified in the
HostConfigEntry
.protected Iterator<PublicKeyIdentity> keys
protected PublicKeyIdentity current
protected List<NamedFactory<Signature>> factories
protected String chosenAlgorithm
public UserAuthPublicKey()
public UserAuthPublicKey(List<NamedFactory<Signature>> factories)
public List<NamedFactory<Signature>> getSignatureFactories()
getSignatureFactories
in interface SignatureFactoriesHolder
Signature
factoriespublic void setSignatureFactories(List<NamedFactory<Signature>> factories)
setSignatureFactories
in interface SignatureFactoriesManager
public void init(ClientSession session, String service) throws Exception
init
in interface UserAuth
init
in class AbstractUserAuth
session
- The ClientSession
service
- The requesting service nameException
- If failed to initialize the mechanismprotected Iterator<PublicKeyIdentity> createPublicKeyIterator(ClientSession session, SignatureFactoriesManager manager) throws Exception
Exception
protected boolean sendAuthDataRequest(ClientSession session, String service) throws Exception
sendAuthDataRequest
in class AbstractUserAuth
Exception
protected PublicKeyIdentity resolveAttemptedPublicKeyIdentity(ClientSession session, String service) throws Exception
Exception
protected PublicKeyIdentity resolveAttemptedPublicKeyIdentity(ClientSession session, String service, PublicKeyAuthenticationReporter reporter) throws Exception
Exception
protected String getDefaultSignatureAlgorithm(ClientSession session, String service, PublicKeyIdentity identity, KeyPair keyPair, String keyType) throws Exception
null
non-empty string is returned, it is used as is in
the authentication.
This is mainly intended for use with identities from an SSH agent, where the SSH agent may be able to sign the
request even if there is no appropriate signature factory present in Java. Whether it makes sense to allow this
depends on the application logic and how it handles e.g. SSH config PubkeyAcceptedKeyTypes
(or
PubkeyAcceptedAlgorithms
}.
This default implementation always returns null
, skipping the key.
session
- ClientSession
trying to authenticateservice
- SSH service nameidentity
- PublicKeyIdentity
considered to be used for authenticationkeyPair
- KeyPair
from identity
keyType
- the key type of keyPair
null
or an empty string to skip this key and consider another key, if any, to use for
authentication, or a non-empty signature algorithm name to use for the authentication attempt
using the given identity
Exception
- if an error occursKeyAgentIdentity
protected boolean processAuthDataRequest(ClientSession session, String service, Buffer buffer) throws Exception
processAuthDataRequest
in class AbstractUserAuth
Exception
protected byte[] appendSignature(ClientSession session, String service, String name, String username, String algo, PublicKey key, PublicKey serverKey, Buffer buffer) throws Exception
Exception
public void signalAuthMethodSuccess(ClientSession session, String service, Buffer buffer) throws Exception
UserAuth
SSH_MSG_USERAUTH_SUCCESS
messagesignalAuthMethodSuccess
in interface UserAuth
session
- The ClientSession
service
- The requesting service namebuffer
- The Buffer
containing the success message (after having consumed the relevant data from
it)Exception
- If failed to handle the callback - Note: may cause session closepublic void signalAuthMethodFailure(ClientSession session, String service, boolean partial, List<String> serverMethods, Buffer buffer) throws Exception
UserAuth
SSH_MSG_USERAUTH_FAILURE
messagesignalAuthMethodFailure
in interface UserAuth
session
- The ClientSession
service
- The requesting service namepartial
- true
if some partial authentication success so farserverMethods
- The List
of authentication methods that can continuebuffer
- The Buffer
containing the failure message (after having consumed the relevant data
from it)Exception
- If failed to handle the callback - Note: may cause session closepublic void destroy()
UserAuth
destroy
in interface UserAuth
destroy
in class AbstractUserAuth
protected void releaseKeys() throws IOException
IOException
Copyright © 2008–2024 The Apache Software Foundation. All rights reserved.