| commit | author | age | ||
| b53611 | 1 | /* |
| JM | 2 | * Copyright 2014 gitblit.com. |
| 3 | * | |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); you may not | |
| 5 | * use this file except in compliance with the License. You may obtain a copy of | |
| 6 | * the License at | |
| 7 | * | |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 | |
| 9 | * | |
| 10 | * Unless required by applicable law or agreed to in writing, software | |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | |
| 12 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | |
| 13 | * License for the specific language governing permissions and limitations under | |
| 14 | * the License. | |
| 15 | */ | |
| 16 | package com.gitblit.transport.ssh; | |
| 17 | ||
| 18 | import java.io.File; | |
| 19 | import java.io.IOException; | |
| 20 | import java.text.MessageFormat; | |
| 21 | import java.util.ArrayList; | |
| 22 | import java.util.List; | |
| aaecd8 | 23 | import java.util.Map; |
| JM | 24 | import java.util.concurrent.ConcurrentHashMap; |
| b53611 | 25 | |
| c78b25 | 26 | import com.gitblit.Constants.AccessPermission; |
| b53611 | 27 | import com.gitblit.Keys; |
| JM | 28 | import com.gitblit.manager.IRuntimeManager; |
| 29 | import com.google.common.base.Charsets; | |
| 8384e0 | 30 | import com.google.common.base.Joiner; |
| b53611 | 31 | import com.google.common.io.Files; |
| 241f57 | 32 | import com.google.inject.Inject; |
| b53611 | 33 | |
| JM | 34 | /** |
| 245836 | 35 | * Manages public keys on the filesystem. |
| 8384e0 | 36 | * |
| b53611 | 37 | * @author James Moger |
| JM | 38 | * |
| 39 | */ | |
| 245836 | 40 | public class FileKeyManager extends IPublicKeyManager { |
| b53611 | 41 | |
| JM | 42 | protected final IRuntimeManager runtimeManager; |
| 8384e0 | 43 | |
| aaecd8 | 44 | protected final Map<File, Long> lastModifieds; |
| JM | 45 | |
| 241f57 | 46 | @Inject |
| b53611 | 47 | public FileKeyManager(IRuntimeManager runtimeManager) { |
| JM | 48 | this.runtimeManager = runtimeManager; |
| aaecd8 | 49 | this.lastModifieds = new ConcurrentHashMap<File, Long>(); |
| b53611 | 50 | } |
| 8384e0 | 51 | |
| b53611 | 52 | @Override |
| JM | 53 | public String toString() { |
| 54 | File dir = runtimeManager.getFileOrFolder(Keys.git.sshKeysFolder, "${baseFolder}/ssh"); | |
| 55 | return MessageFormat.format("{0} ({1})", getClass().getSimpleName(), dir); | |
| 56 | } | |
| 8384e0 | 57 | |
| b53611 | 58 | @Override |
| JM | 59 | public FileKeyManager start() { |
| 245836 | 60 | log.info(toString()); |
| b53611 | 61 | return this; |
| JM | 62 | } |
| 8384e0 | 63 | |
| b53611 | 64 | @Override |
| JM | 65 | public boolean isReady() { |
| 66 | return true; | |
| 67 | } | |
| 8384e0 | 68 | |
| b53611 | 69 | @Override |
| JM | 70 | public FileKeyManager stop() { |
| 71 | return this; | |
| 72 | } | |
| 73 | ||
| 74 | @Override | |
| aaecd8 | 75 | protected boolean isStale(String username) { |
| JM | 76 | File keystore = getKeystore(username); |
| 77 | if (!keystore.exists()) { | |
| 78 | // keystore may have been deleted | |
| 79 | return true; | |
| 80 | } | |
| 81 | ||
| 82 | if (lastModifieds.containsKey(keystore)) { | |
| 83 | // compare modification times | |
| 84 | long lastModified = lastModifieds.get(keystore); | |
| 85 | return lastModified != keystore.lastModified(); | |
| 86 | } | |
| 87 | ||
| 88 | // assume stale | |
| 89 | return true; | |
| 90 | } | |
| 91 | ||
| 92 | @Override | |
| bcc8a0 | 93 | protected List<SshKey> getKeysImpl(String username) { |
| b53611 | 94 | try { |
| 521cb6 | 95 | log.info("loading ssh keystore for {}", username); |
| aaecd8 | 96 | File keystore = getKeystore(username); |
| JM | 97 | if (!keystore.exists()) { |
| b53611 | 98 | return null; |
| JM | 99 | } |
| aaecd8 | 100 | if (keystore.exists()) { |
| bcc8a0 | 101 | List<SshKey> list = new ArrayList<SshKey>(); |
| aaecd8 | 102 | for (String entry : Files.readLines(keystore, Charsets.ISO_8859_1)) { |
| b53611 | 103 | if (entry.trim().length() == 0) { |
| JM | 104 | // skip blanks |
| 105 | continue; | |
| 106 | } | |
| 107 | if (entry.charAt(0) == '#') { | |
| 108 | // skip comments | |
| 109 | continue; | |
| 110 | } | |
| c78b25 | 111 | String [] parts = entry.split(" ", 2); |
| JM | 112 | AccessPermission perm = AccessPermission.fromCode(parts[0]); |
| 113 | if (perm.equals(AccessPermission.NONE)) { | |
| 114 | // ssh-rsa DATA COMMENT | |
| 115 | SshKey key = new SshKey(entry); | |
| 116 | list.add(key); | |
| 117 | } else if (perm.exceeds(AccessPermission.NONE)) { | |
| 118 | // PERMISSION ssh-rsa DATA COMMENT | |
| 119 | SshKey key = new SshKey(parts[1]); | |
| 120 | key.setPermission(perm); | |
| 121 | list.add(key); | |
| 122 | } | |
| b53611 | 123 | } |
| 8384e0 | 124 | |
| b53611 | 125 | if (list.isEmpty()) { |
| JM | 126 | return null; |
| 127 | } | |
| aaecd8 | 128 | |
| JM | 129 | lastModifieds.put(keystore, keystore.lastModified()); |
| b53611 | 130 | return list; |
| JM | 131 | } |
| 132 | } catch (IOException e) { | |
| 521cb6 | 133 | throw new RuntimeException("Cannot read ssh keys", e); |
| b53611 | 134 | } |
| JM | 135 | return null; |
| 136 | } | |
| 137 | ||
| 8384e0 | 138 | /** |
| JM | 139 | * Adds a unique key to the keystore. This function determines uniqueness |
| 140 | * by disregarding the comment/description field during key comparisons. | |
| 141 | */ | |
| b53611 | 142 | @Override |
| bcc8a0 | 143 | public boolean addKey(String username, SshKey key) { |
| b53611 | 144 | try { |
| ab07d0 | 145 | boolean replaced = false; |
| 8384e0 | 146 | List<String> lines = new ArrayList<String>(); |
| JM | 147 | File keystore = getKeystore(username); |
| 148 | if (keystore.exists()) { | |
| 149 | for (String entry : Files.readLines(keystore, Charsets.ISO_8859_1)) { | |
| 150 | String line = entry.trim(); | |
| 151 | if (line.length() == 0) { | |
| 152 | // keep blanks | |
| 153 | lines.add(entry); | |
| 154 | continue; | |
| 155 | } | |
| 156 | if (line.charAt(0) == '#') { | |
| 157 | // keep comments | |
| 158 | lines.add(entry); | |
| 159 | continue; | |
| 160 | } | |
| 161 | ||
| c78b25 | 162 | SshKey oldKey = parseKey(line); |
| JM | 163 | if (key.equals(oldKey)) { |
| ab07d0 | 164 | // replace key |
| c78b25 | 165 | lines.add(key.getPermission() + " " + key.getRawData()); |
| ab07d0 | 166 | replaced = true; |
| JM | 167 | } else { |
| 168 | // retain key | |
| 8384e0 | 169 | lines.add(entry); |
| JM | 170 | } |
| 171 | } | |
| 172 | } | |
| 173 | ||
| ab07d0 | 174 | if (!replaced) { |
| JM | 175 | // new key, append |
| c78b25 | 176 | lines.add(key.getPermission() + " " + key.getRawData()); |
| ab07d0 | 177 | } |
| 8384e0 | 178 | |
| JM | 179 | // write keystore |
| 180 | String content = Joiner.on("\n").join(lines).trim().concat("\n"); | |
| 181 | Files.write(content, keystore, Charsets.ISO_8859_1); | |
| aaecd8 | 182 | |
| JM | 183 | lastModifieds.remove(keystore); |
| 184 | keyCache.invalidate(username); | |
| b53611 | 185 | return true; |
| JM | 186 | } catch (IOException e) { |
| 187 | throw new RuntimeException("Cannot add ssh key", e); | |
| 188 | } | |
| 189 | } | |
| 8384e0 | 190 | |
| JM | 191 | /** |
| bcc8a0 | 192 | * Removes the specified key from the keystore. |
| 8384e0 | 193 | */ |
| b53611 | 194 | @Override |
| bcc8a0 | 195 | public boolean removeKey(String username, SshKey key) { |
| b53611 | 196 | try { |
| JM | 197 | File keystore = getKeystore(username); |
| 198 | if (keystore.exists()) { | |
| 8384e0 | 199 | List<String> lines = new ArrayList<String>(); |
| JM | 200 | for (String entry : Files.readLines(keystore, Charsets.ISO_8859_1)) { |
| 201 | String line = entry.trim(); | |
| 202 | if (line.length() == 0) { | |
| b53611 | 203 | // keep blanks |
| 8384e0 | 204 | lines.add(entry); |
| b53611 | 205 | continue; |
| JM | 206 | } |
| 8384e0 | 207 | if (line.charAt(0) == '#') { |
| b53611 | 208 | // keep comments |
| 8384e0 | 209 | lines.add(entry); |
| b53611 | 210 | continue; |
| JM | 211 | } |
| 8384e0 | 212 | |
| JM | 213 | // only include keys that are NOT rmKey |
| c78b25 | 214 | SshKey oldKey = parseKey(line); |
| JM | 215 | if (!key.equals(oldKey)) { |
| 8384e0 | 216 | lines.add(entry); |
| b53611 | 217 | } |
| 8384e0 | 218 | } |
| JM | 219 | if (lines.isEmpty()) { |
| 220 | keystore.delete(); | |
| 221 | } else { | |
| 222 | // write keystore | |
| 223 | String content = Joiner.on("\n").join(lines).trim().concat("\n"); | |
| 224 | Files.write(content, keystore, Charsets.ISO_8859_1); | |
| b53611 | 225 | } |
| aaecd8 | 226 | |
| JM | 227 | lastModifieds.remove(keystore); |
| 228 | keyCache.invalidate(username); | |
| b53611 | 229 | return true; |
| JM | 230 | } |
| 231 | } catch (IOException e) { | |
| 232 | throw new RuntimeException("Cannot remove ssh key", e); | |
| 233 | } | |
| 234 | return false; | |
| 235 | } | |
| 5eafd9 | 236 | |
| DO | 237 | @Override |
| 8ee7c8 | 238 | public boolean removeAllKeys(String username) { |
| aaecd8 | 239 | File keystore = getKeystore(username); |
| JM | 240 | if (keystore.delete()) { |
| 241 | lastModifieds.remove(keystore); | |
| 242 | keyCache.invalidate(username); | |
| 243 | return true; | |
| 244 | } | |
| 245 | return false; | |
| 5eafd9 | 246 | } |
| DO | 247 | |
| b53611 | 248 | protected File getKeystore(String username) { |
| JM | 249 | File dir = runtimeManager.getFileOrFolder(Keys.git.sshKeysFolder, "${baseFolder}/ssh"); |
| 250 | dir.mkdirs(); | |
| 251 | File keys = new File(dir, username + ".keys"); | |
| 252 | return keys; | |
| 253 | } | |
| 8384e0 | 254 | |
| c78b25 | 255 | protected SshKey parseKey(String line) { |
| JM | 256 | String [] parts = line.split(" ", 2); |
| 257 | AccessPermission perm = AccessPermission.fromCode(parts[0]); | |
| 258 | if (perm.equals(AccessPermission.NONE)) { | |
| 259 | // ssh-rsa DATA COMMENT | |
| 260 | SshKey key = new SshKey(line); | |
| 261 | return key; | |
| 262 | } else { | |
| 263 | // PERMISSION ssh-rsa DATA COMMENT | |
| 264 | SshKey key = new SshKey(parts[1]); | |
| 265 | key.setPermission(perm); | |
| 266 | return key; | |
| 267 | } | |
| 8384e0 | 268 | } |
| b53611 | 269 | } |
