/*
|
* Licensed to the Apache Software Foundation (ASF) under one
|
* or more contributor license agreements. See the NOTICE file
|
* distributed with this work for additional information
|
* regarding copyright ownership. The ASF licenses this file
|
* to you under the Apache License, Version 2.0 (the
|
* "License"); you may not use this file except in compliance
|
* with the License. You may obtain a copy of the License at
|
*
|
* http://www.apache.org/licenses/LICENSE-2.0
|
*
|
* Unless required by applicable law or agreed to in writing,
|
* software distributed under the License is distributed on an
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
* KIND, either express or implied. See the License for the
|
* specific language governing permissions and limitations
|
* under the License.
|
*/
|
package com.gitblit.transport.ssh;
|
|
import java.io.FileInputStream;
|
import java.io.InputStreamReader;
|
import java.security.KeyPair;
|
import java.util.Arrays;
|
import java.util.Iterator;
|
import java.util.NoSuchElementException;
|
|
import org.apache.sshd.common.keyprovider.AbstractKeyPairProvider;
|
import org.apache.sshd.common.util.SecurityUtils;
|
import org.bouncycastle.openssl.PEMDecryptorProvider;
|
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
|
import org.bouncycastle.openssl.PEMKeyPair;
|
import org.bouncycastle.openssl.PEMParser;
|
import org.bouncycastle.openssl.PasswordFinder;
|
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
|
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
|
|
/**
|
* This host key provider loads private keys from the specified files.
|
*
|
* Note that this class has a direct dependency on BouncyCastle and won't work
|
* unless it has been correctly registered as a security provider.
|
*
|
* @author <a href="mailto:dev@mina.apache.org">Apache MINA SSHD Project</a>
|
*/
|
public class FileKeyPairProvider extends AbstractKeyPairProvider {
|
|
private String[] files;
|
private PasswordFinder passwordFinder;
|
|
public FileKeyPairProvider() {
|
}
|
|
public FileKeyPairProvider(String[] files) {
|
this.files = files;
|
}
|
|
public FileKeyPairProvider(String[] files, PasswordFinder passwordFinder) {
|
this.files = files;
|
this.passwordFinder = passwordFinder;
|
}
|
|
public String[] getFiles() {
|
return files;
|
}
|
|
public void setFiles(String[] files) {
|
this.files = files;
|
}
|
|
public PasswordFinder getPasswordFinder() {
|
return passwordFinder;
|
}
|
|
public void setPasswordFinder(PasswordFinder passwordFinder) {
|
this.passwordFinder = passwordFinder;
|
}
|
|
public Iterable<KeyPair> loadKeys() {
|
if (!SecurityUtils.isBouncyCastleRegistered()) {
|
throw new IllegalStateException("BouncyCastle must be registered as a JCE provider");
|
}
|
return new Iterable<KeyPair>() {
|
@Override
|
public Iterator<KeyPair> iterator() {
|
return new Iterator<KeyPair>() {
|
private final Iterator<String> iterator = Arrays.asList(files).iterator();
|
private KeyPair nextKeyPair;
|
private boolean nextKeyPairSet = false;
|
@Override
|
public boolean hasNext() {
|
return nextKeyPairSet || setNextObject();
|
}
|
@Override
|
public KeyPair next() {
|
if (!nextKeyPairSet) {
|
if (!setNextObject()) {
|
throw new NoSuchElementException();
|
}
|
}
|
nextKeyPairSet = false;
|
return nextKeyPair;
|
}
|
@Override
|
public void remove() {
|
throw new UnsupportedOperationException();
|
}
|
private boolean setNextObject() {
|
while (iterator.hasNext()) {
|
String file = iterator.next();
|
nextKeyPair = doLoadKey(file);
|
if (nextKeyPair != null) {
|
nextKeyPairSet = true;
|
return true;
|
}
|
}
|
return false;
|
}
|
|
};
|
}
|
};
|
}
|
|
protected KeyPair doLoadKey(String file) {
|
try {
|
PEMParser r = new PEMParser(new InputStreamReader(new FileInputStream(file)));
|
try {
|
Object o = r.readObject();
|
|
JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
|
pemConverter.setProvider("BC");
|
if (passwordFinder != null && o instanceof PEMEncryptedKeyPair) {
|
JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder();
|
PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(passwordFinder.getPassword());
|
o = pemConverter.getKeyPair(((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor));
|
}
|
|
if (o instanceof PEMKeyPair) {
|
o = pemConverter.getKeyPair((PEMKeyPair)o);
|
return (KeyPair) o;
|
} else if (o instanceof KeyPair) {
|
return (KeyPair) o;
|
}
|
} finally {
|
r.close();
|
}
|
} catch (Exception e) {
|
log.warn("Unable to read key " + file, e);
|
}
|
return null;
|
}
|
|
}
|
