bundles/org.eclipse.equinox.console.ssh/src/org/eclipse/equinox/console/internal/ssh/AuthorizedKeysFileAuthenticator.java - equinox/rt.equinox.bundles - Git at Google

 /**
  * Copyright (c) 2012, 2017 Gunnar Wagenknecht and others.
  * All rights reserved.
  *
  * This program and the accompanying materials are made available under the terms of the
  * Eclipse Public License v1.0 which accompanies this distribution, and is available at
  * http://www.eclipse.org/legal/epl-v10.html
  *
  * Contributors:
  *     Gunnar Wagenknecht - initial API and implementation
  */
 package org.eclipse.equinox.console.internal.ssh;

 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.security.PublicKey;
 import java.security.interfaces.DSAPublicKey;
 import java.security.interfaces.RSAPublicKey;

 import org.apache.sshd.server.PublickeyAuthenticator;
 import org.apache.sshd.server.session.ServerSession;

 /**
  * {@link PublickeyAuthenticator} which authenticates using a specified
  * {@link #setAuthorizedKeysFile(String) authorized_keys} file.
  */
 public class AuthorizedKeysFileAuthenticator implements PublickeyAuthenticator {
 	private String authorizedKeysFile;

 	public String getAuthorizedKeysFile() {
 		return authorizedKeysFile;
 	}

 	public void setAuthorizedKeysFile(String authorizedKeysFile) {
 		this.authorizedKeysFile = authorizedKeysFile;
 	}

 	@Override
 	public boolean authenticate(String username, PublicKey key, ServerSession session) {
 		String authorizedKeysFile = getAuthorizedKeysFile();
 		if(null == authorizedKeysFile) {
 			// TODO should use better logging than System.err?
 			System.err.println("No authorized_keys file configured!");
 			return false;
 		}
 		try {
 			// dynamically read key file at each login attempt
 			AuthorizedKeys keys = new AuthorizedKeys(authorizedKeysFile);
 			for (PublicKey authorizedKey : keys.getKeys()) {
 				if (isSameKey(authorizedKey, key)) {
 					return true;
 				}
 			}
 		} catch (FileNotFoundException e) {
 			// TODO should use better logging than System.err?
 			System.err.println("Configured authorized_keys file not found! " + e.getMessage());
 		} catch (IOException e) {
 			// TODO should use better logging than System.err?
 			System.err.println("Please check authorized_keys file! " + e.getMessage());
 		}
 		return false;
 	}

 	private boolean isSameKey(PublicKey k1, PublicKey k2) throws IOException {
 		if ((k1 instanceof DSAPublicKey) && (k2 instanceof DSAPublicKey)) {
 			return isSameDSAKey((DSAPublicKey) k1, (DSAPublicKey) k2);
 		} else if ((k1 instanceof RSAPublicKey) && (k2 instanceof RSAPublicKey)) {
 			return isSameRSAKey((RSAPublicKey) k1, (RSAPublicKey) k2);
 		} else {
 			throw new IOException("Unsupported key types detected!");
 		}
 	}

 	private boolean isSameRSAKey(RSAPublicKey k1, RSAPublicKey k2) {
 		return k1.getPublicExponent().equals(k2.getPublicExponent()) && k1.getModulus().equals(k2.getModulus());
 	}

 	private boolean isSameDSAKey(DSAPublicKey k1, DSAPublicKey k2) {
 		return k1.getY().equals(k2.getY()) && k1.getParams().getG().equals(k2.getParams().getG()) && k1.getParams().getP().equals(k2.getParams().getP()) && k1.getParams().getQ().equals(k2.getParams().getQ());
 	}
 }
	/**
	* Copyright (c) 2012, 2017 Gunnar Wagenknecht and others.
	* All rights reserved.
	*
	* This program and the accompanying materials are made available under the terms of the
	* Eclipse Public License v1.0 which accompanies this distribution, and is available at
	* http://www.eclipse.org/legal/epl-v10.html
	*
	* Contributors:
	* Gunnar Wagenknecht - initial API and implementation
	*/
	package org.eclipse.equinox.console.internal.ssh;

	import java.io.FileNotFoundException;
	import java.io.IOException;
	import java.security.PublicKey;
	import java.security.interfaces.DSAPublicKey;
	import java.security.interfaces.RSAPublicKey;

	import org.apache.sshd.server.PublickeyAuthenticator;
	import org.apache.sshd.server.session.ServerSession;

	/**
	* {@link PublickeyAuthenticator} which authenticates using a specified
	* {@link #setAuthorizedKeysFile(String) authorized_keys} file.
	*/
	public class AuthorizedKeysFileAuthenticator implements PublickeyAuthenticator {
	private String authorizedKeysFile;

	public String getAuthorizedKeysFile() {
	return authorizedKeysFile;
	}

	public void setAuthorizedKeysFile(String authorizedKeysFile) {
	this.authorizedKeysFile = authorizedKeysFile;
	}

	@Override
	public boolean authenticate(String username, PublicKey key, ServerSession session) {
	String authorizedKeysFile = getAuthorizedKeysFile();
	if(null == authorizedKeysFile) {
	// TODO should use better logging than System.err?
	System.err.println("No authorized_keys file configured!");
	return false;
	}
	try {
	// dynamically read key file at each login attempt
	AuthorizedKeys keys = new AuthorizedKeys(authorizedKeysFile);
	for (PublicKey authorizedKey : keys.getKeys()) {
	if (isSameKey(authorizedKey, key)) {
	return true;
	}
	}
	} catch (FileNotFoundException e) {
	// TODO should use better logging than System.err?
	System.err.println("Configured authorized_keys file not found! " + e.getMessage());
	} catch (IOException e) {
	// TODO should use better logging than System.err?
	System.err.println("Please check authorized_keys file! " + e.getMessage());
	}
	return false;
	}

	private boolean isSameKey(PublicKey k1, PublicKey k2) throws IOException {
	if ((k1 instanceof DSAPublicKey) && (k2 instanceof DSAPublicKey)) {
	return isSameDSAKey((DSAPublicKey) k1, (DSAPublicKey) k2);
	} else if ((k1 instanceof RSAPublicKey) && (k2 instanceof RSAPublicKey)) {
	return isSameRSAKey((RSAPublicKey) k1, (RSAPublicKey) k2);
	} else {
	throw new IOException("Unsupported key types detected!");
	}
	}

	private boolean isSameRSAKey(RSAPublicKey k1, RSAPublicKey k2) {
	return k1.getPublicExponent().equals(k2.getPublicExponent()) && k1.getModulus().equals(k2.getModulus());
	}

	private boolean isSameDSAKey(DSAPublicKey k1, DSAPublicKey k2) {
	return k1.getY().equals(k2.getY()) && k1.getParams().getG().equals(k2.getParams().getG()) && k1.getParams().getP().equals(k2.getParams().getP()) && k1.getParams().getQ().equals(k2.getParams().getQ());
	}
	}