| /* |
| * Copyright (C) 2019 Thomas Wolf <thomas.wolf@paranor.ch> and others |
| * |
| * This program and the accompanying materials are made available under the |
| * terms of the Eclipse Distribution License v. 1.0 which is available at |
| * https://www.eclipse.org/org/documents/edl-v10.php. |
| * |
| * SPDX-License-Identifier: BSD-3-Clause |
| */ |
| package org.eclipse.jgit.transport.sshd; |
| |
| import java.net.InetSocketAddress; |
| import java.security.PublicKey; |
| import java.util.List; |
| |
| import org.eclipse.jgit.annotations.NonNull; |
| import org.eclipse.jgit.transport.CredentialsProvider; |
| |
| /** |
| * An interface for a database of known server keys, supporting finding all |
| * known keys and also deciding whether a server key is to be accepted. |
| * <p> |
| * Connection addresses are given as strings of the format |
| * {@code [hostName]:port} if using a non-standard port (i.e., not port 22), |
| * otherwise just {@code hostname}. |
| * </p> |
| * |
| * @since 5.5 |
| */ |
| public interface ServerKeyDatabase { |
| |
| /** |
| * Retrieves all known and not revoked host keys for the given addresses. |
| * |
| * @param connectAddress |
| * IP address the session tried to connect to |
| * @param remoteAddress |
| * IP address as reported for the remote end point |
| * @param config |
| * giving access to potentially interesting configuration |
| * settings |
| * @return the list of known and not revoked keys for the given addresses |
| */ |
| @NonNull |
| List<PublicKey> lookup(@NonNull String connectAddress, |
| @NonNull InetSocketAddress remoteAddress, |
| @NonNull Configuration config); |
| |
| /** |
| * Determines whether to accept a received server host key. |
| * |
| * @param connectAddress |
| * IP address the session tried to connect to |
| * @param remoteAddress |
| * IP address as reported for the remote end point |
| * @param serverKey |
| * received from the remote end |
| * @param config |
| * giving access to potentially interesting configuration |
| * settings |
| * @param provider |
| * for interacting with the user, if required; may be |
| * {@code null} |
| * @return {@code true} if the serverKey is accepted, {@code false} |
| * otherwise |
| */ |
| boolean accept(@NonNull String connectAddress, |
| @NonNull InetSocketAddress remoteAddress, |
| @NonNull PublicKey serverKey, |
| @NonNull Configuration config, CredentialsProvider provider); |
| |
| /** |
| * A simple provider for ssh config settings related to host key checking. |
| * An instance is created by the JGit sshd framework and passed into |
| * {@link ServerKeyDatabase#lookup(String, InetSocketAddress, Configuration)} |
| * and |
| * {@link ServerKeyDatabase#accept(String, InetSocketAddress, PublicKey, Configuration, CredentialsProvider)}. |
| */ |
| interface Configuration { |
| |
| /** |
| * Retrieves the list of file names from the "UserKnownHostsFile" ssh |
| * config. |
| * |
| * @return the list as configured, with ~ already replaced |
| */ |
| List<String> getUserKnownHostsFiles(); |
| |
| /** |
| * Retrieves the list of file names from the "GlobalKnownHostsFile" ssh |
| * config. |
| * |
| * @return the list as configured, with ~ already replaced |
| */ |
| List<String> getGlobalKnownHostsFiles(); |
| |
| /** |
| * The possible values for the "StrictHostKeyChecking" ssh config. |
| */ |
| enum StrictHostKeyChecking { |
| /** |
| * "ask"; default: ask the user whether to accept (and store) a new |
| * or mismatched key. |
| */ |
| ASK, |
| /** |
| * "yes", "on": never accept new or mismatched keys. |
| */ |
| REQUIRE_MATCH, |
| /** |
| * "no", "off": always accept new or mismatched keys. |
| */ |
| ACCEPT_ANY, |
| /** |
| * "accept-new": accept new keys, but never accept modified keys. |
| */ |
| ACCEPT_NEW |
| } |
| |
| /** |
| * Obtains the value of the "StrictHostKeyChecking" ssh config. |
| * |
| * @return the {@link StrictHostKeyChecking} |
| */ |
| @NonNull |
| StrictHostKeyChecking getStrictHostKeyChecking(); |
| |
| /** |
| * Obtains the value of the "HashKnownHosts" ssh config. |
| * |
| * @return {@code true} if new entries should be stored with hashed host |
| * information, {@code false} otherwise |
| */ |
| boolean getHashKnownHosts(); |
| |
| /** |
| * Obtains the user name used in the connection attempt. |
| * |
| * @return the user name |
| */ |
| @NonNull |
| String getUsername(); |
| } |
| } |