diff src/ch/ethz/ssh2/auth/AuthenticationManager.java @ 308:42b15aaa7ac7 ganymed

merge
author Carl Byington <carl@five-ten-sg.com>
date Wed, 30 Jul 2014 14:21:50 -0700
parents 071eccdff8ea
children 5afb8c1a54b9
line wrap: on
line diff
--- a/src/ch/ethz/ssh2/auth/AuthenticationManager.java	Wed Jul 30 13:38:04 2014 -0700
+++ b/src/ch/ethz/ssh2/auth/AuthenticationManager.java	Wed Jul 30 14:21:50 2014 -0700
@@ -49,14 +49,14 @@
     private ClientTransportManager tm;
 
     private final BlockingQueue<byte[]> packets
-            = new ArrayBlockingQueue<byte[]>(5);
+        = new ArrayBlockingQueue<byte[]>(5);
 
     private boolean connectionClosed = false;
 
     private String banner;
 
     private Set<String> remainingMethods
-            = new HashSet<String>();
+        = new HashSet<String>();
 
     private boolean isPartialSuccess = false;
 
@@ -68,22 +68,24 @@
     }
 
     private byte[] deQueue() throws IOException {
-        if(connectionClosed) {
+        if (connectionClosed) {
             throw tm.getReasonClosedCause();
         }
+
         // Wait for packet
         try {
             return packets.take();
         }
-        catch(InterruptedException e) {
+        catch (InterruptedException e) {
             throw new InterruptedIOException(e.getMessage());
         }
     }
 
     byte[] getNextMessage() throws IOException {
-        while(true) {
+        while (true) {
             byte[] message = deQueue();
-            switch(message[0]) {
+
+            switch (message[0]) {
                 case Packets.SSH_MSG_USERAUTH_BANNER:
                     // The server may send an SSH_MSG_USERAUTH_BANNER message at any
                     // time after this authentication protocol starts and before
@@ -91,6 +93,7 @@
                     PacketUserauthBanner sb = new PacketUserauthBanner(message);
                     banner = sb.getBanner();
                     break;
+
                 default:
                     return message;
             }
@@ -111,61 +114,63 @@
     }
 
     private boolean initialize(String user) throws IOException {
-        if(initDone == false) {
+        if (initDone == false) {
             tm.registerMessageHandler(this, 0, 255);
-
             PacketServiceRequest sr = new PacketServiceRequest("ssh-userauth");
             tm.sendMessage(sr.getPayload());
-
             final PacketServiceAccept accept = new PacketServiceAccept(this.getNextMessage());
-
             PacketUserauthRequestNone auth = new PacketUserauthRequestNone("ssh-connection", user);
             tm.sendMessage(auth.getPayload());
-
             byte[] message = this.getNextMessage();
             initDone = true;
-            switch(message[0]) {
+
+            switch (message[0]) {
                 case Packets.SSH_MSG_USERAUTH_SUCCESS:
                     authenticated = true;
                     tm.removeMessageHandler(this);
                     return true;
+
                 case Packets.SSH_MSG_USERAUTH_FAILURE:
                     PacketUserauthFailure puf = new PacketUserauthFailure(message);
                     remainingMethods = puf.getAuthThatCanContinue();
                     isPartialSuccess = puf.isPartialSuccess();
                     return false;
             }
+
             throw new PacketTypeException(message[0]);
         }
+
         return authenticated;
     }
 
     public boolean authenticatePublicKey(String user, AgentProxy proxy) throws IOException {
         initialize(user);
+        boolean success;
 
-        boolean success;
-        for(AgentIdentity identity : proxy.getIdentities()) {
+        for (AgentIdentity identity : proxy.getIdentities()) {
             success = authenticatePublicKey(user, identity);
-            if(success) {
+
+            if (success) {
                 return true;
             }
         }
+
         return false;
     }
 
     private boolean authenticatePublicKey(String user, AgentIdentity identity) throws IOException {
-        if(!remainingMethods.contains("publickey")) {
+        if (!remainingMethods.contains("publickey")) {
             throw new IOException("Authentication method not supported");
         }
 
         byte[] pubKeyBlob = identity.getPublicKeyBlob();
-        if(pubKeyBlob == null) {
+
+        if (pubKeyBlob == null) {
             return false;
         }
 
         TypesWriter tw = new TypesWriter();
         byte[] H = tm.getSessionIdentifier();
-
         tw.writeString(H, 0, H.length);
         tw.writeByte(Packets.SSH_MSG_USERAUTH_REQUEST);
         tw.writeString(user);
@@ -174,29 +179,27 @@
         tw.writeBoolean(true);
         tw.writeString(identity.getAlgName());
         tw.writeString(pubKeyBlob, 0, pubKeyBlob.length);
-
         byte[] msg = tw.getBytes();
         byte[] response = identity.sign(msg);
-
         PacketUserauthRequestPublicKey ua = new PacketUserauthRequestPublicKey(
-                "ssh-connection", user, identity.getAlgName(), pubKeyBlob, response);
+            "ssh-connection", user, identity.getAlgName(), pubKeyBlob, response);
         tm.sendMessage(ua.getPayload());
-
         byte[] message = getNextMessage();
         final int type = message[0];
-        switch(type) {
+
+        switch (type) {
             case Packets.SSH_MSG_USERAUTH_SUCCESS:
                 authenticated = true;
                 tm.removeMessageHandler(this);
                 return true;
+
             case Packets.SSH_MSG_USERAUTH_FAILURE:
                 PacketUserauthFailure puf = new PacketUserauthFailure(message);
-
                 remainingMethods = puf.getAuthThatCanContinue();
                 isPartialSuccess = puf.isPartialSuccess();
-
                 return false;
         }
+
         throw new PacketTypeException(type);
     }
 
@@ -209,22 +212,19 @@
     public boolean authenticatePublicKey(String user, KeyPair pair, SecureRandom rnd)
     throws IOException {
         PrivateKey key = pair.getPrivate();
+
         try {
             initialize(user);
 
-            if(!remainingMethods.contains("publickey")) {
+            if (!remainingMethods.contains("publickey")) {
                 throw new IOException("Authentication method publickey not supported by the server at this stage.");
             }
 
             if (key instanceof DSAPrivateKey) {
                 DSAPrivateKey pk = (DSAPrivateKey) key;
-
                 byte[] pk_enc = DSASHA1Verify.encodeSSHDSAPublicKey((DSAPublicKey) pair.getPublic());
-
                 TypesWriter tw = new TypesWriter();
-
                 byte[] H = tm.getSessionIdentifier();
-
                 tw.writeString(H, 0, H.length);
                 tw.writeByte(Packets.SSH_MSG_USERAUTH_REQUEST);
                 tw.writeString(user);
@@ -233,26 +233,19 @@
                 tw.writeBoolean(true);
                 tw.writeString("ssh-dss");
                 tw.writeString(pk_enc, 0, pk_enc.length);
-
                 byte[] msg = tw.getBytes();
-
                 byte[] ds = DSASHA1Verify.generateSignature(msg, pk, rnd);
-
                 byte[] ds_enc = DSASHA1Verify.encodeSSHDSASignature(ds);
-
                 PacketUserauthRequestPublicKey ua = new PacketUserauthRequestPublicKey("ssh-connection", user,
                         "ssh-dss", pk_enc, ds_enc);
                 tm.sendMessage(ua.getPayload());
             }
-            else if(key instanceof RSAPrivateKey) {
+            else if (key instanceof RSAPrivateKey) {
                 RSAPrivateKey pk = (RSAPrivateKey) key;
-
                 byte[] pk_enc = RSASHA1Verify.encodeSSHRSAPublicKey((RSAPublicKey) pair.getPublic());
-
                 TypesWriter tw = new TypesWriter();
                 {
                     byte[] H = tm.getSessionIdentifier();
-
                     tw.writeString(H, 0, H.length);
                     tw.writeByte(Packets.SSH_MSG_USERAUTH_REQUEST);
                     tw.writeString(user);
@@ -262,13 +255,9 @@
                     tw.writeString("ssh-rsa");
                     tw.writeString(pk_enc, 0, pk_enc.length);
                 }
-
                 byte[] msg = tw.getBytes();
-
                 byte[] ds = RSASHA1Verify.generateSignature(msg, pk);
-
                 byte[] rsa_sig_enc = RSASHA1Verify.encodeSSHRSASignature(ds);
-
                 PacketUserauthRequestPublicKey ua = new PacketUserauthRequestPublicKey("ssh-connection", user,
                         "ssh-rsa", pk_enc, rsa_sig_enc);
                 tm.sendMessage(ua.getPayload());
@@ -300,24 +289,26 @@
             else {
                 throw new IOException("Unknown private key type returned by the PEM decoder.");
             }
+
             byte[] message = getNextMessage();
             final int type = message[0];
-            switch(type) {
+
+            switch (type) {
                 case Packets.SSH_MSG_USERAUTH_SUCCESS:
                     authenticated = true;
                     tm.removeMessageHandler(this);
                     return true;
+
                 case Packets.SSH_MSG_USERAUTH_FAILURE:
                     PacketUserauthFailure puf = new PacketUserauthFailure(message);
-
                     remainingMethods = puf.getAuthThatCanContinue();
                     isPartialSuccess = puf.isPartialSuccess();
-
                     return false;
             }
+
             throw new PacketTypeException(type);
         }
-        catch(IOException e) {
+        catch (IOException e) {
             tm.close(e);
             throw e;
         }
@@ -328,7 +319,7 @@
             initialize(user);
             return authenticated;
         }
-        catch(IOException e) {
+        catch (IOException e) {
             tm.close(e);
             throw e;
         }
@@ -338,29 +329,31 @@
         try {
             initialize(user);
 
-            if(!remainingMethods.contains("password")) {
+            if (!remainingMethods.contains("password")) {
                 throw new IOException("Authentication method not supported");
             }
 
             PacketUserauthRequestPassword ua = new PacketUserauthRequestPassword("ssh-connection", user, pass);
             tm.sendMessage(ua.getPayload());
-
             byte[] message = getNextMessage();
             final int type = message[0];
-            switch(type) {
+
+            switch (type) {
                 case Packets.SSH_MSG_USERAUTH_SUCCESS:
                     authenticated = true;
                     tm.removeMessageHandler(this);
                     return true;
+
                 case Packets.SSH_MSG_USERAUTH_FAILURE:
                     PacketUserauthFailure puf = new PacketUserauthFailure(message);
                     remainingMethods = puf.getAuthThatCanContinue();
                     isPartialSuccess = puf.isPartialSuccess();
                     return false;
             }
+
             throw new PacketTypeException(type);
         }
-        catch(IOException e) {
+        catch (IOException e) {
             tm.close(e);
             throw e;
         }
@@ -370,49 +363,52 @@
         try {
             initialize(user);
 
-            if(!remainingMethods.contains("keyboard-interactive")) {
+            if (!remainingMethods.contains("keyboard-interactive")) {
                 throw new IOException(
-                        "Authentication method keyboard-interactive not supported by the server at this stage.");
+                    "Authentication method keyboard-interactive not supported by the server at this stage.");
             }
 
             PacketUserauthRequestInteractive ua = new PacketUserauthRequestInteractive("ssh-connection", user,
                     submethods);
-
             tm.sendMessage(ua.getPayload());
 
-            while(true) {
+            while (true) {
                 byte[] message = getNextMessage();
                 final int type = message[0];
-                switch(type) {
+
+                switch (type) {
                     case Packets.SSH_MSG_USERAUTH_SUCCESS:
                         authenticated = true;
                         tm.removeMessageHandler(this);
                         return true;
+
                     case Packets.SSH_MSG_USERAUTH_FAILURE:
                         PacketUserauthFailure puf = new PacketUserauthFailure(message);
-
                         remainingMethods = puf.getAuthThatCanContinue();
                         isPartialSuccess = puf.isPartialSuccess();
+                        return false;
 
-                        return false;
                     case Packets.SSH_MSG_USERAUTH_INFO_REQUEST:
                         PacketUserauthInfoRequest info = new PacketUserauthInfoRequest(message);
                         String[] responses;
+
                         try {
                             responses = cb.replyToChallenge(info.getName(), info.getInstruction(), info.getNumPrompts(),
-                                    info.getPrompt(), info.getEcho());
+                                                            info.getPrompt(), info.getEcho());
                         }
-                        catch(Exception e) {
+                        catch (Exception e) {
                             throw new IOException("Exception in callback.", e);
                         }
+
                         PacketUserauthInfoResponse puir = new PacketUserauthInfoResponse(responses);
                         tm.sendMessage(puir.getPayload());
                         continue;
                 }
+
                 throw new PacketTypeException(type);
             }
         }
-        catch(IOException e) {
+        catch (IOException e) {
             tm.close(e);
             throw e;
         }