view src/ch/ethz/ssh2/ServerAuthenticationCallback.java @ 322:a713e91c59c8 ganymed

add ecdsa key support everywhere
author Carl Byington <carl@five-ten-sg.com>
date Thu, 31 Jul 2014 09:03:50 -0700
parents 071eccdff8ea
children
line wrap: on
line source

/*
 * Copyright (c) 2012-2013 Christian Plattner. All rights reserved.
 * Please refer to the LICENSE.txt for licensing details.
 */

package ch.ethz.ssh2;

/**
 * A callback used during the authentication phase (see RFC 4252) when
 * implementing a SSH server.
 *
 * @author Christian Plattner
 * @version 2.50, 03/15/10
 */
public interface ServerAuthenticationCallback {
    /**
     * The method name for host-based authentication.
     */
    public final String METHOD_HOSTBASED = "hostbased";

    /**
     * The method name for public-key authentication.
     */
    public final String METHOD_PUBLICKEY = "publickey";

    /**
     * The method name for password authentication.
     */
    public final String METHOD_PASSWORD = "password";

    /**
     * Called when the client enters authentication.
     * This gives you the chance to set a custom authentication banner
     * for this SSH-2 session. This is the first method called in this interface.
     * It will only called at most once per <code>ServerConnection</code>.
     *
     * @param sc The corresponding <code>ServerConnection</code>
     * @return The authentication banner or <code>NULL</code> in case no banner should be send.
     */
    public String initAuthentication(ServerConnection sc);

    /**
     * Return the authentication methods that are currently available to the client.
     * Be prepared to return this information at any time during the authentication procedure.
     * <p/>
     * The returned name-list of 'method names' (see RFC4252) indicate the authentication methods
     * that may productively continue the authentication dialog.
     * </p>
     * It is RECOMMENDED that servers only include those 'method name'
     * values in the name-list that are actually useful.  However, it is not
     * illegal to include 'method name' values that cannot be used to
     * authenticate the user.
     * <p/>
     * Already successfully completed authentications SHOULD NOT be included
     * in the name-list, unless they should be performed again for some reason.
     *
     * @see #METHOD_HOSTBASED
     * @see #METHOD_PASSWORD
     * @see #METHOD_PUBLICKEY
     *
     * @param sc
     * @return A list of method names.
     */
    public String[] getRemainingAuthMethods(ServerConnection sc);

    /**
     * Typically, this will be called be the client to get the list of
     * authentication methods that can continue. You should simply return
     * {@link AuthenticationResult#FAILURE}.
     *
     * @param sc
     * @param username Name of the user that wants to log in with the "none" method.
     * @return
     */
    public AuthenticationResult authenticateWithNone(ServerConnection sc, String username);

    public AuthenticationResult authenticateWithPassword(ServerConnection sc, String username, String password);

    /**
     * NOTE: Not implemented yet.
     *
     * @param sc
     * @param username
     * @param algorithm
     * @param publickey
     * @param signature
     * @return
     */
    public AuthenticationResult authenticateWithPublicKey(ServerConnection sc, String username, String algorithm,
            byte[] publickey, byte[] signature);
}