Mercurial > 510Connectbot
view src/com/five_ten_sg/connectbot/transport/SSH.java @ 317:cdb3c9215a9b ganymed
add ecdsa key support everywhere
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Wed, 30 Jul 2014 17:01:21 -0700 |
parents | 4c3a4e88c027 |
children | 5351641c8a46 |
line wrap: on
line source
/* * ConnectBot: simple, powerful, open-source SSH client for Android * Copyright 2007 Kenny Root, Jeffrey Sharkey * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.five_ten_sg.connectbot.transport; import java.io.File; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.net.InetAddress; import java.net.InetSocketAddress; import java.net.URL; import java.net.MalformedURLException; import java.security.KeyPair; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.PublicKey; import java.security.interfaces.DSAPrivateKey; import java.security.interfaces.DSAPublicKey; import java.security.interfaces.ECPrivateKey; import java.security.interfaces.ECPublicKey; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; import java.security.spec.InvalidKeySpecException; import java.util.Arrays; import java.util.HashMap; import java.util.LinkedList; import java.util.List; import java.util.Locale; import java.util.Map; import java.util.Map.Entry; import java.util.regex.Matcher; import java.util.regex.Pattern; import com.five_ten_sg.connectbot.R; import com.five_ten_sg.connectbot.bean.HostBean; import com.five_ten_sg.connectbot.bean.PortForwardBean; import com.five_ten_sg.connectbot.bean.PubkeyBean; import com.five_ten_sg.connectbot.service.TerminalBridge; import com.five_ten_sg.connectbot.service.TerminalManager; import com.five_ten_sg.connectbot.service.TerminalManager.KeyHolder; import com.five_ten_sg.connectbot.util.HostDatabase; import com.five_ten_sg.connectbot.util.PubkeyDatabase; import com.five_ten_sg.connectbot.util.PubkeyUtils; import android.content.Context; import android.net.Uri; import android.os.Environment; import android.util.Log; import ch.ethz.ssh2.AuthAgentCallback; import ch.ethz.ssh2.ChannelCondition; import ch.ethz.ssh2.Connection; import ch.ethz.ssh2.ConnectionInfo; import ch.ethz.ssh2.ConnectionMonitor; import ch.ethz.ssh2.DynamicPortForwarder; import ch.ethz.ssh2.InteractiveCallback; import ch.ethz.ssh2.KnownHosts; import ch.ethz.ssh2.LocalPortForwarder; import ch.ethz.ssh2.SCPClient; import ch.ethz.ssh2.ServerHostKeyVerifier; import ch.ethz.ssh2.Session; import ch.ethz.ssh2.HTTPProxyData; import ch.ethz.ssh2.HTTPProxyException; import ch.ethz.ssh2.crypto.PEMDecoder; import ch.ethz.ssh2.signature.DSASHA1Verify; import ch.ethz.ssh2.signature.ECDSASHA2Verify; import ch.ethz.ssh2.signature.RSASHA1Verify; /** * @author Kenny Root * */ public class SSH extends AbsTransport implements ConnectionMonitor, InteractiveCallback, AuthAgentCallback { private static final String PROTOCOL = "ssh"; private static final String TAG = "ConnectBot.SSH"; private static final int DEFAULT_PORT = 22; private static final String AUTH_PUBLICKEY = "publickey", AUTH_PASSWORD = "password", AUTH_KEYBOARDINTERACTIVE = "keyboard-interactive"; private final static int AUTH_TRIES = 20; static final Pattern hostmask; static { hostmask = Pattern.compile("^(.+)@([0-9a-z.-]+)(:(\\d+))?$", Pattern.CASE_INSENSITIVE); } private boolean compression = false; private String httpproxy = null; private volatile boolean authenticated = false; private volatile boolean connected = false; private volatile boolean sessionOpen = false; private boolean pubkeysExhausted = false; private boolean interactiveCanContinue = true; private Connection connection; private Session session; private ConnectionInfo connectionInfo; private OutputStream stdin; private InputStream stdout; private InputStream stderr; private static final int conditions = ChannelCondition.STDOUT_DATA | ChannelCondition.STDERR_DATA | ChannelCondition.CLOSED | ChannelCondition.EOF; private List<PortForwardBean> portForwards = new LinkedList<PortForwardBean>(); private int columns; private int rows; private int width; private int height; private String useAuthAgent = HostDatabase.AUTHAGENT_NO; private String agentLockPassphrase; public class HostKeyVerifier implements ServerHostKeyVerifier { public boolean verifyServerHostKey(String hostname, int port, String serverHostKeyAlgorithm, byte[] serverHostKey) throws IOException { // read in all known hosts from hostdb KnownHosts hosts = manager.hostdb.getKnownHosts(); Boolean result; String matchName = String.format(Locale.US, "%s:%d", hostname, port); String fingerprint = KnownHosts.createHexFingerprint(serverHostKeyAlgorithm, serverHostKey); String algorithmName; if ("ssh-rsa".equals(serverHostKeyAlgorithm)) algorithmName = "RSA"; else if ("ssh-dss".equals(serverHostKeyAlgorithm)) algorithmName = "DSA"; else if (serverHostKeyAlgorithm.startsWith("ecdsa-sha2-")) algorithmName = "EC"; else algorithmName = serverHostKeyAlgorithm; switch (hosts.verifyHostkey(matchName, serverHostKeyAlgorithm, serverHostKey)) { case KnownHosts.HOSTKEY_IS_OK: bridge.outputLine(manager.res.getString(R.string.terminal_sucess, algorithmName, fingerprint)); return true; case KnownHosts.HOSTKEY_IS_NEW: // prompt user bridge.outputLine(manager.res.getString(R.string.host_authenticity_warning, hostname)); bridge.outputLine(manager.res.getString(R.string.host_fingerprint, algorithmName, fingerprint)); result = bridge.promptHelper.requestBooleanPrompt(null, manager.res.getString(R.string.prompt_continue_connecting)); if (result == null) return false; if (result.booleanValue()) { // save this key in known database manager.hostdb.saveKnownHost(hostname, port, serverHostKeyAlgorithm, serverHostKey); } return result.booleanValue(); case KnownHosts.HOSTKEY_HAS_CHANGED: String header = String.format("@ %s @", manager.res.getString(R.string.host_verification_failure_warning_header)); char[] atsigns = new char[header.length()]; Arrays.fill(atsigns, '@'); String border = new String(atsigns); bridge.outputLine(border); bridge.outputLine(manager.res.getString(R.string.host_verification_failure_warning)); bridge.outputLine(border); bridge.outputLine(String.format(manager.res.getString(R.string.host_fingerprint), algorithmName, fingerprint)); // Users have no way to delete keys, so we'll prompt them for now. result = bridge.promptHelper.requestBooleanPrompt(null, manager.res.getString(R.string.prompt_continue_connecting)); if (result == null) return false; if (result.booleanValue()) { // save this key in known database manager.hostdb.saveKnownHost(hostname, port, serverHostKeyAlgorithm, serverHostKey); } return result.booleanValue(); default: return false; } } } public SSH() { super(); } /** * @return protocol part of the URI */ public static String getProtocolName() { return PROTOCOL; } public Uri getUri(String input) { Matcher matcher = hostmask.matcher(input); if (!matcher.matches()) return null; StringBuilder sb = new StringBuilder(); sb.append(PROTOCOL) .append("://") .append(Uri.encode(matcher.group(1))) .append('@') .append(matcher.group(2)); String portString = matcher.group(4); int port = DEFAULT_PORT; if (portString != null) { try { port = Integer.parseInt(portString); if (port < 1 || port > 65535) { port = DEFAULT_PORT; } } catch (NumberFormatException nfe) { // Keep the default port } } if (port != DEFAULT_PORT) { sb.append(':') .append(port); } sb.append("/#") .append(Uri.encode(input)); Uri uri = Uri.parse(sb.toString()); return uri; } private void authenticate() { try { if (connection.authenticateWithNone(host.getUsername())) { finishConnection(); return; } } catch (Exception e) { Log.d(TAG, "Host does not support 'none' authentication."); } bridge.outputLine(manager.res.getString(R.string.terminal_auth)); try { long pubkeyId = host.getPubkeyId(); if (!pubkeysExhausted && pubkeyId != HostDatabase.PUBKEYID_NEVER && connection.isAuthMethodAvailable(host.getUsername(), AUTH_PUBLICKEY)) { // if explicit pubkey defined for this host, then prompt for password as needed // otherwise just try all in-memory keys held in terminalmanager if (pubkeyId == HostDatabase.PUBKEYID_ANY) { // try each of the in-memory keys bridge.outputLine(manager.res .getString(R.string.terminal_auth_pubkey_any)); for (Entry<String, KeyHolder> entry : manager.loadedKeypairs.entrySet()) { if (entry.getValue().bean.isConfirmUse() && !promptForPubkeyUse(entry.getKey())) continue; if (this.tryPublicKey(host.getUsername(), entry.getKey(), entry.getValue().pair)) { finishConnection(); break; } } } else { bridge.outputLine(manager.res.getString(R.string.terminal_auth_pubkey_specific)); // use a specific key for this host, as requested PubkeyBean pubkey = manager.pubkeydb.findPubkeyById(pubkeyId); if (pubkey == null) bridge.outputLine(manager.res.getString(R.string.terminal_auth_pubkey_invalid)); else if (tryPublicKey(pubkey)) finishConnection(); } pubkeysExhausted = true; } else if (interactiveCanContinue && connection.isAuthMethodAvailable(host.getUsername(), AUTH_KEYBOARDINTERACTIVE)) { // this auth method will talk with us using InteractiveCallback interface // it blocks until authentication finishes bridge.outputLine(manager.res.getString(R.string.terminal_auth_ki)); interactiveCanContinue = false; if (connection.authenticateWithKeyboardInteractive(host.getUsername(), this)) { finishConnection(); } else { bridge.outputLine(manager.res.getString(R.string.terminal_auth_ki_fail)); } } else if (connection.isAuthMethodAvailable(host.getUsername(), AUTH_PASSWORD)) { bridge.outputLine(manager.res.getString(R.string.terminal_auth_pass)); String password = bridge.getPromptHelper().requestPasswordPrompt(null, manager.res.getString(R.string.prompt_password)); if (password != null && connection.authenticateWithPassword(host.getUsername(), password)) { finishConnection(); } else { bridge.outputLine(manager.res.getString(R.string.terminal_auth_pass_fail)); } } else { bridge.outputLine(manager.res.getString(R.string.terminal_auth_fail)); } } catch (IllegalStateException e) { Log.e(TAG, "Connection went away while we were trying to authenticate", e); return; } catch (Exception e) { Log.e(TAG, "Problem during handleAuthentication()", e); } } /** * Attempt connection with database row pointed to by cursor. * @param cursor * @return true for successful authentication * @throws NoSuchAlgorithmException * @throws InvalidKeySpecException * @throws IOException */ private boolean tryPublicKey(PubkeyBean pubkey) throws NoSuchAlgorithmException, InvalidKeySpecException, IOException { KeyPair pair = null; if (manager.isKeyLoaded(pubkey.getNickname())) { // load this key from memory if its already there Log.d(TAG, String.format("Found unlocked key '%s' already in-memory", pubkey.getNickname())); if (pubkey.isConfirmUse()) { if (!promptForPubkeyUse(pubkey.getNickname())) return false; } pair = manager.getKey(pubkey.getNickname()); } else { // otherwise load key from database and prompt for password as needed String password = null; if (pubkey.isEncrypted()) { password = bridge.getPromptHelper().requestPasswordPrompt(null, manager.res.getString(R.string.prompt_pubkey_password, pubkey.getNickname())); // Something must have interrupted the prompt. if (password == null) return false; } if (PubkeyDatabase.KEY_TYPE_IMPORTED.equals(pubkey.getType())) { // load specific key using pem format pair = PEMDecoder.decode(new String(pubkey.getPrivateKey()).toCharArray(), password); } else { // load using internal generated format PrivateKey privKey; try { privKey = PubkeyUtils.decodePrivate(pubkey.getPrivateKey(), pubkey.getType(), password); } catch (Exception e) { String message = String.format("Bad password for key '%s'. Authentication failed.", pubkey.getNickname()); Log.e(TAG, message, e); bridge.outputLine(message); return false; } PublicKey pubKey = PubkeyUtils.decodePublic(pubkey.getPublicKey(), pubkey.getType()); // convert key to trilead format pair = new KeyPair(pubKey, privKey); Log.d(TAG, "Unlocked key " + PubkeyUtils.formatKey(pubKey)); } Log.d(TAG, String.format("Unlocked key '%s'", pubkey.getNickname())); // save this key in memory manager.addKey(pubkey, pair); } return tryPublicKey(host.getUsername(), pubkey.getNickname(), pair); } private boolean tryPublicKey(String username, String keyNickname, KeyPair pair) throws IOException { //bridge.outputLine(String.format("Attempting 'publickey' with key '%s' [%s]...", keyNickname, trileadKey.toString())); boolean success = connection.authenticateWithPublicKey(username, pair); if (!success) bridge.outputLine(manager.res.getString(R.string.terminal_auth_pubkey_fail, keyNickname)); return success; } /** * Internal method to request actual PTY terminal once we've finished * authentication. If called before authenticated, it will just fail. */ private void finishConnection() { authenticated = true; for (PortForwardBean portForward : portForwards) { try { enablePortForward(portForward); bridge.outputLine(manager.res.getString(R.string.terminal_enable_portfoward, portForward.getDescription())); } catch (Exception e) { Log.e(TAG, "Error setting up port forward during connect", e); } } if (!host.getWantSession()) { bridge.outputLine(manager.res.getString(R.string.terminal_no_session)); bridge.onConnected(); return; } try { session = connection.openSession(); if (!useAuthAgent.equals(HostDatabase.AUTHAGENT_NO)) session.requestAuthAgentForwarding(this); if (host.getWantX11Forward()) { try { session.requestX11Forwarding(host.getX11Host(), host.getX11Port(), null, false); } catch (IOException e2) { Log.e(TAG, "Problem while trying to setup X11 forwarding in finishConnection()", e2); } } session.requestPTY(getEmulation(), columns, rows, width, height, null); session.startShell(); stdin = session.getStdin(); stdout = session.getStdout(); stderr = session.getStderr(); sessionOpen = true; bridge.onConnected(); } catch (IOException e1) { Log.e(TAG, "Problem while trying to create PTY in finishConnection()", e1); } } @Override public void connect() { connection = new Connection(host.getHostname(), host.getPort()); connection.addConnectionMonitor(this); try { connection.setCompression(compression); } catch (IOException e) { Log.e(TAG, "Could not enable compression!", e); } if (httpproxy != null && httpproxy.length() > 0) { Log.d(TAG, "Want HTTP Proxy: " + httpproxy, null); try { URL u; if (httpproxy.startsWith("http://")) { u = new URL(httpproxy); } else { u = new URL("http://" + httpproxy); } connection.setProxyData(new HTTPProxyData( u.getHost(), u.getPort(), u.getUserInfo(), u.getAuthority())); bridge.outputLine("Connecting via proxy: " + httpproxy); } catch (MalformedURLException e) { Log.e(TAG, "Could not parse proxy " + httpproxy, e); // Display the reason in the text. bridge.outputLine("Bad proxy URL: " + httpproxy); onDisconnect(); return; } } try { /* Uncomment when debugging SSH protocol: DebugLogger logger = new DebugLogger() { public void log(int level, String className, String message) { Log.d("SSH", message); } }; Logger.enabled = true; Logger.logger = logger; */ connectionInfo = connection.connect(new HostKeyVerifier()); connected = true; if (connectionInfo.clientToServerCryptoAlgorithm .equals(connectionInfo.serverToClientCryptoAlgorithm) && connectionInfo.clientToServerMACAlgorithm .equals(connectionInfo.serverToClientMACAlgorithm)) { bridge.outputLine(manager.res.getString(R.string.terminal_using_algorithm, connectionInfo.clientToServerCryptoAlgorithm, connectionInfo.clientToServerMACAlgorithm)); } else { bridge.outputLine(manager.res.getString( R.string.terminal_using_c2s_algorithm, connectionInfo.clientToServerCryptoAlgorithm, connectionInfo.clientToServerMACAlgorithm)); bridge.outputLine(manager.res.getString( R.string.terminal_using_s2c_algorithm, connectionInfo.serverToClientCryptoAlgorithm, connectionInfo.serverToClientMACAlgorithm)); } } catch (HTTPProxyException e) { Log.e(TAG, "Failed to connect to HTTP Proxy", e); // Display the reason in the text. bridge.outputLine("Failed to connect to HTTP Proxy."); onDisconnect(); return; } catch (IOException e) { Log.e(TAG, "Problem in SSH connection thread during authentication", e); // Display the reason in the text. bridge.outputLine(e.getCause().getMessage()); onDisconnect(); return; } try { // enter a loop to keep trying until authentication int tries = 0; while (connected && !connection.isAuthenticationComplete() && tries++ < AUTH_TRIES) { authenticate(); // sleep to make sure we dont kill system Thread.sleep(1000); } } catch (Exception e) { Log.e(TAG, "Problem in SSH connection thread during authentication", e); } } @Override public boolean willBlock() { if (stdout == null) return true; try { return stdout.available() == 0; } catch (Exception e) { return true; } } @Override public int read(byte[] buffer, int start, int len) throws IOException { int bytesRead = 0; if (session == null) return 0; int newConditions = session.waitForCondition(conditions, 0); if ((newConditions & ChannelCondition.STDOUT_DATA) != 0) { bytesRead = stdout.read(buffer, start, len); } if ((newConditions & ChannelCondition.STDERR_DATA) != 0) { byte discard[] = new byte[256]; while (stderr.available() > 0) { stderr.read(discard); } } if ((newConditions & ChannelCondition.EOF) != 0) { onDisconnect(); throw new IOException("Remote end closed connection"); } return bytesRead; } @Override public void write(byte[] buffer) throws IOException { if (stdin != null) stdin.write(buffer); } @Override public void write(int c) throws IOException { if (stdin != null) stdin.write(c); } @Override public void flush() throws IOException { if (stdin != null) stdin.flush(); } public void connectionLost(Throwable reason) { onDisconnect(); } private void onDisconnect() { close(); bridge.dispatchDisconnect(false); } @Override public void close() { connected = false; if (session != null) { session.close(); session = null; } if (connection != null) { connection.close(); connection = null; } } @Override public void setDimensions(int columns, int rows, int width, int height) { this.columns = columns; this.rows = rows; if (sessionOpen) { try { session.resizePTY(columns, rows, width, height); } catch (IOException e) { Log.e(TAG, "Couldn't send resize PTY packet", e); } } } @Override public void setOptions(Map<String, String> options) { if (options.containsKey("compression")) compression = Boolean.parseBoolean(options.get("compression")); if (options.containsKey("httpproxy")) httpproxy = options.get("httpproxy"); } @Override public Map<String, String> getOptions() { Map<String, String> options = new HashMap<String, String>(); options.put("compression", Boolean.toString(compression)); if (httpproxy != null) options.put("httpproxy", httpproxy); return options; } @Override public void setCompression(boolean compression) { this.compression = compression; } @Override public void setHttpproxy(String httpproxy) { this.httpproxy = httpproxy; } @Override public void setUseAuthAgent(String useAuthAgent) { this.useAuthAgent = useAuthAgent; } @Override public boolean canForwardPorts() { return true; } @Override public List<PortForwardBean> getPortForwards() { return portForwards; } @Override public boolean addPortForward(PortForwardBean portForward) { return portForwards.add(portForward); } @Override public boolean removePortForward(PortForwardBean portForward) { // Make sure we don't have a phantom forwarder. disablePortForward(portForward); return portForwards.remove(portForward); } @Override public boolean enablePortForward(PortForwardBean portForward) { if (!portForwards.contains(portForward)) { Log.e(TAG, "Attempt to enable port forward not in list"); return false; } if (!authenticated) return false; if (HostDatabase.PORTFORWARD_LOCAL.equals(portForward.getType())) { LocalPortForwarder lpf = null; try { lpf = connection.createLocalPortForwarder( new InetSocketAddress(InetAddress.getLocalHost(), portForward.getSourcePort()), portForward.getDestAddr(), portForward.getDestPort()); } catch (Exception e) { Log.e(TAG, "Could not create local port forward", e); return false; } if (lpf == null) { Log.e(TAG, "returned LocalPortForwarder object is null"); return false; } portForward.setIdentifier(lpf); portForward.setEnabled(true); return true; } else if (HostDatabase.PORTFORWARD_REMOTE.equals(portForward.getType())) { try { connection.requestRemotePortForwarding("", portForward.getSourcePort(), portForward.getDestAddr(), portForward.getDestPort()); } catch (Exception e) { Log.e(TAG, "Could not create remote port forward", e); return false; } portForward.setEnabled(true); return true; } else if (HostDatabase.PORTFORWARD_DYNAMIC5.equals(portForward.getType())) { DynamicPortForwarder dpf = null; try { dpf = connection.createDynamicPortForwarder( new InetSocketAddress(InetAddress.getLocalHost(), portForward.getSourcePort())); } catch (Exception e) { Log.e(TAG, "Could not create dynamic port forward", e); return false; } portForward.setIdentifier(dpf); portForward.setEnabled(true); return true; } else { // Unsupported type Log.e(TAG, String.format("attempt to forward unknown type %s", portForward.getType())); return false; } } @Override public boolean disablePortForward(PortForwardBean portForward) { if (!portForwards.contains(portForward)) { Log.e(TAG, "Attempt to disable port forward not in list"); return false; } if (!authenticated) return false; if (HostDatabase.PORTFORWARD_LOCAL.equals(portForward.getType())) { LocalPortForwarder lpf = null; lpf = (LocalPortForwarder)portForward.getIdentifier(); if (!portForward.isEnabled() || lpf == null) { Log.d(TAG, String.format("Could not disable %s; it appears to be not enabled or have no handler", portForward.getNickname())); return false; } portForward.setEnabled(false); try { lpf.close(); } catch (IOException e) { Log.e(TAG, "Could not stop local port forwarder, setting enabled to false", e); return false; } return true; } else if (HostDatabase.PORTFORWARD_REMOTE.equals(portForward.getType())) { portForward.setEnabled(false); try { connection.cancelRemotePortForwarding(portForward.getSourcePort()); } catch (IOException e) { Log.e(TAG, "Could not stop remote port forwarding, setting enabled to false", e); return false; } return true; } else if (HostDatabase.PORTFORWARD_DYNAMIC5.equals(portForward.getType())) { DynamicPortForwarder dpf = null; dpf = (DynamicPortForwarder)portForward.getIdentifier(); if (!portForward.isEnabled() || dpf == null) { Log.d(TAG, String.format("Could not disable %s; it appears to be not enabled or have no handler", portForward.getNickname())); return false; } portForward.setEnabled(false); try { dpf.close(); } catch (IOException e) { Log.e(TAG, "Could not stop dynamic port forwarder, setting enabled to false", e); return false; } return true; } else { // Unsupported type Log.e(TAG, String.format("attempt to forward unknown type %s", portForward.getType())); return false; } } @Override public boolean canTransferFiles() { return true; } @Override public boolean downloadFile(String remoteFile, String localFolder) { try { SCPClient client = new SCPClient(connection); if (localFolder == null || localFolder == "") localFolder = Environment.getExternalStorageDirectory().getAbsolutePath(); File dir = new File(localFolder); dir.mkdirs(); client.get(remoteFile, localFolder); return true; } catch (IOException e) { Log.e(TAG, "Could not download remote file", e); return false; } } @Override public boolean uploadFile(String localFile, String remoteFile, String remoteFolder, String mode) { try { SCPClient client = new SCPClient(connection); if (remoteFolder == null) remoteFolder = ""; if (remoteFile == null || remoteFile == "") client.put(localFile, remoteFolder, mode); else client.put(localFile, remoteFile, remoteFolder, mode); return true; } catch (IOException e) { Log.e(TAG, "Could not upload local file", e); return false; } } @Override public int getDefaultPort() { return DEFAULT_PORT; } @Override public boolean isConnected() { return connected; } @Override public boolean isSessionOpen() { return sessionOpen; } @Override public boolean isAuthenticated() { return authenticated; } @Override public String getDefaultNickname(String username, String hostname, int port) { if (port == DEFAULT_PORT) { return String.format(Locale.US, "%s@%s", username, hostname); } else { return String.format(Locale.US, "%s@%s:%d", username, hostname, port); } } @Override public void getSelectionArgs(Uri uri, Map<String, String> selection) { selection.put(HostDatabase.FIELD_HOST_PROTOCOL, PROTOCOL); selection.put(HostDatabase.FIELD_HOST_NICKNAME, uri.getFragment()); selection.put(HostDatabase.FIELD_HOST_HOSTNAME, uri.getHost()); int port = uri.getPort(); if (port < 0) port = DEFAULT_PORT; selection.put(HostDatabase.FIELD_HOST_PORT, Integer.toString(port)); selection.put(HostDatabase.FIELD_HOST_USERNAME, uri.getUserInfo()); } @Override public HostBean createHost(Uri uri) { HostBean host = new HostBean(); host.setProtocol(PROTOCOL); host.setHostname(uri.getHost()); int port = uri.getPort(); if (port < 0) port = DEFAULT_PORT; host.setPort(port); host.setUsername(uri.getUserInfo()); String nickname = uri.getFragment(); if (nickname == null || nickname.length() == 0) { host.setNickname(getDefaultNickname(host.getUsername(), host.getHostname(), host.getPort())); } else { host.setNickname(uri.getFragment()); } return host; } public String getFormatHint(Context context) { return String.format("%s@%s:%s", context.getString(R.string.format_username), context.getString(R.string.format_hostname), context.getString(R.string.format_port)); } /** * @return do we use the network */ @Override public boolean usesNetwork() { return true; } /** * Handle challenges from keyboard-interactive authentication mode. */ public String[] replyToChallenge(String name, String instruction, int numPrompts, String[] prompt, boolean[] echo) { interactiveCanContinue = true; String[] responses = new String[numPrompts]; for (int i = 0; i < numPrompts; i++) { // request response from user for each prompt responses[i] = bridge.promptHelper.requestPasswordPrompt(instruction, prompt[i]); } return responses; } public Map<String, byte[]> retrieveIdentities() { Map<String, byte[]> pubKeys = new HashMap<String, byte[]> (manager.loadedKeypairs.size()); for (Entry<String, KeyHolder> entry : manager.loadedKeypairs.entrySet()) { KeyPair pair = entry.getValue().pair; try { PrivateKey privKey = pair.getPrivate(); if (privKey instanceof RSAPrivateKey) { RSAPublicKey pubkey = (RSAPublicKey) pair.getPublic(); pubKeys.put(entry.getKey(), RSASHA1Verify.encodeSSHRSAPublicKey(pubkey)); } else if (privKey instanceof DSAPrivateKey) { DSAPublicKey pubkey = (DSAPublicKey) pair.getPublic(); pubKeys.put(entry.getKey(), DSASHA1Verify.encodeSSHDSAPublicKey(pubkey)); } else if (privKey instanceof ECPrivateKey) { ECPublicKey pubkey = (ECPublicKey) pair.getPublic(); pubKeys.put(entry.getKey(), ECDSASHA2Verify.encodeSSHECDSAPublicKey(pubkey)); } else continue; } catch (IOException e) { continue; } } return pubKeys; } public KeyPair getKeyPair(byte[] publicKey) { String nickname = manager.getKeyNickname(publicKey); if (nickname == null) return null; if (useAuthAgent.equals(HostDatabase.AUTHAGENT_NO)) { Log.e(TAG, ""); return null; } else if (useAuthAgent.equals(HostDatabase.AUTHAGENT_CONFIRM) || manager.loadedKeypairs.get(nickname).bean.isConfirmUse()) { if (!promptForPubkeyUse(nickname)) return null; } return manager.getKey(nickname); } private boolean promptForPubkeyUse(String nickname) { Boolean result = bridge.promptHelper.requestBooleanPrompt(null, manager.res.getString(R.string.prompt_allow_agent_to_use_key, nickname)); return result; } public boolean addIdentity(KeyPair pair, String comment, boolean confirmUse, int lifetime) { PubkeyBean pubkey = new PubkeyBean(); // pubkey.setType(PubkeyDatabase.KEY_TYPE_IMPORTED); pubkey.setNickname(comment); pubkey.setConfirmUse(confirmUse); pubkey.setLifetime(lifetime); manager.addKey(pubkey, pair); return true; } public boolean removeAllIdentities() { manager.loadedKeypairs.clear(); return true; } public boolean removeIdentity(byte[] publicKey) { return manager.removeKey(publicKey); } public boolean isAgentLocked() { return agentLockPassphrase != null; } public boolean requestAgentUnlock(String unlockPassphrase) { if (agentLockPassphrase == null) return false; if (agentLockPassphrase.equals(unlockPassphrase)) agentLockPassphrase = null; return agentLockPassphrase == null; } public boolean setAgentLock(String lockPassphrase) { if (agentLockPassphrase != null) return false; agentLockPassphrase = lockPassphrase; return true; } }