Mercurial > 510Connectbot
changeset 285:486df527ddc5 ganymed
start conversion from trilead to ganymed
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Fri, 18 Jul 2014 18:33:40 -0700 |
parents | 4ec87de11e71 |
children | 4656869af8fe |
files | src/ch/ethz/ssh2/Connection.java src/ch/ethz/ssh2/KnownHosts.java src/ch/ethz/ssh2/signature/RSASHA1Verify.java src/ch/ethz/ssh2/transport/ClientKexManager.java src/ch/ethz/ssh2/transport/KexManager.java src/ch/ethz/ssh2/transport/ServerKexManager.java |
diffstat | 6 files changed, 65 insertions(+), 10 deletions(-) [+] |
line wrap: on
line diff
--- a/src/ch/ethz/ssh2/Connection.java Fri Jul 18 18:08:56 2014 -0700 +++ b/src/ch/ethz/ssh2/Connection.java Fri Jul 18 18:33:40 2014 -0700 @@ -505,6 +505,58 @@ } /** + * After a successful connect, one has to authenticate oneself. The + * authentication method "publickey" works by signing a challenge sent by + * the server. The signature is either DSA or RSA based - it just depends on + * the type of private key you specify, either a DSA or RSA private key in + * PEM format. And yes, this is may seem to be a little confusing, the + * method is called "publickey" in the SSH-2 protocol specification, however + * since we need to generate a signature, you actually have to supply a + * private key =). + * <p> + * If the authentication phase is complete, <code>true</code> will be + * returned. If the server does not accept the request (or if further + * authentication steps are needed), <code>false</code> is returned and + * one can retry either by using this or any other authentication method + * (use the <code>getRemainingAuthMethods</code> method to get a list of + * the remaining possible methods). + * + * @param user + * A <code>String</code> holding the username. + * @param pair + * A <code>RSAPrivateKey</code> or <code>DSAPrivateKey</code> + * containing a DSA or RSA private key of + * the user in Trilead object format. + * + * @return whether the connection is now authenticated. + * @throws IOException + */ + + public synchronized boolean authenticateWithPublicKey(String user, KeyPair pair) + throws IOException { + if (tm == null) + throw new IllegalStateException("Connection is not established!"); + + if (authenticated) + throw new IllegalStateException("Connection is already authenticated!"); + + if (am == null) + am = new AuthenticationManager(tm); + + if (cm == null) + cm = new ChannelManager(tm); + + if (user == null) + throw new IllegalArgumentException("user argument is null"); + + if (pair == null) + throw new IllegalArgumentException("Key pair argument is null"); + + authenticated = am.authenticatePublicKey(user, pair, getOrCreateSecureRND()); + return authenticated; + } + + /** * A convenience wrapper function which reads in a private key (PEM format, either DSA or RSA) * and then calls <code>authenticateWithPublicKey(String, char[], String)</code>. * <p/>
--- a/src/ch/ethz/ssh2/KnownHosts.java Fri Jul 18 18:08:56 2014 -0700 +++ b/src/ch/ethz/ssh2/KnownHosts.java Fri Jul 18 18:33:40 2014 -0700 @@ -25,9 +25,12 @@ import ch.ethz.ssh2.crypto.digest.HMAC; import ch.ethz.ssh2.crypto.digest.MD5; import ch.ethz.ssh2.crypto.digest.SHA1; +import java.security.PublicKey; import java.security.interfaces.DSAPublicKey; +import java.security.interfaces.ECPublicKey; +import java.security.interfaces.RSAPublicKey; import ch.ethz.ssh2.signature.DSASHA1Verify; -import java.security.interfaces.RSAPublicKey; +import ch.ethz.ssh2.signature.ECDSASHA2Verify; import ch.ethz.ssh2.signature.RSASHA1Verify; import ch.ethz.ssh2.util.StringEncoder;
--- a/src/ch/ethz/ssh2/signature/RSASHA1Verify.java Fri Jul 18 18:08:56 2014 -0700 +++ b/src/ch/ethz/ssh2/signature/RSASHA1Verify.java Fri Jul 18 18:33:40 2014 -0700 @@ -84,7 +84,7 @@ throw new IOException("Error in RSA signature, S is empty."); if (log.isEnabled()) { - log.log(80, "Decoding ssh-rsa signature string (length: " + s.length + ")"); + log.info(80, "Decoding ssh-rsa signature string (length: " + s.length + ")"); } if (tr.remain() != 0)
--- a/src/ch/ethz/ssh2/transport/ClientKexManager.java Fri Jul 18 18:08:56 2014 -0700 +++ b/src/ch/ethz/ssh2/transport/ClientKexManager.java Fri Jul 18 18:33:40 2014 -0700 @@ -58,7 +58,7 @@ if (kxs.np.server_host_key_algo.startsWith("ecdsa-sha2-")) { byte[] rs = ECDSASHA2Verify.decodeSSHECDSASignature(sig); ECPublicKey epk = ECDSASHA2Verify.decodeSSHECDSAPublicKey(hostkey); - log.log(50, "Verifying ecdsa signature"); + log.debug(50, "Verifying ecdsa signature"); return ECDSASHA2Verify.verifySignature(kxs.H, rs, epk); } if (kxs.np.server_host_key_algo.equals("ssh-rsa")) {
--- a/src/ch/ethz/ssh2/transport/KexManager.java Fri Jul 18 18:08:56 2014 -0700 +++ b/src/ch/ethz/ssh2/transport/KexManager.java Fri Jul 18 18:33:40 2014 -0700 @@ -54,8 +54,8 @@ CryptoWishList nextKEXcryptoWishList; DHGexParameters nextKEXdhgexParameters; - DSAPrivateKey nextKEXdsakey; - RSAPrivateKey nextKEXrsakey; + KeyPair nextKEXdsakey; + KeyPair nextKEXrsakey; final SecureRandom rnd; @@ -182,7 +182,7 @@ return np; } - public synchronized void initiateKEX(CryptoWishList cwl, DHGexParameters dhgex, DSAPrivateKey dsa, RSAPrivateKey rsa) + public synchronized void initiateKEX(CryptoWishList cwl, DHGexParameters dhgex, KeyPair dsa, KeyPair rsa) throws IOException { nextKEXcryptoWishList = cwl; nextKEXdhgexParameters = dhgex;
--- a/src/ch/ethz/ssh2/transport/ServerKexManager.java Fri Jul 18 18:08:56 2014 -0700 +++ b/src/ch/ethz/ssh2/transport/ServerKexManager.java Fri Jul 18 18:33:40 2014 -0700 @@ -167,11 +167,11 @@ byte[] hostKey = null; if(kxs.np.server_host_key_algo.equals("ssh-rsa")) { - hostKey = RSASHA1Verify.encodeSSHRSAPublicKey(kxs.local_rsa_key.getPublic()); + hostKey = RSASHA1Verify.encodeSSHRSAPublicKey((RSAPublicKey)kxs.local_rsa_key.getPublic()); } if(kxs.np.server_host_key_algo.equals("ssh-dss")) { - hostKey = DSASHA1Verify.encodeSSHDSAPublicKey(kxs.local_dsa_key.getPublic()); + hostKey = DSASHA1Verify.encodeSSHDSAPublicKey((DSAPublicKey)kxs.local_dsa_key.getPublic()); } try { @@ -187,12 +187,12 @@ byte[] signature = null; if(kxs.np.server_host_key_algo.equals("ssh-rsa")) { - byte[] rs = RSASHA1Verify.generateSignature(kxs.H, kxs.local_rsa_key); + byte[] rs = RSASHA1Verify.generateSignature(kxs.H, (RSAPrivateKey)kxs.local_rsa_key.getPrivate()); signature = RSASHA1Verify.encodeSSHRSASignature(rs); } if(kxs.np.server_host_key_algo.equals("ssh-dss")) { - byte[] ds = DSASHA1Verify.generateSignature(kxs.H, kxs.local_dsa_key, rnd); + byte[] ds = DSASHA1Verify.generateSignature(kxs.H, (DSAPrivateKey)kxs.local_dsa_key.getPrivate(), rnd); signature = DSASHA1Verify.encodeSSHDSASignature(ds); }