org.apache.sshd.client.auth.pubkey

Class UserAuthPublicKey

java.lang.Object

org.apache.sshd.common.util.logging.AbstractLoggingBean

org.apache.sshd.client.auth.AbstractUserAuth

org.apache.sshd.client.auth.pubkey.UserAuthPublicKey

All Implemented Interfaces:

UserAuth, ClientSessionHolder, UserAuthInstance<ClientSession>, NamedResource, SignatureFactoriesHolder, SignatureFactoriesManager

public class UserAuthPublicKey
extends AbstractUserAuth
implements SignatureFactoriesManager

Implements the "publickey" authentication mechanism

Author:

Apache MINA SSHD Project

Field Summary

Fields

Modifier and Type	Field and Description
protected String	chosenAlgorithm
protected PublicKeyIdentity	current
protected Deque<String>	currentAlgorithms
protected List<NamedFactory<Signature>>	factories
static AttributeRepository.AttributeKey<String>	IDENTITY_AGENT Is set on a ClientSession when it is created; contains the value of the IdentityAgent SSH config setting.
protected Iterator<PublicKeyIdentity>	keys
static String	NAME
static AttributeRepository.AttributeKey<Boolean>	USE_DEFAULT_IDENTITIES Is set on a ClientSession when it is created; if Boolean.FALSE, no default identities shall be used.

Fields inherited from class org.apache.sshd.common.util.logging.AbstractLoggingBean

log

Fields inherited from interface org.apache.sshd.common.NamedResource

BY_NAME_COMPARATOR, NAME_EXTRACTOR

Constructor Summary

Constructors

Constructor and Description
UserAuthPublicKey()
UserAuthPublicKey(List<NamedFactory<Signature>> factories)

Method Summary

Modifier and Type	Method and Description
protected byte[]	appendSignature(ClientSession session, String service, String name, String username, String algo, PublicKey key, PublicKey serverKey, Buffer buffer)
protected Iterator<PublicKeyIdentity>	createPublicKeyIterator(ClientSession session, SignatureFactoriesManager manager)
void	destroy() Called to release any allocated resources
protected String	getDefaultSignatureAlgorithm(ClientSession session, String service, PublicKeyIdentity identity, KeyPair keyPair, String keyType) Determines a signature algorithm name to use for the authentication request if none could be determined from the installed signature factories.
List<NamedFactory<Signature>>	getSignatureFactories()
void	init(ClientSession session, String service)
protected boolean	processAuthDataRequest(ClientSession session, String service, Buffer buffer)
protected void	releaseKeys()
protected PublicKeyIdentity	resolveAttemptedPublicKeyIdentity(ClientSession session, String service)
protected PublicKeyIdentity	resolveAttemptedPublicKeyIdentity(ClientSession session, String service, PublicKeyAuthenticationReporter reporter)
protected boolean	sendAuthDataRequest(ClientSession session, String service)
void	setSignatureFactories(List<NamedFactory<Signature>> factories)
void	signalAuthMethodFailure(ClientSession session, String service, boolean partial, List<String> serverMethods, Buffer buffer) Signals reception of SSH_MSG_USERAUTH_FAILURE message
void	signalAuthMethodSuccess(ClientSession session, String service, Buffer buffer) Signal reception of SSH_MSG_USERAUTH_SUCCESS message

Methods inherited from class org.apache.sshd.client.auth.AbstractUserAuth

getClientSession, getName, getService, getSession, isCancellable, process, setCancellable, toString

Methods inherited from class org.apache.sshd.common.util.logging.AbstractLoggingBean

debug, debug, debug, debug, debug, error, error, error, error, error, getSimplifiedLogger, info, info, warn, warn, warn, warn, warn, warn, warn, warn

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.apache.sshd.common.signature.SignatureFactoriesManager

getSignatureFactories, resolveSignatureFactories, setSignatureFactoriesNameList, setSignatureFactoriesNames, setSignatureFactoriesNames

Methods inherited from interface org.apache.sshd.common.signature.SignatureFactoriesHolder

getSignatureFactoriesNameList, getSignatureFactoriesNames

Methods inherited from interface org.apache.sshd.common.NamedResource

findByName, findFirstMatchByName, getNameList, getNames, ofName, removeByName, safeCompareByName

Field Detail

NAME

public static final String NAME

See Also:

Constant Field Values

USE_DEFAULT_IDENTITIES

public static final AttributeRepository.AttributeKey<Boolean> USE_DEFAULT_IDENTITIES

Is set on a ClientSession when it is created; if Boolean.FALSE, no default identities shall be used.

IDENTITY_AGENT

public static final AttributeRepository.AttributeKey<String> IDENTITY_AGENT

Is set on a ClientSession when it is created; contains the value of the IdentityAgent SSH config setting. May be the empty string if not specified in the HostConfigEntry.

currentAlgorithms

protected final Deque<String> currentAlgorithms

keys

protected Iterator<PublicKeyIdentity> keys

current

protected PublicKeyIdentity current

factories

protected List<NamedFactory<Signature>> factories

chosenAlgorithm

protected String chosenAlgorithm

Constructor Detail

UserAuthPublicKey

public UserAuthPublicKey()

UserAuthPublicKey

public UserAuthPublicKey(List<NamedFactory<Signature>> factories)

Method Detail

getSignatureFactories

public List<NamedFactory<Signature>> getSignatureFactories()

Specified by:

getSignatureFactories in interface SignatureFactoriesHolder

setSignatureFactories

public void setSignatureFactories(List<NamedFactory<Signature>> factories)

Specified by:

setSignatureFactories in interface SignatureFactoriesManager

init

public void init(ClientSession session,
                 String service)
          throws Exception

Specified by:

init in interface UserAuth

Overrides:

init in class AbstractUserAuth

Parameters:

session - The ClientSession

service - The requesting service name

Throws:

Exception - If failed to initialize the mechanism

createPublicKeyIterator

protected Iterator<PublicKeyIdentity> createPublicKeyIterator(ClientSession session,
                                                              SignatureFactoriesManager manager)
                                                       throws Exception

Throws:

Exception

sendAuthDataRequest

protected boolean sendAuthDataRequest(ClientSession session,
                                      String service)
                               throws Exception

Specified by:

sendAuthDataRequest in class AbstractUserAuth

Throws:

Exception

resolveAttemptedPublicKeyIdentity

protected PublicKeyIdentity resolveAttemptedPublicKeyIdentity(ClientSession session,
                                                              String service)
                                                       throws Exception

Throws:

Exception

resolveAttemptedPublicKeyIdentity

protected PublicKeyIdentity resolveAttemptedPublicKeyIdentity(ClientSession session,
                                                              String service,
                                                              PublicKeyAuthenticationReporter reporter)
                                                       throws Exception

Throws:

Exception

getDefaultSignatureAlgorithm

protected String getDefaultSignatureAlgorithm(ClientSession session,
                                              String service,
                                              PublicKeyIdentity identity,
                                              KeyPair keyPair,
                                              String keyType)
                                       throws Exception

Determines a signature algorithm name to use for the authentication request if none could be determined from the installed signature factories. If a non-null non-empty string is returned, it is used as is in the authentication.

This is mainly intended for use with identities from an SSH agent, where the SSH agent may be able to sign the request even if there is no appropriate signature factory present in Java. Whether it makes sense to allow this depends on the application logic and how it handles e.g. SSH config PubkeyAcceptedKeyTypes (or PubkeyAcceptedAlgorithms}.

This default implementation always returns null, skipping the key.

Parameters:

session - ClientSession trying to authenticate

service - SSH service name

identity - PublicKeyIdentity considered to be used for authentication

keyPair - KeyPair from identity

keyType - the key type of keyPair

Returns:

null or an empty string to skip this key and consider another key, if any, to use for authentication, or a non-empty signature algorithm name to use for the authentication attempt using the given identity

Throws:

Exception - if an error occurs

See Also:

KeyAgentIdentity

processAuthDataRequest

protected boolean processAuthDataRequest(ClientSession session,
                                         String service,
                                         Buffer buffer)
                                  throws Exception

Specified by:

processAuthDataRequest in class AbstractUserAuth

Throws:

Exception

appendSignature

protected byte[] appendSignature(ClientSession session,
                                 String service,
                                 String name,
                                 String username,
                                 String algo,
                                 PublicKey key,
                                 PublicKey serverKey,
                                 Buffer buffer)
                          throws Exception

Throws:

Exception

signalAuthMethodSuccess

public void signalAuthMethodSuccess(ClientSession session,
                                    String service,
                                    Buffer buffer)
                             throws Exception

Description copied from interface: UserAuth

Signal reception of SSH_MSG_USERAUTH_SUCCESS message

Specified by:

signalAuthMethodSuccess in interface UserAuth

Parameters:

session - The ClientSession

service - The requesting service name

buffer - The Buffer containing the success message (after having consumed the relevant data from it)

Throws:

Exception - If failed to handle the callback - Note: may cause session close

signalAuthMethodFailure

public void signalAuthMethodFailure(ClientSession session,
                                    String service,
                                    boolean partial,
                                    List<String> serverMethods,
                                    Buffer buffer)
                             throws Exception

Description copied from interface: UserAuth

Signals reception of SSH_MSG_USERAUTH_FAILURE message

Specified by:

signalAuthMethodFailure in interface UserAuth

Parameters:

session - The ClientSession

service - The requesting service name

partial - true if some partial authentication success so far

serverMethods - The List of authentication methods that can continue

buffer - The Buffer containing the failure message (after having consumed the relevant data from it)

Throws:

Exception - If failed to handle the callback - Note: may cause session close

destroy

public void destroy()

Description copied from interface: UserAuth

Called to release any allocated resources

Specified by:

destroy in interface UserAuth

Overrides:

destroy in class AbstractUserAuth

releaseKeys

protected void releaseKeys()
                    throws IOException

Throws:

IOException