Repository: mina-sshd Updated Branches: refs/heads/master e88a08326 -> fc7a8e7c2
[SSHD-865] 'SshClient' and 'ClientSession' use only a KeyIdentityProvider instead of KeyPairProvider Project: http://git-wip-us.apache.org/repos/asf/mina-sshd/repo Commit: http://git-wip-us.apache.org/repos/asf/mina-sshd/commit/e849cc5a Tree: http://git-wip-us.apache.org/repos/asf/mina-sshd/tree/e849cc5a Diff: http://git-wip-us.apache.org/repos/asf/mina-sshd/diff/e849cc5a Branch: refs/heads/master Commit: e849cc5a4c1fc1d14ad556cd656b6bca54dd0840 Parents: e88a083 Author: Lyor Goldstein <[email protected]> Authored: Sun Nov 18 15:32:47 2018 +0200 Committer: Lyor Goldstein <[email protected]> Committed: Mon Nov 19 14:50:09 2018 +0200 ---------------------------------------------------------------------- CHANGES.md | 3 ++ .../sshd/cli/client/SshClientCliSupport.java | 5 +-- .../keys/DefaultClientIdentitiesWatcher.java | 3 +- .../keyprovider/KeyIdentityProviderHolder.java | 36 ++++++++++++++++++++ .../client/ClientAuthenticationManager.java | 7 ++-- .../java/org/apache/sshd/client/SshClient.java | 34 ++++++++++++------ .../client/session/AbstractClientSession.java | 13 +++++++ .../sshd/client/session/ClientSession.java | 2 +- .../common/kex/AbstractKexFactoryManager.java | 14 -------- .../sshd/common/kex/KexFactoryManager.java | 3 +- .../server/ServerAuthenticationManager.java | 3 +- .../java/org/apache/sshd/server/SshServer.java | 12 +++++++ .../server/global/OpenSshHostKeysHandler.java | 11 +++--- .../server/session/AbstractServerSession.java | 15 ++++++++ .../client/ClientAuthenticationManagerTest.java | 14 ++++---- .../hosts/HostConfigEntryResolverTest.java | 12 +++---- .../sshd/common/auth/AuthenticationTest.java | 3 +- .../sshd/common/kex/KexFactoryManagerTest.java | 11 ------ .../server/ServerAuthenticationManagerTest.java | 11 ++++++ .../sshd/util/test/CoreTestSupportUtils.java | 4 +-- 20 files changed, 150 insertions(+), 66 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/e849cc5a/CHANGES.md ---------------------------------------------------------------------- diff --git a/CHANGES.md b/CHANGES.md index 60f941b..3ca0d3d 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -57,6 +57,9 @@ accept also an `AttributeRepository` connection context argument (propagated fro * `ApacheSshdSftpSessionFactory#get/setPrivateKey` has been renamed to `get/setPrivateKeyLocation`. +* `SshClient` and `ClientSession` use a `KeyIdentityProvider` instead of a full blown `KeyPairProvider`. +`KeyPairProvider` is used only in the context of an `SshServer` and/or `ServerSession`. + ## Behavioral changes and enhancements * [SSHD-849](https://issues.apache.org/jira/browse/SSHD-849) - Data forwarding code makes sure all http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/e849cc5a/sshd-cli/src/main/java/org/apache/sshd/cli/client/SshClientCliSupport.java ---------------------------------------------------------------------- diff --git a/sshd-cli/src/main/java/org/apache/sshd/cli/client/SshClientCliSupport.java b/sshd-cli/src/main/java/org/apache/sshd/cli/client/SshClientCliSupport.java index 9286324..4741e72 100644 --- a/sshd-cli/src/main/java/org/apache/sshd/cli/client/SshClientCliSupport.java +++ b/sshd-cli/src/main/java/org/apache/sshd/cli/client/SshClientCliSupport.java @@ -343,7 +343,8 @@ public abstract class SshClientCliSupport extends CliSupport { } } - public static FileKeyPairProvider setupSessionIdentities(ClientFactoryManager client, Collection<? extends Path> identities, + public static FileKeyPairProvider setupSessionIdentities( + ClientFactoryManager client, Collection<? extends Path> identities, BufferedReader stdin, PrintStream stdout, PrintStream stderr) throws Throwable { client.setFilePasswordProvider((session, file, index) -> { @@ -362,7 +363,7 @@ public abstract class SshClientCliSupport extends CliSupport { } }; provider.setPaths(identities); - client.setKeyPairProvider(provider); + client.setKeyIdentityProvider(provider); return provider; } http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/e849cc5a/sshd-common/src/main/java/org/apache/sshd/client/config/keys/DefaultClientIdentitiesWatcher.java ---------------------------------------------------------------------- diff --git a/sshd-common/src/main/java/org/apache/sshd/client/config/keys/DefaultClientIdentitiesWatcher.java b/sshd-common/src/main/java/org/apache/sshd/client/config/keys/DefaultClientIdentitiesWatcher.java index 3afa129..ee710c3 100644 --- a/sshd-common/src/main/java/org/apache/sshd/client/config/keys/DefaultClientIdentitiesWatcher.java +++ b/sshd-common/src/main/java/org/apache/sshd/client/config/keys/DefaultClientIdentitiesWatcher.java @@ -40,7 +40,8 @@ public class DefaultClientIdentitiesWatcher extends BuiltinClientIdentitiesWatch this(true, loader, provider, strict); } - public DefaultClientIdentitiesWatcher(boolean supportedOnly, ClientIdentityLoader loader, FilePasswordProvider provider, boolean strict) { + public DefaultClientIdentitiesWatcher( + boolean supportedOnly, ClientIdentityLoader loader, FilePasswordProvider provider, boolean strict) { this(supportedOnly, GenericUtils.supplierOf(Objects.requireNonNull(loader, "No client identity loader")), GenericUtils.supplierOf(Objects.requireNonNull(provider, "No password provider")), http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/e849cc5a/sshd-common/src/main/java/org/apache/sshd/common/keyprovider/KeyIdentityProviderHolder.java ---------------------------------------------------------------------- diff --git a/sshd-common/src/main/java/org/apache/sshd/common/keyprovider/KeyIdentityProviderHolder.java b/sshd-common/src/main/java/org/apache/sshd/common/keyprovider/KeyIdentityProviderHolder.java new file mode 100644 index 0000000..b33064a --- /dev/null +++ b/sshd-common/src/main/java/org/apache/sshd/common/keyprovider/KeyIdentityProviderHolder.java @@ -0,0 +1,36 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.sshd.common.keyprovider; + +/** + * TODO Add javadoc + * + * @author <a href="mailto:[email protected]";>Apache MINA SSHD Project</a> + */ +public interface KeyIdentityProviderHolder { + /** + * @return The {@link KeyIdentityProvider} used to provide key-pair(s) + * for public key authentication + */ + KeyIdentityProvider getKeyIdentityProvider(); + + void setKeyIdentityProvider(KeyIdentityProvider provider); + +} http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/e849cc5a/sshd-core/src/main/java/org/apache/sshd/client/ClientAuthenticationManager.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/main/java/org/apache/sshd/client/ClientAuthenticationManager.java b/sshd-core/src/main/java/org/apache/sshd/client/ClientAuthenticationManager.java index a9ae68c..4b84752 100644 --- a/sshd-core/src/main/java/org/apache/sshd/client/ClientAuthenticationManager.java +++ b/sshd-core/src/main/java/org/apache/sshd/client/ClientAuthenticationManager.java @@ -33,7 +33,7 @@ import org.apache.sshd.client.auth.password.PasswordIdentityProvider; import org.apache.sshd.client.keyverifier.ServerKeyVerifier; import org.apache.sshd.common.NamedFactory; import org.apache.sshd.common.NamedResource; -import org.apache.sshd.common.keyprovider.KeyPairProviderHolder; +import org.apache.sshd.common.keyprovider.KeyIdentityProviderHolder; import org.apache.sshd.common.util.GenericUtils; import org.apache.sshd.common.util.ValidateUtils; @@ -41,7 +41,7 @@ import org.apache.sshd.common.util.ValidateUtils; * Holds information required for the client to perform authentication with the server * @author <a href="mailto:[email protected]";>Apache MINA SSHD Project</a> */ -public interface ClientAuthenticationManager extends KeyPairProviderHolder { +public interface ClientAuthenticationManager extends KeyIdentityProviderHolder { /** * Ordered comma separated list of authentications methods. @@ -74,7 +74,8 @@ public interface ClientAuthenticationManager extends KeyPairProviderHolder { * candidates * * @return The {@link PasswordIdentityProvider} instance - ignored if {@code null} - * (i.e., no passwords available) + * (i.e., no passwords available). + * @see #addPasswordIdentity(String) */ PasswordIdentityProvider getPasswordIdentityProvider(); http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/e849cc5a/sshd-core/src/main/java/org/apache/sshd/client/SshClient.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/main/java/org/apache/sshd/client/SshClient.java b/sshd-core/src/main/java/org/apache/sshd/client/SshClient.java index fba078c..796d781 100644 --- a/sshd-core/src/main/java/org/apache/sshd/client/SshClient.java +++ b/sshd-core/src/main/java/org/apache/sshd/client/SshClient.java @@ -80,6 +80,7 @@ import org.apache.sshd.common.helpers.AbstractFactoryManager; import org.apache.sshd.common.io.IoConnectFuture; import org.apache.sshd.common.io.IoConnector; import org.apache.sshd.common.io.IoSession; +import org.apache.sshd.common.keyprovider.KeyIdentityProvider; import org.apache.sshd.common.keyprovider.KeyPairProvider; import org.apache.sshd.common.session.helpers.AbstractSession; import org.apache.sshd.common.util.GenericUtils; @@ -167,6 +168,7 @@ public class SshClient extends AbstractFactoryManager implements ClientFactoryMa private ServerKeyVerifier serverKeyVerifier; private HostConfigEntryResolver hostConfigEntryResolver; private ClientIdentityLoader clientIdentityLoader; + private KeyIdentityProvider keyIdentityProvider; private FilePasswordProvider filePasswordProvider; private PasswordIdentityProvider passwordIdentityProvider; @@ -325,6 +327,16 @@ public class SshClient extends AbstractFactoryManager implements ClientFactoryMa } @Override + public KeyIdentityProvider getKeyIdentityProvider() { + return keyIdentityProvider; + } + + @Override + public void setKeyIdentityProvider(KeyIdentityProvider keyIdentityProvider) { + this.keyIdentityProvider = keyIdentityProvider; + } + + @Override protected void checkConfig() { super.checkConfig(); @@ -335,17 +347,17 @@ public class SshClient extends AbstractFactoryManager implements ClientFactoryMa Objects.requireNonNull(getFilePasswordProvider(), "FilePasswordProvider not set"); // if no client identities override use the default - KeyPairProvider defaultIdentities = getKeyPairProvider(); + KeyIdentityProvider defaultIdentities = getKeyIdentityProvider(); if (defaultIdentities == null) { - setKeyPairProvider(new DefaultClientIdentitiesWatcher(this::getClientIdentityLoader, this::getFilePasswordProvider)); + setKeyIdentityProvider(new DefaultClientIdentitiesWatcher(this::getClientIdentityLoader, this::getFilePasswordProvider)); } // Register the additional agent forwarding channel if needed SshAgentFactory agentFactory = getAgentFactory(); if (agentFactory != null) { List<NamedFactory<Channel>> forwarders = - ValidateUtils.checkNotNullAndNotEmpty( - agentFactory.getChannelForwardingFactories(this), "No agent channel forwarding factories for %s", agentFactory); + ValidateUtils.checkNotNullAndNotEmpty( + agentFactory.getChannelForwardingFactories(this), "No agent channel forwarding factories for %s", agentFactory); List<NamedFactory<Channel>> factories = getChannelFactories(); if (GenericUtils.isEmpty(factories)) { factories = forwarders; @@ -656,15 +668,15 @@ public class SshClient extends AbstractFactoryManager implements ClientFactoryMa protected void setupDefaultSessionIdentities(ClientSession session) { // check if session listener intervened - KeyPairProvider kpSession = session.getKeyPairProvider(); - KeyPairProvider kpClient = getKeyPairProvider(); + KeyIdentityProvider kpSession = session.getKeyIdentityProvider(); + KeyIdentityProvider kpClient = getKeyIdentityProvider(); boolean debugEnabled = log.isDebugEnabled(); if (kpSession == null) { - session.setKeyPairProvider(kpClient); + session.setKeyIdentityProvider(kpClient); } else { if (kpSession != kpClient) { if (debugEnabled) { - log.debug("setupDefaultSessionIdentities({}) key-pair provider override", session); + log.debug("setupDefaultSessionIdentities({}) key identity provider override", session); } } } @@ -828,7 +840,7 @@ public class SshClient extends AbstractFactoryManager implements ClientFactoryMa * @param options The {@link LinkOption}s to apply when checking * for existence * @return The updated <tt>client</tt> instance - provided a non-{@code null} - * {@link KeyPairProvider} was generated + * {@link KeyIdentityProvider} was generated * @throws IOException If failed to access the file system * @throws GeneralSecurityException If failed to load the keys * @see ClientIdentity#loadDefaultKeyPairProvider(Path, boolean, boolean, FilePasswordProvider, LinkOption...) @@ -836,10 +848,10 @@ public class SshClient extends AbstractFactoryManager implements ClientFactoryMa public static <C extends SshClient> C setKeyPairProvider( C client, Path dir, boolean strict, boolean supportedOnly, FilePasswordProvider provider, LinkOption... options) throws IOException, GeneralSecurityException { - KeyPairProvider kpp = + KeyIdentityProvider kpp = ClientIdentity.loadDefaultKeyPairProvider(dir, strict, supportedOnly, provider, options); if (kpp != null) { - client.setKeyPairProvider(kpp); + client.setKeyIdentityProvider(kpp); } return client; http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/e849cc5a/sshd-core/src/main/java/org/apache/sshd/client/session/AbstractClientSession.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/main/java/org/apache/sshd/client/session/AbstractClientSession.java b/sshd-core/src/main/java/org/apache/sshd/client/session/AbstractClientSession.java index 1c329ef..57485ad 100644 --- a/sshd-core/src/main/java/org/apache/sshd/client/session/AbstractClientSession.java +++ b/sshd-core/src/main/java/org/apache/sshd/client/session/AbstractClientSession.java @@ -58,6 +58,7 @@ import org.apache.sshd.common.io.IoSession; import org.apache.sshd.common.io.IoWriteFuture; import org.apache.sshd.common.kex.KexProposalOption; import org.apache.sshd.common.kex.KexState; +import org.apache.sshd.common.keyprovider.KeyIdentityProvider; import org.apache.sshd.common.session.ConnectionService; import org.apache.sshd.common.session.SessionContext; import org.apache.sshd.common.session.helpers.AbstractConnectionService; @@ -80,6 +81,7 @@ public abstract class AbstractClientSession extends AbstractSession implements C private ServerKeyVerifier serverKeyVerifier; private UserInteraction userInteraction; private PasswordIdentityProvider passwordIdentityProvider; + private KeyIdentityProvider keyIdentityProvider; private List<NamedFactory<UserAuth>> userAuthFactories; private SocketAddress connectAddress; private ClientProxyConnector proxyConnector; @@ -160,6 +162,17 @@ public abstract class AbstractClientSession extends AbstractSession implements C } @Override + public KeyIdentityProvider getKeyIdentityProvider() { + ClientFactoryManager manager = getFactoryManager(); + return resolveEffectiveProvider(KeyIdentityProvider.class, keyIdentityProvider, manager.getKeyIdentityProvider()); + } + + @Override + public void setKeyIdentityProvider(KeyIdentityProvider keyIdentityProvider) { + this.keyIdentityProvider = keyIdentityProvider; + } + + @Override public ClientProxyConnector getClientProxyConnector() { ClientFactoryManager manager = getFactoryManager(); return resolveEffectiveProvider(ClientProxyConnector.class, proxyConnector, manager.getClientProxyConnector()); http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/e849cc5a/sshd-core/src/main/java/org/apache/sshd/client/session/ClientSession.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/main/java/org/apache/sshd/client/session/ClientSession.java b/sshd-core/src/main/java/org/apache/sshd/client/session/ClientSession.java index b7b5377..59df28c 100644 --- a/sshd-core/src/main/java/org/apache/sshd/client/session/ClientSession.java +++ b/sshd-core/src/main/java/org/apache/sshd/client/session/ClientSession.java @@ -381,7 +381,7 @@ public interface ClientSession return (session == null) ? KeyIdentityProvider.EMPTY_KEYS_PROVIDER : KeyIdentityProvider.resolveKeyIdentityProvider( - session.getRegisteredIdentities(), session.getKeyPairProvider()); + session.getRegisteredIdentities(), session.getKeyIdentityProvider()); } /** http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/e849cc5a/sshd-core/src/main/java/org/apache/sshd/common/kex/AbstractKexFactoryManager.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/main/java/org/apache/sshd/common/kex/AbstractKexFactoryManager.java b/sshd-core/src/main/java/org/apache/sshd/common/kex/AbstractKexFactoryManager.java index aa111af..eb502e4 100644 --- a/sshd-core/src/main/java/org/apache/sshd/common/kex/AbstractKexFactoryManager.java +++ b/sshd-core/src/main/java/org/apache/sshd/common/kex/AbstractKexFactoryManager.java @@ -25,7 +25,6 @@ import java.util.List; import org.apache.sshd.common.NamedFactory; import org.apache.sshd.common.cipher.Cipher; import org.apache.sshd.common.compression.Compression; -import org.apache.sshd.common.keyprovider.KeyPairProvider; import org.apache.sshd.common.mac.Mac; import org.apache.sshd.common.signature.Signature; import org.apache.sshd.common.util.GenericUtils; @@ -43,7 +42,6 @@ public abstract class AbstractKexFactoryManager private List<NamedFactory<Compression>> compressionFactories; private List<NamedFactory<Mac>> macFactories; private List<NamedFactory<Signature>> signatureFactories; - private KeyPairProvider keyPairProvider; protected AbstractKexFactoryManager() { this(null); @@ -117,18 +115,6 @@ public abstract class AbstractKexFactoryManager this.signatureFactories = signatureFactories; } - @Override - public KeyPairProvider getKeyPairProvider() { - KexFactoryManager parent = getDelegate(); - return resolveEffectiveProvider(KeyPairProvider.class, keyPairProvider, - (parent == null) ? null : parent.getKeyPairProvider()); - } - - @Override - public void setKeyPairProvider(KeyPairProvider keyPairProvider) { - this.keyPairProvider = keyPairProvider; - } - protected <V> List<NamedFactory<V>> resolveEffectiveFactories( Class<V> factoryType, List<NamedFactory<V>> local, List<NamedFactory<V>> inherited) { if (GenericUtils.isEmpty(local)) { http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/e849cc5a/sshd-core/src/main/java/org/apache/sshd/common/kex/KexFactoryManager.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/main/java/org/apache/sshd/common/kex/KexFactoryManager.java b/sshd-core/src/main/java/org/apache/sshd/common/kex/KexFactoryManager.java index 7aa8cba..6e46154 100644 --- a/sshd-core/src/main/java/org/apache/sshd/common/kex/KexFactoryManager.java +++ b/sshd-core/src/main/java/org/apache/sshd/common/kex/KexFactoryManager.java @@ -30,7 +30,6 @@ import org.apache.sshd.common.cipher.BuiltinCiphers; import org.apache.sshd.common.cipher.Cipher; import org.apache.sshd.common.compression.BuiltinCompressions; import org.apache.sshd.common.compression.Compression; -import org.apache.sshd.common.keyprovider.KeyPairProviderHolder; import org.apache.sshd.common.mac.BuiltinMacs; import org.apache.sshd.common.mac.Mac; import org.apache.sshd.common.signature.SignatureFactoriesManager; @@ -41,7 +40,7 @@ import org.apache.sshd.common.util.ValidateUtils; * Holds KEX negotiation stage configuration * @author <a href="mailto:[email protected]";>Apache MINA SSHD Project</a> */ -public interface KexFactoryManager extends KeyPairProviderHolder, SignatureFactoriesManager { +public interface KexFactoryManager extends SignatureFactoriesManager { /** * Retrieve the list of named factories for <code>KeyExchange</code>. * http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/e849cc5a/sshd-core/src/main/java/org/apache/sshd/server/ServerAuthenticationManager.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/main/java/org/apache/sshd/server/ServerAuthenticationManager.java b/sshd-core/src/main/java/org/apache/sshd/server/ServerAuthenticationManager.java index 1d3a96d..c9a1b51 100644 --- a/sshd-core/src/main/java/org/apache/sshd/server/ServerAuthenticationManager.java +++ b/sshd-core/src/main/java/org/apache/sshd/server/ServerAuthenticationManager.java @@ -27,6 +27,7 @@ import java.util.List; import org.apache.sshd.common.NamedFactory; import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.keyprovider.KeyPairProviderHolder; import org.apache.sshd.common.util.GenericUtils; import org.apache.sshd.common.util.ValidateUtils; import org.apache.sshd.server.auth.BuiltinUserAuthFactories; @@ -46,7 +47,7 @@ import org.apache.sshd.server.auth.pubkey.UserAuthPublicKeyFactory; * Holds providers and helpers related to the server side authentication process * @author <a href="mailto:[email protected]";>Apache MINA SSHD Project</a> */ -public interface ServerAuthenticationManager { +public interface ServerAuthenticationManager extends KeyPairProviderHolder { /** * Key used to retrieve the value in the configuration properties map * of the maximum number of failed authentication requests before the http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/e849cc5a/sshd-core/src/main/java/org/apache/sshd/server/SshServer.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/main/java/org/apache/sshd/server/SshServer.java b/sshd-core/src/main/java/org/apache/sshd/server/SshServer.java index c5a6918..72ed860 100644 --- a/sshd-core/src/main/java/org/apache/sshd/server/SshServer.java +++ b/sshd-core/src/main/java/org/apache/sshd/server/SshServer.java @@ -40,6 +40,7 @@ import org.apache.sshd.common.helpers.AbstractFactoryManager; import org.apache.sshd.common.io.IoAcceptor; import org.apache.sshd.common.io.IoServiceFactory; import org.apache.sshd.common.io.IoSession; +import org.apache.sshd.common.keyprovider.KeyPairProvider; import org.apache.sshd.common.session.helpers.AbstractSession; import org.apache.sshd.common.util.GenericUtils; import org.apache.sshd.common.util.ValidateUtils; @@ -103,6 +104,7 @@ public class SshServer extends AbstractFactoryManager implements ServerFactoryMa private CommandFactory commandFactory; private List<NamedFactory<Command>> subsystemFactories; private List<NamedFactory<UserAuth>> userAuthFactories; + private KeyPairProvider keyPairProvider; private PasswordAuthenticator passwordAuthenticator; private PublickeyAuthenticator publickeyAuthenticator; private KeyboardInteractiveAuthenticator interactiveAuthenticator; @@ -249,6 +251,16 @@ public class SshServer extends AbstractFactoryManager implements ServerFactoryMa } @Override + public KeyPairProvider getKeyPairProvider() { + return keyPairProvider; + } + + @Override + public void setKeyPairProvider(KeyPairProvider keyPairProvider) { + this.keyPairProvider = keyPairProvider; + } + + @Override protected void checkConfig() { super.checkConfig(); http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/e849cc5a/sshd-core/src/main/java/org/apache/sshd/server/global/OpenSshHostKeysHandler.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/main/java/org/apache/sshd/server/global/OpenSshHostKeysHandler.java b/sshd-core/src/main/java/org/apache/sshd/server/global/OpenSshHostKeysHandler.java index 35a7d68..c3f9477 100644 --- a/sshd-core/src/main/java/org/apache/sshd/server/global/OpenSshHostKeysHandler.java +++ b/sshd-core/src/main/java/org/apache/sshd/server/global/OpenSshHostKeysHandler.java @@ -40,6 +40,7 @@ import org.apache.sshd.common.util.ValidateUtils; import org.apache.sshd.common.util.buffer.Buffer; import org.apache.sshd.common.util.buffer.ByteArrayBuffer; import org.apache.sshd.common.util.buffer.keys.BufferPublicKeyParser; +import org.apache.sshd.server.session.ServerSession; /** * An initial handler for "[email protected]" request @@ -90,10 +91,10 @@ public class OpenSshHostKeysHandler extends AbstractOpenSshHostKeysHandler imple // according to the specification there MUST be reply required by the server ValidateUtils.checkTrue(wantReply, "No reply required for host keys of %s", session); Collection<? extends NamedFactory<Signature>> factories = - ValidateUtils.checkNotNullAndNotEmpty( - SignatureFactoriesManager.resolveSignatureFactories(this, session), - "No signature factories available for host keys of session=%s", - session); + ValidateUtils.checkNotNullAndNotEmpty( + SignatureFactoriesManager.resolveSignatureFactories(this, session), + "No signature factories available for host keys of session=%s", + session); if (log.isDebugEnabled()) { log.debug("handleHostKeys({})[want-reply={}] received {} keys - factories={}", session, wantReply, GenericUtils.size(keys), NamedResource.getNames(factories)); @@ -104,7 +105,7 @@ public class OpenSshHostKeysHandler extends AbstractOpenSshHostKeysHandler imple Buffer buf = new ByteArrayBuffer(); byte[] sessionId = session.getSessionId(); - KeyPairProvider kpp = Objects.requireNonNull(session.getKeyPairProvider(), "No server keys provider"); + KeyPairProvider kpp = Objects.requireNonNull(((ServerSession) session).getKeyPairProvider(), "No server keys provider"); for (PublicKey k : keys) { String keyType = KeyUtils.getKeyType(k); Signature verifier = ValidateUtils.checkNotNull( http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/e849cc5a/sshd-core/src/main/java/org/apache/sshd/server/session/AbstractServerSession.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/main/java/org/apache/sshd/server/session/AbstractServerSession.java b/sshd-core/src/main/java/org/apache/sshd/server/session/AbstractServerSession.java index 6af869e..2a5209c 100644 --- a/sshd-core/src/main/java/org/apache/sshd/server/session/AbstractServerSession.java +++ b/sshd-core/src/main/java/org/apache/sshd/server/session/AbstractServerSession.java @@ -40,6 +40,7 @@ import org.apache.sshd.common.auth.AbstractUserAuthServiceFactory; import org.apache.sshd.common.io.IoService; import org.apache.sshd.common.io.IoSession; import org.apache.sshd.common.io.IoWriteFuture; +import org.apache.sshd.common.kex.KexFactoryManager; import org.apache.sshd.common.kex.KexProposalOption; import org.apache.sshd.common.kex.KexState; import org.apache.sshd.common.keyprovider.KeyPairProvider; @@ -50,6 +51,7 @@ import org.apache.sshd.common.util.GenericUtils; import org.apache.sshd.common.util.ValidateUtils; import org.apache.sshd.common.util.buffer.Buffer; import org.apache.sshd.common.util.buffer.ByteArrayBuffer; +import org.apache.sshd.server.ServerAuthenticationManager; import org.apache.sshd.server.ServerFactoryManager; import org.apache.sshd.server.auth.UserAuth; import org.apache.sshd.server.auth.WelcomeBannerPhase; @@ -73,6 +75,7 @@ public abstract class AbstractServerSession extends AbstractSession implements S private GSSAuthenticator gssAuthenticator; private HostBasedAuthenticator hostBasedAuthenticator; private List<NamedFactory<UserAuth>> userAuthFactories; + private KeyPairProvider keyPairProvider; protected AbstractServerSession(ServerFactoryManager factoryManager, IoSession ioSession) { super(true, factoryManager, ioSession); @@ -168,6 +171,18 @@ public abstract class AbstractServerSession extends AbstractSession implements S this.userAuthFactories = userAuthFactories; // OK if null/empty - inherit from parent } + @Override + public KeyPairProvider getKeyPairProvider() { + KexFactoryManager parent = getDelegate(); + return resolveEffectiveProvider(KeyPairProvider.class, keyPairProvider, + (parent == null) ? null : ((ServerAuthenticationManager) parent).getKeyPairProvider()); + } + + @Override + public void setKeyPairProvider(KeyPairProvider keyPairProvider) { + this.keyPairProvider = keyPairProvider; + } + /** * Sends the server identification + any extra header lines * http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/e849cc5a/sshd-core/src/test/java/org/apache/sshd/client/ClientAuthenticationManagerTest.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/test/java/org/apache/sshd/client/ClientAuthenticationManagerTest.java b/sshd-core/src/test/java/org/apache/sshd/client/ClientAuthenticationManagerTest.java index 30ce313..d4279f9 100644 --- a/sshd-core/src/test/java/org/apache/sshd/client/ClientAuthenticationManagerTest.java +++ b/sshd-core/src/test/java/org/apache/sshd/client/ClientAuthenticationManagerTest.java @@ -43,7 +43,7 @@ import org.apache.sshd.common.forward.DefaultForwarderFactory; import org.apache.sshd.common.forward.PortForwardingEventListener; import org.apache.sshd.common.io.IoSession; import org.apache.sshd.common.io.IoWriteFuture; -import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.keyprovider.KeyIdentityProvider; import org.apache.sshd.common.random.JceRandomFactory; import org.apache.sshd.common.random.Random; import org.apache.sshd.common.random.SingletonRandomFactory; @@ -81,13 +81,13 @@ public class ClientAuthenticationManagerTest extends BaseTestSupport { } @Override - public KeyPairProvider getKeyPairProvider() { + public KeyIdentityProvider getKeyIdentityProvider() { return null; } @Override - public void setKeyPairProvider(KeyPairProvider keyPairProvider) { - throw new UnsupportedOperationException("setKeyPairProvider(" + keyPairProvider + ")"); + public void setKeyIdentityProvider(KeyIdentityProvider provider) { + throw new UnsupportedOperationException("setKeyIdentityProvider(" + provider + ")"); } @Override @@ -183,7 +183,7 @@ public class ClientAuthenticationManagerTest extends BaseTestSupport { PasswordIdentityProvider.class, ServerKeyVerifier.class, UserInteraction.class, - KeyPairProvider.class + KeyIdentityProvider.class }) { testClientProvidersPropagation(provider, client, session); } @@ -191,7 +191,9 @@ public class ClientAuthenticationManagerTest extends BaseTestSupport { } } - private void testClientProvidersPropagation(Class<?> type, ClientAuthenticationManager client, ClientAuthenticationManager session) throws Exception { + private void testClientProvidersPropagation( + Class<?> type, ClientAuthenticationManager client, ClientAuthenticationManager session) + throws Exception { String baseName = type.getSimpleName(); outputDebugMessage("testClientProvidersPropagation(%s)", baseName); assertTrue(baseName + ": not an interface", type.isInterface()); http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/e849cc5a/sshd-core/src/test/java/org/apache/sshd/client/config/hosts/HostConfigEntryResolverTest.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/test/java/org/apache/sshd/client/config/hosts/HostConfigEntryResolverTest.java b/sshd-core/src/test/java/org/apache/sshd/client/config/hosts/HostConfigEntryResolverTest.java index 1a767c6..b76e46c 100644 --- a/sshd-core/src/test/java/org/apache/sshd/client/config/hosts/HostConfigEntryResolverTest.java +++ b/sshd-core/src/test/java/org/apache/sshd/client/config/hosts/HostConfigEntryResolverTest.java @@ -43,7 +43,7 @@ import org.apache.sshd.common.config.keys.FilePasswordProvider; import org.apache.sshd.common.config.keys.KeyUtils; import org.apache.sshd.common.io.IoSession; import org.apache.sshd.common.keyprovider.AbstractKeyPairProvider; -import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.keyprovider.KeyIdentityProvider; import org.apache.sshd.common.session.Session; import org.apache.sshd.common.session.SessionContext; import org.apache.sshd.common.util.ValidateUtils; @@ -185,13 +185,13 @@ public class HostConfigEntryResolverTest extends BaseTestSupport { @Test public void testUseIdentitiesOnly() throws Exception { Path clientIdFile = assertHierarchyTargetFolderExists(getTempTargetRelativeFile(getClass().getSimpleName())); - KeyPairProvider clientIdProvider = + KeyIdentityProvider clientIdProvider = CommonTestSupportUtils.createTestHostKeyProvider(clientIdFile.resolve(getCurrentTestName() + ".pem")); KeyPair specificIdentity = CommonTestSupportUtils.getFirstKeyPair(sshd); KeyPair defaultIdentity = CommonTestSupportUtils.getFirstKeyPair(clientIdProvider); ValidateUtils.checkTrue(!KeyUtils.compareKeyPairs(specificIdentity, defaultIdentity), "client identity not different then entry one"); - client.setKeyPairProvider(clientIdProvider); + client.setKeyIdentityProvider(clientIdProvider); String user = getCurrentTestName(); AtomicBoolean defaultClientIdentityAttempted = new AtomicBoolean(false); @@ -234,17 +234,17 @@ public class HostConfigEntryResolverTest extends BaseTestSupport { PropertyResolverUtils.updateProperty(client, ClientFactoryManager.IGNORE_INVALID_IDENTITIES, false); Collection<KeyPair> clientIdentities = Collections.singletonList(defaultIdentity); - KeyPairProvider provider = new AbstractKeyPairProvider() { + KeyIdentityProvider provider = new AbstractKeyPairProvider() { @Override public Iterable<KeyPair> loadKeys(SessionContext session) { return clientIdentities; } }; - client.setKeyPairProvider(provider); + client.setKeyIdentityProvider(provider); client.start(); try (ClientSession session = client.connect(entry).verify(7L, TimeUnit.SECONDS).getSession()) { - assertSame("Unexpected session key pairs provider", provider, session.getKeyPairProvider()); + assertSame("Unexpected session key pairs provider", provider, session.getKeyIdentityProvider()); session.auth().verify(5L, TimeUnit.SECONDS); assertFalse("Unexpected default client identity attempted", defaultClientIdentityAttempted.get()); assertNull("Default client identity auto-added", session.removePublicKeyIdentity(defaultIdentity)); http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/e849cc5a/sshd-core/src/test/java/org/apache/sshd/common/auth/AuthenticationTest.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/test/java/org/apache/sshd/common/auth/AuthenticationTest.java b/sshd-core/src/test/java/org/apache/sshd/common/auth/AuthenticationTest.java index e55d150..34c418b 100644 --- a/sshd-core/src/test/java/org/apache/sshd/common/auth/AuthenticationTest.java +++ b/sshd-core/src/test/java/org/apache/sshd/common/auth/AuthenticationTest.java @@ -53,6 +53,7 @@ import org.apache.sshd.common.config.keys.FilePasswordProvider; import org.apache.sshd.common.config.keys.KeyUtils; import org.apache.sshd.common.io.IoSession; import org.apache.sshd.common.io.IoWriteFuture; +import org.apache.sshd.common.keyprovider.KeyIdentityProvider; import org.apache.sshd.common.keyprovider.KeyPairProvider; import org.apache.sshd.common.session.Session; import org.apache.sshd.common.session.SessionContext; @@ -916,7 +917,7 @@ public class AuthenticationTest extends BaseTestSupport { return "super secret passphrase"; } }; - s.setKeyPairProvider(new KeyPairProvider() { + s.setKeyIdentityProvider(new KeyIdentityProvider() { @Override public Iterable<KeyPair> loadKeys(SessionContext session) throws IOException, GeneralSecurityException { assertSame("Mismatched session context", s, session); http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/e849cc5a/sshd-core/src/test/java/org/apache/sshd/common/kex/KexFactoryManagerTest.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/test/java/org/apache/sshd/common/kex/KexFactoryManagerTest.java b/sshd-core/src/test/java/org/apache/sshd/common/kex/KexFactoryManagerTest.java index 63c0346..8242a62 100644 --- a/sshd-core/src/test/java/org/apache/sshd/common/kex/KexFactoryManagerTest.java +++ b/sshd-core/src/test/java/org/apache/sshd/common/kex/KexFactoryManagerTest.java @@ -27,7 +27,6 @@ import org.apache.sshd.common.cipher.BuiltinCiphers; import org.apache.sshd.common.cipher.Cipher; import org.apache.sshd.common.compression.BuiltinCompressions; import org.apache.sshd.common.compression.Compression; -import org.apache.sshd.common.keyprovider.KeyPairProvider; import org.apache.sshd.common.mac.BuiltinMacs; import org.apache.sshd.common.mac.Mac; import org.apache.sshd.common.signature.BuiltinSignatures; @@ -129,16 +128,6 @@ public class KexFactoryManagerTest extends BaseTestSupport { } @Override - public KeyPairProvider getKeyPairProvider() { - return null; - } - - @Override - public void setKeyPairProvider(KeyPairProvider keyPairProvider) { - throw new UnsupportedOperationException("N/A"); - } - - @Override public List<NamedFactory<Signature>> getSignatureFactories() { return signatures; } http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/e849cc5a/sshd-core/src/test/java/org/apache/sshd/server/ServerAuthenticationManagerTest.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/test/java/org/apache/sshd/server/ServerAuthenticationManagerTest.java b/sshd-core/src/test/java/org/apache/sshd/server/ServerAuthenticationManagerTest.java index fc7b11c..9be1cb0 100644 --- a/sshd-core/src/test/java/org/apache/sshd/server/ServerAuthenticationManagerTest.java +++ b/sshd-core/src/test/java/org/apache/sshd/server/ServerAuthenticationManagerTest.java @@ -24,6 +24,7 @@ import java.util.concurrent.atomic.AtomicReference; import org.apache.sshd.common.NamedFactory; import org.apache.sshd.common.NamedResource; +import org.apache.sshd.common.keyprovider.KeyPairProvider; import org.apache.sshd.common.util.GenericUtils; import org.apache.sshd.server.auth.BuiltinUserAuthFactories; import org.apache.sshd.server.auth.UserAuth; @@ -113,6 +114,16 @@ public class ServerAuthenticationManagerTest extends BaseTestSupport { public void setHostBasedAuthenticator(HostBasedAuthenticator hostBasedAuthenticator) { throw new UnsupportedOperationException("setHostBasedAuthenticator(" + hostBasedAuthenticator + ")"); } + + @Override + public KeyPairProvider getKeyPairProvider() { + return null; + } + + @Override + public void setKeyPairProvider(KeyPairProvider keyPairProvider) { + throw new UnsupportedOperationException("setKeyPairProvider(" + keyPairProvider + ")"); + } }; assertEquals("Mismatched initial factories list", "", manager.getUserAuthFactoriesNameList()); http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/e849cc5a/sshd-core/src/test/java/org/apache/sshd/util/test/CoreTestSupportUtils.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/test/java/org/apache/sshd/util/test/CoreTestSupportUtils.java b/sshd-core/src/test/java/org/apache/sshd/util/test/CoreTestSupportUtils.java index e6bb6cb..7d2b9b9 100644 --- a/sshd-core/src/test/java/org/apache/sshd/util/test/CoreTestSupportUtils.java +++ b/sshd-core/src/test/java/org/apache/sshd/util/test/CoreTestSupportUtils.java @@ -25,7 +25,7 @@ import java.net.ServerSocket; import org.apache.sshd.client.SshClient; import org.apache.sshd.client.config.hosts.HostConfigEntryResolver; import org.apache.sshd.client.keyverifier.AcceptAllServerKeyVerifier; -import org.apache.sshd.common.keyprovider.KeyPairProvider; +import org.apache.sshd.common.keyprovider.KeyIdentityProvider; import org.apache.sshd.server.SshServer; import org.apache.sshd.server.auth.pubkey.AcceptAllPublickeyAuthenticator; import org.apache.sshd.server.shell.UnknownCommandFactory; @@ -47,7 +47,7 @@ public final class CoreTestSupportUtils { SshClient client = SshClient.setUpDefaultClient(); client.setServerKeyVerifier(AcceptAllServerKeyVerifier.INSTANCE); client.setHostConfigEntryResolver(HostConfigEntryResolver.EMPTY); - client.setKeyPairProvider(KeyPairProvider.EMPTY_KEYPAIR_PROVIDER); + client.setKeyIdentityProvider(KeyIdentityProvider.EMPTY_KEYS_PROVIDER); return client; }
