ServerKeyDatabase.java

  1. /*
  2.  * Copyright (C) 2019 Thomas Wolf <thomas.wolf@paranor.ch> and others
  3.  *
  4.  * This program and the accompanying materials are made available under the
  5.  * terms of the Eclipse Distribution License v. 1.0 which is available at
  6.  * https://www.eclipse.org/org/documents/edl-v10.php.
  7.  *
  8.  * SPDX-License-Identifier: BSD-3-Clause
  9.  */
  10. package org.eclipse.jgit.transport.sshd;

  12. import java.net.InetSocketAddress;
  13. import java.security.PublicKey;
  14. import java.util.List;

  16. import org.eclipse.jgit.annotations.NonNull;
  17. import org.eclipse.jgit.transport.CredentialsProvider;

  19. /**
  20.  * An interface for a database of known server keys, supporting finding all
  21.  * known keys and also deciding whether a server key is to be accepted.
  22.  * <p>
  23.  * Connection addresses are given as strings of the format
  24.  * {@code [hostName]:port} if using a non-standard port (i.e., not port 22),
  25.  * otherwise just {@code hostname}.
  26.  * </p>
  27.  *
  28.  * @since 5.5
  29.  */
  30. public interface ServerKeyDatabase {

  32.     /**
  33.      * Retrieves all known host keys for the given addresses.
  34.      *
  35.      * @param connectAddress
  36.      *            IP address the session tried to connect to
  37.      * @param remoteAddress
  38.      *            IP address as reported for the remote end point
  39.      * @param config
  40.      *            giving access to potentially interesting configuration
  41.      *            settings
  42.      * @return the list of known keys for the given addresses
  43.      */
  44.     @NonNull
  45.     List<PublicKey> lookup(@NonNull String connectAddress,
  46.             @NonNull InetSocketAddress remoteAddress,
  47.             @NonNull Configuration config);

  49.     /**
  50.      * Determines whether to accept a received server host key.
  51.      *
  52.      * @param connectAddress
  53.      *            IP address the session tried to connect to
  54.      * @param remoteAddress
  55.      *            IP address as reported for the remote end point
  56.      * @param serverKey
  57.      *            received from the remote end
  58.      * @param config
  59.      *            giving access to potentially interesting configuration
  60.      *            settings
  61.      * @param provider
  62.      *            for interacting with the user, if required; may be
  63.      *            {@code null}
  64.      * @return {@code true} if the serverKey is accepted, {@code false}
  65.      *         otherwise
  66.      */
  67.     boolean accept(@NonNull String connectAddress,
  68.             @NonNull InetSocketAddress remoteAddress,
  69.             @NonNull PublicKey serverKey,
  70.             @NonNull Configuration config, CredentialsProvider provider);

  72.     /**
  73.      * A simple provider for ssh config settings related to host key checking.
  74.      * An instance is created by the JGit sshd framework and passed into
  75.      * {@link ServerKeyDatabase#lookup(String, InetSocketAddress, Configuration)}
  76.      * and
  77.      * {@link ServerKeyDatabase#accept(String, InetSocketAddress, PublicKey, Configuration, CredentialsProvider)}.
  78.      */
  79.     interface Configuration {

  81.         /**
  82.          * Retrieves the list of file names from the "UserKnownHostsFile" ssh
  83.          * config.
  84.          *
  85.          * @return the list as configured, with ~ already replaced
  86.          */
  87.         List<String> getUserKnownHostsFiles();

  89.         /**
  90.          * Retrieves the list of file names from the "GlobalKnownHostsFile" ssh
  91.          * config.
  92.          *
  93.          * @return the list as configured, with ~ already replaced
  94.          */
  95.         List<String> getGlobalKnownHostsFiles();

  97.         /**
  98.          * The possible values for the "StrictHostKeyChecking" ssh config.
  99.          */
  100.         enum StrictHostKeyChecking {
  101.             /**
  102.              * "ask"; default: ask the user whether to accept (and store) a new
  103.              * or mismatched key.
  104.              */
  105.             ASK,
  106.             /**
  107.              * "yes", "on": never accept new or mismatched keys.
  108.              */
  109.             REQUIRE_MATCH,
  110.             /**
  111.              * "no", "off": always accept new or mismatched keys.
  112.              */
  113.             ACCEPT_ANY,
  114.             /**
  115.              * "accept-new": accept new keys, but never accept modified keys.
  116.              */
  117.             ACCEPT_NEW
  118.         }

  120.         /**
  121.          * Obtains the value of the "StrictHostKeyChecking" ssh config.
  122.          *
  123.          * @return the {@link StrictHostKeyChecking}
  124.          */
  125.         @NonNull
  126.         StrictHostKeyChecking getStrictHostKeyChecking();

  128.         /**
  129.          * Obtains the value of the "HashKnownHosts" ssh config.
  130.          *
  131.          * @return {@code true} if new entries should be stored with hashed host
  132.          *         information, {@code false} otherwise
  133.          */
  134.         boolean getHashKnownHosts();

  136.         /**
  137.          * Obtains the user name used in the connection attempt.
  138.          *
  139.          * @return the user name
  140.          */
  141.         @NonNull
  142.         String getUsername();
  143.     }
  144. }
Created with JaCoCo 0.8.6.202009150832