JGitServerKeyVerifier.java
/*
* Copyright (C) 2019 Thomas Wolf <thomas.wolf@paranor.ch>
* and other copyright owners as documented in the project's IP log.
*
* This program and the accompanying materials are made available
* under the terms of the Eclipse Distribution License v1.0 which
* accompanies this distribution, is reproduced below, and is
* available at http://www.eclipse.org/org/documents/edl-v10.php
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or
* without modification, are permitted provided that the following
* conditions are met:
*
* - Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* - Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the following
* disclaimer in the documentation and/or other materials provided
* with the distribution.
*
* - Neither the name of the Eclipse Foundation, Inc. nor the
* names of its contributors may be used to endorse or promote
* products derived from this software without specific prior
* written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package org.eclipse.jgit.internal.transport.sshd;
import static org.eclipse.jgit.internal.transport.ssh.OpenSshConfigFile.flag;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.security.PublicKey;
import java.util.Collections;
import java.util.List;
import java.util.Locale;
import org.apache.sshd.client.config.hosts.HostConfigEntry;
import org.apache.sshd.client.config.hosts.KnownHostHashValue;
import org.apache.sshd.client.keyverifier.ServerKeyVerifier;
import org.apache.sshd.client.session.ClientSession;
import org.apache.sshd.common.util.net.SshdSocketAddress;
import org.eclipse.jgit.annotations.NonNull;
import org.eclipse.jgit.transport.CredentialsProvider;
import org.eclipse.jgit.transport.SshConstants;
import org.eclipse.jgit.transport.sshd.ServerKeyDatabase;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* A bridge between the {@link ServerKeyVerifier} from Apache MINA sshd and our
* {@link ServerKeyDatabase}.
*/
public class JGitServerKeyVerifier
implements ServerKeyVerifier, ServerKeyLookup {
private static final Logger LOG = LoggerFactory
.getLogger(JGitServerKeyVerifier.class);
private final @NonNull ServerKeyDatabase database;
/**
* Creates a new {@link JGitServerKeyVerifier} using the given
* {@link ServerKeyDatabase}.
*
* @param database
* to use
*/
public JGitServerKeyVerifier(@NonNull ServerKeyDatabase database) {
this.database = database;
}
@Override
public List<PublicKey> lookup(ClientSession session,
SocketAddress remoteAddress) {
if (!(session instanceof JGitClientSession)) {
LOG.warn("Internal error: wrong session kind: " //$NON-NLS-1$
+ session.getClass().getName());
return Collections.emptyList();
}
if (!(remoteAddress instanceof InetSocketAddress)) {
return Collections.emptyList();
}
SessionConfig config = new SessionConfig((JGitClientSession) session);
SshdSocketAddress connectAddress = SshdSocketAddress
.toSshdSocketAddress(session.getConnectAddress());
String connect = KnownHostHashValue.createHostPattern(
connectAddress.getHostName(), connectAddress.getPort());
return database.lookup(connect, (InetSocketAddress) remoteAddress,
config);
}
@Override
public boolean verifyServerKey(ClientSession session,
SocketAddress remoteAddress, PublicKey serverKey) {
if (!(session instanceof JGitClientSession)) {
LOG.warn("Internal error: wrong session kind: " //$NON-NLS-1$
+ session.getClass().getName());
return false;
}
if (!(remoteAddress instanceof InetSocketAddress)) {
return false;
}
SessionConfig config = new SessionConfig((JGitClientSession) session);
SshdSocketAddress connectAddress = SshdSocketAddress
.toSshdSocketAddress(session.getConnectAddress());
String connect = KnownHostHashValue.createHostPattern(
connectAddress.getHostName(), connectAddress.getPort());
CredentialsProvider provider = ((JGitClientSession) session)
.getCredentialsProvider();
return database.accept(connect, (InetSocketAddress) remoteAddress,
serverKey, config, provider);
}
private static class SessionConfig
implements ServerKeyDatabase.Configuration {
private final JGitClientSession session;
public SessionConfig(JGitClientSession session) {
this.session = session;
}
private List<String> get(String key) {
HostConfigEntry entry = session.getHostConfigEntry();
if (entry instanceof JGitHostConfigEntry) {
// Always true!
return ((JGitHostConfigEntry) entry).getMultiValuedOptions()
.get(key);
}
return Collections.emptyList();
}
@Override
public List<String> getUserKnownHostsFiles() {
return get(SshConstants.USER_KNOWN_HOSTS_FILE);
}
@Override
public List<String> getGlobalKnownHostsFiles() {
return get(SshConstants.GLOBAL_KNOWN_HOSTS_FILE);
}
@Override
public StrictHostKeyChecking getStrictHostKeyChecking() {
HostConfigEntry entry = session.getHostConfigEntry();
String value = entry
.getProperty(SshConstants.STRICT_HOST_KEY_CHECKING, "ask"); //$NON-NLS-1$
switch (value.toLowerCase(Locale.ROOT)) {
case SshConstants.YES:
case SshConstants.ON:
return StrictHostKeyChecking.REQUIRE_MATCH;
case SshConstants.NO:
case SshConstants.OFF:
return StrictHostKeyChecking.ACCEPT_ANY;
case "accept-new": //$NON-NLS-1$
return StrictHostKeyChecking.ACCEPT_NEW;
default:
return StrictHostKeyChecking.ASK;
}
}
@Override
public boolean getHashKnownHosts() {
HostConfigEntry entry = session.getHostConfigEntry();
return flag(entry.getProperty(SshConstants.HASH_KNOWN_HOSTS));
}
@Override
public String getUsername() {
return session.getUsername();
}
}
}