ServerKeyDatabase.java

/*
 * Copyright (C) 2019 Thomas Wolf <thomas.wolf@paranor.ch>
 * and other copyright owners as documented in the project's IP log.
 *
 * This program and the accompanying materials are made available
 * under the terms of the Eclipse Distribution License v1.0 which
 * accompanies this distribution, is reproduced below, and is
 * available at http://www.eclipse.org/org/documents/edl-v10.php
 *
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or
 * without modification, are permitted provided that the following
 * conditions are met:
 *
 * - Redistributions of source code must retain the above copyright
 *   notice, this list of conditions and the following disclaimer.
 *
 * - Redistributions in binary form must reproduce the above
 *   copyright notice, this list of conditions and the following
 *   disclaimer in the documentation and/or other materials provided
 *   with the distribution.
 *
 * - Neither the name of the Eclipse Foundation, Inc. nor the
 *   names of its contributors may be used to endorse or promote
 *   products derived from this software without specific prior
 *   written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
 * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
package org.eclipse.jgit.transport.sshd;

import java.net.InetSocketAddress;
import java.security.PublicKey;
import java.util.List;

import org.eclipse.jgit.annotations.NonNull;
import org.eclipse.jgit.transport.CredentialsProvider;

/**
 * An interface for a database of known server keys, supporting finding all
 * known keys and also deciding whether a server key is to be accepted.
 * <p>
 * Connection addresses are given as strings of the format
 * {@code [hostName]:port} if using a non-standard port (i.e., not port 22),
 * otherwise just {@code hostname}.
 * </p>
 *
 * @since 5.5
 */
public interface ServerKeyDatabase {

	/**
	 * Retrieves all known host keys for the given addresses.
	 *
	 * @param connectAddress
	 *            IP address the session tried to connect to
	 * @param remoteAddress
	 *            IP address as reported for the remote end point
	 * @param config
	 *            giving access to potentially interesting configuration
	 *            settings
	 * @return the list of known keys for the given addresses
	 */
	@NonNull
	List<PublicKey> lookup(@NonNull String connectAddress,
			@NonNull InetSocketAddress remoteAddress,
			@NonNull Configuration config);

	/**
	 * Determines whether to accept a received server host key.
	 *
	 * @param connectAddress
	 *            IP address the session tried to connect to
	 * @param remoteAddress
	 *            IP address as reported for the remote end point
	 * @param serverKey
	 *            received from the remote end
	 * @param config
	 *            giving access to potentially interesting configuration
	 *            settings
	 * @param provider
	 *            for interacting with the user, if required; may be
	 *            {@code null}
	 * @return {@code true} if the serverKey is accepted, {@code false}
	 *         otherwise
	 */
	boolean accept(@NonNull String connectAddress,
			@NonNull InetSocketAddress remoteAddress,
			@NonNull PublicKey serverKey,
			@NonNull Configuration config, CredentialsProvider provider);

	/**
	 * A simple provider for ssh config settings related to host key checking.
	 * An instance is created by the JGit sshd framework and passed into
	 * {@link ServerKeyDatabase#lookup(String, InetSocketAddress, Configuration)}
	 * and
	 * {@link ServerKeyDatabase#accept(String, InetSocketAddress, PublicKey, Configuration, CredentialsProvider)}.
	 */
	interface Configuration {

		/**
		 * Retrieves the list of file names from the "UserKnownHostsFile" ssh
		 * config.
		 *
		 * @return the list as configured, with ~ already replaced
		 */
		List<String> getUserKnownHostsFiles();

		/**
		 * Retrieves the list of file names from the "GlobalKnownHostsFile" ssh
		 * config.
		 *
		 * @return the list as configured, with ~ already replaced
		 */
		List<String> getGlobalKnownHostsFiles();

		/**
		 * The possible values for the "StrictHostKeyChecking" ssh config.
		 */
		enum StrictHostKeyChecking {
			/**
			 * "ask"; default: ask the user whether to accept (and store) a new
			 * or mismatched key.
			 */
			ASK,
			/**
			 * "yes", "on": never accept new or mismatched keys.
			 */
			REQUIRE_MATCH,
			/**
			 * "no", "off": always accept new or mismatched keys.
			 */
			ACCEPT_ANY,
			/**
			 * "accept-new": accept new keys, but never accept modified keys.
			 */
			ACCEPT_NEW
		}

		/**
		 * Obtains the value of the "StrictHostKeyChecking" ssh config.
		 *
		 * @return the {@link StrictHostKeyChecking}
		 */
		@NonNull
		StrictHostKeyChecking getStrictHostKeyChecking();

		/**
		 * Obtains the value of the "HashKnownHosts" ssh config.
		 *
		 * @return {@code true} if new entries should be stored with hashed host
		 *         information, {@code false} otherwise
		 */
		boolean getHashKnownHosts();

		/**
		 * Obtains the user name used in the connection attempt.
		 *
		 * @return the user name
		 */
		@NonNull
		String getUsername();
	}
}