Mirrors/sshj
1
0
Fork 0
mirror of https://github.com/hierynomus/sshj.git synced 2025-12-06 23:30:55 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

some small tweaks to PKCS8KeyFile in relation to the PEMReader -> PEMParser transition

Browse Source
This commit is contained in:
shikhar
2014-06-24 14:21:40 +05:30
parent 0875417dde
commit 2a7278d239
1 changed files with 39 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS8KeyFile.java
View File

@@ -15,13 +15,6 @@
*/ */
package net.schmizz.sshj.userauth.keyprovider; package net.schmizz.sshj.userauth.keyprovider;
import java.io.File;
import java.io.IOException;
import java.io.Reader;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import net.schmizz.sshj.common.IOUtils; import net.schmizz.sshj.common.IOUtils;
import net.schmizz.sshj.common.KeyType; import net.schmizz.sshj.common.KeyType;
import net.schmizz.sshj.userauth.password.PasswordFinder; import net.schmizz.sshj.userauth.password.PasswordFinder;
@@ -30,9 +23,7 @@ import net.schmizz.sshj.userauth.password.PrivateKeyFileResource;
import net.schmizz.sshj.userauth.password.PrivateKeyReaderResource; import net.schmizz.sshj.userauth.password.PrivateKeyReaderResource;
import net.schmizz.sshj.userauth.password.PrivateKeyStringResource; import net.schmizz.sshj.userauth.password.PrivateKeyStringResource;
import net.schmizz.sshj.userauth.password.Resource; import net.schmizz.sshj.userauth.password.Resource;
import org.bouncycastle.openssl.EncryptionException; import org.bouncycastle.openssl.EncryptionException;
import org.bouncycastle.openssl.PEMDecryptorProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair; import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair; import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser; import org.bouncycastle.openssl.PEMParser;
@@ -41,6 +32,13 @@ import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import java.io.File;
import java.io.IOException;
import java.io.Reader;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
/** Represents a PKCS8-encoded key file. This is the format used by OpenSSH and OpenSSL. */ /** Represents a PKCS8-encoded key file. This is the format used by OpenSSH and OpenSSL. */
public class PKCS8KeyFile public class PKCS8KeyFile
implements FileKeyProvider { implements FileKeyProvider {
@@ -123,44 +121,37 @@ public class PKCS8KeyFile
this.pwdf = pwdf; this.pwdf = pwdf;
} }
protected org.bouncycastle.openssl.PasswordFinder makeBouncyPasswordFinder() {
if (pwdf == null)
return null;
else
return new org.bouncycastle.openssl.PasswordFinder() {
@Override
public char[] getPassword() {
return passphrase = pwdf.reqPassword(resource);
}
};
}
protected KeyPair readKeyPair() protected KeyPair readKeyPair()
throws IOException { throws IOException {
KeyPair kp = null; KeyPair kp = null;
org.bouncycastle.openssl.PasswordFinder pFinder = makeBouncyPasswordFinder();
PEMParser r = null; for (PEMParser r = null; ; ) {
Object o = null;
try {
for (; ; ) {
// while the PasswordFinder tells us we should retry // while the PasswordFinder tells us we should retry
try { try {
r = new PEMParser(resource.getReader()); r = new PEMParser(resource.getReader());
o = r.readObject(); final Object o = r.readObject();
JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter(); final JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
pemConverter.setProvider("BC"); pemConverter.setProvider("BC");
if (pFinder != null && o instanceof PEMEncryptedKeyPair) {
if (o instanceof PEMEncryptedKeyPair) {
final PEMEncryptedKeyPair encryptedKeyPair = (PEMEncryptedKeyPair) o;
JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder(); JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder();
PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(pFinder.getPassword()); decryptorBuilder.setProvider("BC");
o = pemConverter.getKeyPair(((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor)); try {
passphrase = pwdf == null ? null : pwdf.reqPassword(resource);
kp = pemConverter.getKeyPair(encryptedKeyPair.decryptKeyPair(decryptorBuilder.build(passphrase)));
} finally {
PasswordUtils.blankOut(passphrase);
} }
if (o instanceof PEMKeyPair) { } else if (o instanceof PEMKeyPair) {
o = pemConverter.getKeyPair((PEMKeyPair) o); kp = pemConverter.getKeyPair((PEMKeyPair) o);
} else {
log.debug("Expected PEMEncryptedKeyPair or PEMKeyPair, got: {}", o);
} }
} catch (EncryptionException e) { } catch (EncryptionException e) {
if (pwdf.shouldRetry(resource)) if (pwdf != null && pwdf.shouldRetry(resource))
continue; continue;
else else
throw e; throw e;
@@ -169,16 +160,9 @@ public class PKCS8KeyFile
} }
break; break;
} }
} finally {
PasswordUtils.blankOut(passphrase);
}
if (o == null) if (kp == null)
throw new IOException("Could not read key pair from: " + resource); throw new IOException("Could not read key pair from: " + resource);
if (o instanceof KeyPair)
kp = (KeyPair) o;
else
log.debug("Expected KeyPair, got {}", o);
return kp; return kp;
} }