Class SshAgentClient
- java.lang.Object
-
- org.eclipse.jgit.internal.transport.sshd.agent.SshAgentClient
-
- All Implemented Interfaces:
java.io.Closeable
,java.lang.AutoCloseable
,java.nio.channels.Channel
,org.apache.sshd.agent.SshAgent
public class SshAgentClient extends java.lang.Object implements org.apache.sshd.agent.SshAgent
A client for an SSH2 agent. This client supports querying identities, signature requests, and adding keys to an agent (with or without constraints). Removing keys is not supported, and the older SSH1 protocol is not supported.- See Also:
- SSH Agent Protocol, RFC draft
-
-
Field Summary
Fields Modifier and Type Field Description private java.util.concurrent.atomic.AtomicBoolean
closed
private Connector
connector
private static org.slf4j.Logger
LOG
private static int
MAX_NUMBER_OF_KEYS
-
Constructor Summary
Constructors Constructor Description SshAgentClient(Connector connector)
Creates a newSshAgentClient
implementing the SSH2 ssh agent protocol, using the givenConnector
to connect to the SSH agent and to exchange messages.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addIdentity(java.security.KeyPair key, java.lang.String comment, org.apache.sshd.agent.SshAgentKeyConstraint... constraints)
private static byte[]
asn1Parse(byte[] encoded, int n)
Extracts the private key bytes from an encoded ed25519 private key by parsing the bytes as ASN.1 according to RFC 5958 (PKCS #8 encoding):void
close()
java.lang.Iterable<? extends java.util.Map.Entry<java.security.PublicKey,java.lang.String>>
getIdentities()
boolean
isOpen()
private boolean
open(boolean debugging)
private static void
putEd25519Key(org.apache.sshd.common.util.buffer.Buffer msg, java.security.KeyPair key)
Writes an ed25519KeyPair
to aBuffer
.private static java.security.PublicKey
readKey(org.apache.sshd.common.util.buffer.Buffer buffer)
A safe version ofBuffer.getPublicKey()
.void
removeAllIdentities()
void
removeIdentity(java.security.PublicKey key)
private org.apache.sshd.common.util.buffer.Buffer
rpc(byte command)
private org.apache.sshd.common.util.buffer.Buffer
rpc(byte command, byte[] message)
java.util.Map.Entry<java.lang.String,byte[]>
sign(org.apache.sshd.common.session.SessionContext session, java.security.PublicKey key, java.lang.String algorithm, byte[] data)
-
-
-
Field Detail
-
LOG
private static final org.slf4j.Logger LOG
-
MAX_NUMBER_OF_KEYS
private static final int MAX_NUMBER_OF_KEYS
- See Also:
- Constant Field Values
-
closed
private final java.util.concurrent.atomic.AtomicBoolean closed
-
connector
private final Connector connector
-
-
Constructor Detail
-
SshAgentClient
public SshAgentClient(Connector connector)
Creates a newSshAgentClient
implementing the SSH2 ssh agent protocol, using the givenConnector
to connect to the SSH agent and to exchange messages.- Parameters:
connector
-Connector
to use
-
-
Method Detail
-
open
private boolean open(boolean debugging) throws java.io.IOException
- Throws:
java.io.IOException
-
close
public void close() throws java.io.IOException
- Specified by:
close
in interfacejava.lang.AutoCloseable
- Specified by:
close
in interfacejava.nio.channels.Channel
- Specified by:
close
in interfacejava.io.Closeable
- Throws:
java.io.IOException
-
getIdentities
public java.lang.Iterable<? extends java.util.Map.Entry<java.security.PublicKey,java.lang.String>> getIdentities() throws java.io.IOException
- Specified by:
getIdentities
in interfaceorg.apache.sshd.agent.SshAgent
- Throws:
java.io.IOException
-
sign
public java.util.Map.Entry<java.lang.String,byte[]> sign(org.apache.sshd.common.session.SessionContext session, java.security.PublicKey key, java.lang.String algorithm, byte[] data) throws java.io.IOException
- Specified by:
sign
in interfaceorg.apache.sshd.agent.SshAgent
- Throws:
java.io.IOException
-
addIdentity
public void addIdentity(java.security.KeyPair key, java.lang.String comment, org.apache.sshd.agent.SshAgentKeyConstraint... constraints) throws java.io.IOException
- Specified by:
addIdentity
in interfaceorg.apache.sshd.agent.SshAgent
- Throws:
java.io.IOException
-
putEd25519Key
private static void putEd25519Key(org.apache.sshd.common.util.buffer.Buffer msg, java.security.KeyPair key) throws java.io.IOException
Writes an ed25519KeyPair
to aBuffer
. OpenSSH specifies that it expects the 32 public key bytes, followed by 64 bytes formed by concatenating the 32 private key bytes with the 32 public key bytes.- Parameters:
msg
-Buffer
to write tokey
-KeyPair
to write- Throws:
java.io.IOException
- if the private key cannot be written
-
asn1Parse
private static byte[] asn1Parse(byte[] encoded, int n) throws java.io.IOException
Extracts the private key bytes from an encoded ed25519 private key by parsing the bytes as ASN.1 according to RFC 5958 (PKCS #8 encoding):OneAsymmetricKey ::= SEQUENCE { version Version, privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, privateKey PrivateKey, ... } Version ::= INTEGER PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier PrivateKey ::= OCTET STRING AlgorithmIdentifier ::= SEQUENCE { algorithm OBJECT IDENTIFIER, parameters ANY DEFINED BY algorithm OPTIONAL }
and RFC 8410: "... when encoding a OneAsymmetricKey object, the private key is wrapped in a CurvePrivateKey object and wrapped by the OCTET STRING of the 'privateKey' field."
CurvePrivateKey ::= OCTET STRING
-
readKey
private static java.security.PublicKey readKey(org.apache.sshd.common.util.buffer.Buffer buffer) throws org.apache.sshd.common.util.buffer.BufferException
A safe version ofBuffer.getPublicKey()
. Upon return the buffers's read position is always after the key blob; any exceptions thrown by trying to read the key are logged and not propagated.This is needed because an SSH agent might contain and deliver keys that we cannot handle (for instance ed448 keys).
- Parameters:
buffer
- to read the key from- Returns:
- the
PublicKey
, ornull
if the key could not be read - Throws:
org.apache.sshd.common.util.buffer.BufferException
- if the length of the key blob cannot be read or is corrupted
-
rpc
private org.apache.sshd.common.util.buffer.Buffer rpc(byte command, byte[] message) throws java.io.IOException
- Throws:
java.io.IOException
-
rpc
private org.apache.sshd.common.util.buffer.Buffer rpc(byte command) throws java.io.IOException
- Throws:
java.io.IOException
-
isOpen
public boolean isOpen()
- Specified by:
isOpen
in interfacejava.nio.channels.Channel
-
removeIdentity
public void removeIdentity(java.security.PublicKey key) throws java.io.IOException
- Specified by:
removeIdentity
in interfaceorg.apache.sshd.agent.SshAgent
- Throws:
java.io.IOException
-
removeAllIdentities
public void removeAllIdentities() throws java.io.IOException
- Specified by:
removeAllIdentities
in interfaceorg.apache.sshd.agent.SshAgent
- Throws:
java.io.IOException
-
-