src/main/java/com/gitblit/transport/ssh/FileKeyPairProvider.java - gitblit - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package com.gitblit.transport.ssh;

 import java.io.FileInputStream;
 import java.io.InputStreamReader;
 import java.security.KeyPair;
 import java.util.Arrays;
 import java.util.Iterator;
 import java.util.NoSuchElementException;

 import org.apache.sshd.common.keyprovider.AbstractKeyPairProvider;
 import org.apache.sshd.common.util.SecurityUtils;
 import org.bouncycastle.openssl.PEMDecryptorProvider;
 import org.bouncycastle.openssl.PEMEncryptedKeyPair;
 import org.bouncycastle.openssl.PEMKeyPair;
 import org.bouncycastle.openssl.PEMParser;
 import org.bouncycastle.openssl.PasswordFinder;
 import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
 import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;

 /**
  * This host key provider loads private keys from the specified files.
  *
  * Note that this class has a direct dependency on BouncyCastle and won't work
  * unless it has been correctly registered as a security provider.
  *
  * @author <a href="mailto:dev@mina.apache.org">Apache MINA SSHD Project</a>
  */
 public class FileKeyPairProvider extends AbstractKeyPairProvider {

     private String[] files;
     private PasswordFinder passwordFinder;

     public FileKeyPairProvider() {
     }

     public FileKeyPairProvider(String[] files) {
         this.files = files;
     }

     public FileKeyPairProvider(String[] files, PasswordFinder passwordFinder) {
         this.files = files;
         this.passwordFinder = passwordFinder;
     }

     public String[] getFiles() {
         return files;
     }

     public void setFiles(String[] files) {
         this.files = files;
     }

     public PasswordFinder getPasswordFinder() {
         return passwordFinder;
     }

     public void setPasswordFinder(PasswordFinder passwordFinder) {
         this.passwordFinder = passwordFinder;
     }

     public Iterable<KeyPair> loadKeys() {
         if (!SecurityUtils.isBouncyCastleRegistered()) {
             throw new IllegalStateException("BouncyCastle must be registered as a JCE provider");
         }
         return new Iterable<KeyPair>() {
             @Override
 			public Iterator<KeyPair> iterator() {
                 return new Iterator<KeyPair>() {
                     private final Iterator<String> iterator = Arrays.asList(files).iterator();
                     private KeyPair nextKeyPair;
                     private boolean nextKeyPairSet = false;
                     @Override
 					public boolean hasNext() {
                         return nextKeyPairSet || setNextObject();
                     }
                     @Override
 					public KeyPair next() {
                         if (!nextKeyPairSet) {
                             if (!setNextObject()) {
                                 throw new NoSuchElementException();
                             }
                         }
                         nextKeyPairSet = false;
                         return nextKeyPair;
                     }
                     @Override
 					public void remove() {
                         throw new UnsupportedOperationException();
                     }
                     private boolean setNextObject() {
                         while (iterator.hasNext()) {
                             String file = iterator.next();
                             nextKeyPair = doLoadKey(file);
                             if (nextKeyPair != null) {
                                 nextKeyPairSet = true;
                                 return true;
                             }
                         }
                         return false;
                     }

                 };
             }
         };
     }

     protected KeyPair doLoadKey(String file) {
         try {
             PEMParser r = new PEMParser(new InputStreamReader(new FileInputStream(file)));
             try {
                 Object o = r.readObject();

                 JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
                 pemConverter.setProvider("BC");
                 if (passwordFinder != null && o instanceof PEMEncryptedKeyPair) {
                     JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder();
                     PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(passwordFinder.getPassword());
                     o = pemConverter.getKeyPair(((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor));
                 }

                 if (o instanceof PEMKeyPair) {
                     o = pemConverter.getKeyPair((PEMKeyPair)o);
                     return (KeyPair) o;
                 } else if (o instanceof KeyPair) {
                     return (KeyPair) o;
                 }
             } finally {
                 r.close();
             }
         } catch (Exception e) {
             log.warn("Unable to read key " + file, e);
         }
         return null;
     }

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package com.gitblit.transport.ssh;

	import java.io.FileInputStream;
	import java.io.InputStreamReader;
	import java.security.KeyPair;
	import java.util.Arrays;
	import java.util.Iterator;
	import java.util.NoSuchElementException;

	import org.apache.sshd.common.keyprovider.AbstractKeyPairProvider;
	import org.apache.sshd.common.util.SecurityUtils;
	import org.bouncycastle.openssl.PEMDecryptorProvider;
	import org.bouncycastle.openssl.PEMEncryptedKeyPair;
	import org.bouncycastle.openssl.PEMKeyPair;
	import org.bouncycastle.openssl.PEMParser;
	import org.bouncycastle.openssl.PasswordFinder;
	import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
	import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;

	/**
	* This host key provider loads private keys from the specified files.
	*
	* Note that this class has a direct dependency on BouncyCastle and won't work
	* unless it has been correctly registered as a security provider.
	*
	* @author <a href="mailto:dev@mina.apache.org">Apache MINA SSHD Project</a>
	*/
	public class FileKeyPairProvider extends AbstractKeyPairProvider {

	private String[] files;
	private PasswordFinder passwordFinder;

	public FileKeyPairProvider() {
	}

	public FileKeyPairProvider(String[] files) {
	this.files = files;
	}

	public FileKeyPairProvider(String[] files, PasswordFinder passwordFinder) {
	this.files = files;
	this.passwordFinder = passwordFinder;
	}

	public String[] getFiles() {
	return files;
	}

	public void setFiles(String[] files) {
	this.files = files;
	}

	public PasswordFinder getPasswordFinder() {
	return passwordFinder;
	}

	public void setPasswordFinder(PasswordFinder passwordFinder) {
	this.passwordFinder = passwordFinder;
	}

	public Iterable<KeyPair> loadKeys() {
	if (!SecurityUtils.isBouncyCastleRegistered()) {
	throw new IllegalStateException("BouncyCastle must be registered as a JCE provider");
	}
	return new Iterable<KeyPair>() {
	@Override
	public Iterator<KeyPair> iterator() {
	return new Iterator<KeyPair>() {
	private final Iterator<String> iterator = Arrays.asList(files).iterator();
	private KeyPair nextKeyPair;
	private boolean nextKeyPairSet = false;
	@Override
	public boolean hasNext() {
	return nextKeyPairSet \|\| setNextObject();
	}
	@Override
	public KeyPair next() {
	if (!nextKeyPairSet) {
	if (!setNextObject()) {
	throw new NoSuchElementException();
	}
	}
	nextKeyPairSet = false;
	return nextKeyPair;
	}
	@Override
	public void remove() {
	throw new UnsupportedOperationException();
	}
	private boolean setNextObject() {
	while (iterator.hasNext()) {
	String file = iterator.next();
	nextKeyPair = doLoadKey(file);
	if (nextKeyPair != null) {
	nextKeyPairSet = true;
	return true;
	}
	}
	return false;
	}

	};
	}
	};
	}

	protected KeyPair doLoadKey(String file) {
	try {
	PEMParser r = new PEMParser(new InputStreamReader(new FileInputStream(file)));
	try {
	Object o = r.readObject();

	JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
	pemConverter.setProvider("BC");
	if (passwordFinder != null && o instanceof PEMEncryptedKeyPair) {
	JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder();
	PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(passwordFinder.getPassword());
	o = pemConverter.getKeyPair(((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor));
	}

	if (o instanceof PEMKeyPair) {
	o = pemConverter.getKeyPair((PEMKeyPair)o);
	return (KeyPair) o;
	} else if (o instanceof KeyPair) {
	return (KeyPair) o;
	}
	} finally {
	r.close();
	}
	} catch (Exception e) {
	log.warn("Unable to read key " + file, e);
	}
	return null;
	}

	}