| /* |
| * Copyright (C) 2019 Thomas Wolf <thomas.wolf@paranor.ch> and others |
| * |
| * This program and the accompanying materials are made available under the |
| * terms of the Eclipse Distribution License v. 1.0 which is available at |
| * https://www.eclipse.org/org/documents/edl-v10.php. |
| * |
| * SPDX-License-Identifier: BSD-3-Clause |
| */ |
| package org.eclipse.jgit.internal.transport.sshd; |
| |
| import static org.eclipse.jgit.internal.transport.ssh.OpenSshConfigFile.flag; |
| |
| import java.net.InetSocketAddress; |
| import java.net.SocketAddress; |
| import java.security.PublicKey; |
| import java.util.Collections; |
| import java.util.List; |
| import java.util.Locale; |
| |
| import org.apache.sshd.client.config.hosts.HostConfigEntry; |
| import org.apache.sshd.client.config.hosts.KnownHostHashValue; |
| import org.apache.sshd.client.keyverifier.ServerKeyVerifier; |
| import org.apache.sshd.client.session.ClientSession; |
| import org.apache.sshd.common.util.net.SshdSocketAddress; |
| import org.eclipse.jgit.annotations.NonNull; |
| import org.eclipse.jgit.transport.CredentialsProvider; |
| import org.eclipse.jgit.transport.SshConstants; |
| import org.eclipse.jgit.transport.sshd.ServerKeyDatabase; |
| import org.slf4j.Logger; |
| import org.slf4j.LoggerFactory; |
| |
| /** |
| * A bridge between the {@link ServerKeyVerifier} from Apache MINA sshd and our |
| * {@link ServerKeyDatabase}. |
| */ |
| public class JGitServerKeyVerifier |
| implements ServerKeyVerifier, ServerKeyLookup { |
| |
| private static final Logger LOG = LoggerFactory |
| .getLogger(JGitServerKeyVerifier.class); |
| |
| private final @NonNull ServerKeyDatabase database; |
| |
| /** |
| * Creates a new {@link JGitServerKeyVerifier} using the given |
| * {@link ServerKeyDatabase}. |
| * |
| * @param database |
| * to use |
| */ |
| public JGitServerKeyVerifier(@NonNull ServerKeyDatabase database) { |
| this.database = database; |
| } |
| |
| @Override |
| public List<PublicKey> lookup(ClientSession session, |
| SocketAddress remoteAddress) { |
| if (!(session instanceof JGitClientSession)) { |
| LOG.warn("Internal error: wrong session kind: " //$NON-NLS-1$ |
| + session.getClass().getName()); |
| return Collections.emptyList(); |
| } |
| if (!(remoteAddress instanceof InetSocketAddress)) { |
| return Collections.emptyList(); |
| } |
| SessionConfig config = new SessionConfig((JGitClientSession) session); |
| SshdSocketAddress connectAddress = SshdSocketAddress |
| .toSshdSocketAddress(session.getConnectAddress()); |
| String connect = KnownHostHashValue.createHostPattern( |
| connectAddress.getHostName(), connectAddress.getPort()); |
| return database.lookup(connect, (InetSocketAddress) remoteAddress, |
| config); |
| } |
| |
| @Override |
| public boolean verifyServerKey(ClientSession session, |
| SocketAddress remoteAddress, PublicKey serverKey) { |
| if (!(session instanceof JGitClientSession)) { |
| LOG.warn("Internal error: wrong session kind: " //$NON-NLS-1$ |
| + session.getClass().getName()); |
| return false; |
| } |
| if (!(remoteAddress instanceof InetSocketAddress)) { |
| return false; |
| } |
| SessionConfig config = new SessionConfig((JGitClientSession) session); |
| SshdSocketAddress connectAddress = SshdSocketAddress |
| .toSshdSocketAddress(session.getConnectAddress()); |
| String connect = KnownHostHashValue.createHostPattern( |
| connectAddress.getHostName(), connectAddress.getPort()); |
| CredentialsProvider provider = ((JGitClientSession) session) |
| .getCredentialsProvider(); |
| return database.accept(connect, (InetSocketAddress) remoteAddress, |
| serverKey, config, provider); |
| } |
| |
| private static class SessionConfig |
| implements ServerKeyDatabase.Configuration { |
| |
| private final JGitClientSession session; |
| |
| public SessionConfig(JGitClientSession session) { |
| this.session = session; |
| } |
| |
| private List<String> get(String key) { |
| HostConfigEntry entry = session.getHostConfigEntry(); |
| if (entry instanceof JGitHostConfigEntry) { |
| // Always true! |
| return ((JGitHostConfigEntry) entry).getMultiValuedOptions() |
| .get(key); |
| } |
| return Collections.emptyList(); |
| } |
| |
| @Override |
| public List<String> getUserKnownHostsFiles() { |
| return get(SshConstants.USER_KNOWN_HOSTS_FILE); |
| } |
| |
| @Override |
| public List<String> getGlobalKnownHostsFiles() { |
| return get(SshConstants.GLOBAL_KNOWN_HOSTS_FILE); |
| } |
| |
| @Override |
| public StrictHostKeyChecking getStrictHostKeyChecking() { |
| HostConfigEntry entry = session.getHostConfigEntry(); |
| String value = entry |
| .getProperty(SshConstants.STRICT_HOST_KEY_CHECKING, "ask"); //$NON-NLS-1$ |
| switch (value.toLowerCase(Locale.ROOT)) { |
| case SshConstants.YES: |
| case SshConstants.ON: |
| return StrictHostKeyChecking.REQUIRE_MATCH; |
| case SshConstants.NO: |
| case SshConstants.OFF: |
| return StrictHostKeyChecking.ACCEPT_ANY; |
| case "accept-new": //$NON-NLS-1$ |
| return StrictHostKeyChecking.ACCEPT_NEW; |
| default: |
| return StrictHostKeyChecking.ASK; |
| } |
| } |
| |
| @Override |
| public boolean getHashKnownHosts() { |
| HostConfigEntry entry = session.getHostConfigEntry(); |
| return flag(entry.getProperty(SshConstants.HASH_KNOWN_HOSTS)); |
| } |
| |
| @Override |
| public String getUsername() { |
| return session.getUsername(); |
| } |
| } |
| } |