org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/ServerKeyDatabase.java - jgit - Git at Google

 /*
  * Copyright (C) 2019 Thomas Wolf <thomas.wolf@paranor.ch>
  * and other copyright owners as documented in the project's IP log.
  *
  * This program and the accompanying materials are made available
  * under the terms of the Eclipse Distribution License v1.0 which
  * accompanies this distribution, is reproduced below, and is
  * available at http://www.eclipse.org/org/documents/edl-v10.php
  *
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or
  * without modification, are permitted provided that the following
  * conditions are met:
  *
  * - Redistributions of source code must retain the above copyright
  *   notice, this list of conditions and the following disclaimer.
  *
  * - Redistributions in binary form must reproduce the above
  *   copyright notice, this list of conditions and the following
  *   disclaimer in the documentation and/or other materials provided
  *   with the distribution.
  *
  * - Neither the name of the Eclipse Foundation, Inc. nor the
  *   names of its contributors may be used to endorse or promote
  *   products derived from this software without specific prior
  *   written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
  * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 package org.eclipse.jgit.transport.sshd;

 import java.net.InetSocketAddress;
 import java.security.PublicKey;
 import java.util.List;

 import org.eclipse.jgit.annotations.NonNull;
 import org.eclipse.jgit.transport.CredentialsProvider;

 /**
  * An interface for a database of known server keys, supporting finding all
  * known keys and also deciding whether a server key is to be accepted.
  * <p>
  * Connection addresses are given as strings of the format
  * {@code [hostName]:port} if using a non-standard port (i.e., not port 22),
  * otherwise just {@code hostname}.
  * </p>
  *
  * @since 5.5
  */
 public interface ServerKeyDatabase {

 	/**
 	 * Retrieves all known host keys for the given addresses.
 	 *
 	 * @param connectAddress
 	 *            IP address the session tried to connect to
 	 * @param remoteAddress
 	 *            IP address as reported for the remote end point
 	 * @param config
 	 *            giving access to potentially interesting configuration
 	 *            settings
 	 * @return the list of known keys for the given addresses
 	 */
 	@NonNull
 	List<PublicKey> lookup(@NonNull String connectAddress,
 			@NonNull InetSocketAddress remoteAddress,
 			@NonNull Configuration config);

 	/**
 	 * Determines whether to accept a received server host key.
 	 *
 	 * @param connectAddress
 	 *            IP address the session tried to connect to
 	 * @param remoteAddress
 	 *            IP address as reported for the remote end point
 	 * @param serverKey
 	 *            received from the remote end
 	 * @param config
 	 *            giving access to potentially interesting configuration
 	 *            settings
 	 * @param provider
 	 *            for interacting with the user, if required; may be
 	 *            {@code null}
 	 * @return {@code true} if the serverKey is accepted, {@code false}
 	 *         otherwise
 	 */
 	boolean accept(@NonNull String connectAddress,
 			@NonNull InetSocketAddress remoteAddress,
 			@NonNull PublicKey serverKey,
 			@NonNull Configuration config, CredentialsProvider provider);

 	/**
 	 * A simple provider for ssh config settings related to host key checking.
 	 * An instance is created by the JGit sshd framework and passed into
 	 * {@link ServerKeyDatabase#lookup(String, InetSocketAddress, Configuration)}
 	 * and
 	 * {@link ServerKeyDatabase#accept(String, InetSocketAddress, PublicKey, Configuration, CredentialsProvider)}.
 	 */
 	interface Configuration {

 		/**
 		 * Retrieves the list of file names from the "UserKnownHostsFile" ssh
 		 * config.
 		 *
 		 * @return the list as configured, with ~ already replaced
 		 */
 		List<String> getUserKnownHostsFiles();

 		/**
 		 * Retrieves the list of file names from the "GlobalKnownHostsFile" ssh
 		 * config.
 		 *
 		 * @return the list as configured, with ~ already replaced
 		 */
 		List<String> getGlobalKnownHostsFiles();

 		/**
 		 * The possible values for the "StrictHostKeyChecking" ssh config.
 		 */
 		enum StrictHostKeyChecking {
 			/**
 			 * "ask"; default: ask the user whether to accept (and store) a new
 			 * or mismatched key.
 			 */
 			ASK,
 			/**
 			 * "yes", "on": never accept new or mismatched keys.
 			 */
 			REQUIRE_MATCH,
 			/**
 			 * "no", "off": always accept new or mismatched keys.
 			 */
 			ACCEPT_ANY,
 			/**
 			 * "accept-new": accept new keys, but never accept modified keys.
 			 */
 			ACCEPT_NEW
 		}

 		/**
 		 * Obtains the value of the "StrictHostKeyChecking" ssh config.
 		 *
 		 * @return the {@link StrictHostKeyChecking}
 		 */
 		@NonNull
 		StrictHostKeyChecking getStrictHostKeyChecking();

 		/**
 		 * Obtains the value of the "HashKnownHosts" ssh config.
 		 *
 		 * @return {@code true} if new entries should be stored with hashed host
 		 *         information, {@code false} otherwise
 		 */
 		boolean getHashKnownHosts();

 		/**
 		 * Obtains the user name used in the connection attempt.
 		 *
 		 * @return the user name
 		 */
 		@NonNull
 		String getUsername();
 	}
 }
	/*
	* Copyright (C) 2019 Thomas Wolf <thomas.wolf@paranor.ch>
	* and other copyright owners as documented in the project's IP log.
	*
	* This program and the accompanying materials are made available
	* under the terms of the Eclipse Distribution License v1.0 which
	* accompanies this distribution, is reproduced below, and is
	* available at http://www.eclipse.org/org/documents/edl-v10.php
	*
	* All rights reserved.
	*
	* Redistribution and use in source and binary forms, with or
	* without modification, are permitted provided that the following
	* conditions are met:
	*
	* - Redistributions of source code must retain the above copyright
	* notice, this list of conditions and the following disclaimer.
	*
	* - Redistributions in binary form must reproduce the above
	* copyright notice, this list of conditions and the following
	* disclaimer in the documentation and/or other materials provided
	* with the distribution.
	*
	* - Neither the name of the Eclipse Foundation, Inc. nor the
	* names of its contributors may be used to endorse or promote
	* products derived from this software without specific prior
	* written permission.
	*
	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
	* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
	* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
	* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
	* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
	* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	*/
	package org.eclipse.jgit.transport.sshd;

	import java.net.InetSocketAddress;
	import java.security.PublicKey;
	import java.util.List;

	import org.eclipse.jgit.annotations.NonNull;
	import org.eclipse.jgit.transport.CredentialsProvider;

	/**
	* An interface for a database of known server keys, supporting finding all
	* known keys and also deciding whether a server key is to be accepted.
	* <p>
	* Connection addresses are given as strings of the format
	* {@code [hostName]:port} if using a non-standard port (i.e., not port 22),
	* otherwise just {@code hostname}.
	* </p>
	*
	* @since 5.5
	*/
	public interface ServerKeyDatabase {

	/**
	* Retrieves all known host keys for the given addresses.
	*
	* @param connectAddress
	* IP address the session tried to connect to
	* @param remoteAddress
	* IP address as reported for the remote end point
	* @param config
	* giving access to potentially interesting configuration
	* settings
	* @return the list of known keys for the given addresses
	*/
	@NonNull
	List<PublicKey> lookup(@NonNull String connectAddress,
	@NonNull InetSocketAddress remoteAddress,
	@NonNull Configuration config);

	/**
	* Determines whether to accept a received server host key.
	*
	* @param connectAddress
	* IP address the session tried to connect to
	* @param remoteAddress
	* IP address as reported for the remote end point
	* @param serverKey
	* received from the remote end
	* @param config
	* giving access to potentially interesting configuration
	* settings
	* @param provider
	* for interacting with the user, if required; may be
	* {@code null}
	* @return {@code true} if the serverKey is accepted, {@code false}
	* otherwise
	*/
	boolean accept(@NonNull String connectAddress,
	@NonNull InetSocketAddress remoteAddress,
	@NonNull PublicKey serverKey,
	@NonNull Configuration config, CredentialsProvider provider);

	/**
	* A simple provider for ssh config settings related to host key checking.
	* An instance is created by the JGit sshd framework and passed into
	* {@link ServerKeyDatabase#lookup(String, InetSocketAddress, Configuration)}
	* and
	* {@link ServerKeyDatabase#accept(String, InetSocketAddress, PublicKey, Configuration, CredentialsProvider)}.
	*/
	interface Configuration {

	/**
	* Retrieves the list of file names from the "UserKnownHostsFile" ssh
	* config.
	*
	* @return the list as configured, with ~ already replaced
	*/
	List<String> getUserKnownHostsFiles();

	/**
	* Retrieves the list of file names from the "GlobalKnownHostsFile" ssh
	* config.
	*
	* @return the list as configured, with ~ already replaced
	*/
	List<String> getGlobalKnownHostsFiles();

	/**
	* The possible values for the "StrictHostKeyChecking" ssh config.
	*/
	enum StrictHostKeyChecking {
	/**
	* "ask"; default: ask the user whether to accept (and store) a new
	* or mismatched key.
	*/
	ASK,
	/**
	* "yes", "on": never accept new or mismatched keys.
	*/
	REQUIRE_MATCH,
	/**
	* "no", "off": always accept new or mismatched keys.
	*/
	ACCEPT_ANY,
	/**
	* "accept-new": accept new keys, but never accept modified keys.
	*/
	ACCEPT_NEW
	}

	/**
	* Obtains the value of the "StrictHostKeyChecking" ssh config.
	*
	* @return the {@link StrictHostKeyChecking}
	*/
	@NonNull
	StrictHostKeyChecking getStrictHostKeyChecking();

	/**
	* Obtains the value of the "HashKnownHosts" ssh config.
	*
	* @return {@code true} if new entries should be stored with hashed host
	* information, {@code false} otherwise
	*/
	boolean getHashKnownHosts();

	/**
	* Obtains the user name used in the connection attempt.
	*
	* @return the user name
	*/
	@NonNull
	String getUsername();
	}
	}