From a502d96a860456ec5e8c96761db70f7cabb74751 Mon Sep 17 00:00:00 2001
From: Paul Martin <paul@paulsputer.com>
Date: Sat, 30 Apr 2016 04:19:14 -0400
Subject: [PATCH] Merge pull request #1073 from gitblit/1062-DocEditorUpdates
---
src/main/java/com/gitblit/transport/ssh/FileKeyPairProvider.java | 154 +++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 154 insertions(+), 0 deletions(-)
diff --git a/src/main/java/com/gitblit/transport/ssh/FileKeyPairProvider.java b/src/main/java/com/gitblit/transport/ssh/FileKeyPairProvider.java
new file mode 100644
index 0000000..db0741e
--- /dev/null
+++ b/src/main/java/com/gitblit/transport/ssh/FileKeyPairProvider.java
@@ -0,0 +1,154 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package com.gitblit.transport.ssh;
+
+import java.io.FileInputStream;
+import java.io.InputStreamReader;
+import java.security.KeyPair;
+import java.util.Arrays;
+import java.util.Iterator;
+import java.util.NoSuchElementException;
+
+import org.apache.sshd.common.keyprovider.AbstractKeyPairProvider;
+import org.apache.sshd.common.util.SecurityUtils;
+import org.bouncycastle.openssl.PEMDecryptorProvider;
+import org.bouncycastle.openssl.PEMEncryptedKeyPair;
+import org.bouncycastle.openssl.PEMKeyPair;
+import org.bouncycastle.openssl.PEMParser;
+import org.bouncycastle.openssl.PasswordFinder;
+import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
+import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
+
+/**
+ * This host key provider loads private keys from the specified files.
+ *
+ * Note that this class has a direct dependency on BouncyCastle and won't work
+ * unless it has been correctly registered as a security provider.
+ *
+ * @author <a href="mailto:dev@mina.apache.org">Apache MINA SSHD Project</a>
+ */
+public class FileKeyPairProvider extends AbstractKeyPairProvider {
+
+ private String[] files;
+ private PasswordFinder passwordFinder;
+
+ public FileKeyPairProvider() {
+ }
+
+ public FileKeyPairProvider(String[] files) {
+ this.files = files;
+ }
+
+ public FileKeyPairProvider(String[] files, PasswordFinder passwordFinder) {
+ this.files = files;
+ this.passwordFinder = passwordFinder;
+ }
+
+ public String[] getFiles() {
+ return files;
+ }
+
+ public void setFiles(String[] files) {
+ this.files = files;
+ }
+
+ public PasswordFinder getPasswordFinder() {
+ return passwordFinder;
+ }
+
+ public void setPasswordFinder(PasswordFinder passwordFinder) {
+ this.passwordFinder = passwordFinder;
+ }
+
+ public Iterable<KeyPair> loadKeys() {
+ if (!SecurityUtils.isBouncyCastleRegistered()) {
+ throw new IllegalStateException("BouncyCastle must be registered as a JCE provider");
+ }
+ return new Iterable<KeyPair>() {
+ @Override
+ public Iterator<KeyPair> iterator() {
+ return new Iterator<KeyPair>() {
+ private final Iterator<String> iterator = Arrays.asList(files).iterator();
+ private KeyPair nextKeyPair;
+ private boolean nextKeyPairSet = false;
+ @Override
+ public boolean hasNext() {
+ return nextKeyPairSet || setNextObject();
+ }
+ @Override
+ public KeyPair next() {
+ if (!nextKeyPairSet) {
+ if (!setNextObject()) {
+ throw new NoSuchElementException();
+ }
+ }
+ nextKeyPairSet = false;
+ return nextKeyPair;
+ }
+ @Override
+ public void remove() {
+ throw new UnsupportedOperationException();
+ }
+ private boolean setNextObject() {
+ while (iterator.hasNext()) {
+ String file = iterator.next();
+ nextKeyPair = doLoadKey(file);
+ if (nextKeyPair != null) {
+ nextKeyPairSet = true;
+ return true;
+ }
+ }
+ return false;
+ }
+
+ };
+ }
+ };
+ }
+
+ protected KeyPair doLoadKey(String file) {
+ try {
+ PEMParser r = new PEMParser(new InputStreamReader(new FileInputStream(file)));
+ try {
+ Object o = r.readObject();
+
+ JcaPEMKeyConverter pemConverter = new JcaPEMKeyConverter();
+ pemConverter.setProvider("BC");
+ if (passwordFinder != null && o instanceof PEMEncryptedKeyPair) {
+ JcePEMDecryptorProviderBuilder decryptorBuilder = new JcePEMDecryptorProviderBuilder();
+ PEMDecryptorProvider pemDecryptor = decryptorBuilder.build(passwordFinder.getPassword());
+ o = pemConverter.getKeyPair(((PEMEncryptedKeyPair) o).decryptKeyPair(pemDecryptor));
+ }
+
+ if (o instanceof PEMKeyPair) {
+ o = pemConverter.getKeyPair((PEMKeyPair)o);
+ return (KeyPair) o;
+ } else if (o instanceof KeyPair) {
+ return (KeyPair) o;
+ }
+ } finally {
+ r.close();
+ }
+ } catch (Exception e) {
+ log.warn("Unable to read key " + file, e);
+ }
+ return null;
+ }
+
+}
--
Gitblit v1.9.1