Class UserAuthPublicKey
java.lang.Object
org.apache.sshd.common.util.logging.AbstractLoggingBean
org.apache.sshd.client.auth.AbstractUserAuth
org.apache.sshd.client.auth.pubkey.UserAuthPublicKey
- All Implemented Interfaces:
UserAuth
,ClientSessionHolder
,UserAuthInstance<ClientSession>
,NamedResource
,SignatureFactoriesHolder
,SignatureFactoriesManager
Implements the "publickey" authentication mechanism
- Author:
- Apache MINA SSHD Project
-
Field Summary
Modifier and TypeFieldDescriptionprotected String
protected PublicKeyIdentity
protected List<NamedFactory<Signature>>
static final AttributeRepository.AttributeKey<String>
Is set on aClientSession
when it is created; contains the value of theIdentityAgent
SSH config setting.protected Iterator<PublicKeyIdentity>
static final String
static final AttributeRepository.AttributeKey<Boolean>
Is set on aClientSession
when it is created; ifBoolean.FALSE
, no default identities shall be used.Fields inherited from class org.apache.sshd.common.util.logging.AbstractLoggingBean
log
Fields inherited from interface org.apache.sshd.common.NamedResource
BY_NAME_COMPARATOR, NAME_EXTRACTOR
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected byte[]
appendSignature
(ClientSession session, String service, String name, String username, String algo, PublicKey key, PublicKey serverKey, Buffer buffer) protected Iterator<PublicKeyIdentity>
createPublicKeyIterator
(ClientSession session, SignatureFactoriesManager manager) void
destroy()
Called to release any allocated resourcesprotected String
getDefaultSignatureAlgorithm
(ClientSession session, String service, PublicKeyIdentity identity, KeyPair keyPair, String keyType) Determines a signature algorithm name to use for the authentication request if none could be determined from the installed signature factories.void
init
(ClientSession session, String service) protected boolean
processAuthDataRequest
(ClientSession session, String service, Buffer buffer) protected void
protected PublicKeyIdentity
resolveAttemptedPublicKeyIdentity
(ClientSession session, String service) protected PublicKeyIdentity
resolveAttemptedPublicKeyIdentity
(ClientSession session, String service, PublicKeyAuthenticationReporter reporter) protected boolean
sendAuthDataRequest
(ClientSession session, String service) void
setSignatureFactories
(List<NamedFactory<Signature>> factories) void
signalAuthMethodFailure
(ClientSession session, String service, boolean partial, List<String> serverMethods, Buffer buffer) Signals reception ofSSH_MSG_USERAUTH_FAILURE
messagevoid
signalAuthMethodSuccess
(ClientSession session, String service, Buffer buffer) Signal reception ofSSH_MSG_USERAUTH_SUCCESS
messageMethods inherited from class org.apache.sshd.client.auth.AbstractUserAuth
getClientSession, getName, getService, getSession, isCancellable, process, setCancellable, toString
Methods inherited from class org.apache.sshd.common.util.logging.AbstractLoggingBean
debug, debug, debug, debug, debug, error, error, error, error, error, getSimplifiedLogger, info, info, warn, warn, warn, warn, warn, warn, warn, warn
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
Methods inherited from interface org.apache.sshd.common.signature.SignatureFactoriesHolder
getSignatureFactoriesNameList, getSignatureFactoriesNames
Methods inherited from interface org.apache.sshd.common.signature.SignatureFactoriesManager
setSignatureFactoriesNameList, setSignatureFactoriesNames, setSignatureFactoriesNames
-
Field Details
-
NAME
- See Also:
-
USE_DEFAULT_IDENTITIES
Is set on aClientSession
when it is created; ifBoolean.FALSE
, no default identities shall be used. -
IDENTITY_AGENT
Is set on aClientSession
when it is created; contains the value of theIdentityAgent
SSH config setting. May be the empty string if not specified in theHostConfigEntry
. -
currentAlgorithms
-
keys
-
current
-
factories
-
chosenAlgorithm
-
-
Constructor Details
-
UserAuthPublicKey
public UserAuthPublicKey() -
UserAuthPublicKey
-
-
Method Details
-
getSignatureFactories
- Specified by:
getSignatureFactories
in interfaceSignatureFactoriesHolder
-
setSignatureFactories
- Specified by:
setSignatureFactories
in interfaceSignatureFactoriesManager
-
init
- Specified by:
init
in interfaceUserAuth
- Overrides:
init
in classAbstractUserAuth
- Parameters:
session
- TheClientSession
service
- The requesting service name- Throws:
Exception
- If failed to initialize the mechanism
-
createPublicKeyIterator
protected Iterator<PublicKeyIdentity> createPublicKeyIterator(ClientSession session, SignatureFactoriesManager manager) throws Exception - Throws:
Exception
-
sendAuthDataRequest
- Specified by:
sendAuthDataRequest
in classAbstractUserAuth
- Throws:
Exception
-
resolveAttemptedPublicKeyIdentity
protected PublicKeyIdentity resolveAttemptedPublicKeyIdentity(ClientSession session, String service) throws Exception - Throws:
Exception
-
resolveAttemptedPublicKeyIdentity
protected PublicKeyIdentity resolveAttemptedPublicKeyIdentity(ClientSession session, String service, PublicKeyAuthenticationReporter reporter) throws Exception - Throws:
Exception
-
getDefaultSignatureAlgorithm
protected String getDefaultSignatureAlgorithm(ClientSession session, String service, PublicKeyIdentity identity, KeyPair keyPair, String keyType) throws Exception Determines a signature algorithm name to use for the authentication request if none could be determined from the installed signature factories. If a non-null
non-empty string is returned, it is used as is in the authentication.This is mainly intended for use with identities from an SSH agent, where the SSH agent may be able to sign the request even if there is no appropriate signature factory present in Java. Whether it makes sense to allow this depends on the application logic and how it handles e.g. SSH config
PubkeyAcceptedKeyTypes
(orPubkeyAcceptedAlgorithms
}.This default implementation always returns
null
, skipping the key.- Parameters:
session
-ClientSession
trying to authenticateservice
- SSH service nameidentity
-PublicKeyIdentity
considered to be used for authenticationkeyPair
-KeyPair
fromidentity
keyType
- the key type ofkeyPair
- Returns:
null
or an empty string to skip this key and consider another key, if any, to use for authentication, or a non-empty signature algorithm name to use for the authentication attempt using the givenidentity
- Throws:
Exception
- if an error occurs- See Also:
-
processAuthDataRequest
protected boolean processAuthDataRequest(ClientSession session, String service, Buffer buffer) throws Exception - Specified by:
processAuthDataRequest
in classAbstractUserAuth
- Throws:
Exception
-
appendSignature
protected byte[] appendSignature(ClientSession session, String service, String name, String username, String algo, PublicKey key, PublicKey serverKey, Buffer buffer) throws Exception - Throws:
Exception
-
signalAuthMethodSuccess
public void signalAuthMethodSuccess(ClientSession session, String service, Buffer buffer) throws Exception Description copied from interface:UserAuth
Signal reception ofSSH_MSG_USERAUTH_SUCCESS
message- Specified by:
signalAuthMethodSuccess
in interfaceUserAuth
- Parameters:
session
- TheClientSession
service
- The requesting service namebuffer
- TheBuffer
containing the success message (after having consumed the relevant data from it)- Throws:
Exception
- If failed to handle the callback - Note: may cause session close
-
signalAuthMethodFailure
public void signalAuthMethodFailure(ClientSession session, String service, boolean partial, List<String> serverMethods, Buffer buffer) throws Exception Description copied from interface:UserAuth
Signals reception ofSSH_MSG_USERAUTH_FAILURE
message- Specified by:
signalAuthMethodFailure
in interfaceUserAuth
- Parameters:
session
- TheClientSession
service
- The requesting service namepartial
-true
if some partial authentication success so farserverMethods
- TheList
of authentication methods that can continuebuffer
- TheBuffer
containing the failure message (after having consumed the relevant data from it)- Throws:
Exception
- If failed to handle the callback - Note: may cause session close
-
destroy
public void destroy()Description copied from interface:UserAuth
Called to release any allocated resources- Specified by:
destroy
in interfaceUserAuth
- Overrides:
destroy
in classAbstractUserAuth
-
releaseKeys
- Throws:
IOException
-