Skip to content

Commit

Permalink
Implement authentication with OpenSSH user certificate from file
Browse files Browse the repository at this point in the history
  • Loading branch information
@lovish1999
lovish1999 committed Nov 21, 2022
1 parent e402511 commit 2ae8ed7
Show file tree
Hide file tree
Showing 5 changed files with 117 additions and 7 deletions.
41 changes: 34 additions & 7 deletions src/main/java/com/jcraft/jsch/KeyPair.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,9 +41,12 @@ public abstract class KeyPair{
public static final int DSA=1;
public static final int RSA=2;
public static final int ECDSA=3;
public static final int UNKNOWN=4;
public static final int ED25519=5;
public static final int ED448=6;
public static final int DSA_CERT = 7;
public static final int RSA_CERT = 8;
public static final int ECDSA_CERT = 9;
public static final int UNKNOWN=10;

static final int VENDOR_OPENSSH=0;
static final int VENDOR_FSECURE=1;
Expand All @@ -66,6 +69,9 @@ public static KeyPair genKeyPair(JSch jsch, int type, int key_size) throws JSchE
else if(type==ECDSA){ kpair=new KeyPairECDSA(jsch); }
else if(type==ED25519){ kpair=new KeyPairEd25519(jsch); }
else if(type==ED448){ kpair=new KeyPairEd448(jsch); }
else if(type==RSA_CERT){ kpair=new OpenSSHUserCertRSA(jsch); }
else if(type==DSA_CERT){ kpair=new OpenSSHUserCertDSA(jsch); }
else if(type==ECDSA_CERT){ kpair=new OpenSSHUserCertECDSA(jsch); }
if(kpair!=null){
kpair.generate(key_size);
}
Expand Down Expand Up @@ -930,8 +936,19 @@ else if (data != null &&
if(buf[0]=='s'&& buf[1]=='s'&& buf[2]=='h' && buf[3]=='-'){
if(prvkey==null &&
buf.length>7){
if(buf[4]=='d'){ type=DSA; }
else if(buf[4]=='r'){ type=RSA; }
if (buf[4] == 'd') {
if (buf.length >= 12 && buf[8] == 'c' && buf[9] == 'e' && buf[10] == 'r' && buf[11] == 't') {
type = DSA_CERT;
} else {
type = DSA;
}
} else if (buf[4] == 'r') {
if (buf.length >= 12 && buf[8] == 'c' && buf[9] == 'e' && buf[10] == 'r' && buf[11] == 't') {
type = RSA_CERT;
} else {
type = RSA;
}
}
else if(buf[4]=='e' && buf[6]=='2'){ type=ED25519; }
else if(buf[4]=='e' && buf[6]=='4'){ type=ED448; }
}
Expand All @@ -950,11 +967,18 @@ else if (data != null &&
publicKeyComment = Util.byte2str(buf, start, i-start);
}
}
} else if (buf[0] == 'e' && buf[1] == 'c' && buf[2] == 'd' && buf[3] == 's') {
if (buf.length > 7) {
if (buf.length > 24 &&
buf[6] == 's' && buf[7] == 'h' && buf[8] == 'a' && buf[9] == '2' &&
buf[11] == 'n' && buf[12] == 'i' && buf[13] == 's' && buf[14] == 't' && buf[15] == 'p' &&
buf[16] == '2' && buf[17] == '5' && buf[18] == '6' &&
buf[20] == 'c' && buf[21] == 'e' && buf[22] == 'r' && buf[23] == 't') {
type = ECDSA_CERT;
} else {
type = ECDSA;
}
}
else if(buf[0]=='e'&& buf[1]=='c'&& buf[2]=='d' && buf[3]=='s'){
if(prvkey==null && buf.length>7){
type=ECDSA;
}
i=0;
while(i<len){ if(buf[i]==' ')break; i++;} i++;
if(i<len){
Expand Down Expand Up @@ -992,6 +1016,9 @@ static KeyPair getKeyPair(JSch jsch, byte[] prvkey, byte[] pubkey, byte[] iv, bo
else if(type==ECDSA){ kpair=new KeyPairECDSA(jsch, pubkey); }
else if(type==ED25519){ kpair=new KeyPairEd25519(jsch, pubkey, prvkey); }
else if(type==ED448){ kpair=new KeyPairEd448(jsch, pubkey, prvkey); }
else if(type==RSA_CERT){ kpair=new OpenSSHUserCertRSA (jsch); }
else if(type==DSA_CERT){ kpair=new OpenSSHUserCertDSA(jsch); }
else if(type==ECDSA_CERT){ kpair=new OpenSSHUserCertECDSA(jsch); }
else if(vendor==VENDOR_PKCS8){ kpair = new KeyPairPKCS8(jsch); }
else if (type == DEFERRED) { kpair = new KeyPairDeferred(jsch); }

Expand Down
7 changes: 7 additions & 0 deletions src/main/java/com/jcraft/jsch/OpenSSHCertifiedKey.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
package com.jcraft.jsch;

public interface OpenSSHCertifiedKey {
int SSH_CERT_TYPE_USER = 1;
int SSH_CERT_TYPE_HOST = 2;
int getCertificateType();
}
24 changes: 24 additions & 0 deletions src/main/java/com/jcraft/jsch/OpenSSHUserCertDSA.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
package com.jcraft.jsch;

public class OpenSSHUserCertDSA extends KeyPairDSA implements OpenSSHCertifiedKey {
private static final String keyType = "[email protected]";
private static final byte[] sshdsacert = Util.str2byte(keyType);

public OpenSSHUserCertDSA(JSch jsch){
super(jsch);
}

public int getCertificateType() {
return SSH_CERT_TYPE_USER;
}

@Override
public int getKeyType(){
return DSA_CERT;
}

@Override
byte[] getKeyTypeName(){
return sshdsacert;
}
}
24 changes: 24 additions & 0 deletions src/main/java/com/jcraft/jsch/OpenSSHUserCertECDSA.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
package com.jcraft.jsch;

public class OpenSSHUserCertECDSA extends KeyPairECDSA implements OpenSSHCertifiedKey {
private static final String keyType = "[email protected]";
private static final byte[] sshrsacert = Util.str2byte(keyType);

public OpenSSHUserCertECDSA(JSch jsch){
super(jsch);
}

public int getCertificateType() {
return SSH_CERT_TYPE_USER;
}

@Override
public int getKeyType(){
return RSA_CERT;
}

@Override
byte[] getKeyTypeName(){
return sshrsacert;
}
}
28 changes: 28 additions & 0 deletions src/main/java/com/jcraft/jsch/OpenSSHUserCertRSA.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
package com.jcraft.jsch;

/**
*
*/
public class OpenSSHUserCertRSA extends KeyPairRSA implements OpenSSHCertifiedKey {
private static final String keyType = "[email protected]";
private static final byte[] sshrsacert = Util.str2byte(keyType);

public OpenSSHUserCertRSA(JSch jsch){
super(jsch);
}

public int getCertificateType() {
return SSH_CERT_TYPE_USER;
}

@Override
public int getKeyType(){
return RSA_CERT;
}

@Override
byte[] getKeyTypeName(){
return sshrsacert;
}

}

0 comments on commit 2ae8ed7

Please sign in to comment.