diff options
Diffstat (limited to 'app/src/main/java/com/trilead/ssh2/auth/AuthenticationManager.java')
| -rw-r--r-- | app/src/main/java/com/trilead/ssh2/auth/AuthenticationManager.java | 466 |
1 files changed, 0 insertions, 466 deletions
diff --git a/app/src/main/java/com/trilead/ssh2/auth/AuthenticationManager.java b/app/src/main/java/com/trilead/ssh2/auth/AuthenticationManager.java deleted file mode 100644 index e551495..0000000 --- a/app/src/main/java/com/trilead/ssh2/auth/AuthenticationManager.java +++ /dev/null @@ -1,466 +0,0 @@ - -package com.trilead.ssh2.auth; - -import java.io.IOException; -import java.security.KeyPair; -import java.security.PrivateKey; -import java.security.SecureRandom; -import java.security.interfaces.DSAPrivateKey; -import java.security.interfaces.DSAPublicKey; -import java.security.interfaces.ECPrivateKey; -import java.security.interfaces.ECPublicKey; -import java.security.interfaces.RSAPrivateKey; -import java.security.interfaces.RSAPublicKey; -import java.util.Vector; - -import com.trilead.ssh2.InteractiveCallback; -import com.trilead.ssh2.crypto.PEMDecoder; -import com.trilead.ssh2.packets.PacketServiceAccept; -import com.trilead.ssh2.packets.PacketServiceRequest; -import com.trilead.ssh2.packets.PacketUserauthBanner; -import com.trilead.ssh2.packets.PacketUserauthFailure; -import com.trilead.ssh2.packets.PacketUserauthInfoRequest; -import com.trilead.ssh2.packets.PacketUserauthInfoResponse; -import com.trilead.ssh2.packets.PacketUserauthRequestInteractive; -import com.trilead.ssh2.packets.PacketUserauthRequestNone; -import com.trilead.ssh2.packets.PacketUserauthRequestPassword; -import com.trilead.ssh2.packets.PacketUserauthRequestPublicKey; -import com.trilead.ssh2.packets.Packets; -import com.trilead.ssh2.packets.TypesWriter; -import com.trilead.ssh2.signature.DSASHA1Verify; -import com.trilead.ssh2.signature.ECDSASHA2Verify; -import com.trilead.ssh2.signature.RSASHA1Verify; -import com.trilead.ssh2.transport.MessageHandler; -import com.trilead.ssh2.transport.TransportManager; - - -/** - * AuthenticationManager. - * - * @author Christian Plattner, plattner@trilead.com - * @version $Id: AuthenticationManager.java,v 1.1 2007/10/15 12:49:57 cplattne Exp $ - */ -public class AuthenticationManager implements MessageHandler -{ - TransportManager tm; - - Vector packets = new Vector(); - boolean connectionClosed = false; - - String banner; - - String[] remainingMethods = new String[0]; - boolean isPartialSuccess = false; - - boolean authenticated = false; - boolean initDone = false; - - public AuthenticationManager(TransportManager tm) - { - this.tm = tm; - } - - boolean methodPossible(String methName) - { - if (remainingMethods == null) - return false; - - for (int i = 0; i < remainingMethods.length; i++) - { - if (remainingMethods[i].compareTo(methName) == 0) - return true; - } - return false; - } - - byte[] deQueue() throws IOException - { - synchronized (packets) - { - while (packets.size() == 0) - { - if (connectionClosed) - throw (IOException) new IOException("The connection is closed.").initCause(tm - .getReasonClosedCause()); - - try - { - packets.wait(); - } - catch (InterruptedException ign) - { - } - } - /* This sequence works with J2ME */ - byte[] res = (byte[]) packets.firstElement(); - packets.removeElementAt(0); - return res; - } - } - - byte[] getNextMessage() throws IOException - { - while (true) - { - byte[] msg = deQueue(); - - if (msg[0] != Packets.SSH_MSG_USERAUTH_BANNER) - return msg; - - PacketUserauthBanner sb = new PacketUserauthBanner(msg, 0, msg.length); - - banner = sb.getBanner(); - } - } - - public String[] getRemainingMethods(String user) throws IOException - { - initialize(user); - return remainingMethods; - } - - public boolean getPartialSuccess() - { - return isPartialSuccess; - } - - private boolean initialize(String user) throws IOException - { - if (initDone == false) - { - tm.registerMessageHandler(this, 0, 255); - - PacketServiceRequest sr = new PacketServiceRequest("ssh-userauth"); - tm.sendMessage(sr.getPayload()); - - PacketUserauthRequestNone urn = new PacketUserauthRequestNone("ssh-connection", user); - tm.sendMessage(urn.getPayload()); - - byte[] msg = getNextMessage(); - new PacketServiceAccept(msg, 0, msg.length); - msg = getNextMessage(); - - initDone = true; - - if (msg[0] == Packets.SSH_MSG_USERAUTH_SUCCESS) - { - authenticated = true; - tm.removeMessageHandler(this, 0, 255); - return true; - } - - if (msg[0] == Packets.SSH_MSG_USERAUTH_FAILURE) - { - PacketUserauthFailure puf = new PacketUserauthFailure(msg, 0, msg.length); - - remainingMethods = puf.getAuthThatCanContinue(); - isPartialSuccess = puf.isPartialSuccess(); - return false; - } - - throw new IOException("Unexpected SSH message (type " + msg[0] + ")"); - } - return authenticated; - } - - public boolean authenticatePublicKey(String user, char[] PEMPrivateKey, String password, SecureRandom rnd) - throws IOException - { - KeyPair pair = PEMDecoder.decode(PEMPrivateKey, password); - - return authenticatePublicKey(user, pair, rnd); - } - - public boolean authenticatePublicKey(String user, KeyPair pair, SecureRandom rnd) - throws IOException - { - PrivateKey key = pair.getPrivate(); - - try - { - initialize(user); - - if (methodPossible("publickey") == false) - throw new IOException("Authentication method publickey not supported by the server at this stage."); - - if (key instanceof DSAPrivateKey) - { - DSAPrivateKey pk = (DSAPrivateKey) key; - - byte[] pk_enc = DSASHA1Verify.encodeSSHDSAPublicKey((DSAPublicKey) pair.getPublic()); - - TypesWriter tw = new TypesWriter(); - - byte[] H = tm.getSessionIdentifier(); - - tw.writeString(H, 0, H.length); - tw.writeByte(Packets.SSH_MSG_USERAUTH_REQUEST); - tw.writeString(user); - tw.writeString("ssh-connection"); - tw.writeString("publickey"); - tw.writeBoolean(true); - tw.writeString("ssh-dss"); - tw.writeString(pk_enc, 0, pk_enc.length); - - byte[] msg = tw.getBytes(); - - byte[] ds = DSASHA1Verify.generateSignature(msg, pk, rnd); - - byte[] ds_enc = DSASHA1Verify.encodeSSHDSASignature(ds); - - PacketUserauthRequestPublicKey ua = new PacketUserauthRequestPublicKey("ssh-connection", user, - "ssh-dss", pk_enc, ds_enc); - tm.sendMessage(ua.getPayload()); - } - else if (key instanceof RSAPrivateKey) - { - RSAPrivateKey pk = (RSAPrivateKey) key; - - byte[] pk_enc = RSASHA1Verify.encodeSSHRSAPublicKey((RSAPublicKey) pair.getPublic()); - - TypesWriter tw = new TypesWriter(); - { - byte[] H = tm.getSessionIdentifier(); - - tw.writeString(H, 0, H.length); - tw.writeByte(Packets.SSH_MSG_USERAUTH_REQUEST); - tw.writeString(user); - tw.writeString("ssh-connection"); - tw.writeString("publickey"); - tw.writeBoolean(true); - tw.writeString("ssh-rsa"); - tw.writeString(pk_enc, 0, pk_enc.length); - } - - byte[] msg = tw.getBytes(); - - byte[] ds = RSASHA1Verify.generateSignature(msg, pk); - - byte[] rsa_sig_enc = RSASHA1Verify.encodeSSHRSASignature(ds); - - PacketUserauthRequestPublicKey ua = new PacketUserauthRequestPublicKey("ssh-connection", user, - "ssh-rsa", pk_enc, rsa_sig_enc); - - tm.sendMessage(ua.getPayload()); - } - else if (key instanceof ECPrivateKey) - { - ECPrivateKey pk = (ECPrivateKey) key; - final String algo = ECDSASHA2Verify.ECDSA_SHA2_PREFIX - + ECDSASHA2Verify.getCurveName(pk.getParams()); - - byte[] pk_enc = ECDSASHA2Verify.encodeSSHECDSAPublicKey((ECPublicKey) pair.getPublic()); - - TypesWriter tw = new TypesWriter(); - { - byte[] H = tm.getSessionIdentifier(); - - tw.writeString(H, 0, H.length); - tw.writeByte(Packets.SSH_MSG_USERAUTH_REQUEST); - tw.writeString(user); - tw.writeString("ssh-connection"); - tw.writeString("publickey"); - tw.writeBoolean(true); - tw.writeString(algo); - tw.writeString(pk_enc, 0, pk_enc.length); - } - - byte[] msg = tw.getBytes(); - - byte[] ds = ECDSASHA2Verify.generateSignature(msg, pk); - - byte[] ec_sig_enc = ECDSASHA2Verify.encodeSSHECDSASignature(ds, pk.getParams()); - - PacketUserauthRequestPublicKey ua = new PacketUserauthRequestPublicKey("ssh-connection", user, - algo, pk_enc, ec_sig_enc); - - tm.sendMessage(ua.getPayload()); - } - else - { - throw new IOException("Unknown private key type returned by the PEM decoder."); - } - - byte[] ar = getNextMessage(); - if (ar[0] == Packets.SSH_MSG_USERAUTH_SUCCESS) - { - authenticated = true; - tm.removeMessageHandler(this, 0, 255); - return true; - } - - if (ar[0] == Packets.SSH_MSG_USERAUTH_FAILURE) - { - PacketUserauthFailure puf = new PacketUserauthFailure(ar, 0, ar.length); - - remainingMethods = puf.getAuthThatCanContinue(); - isPartialSuccess = puf.isPartialSuccess(); - - return false; - } - - throw new IOException("Unexpected SSH message (type " + ar[0] + ")"); - - } - catch (IOException e) - { -e.printStackTrace(); - tm.close(e, false); - throw (IOException) new IOException("Publickey authentication failed.").initCause(e); - } - } - - public boolean authenticateNone(String user) throws IOException - { - try - { - initialize(user); - return authenticated; - } - catch (IOException e) - { - tm.close(e, false); - throw (IOException) new IOException("None authentication failed.").initCause(e); - } - } - - public boolean authenticatePassword(String user, String pass) throws IOException - { - try - { - initialize(user); - - if (methodPossible("password") == false) - throw new IOException("Authentication method password not supported by the server at this stage."); - - PacketUserauthRequestPassword ua = new PacketUserauthRequestPassword("ssh-connection", user, pass); - tm.sendMessage(ua.getPayload()); - - byte[] ar = getNextMessage(); - - if (ar[0] == Packets.SSH_MSG_USERAUTH_SUCCESS) - { - authenticated = true; - tm.removeMessageHandler(this, 0, 255); - return true; - } - - if (ar[0] == Packets.SSH_MSG_USERAUTH_FAILURE) - { - PacketUserauthFailure puf = new PacketUserauthFailure(ar, 0, ar.length); - - remainingMethods = puf.getAuthThatCanContinue(); - isPartialSuccess = puf.isPartialSuccess(); - - return false; - } - - throw new IOException("Unexpected SSH message (type " + ar[0] + ")"); - - } - catch (IOException e) - { - tm.close(e, false); - throw (IOException) new IOException("Password authentication failed.").initCause(e); - } - } - - public boolean authenticateInteractive(String user, String[] submethods, InteractiveCallback cb) throws IOException - { - try - { - initialize(user); - - if (methodPossible("keyboard-interactive") == false) - throw new IOException( - "Authentication method keyboard-interactive not supported by the server at this stage."); - - if (submethods == null) - submethods = new String[0]; - - PacketUserauthRequestInteractive ua = new PacketUserauthRequestInteractive("ssh-connection", user, - submethods); - - tm.sendMessage(ua.getPayload()); - - while (true) - { - byte[] ar = getNextMessage(); - - if (ar[0] == Packets.SSH_MSG_USERAUTH_SUCCESS) - { - authenticated = true; - tm.removeMessageHandler(this, 0, 255); - return true; - } - - if (ar[0] == Packets.SSH_MSG_USERAUTH_FAILURE) - { - PacketUserauthFailure puf = new PacketUserauthFailure(ar, 0, ar.length); - - remainingMethods = puf.getAuthThatCanContinue(); - isPartialSuccess = puf.isPartialSuccess(); - - return false; - } - - if (ar[0] == Packets.SSH_MSG_USERAUTH_INFO_REQUEST) - { - PacketUserauthInfoRequest pui = new PacketUserauthInfoRequest(ar, 0, ar.length); - - String[] responses; - - try - { - responses = cb.replyToChallenge(pui.getName(), pui.getInstruction(), pui.getNumPrompts(), pui - .getPrompt(), pui.getEcho()); - } - catch (Exception e) - { - throw (IOException) new IOException("Exception in callback.").initCause(e); - } - - if (responses == null) - throw new IOException("Your callback may not return NULL!"); - - PacketUserauthInfoResponse puir = new PacketUserauthInfoResponse(responses); - tm.sendMessage(puir.getPayload()); - - continue; - } - - throw new IOException("Unexpected SSH message (type " + ar[0] + ")"); - } - } - catch (IOException e) - { - tm.close(e, false); - throw (IOException) new IOException("Keyboard-interactive authentication failed.").initCause(e); - } - } - - public void handleMessage(byte[] msg, int msglen) throws IOException - { - synchronized (packets) - { - if (msg == null) - { - connectionClosed = true; - } - else - { - byte[] tmp = new byte[msglen]; - System.arraycopy(msg, 0, tmp, 0, msglen); - packets.addElement(tmp); - } - - packets.notifyAll(); - - if (packets.size() > 5) - { - connectionClosed = true; - throw new IOException("Error, peer is flooding us with authentication packets."); - } - } - } -} |