From 4271e2ed172a016e9455f0e43b628a744907ce63 Mon Sep 17 00:00:00 2001 From: Kenny Root Date: Sun, 3 Feb 2013 19:00:31 -0800 Subject: Remove J2ME compatibility layer for keys Use JCE instead of the DIY crypto library that is in Trilead. This was apparently for J2ME devices. Well, I'm sorry, J2ME devices, you're dead to me. --- .../ssh2/channel/AuthAgentForwardThread.java | 78 +++++++++++++++++----- .../com/trilead/ssh2/channel/ChannelManager.java | 38 +++++------ 2 files changed, 80 insertions(+), 36 deletions(-) (limited to 'lib/src/main/java/com/trilead/ssh2/channel') diff --git a/lib/src/main/java/com/trilead/ssh2/channel/AuthAgentForwardThread.java b/lib/src/main/java/com/trilead/ssh2/channel/AuthAgentForwardThread.java index 57b9a5e..d3f10a3 100644 --- a/lib/src/main/java/com/trilead/ssh2/channel/AuthAgentForwardThread.java +++ b/lib/src/main/java/com/trilead/ssh2/channel/AuthAgentForwardThread.java @@ -21,7 +21,20 @@ import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.math.BigInteger; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.PublicKey; import java.security.SecureRandom; +import java.security.interfaces.DSAPrivateKey; +import java.security.interfaces.RSAPrivateKey; +import java.security.spec.DSAPrivateKeySpec; +import java.security.spec.DSAPublicKeySpec; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.KeySpec; +import java.security.spec.RSAPrivateKeySpec; +import java.security.spec.RSAPublicKeySpec; import java.util.Map; import java.util.Map.Entry; @@ -29,12 +42,8 @@ import com.trilead.ssh2.AuthAgentCallback; import com.trilead.ssh2.log.Logger; import com.trilead.ssh2.packets.TypesReader; import com.trilead.ssh2.packets.TypesWriter; -import com.trilead.ssh2.signature.DSAPrivateKey; import com.trilead.ssh2.signature.DSASHA1Verify; -import com.trilead.ssh2.signature.DSASignature; -import com.trilead.ssh2.signature.RSAPrivateKey; import com.trilead.ssh2.signature.RSASHA1Verify; -import com.trilead.ssh2.signature.RSASignature; /** * AuthAgentForwardThread. @@ -268,7 +277,7 @@ public class AuthAgentForwardThread extends Thread implements IChannelWorkerThre String type = tr.readString(); - Object key; + KeyPair pair; String comment; if (type.equals("ssh-rsa")) { @@ -280,7 +289,24 @@ public class AuthAgentForwardThread extends Thread implements IChannelWorkerThre tr.readMPINT(); // q comment = tr.readString(); - key = new RSAPrivateKey(d, e, n); + KeySpec pubSpec = new RSAPublicKeySpec(n, e); + KeySpec privSpec = new RSAPrivateKeySpec(n, d); + + PublicKey pubKey; + PrivateKey privKey; + try { + KeyFactory kf = KeyFactory.getInstance("RSA"); + pubKey = kf.generatePublic(pubSpec); + privKey = kf.generatePrivate(privSpec); + } catch (NoSuchAlgorithmException ex) { + // TODO: log error + return; + } catch (InvalidKeySpecException ex) { + // TODO: log error + return; + } + + pair = new KeyPair(pubKey, privKey); } else if (type.equals("ssh-dss")) { BigInteger p = tr.readMPINT(); BigInteger q = tr.readMPINT(); @@ -289,7 +315,24 @@ public class AuthAgentForwardThread extends Thread implements IChannelWorkerThre BigInteger x = tr.readMPINT(); comment = tr.readString(); - key = new DSAPrivateKey(p, q, g, y, x); + KeySpec pubSpec = new DSAPublicKeySpec(y, p, q, g); + KeySpec privSpec = new DSAPrivateKeySpec(x, p, q, g); + + PublicKey pubKey; + PrivateKey privKey; + try { + KeyFactory kf = KeyFactory.getInstance("DSA"); + pubKey = kf.generatePublic(pubSpec); + privKey = kf.generatePrivate(privSpec); + } catch (NoSuchAlgorithmException ex) { + // TODO: log error + return; + } catch (InvalidKeySpecException ex) { + // TODO: log error + return; + } + + pair = new KeyPair(pubKey, privKey); } else { os.write(SSH_AGENT_FAILURE); return; @@ -313,7 +356,7 @@ public class AuthAgentForwardThread extends Thread implements IChannelWorkerThre } } - if (authAgent.addIdentity(key, comment, confirmUse, lifetime)) + if (authAgent.addIdentity(pair, comment, confirmUse, lifetime)) os.write(SSH_AGENT_SUCCESS); else os.write(SSH_AGENT_FAILURE); @@ -390,7 +433,7 @@ public class AuthAgentForwardThread extends Thread implements IChannelWorkerThre if (failWhenLocked()) return; - byte[] publicKey = tr.readByteString(); + byte[] publicKeyBytes = tr.readByteString(); byte[] challenge = tr.readByteString(); int flags = tr.readUINT32(); @@ -401,22 +444,23 @@ public class AuthAgentForwardThread extends Thread implements IChannelWorkerThre return; } - Object trileadKey = authAgent.getPrivateKey(publicKey); + KeyPair pair = authAgent.getKeyPair(publicKeyBytes); - if (trileadKey == null) { + if (pair == null) { os.write(SSH_AGENT_FAILURE); return; } byte[] response; - if (trileadKey instanceof RSAPrivateKey) { - RSASignature signature = RSASHA1Verify.generateSignature(challenge, - (RSAPrivateKey) trileadKey); + PrivateKey privKey = pair.getPrivate(); + if (privKey instanceof RSAPrivateKey) { + byte[] signature = RSASHA1Verify.generateSignature(challenge, + (RSAPrivateKey) privKey); response = RSASHA1Verify.encodeSSHRSASignature(signature); - } else if (trileadKey instanceof DSAPrivateKey) { - DSASignature signature = DSASHA1Verify.generateSignature(challenge, - (DSAPrivateKey) trileadKey, new SecureRandom()); + } else if (privKey instanceof DSAPrivateKey) { + byte[] signature = DSASHA1Verify.generateSignature(challenge, + (DSAPrivateKey) privKey, new SecureRandom()); response = DSASHA1Verify.encodeSSHDSASignature(signature); } else { os.write(SSH_AGENT_FAILURE); diff --git a/lib/src/main/java/com/trilead/ssh2/channel/ChannelManager.java b/lib/src/main/java/com/trilead/ssh2/channel/ChannelManager.java index 630e0cc..432aef5 100644 --- a/lib/src/main/java/com/trilead/ssh2/channel/ChannelManager.java +++ b/lib/src/main/java/com/trilead/ssh2/channel/ChannelManager.java @@ -40,21 +40,21 @@ public class ChannelManager implements MessageHandler { private static final Logger log = Logger.getLogger(ChannelManager.class); - private HashMap x11_magic_cookies = new HashMap(); + private HashMap x11_magic_cookies = new HashMap(); private TransportManager tm; - private Vector channels = new Vector(); + private Vector channels = new Vector(); private int nextLocalChannel = 100; private boolean shutdown = false; private int globalSuccessCounter = 0; private int globalFailedCounter = 0; - private HashMap remoteForwardings = new HashMap(); + private HashMap remoteForwardings = new HashMap(); private AuthAgentCallback authAgent; - private Vector listenerThreads = new Vector(); + private Vector listenerThreads = new Vector(); private boolean listenerThreadsAllowed = true; @@ -70,7 +70,7 @@ public class ChannelManager implements MessageHandler { for (int i = 0; i < channels.size(); i++) { - Channel c = (Channel) channels.elementAt(i); + Channel c = channels.elementAt(i); if (c.localID == id) return c; } @@ -84,7 +84,7 @@ public class ChannelManager implements MessageHandler { for (int i = 0; i < channels.size(); i++) { - Channel c = (Channel) channels.elementAt(i); + Channel c = channels.elementAt(i); if (c.localID == id) { channels.removeElementAt(i); @@ -223,16 +223,16 @@ public class ChannelManager implements MessageHandler if (log.isEnabled()) log.log(50, "Closing all X11 channels for the given fake cookie"); - Vector channel_copy; + Vector channel_copy; synchronized (channels) { - channel_copy = (Vector) channels.clone(); + channel_copy = (Vector) channels.clone(); } for (int i = 0; i < channel_copy.size(); i++) { - Channel c = (Channel) channel_copy.elementAt(i); + Channel c = channel_copy.elementAt(i); synchronized (c) { @@ -255,7 +255,7 @@ public class ChannelManager implements MessageHandler synchronized (x11_magic_cookies) { if (hexFakeCookie != null) - return (X11ServerData) x11_magic_cookies.get(hexFakeCookie); + return x11_magic_cookies.get(hexFakeCookie); } return null; } @@ -265,16 +265,16 @@ public class ChannelManager implements MessageHandler if (log.isEnabled()) log.log(50, "Closing all channels"); - Vector channel_copy; + Vector channel_copy; synchronized (channels) { - channel_copy = (Vector) channels.clone(); + channel_copy = (Vector) channels.clone(); } for (int i = 0; i < channel_copy.size(); i++) { - Channel c = (Channel) channel_copy.elementAt(i); + Channel c = channel_copy.elementAt(i); try { closeChannel(c, "Closing all channels", true); @@ -456,7 +456,7 @@ public class ChannelManager implements MessageHandler synchronized (remoteForwardings) { - Integer key = new Integer(bindPort); + Integer key = Integer.valueOf(bindPort); if (remoteForwardings.get(key) != null) { @@ -500,7 +500,7 @@ public class ChannelManager implements MessageHandler synchronized (remoteForwardings) { - rfd = (RemoteForwardingData) remoteForwardings.get(new Integer(bindPort)); + rfd = remoteForwardings.get(Integer.valueOf(bindPort)); if (rfd == null) throw new IOException("Sorry, there is no known remote forwarding for remote port " + bindPort); @@ -1268,7 +1268,7 @@ public class ChannelManager implements MessageHandler synchronized (remoteForwardings) { - rfd = (RemoteForwardingData) remoteForwardings.get(new Integer(remoteConnectedPort)); + rfd = remoteForwardings.get(Integer.valueOf(remoteConnectedPort)); } if (rfd == null) @@ -1370,7 +1370,7 @@ public class ChannelManager implements MessageHandler synchronized (c) { - c.exit_status = new Integer(exit_status); + c.exit_status = Integer.valueOf(exit_status); c.notifyAll(); } @@ -1670,7 +1670,7 @@ public class ChannelManager implements MessageHandler { for (int i = 0; i < listenerThreads.size(); i++) { - IChannelWorkerThread lat = (IChannelWorkerThread) listenerThreads.elementAt(i); + IChannelWorkerThread lat = listenerThreads.elementAt(i); lat.stopWorking(); } listenerThreadsAllowed = false; @@ -1682,7 +1682,7 @@ public class ChannelManager implements MessageHandler for (int i = 0; i < channels.size(); i++) { - Channel c = (Channel) channels.elementAt(i); + Channel c = channels.elementAt(i); synchronized (c) { c.EOF = true; -- cgit v1.2.3